Hi Hony,
A1: The "kill" command would only send a STOP signal to freeze the third-party application, not complete kill. When flashrom is done, it would send CONT signal with the "kill" command and the third-party application would unfreeze.
A2: If you read or write 0xFFC00000-0xFFFFFFFF, SPI registers will change automatically. If SPI registers change while flashrom reads/writes the flash chip, the result will be corrupt.
Do you know if any other firmware, IPMI or baseboard management software runs at the same time as flashrom? That could be a problem as well.
A crash is also possible if SMI/SMM is active while flashing and if SMM code lives in ROM.
I sent the mail with subject: [flashrom] [PATCH] SB600 SPI paranoid checks to your e-mail address, but you can also download the patch at http://patchwork.coreboot.org/patch/1737/raw/
Good luck!
Regards, Carl-Daniel
On 13.08.2010 05:09, Hony.Chiang@mic.com.tw wrote:
Hi Daniel,
Sorry to trouble you again.
A1: This application handles all of update processes including capturing return code and post message from flashrom, and report update result to its UI for user understanding finally. This idea can not be implemented.
A2: I just look at 0xFEC10000 ~ 0xFEC1000F (SPI host base address). Nothing access this region is by application, but is not by flashrom. As I know, SPI ROM just accepts SPI command and data for programming though SPI host base address. Even though writing 0xFFC00000-0xFFFFFFFF space should not impact data in SPI ROM. Am I right? My SLES 11 OS sometimes crashes once flashrom and application are running at the same time, and BIOS part is also damaged.
A3: We integrate flashrom to this application for calling by ourselves, not by default.
How can I see your mail with subject: [flashrom] [PATCH] SB600 SPI paranoid checks
Best Regards, Hony -----Original Message----- From: Carl-Daniel Hailfinger [mailto:c-d.hailfinger.devel.2006@gmx.net] Sent: Friday, August 13, 2010 10:22 AM To: hony.chiang (江昆仲 - MIC) Cc: flashrom@flashrom.org Subject: Re: [flashrom] Urgent: Flash part would be destroied by flashrom 0.9.2 once manager application is running.
Hi Hony,
Q1: If the third party application must call flashrom, then the only way to fix this is to have flashrom kill the third party application with SIGSTOP and send SIGCONT once flashrom has finished. That should be safe, but it also means that the third party application will be completely frozen while flashrom runs.
Q2: If you look at 0xFFC00000-0xFFFFFFFF with the hardware ICE, can you check that nothing accesses (read/write) the region while flashrom is running? flashrom will not access the region, and the third party application should not access the region because it will result in corruption.
Q3: I think safe locking for /dev/mem is impossible without a new kernel driver. If you can lock /dev/mem completely, Xorg will stop working and you will not have a graphical interface any more.
Does UpdateXpress use flashrom by default, or did you supply your own configuration and tell it to use flashrom?
Please also see my mail with subject: [flashrom] [PATCH] SB600 SPI paranoid checks
It has a patch and some testing instructions.
Regards, Carl-Daniel
On 13.08.2010 04:04, Hony.Chiang@mic.com.tw wrote:
Hi Daniel,
Thanks for your input. Whatever, it must be to run this 3rd application to call up flashrom for BIOS update according to our norm. I would like to do flashrom enhancement for defect fix. Q1:Is it possible according to your view? Q2: I have examined that physical address space with hardware ICE, but data on these addresses is not changed once 3rd application is running. May I ensure that it does not access this physical address space used by SPI controller? Q3: Would you have any idea to lock mapped virtual address or /dev/mem to prevent access by other process?
Best Regards, Hony
-----Original Message----- From: Carl-Daniel Hailfinger [mailto:c-d.hailfinger.devel.2006@gmx.net] Sent: Friday, August 13, 2010 9:26 AM To: hony.chiang (江昆仲 - MIC) Cc: flashrom@flashrom.org Subject: Re: [flashrom] Urgent: Flash part would be destroied by flashrom 0.9.2 once manager application is running.
Hi Hony,
my suspicion is that either the third party application may access flash regions between 0xFFC00000 and 0xFFFFFFFF or that the builtin management engine in the southbridge may be asked by the third party application to access those flash regions or run those commands.
You wrote that the problem does not exist if the third party application (IBM UpdateXpress System Pack Installer) is not running. I see three ways to handle this:
- Always terminate UpdateXpress before running flashrom.
- Have flashrom detect a running UpdateXpress instance and freeze it as
long as it accesses flash.
- Ask IBM to modify UpdateXpress in a way that does not access flash
unless explicitly requested.
As an alternative, we could add paranoid checks to the SB600 SPI driver and hope that those checks will help detect the issue. Once we detect the issue, we can print a warning and tell the user to stop all other programs accessing the flash.
I will send a SB600 paranoid checks patch as reply to this mail.
Regards, Carl-Daniel
On 12.08.2010 09:19, Hony.Chiang@mic.com.tw wrote:
Hi Daniel,
Here is verbose log about SPI registers for reference.
Best Regards,
Hony
From: hony.chiang (江昆仲 - MIC) Sent: Wednesday, August 11, 2010 11:23 PM To: Carl-Daniel Hailfinger Cc: flashrom@flashrom.org; hony.chiang (江昆仲 - MIC) Subject: RE: [flashrom] Urgent: Flash part would be destroied by flashrom 0.9.2 once manager application is running.
Hi Daniel,
Thanks for your quick response. Please kindly see my answers with blue texts as below and share you my experiments today.
I use AMD HDT hardware ICE to interrupt CPU for examining data on physical address 0xFEC10000 ~ 0xFEC100F used by SPI host controller registers today. They are changed once flashrom is running, and I can also capture SPI opcode commands on 0xFEC10000 address. However, they are fixed even though 3rd application is running. It means that registers are not overwritten by this application. I have added code to set process prority -20 in flashrom, but the failure is still there.
Best regards,
Hony
From: Carl-Daniel Hailfinger [mailto:c-d.hailfinger.devel.2006@gmx.net] Sent: 2010/8/11 [星期三] 下午 09:05 To: hony.chiang (江昆仲 - MIC) Cc: flashrom@flashrom.org Subject: Re: [flashrom] Urgent: Flash part would be destroied by flashrom 0.9.2 once manager application is running.
Hi Hony,
we will help you.
On 11.08.2010 04:27, Hony.Chiang@mic.com.tw wrote:
I get the serious problem on flashrom 0.9.2 on our server systems. We always have to run 3rd party manager application to call up flashrom for BIOS upgrade.
Can you tell us the name of the manager application you are using?
UpdateXpress System Pack Installer through a graphical user interface (GUI). http://publib.boulder.ibm.com/infocenter/toolsctr/v1r0/index.jsp?topic=/uxsp...
However, flashrom would be failed on “Verifying flash” step because some of programmed data in flash part is different with ones in golden ROM image file on random offset addresses. This defect occurs on Red Hat 5 x64, SLES 10 x64 and SLES 11 x64. If I run flashrom tool manually without this 3rd application, it would always flash SPI part successfully.
This is good. It means that flashrom works fine if nothing else accesses the flash chip.
Due to the 3rd party application is confidential, it can not be provided to you for defect reproduction.
Q1: May I suspect that expected data that is written to mapped virtual memory space by flashrom is overwritten or interfered by other process from 3rd application before SPI host controller operates these data to SPI ROM?
Q2: May I suspect that expected data that is written to mapped virtual memory space by flashrom is not sync to physical memory space immediately when SPI host controller operates these data to SPI ROM?
flashrom does not write to the mapped memory space of the flash chip on SP5100. flashrom uses only the SPI host controller registers to read/write. If any other software accesses (read or write) the mapped memory space of the flash chip or the SPI host controller registers at the same time, the SPI host controller registers will change in unexpected ways. This can lead to corruption of the flash chip or corruption of reads.
Q3: In order to prevent other process to interfere /dev/mem, mapped virtual memory space or physical memory space that flashrom uses, would you have any idea or some slice codes to lock them during flashrom operation?
Locking under most operating systems is not mandatory, and this means even if flashrom asks for a lock, all other applications can ignore the lock. I don't know any application which does locking on /dev/mem because that might interfere with X.org graphics and other software.
Q4: Would you have any idea to trace the root cause interfered flashrom?
I wrote a patch which should be able to detect interference from other applications. I will send it later once it is tested.
Thank you. I will try it to give you more inputs.
Verbose message: Programming flash done. COMPLETE. Verifying flash... VERIFY FAILED at 0x00017ca4! Expected=0xff, Read=0x25, failed byte count from 0x00000000-0x003fffff: 0x3a
Syntax: ./flashrom –w 24a.rom
Hardware configuration: MB: AMD platform solution South Bridge: AMD SP5100 Flash part: ST M25P32
NOS: Reg Hat 5 X86_X64 SLES 10 X86_X64 SLES 11 X86_X64
Could you please send the output of "flashrom -V" so I can check the contents of some SP5100 registers? Thanks. I will capture message with -V parameter on my lab tomorrow, and will provide you output. Regards, Carl-Daniel
flashrom mailing list flashrom@flashrom.org http://www.flashrom.org/mailman/listinfo/flashrom