lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <fd95b6e8-9219-a07c-2916-191757c052b4@microchip.com>
Date:   Wed, 28 Nov 2018 13:17:15 +0000
From:   <Tudor.Ambarus@...rochip.com>
To:     <eugeniy.paltsev@...opsys.com>, <linux-mtd@...ts.infradead.org>
CC:     <computersforpeace@...il.com>, <marek.vasut@...il.com>,
        <richard@....at>, <vineet.gupta1@...opsys.com>,
        <alexey.brodkin@...opsys.com>, <linux-kernel@...r.kernel.org>,
        <boris.brezillon@...tlin.com>,
        <linux-snps-arc@...ts.infradead.org>, <dwmw2@...radead.org>
Subject: Re: [PATCH v2 1/2] mtd: spi-nor: Add support of sst26wf* flash ICs
 protection ops

Hi, Eugeniy,

Sorry that I reply to this email and not to the patch itself, I haven't received
it. It's because of my funny email server :).

On 10/15/2018 05:21 PM, Eugeniy Paltsev wrote:
> Hi!
> 
> Maybe you have any comments or remarks about this patch?
> And if you don't could you please apply it. Thanks!
> 
> On Mon, 2018-09-10 at 14:46 +0300, Eugeniy Paltsev wrote:
>> sst26wf flash series block protection implementation differs
>> from other SST series, so add specific implementation
>> flash_lock/flash_unlock/flash_is_locked functions for sst26wf
>> flash ICs.
>>
>> NOTE:
>> this patch is basically following mine u-boot commit port:
>> http://git.denx.de/?p=u-boot.git;a=commitdiff;h=3d4fed87a5fa3ffedf64ff2811cd95c5ac4503ac
>>
>> Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@...opsys.com>
>> ---
>> Changes v1->v2:
>>  * Check return value of {read | write}_reg callbacks.
>>
>>  drivers/mtd/spi-nor/spi-nor.c | 177 ++++++++++++++++++++++++++++++++++++++++++
>>  include/linux/mtd/spi-nor.h   |   4 +
>>  2 files changed, 181 insertions(+)
>>
>> diff --git a/drivers/mtd/spi-nor/spi-nor.c b/drivers/mtd/spi-nor/spi-nor.c
>> index d9c368c44194..d0e7c85b6002 100644
>> --- a/drivers/mtd/spi-nor/spi-nor.c
>> +++ b/drivers/mtd/spi-nor/spi-nor.c
>> @@ -598,6 +598,177 @@ static int write_sr_and_check(struct spi_nor *nor, u8 status_new, u8 mask)
>>  	return ((ret & mask) != (status_new & mask)) ? -EIO : 0;
>>  }
>>  
>> +/*
>> + * sst26wf016/sst26wf032/sst26wf064 have next block protection:
>> + * 4x   - 8  KByte blocks - read & write protection bits - upper addresses
>> + * 1x   - 32 KByte blocks - write protection bits
>> + * rest - 64 KByte blocks - write protection bits
>> + * 1x   - 32 KByte blocks - write protection bits
>> + * 4x   - 8  KByte blocks - read & write protection bits - lower addresses
>> + *
>> + * We'll support only per 64k lock/unlock so lower and upper 64 KByte region
>> + * will be treated as single block.

You are treating the memory as uniform, thus addressing just part of the
individual-block lock support. The advantages of having non-uniform block locks
disappear. I would prefer to be able to lock each individual block.

>> + */
>> +#define SST26_BPR_8K_NUM		4
>> +#define SST26_MAX_BPR_REG_LEN		(18 + 1)
18 + 1 doesn't say much. It's rather a personal preference, but I would define
it like:

/* BPR maximum length in bytes (SST26 maximum flash size is 64 Mbits). */
#define SST26_BPR_MAX_LEN	(SZ_8M / SZ_64K / BITS_PER_BYTE)

Note that the result is actually 18, you have:
(126 (64kB blocks) + 2 (32kB blocks) + 2 bits * 8 (8kB blocks)) / 8 = 18

>> +#define SST26_BOUND_REG_SIZE		((32 + SST26_BPR_8K_NUM * 8) * SZ_1K)

this is always 64K. I would drop the math, directly assign 64k and rename it
with something like SST26_HYBRID_SIZE. SST26_BPR_8K_NUM will disappear.

>> +
>> +enum lock_ctl {
>> +	SST26_CTL_LOCK,
>> +	SST26_CTL_UNLOCK,
>> +	SST26_CTL_CHECK
>> +};
>> +
>> +static bool sst26_process_bpr(u32 bpr_size, u8 *cmd, u32 bit, enum lock_ctl ctl)
>> +{
>> +	switch (ctl) {
>> +	case SST26_CTL_LOCK:
>> +		cmd[bpr_size - (bit / 8) - 1] |= BIT(bit % 8);>> +		break;
>> +	case SST26_CTL_UNLOCK:
>> +		cmd[bpr_size - (bit / 8) - 1] &= ~BIT(bit % 8);
>> +		break;
>> +	case SST26_CTL_CHECK:
>> +		return !!(cmd[bpr_size - (bit / 8) - 1] & BIT(bit % 8));
>> +	}
>> +
>> +	return false;
>> +}
>> +
>> +/*
>> + * Lock, unlock or check lock status of the flash region of the flash (depending
>> + * on the lock_ctl value)

kernel doc comments would be nice

>> + */
>> +static int sst26_lock_ctl(struct spi_nor *nor, loff_t ofs, uint64_t len, enum lock_ctl ctl)

WARNING: line over 80 characters
#91: FILE: drivers/mtd/spi-nor/spi-nor.c:642:
+static int sst26_lock_ctl(struct spi_nor *nor, loff_t ofs, uint64_t len, enum
lock_ctl ctl)

>> +{
>> +	struct mtd_info *mtd = &nor->mtd;
>> +	u32 i, bpr_ptr, rptr_64k, lptr_64k, bpr_size;
>> +	bool lower_64k = false, upper_64k = false;
>> +	u8 bpr_buff[SST26_MAX_BPR_REG_LEN] = {};
>> +	int ret;

I would reorder the declarations to avoid stack padding: pointers, u32, int, u8
and bool.

>> +
>> +	/* Check length and offset for 64k alignment */
>> +	if ((ofs & (SZ_64K - 1)) || (len & (SZ_64K - 1))) {
>> +		dev_err(nor->dev, "length or offset is not 64KiB allighned\n");

s/allighned/aligned

>> +		return -EINVAL;
>> +	}
>> +
>> +	if (ofs + len > mtd->size) {
>> +		dev_err(nor->dev, "range is more than device size: %#llx + %#llx > %#llx\n",
>> +			ofs, len, mtd->size);
>> +		return -EINVAL;
>> +	}
>> +
>> +	/* SST26 family has only 16 Mbit, 32 Mbit and 64 Mbit IC */
>> +	if (mtd->size != SZ_2M &&
>> +	    mtd->size != SZ_4M &&
>> +	    mtd->size != SZ_8M)

It's strange to see a mtd->size check here. This silently implies that there
might be cases that are not treated by this code.

>> +		return -EINVAL;
>> +
>> +	bpr_size = 2 + (mtd->size / SZ_64K / 8);

2 is not needed if I understood correctly.

>> +
>> +	ret = nor->read_reg(nor, SPINOR_OP_READ_BPR, bpr_buff, bpr_size);

ok, I guess you did the mtd->size check to avoid bpr_buff overflow. Wouldn't be
better to get rid of the mtd->size check and to allocate the buffer on heap
using bpr_size?

>> +	if (ret < 0) {
>> +		dev_err(nor->dev, "fail to read block-protection register\n");
>> +		return ret;
>> +	}
>> +
>> +	rptr_64k = min_t(u32, ofs + len, mtd->size - SST26_BOUND_REG_SIZE);
>> +	lptr_64k = max_t(u32, ofs, SST26_BOUND_REG_SIZE);
>> +
>> +	upper_64k = ((ofs + len) > (mtd->size - SST26_BOUND_REG_SIZE));
>> +	lower_64k = (ofs < SST26_BOUND_REG_SIZE);
>> +
>> +	/* Lower bits in block-protection register are about 64k region */
>> +	bpr_ptr = lptr_64k / SZ_64K - 1;
>> +
>> +	/* Process 64K blocks region */
>> +	while (lptr_64k < rptr_64k) {
>> +		if (sst26_process_bpr(bpr_size, bpr_buff, bpr_ptr, ctl))
>> +			return EACCES;
>> +
>> +		bpr_ptr++;
>> +		lptr_64k += SZ_64K;
>> +	}
>> +
>> +	/* 32K and 8K region bits in BPR are after 64k region bits */
>> +	bpr_ptr = (mtd->size - 2 * SST26_BOUND_REG_SIZE) / SZ_64K;
>> +
>> +	/* Process lower 32K block region */
>> +	if (lower_64k)
>> +		if (sst26_process_bpr(bpr_size, bpr_buff, bpr_ptr, ctl))
>> +			return EACCES;
>> +
>> +	bpr_ptr++;
>> +
>> +	/* Process upper 32K block region */
>> +	if (upper_64k)
>> +		if (sst26_process_bpr(bpr_size, bpr_buff, bpr_ptr, ctl))
>> +			return EACCES;
>> +
>> +	bpr_ptr++;
>> +
>> +	/* Process lower 8K block regions */
>> +	for (i = 0; i < SST26_BPR_8K_NUM; i++) {
>> +		if (lower_64k)
>> +			if (sst26_process_bpr(bpr_size, bpr_buff, bpr_ptr, ctl))
>> +				return EACCES;
>> +
>> +		/* In 8K area BPR has both read and write protection bits */
>> +		bpr_ptr += 2;
>> +	}
>> +
>> +	/* Process upper 8K block regions */
>> +	for (i = 0; i < SST26_BPR_8K_NUM; i++) {
>> +		if (upper_64k)
>> +			if (sst26_process_bpr(bpr_size, bpr_buff, bpr_ptr, ctl))
>> +				return EACCES;
>> +
>> +		/* In 8K area BPR has both read and write protection bits */

however you treat just the write protection bit. Am I missing something?

>> +		bpr_ptr += 2;
>> +	}
>> +
>> +	/* If we check region status we don't need to write BPR back */
>> +	if (ctl == SST26_CTL_CHECK)
>> +		return 0;
>> +
>> +	ret = nor->write_reg(nor, SPINOR_OP_WRITE_BPR, bpr_buff, bpr_size);
>> +	if (ret < 0) {
>> +		dev_err(nor->dev, "fail to write block-protection register\n");
>> +		return ret;
>> +	}
>> +
>> +	return 0;
>> +}
>> +
>> +static int sst26_unlock(struct spi_nor *nor, loff_t ofs, uint64_t len)
>> +{
>> +	return sst26_lock_ctl(nor, ofs, len, SST26_CTL_UNLOCK);
>> +}
>> +
>> +static int sst26_lock(struct spi_nor *nor, loff_t ofs, uint64_t len)
>> +{
>> +	return sst26_lock_ctl(nor, ofs, len, SST26_CTL_LOCK);
>> +}
>> +
>> +/*
>> + * Returns EACCES (positive value) if region is locked, 0 if region is unlocked,

It would be better to be consistent with mtd-utils and return 1 if the region is
locked.

>> + * and negative on errors.
>> + */
>> +static int sst26_is_locked(struct spi_nor *nor, loff_t ofs, uint64_t len)
>> +{
>> +	/*
>> +	 * is_locked function is used for check before reading or erasing flash
>> +	 * region, so offset and length might be not 64k allighned, so adjust
>> +	 * them to be 64k allighned as sst26_lock_ctl works only with 64k
>> +	 * allighned regions.

s/allighned/aligned

>> +	 */
>> +	ofs -= ofs & (SZ_64K - 1);
>> +	len = len & (SZ_64K - 1) ? (len & ~(SZ_64K - 1)) + SZ_64K : len;
>> +
>> +	return sst26_lock_ctl(nor, ofs, len, SST26_CTL_CHECK);
>> +}
>> +
>>  static void stm_get_locked_range(struct spi_nor *nor, u8 sr, loff_t *ofs,
>>  				 uint64_t *len)
>>  {
>> @@ -2872,6 +3043,12 @@ int spi_nor_scan(struct spi_nor *nor, const char *name,
>>  		nor->flash_is_locked = stm_is_locked;
>>  	}
>>  
>> +	if (JEDEC_MFR(info) == SNOR_MFR_SST && info->id[1] == 0x26) {

This implies the entire sst26 family. Did you check that the individual-block
protection is the same on all flashes?

Cheers,
ta

>> +		nor->flash_lock = sst26_lock;
>> +		nor->flash_unlock = sst26_unlock;
>> +		nor->flash_is_locked = sst26_is_locked;
>> +	}
>> +
>>  	if (nor->flash_lock && nor->flash_unlock && nor->flash_is_locked) {
>>  		mtd->_lock = spi_nor_lock;
>>  		mtd->_unlock = spi_nor_unlock;
>> diff --git a/include/linux/mtd/spi-nor.h b/include/linux/mtd/spi-nor.h
>> index e60da0d34cc1..246014a73f83 100644
>> --- a/include/linux/mtd/spi-nor.h
>> +++ b/include/linux/mtd/spi-nor.h
>> @@ -93,6 +93,10 @@
>>  #define SPINOR_OP_WRDI		0x04	/* Write disable */
>>  #define SPINOR_OP_AAI_WP	0xad	/* Auto address increment word program */
>>  
>> +/* Used for SST26* flashes only. */
>> +#define SPINOR_OP_READ_BPR	0x72	/* Read block protection register */
>> +#define SPINOR_OP_WRITE_BPR	0x42	/* Write block protection register */
>> +
>>  /* Used for S3AN flashes only */
>>  #define SPINOR_OP_XSE		0x50	/* Sector erase */
>>  #define SPINOR_OP_XPP		0x82	/* Page program */

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ