Bluetooth service timeout on MT6797/Chuwi Hi9 Air

[ius]

Bluetooth fails to enable on AOSP 9.0 r31 / Chuwi Hi9 Air (MT6797).

Logcat reveals an ANR in com.android.bluetooth

02-10 00:13:16.732  1031  1112 E ActivityManager: ANR in com.android.bluetooth

Root cause is a timeout during bt module intialization, specifically in controller_module

02-10 00:12:51.322  9903  9942 I bt_core_module: module_start_up Starting module "controller_module"
02-10 00:12:55.064  9903  9919 E AdapterState: BLE_TURNING_ON : BLE_START_TIMEOUT

/system/bt/device/src/controller.cc attempts to discover device capabilities using HCI commands, enabling the HCI snoop log shows it times out after having sent LE Read Maximum Data Length, receiving a response of Status: Unknown HCI command

This command is sent conditionally based on whether the device declares support for it (LE Read Local Supported Features).

It appears MT6797 Bluetooth firmware as used in Chuwi Hi9 Air falsely claims to support this command. The controller_module's response parser on the other hand does not account for command failure, leading to a lockup and eventually the timeout.

Hack to demonstrate a workaround:

diff --git a/device/src/controller.cc b/device/src/controller.cc
index a07e54b..24bae28 100644
--- a/device/src/controller.cc
+++ b/device/src/controller.cc
@@ -66,9 +66,9 @@ static uint8_t ble_supported_states[BLE_SUPPORTED_STATES_SIZE];
 static bt_device_features_t features_ble;
 static uint16_t ble_suggested_default_data_length;
 static uint16_t ble_supported_max_tx_octets;
-static uint16_t ble_supported_max_tx_time;
-static uint16_t ble_supported_max_rx_octets;
-static uint16_t ble_supported_max_rx_time;
+//static uint16_t ble_supported_max_tx_time;
+//static uint16_t ble_supported_max_rx_octets;
+//static uint16_t ble_supported_max_rx_time;
 
 static uint16_t ble_maxium_advertising_data_length;
 static uint8_t ble_number_of_supported_advertising_sets;
@@ -216,6 +216,7 @@ static future_t* start_up(void) {
           response, &ble_resolving_list_max_size);
     }
 
+    /*
     if (HCI_LE_DATA_LEN_EXT_SUPPORTED(features_ble.as_array)) {
       response =
           AWAIT_COMMAND(packet_factory->make_ble_read_maximum_data_length());
@@ -228,6 +229,7 @@ static future_t* start_up(void) {
       packet_parser->parse_ble_read_suggested_default_data_length_response(
           response, &ble_suggested_default_data_length);
     }
+    */
 
     if (HCI_LE_EXTENDED_ADVERTISING_SUPPORTED(features_ble.as_array)) {
       response = AWAIT_COMMAND(

[penn5]

I'm writing code to allow a custom prop based AND bitmask to be applied to supported local features.

[penn5]

That workaround is unacceptable. If you send me a PM on Telegram (@hackintosh5) I'll send you a test fix.

[phhusson]

That's why it's not a PR, just a FYI :p Le jeu. 14 févr. 2019 à 12:23, penn5 <notifications@github.com> a écrit :

…

That workaround is unacceptable. If you send me a PM on Telegram ( @hackintosh5 <https://github.com/hackintosh5>) I'll send you a test fix. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#399 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAAOOv3e_V6Jxl9Ib6DmHg9oI_kWYps1ks5vNUdDgaJpZM4a6WS2> .

[phhusson]

Hey @penn5 what's the properties value for that one?

[BOFH2k]

Hi @penn5,
for my Chuwi Hi9 Air with Helio X20 on Pie v123 I did set the properties as mentioned in #870 and #660 by @phhusson but nevertheless, Bluetooth won't find any devices in the pairing dialog and the Android 9 BT activation switch flips back to "disabled":
$ getprop | grep unsupport
[persist.sys.bt.unsupport.features]: [00000001]
[persist.sys.bt.unsupport.states]: [000000000000000000000011111]
[persist.sys.bt.unsupport.stdfeatures]: [00000001]

In 8.1 (with v32) Bluetooth works just fine:
https://github.com/phhusson/treble_experimentations/wiki/Chuwi-Hi9-Air

[BOFH2k]

For the sake of completeness - only setting the stdfeatures property, as documented in #660 doesn't work either:
$ getprop | grep unsupport
[persist.sys.bt.unsupport.features]: [00000000]
[persist.sys.bt.unsupport.states]: [000000000000000000000000000]
[persist.sys.bt.unsupport.stdfeatures]: [00000001]

[BOFH2k]

logcat.txt

[BOFH2k]

btsnoop_hci.log