Re: [PATCH v6 3/3] Bluetooth: NXP: Add protocol support for NXP Bluetooth chipsets
From: Ilpo Järvinen
Date: Mon Mar 13 2023 - 05:10:05 EST
On Fri, 10 Mar 2023, Neeraj sanjay kale wrote:
> Hi Ilpo,
>
> I have resolved most of your comments in v8 patch, and I have few things to discuss regarding the v6 patch.
>
> > > > > +static bool nxp_fw_change_baudrate(struct hci_dev *hdev, u16
> > > > > +req_len) {
> > > > > + struct btnxpuart_dev *nxpdev = hci_get_drvdata(hdev);
> > > > > + struct nxp_bootloader_cmd nxp_cmd5;
> > > > > + struct uart_config uart_config;
> > > > > +
> > > > > + if (req_len == sizeof(nxp_cmd5)) {
> > > > > + nxp_cmd5.header = __cpu_to_le32(5);
> > > > > + nxp_cmd5.arg = 0;
> > > > > + nxp_cmd5.payload_len = __cpu_to_le32(sizeof(uart_config));
> > > > > + nxp_cmd5.crc = swab32(crc32_be(0UL, (char *)&nxp_cmd5,
> > > > > + sizeof(nxp_cmd5) -
> > > > > + 4));
> > > >
> > > > swab32(crc32_be(...)) seems and odd construct instead of
> > __cpu_to_le32().
> > > Earlier I had tried using __cpu_to_le32() but that did not work. The
> > > FW expects a swapped CRC value for it's header and payload data.
> >
> > So the .crc member should be __be32 then?
> >
> I disagree with using __be32.
> I have simplified this part of the code in v8 patch, please do check it out.
> So the CRC part of the data structure will remain __le32, and will be sent over UART to the chip in Little Endian format.
> It's just that the FW expects the CRC to be byte-swapped.
> Technically it is big endian format, but you may think of it as a "+1 level" of encryption (although it isn't).
> So defining this structure member as __be32 can create more questions
> than answers, leading to more confusion.
> If it helps, I have also added a small comment in there to signify that
> the FW expects CRC in byte swapped method.
I'd have still put the member as __be32 and commented the swap expectation
there. But it's not an end of the world even in the current form.
> > > > > + serdev_device_write_buf(nxpdev->serdev, (u8 *)&nxp_cmd7,
> > > > > + req_len);
> > > >
> > > > Is it safe to assume req_len is small enough to not leak stack content?
> > > The chip requests chunk of FW data which is never more than 2048 bytes
> > > at a time.
> >
> > Eh, sizeof(*nxp_cmd7) is 16 bytes!?! Are you sure that req_len given to
> > serdev_device_write_buf() is not larger than 16 bytes?
> >
> I have now replaced req_len with sizeof(<struct>).
> There is also a check in the beginning of the function to return if req_len is not 16 bytes.
Ah, I'd missed that check for some reason.
--
i.