Received: by 2002:a19:f614:0:0:0:0:0 with SMTP id x20csp45161lfe; Fri, 15 Apr 2022 18:39:59 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxunp8jV74DhI3MVxk135D6zDwwhTnphuvI9uvERQNi3ua7fn9p830SQQRRACaEB9oPvH5A X-Received: by 2002:a17:90b:4b82:b0:1cb:7aec:a830 with SMTP id lr2-20020a17090b4b8200b001cb7aeca830mr7049461pjb.232.1650073199558; Fri, 15 Apr 2022 18:39:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650073199; cv=none; d=google.com; s=arc-20160816; b=SahLxZNAKprWsvFi5uGztTNCVNG3LHN60RBSH5h1f4nTOhCmMlcRszM4u6WP6UmgP6 X3JrGRrRb4QpM6Akx8bgBRzMGSXVe1Ax1j1pNHoWN/2M1H0p3KX+RukTbvPVwvIYSQ1l vs26A6y5sHpXbsdWo+tciRvSILQptiaOlq0+MOm2vhOFhM81a42SbwqDOJ0qeVdZcljA Qus+7x4kTSaFRurwq5agkfx1HvHvqkkxS+k2b/sF5e1qYQSNzIlm9gjpMMGXTZcusESB pZwEBpHYcUBZaBuEOIK5a4Zjg+vjjFn5UBnVubAktXOkspJgRUdCs9LEOK9EgmTue+lo /PeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=9tNvoCsfDcS/KAQ2EYnPv39GtEJ29zKgD8V1rLHIr7g=; b=yplU+gHsLgwgw/2l0RP/4pfZcSax+bYojnv5Qnzce/yWt/fLslnMy6xxMflOJ26qSA hykO8SJx1DnjO8lUv1uFY+c8v3gSfR1JXnBXgiJuabASFp5TVKC1H0oDKtdpwShsxPhE 3kyT0CCKvR257uTVY8P9DtBl6//EgKqYNhzV8l5GY7O7fe66IyvSiJYbsEKTMN6qIz/8 6JF2R9+ddvjrAitL7uOW8VHB75Fj6f5y4ncYwqzczvo7Gab01+qHCb54FB5qMmhsTciC GQyYg6c/cVhmTLx+77sUopzprc7z/NymhxAomqlaOuwEXCyluur6a6XbSgKGF5CZt3p0 WOEg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b="QQ/wZ0DS"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id v5-20020a17090a458500b001d20ca072f6si517939pjg.134.2022.04.15.18.39.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Apr 2022 18:39:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b="QQ/wZ0DS"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id C5BBE64F0; Fri, 15 Apr 2022 18:05:17 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237637AbiDMVBT (ORCPT + 99 others); Wed, 13 Apr 2022 17:01:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42960 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231377AbiDMVBQ (ORCPT ); Wed, 13 Apr 2022 17:01:16 -0400 Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2BEB47664C for ; Wed, 13 Apr 2022 13:58:54 -0700 (PDT) Received: by mail-lf1-x133.google.com with SMTP id k5so5704545lfg.9 for ; Wed, 13 Apr 2022 13:58:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to:content-transfer-encoding; bh=9tNvoCsfDcS/KAQ2EYnPv39GtEJ29zKgD8V1rLHIr7g=; b=QQ/wZ0DSPQ3Y+X2XG0uJ2UBBtbE4uITUlnhxX7vm5NQpjEhAvTpBNY9wEGSOXgK5q+ aga2qMJaHHJ6PgzJ24K7xikAEYClC/+Z4NW3aeG3KHprnjEdNOJnWU9TiQimunUpygrw +pp5RqAgC14EQcx4YJ3dVfdKYzFgOxrnxFSlFeQsFSdDj2KwfZz34idpCBoFMw2kH+OK eul0wWDMSXVCGsNx9jusbmxenBtkC3ZkANpRgR/8+soHL805+vnxl+Fno1/F/Ny2t3NW 7FaciLQyJYq5M8UErgNMW3bcOjtzb6v64L9c7G6cUPOKIlFxfWsrfz7+WB255XTOQJyC uKVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=9tNvoCsfDcS/KAQ2EYnPv39GtEJ29zKgD8V1rLHIr7g=; b=59DEd+Az0DlGDPOiyelVdd92AX70wTr84ez0grm4K4c+2Q8jjtEDwbpRXwnpzlzJIU zwt8tpXcNC50EwKQg5GEeFe2ByoMdeqeAf9dcDS7llGX2OpZjMtgtloKSb/c/r6qhx/O jmTcrhy15Ro3BGn40d3dy5EiVFbXfdYgRHaySU31lPMnvq/8ICvBGZcEptqqatuqB9FQ qdrLB0oAEsy8J2yHudaWEqHshWtROortV1EvCUcrFKfZ3bMjXLnb2PV5+vrzjnaoDb32 eF59m9cxvaBvdVZ7MMtUq1txrqF+xTMLerczTUREQbe+UppwaCQb8gIabhX5d6hJIzap 07Rw== X-Gm-Message-State: AOAM5331MnBy6Hs+STWIPnWFLB/Jkb3VPELOExtc8tGkynZSCSSU062w abWeUPslvnbphixHkTto7b8= X-Received: by 2002:a05:6512:2292:b0:46b:a65c:91b9 with SMTP id f18-20020a056512229200b0046ba65c91b9mr11181731lfu.663.1649883532358; Wed, 13 Apr 2022 13:58:52 -0700 (PDT) Received: from [192.168.1.11] ([94.103.225.17]) by smtp.gmail.com with ESMTPSA id s10-20020a19ad4a000000b0044826a25a2esm5284lfd.292.2022.04.13.13.58.51 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 13 Apr 2022 13:58:52 -0700 (PDT) Message-ID: Date: Wed, 13 Apr 2022 23:58:51 +0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Subject: Re: staging: r8188eu: struct rt_firmware_header issues Content-Language: en-US To: Michael Straube , Larry Finger Cc: Phillip Potter , Greg KH , "open list:STAGING SUBSYSTEM" , Linux Kernel Mailing List References: <94a72ecc-3acd-758b-15a4-a7d56bf03fbe@gmail.com> From: Pavel Skripkin In-Reply-To: <94a72ecc-3acd-758b-15a4-a7d56bf03fbe@gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-5.6 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A, RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Michael, On 4/13/22 19:27, Michael Straube wrote: > Hi all, > > I think the rt_firmware_hdr structure in rtw_fw.c has some issues. > > > struct rt_firmware_hdr { > /* 8-byte alinment required */ > /* LONG WORD 0 ---- */ > __le16 Signature; /* 92C0: test chip; 92C, > * 88C0: test chip; 88C1: MP A-cut; > * 92C1: MP A-cut */ > u8 Category; /* AP/NIC and USB/PCI */ > u8 Function; /* Reserved for different FW function > * indcation, for further use when > * driver needs to download different > * FW for different conditions */ > __le16 Version; /* FW Version */ > u8 Subversion; /* FW Subversion, default 0x00 */ > u16 Rsvd1; > > /* LONG WORD 1 ---- */ > u8 Month; /* Release time Month field */ > u8 Date; /* Release time Date field */ > u8 Hour; /* Release time Hour field */ > u8 Minute; /* Release time Minute field */ > __le16 RamCodeSize; /* The size of RAM code */ > u8 Foundry; > u8 Rsvd2; > > /* LONG WORD 2 ---- */ > __le32 SvnIdx; /* The SVN entry index */ > u32 Rsvd3; > > /* LONG WORD 3 ---- */ > u32 Rsvd4; > u32 Rsvd5; > }; > > > Then we have in rtl8188e_firmware_download(): > > > fwhdr = (struct rt_firmware_hdr *)dvobj->firmware.data; > > > > if (IS_FW_HEADER_EXIST(fwhdr)) { > /* Shift 32 bytes for FW header */ > fw_data = fw_data + 32; > fw_size = fw_size - 32; > } > > We add/sub 32 bytes but the size of struct rt_firmware_hdr is actually > 33 bytes. I noticed this when I wanted to replace: > Looks like size of that structure is 36 └──$ pahole -C rt_firmware_hdr r8188eu.ko struct rt_firmware_hdr { __le16 Signature; /* 0 2 */ u8 Category; /* 2 1 */ u8 Function; /* 3 1 */ __le16 Version; /* 4 2 */ u8 Subversion; /* 6 1 */ /* XXX 1 byte hole, try to pack */ u16 Rsvd1; /* 8 2 */ u8 Month; /* 10 1 */ u8 Date; /* 11 1 */ u8 Hour; /* 12 1 */ u8 Minute; /* 13 1 */ __le16 RamCodeSize; /* 14 2 */ u8 Foundry; /* 16 1 */ u8 Rsvd2; /* 17 1 */ /* XXX 2 bytes hole, try to pack */ __le32 SvnIdx; /* 20 4 */ u32 Rsvd3; /* 24 4 */ u32 Rsvd4; /* 28 4 */ u32 Rsvd5; /* 32 4 */ /* size: 36, cachelines: 1, members: 17 */ /* sum members: 33, holes: 2, sum holes: 3 */ /* last cacheline: 36 bytes */ }; And these comments like 'LONG WORD 1' looks misleading, maybe worth removing. > fw_data = fw_data + 32; > fw_size = fw_size - 32; > > with: > fw_data = fw_data + sizeof(struct rt_firmware_hdr); > fw_size = fw_size - sizeof(struct rt_firmware_hdr);; > > To me it looks add/sub 32 is correct here but the struct is > wrong. I don't know if the firmware for this driver is so much different > from firmware for the drivers in drivers/net/wireless/realtek/rtlwifi. > They use a struct of size 32. > I am not sure about 32... Why non-packed structures are passed via wires? Maybe `__packed` is missing? Is realtek fw open-source? Just thoughts. > Also, souldn't the u16 and u32 variables in the struct be __le16 and > __le32 ? > > I wonder if we can just use the rtlwifi_firmware_header structure from > drivers/net/wireless/realtek/rtlwifi/wifi.h ? > We _should_ use it, since its size is indeed 32 bytes. └──$ pahole -s vmlinux | rg rtlwifi_firmware_header rtlwifi_firmware_header 32 0 Looks like you have found a real bug With regards, Pavel Skripkin