| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200929095951.1575658-3-tudor.ambarus@microchip.com>
Date: Tue, 29 Sep 2020 12:59:50 +0300
From: Tudor Ambarus <tudor.ambarus@...rochip.com>
To: <p.yadav@...com>, <vigneshr@...com>,
<boris.brezillon@...labora.com>
CC: <linux-mtd@...ts.infradead.org>, <linux-kernel@...r.kernel.org>,
"Tudor Ambarus" <tudor.ambarus@...rochip.com>
Subject: [RFC PATCH 2/3] mtd: spi-nor: Introduce MTD_SPI_NOR_ALLOW_STATEFUL_MODES
Some users may teach their bootloaders to discover and recover a
flash even when left in a statefull mode (a X-X-X I/O mode that is
configured via a non-volatile bit).
Provide a way for those users to enter in stateful modes. A reset
or a crash will leave the flash in full I/O mode and if the bootloader
does not know how to recover, the SPI NOR boot will be broken.
Flashes that will enable stateful modes will be accepted only if a
hook to recover from the stateful mode is provided in the kernel.
With this, even if a user will break its SPI NOR boot, it'll be able
to recover the flash at the kernel level (on those systems that have
at least another boot media). Both the Kconfig and the acceptance
restriction are needed, so that we don't end up completely hopeless
and look at a flash for which there is no software to discover and
recover the flash. Even if we can recover the flash from a stateful
mode in kernel, entering the stateful mode is still dangerous if one's
bootloader can't handle it. We need a way to pass the responsibility
to the user and let him decide conciously about the risks of allowing
stateful modes.
Signed-off-by: Tudor Ambarus <tudor.ambarus@...rochip.com>
---
drivers/mtd/spi-nor/Kconfig | 10 ++++++++++
drivers/mtd/spi-nor/core.c | 2 ++
2 files changed, 12 insertions(+)
diff --git a/drivers/mtd/spi-nor/Kconfig b/drivers/mtd/spi-nor/Kconfig
index ffc4b380f2b1..ab62457559b2 100644
--- a/drivers/mtd/spi-nor/Kconfig
+++ b/drivers/mtd/spi-nor/Kconfig
@@ -24,6 +24,16 @@ config MTD_SPI_NOR_USE_4K_SECTORS
Please note that some tools/drivers/filesystems may not work with
4096 B erase size (e.g. UBIFS requires 15 KiB as a minimum).
+config MTD_SPI_NOR_ALLOW_STATEFUL_MODES
+ bool "Allow stateful modes (DANGEROUS)"
+ help
+ Allow the flash to enter in full I/O mode via a non-volatile bit.
+ A reset or a crash will leave the flash in the full I/O mode and if
+ the bootloader does not know how to recover, the SPI NOR boot will be
+ broken.
+
+ Say N, unless you absolutely know what you are doing.
+
source "drivers/mtd/spi-nor/controllers/Kconfig"
endif # MTD_SPI_NOR
diff --git a/drivers/mtd/spi-nor/core.c b/drivers/mtd/spi-nor/core.c
index c149b318e2e8..e89c3ea9a736 100644
--- a/drivers/mtd/spi-nor/core.c
+++ b/drivers/mtd/spi-nor/core.c
@@ -3089,8 +3089,10 @@ static int spi_nor_octal_dtr_enable(struct spi_nor *nor, bool enable)
nor->write_proto == SNOR_PROTO_8_8_8_DTR))
return 0;
+#ifndef CONFIG_MTD_SPI_NOR_ALLOW_STATEFUL_MODES
if (!(nor->flags & SNOR_F_IO_MODE_EN_VOLATILE))
return 0;
+#endif
ret = nor->params->octal_dtr_enable(nor, enable);
if (ret)
--
2.25.1
Powered by blists - more mailing lists