lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 11 Mar 2022 17:53:32 +0100
From:   Geert Uytterhoeven <geert+renesas@...der.be>
To:     Wolfram Sang <wsa+renesas@...g-engineering.com>,
        Krzysztof Kozlowski <krzysztof.kozlowski@...onical.com>
Cc:     Sergey Shtylyov <s.shtylyov@....ru>, Lad@....of.borg,
        Prabhakar <prabhakar.mahadev-lad.rj@...renesas.com>,
        Andrew Gabbasov <andrew_gabbasov@...tor.com>,
        linux-renesas-soc@...r.kernel.org, linux-mtd@...ts.infradead.org,
        linux-kernel@...r.kernel.org,
        Geert Uytterhoeven <geert+renesas@...der.be>
Subject: [PATCH RFC] memory: renesas-rpc-if: Fix HF/OSPI data transfer in Manual mode

HyperFlash devices fail to probe:

    rpc-if-hyperflash rpc-if-hyperflash: probing of hyperbus device failed

In HyperFLASH or Octal-SPI Flash mode, the Transfer Data Enable bits
(SPIDE) in the Manual Mode Enable Setting Register (SMENR) are derived
from half of the transfer size, cfr. the rpcif_bits_set() helper
function.

Hence when converting back from Transfer Data Enable bits to transfer
size, the bus width must be taken into account, and all Manual Mode Data
Register access sizes must be doubled when communicating with a
HyperFLASH or Octal-SPI Flash device.

Fixes: fff53a551db50f5e ("memory: renesas-rpc-if: Correct QSPI data transfer in Manual mode")
Signed-off-by: Geert Uytterhoeven <geert+renesas@...der.be>
---
Marked RFC, a (1) we should avoid the back-and-forth conversion between
transfer size and Transfer Data Enable bits, and (2) actual HyperFlash
data reads (which follows a completely different code path) still return
all zeros.

On Salvator-XS with unlocked HyperFlash, the HyperFlash is now detected
again, cfr. (with DEBUG_CFI enabled):

    Number of erase regions: 1
    Primary Vendor Command Set: 0002 (AMD/Fujitsu Standard)
    Primary Algorithm Table at 0040
    Alternative Vendor Command Set: 0000 (None)
    No Alternate Algorithm Table
    Vcc Minimum:  1.7 V
    Vcc Maximum:  1.9 V
    No Vpp line
    Typical byte/word write timeout: 512 \xc2\xb5s
    Maximum byte/word write timeout: 2048 \xc2\xb5s
    Typical full buffer write timeout: 512 \xc2\xb5s
    Maximum full buffer write timeout: 2048 \xc2\xb5s
    Typical block erase timeout: 1024 ms
    Maximum block erase timeout: 4096 ms
    Typical chip erase timeout: 262144 ms
    Maximum chip erase timeout: 1048576 ms
    Device size: 0x4000000 bytes (64 MiB)
    Flash Device Interface description: 0x0000
      - x8-only asynchronous interface
    Max. bytes in buffer write: 0x200
    Number of Erase Block Regions: 1
      Erase Region #0: BlockSize 0x40000 bytes, 256 blocks
    rpc-if-hyperflash: Found 1 x16 devices at 0x0 in 16-bit bank. Manufacturer ID 0x000001 Chip ID 0x007000
    Amd/Fujitsu Extended Query Table at 0x0040
      Amd/Fujitsu Extended Query version 1.5.
    rpc-if-hyperflash: CFI contains unrecognised boot bank location (0). Assuming bottom.
    number of CFI chips: 1

At first, the failure looked like an endianness-issue, as reading two
bytes resulted in e.g. 0x51 0x00 instead of 0x00 0x51.  But it turned
out to be reading a single 8-bit value of 0x51 instead of a 16-bit value
of 0x5100.

Note that commit 0d37f69cacb33435 ("memory: renesas-rpc-if: Correct QSPI
data transfer in Manual mode") in the BSP does not suffer from this bug,
as it bases its decision on the real number of bytes to transfer, not on
the SMENR.SPIDE register bits.
---
 drivers/memory/renesas-rpc-if.c | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/drivers/memory/renesas-rpc-if.c b/drivers/memory/renesas-rpc-if.c
index 3fbdd2bb8bfdb6ec..9bf880f843437dc2 100644
--- a/drivers/memory/renesas-rpc-if.c
+++ b/drivers/memory/renesas-rpc-if.c
@@ -175,10 +175,16 @@ static int rpcif_reg_read(void *context, unsigned int reg, unsigned int *val)
 		u32 spide = readl(rpc->base + RPCIF_SMENR) & RPCIF_SMENR_SPIDE(0xF);
 
 		if (spide == 0x8) {
-			*val = readb(rpc->base + reg);
+			if (rpc->bus_size == 2)
+				*val = readw(rpc->base + reg);
+			else
+				*val = readb(rpc->base + reg);
 			return 0;
 		} else if (spide == 0xC) {
-			*val = readw(rpc->base + reg);
+			if (rpc->bus_size == 2)
+				*val = readl(rpc->base + reg);
+			else
+				*val = readw(rpc->base + reg);
 			return 0;
 		} else if (spide != 0xF) {
 			return -EILSEQ;
@@ -198,10 +204,16 @@ static int rpcif_reg_write(void *context, unsigned int reg, unsigned int val)
 		u32 spide = readl(rpc->base + RPCIF_SMENR) & RPCIF_SMENR_SPIDE(0xF);
 
 		if (spide == 0x8) {
-			writeb(val, rpc->base + reg);
+			if (rpc->bus_size == 2)
+				writew(val, rpc->base + reg);
+			else
+				writeb(val, rpc->base + reg);
 			return 0;
 		} else if (spide == 0xC) {
-			writew(val, rpc->base + reg);
+			if (rpc->bus_size == 2)
+				writel(val, rpc->base + reg);
+			else
+				writew(val, rpc->base + reg);
 			return 0;
 		} else if (spide != 0xF) {
 			return -EILSEQ;
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ