Broadcom controllers present on Apple Silicon devices use the upper 8 bits of the event type in the LE Extended Advertising Report for the channel on which the frame has been received. Add a quirk to drop the upper byte to ensure that the advertising results are parsed correctly. The following except from a btmon trace shows a report received on channel 37 by these controllers: > HCI Event: LE Meta Event (0x3e) plen 55 #1 [hci0] 0.912271 LE Extended Advertising Report (0x0d) Num reports: 1 Entry 0 Event type: 0x2513 Props: 0x0013 Connectable Scannable Use legacy advertising PDUs Data status: Complete Reserved (0x2500) Legacy PDU Type: Reserved (0x2513) Address type: Public (0x00) Address: XX:XX:XX:XX:XX:XX (Shenzhen Jingxun Software Telecommunication Technology Co.,Ltd) Primary PHY: LE 1M Secondary PHY: No packets SID: no ADI field (0xff) TX power: 127 dBm RSSI: -76 dBm (0xb4) Periodic advertising interval: 0.00 msec (0x0000) Direct address type: Public (0x00) Direct address: 00:00:00:00:00:00 (OUI 00-00-00) Data length: 0x1d 02 01 18 09 ff 57 00 31 1f 01 3c 86 ab 03 16 df .....W.1..<..... fd 0b 09 4a 42 4c 20 46 6c 69 70 20 35 ...JBL Flip 5 Flags: 0x18 Simultaneous LE and BR/EDR (Controller) Simultaneous LE and BR/EDR (Host) Company: Harman International Industries, Inc. (87) Data: 311f013c86ab Service Data (UUID 0xfddf): Name (complete): JBL Flip 5 Signed-off-by: Sven Peter <sven@xxxxxxxxxxxxx> --- include/net/bluetooth/hci.h | 11 +++++++++++ net/bluetooth/hci_event.c | 4 ++++ 2 files changed, 15 insertions(+) diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h index fe7935be7dc4..47e1ee6f275d 100644 --- a/include/net/bluetooth/hci.h +++ b/include/net/bluetooth/hci.h @@ -274,6 +274,17 @@ enum { * during the hdev->setup vendor callback. */ HCI_QUIRK_BROKEN_ENHANCED_SETUP_SYNC_CONN, + + /* + * When this quirk is set, the upper 8 bits of the evt_type field of + * the LE Extended Advertising Report events are discarded. + * Some Broadcom controllers found in Apple machines put the channel + * the report was received on into these reserved bits. + * + * This quirk can be set before hci_register_dev is called or + * during the hdev->setup vendor callback. + */ + HCI_QUIRK_FIXUP_LE_EXT_ADV_REPORT_EVT_TYPE, }; /* HCI device flags */ diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c index af17dfb20e01..0b5d70aeea93 100644 --- a/net/bluetooth/hci_event.c +++ b/net/bluetooth/hci_event.c @@ -6237,6 +6237,10 @@ static void hci_le_ext_adv_report_evt(struct hci_dev *hdev, void *data, break; evt_type = __le16_to_cpu(info->type); + if (test_bit(HCI_QUIRK_FIXUP_LE_EXT_ADV_REPORT_EVT_TYPE, + &hdev->quirks)) + evt_type &= 0xff; + legacy_evt_type = ext_evt_type_to_legacy(hdev, evt_type); if (legacy_evt_type != LE_ADV_INVALID) { process_adv_report(hdev, legacy_evt_type, &info->bdaddr, -- 2.25.1