* [PATCH] Bluetooth: btmtk: remove extra copy in cmd array init
@ 2026-05-20 2:15 Jiajia Liu
2026-05-20 6:15 ` bluez.test.bot
2026-05-20 12:55 ` [PATCH] " Luiz Augusto von Dentz
0 siblings, 2 replies; 4+ messages in thread
From: Jiajia Liu @ 2026-05-20 2:15 UTC (permalink / raw)
To: Marcel Holtmann, Luiz Augusto von Dentz, Matthias Brugger,
AngeloGioacchino Del Regno
Cc: linux-bluetooth, linux-kernel, linux-arm-kernel, linux-mediatek,
Jiajia Liu
In btmtk_setup_firmware_79xx, the data length indicated by wmt_params.dlen
in the cmd buffer is MTK_SEC_MAP_NEED_SEND_SIZE + 1. Except for the first
byte, the remaining length is MTK_SEC_MAP_NEED_SEND_SIZE. memcpy copied one
more byte to cmd + 1 than the remaining length. Align the length passed to
memcpy to avoid exceeding current section map.
Signed-off-by: Jiajia Liu <liujiajia@kylinos.cn>
---
drivers/bluetooth/btmtk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/bluetooth/btmtk.c b/drivers/bluetooth/btmtk.c
index ea7a031000cd..53cba71cb07f 100644
--- a/drivers/bluetooth/btmtk.c
+++ b/drivers/bluetooth/btmtk.c
@@ -188,7 +188,7 @@ int btmtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname,
MTK_FW_ROM_PATCH_GD_SIZE +
MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i +
MTK_SEC_MAP_COMMON_SIZE,
- MTK_SEC_MAP_NEED_SEND_SIZE + 1);
+ MTK_SEC_MAP_NEED_SEND_SIZE);
wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
wmt_params.status = &status;
--
2.53.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* RE: Bluetooth: btmtk: remove extra copy in cmd array init
2026-05-20 2:15 [PATCH] Bluetooth: btmtk: remove extra copy in cmd array init Jiajia Liu
@ 2026-05-20 6:15 ` bluez.test.bot
2026-05-20 12:55 ` [PATCH] " Luiz Augusto von Dentz
1 sibling, 0 replies; 4+ messages in thread
From: bluez.test.bot @ 2026-05-20 6:15 UTC (permalink / raw)
To: linux-bluetooth, liujiajia
[-- Attachment #1: Type: text/plain, Size: 882 bytes --]
This is automated email and please do not reply to this email!
Dear submitter,
Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1097683
---Test result---
Test Summary:
CheckPatch PASS 0.63 seconds
GitLint PASS 0.28 seconds
SubjectPrefix PASS 0.10 seconds
BuildKernel PASS 26.60 seconds
CheckAllWarning PASS 29.08 seconds
CheckSparse PASS 28.09 seconds
BuildKernel32 PASS 26.71 seconds
TestRunnerSetup PASS 534.54 seconds
IncrementalBuild PASS 24.40 seconds
https://github.com/bluez/bluetooth-next/pull/219
---
Regards,
Linux Bluetooth
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Bluetooth: btmtk: remove extra copy in cmd array init
2026-05-20 2:15 [PATCH] Bluetooth: btmtk: remove extra copy in cmd array init Jiajia Liu
2026-05-20 6:15 ` bluez.test.bot
@ 2026-05-20 12:55 ` Luiz Augusto von Dentz
2026-05-21 2:26 ` Jiajia Liu
1 sibling, 1 reply; 4+ messages in thread
From: Luiz Augusto von Dentz @ 2026-05-20 12:55 UTC (permalink / raw)
To: Jiajia Liu
Cc: Marcel Holtmann, Matthias Brugger, AngeloGioacchino Del Regno,
linux-bluetooth, linux-kernel, linux-arm-kernel, linux-mediatek
Hi Jiajia,
On Tue, May 19, 2026 at 10:15 PM Jiajia Liu <liujiajia@kylinos.cn> wrote:
>
> In btmtk_setup_firmware_79xx, the data length indicated by wmt_params.dlen
> in the cmd buffer is MTK_SEC_MAP_NEED_SEND_SIZE + 1. Except for the first
> byte, the remaining length is MTK_SEC_MAP_NEED_SEND_SIZE. memcpy copied one
> more byte to cmd + 1 than the remaining length. Align the length passed to
> memcpy to avoid exceeding current section map.
>
> Signed-off-by: Jiajia Liu <liujiajia@kylinos.cn>
> ---
> drivers/bluetooth/btmtk.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/bluetooth/btmtk.c b/drivers/bluetooth/btmtk.c
> index ea7a031000cd..53cba71cb07f 100644
> --- a/drivers/bluetooth/btmtk.c
> +++ b/drivers/bluetooth/btmtk.c
> @@ -188,7 +188,7 @@ int btmtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname,
> MTK_FW_ROM_PATCH_GD_SIZE +
> MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i +
> MTK_SEC_MAP_COMMON_SIZE,
> - MTK_SEC_MAP_NEED_SEND_SIZE + 1);
> + MTK_SEC_MAP_NEED_SEND_SIZE);
>
> wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
> wmt_params.status = &status;
> --
> 2.53.0
>
Have you tested this on the actual hardware? If not we need a Tested-by.
--
Luiz Augusto von Dentz
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] Bluetooth: btmtk: remove extra copy in cmd array init
2026-05-20 12:55 ` [PATCH] " Luiz Augusto von Dentz
@ 2026-05-21 2:26 ` Jiajia Liu
0 siblings, 0 replies; 4+ messages in thread
From: Jiajia Liu @ 2026-05-21 2:26 UTC (permalink / raw)
To: Luiz Augusto von Dentz
Cc: Marcel Holtmann, Matthias Brugger, AngeloGioacchino Del Regno,
linux-bluetooth, linux-kernel, linux-arm-kernel, linux-mediatek
On Wed, May 20, 2026 at 08:55:46AM -0400, Luiz Augusto von Dentz wrote:
> Hi Jiajia,
>
> On Tue, May 19, 2026 at 10:15 PM Jiajia Liu <liujiajia@kylinos.cn> wrote:
> >
> > In btmtk_setup_firmware_79xx, the data length indicated by wmt_params.dlen
> > in the cmd buffer is MTK_SEC_MAP_NEED_SEND_SIZE + 1. Except for the first
> > byte, the remaining length is MTK_SEC_MAP_NEED_SEND_SIZE. memcpy copied one
> > more byte to cmd + 1 than the remaining length. Align the length passed to
> > memcpy to avoid exceeding current section map.
> >
> > Signed-off-by: Jiajia Liu <liujiajia@kylinos.cn>
> > ---
> > drivers/bluetooth/btmtk.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/bluetooth/btmtk.c b/drivers/bluetooth/btmtk.c
> > index ea7a031000cd..53cba71cb07f 100644
> > --- a/drivers/bluetooth/btmtk.c
> > +++ b/drivers/bluetooth/btmtk.c
> > @@ -188,7 +188,7 @@ int btmtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname,
> > MTK_FW_ROM_PATCH_GD_SIZE +
> > MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i +
> > MTK_SEC_MAP_COMMON_SIZE,
> > - MTK_SEC_MAP_NEED_SEND_SIZE + 1);
> > + MTK_SEC_MAP_NEED_SEND_SIZE);
> >
> > wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
> > wmt_params.status = &status;
> > --
> > 2.53.0
> >
>
> Have you tested this on the actual hardware? If not we need a Tested-by.
Yes, I have tested with MT7922 (0489:e0d8) on linux 7.1-rc4 applied this patch
and the following two.
Bluetooth: btmtk: accept too short WMT FUNC_CTRL events
Bluetooth: btmtk: fix urb->setup_packet leak in error paths
setup log of boot and rfkill switch:
$ dmesg | grep hci0
[ 6.108240] Bluetooth: hci0: HW/SW Version: 0x008a008a, Build Time: 20260224103448
[ 8.933508] Bluetooth: hci0: Device setup in 2765295 usecs
[ 8.938846] Bluetooth: hci0: HCI Enhanced Setup Synchronous Connection command is advertised, but not supported.
[ 57.209143] Bluetooth: hci0: HW/SW Version: 0x008a008a, Build Time: 20260224103448
[ 57.366004] Bluetooth: hci0: Device setup in 160450 usecs
[ 57.371248] Bluetooth: hci0: HCI Enhanced Setup Synchronous Connection command is advertised, but not supported.
[ 203.687643] Bluetooth: hci0: HW/SW Version: 0x008a008a, Build Time: 20260224103448
[ 203.844163] Bluetooth: hci0: Device setup in 158989 usecs
[ 203.849426] Bluetooth: hci0: HCI Enhanced Setup Synchronous Connection command is advertised, but not supported.
[ 214.723250] Bluetooth: hci0: HW/SW Version: 0x008a008a, Build Time: 20260224103448
[ 214.879380] Bluetooth: hci0: Device setup in 155239 usecs
[ 214.884644] Bluetooth: hci0: HCI Enhanced Setup Synchronous Connection command is advertised, but not supported.
>
> --
> Luiz Augusto von Dentz
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2026-05-21 2:26 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-20 2:15 [PATCH] Bluetooth: btmtk: remove extra copy in cmd array init Jiajia Liu
2026-05-20 6:15 ` bluez.test.bot
2026-05-20 12:55 ` [PATCH] " Luiz Augusto von Dentz
2026-05-21 2:26 ` Jiajia Liu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox