* [PATCH] Bluetooth: btmtk: remove extra copy in cmd array init
@ 2026-05-20 2:15 Jiajia Liu
2026-05-20 6:15 ` bluez.test.bot
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Jiajia Liu @ 2026-05-20 2:15 UTC (permalink / raw)
To: Marcel Holtmann, Luiz Augusto von Dentz, Matthias Brugger,
AngeloGioacchino Del Regno
Cc: linux-bluetooth, linux-kernel, linux-arm-kernel, linux-mediatek,
Jiajia Liu
In btmtk_setup_firmware_79xx, the data length indicated by wmt_params.dlen
in the cmd buffer is MTK_SEC_MAP_NEED_SEND_SIZE + 1. Except for the first
byte, the remaining length is MTK_SEC_MAP_NEED_SEND_SIZE. memcpy copied one
more byte to cmd + 1 than the remaining length. Align the length passed to
memcpy to avoid exceeding current section map.
Signed-off-by: Jiajia Liu <liujiajia@kylinos.cn>
---
drivers/bluetooth/btmtk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/bluetooth/btmtk.c b/drivers/bluetooth/btmtk.c
index ea7a031000cd..53cba71cb07f 100644
--- a/drivers/bluetooth/btmtk.c
+++ b/drivers/bluetooth/btmtk.c
@@ -188,7 +188,7 @@ int btmtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname,
MTK_FW_ROM_PATCH_GD_SIZE +
MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i +
MTK_SEC_MAP_COMMON_SIZE,
- MTK_SEC_MAP_NEED_SEND_SIZE + 1);
+ MTK_SEC_MAP_NEED_SEND_SIZE);
wmt_params.op = BTMTK_WMT_PATCH_DWNLD;
wmt_params.status = &status;
--
2.53.0
^ permalink raw reply related [flat|nested] 5+ messages in thread* RE: Bluetooth: btmtk: remove extra copy in cmd array init 2026-05-20 2:15 [PATCH] Bluetooth: btmtk: remove extra copy in cmd array init Jiajia Liu @ 2026-05-20 6:15 ` bluez.test.bot 2026-05-20 12:55 ` [PATCH] " Luiz Augusto von Dentz 2026-05-21 15:30 ` patchwork-bot+bluetooth 2 siblings, 0 replies; 5+ messages in thread From: bluez.test.bot @ 2026-05-20 6:15 UTC (permalink / raw) To: linux-bluetooth, liujiajia [-- Attachment #1: Type: text/plain, Size: 882 bytes --] This is automated email and please do not reply to this email! Dear submitter, Thank you for submitting the patches to the linux bluetooth mailing list. This is a CI test results with your patch series: PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1097683 ---Test result--- Test Summary: CheckPatch PASS 0.63 seconds GitLint PASS 0.28 seconds SubjectPrefix PASS 0.10 seconds BuildKernel PASS 26.60 seconds CheckAllWarning PASS 29.08 seconds CheckSparse PASS 28.09 seconds BuildKernel32 PASS 26.71 seconds TestRunnerSetup PASS 534.54 seconds IncrementalBuild PASS 24.40 seconds https://github.com/bluez/bluetooth-next/pull/219 --- Regards, Linux Bluetooth ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Bluetooth: btmtk: remove extra copy in cmd array init 2026-05-20 2:15 [PATCH] Bluetooth: btmtk: remove extra copy in cmd array init Jiajia Liu 2026-05-20 6:15 ` bluez.test.bot @ 2026-05-20 12:55 ` Luiz Augusto von Dentz 2026-05-21 2:26 ` Jiajia Liu 2026-05-21 15:30 ` patchwork-bot+bluetooth 2 siblings, 1 reply; 5+ messages in thread From: Luiz Augusto von Dentz @ 2026-05-20 12:55 UTC (permalink / raw) To: Jiajia Liu Cc: Marcel Holtmann, Matthias Brugger, AngeloGioacchino Del Regno, linux-bluetooth, linux-kernel, linux-arm-kernel, linux-mediatek Hi Jiajia, On Tue, May 19, 2026 at 10:15 PM Jiajia Liu <liujiajia@kylinos.cn> wrote: > > In btmtk_setup_firmware_79xx, the data length indicated by wmt_params.dlen > in the cmd buffer is MTK_SEC_MAP_NEED_SEND_SIZE + 1. Except for the first > byte, the remaining length is MTK_SEC_MAP_NEED_SEND_SIZE. memcpy copied one > more byte to cmd + 1 than the remaining length. Align the length passed to > memcpy to avoid exceeding current section map. > > Signed-off-by: Jiajia Liu <liujiajia@kylinos.cn> > --- > drivers/bluetooth/btmtk.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/bluetooth/btmtk.c b/drivers/bluetooth/btmtk.c > index ea7a031000cd..53cba71cb07f 100644 > --- a/drivers/bluetooth/btmtk.c > +++ b/drivers/bluetooth/btmtk.c > @@ -188,7 +188,7 @@ int btmtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname, > MTK_FW_ROM_PATCH_GD_SIZE + > MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i + > MTK_SEC_MAP_COMMON_SIZE, > - MTK_SEC_MAP_NEED_SEND_SIZE + 1); > + MTK_SEC_MAP_NEED_SEND_SIZE); > > wmt_params.op = BTMTK_WMT_PATCH_DWNLD; > wmt_params.status = &status; > -- > 2.53.0 > Have you tested this on the actual hardware? If not we need a Tested-by. -- Luiz Augusto von Dentz ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Bluetooth: btmtk: remove extra copy in cmd array init 2026-05-20 12:55 ` [PATCH] " Luiz Augusto von Dentz @ 2026-05-21 2:26 ` Jiajia Liu 0 siblings, 0 replies; 5+ messages in thread From: Jiajia Liu @ 2026-05-21 2:26 UTC (permalink / raw) To: Luiz Augusto von Dentz Cc: Marcel Holtmann, Matthias Brugger, AngeloGioacchino Del Regno, linux-bluetooth, linux-kernel, linux-arm-kernel, linux-mediatek On Wed, May 20, 2026 at 08:55:46AM -0400, Luiz Augusto von Dentz wrote: > Hi Jiajia, > > On Tue, May 19, 2026 at 10:15 PM Jiajia Liu <liujiajia@kylinos.cn> wrote: > > > > In btmtk_setup_firmware_79xx, the data length indicated by wmt_params.dlen > > in the cmd buffer is MTK_SEC_MAP_NEED_SEND_SIZE + 1. Except for the first > > byte, the remaining length is MTK_SEC_MAP_NEED_SEND_SIZE. memcpy copied one > > more byte to cmd + 1 than the remaining length. Align the length passed to > > memcpy to avoid exceeding current section map. > > > > Signed-off-by: Jiajia Liu <liujiajia@kylinos.cn> > > --- > > drivers/bluetooth/btmtk.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/bluetooth/btmtk.c b/drivers/bluetooth/btmtk.c > > index ea7a031000cd..53cba71cb07f 100644 > > --- a/drivers/bluetooth/btmtk.c > > +++ b/drivers/bluetooth/btmtk.c > > @@ -188,7 +188,7 @@ int btmtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname, > > MTK_FW_ROM_PATCH_GD_SIZE + > > MTK_FW_ROM_PATCH_SEC_MAP_SIZE * i + > > MTK_SEC_MAP_COMMON_SIZE, > > - MTK_SEC_MAP_NEED_SEND_SIZE + 1); > > + MTK_SEC_MAP_NEED_SEND_SIZE); > > > > wmt_params.op = BTMTK_WMT_PATCH_DWNLD; > > wmt_params.status = &status; > > -- > > 2.53.0 > > > > Have you tested this on the actual hardware? If not we need a Tested-by. Yes, I have tested with MT7922 (0489:e0d8) on linux 7.1-rc4 applied this patch and the following two. Bluetooth: btmtk: accept too short WMT FUNC_CTRL events Bluetooth: btmtk: fix urb->setup_packet leak in error paths setup log of boot and rfkill switch: $ dmesg | grep hci0 [ 6.108240] Bluetooth: hci0: HW/SW Version: 0x008a008a, Build Time: 20260224103448 [ 8.933508] Bluetooth: hci0: Device setup in 2765295 usecs [ 8.938846] Bluetooth: hci0: HCI Enhanced Setup Synchronous Connection command is advertised, but not supported. [ 57.209143] Bluetooth: hci0: HW/SW Version: 0x008a008a, Build Time: 20260224103448 [ 57.366004] Bluetooth: hci0: Device setup in 160450 usecs [ 57.371248] Bluetooth: hci0: HCI Enhanced Setup Synchronous Connection command is advertised, but not supported. [ 203.687643] Bluetooth: hci0: HW/SW Version: 0x008a008a, Build Time: 20260224103448 [ 203.844163] Bluetooth: hci0: Device setup in 158989 usecs [ 203.849426] Bluetooth: hci0: HCI Enhanced Setup Synchronous Connection command is advertised, but not supported. [ 214.723250] Bluetooth: hci0: HW/SW Version: 0x008a008a, Build Time: 20260224103448 [ 214.879380] Bluetooth: hci0: Device setup in 155239 usecs [ 214.884644] Bluetooth: hci0: HCI Enhanced Setup Synchronous Connection command is advertised, but not supported. > > -- > Luiz Augusto von Dentz ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] Bluetooth: btmtk: remove extra copy in cmd array init 2026-05-20 2:15 [PATCH] Bluetooth: btmtk: remove extra copy in cmd array init Jiajia Liu 2026-05-20 6:15 ` bluez.test.bot 2026-05-20 12:55 ` [PATCH] " Luiz Augusto von Dentz @ 2026-05-21 15:30 ` patchwork-bot+bluetooth 2 siblings, 0 replies; 5+ messages in thread From: patchwork-bot+bluetooth @ 2026-05-21 15:30 UTC (permalink / raw) To: Jiajia Liu Cc: marcel, luiz.dentz, matthias.bgg, angelogioacchino.delregno, linux-bluetooth, linux-kernel, linux-arm-kernel, linux-mediatek Hello: This patch was applied to bluetooth/bluetooth-next.git (master) by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>: On Wed, 20 May 2026 10:15:00 +0800 you wrote: > In btmtk_setup_firmware_79xx, the data length indicated by wmt_params.dlen > in the cmd buffer is MTK_SEC_MAP_NEED_SEND_SIZE + 1. Except for the first > byte, the remaining length is MTK_SEC_MAP_NEED_SEND_SIZE. memcpy copied one > more byte to cmd + 1 than the remaining length. Align the length passed to > memcpy to avoid exceeding current section map. > > Signed-off-by: Jiajia Liu <liujiajia@kylinos.cn> > > [...] Here is the summary with links: - Bluetooth: btmtk: remove extra copy in cmd array init https://git.kernel.org/bluetooth/bluetooth-next/c/b3e1ce138148 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2026-05-21 15:30 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2026-05-20 2:15 [PATCH] Bluetooth: btmtk: remove extra copy in cmd array init Jiajia Liu 2026-05-20 6:15 ` bluez.test.bot 2026-05-20 12:55 ` [PATCH] " Luiz Augusto von Dentz 2026-05-21 2:26 ` Jiajia Liu 2026-05-21 15:30 ` patchwork-bot+bluetooth
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox