* [PATCH] Bluetooth: btmtk: remove extra copy in cmd array init @ 2026-05-20 2:15 Jiajia Liu 2026-05-20 12:55 ` Luiz Augusto von Dentz 0 siblings, 1 reply; 3+ messages in thread From: Jiajia Liu @ 2026-05-20 2:15 UTC (permalink / raw) To: Marcel Holtmann, Luiz Augusto von Dentz, Matthias Brugger, AngeloGioacchino Del Regno Cc: linux-bluetooth, linux-kernel, linux-arm-kernel, linux-mediatek, Jiajia Liu In btmtk_setup_firmware_79xx, the data length indicated by wmt_params.dlen in the cmd buffer is MTK_SEC_MAP_NEED_SEND_SIZE + 1. Except for the first byte, the remaining length is MTK_SEC_MAP_NEED_SEND_SIZE. memcpy copied one more byte to cmd + 1 than the remaining length. Align the length passed to memcpy to avoid exceeding current section map. Signed-off-by: Jiajia Liu <liujiajia@kylinos.cn> --- drivers/bluetooth/btmtk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/bluetooth/btmtk.c b/drivers/bluetooth/btmtk.c index ea7a031000cd..53cba71cb07f 100644 --- a/drivers/bluetooth/btmtk.c +++ b/drivers/bluetooth/btmtk.c @@ -188,7 +188,7 @@ int btmtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname, MTK_FW_ROM_PATCH_GD_SIZE + MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i + MTK_SEC_MAP_COMMON_SIZE, - MTK_SEC_MAP_NEED_SEND_SIZE + 1); + MTK_SEC_MAP_NEED_SEND_SIZE); wmt_params.op = BTMTK_WMT_PATCH_DWNLD; wmt_params.status = &status; -- 2.53.0 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] Bluetooth: btmtk: remove extra copy in cmd array init 2026-05-20 2:15 [PATCH] Bluetooth: btmtk: remove extra copy in cmd array init Jiajia Liu @ 2026-05-20 12:55 ` Luiz Augusto von Dentz 2026-05-21 2:26 ` Jiajia Liu 0 siblings, 1 reply; 3+ messages in thread From: Luiz Augusto von Dentz @ 2026-05-20 12:55 UTC (permalink / raw) To: Jiajia Liu Cc: Marcel Holtmann, Matthias Brugger, AngeloGioacchino Del Regno, linux-bluetooth, linux-kernel, linux-arm-kernel, linux-mediatek Hi Jiajia, On Tue, May 19, 2026 at 10:15 PM Jiajia Liu <liujiajia@kylinos.cn> wrote: > > In btmtk_setup_firmware_79xx, the data length indicated by wmt_params.dlen > in the cmd buffer is MTK_SEC_MAP_NEED_SEND_SIZE + 1. Except for the first > byte, the remaining length is MTK_SEC_MAP_NEED_SEND_SIZE. memcpy copied one > more byte to cmd + 1 than the remaining length. Align the length passed to > memcpy to avoid exceeding current section map. > > Signed-off-by: Jiajia Liu <liujiajia@kylinos.cn> > --- > drivers/bluetooth/btmtk.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/bluetooth/btmtk.c b/drivers/bluetooth/btmtk.c > index ea7a031000cd..53cba71cb07f 100644 > --- a/drivers/bluetooth/btmtk.c > +++ b/drivers/bluetooth/btmtk.c > @@ -188,7 +188,7 @@ int btmtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname, > MTK_FW_ROM_PATCH_GD_SIZE + > MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i + > MTK_SEC_MAP_COMMON_SIZE, > - MTK_SEC_MAP_NEED_SEND_SIZE + 1); > + MTK_SEC_MAP_NEED_SEND_SIZE); > > wmt_params.op = BTMTK_WMT_PATCH_DWNLD; > wmt_params.status = &status; > -- > 2.53.0 > Have you tested this on the actual hardware? If not we need a Tested-by. -- Luiz Augusto von Dentz ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] Bluetooth: btmtk: remove extra copy in cmd array init 2026-05-20 12:55 ` Luiz Augusto von Dentz @ 2026-05-21 2:26 ` Jiajia Liu 0 siblings, 0 replies; 3+ messages in thread From: Jiajia Liu @ 2026-05-21 2:26 UTC (permalink / raw) To: Luiz Augusto von Dentz Cc: Marcel Holtmann, Matthias Brugger, AngeloGioacchino Del Regno, linux-bluetooth, linux-kernel, linux-arm-kernel, linux-mediatek On Wed, May 20, 2026 at 08:55:46AM -0400, Luiz Augusto von Dentz wrote: > Hi Jiajia, > > On Tue, May 19, 2026 at 10:15 PM Jiajia Liu <liujiajia@kylinos.cn> wrote: > > > > In btmtk_setup_firmware_79xx, the data length indicated by wmt_params.dlen > > in the cmd buffer is MTK_SEC_MAP_NEED_SEND_SIZE + 1. Except for the first > > byte, the remaining length is MTK_SEC_MAP_NEED_SEND_SIZE. memcpy copied one > > more byte to cmd + 1 than the remaining length. Align the length passed to > > memcpy to avoid exceeding current section map. > > > > Signed-off-by: Jiajia Liu <liujiajia@kylinos.cn> > > --- > > drivers/bluetooth/btmtk.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/bluetooth/btmtk.c b/drivers/bluetooth/btmtk.c > > index ea7a031000cd..53cba71cb07f 100644 > > --- a/drivers/bluetooth/btmtk.c > > +++ b/drivers/bluetooth/btmtk.c > > @@ -188,7 +188,7 @@ int btmtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname, > > MTK_FW_ROM_PATCH_GD_SIZE + > > MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i + > > MTK_SEC_MAP_COMMON_SIZE, > > - MTK_SEC_MAP_NEED_SEND_SIZE + 1); > > + MTK_SEC_MAP_NEED_SEND_SIZE); > > > > wmt_params.op = BTMTK_WMT_PATCH_DWNLD; > > wmt_params.status = &status; > > -- > > 2.53.0 > > > > Have you tested this on the actual hardware? If not we need a Tested-by. Yes, I have tested with MT7922 (0489:e0d8) on linux 7.1-rc4 applied this patch and the following two. Bluetooth: btmtk: accept too short WMT FUNC_CTRL events Bluetooth: btmtk: fix urb->setup_packet leak in error paths setup log of boot and rfkill switch: $ dmesg | grep hci0 [ 6.108240] Bluetooth: hci0: HW/SW Version: 0x008a008a, Build Time: 20260224103448 [ 8.933508] Bluetooth: hci0: Device setup in 2765295 usecs [ 8.938846] Bluetooth: hci0: HCI Enhanced Setup Synchronous Connection command is advertised, but not supported. [ 57.209143] Bluetooth: hci0: HW/SW Version: 0x008a008a, Build Time: 20260224103448 [ 57.366004] Bluetooth: hci0: Device setup in 160450 usecs [ 57.371248] Bluetooth: hci0: HCI Enhanced Setup Synchronous Connection command is advertised, but not supported. [ 203.687643] Bluetooth: hci0: HW/SW Version: 0x008a008a, Build Time: 20260224103448 [ 203.844163] Bluetooth: hci0: Device setup in 158989 usecs [ 203.849426] Bluetooth: hci0: HCI Enhanced Setup Synchronous Connection command is advertised, but not supported. [ 214.723250] Bluetooth: hci0: HW/SW Version: 0x008a008a, Build Time: 20260224103448 [ 214.879380] Bluetooth: hci0: Device setup in 155239 usecs [ 214.884644] Bluetooth: hci0: HCI Enhanced Setup Synchronous Connection command is advertised, but not supported. > > -- > Luiz Augusto von Dentz ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-05-21 2:27 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2026-05-20 2:15 [PATCH] Bluetooth: btmtk: remove extra copy in cmd array init Jiajia Liu 2026-05-20 12:55 ` Luiz Augusto von Dentz 2026-05-21 2:26 ` Jiajia Liu
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox