lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230704170858.2a64c181@xps-13>
Date:   Tue, 4 Jul 2023 17:08:58 +0200
From:   Miquel Raynal <miquel.raynal@...tlin.com>
To:     Johan Jonker <jbx6244@...il.com>
Cc:     richard@....at, vigneshr@...com, heiko@...ech.de,
        linux-mtd@...ts.infradead.org, linux-kernel@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org,
        linux-rockchip@...ts.infradead.org, yifeng.zhao@...k-chips.com
Subject: Re: [PATCH v3 2/3] mtd: rawnand: rockchip-nand-controller: copy
 hwecc PA data to oob_poi buffer

Hi Johan,

jbx6244@...il.com wrote on Thu, 15 Jun 2023 19:34:13 +0200:

> Rockchip boot blocks are written per 4 x 512 byte sectors per page.
> Each page must have a page address (PA) pointer in OOB to the next page.

Only when used as boot device I guess? It's a BootROM limitation.

> Pages are written in a pattern depending on the NAND chip ID.
> This logic used to build a page pattern table is not fully disclosed and
> is not easy to fit in the MTD framework.
> The formula in rk_nfc_write_page_hwecc() function is not correct.
> Make hwecc and raw behavior identical.

So this is a fix as well, deserves a tag. Whatever the reason why you
need this, the issue you are solving is: write_page_hwecc and
write_page_raw are not aligned.

> Generate boot block page address and pattern for hwecc in user space
> and copy PA data to/from the already reserved last 4 bytes before EEC

ECC

> in the chip->oob_poi data layout.
> 
> This patch breaks all existing jffs2 users that have free OOB overlap
> with the reserved space for PA data.
> 
> Signed-off-by: Johan Jonker <jbx6244@...il.com>
> ---
> 
> Changed V3:
>   Change prefixes
>   Reword
> ---
>  .../mtd/nand/raw/rockchip-nand-controller.c   | 34 ++++++++++++-------
>  1 file changed, 21 insertions(+), 13 deletions(-)
> 
> diff --git a/drivers/mtd/nand/raw/rockchip-nand-controller.c b/drivers/mtd/nand/raw/rockchip-nand-controller.c
> index 37fc07ba5..5a0468034 100644
> --- a/drivers/mtd/nand/raw/rockchip-nand-controller.c
> +++ b/drivers/mtd/nand/raw/rockchip-nand-controller.c
> @@ -598,7 +598,7 @@ static int rk_nfc_write_page_hwecc(struct nand_chip *chip, const u8 *buf,
>  	int pages_per_blk = mtd->erasesize / mtd->writesize;
>  	int ret = 0, i, boot_rom_mode = 0;
>  	dma_addr_t dma_data, dma_oob;
> -	u32 reg;
> +	u32 tmp;
>  	u8 *oob;
> 
>  	nand_prog_page_begin_op(chip, page, 0, NULL, 0);
> @@ -625,6 +625,13 @@ static int rk_nfc_write_page_hwecc(struct nand_chip *chip, const u8 *buf,
>  	 *
>  	 *   0xFF 0xFF 0xFF 0xFF | BBM OOB1 OOB2 OOB3 | ...
>  	 *
> +	 * The code here just swaps the first 4 bytes with the last
> +	 * 4 bytes without losing any data.
> +	 *
> +	 * The chip->oob_poi data layout:
> +	 *
> +	 *    BBM  OOB1 OOB2 OOB3 |......|  PA0  PA1  PA2  PA3
> +	 *
>  	 * Configure the ECC algorithm supported by the boot ROM.
>  	 */
>  	if ((page < (pages_per_blk * rknand->boot_blks)) &&
> @@ -635,21 +642,17 @@ static int rk_nfc_write_page_hwecc(struct nand_chip *chip, const u8 *buf,
>  	}
> 
>  	for (i = 0; i < ecc->steps; i++) {
> -		if (!i) {
> -			reg = 0xFFFFFFFF;
> -		} else {
> +		if (!i)
> +			oob = chip->oob_poi + (ecc->steps - 1) * NFC_SYS_DATA_SIZE;
> +		else
>  			oob = chip->oob_poi + (i - 1) * NFC_SYS_DATA_SIZE;
> -			reg = oob[0] | oob[1] << 8 | oob[2] << 16 |
> -			      oob[3] << 24;
> -		}
> 
> -		if (!i && boot_rom_mode)

So we no longer need boot_rom_mode? Or do we?

> -			reg = (page & (pages_per_blk - 1)) * 4;
> +		tmp = oob[0] | oob[1] << 8 | oob[2] << 16 | oob[3] << 24;
> 
>  		if (nfc->cfg->type == NFC_V9)
> -			nfc->oob_buf[i] = reg;
> +			nfc->oob_buf[i] = tmp;
>  		else
> -			nfc->oob_buf[i * (oob_step / 4)] = reg;
> +			nfc->oob_buf[i * (oob_step / 4)] = tmp;
>  	}
> 
>  	dma_data = dma_map_single(nfc->dev, (void *)nfc->page_buf,
> @@ -812,12 +815,17 @@ static int rk_nfc_read_page_hwecc(struct nand_chip *chip, u8 *buf, int oob_on,
>  		goto timeout_err;
>  	}
> 
> -	for (i = 1; i < ecc->steps; i++) {
> -		oob = chip->oob_poi + (i - 1) * NFC_SYS_DATA_SIZE;
> +	for (i = 0; i < ecc->steps; i++) {
> +		if (!i)
> +			oob = chip->oob_poi + (ecc->steps - 1) * NFC_SYS_DATA_SIZE;
> +		else
> +			oob = chip->oob_poi + (i - 1) * NFC_SYS_DATA_SIZE;
> +
>  		if (nfc->cfg->type == NFC_V9)
>  			tmp = nfc->oob_buf[i];
>  		else
>  			tmp = nfc->oob_buf[i * (oob_step / 4)];
> +
>  		*oob++ = (u8)tmp;
>  		*oob++ = (u8)(tmp >> 8);
>  		*oob++ = (u8)(tmp >> 16);
> --
> 2.30.2
> 


Thanks,
Miquèl

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ