[PATCH] Bluetooth: btusb: deal with MT7925 invalid ISO RX packets
Luiz Augusto von Dentz
luiz.dentz at gmail.com
Fri Apr 24 12:47:57 PDT 2026
Hi Pauli,
On Fri, Apr 24, 2026 at 3:38 PM Pauli Virtanen <pav at iki.fi> wrote:
>
> MT7925 produces empty ISO packets for Handle 0 when RX is active:
>
> > ISO Data RX: Handle 0 SN 36734 flags 0x00 dlen 0 slen 58 #851 [hci0]
> > ISO Data RX: Handle 0 SN 36734 flags 0x00 dlen 0 slen 58 #852 [hci0]
>
> The driver should filter these out before passing to hci_core, otherwise
> it will printk "Bluetooth: hci0: ISO packet for unknown connection
> handle 0" errors.
Aren't these rate limited though?
>
> Filter out by adding hdev->classify_pkt_type
>
> Signed-off-by: Pauli Virtanen <pav at iki.fi>
> ---
> drivers/bluetooth/btmtk.c | 13 +++++++++++++
> drivers/bluetooth/btmtk.h | 8 ++++++++
> drivers/bluetooth/btusb.c | 1 +
> 3 files changed, 22 insertions(+)
>
> diff --git a/drivers/bluetooth/btmtk.c b/drivers/bluetooth/btmtk.c
> index ab34f1dd42bc..9ba58cc9720a 100644
> --- a/drivers/bluetooth/btmtk.c
> +++ b/drivers/bluetooth/btmtk.c
> @@ -1568,6 +1568,19 @@ int btmtk_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
> return hci_recv_frame(hdev, skb);
> }
> EXPORT_SYMBOL_GPL(btmtk_recv_event);
> +
> +u8 btmtk_classify_pkt_type(struct hci_dev *hdev, struct sk_buff *skb)
> +{
> + /* MT7925 spams invalid ISO packets during ISO RX */
> + if (hci_skb_pkt_type(skb) == HCI_ISODATA_PKT &&
> + skb->len == sizeof(struct hci_iso_hdr) &&
> + hci_iso_hdr(skb)->handle == 0 &&
> + hci_iso_hdr(skb)->dlen == 0)
> + return HCI_DIAG_PKT;
Not really following you here, why would marking it as a diagnostic
packet make it any better? In fact I do think this needs to print
something to the output if the firmware generates spurious packets and
have it fixed in the firmware asap, silently discarding the packets
just makes the issue undetectable, which I don't think really helps
users.
> +
> + return hci_skb_pkt_type(skb);
> +}
> +EXPORT_SYMBOL_GPL(btmtk_classify_pkt_type);
> #endif
>
> MODULE_AUTHOR("Sean Wang <sean.wang at mediatek.com>");
> diff --git a/drivers/bluetooth/btmtk.h b/drivers/bluetooth/btmtk.h
> index c83c24897c95..e573b21cecf7 100644
> --- a/drivers/bluetooth/btmtk.h
> +++ b/drivers/bluetooth/btmtk.h
> @@ -222,6 +222,8 @@ int btmtk_usb_setup(struct hci_dev *hdev);
> int btmtk_usb_shutdown(struct hci_dev *hdev);
>
> int btmtk_recv_event(struct hci_dev *hdev, struct sk_buff *skb);
> +
> +u8 btmtk_classify_pkt_type(struct hci_dev *hdev, struct sk_buff *skb);
> #else
>
> static inline int btmtk_set_bdaddr(struct hci_dev *hdev,
> @@ -306,4 +308,10 @@ static inline int btmtk_recv_event(struct hci_dev *hdev, struct sk_buff *skb)
> {
> return hci_recv_frame(hdev, skb);
> }
> +
> +static inline u8 btmtk_classify_pkt_type(struct hci_dev *hdev,
> + struct sk_buff *skb)
> +{
> + return hci_skb_pkt_type(skb);
> +}
> #endif
> diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
> index a0a7da498466..7479928eec4b 100644
> --- a/drivers/bluetooth/btusb.c
> +++ b/drivers/bluetooth/btusb.c
> @@ -4245,6 +4245,7 @@ static int btusb_probe(struct usb_interface *intf,
> hdev->reset = btmtk_reset_sync;
> hdev->set_bdaddr = btmtk_set_bdaddr;
> hdev->send = btusb_send_frame_mtk;
> + hdev->classify_pkt_type = btmtk_classify_pkt_type;
> hci_set_quirk(hdev, HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN);
> hci_set_quirk(hdev, HCI_QUIRK_NON_PERSISTENT_SETUP);
> data->recv_acl = btmtk_usb_recv_acl;
> --
> 2.53.0
>
>
--
Luiz Augusto von Dentz
More information about the Linux-mediatek
mailing list