Re: [PATCH v6 3/3] Bluetooth: NXP: Add protocol support for NXP Bluetooth chipsets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 10 Mar 2023, Neeraj sanjay kale wrote:

> Hi Ilpo,
> 
> I have resolved most of your comments in v8 patch, and I have few things to discuss regarding the v6 patch.
> 
> > > > > +static bool nxp_fw_change_baudrate(struct hci_dev *hdev, u16
> > > > > +req_len) {
> > > > > +     struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
> > > > > +     struct nxp_bootloader_cmd nxp_cmd5;
> > > > > +     struct uart_config uart_config;
> > > > > +
> > > > > +     if (req_len == sizeof(nxp_cmd5)) {
> > > > > +             nxp_cmd5.header = __cpu_to_le32(5);
> > > > > +             nxp_cmd5.arg = 0;
> > > > > +             nxp_cmd5.payload_len = __cpu_to_le32(sizeof(uart_config));
> > > > > +             nxp_cmd5.crc = swab32(crc32_be(0UL, (char *)&nxp_cmd5,
> > > > > +                                            sizeof(nxp_cmd5) -
> > > > > + 4));
> > > >
> > > > swab32(crc32_be(...)) seems and odd construct instead of
> > __cpu_to_le32().
> > > Earlier I had tried using __cpu_to_le32() but that did not work. The
> > > FW expects a swapped CRC value for it's header and payload data.
> > 
> > So the .crc member should be __be32 then?
> > 
> I disagree with using __be32.
> I have simplified this part of the code in v8 patch, please do check it out.
> So the CRC part of the data structure will remain __le32, and will be sent over UART to the chip in Little Endian format.
> It's just that the FW expects the CRC to be byte-swapped. 
> Technically it is big endian format, but you may think of it as a "+1 level" of encryption (although it isn't).
> So defining this structure member as __be32 can create more questions 
> than answers, leading to more confusion. 
> If it helps, I have also added a small comment in there to signify that 
> the FW  expects CRC in byte swapped method.

I'd have still put the member as __be32 and commented the swap expectation 
there. But it's not an end of the world even in the current form.

> > > > > +     serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd7,
> > > > > + req_len);
> > > >
> > > > Is it safe to assume req_len is small enough to not leak stack content?
> > > The chip requests chunk of FW data which is never more than 2048 bytes
> > > at a time.
> > 
> > Eh, sizeof(*nxp_cmd7) is 16 bytes!?! Are you sure that req_len given to
> > serdev_device_write_buf() is not larger than 16 bytes?
> > 
> I have now replaced req_len with sizeof(<struct>).
> There is also a check in the beginning of the function to return if req_len is not 16 bytes.

Ah, I'd missed that check for some reason.


-- 
 i.




[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux PPP]     [Linux FS]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Linmodem]     [Device Mapper]     [Linux Kernel for ARM]

  Powered by Linux