Commit 268d3636 authored by Maxim Mikityanskiy's avatar Maxim Mikityanskiy Committed by Marcel Holtmann

Bluetooth: btrtl: Use kvmalloc for FW allocations

Currently, kmemdup is applied to the firmware data, and it invokes
kmalloc under the hood. The firmware size and patch_length are big (more
than PAGE_SIZE), and on some low-end systems (like ASUS E202SA) kmalloc
may fail to allocate a contiguous chunk under high memory usage and
fragmentation:

Bluetooth: hci0: RTL: examining hci_ver=06 hci_rev=000a lmp_ver=06 lmp_subver=8821
Bluetooth: hci0: RTL: rom_version status=0 version=1
Bluetooth: hci0: RTL: loading rtl_bt/rtl8821a_fw.bin
kworker/u9:2: page allocation failure: order:4, mode:0x40cc0(GFP_KERNEL|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0
<stack trace follows>

As firmware load happens on each resume, Bluetooth will stop working
after several iterations, when the kernel fails to allocate an order-4
page.

This patch replaces kmemdup with kvmalloc+memcpy. It's not required to
have a contiguous chunk here, because it's not mapped to the device
directly.
Signed-off-by: default avatarMaxim Mikityanskiy <maxtram95@gmail.com>
Signed-off-by: default avatarMarcel Holtmann <marcel@holtmann.org>
parent 6613baba
...@@ -370,11 +370,11 @@ static int rtlbt_parse_firmware(struct hci_dev *hdev, ...@@ -370,11 +370,11 @@ static int rtlbt_parse_firmware(struct hci_dev *hdev,
* the end. * the end.
*/ */
len = patch_length; len = patch_length;
buf = kmemdup(btrtl_dev->fw_data + patch_offset, patch_length, buf = kvmalloc(patch_length, GFP_KERNEL);
GFP_KERNEL);
if (!buf) if (!buf)
return -ENOMEM; return -ENOMEM;
memcpy(buf, btrtl_dev->fw_data + patch_offset, patch_length - 4);
memcpy(buf + patch_length - 4, &epatch_info->fw_version, 4); memcpy(buf + patch_length - 4, &epatch_info->fw_version, 4);
*_buf = buf; *_buf = buf;
...@@ -460,8 +460,10 @@ static int rtl_load_file(struct hci_dev *hdev, const char *name, u8 **buff) ...@@ -460,8 +460,10 @@ static int rtl_load_file(struct hci_dev *hdev, const char *name, u8 **buff)
if (ret < 0) if (ret < 0)
return ret; return ret;
ret = fw->size; ret = fw->size;
*buff = kmemdup(fw->data, ret, GFP_KERNEL); *buff = kvmalloc(fw->size, GFP_KERNEL);
if (!*buff) if (*buff)
memcpy(*buff, fw->data, ret);
else
ret = -ENOMEM; ret = -ENOMEM;
release_firmware(fw); release_firmware(fw);
...@@ -499,14 +501,14 @@ static int btrtl_setup_rtl8723b(struct hci_dev *hdev, ...@@ -499,14 +501,14 @@ static int btrtl_setup_rtl8723b(struct hci_dev *hdev,
goto out; goto out;
if (btrtl_dev->cfg_len > 0) { if (btrtl_dev->cfg_len > 0) {
tbuff = kzalloc(ret + btrtl_dev->cfg_len, GFP_KERNEL); tbuff = kvzalloc(ret + btrtl_dev->cfg_len, GFP_KERNEL);
if (!tbuff) { if (!tbuff) {
ret = -ENOMEM; ret = -ENOMEM;
goto out; goto out;
} }
memcpy(tbuff, fw_data, ret); memcpy(tbuff, fw_data, ret);
kfree(fw_data); kvfree(fw_data);
memcpy(tbuff + ret, btrtl_dev->cfg_data, btrtl_dev->cfg_len); memcpy(tbuff + ret, btrtl_dev->cfg_data, btrtl_dev->cfg_len);
ret += btrtl_dev->cfg_len; ret += btrtl_dev->cfg_len;
...@@ -519,14 +521,14 @@ static int btrtl_setup_rtl8723b(struct hci_dev *hdev, ...@@ -519,14 +521,14 @@ static int btrtl_setup_rtl8723b(struct hci_dev *hdev,
ret = rtl_download_firmware(hdev, fw_data, ret); ret = rtl_download_firmware(hdev, fw_data, ret);
out: out:
kfree(fw_data); kvfree(fw_data);
return ret; return ret;
} }
void btrtl_free(struct btrtl_device_info *btrtl_dev) void btrtl_free(struct btrtl_device_info *btrtl_dev)
{ {
kfree(btrtl_dev->fw_data); kvfree(btrtl_dev->fw_data);
kfree(btrtl_dev->cfg_data); kvfree(btrtl_dev->cfg_data);
kfree(btrtl_dev); kfree(btrtl_dev);
} }
EXPORT_SYMBOL_GPL(btrtl_free); EXPORT_SYMBOL_GPL(btrtl_free);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment