From: Chris Lu <chris.lu@mediatek.com>
To: Marcel Holtmann <marcel@holtmann.org>,
Johan Hedberg <johan.hedberg@gmail.com>,
Luiz Von Dentz <luiz.dentz@gmail.com>
Cc: Sean Wang <sean.wang@mediatek.com>,
Will Lee <will-cy.Lee@mediatek.com>, SS Wu <ss.wu@mediatek.com>,
Steve Lee <steve.lee@mediatek.com>,
linux-bluetooth <linux-bluetooth@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
linux-mediatek <linux-mediatek@lists.infradead.org>,
Paul Menzel <pmenzel@molgen.mpg.de>,
Chris Lu <chris.lu@mediatek.com>
Subject: [PATCH v7 0/3] Bluetooth: btmtk: Add MT7928 support
Date: Wed, 1 Jul 2026 20:13:42 +0800 [thread overview]
Message-ID: <20260701121345.1231906-1-chris.lu@mediatek.com> (raw)
This patch series adds support for MT7928 (device ID 0x7935) to the
btmtk driver, which requires a new two-stage firmware loading process
with CBMCU firmware.
Patch 1 refactors existing firmware download code by replacing magic
numbers with a descriptive BTMTK_WMT_PKT_* enum, making the packet
sequencing logic clearer.
Patch 2 improves BT firmware logging to provide more useful information
for debugging: adds firmware filename before loading and displays chip ID
as HW version instead of firmware's hwver field.
Patch 3 implements MT7928 firmware download flow, which requires loading
CBMCU firmware before Bluetooth firmware. The CBMCU firmware uses a
two-phase download sequence: Phase 1 downloads the section containing
global descriptor and signature data, Phase 2 downloads the remaining
firmware sections. After CBMCU firmware completes, the driver continues
to load the Bluetooth firmware following the standard flow.
Tested on MT7928 hardware with successful firmware loading and
Bluetooth functionality verification.
Changes in v7:
- Patch 1: Extend magic number refactoring to btmtk_setup_firmware()
in addition to btmtk_setup_firmware_79xx() for consistency across
the driver
- Patch 2: Fix potential buffer over-read by using %.16s format
specifier for hdr->datetime which is a 16-byte array that may not
be null-terminated
- Patch 3: Apply same %.16s fix to CBMCU firmware logging to prevent
reading beyond array boundary
Changes in v6:
- Fix timeout handling in btmtk_cbmcu_patch_status() to return -ETIMEDOUT
instead of success when polling exhausts retry count, preventing silent
timeout that could bypass concurrent download protection
- Add integer overflow protection in btmtk_load_cbmcu_firmware() using
check_mul_overflow() and check_add_overflow() to prevent malicious
firmware with large section_num from bypassing size validation through
32-bit arithmetic wraparound on 32-bit architectures
Changes in v5:
- Split into three patches: refactoring, logging improvement, and
new feature
- Add Patch 2 to improve BT firmware logging independently
* Add firmware filename before loading
* Display chip ID (dev_id) as HW version
* Use clearer log format with separate HW/SW version fields
- Apply same logging improvements to CBMCU firmware in Patch 3
- Better separation of concerns for easier review
Changes in v4:
- Split into two patches: refactoring and new feature
- Add BTMTK_WMT_PKT_* enum to improve code readability
- Replace magic numbers (0xF0, 0xF1) with descriptive macros
- Define MTK_SEC_CBMCU_DESC macro for section type
- Add MT7928 marketing name comment
- Include firmware filename in error messages
- Add detailed size information in firmware validation errors
- Use BTMTK_WMT_PKT_* enum in CBMCU download function
Changes in v3:
- Add firmware size validation with bounds checking
- Improve error messages with context information
- Add section offset validation for both phases
Changes in v2:
- Simplified enum usage by consolidating status definitions
- Improved code maintainability
Chris Lu (3):
Bluetooth: btmtk: Replace magic numbers with WMT packet flag enum
Bluetooth: btmtk: Improve BT firmware logging
Bluetooth: btmtk: Add MT7928 support
drivers/bluetooth/btmtk.c | 388 +++++++++++++++++++++++++++++++++++++-
drivers/bluetooth/btmtk.h | 9 +
2 files changed, 388 insertions(+), 9 deletions(-)
--
2.45.2
next reply other threads:[~2026-07-01 12:14 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-01 12:13 Chris Lu [this message]
2026-07-01 12:13 ` [PATCH v7 1/3] Bluetooth: btmtk: Replace magic numbers with WMT packet flag enum Chris Lu
2026-07-01 15:55 ` Luiz Augusto von Dentz
2026-07-01 12:13 ` [PATCH v7 2/3] Bluetooth: btmtk: Improve BT firmware logging Chris Lu
2026-07-01 12:13 ` [PATCH v7 3/3] Bluetooth: btmtk: Add MT7928 support Chris Lu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260701121345.1231906-1-chris.lu@mediatek.com \
--to=chris.lu@mediatek.com \
--cc=johan.hedberg@gmail.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mediatek@lists.infradead.org \
--cc=luiz.dentz@gmail.com \
--cc=marcel@holtmann.org \
--cc=pmenzel@molgen.mpg.de \
--cc=sean.wang@mediatek.com \
--cc=ss.wu@mediatek.com \
--cc=steve.lee@mediatek.com \
--cc=will-cy.Lee@mediatek.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox