On Fri, 10 Mar 2023, Neeraj sanjay kale wrote: > Hi Ilpo, > > I have resolved most of your comments in v8 patch, and I have few things to discuss regarding the v6 patch. > > > > > > +static bool nxp_fw_change_baudrate(struct hci_dev *hdev, u16 > > > > > +req_len) { > > > > > + struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev); > > > > > + struct nxp_bootloader_cmd nxp_cmd5; > > > > > + struct uart_config uart_config; > > > > > + > > > > > + if (req_len == sizeof(nxp_cmd5)) { > > > > > + nxp_cmd5.header = __cpu_to_le32(5); > > > > > + nxp_cmd5.arg = 0; > > > > > + nxp_cmd5.payload_len = __cpu_to_le32(sizeof(uart_config)); > > > > > + nxp_cmd5.crc = swab32(crc32_be(0UL, (char *)&nxp_cmd5, > > > > > + sizeof(nxp_cmd5) - > > > > > + 4)); > > > > > > > > swab32(crc32_be(...)) seems and odd construct instead of > > __cpu_to_le32(). > > > Earlier I had tried using __cpu_to_le32() but that did not work. The > > > FW expects a swapped CRC value for it's header and payload data. > > > > So the .crc member should be __be32 then? > > > I disagree with using __be32. > I have simplified this part of the code in v8 patch, please do check it out. > So the CRC part of the data structure will remain __le32, and will be sent over UART to the chip in Little Endian format. > It's just that the FW expects the CRC to be byte-swapped. > Technically it is big endian format, but you may think of it as a "+1 level" of encryption (although it isn't). > So defining this structure member as __be32 can create more questions > than answers, leading to more confusion. > If it helps, I have also added a small comment in there to signify that > the FW expects CRC in byte swapped method. I'd have still put the member as __be32 and commented the swap expectation there. But it's not an end of the world even in the current form. > > > > > + serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd7, > > > > > + req_len); > > > > > > > > Is it safe to assume req_len is small enough to not leak stack content? > > > The chip requests chunk of FW data which is never more than 2048 bytes > > > at a time. > > > > Eh, sizeof(*nxp_cmd7) is 16 bytes!?! Are you sure that req_len given to > > serdev_device_write_buf() is not larger than 16 bytes? > > > I have now replaced req_len with sizeof(<struct>). > There is also a check in the beginning of the function to return if req_len is not 16 bytes. Ah, I'd missed that check for some reason. -- i.