Age | Commit message (Collapse) | Author | Files | Lines |
|
while this is PR_DEBUG, and we shouldn't be printing it to the
console, we do because of a long standing bug in how we do
log priorities. So, for the moment at least, just don't print
it at all.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Currently we don't move the buffer along for a short read() or write()
and nor do we request only the remaining amount.
Fixes: c7c3a4cd53d libflash/file: Add a file access backend to for the blocklevel interface.
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Reviewed-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
==8304==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 4096 byte(s) in 1 object(s) allocated from:
#0 0x7f70eda8f850 in malloc (/lib64/libasan.so.4+0xde850)
#1 0x408ba0 in main libflash/test/test-blocklevel.c:298
#2 0x7f70ec8e1509 in __libc_start_main (/lib64/libc.so.6+0x20509)
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
LeakSanitizer caught this with libflash/test/test-flash.c:
Direct leak of 4096 byte(s) in 1 object(s) allocated from:
#0 0x7f72546ee850 in malloc (/lib64/libasan.so.4+0xde850)
#1 0x405ff0 in flash_init libflash/test/../libflash.c:830
#2 0x408632 in main libflash/test/test-flash.c:382
#3 0x7f7253540509 in __libc_start_main (/lib64/libc.so.6+0x20509)
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
LeakSanitizer spotted this:
Direct leak of 131072 byte(s) in 1 object(s) allocated from:
#0 0x7fb99e42b850 in malloc (/lib64/libasan.so.4+0xde850)
#1 0x408612 in main libflash/test/test-flash.c:380
#2 0x7fb99d27d509 in __libc_start_main (/lib64/libc.so.6+0x20509)
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
If we extend the ECC protection array and subsequently decide to merge
regions in one call then there would be a use after free bug. While this
exists in theory and was caught by Coverity, it should never happen
since we only merge regions if we're low on space but the cause of the
use after free is due to having just created more space.
Nevertheless, this is the kind of ticking timebomb that simply requires
some code rearrangement or different 'optimisations' to become possible.
Best to just make it impossible.
Fixes CID 145924
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
libflash/libflash.c:
line 369: chunk = 0x100 - (d & 0xff);
line 370: if (chunk > 0x100)
At condition chunk > 256U, the value of chunk must be between 1 and 256.
Fixes CID 97821
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Fixes: CID 142226 (#1 of 1):
overflow_before_widen: Potentially overflowing expression
`1 << mbox_flash->shift` with type int (32 bits, signed) is evaluated using
32-bit arithmetic, and then used in a context that expects an expression
of type uint64_t (64 bits, unsigned).
Fixes: CID 142226
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
New code that is very much pflash functionality was added in commit
f2c87a3d2f6 "pflash option to retrieve PNOR partition flags".
Unfortunately at the time there wasn't an easy way to test pflash.
The previous patch adds pflash infrastructure and plumbs it into
`make check` nicely. This commit converts the tests originally added to
libflash tests.
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Reviewed-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Currently the FFS header/TOC generation code requires that consumers
know the size of their TOC beforehand. While this may be advantageous in
some circumstances if there are known limitations of other software. It
should not be a requirement.
Knowing the size of the FFS header/TOC partially breaks the abstraction
since it would require consumers of the library to be aware of/have some
idea of the on flash structure and size.
Future work may introduce functions to force sizes but the default
behaviour should be to calculate it behind the scenes.
This patch also addresses an off by one issue in checking for TOC
overflow.
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Reviewed-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Unfortunately not all drivers are created equal and several drivers on
which pflash relies block in the kernel for quite some time and ignore
signals.
This is really only a problem if pflash is to perform large erases. So
don't, perform these ops in small chunks.
An in kernel fix is possible in most cases but it takes time and systems
will be running older drivers for quite some time. Since sector erases
aren't significantly slower than whole chip erases there isn't much of a
performance penalty to breaking up the erase ioctl()s.
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Reviewed-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Reviewed-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Also add usage text to pflash.
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Reviewed-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
mostly missing prototypes and unused parameters.
Reviewed-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This commit extends pflash with an option to retrieve and print
information for a particular partition, including the content from
"pflash -i" and a verbose list of set miscellaneous flags. -i option
is also updated to print a short list of flags in addition to the
ECC flag, with one character per flag. A test of the new option is
included in libflash/test.
Signed-off-by: Michael Tritz <mtritz@us.ibm.com>
Reviewed-by: Cyril Bur <cyril.bur@au1.ibm.com>
[stewart@linux.vnet.ibm.com: various test fixes, enable gcov]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
On writing ffs entries to flash libffs doesn't zero checksum words
before calculating the checksum across the entire structure. This causes
an inaccurate calculation of the checksum as it may calculate a checksum
on non-zero checksum bytes.
This patch solves this by zeroing the entire structure which is to be
written to the flash before calculating the checksum across the struct.
Fixes: 602dee45 libflash/libffs: Rework libffs
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
It would return success when the part wasn't found
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
libffs has been updating FFS partition information in the wrong place
which leads to incomplete erases and corruption.
Fixes: 602dee45 libflash/libffs: Rework libffs
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
In the bail-out path we call ffs_close() to tear down the partially
initialised ffs_handle. ffs_close() expects the entries list to be
initialised so we need to do that earlier to prevent a null pointer
dereference.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Version two of the mbox-flash protocol defines a new command:
MARK_WRITE_ERASED.
This command provides a simple way to mark a region of flash as all 0xff
without the need to go and write all 0xff. This is an optimisation as
there is no need for an erase before a write, it is the responsibility of
the BMC to deal with the flash correctly, however in v1 it was ambiguous
what a client should do if the flash should be erased but not actually
written to. This allows of a optimal path to resolve this problem.
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
Acked-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Updated version 2 of the protocol can be found at:
https://github.com/openbmc/mboxbridge/blob/master/Documentation/mbox_protocol.md
This commit changes mbox-flash such that it will preferentially talk
version 2 to any capable daemon but still remain capable of talking to
v1 daemons.
Version two changes some of the command definitions for increased
consistency and usability.
Version two includes more attention bits - these are now dealt with at a
simple level.
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
Acked-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
- Warn if flushing with closed write window.
- Call msg_free_memory() in mbox_flash_init() before a successful
return. No leak is present as the current allocation theme is from
static memory. However as this is likely to change in the future,
best to ensure that msg_free_memory() is called after every
allocation.
- Fix bug where len argument may be incorrect in mark dirty command.
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
Reviewed-by: Andrew Jeffery <andrew@aj.id.au>
Acked-by: Cyril Bur <cyri.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
We recently made MTD 64 bit safe in e5720d3fe94 which now requires the
64 bit MTD erase ioctl. Unfortunately this ioctl is not present in
older kernels used by some BMC vendors that use pflash.
This patch addresses this by only using the 64bit version of the erase
ioctl() if the parameters exceed 32bit in size.
If an erase requires the 64bit ioctl() on a kernel which does not
support it, the code will still attempt it. There is no way of knowing
beforehand if the kernel supports it. The ioctl() will fail and an error
will be returned from from the function.
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Michael Neuling <mikey@neuling.org>
|
|
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
With recent changes to flash drivers in linux not all erase blocks are
4K anymore. While most level of the pflash/gard tool stacks were written
to not mind, it turns out there are bugs which means not 4K erase block
backing stores aren't handled all that well. Part of the problem is the
FFS layout that is 4K aligned and with larger block sizes pflash and the
gard tool don't check if their erase commands are erase block aligned -
which they are usually not with 64K erase blocks.
This patch aims to add common functionality to blocklevel so that (at
least) pflash and the gard tool don't need to worry about the problem
anymore.
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
pflash -i is currently broken due to this commit
commit 602dee4505cd0ceb5b69f056ec403f982b585791
Author: Cyril Bur <cyril.bur@au1.ibm.com>
libflash/libffs: Rework libffs
It's output doesn't correctly detect the last partition and continues
printing forever.
This fixes it by returning null when we don't find a partition in
ffs_get_part().
Signed-off-by: Michael Neuling <mikey@neuling.org>
Acked-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This patch attempts a rework of libffs to prepare it for future changes.
Firstly the types are split in two:
1. Packed, big endian structures used to map exactly how the data is on flash.
2. CPU endian, sane valued, not packed structures used to manipulate FFS data.
Secondly:
The packed struct can use BE types so that in future tools like sparse can be
run over the code to check for endian conversion bugs.
Thirdly:
defines of sizeof(struct ...) were removed for clarity.
Finally:
For ease of manipulation, the in memory FFS structures contain a linked list of
entries as this will make addition and removal operations much easier.
This patch should be invisible to consumers of libffs.
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
The use MBOX protocol to request flash access from the BMC. Then
read/write to the 'flash' through windows it creates on LPC FW space.
Reference implementation of the mbox flash daemon for BMC userspace:
https://github.com/cyrilbur-ibm/mboxbridge
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
A format string had a 0x prefix on an integer but printed in decimal.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
While we'll 'never' have flash chips larger than 32bit, work was
recently done to blocklevel for it to be 64bit compatible for other
backends.
Since there is a 64bit ioctl() lets use it. There is currently no known
case where 32bit is not sufficient but this doesn't mean someone might
not do something strange in the future.
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
These OPAL calls are exposing the host flash chip to linux as a flash
device. The host is expected to understand that it is raw flash and use
it appropriately, it isn't skiboots place to strip ecc bytes or perform
erase before writes.
Over the course of other developments blocklevel has gotten quite clever
but in this case the cleverness is inappropriate.
Fixes: https://github.com/open-power/skiboot/issues/44
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Currently the policy for calling ECC protecting a range at the
blocklevel layer is that the requested region be completely
unprotected otherwise the call will return an error. It turns out that
duplicate calls to ffs_init() with true as the last parameter (for the
same blocklevel structure) will cause duplicate attempts to
ecc_protect() ranges.
Change the policy within blocklevel to allow duplicate protecting.
In fact the new policy almost guarantees no failure (baring something
odd like malloc() failing). It will detect that the range is currently
already fully protected and do nothing, detect that part of the range
is or is not and extend the existing range or detect that a range fits
perfectly between two ranges in which case it will merge the ranges.
Also adjust tests to match the new policy.
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
The current flash code was written with only one flash chip, which is
a system_flash (ie. the PNOR image), in mind.
Now that we have mambo bogusdisk flash, we can have many flash chips.
This is resulting in some confusing output messages.
This reworks some of the error paths and warnings to make this more
coherent when we have multiple flash chips.
We assume everything can be a system flash, so I've removed the
is_system_flash parameter from flash_register(). We'll use the first
system flash we find and warn if we find another since discovery order
is not a guaranteed API.
Signed-off-by: Michael Neuling <mikey@neuling.org>
Acked-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
This makes the size of flash 64 bit safe so that we can have flash
devices greater than 4GB. This is especially useful for mambo disks
passed through to Linux.
Fortunately the device tree interface and the linux device driver are
64bit safe so no changes are required there.
Userspace gard and flash tools are also updated to ensure "make check"
still passes.
Signed-off-by: Michael Neuling <mikey@neuling.org>
Reviewed-by: Cyril Bur <cyrilbur@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
A function called "smart" doesn't give the user any clues as to why
they would want to use it over other calls.
This adds some documentation so users can determine when to best use
this call.
Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Run a small wrapper around some unit tests with the QTEST makefile macro
(QTEST=Quiet TEST). Also, wrap boot tests in mambo and qemu to be quiet
by default.
Both ./test/run.sh and the modified mambo/qemu test runner scripts output
full stdout and stderr in the event of error.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Quite a lot of code relies on values read from flash. These values
shouldn't be totally trusted without at least basic sanity checks.
Fixes coverity bug: 119719
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
If we had a truncated file where libflash would attempt to read past
the end, instead of erroring out, we'd get stuck in an infinite loop.
Why? Because we weren't acknowledging that read() returns 0 on EOF.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Reviewed-by: Cyril Bur <cyril.bur@au1.ibm.com>
|
|
Currently these exist for some parts of the source tree, but not all of it. They're nice if you are only modifing code in a one part of the tree as the full test suite can be a little slow.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
When flash controllers get deconfigured or yanked out from under these
tools flash accesses tend to just return all 0xFF bytes.
libffs is usually the first thing to do reads and will fail parsing its
partition structures. This patch adds reporting when it fails to parse
because it got all 0xFF bytes.
The idea is that this will help debugging by splitting the possible reasons
for a failed init into 1) flash controller issue or reading erased flash 2)
flash corruption or not valid reading partition data. These two cases are
nice to be able to separate as early as possible as they usually mean two
quite different type of bugs.
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
These 32MB chips are used in the Barreleye OpenBMC BMC.
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Currently the file backend will keep a file descriptor open until the
structure is destroyed. This is undesirable for daemons and long running
processes that only have a very occasional need to access the file. Keeping
the file open requires users of blocklevel to close and reinit their
structures every time, doing is isn't disastrous but can easily be
managed at the interface level.
This has been done at the blocklevel_device interface so as to provide
minimal changes to arch_flash_init().
At the moment there isn't a need for the actually flash driver to be able
to do this, this remains unimplmented there.
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Currently there are two error cases that ffs_next_side() may hit and will
leave the return pointer untouched. This isn't a huge problem as the caller
should be checking the return value anyway but as we know, callers don't
always do that.
It doesn't hurt for ffs_next_side() to make it as clear as possible that it
encountered a problem.
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Reviewed-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Some confusion has arisen from the first consumer of ffs_cmp() in that they
expected a strcmp style less than one, zero or greater than one return value.
This has been addressed in this patch in two ways, by changing the return
type to a boolean in order to (attempt) to alert the programmer that this
is not the case and by renaming it to equal to avoid the implied comparison
and imply very much a boolean outcome.
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Reviewed-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
Some FFS structures will have a partition called "OTHER_SIDE", this is a
pointer to another ffs TOC on which another ffs_handle can be instantiated.
Currently users of libffs would have to query for the presence of this
partition and then initialise a new ffs_handle themselves. As accessing the
"other" side appears to be becoming a common operation this convenience
function should prove useful.
Furthermore, it is possible for these multiTOC flash chips to be circular,
that is the "OTHER_SIDE" partition of 'secondary' TOC points back to the
initial TOC. The solution is to add a comparison function capable of
detecting when repeated calls to ffs_next_side() go full circle. It should
be noted here that this is all the comparator function is designed to
detect, it will not be able to detect two identical TOCs opened with
different blocklevel_devices as this would require the ability to compare
blocklevel_devices.
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|