| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Jul 2017 11:12:18 +0200
From: Alexander Dahl <ada@...rsis.com>
To: Boris Brezillon <boris.brezillon@...e-electrons.com>
Cc: linux-arm-kernel@...ts.infradead.org,
Nicolas Ferre <nicolas.ferre@...el.com>,
Alexandre Belloni <alexandre.belloni@...e-electrons.com>,
Lee Jones <lee.jones@...aro.org>,
Samuel Ortiz <sameo@...ux.intel.com>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/7] memory: atmel-ebi: Simplify SMC config code
Hello Boris,
while testing v4.13-rc2 on an at91sam9g20 baed platform I'm coming back
to this topic. Meanwhile the whole new SMC and NAND below EBI stuff is
in mainline, this TDF bug however is still in there. See below (all
quoted code parts from v4.13-rc2):
Am Donnerstag, 2. März 2017, 13:30:13 schrieb Boris Brezillon:
> Alexander Dahl <ada@...rsis.com> wrote:
> > #define ATMEL_SMC_MODE_TDF(x) (((x) - 1) << 16)
[…]
> > The hardware manual (AT91SAM9G20) says values from 0 to 15 (4bit,
> > 0x0 to 0xF) are possible and I guess the goal is to set it to a
> > value corresponding to the value in ns from the dts or to 15 if
> > it's greater (or -EINVAL in the new version).
> >
> > However how can one set it to zero? Put in zero to the div you get
> > zero for ncycles or val and that goes as x into (((x) - 1) << 16)
> > which results in 0xF ending up as TDF_CYCLES in the mode register,
> > right?
>
> Indeed.
>
> > I can of course set a slightly greater value, which ends up in a
> > calculated register value of zero, but that seems more a hack to me
> > and is not obvious if I just look at the DTS.
>
> No, we should fix the bug.
>
> > If I'm right this might be topic of another bugfix patch, or should
> > it be done right in a v2 of this one?
>
> It should be done right in a v2. Something like:
>
> if (ncycles < ATMEL_SMC_MODE_TDF_MIN)
> ncycles = ATMEL_SMC_MODE_TDF_MIN;
>
> with
>
> #define ATMEL_SMC_MODE_TDF_MIN 1
I checked the SAMA5D3x datasheet today and it has the same mode register
layout regarding the TDF parts. So allowed are register values from 0 to
15 ending up in 0 to 15 clock cycles of Data Float Time.
The code in include/linux/mfd/syscon/atmel-smc.h is this:
#define ATMEL_SMC_MODE_TDF_MASK GENMASK(19, 16)
#define ATMEL_SMC_MODE_TDF(x) (((x) - 1) << 16)
#define ATMEL_SMC_MODE_TDF_MAX 16
#define ATMEL_SMC_MODE_TDF_MIN 1
#define ATMEL_SMC_MODE_TDFMODE_OPTIMIZED BIT(20)
This ATMEL_SMC_MODE_TDF() is used in drivers/memory/atmel-ebi.c to setup
the external memory interface with timings from dts. A line there inside
an ebi node may look like this (see for example
arch/arm/boot/dts/sama5d3xcm.dtsi):
atmel,smc-tdf-ns = <0>;
The value is expected in nanoseconds and I would expect a direct mapping
from 0ns to a register value of 0. This is not the case in code
(drivers/memory/atmel-ebi.c):
if (ncycles > ATMEL_SMC_MODE_TDF_MAX ||
ncycles < ATMEL_SMC_MODE_TDF_MIN) {
ret = -EINVAL;
goto out;
}
ATMEL_SMC_MODE_TDF_MIN is 1, so a possible 0 value from dts is not
allowed in here and atmel_ebi_xslate_smc_timings() fails. In fact to get
a register value of 0 for 0 TDF clock cycles I would have to set e.g.
8ns in dts. So this didn't make it in some v2 and is still broken.
I could fix this and provide a patch, but I'm not sure about the second
place where ATMEL_SMC_MODE_TDF() is used which is the NAND driver in
drivers/mtd/nand/atmel/nand-controller.c. I'm not familiar enough with
NAND to judge if this "min = 1, max = 16, decrease by 1 for applying to
register" approach is needed there. I would say no, because it also is a
counterintuitive offset, but I would prefer a explanation why the code
is like this, before touching and breaking anything. ;-)
Greets
Alex
Powered by blists - more mailing lists