lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20241016105827.22a6bb45@xps-13>
Date: Wed, 16 Oct 2024 10:58:27 +0200
From: Miquel Raynal <miquel.raynal@...tlin.com>
To: Christian Marangi <ansuelsmth@...il.com>
Cc: Richard Weinberger <richard@....at>, Vignesh Raghavendra
 <vigneshr@...com>, Rob Herring <robh@...nel.org>, Krzysztof Kozlowski
 <krzk+dt@...nel.org>, Conor Dooley <conor+dt@...nel.org>, Saravana Kannan
 <saravanak@...gle.com>, Florian Fainelli <f.fainelli@...il.com>, Thomas
 Bogendoerfer <tsbogend@...ha.franken.de>, Wolfram Sang
 <wsa+renesas@...g-engineering.com>, linux-mtd@...ts.infradead.org,
 devicetree@...r.kernel.org, linux-kernel@...r.kernel.org, Lorenzo Bianconi
 <lorenzo@...nel.org>, upstream@...oha.com
Subject: Re: [PATCH 2/3] dt-bindings: mtd: Add Documentation for Airoha
 fixed-partitions

Hi Christian,

ansuelsmth@...il.com wrote on Wed, 16 Oct 2024 09:33:46 +0200:

> On Wed, Oct 02, 2024 at 10:00:06AM +0200, Miquel Raynal wrote:
> > Hi Christian,
> >   
> > > > > > > Ok probably the description isn't clear enough. The missing info that
> > > > > > > require this parser is the flash end.
> > > > > > > 
> > > > > > > Following the example we know the size of rootfs_data and start offset
> > > > > > > AND we know the size of the ART partition.
> > > > > > > 
> > > > > > > There might be a space in the middle unused between the rootfs_data
> > > > > > > partition and the art partition. What is derived is the starting offset
> > > > > > > of the art partition that is flash end - art partition size.
> > > > > > > (where flash end change and is not always the same due to how the special
> > > > > > > bad block managament table reserved space is handled)
> > > > > > > 
> > > > > > > This is why 0xffffffff, used as a dummy offset to signal it will be parsed at
> > > > > > > runtime. On second tought tho maybe using this dummy offset is wrong and
> > > > > > > I should just have something like
> > > > > > > 
> > > > > > > length = <0x300000>;
> > > > > > > 
> > > > > > > Is it clear now? Sorry for any confusion.      
> > > > > > 
> > > > > > I'm sorry but not really. You know the end of the physical device and
> > > > > > the size of the ART partition, so you must know its start as well?
> > > > > >      
> > > > > 
> > > > > Before the system boot we know:
> > > > > - size of the ART partition
> > > > > - real size of the physical device (512mb... 1G... 64mb...)
> > > > > 
> > > > > When the physical device is probed (nand) a special driver is loaded
> > > > > (before mtd parsing logic) that change the physical size of the device
> > > > > (mtd->size) as at the end of the nand some space is reserved for bad
> > > > > block management and other metadata info.    
> > > > 
> > > > Here you are explaining what you intend Linux to do, right? I would
> > > > like to understand what you are trying to solve. I dont understand why
> > > > you need the size change, I don't understand why you don't know the
> > > > start of the ART partition, I don't understand what the data you are
> > > > hiding contains and who uses it :-) I'm sorry, this is too unclear yet.    
> > > 
> > > Totally not a problem and thanks a lot for you keep asking them... More
> > > than happy to clear things, I'm trying to solve a problem present on
> > > Airoha SoC and upstreaming a correct parser for it.
> > > 
> > > What I'm trying to solve:
> > > 
> > > Correct access to this partition at the end of the flash in an automated
> > > way.
> > > 
> > > The content of this partition is the usual ART partition found on lots of
> > > embedded devices. MAC address, wifi calibration data, serial. Usage is
> > > NVMEM cells and userspace with dd command to extract data from.
> > > 
> > > Airoha use something also used by some mediatek SoC. They call it BMT
> > > and it's currently used downstream in OpenWrt and they firmware. This is
> > > also used in the bootloader.
> > > 
> > > The usage of BMT is a custom way to handle bad blocks entirely by
> > > software. At the end of the flash some space is reserved where info
> > > about all the blocks of the flash are put. I'm not 100% sure about the
> > > functionality of this but it can relocate block and do magic things to
> > > handle bad blocks. For the scope of this change, the important info is
> > > that after the BMT is probed, the operation of "reserving space" is done
> > > by reducing the MTD flash size. So from the MTD subsystem, it does see a
> > > smaller flash than it actually is.
> > > 
> > > The reserved space change! Across SoC or even devices but the BMT is a
> > > must where it's used as bootloader makes use of it and writing to it
> > > might confuse the bootloader corrupting data. (one block might be
> > > flagged as bad ad data moved, BMT driver validates his table and do
> > > operation)  
> > 
> > Ok, I think that's way clearer now.
> >  
> 
> Hi sorry for the delay, very happy this is better now.
> 
> > So the BMT driver does not exist in mainline Linux, but you would like
> > to skip this part of the MTD device to avoid smashing it. And it is in
> > use by the vendor Bootloader I guess?  
> 
> Yes correct, idea is to permit easier access to the partition. I hope
> (and assume) this driver will come upstream.
> 
> > 
> > Is it some kind of table that is written by the chip itself in order to
> > maintain a list of auto-replacement blocks for bad blocks? Can the size
> > of this table move with the use of the device? (if yes, it's
> > problematic, we don't want to resize MTD partitions without noticing,
> > it would break eg. UBI).
> >   
> 
> No chip hw bad block is disabled with this implementation and the table
> size doesn't move/change so MTD partitions will stay at the same offset
> after the first parse on boot.
> 
> > I believe this BMT block is going against the bad block handling in
> > Linux, so I really wonder how one can use both mechanisms in a system.
> > If the BMT layer takes "one random block" to map a corrupted one on it,
> > it totally defeats the current bad block model we have in MTD/UBI
> > and simply cannot be supported at all. Just skipping the
> > currently-used-for-BMT blocks sounds like a very bad idea that will
> > break your system, later.
> >  
> 
> Well we disable it and since it's reserved, from the system side you can
> do all kind of magic since the space used for the driver is not
> available to the system but I will try to gather more info about this in
> the next few days.

I understand, but if you cannot get rid of it, it means "someone" is
using it, presumably the bootloader, right? How can the bootloader use
this feature?

Or maybe you need this table to show the (vendor) bootloader "nothing
changed, use PEB normally, none of them is bad, there is no ongoing
remapping"?

In this case I guess the size of the table is a linear function against
the size of the chip and thus can be statically derived?

Thanks,
Miquèl

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ