lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ebb0d719-4fa0-791d-f160-e8ffc75385b1@gmail.com>
Date:   Wed, 5 Jul 2023 20:20:53 +0200
From:   Johan Jonker <jbx6244@...il.com>
To:     Miquel Raynal <miquel.raynal@...tlin.com>
Cc:     richard@....at, vigneshr@...com, heiko@...ech.de,
        linux-mtd@...ts.infradead.org, linux-kernel@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org,
        linux-rockchip@...ts.infradead.org, yifeng.zhao@...k-chips.com
Subject: Re: [PATCH v3 2/3] mtd: rawnand: rockchip-nand-controller: copy hwecc
 PA data to oob_poi buffer



On 7/4/23 17:08, Miquel Raynal wrote:
> Hi Johan,
> 
> jbx6244@...il.com wrote on Thu, 15 Jun 2023 19:34:13 +0200:
> 
>> Rockchip boot blocks are written per 4 x 512 byte sectors per page.
>> Each page must have a page address (PA) pointer in OOB to the next page.

> 
> Only when used as boot device I guess? It's a BootROM limitation.

Yes, required by the BootROM.

> 
>> Pages are written in a pattern depending on the NAND chip ID.
>> This logic used to build a page pattern table is not fully disclosed and
>> is not easy to fit in the MTD framework.
>> The formula in rk_nfc_write_page_hwecc() function is not correct.
>> Make hwecc and raw behavior identical.
> 

> So this is a fix as well, deserves a tag. Whatever the reason why you
> need this, the issue you are solving is: write_page_hwecc and
> write_page_raw are not aligned.

Fixes: 058e0e847d54 ("mtd: rawnand: rockchip: NFC driver for RK3308, RK2928 and others")

> 
>> Generate boot block page address and pattern for hwecc in user space
>> and copy PA data to/from the already reserved last 4 bytes before EEC
> 
> ECC

OK

> 
>> in the chip->oob_poi data layout.
>>
>> This patch breaks all existing jffs2 users that have free OOB overlap
>> with the reserved space for PA data.
>>
>> Signed-off-by: Johan Jonker <jbx6244@...il.com>
>> ---
>>
>> Changed V3:
>>   Change prefixes
>>   Reword
>> ---
>>  .../mtd/nand/raw/rockchip-nand-controller.c   | 34 ++++++++++++-------
>>  1 file changed, 21 insertions(+), 13 deletions(-)
>>
>> diff --git a/drivers/mtd/nand/raw/rockchip-nand-controller.c b/drivers/mtd/nand/raw/rockchip-nand-controller.c
>> index 37fc07ba5..5a0468034 100644
>> --- a/drivers/mtd/nand/raw/rockchip-nand-controller.c
>> +++ b/drivers/mtd/nand/raw/rockchip-nand-controller.c
>> @@ -598,7 +598,7 @@ static int rk_nfc_write_page_hwecc(struct nand_chip *chip, const u8 *buf,
>>  	int pages_per_blk = mtd->erasesize / mtd->writesize;
>>  	int ret = 0, i, boot_rom_mode = 0;
>>  	dma_addr_t dma_data, dma_oob;
>> -	u32 reg;
>> +	u32 tmp;
>>  	u8 *oob;
>>
>>  	nand_prog_page_begin_op(chip, page, 0, NULL, 0);
>> @@ -625,6 +625,13 @@ static int rk_nfc_write_page_hwecc(struct nand_chip *chip, const u8 *buf,
>>  	 *
>>  	 *   0xFF 0xFF 0xFF 0xFF | BBM OOB1 OOB2 OOB3 | ...
>>  	 *
>> +	 * The code here just swaps the first 4 bytes with the last
>> +	 * 4 bytes without losing any data.
>> +	 *
>> +	 * The chip->oob_poi data layout:
>> +	 *
>> +	 *    BBM  OOB1 OOB2 OOB3 |......|  PA0  PA1  PA2  PA3
>> +	 *
>>  	 * Configure the ECC algorithm supported by the boot ROM.
>>  	 */
>>  	if ((page < (pages_per_blk * rknand->boot_blks)) &&
>> @@ -635,21 +642,17 @@ static int rk_nfc_write_page_hwecc(struct nand_chip *chip, const u8 *buf,
>>  	}
>>
>>  	for (i = 0; i < ecc->steps; i++) {
>> -		if (!i) {
>> -			reg = 0xFFFFFFFF;
>> -		} else {
>> +		if (!i)
>> +			oob = chip->oob_poi + (ecc->steps - 1) * NFC_SYS_DATA_SIZE;
>> +		else
>>  			oob = chip->oob_poi + (i - 1) * NFC_SYS_DATA_SIZE;
>> -			reg = oob[0] | oob[1] << 8 | oob[2] << 16 |
>> -			      oob[3] << 24;
>> -		}
>>
>> -		if (!i && boot_rom_mode)
> 

> So we no longer need boot_rom_mode? Or do we?

boot_rom_mode is still in use for ecc switching.

> 
>> -			reg = (page & (pages_per_blk - 1)) * 4;
>> +		tmp = oob[0] | oob[1] << 8 | oob[2] << 16 | oob[3] << 24;
>>
>>  		if (nfc->cfg->type == NFC_V9)
>> -			nfc->oob_buf[i] = reg;
>> +			nfc->oob_buf[i] = tmp;
>>  		else
>> -			nfc->oob_buf[i * (oob_step / 4)] = reg;
>> +			nfc->oob_buf[i * (oob_step / 4)] = tmp;
>>  	}
>>
>>  	dma_data = dma_map_single(nfc->dev, (void *)nfc->page_buf,
>> @@ -812,12 +815,17 @@ static int rk_nfc_read_page_hwecc(struct nand_chip *chip, u8 *buf, int oob_on,
>>  		goto timeout_err;
>>  	}
>>
>> -	for (i = 1; i < ecc->steps; i++) {
>> -		oob = chip->oob_poi + (i - 1) * NFC_SYS_DATA_SIZE;
>> +	for (i = 0; i < ecc->steps; i++) {
>> +		if (!i)
>> +			oob = chip->oob_poi + (ecc->steps - 1) * NFC_SYS_DATA_SIZE;
>> +		else
>> +			oob = chip->oob_poi + (i - 1) * NFC_SYS_DATA_SIZE;
>> +
>>  		if (nfc->cfg->type == NFC_V9)
>>  			tmp = nfc->oob_buf[i];
>>  		else
>>  			tmp = nfc->oob_buf[i * (oob_step / 4)];
>> +
>>  		*oob++ = (u8)tmp;
>>  		*oob++ = (u8)(tmp >> 8);
>>  		*oob++ = (u8)(tmp >> 16);
>> --
>> 2.30.2
>>
> 
> 
> Thanks,
> Miquèl

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ