Joey: This patch applies to current svn HEAD.
Patch is untested, but it should work and not spit out any new error messages.
RFC: Are those checks with abort a good idea or do they break stuff? exit(1) is not a nice thing for libflashrom, but then again, it's probably better than exploding. I'm also unsure about the parameter order of mmio_readn.
The IT87 SPI driver has one quirk to speed up reading and writing: If a flash chip is 512 kByte or less, the flash chip can be completely mapped in memory and both read and write accesses are faster that way.
The current IT87 SPI code did use the parallel programmer interface for memory mapped reads and writes, but that's the wrong abstraction. It has been fixed to use mmio_read*/mmio_write* for that purpose.
Introduce sanity checks for all SPI/Parallel-style accesses before a possibly undefined union member is dereferenced.
Signed-off-by: Carl-Daniel Hailfinger c-d.hailfinger.devel.2006@gmx.net
Index: flashrom-fix_par_programmer_access_from_spi/hwaccess.c =================================================================== --- flashrom-fix_par_programmer_access_from_spi/hwaccess.c (Revision 1510) +++ flashrom-fix_par_programmer_access_from_spi/hwaccess.c (Arbeitskopie) @@ -169,6 +169,12 @@ return *(volatile uint32_t *) addr; }
+void mmio_readn(void *addr, uint8_t *buf, size_t len) +{ + memcpy(buf, addr, len); + return; +} + void mmio_le_writeb(uint8_t val, void *addr) { mmio_writeb(cpu_to_le8(val), addr); Index: flashrom-fix_par_programmer_access_from_spi/flash.h =================================================================== --- flashrom-fix_par_programmer_access_from_spi/flash.h (Revision 1510) +++ flashrom-fix_par_programmer_access_from_spi/flash.h (Arbeitskopie) @@ -247,6 +247,7 @@ void print_banner(void); void list_programmers_linebreak(int startcol, int cols, int paren); int selfcheck(void); +void shutdown_and_exit(int exitcode); int doit(struct flashctx *flash, int force, const char *filename, int read_it, int write_it, int erase_it, int verify_it); int read_buf_from_file(unsigned char *buf, unsigned long size, const char *filename); int write_buf_to_file(unsigned char *buf, unsigned long size, const char *filename); Index: flashrom-fix_par_programmer_access_from_spi/it87spi.c =================================================================== --- flashrom-fix_par_programmer_access_from_spi/it87spi.c (Revision 1510) +++ flashrom-fix_par_programmer_access_from_spi/it87spi.c (Arbeitskopie) @@ -330,7 +330,7 @@ OUTB(0x06, it8716f_flashport + 1); OUTB(((2 + (fast_spi ? 1 : 0)) << 4), it8716f_flashport); for (i = 0; i < flash->page_size; i++) - chip_writeb(flash, buf[i], bios + start + i); + mmio_writeb(buf[i], (void *)(bios + start + i)); OUTB(0, it8716f_flashport); /* Wait until the Write-In-Progress bit is cleared. * This usually takes 1-10 ms, so wait in 1 ms steps. @@ -356,7 +356,7 @@ if ((flash->total_size * 1024 > 512 * 1024)) { spi_read_chunked(flash, buf, start, len, 3); } else { - read_memmapped(flash, buf, start, len); + mmio_readn((void *)(flash->virtual_memory + start), buf, len); }
return 0; Index: flashrom-fix_par_programmer_access_from_spi/internal.c =================================================================== --- flashrom-fix_par_programmer_access_from_spi/internal.c (Revision 1510) +++ flashrom-fix_par_programmer_access_from_spi/internal.c (Arbeitskopie) @@ -387,6 +387,6 @@ static void internal_chip_readn(const struct flashctx *flash, uint8_t *buf, const chipaddr addr, size_t len) { - memcpy(buf, (void *)addr, len); + mmio_readn((void *)addr, buf, len); return; } Index: flashrom-fix_par_programmer_access_from_spi/spi.c =================================================================== --- flashrom-fix_par_programmer_access_from_spi/spi.c (Revision 1510) +++ flashrom-fix_par_programmer_access_from_spi/spi.c (Arbeitskopie) @@ -34,12 +34,22 @@ unsigned int readcnt, const unsigned char *writearr, unsigned char *readarr) { + if (!(flash->pgm->buses_supported & BUS_SPI)) { + msg_perr("%s called for wrong programmer type! Please report " + "a bug at flashrom@flashrom.org.\n", __func__); + shutdown_and_exit(1); + } return flash->pgm->spi.command(flash, writecnt, readcnt, writearr, readarr); }
int spi_send_multicommand(struct flashctx *flash, struct spi_command *cmds) { + if (!(flash->pgm->buses_supported & BUS_SPI)) { + msg_perr("%s called for wrong programmer type! Please report " + "a bug at flashrom@flashrom.org.\n", __func__); + shutdown_and_exit(1); + } return flash->pgm->spi.multicommand(flash, cmds); }
@@ -78,7 +88,13 @@ int default_spi_read(struct flashctx *flash, uint8_t *buf, unsigned int start, unsigned int len) { - unsigned int max_data = flash->pgm->spi.max_data_read; + unsigned int max_data; + if (!(flash->pgm->buses_supported & BUS_SPI)) { + msg_perr("%s called for wrong programmer type! Please report " + "a bug at flashrom@flashrom.org.\n", __func__); + shutdown_and_exit(1); + } + max_data = flash->pgm->spi.max_data_read; if (max_data == MAX_DATA_UNSPECIFIED) { msg_perr("%s called, but SPI read chunk size not defined " "on this hardware. Please report a bug at " @@ -91,7 +107,13 @@ int default_spi_write_256(struct flashctx *flash, uint8_t *buf, unsigned int start, unsigned int len) { - unsigned int max_data = flash->pgm->spi.max_data_write; + unsigned int max_data; + if (!(flash->pgm->buses_supported & BUS_SPI)) { + msg_perr("%s called for wrong programmer type! Please report " + "a bug at flashrom@flashrom.org.\n", __func__); + shutdown_and_exit(1); + } + max_data = flash->pgm->spi.max_data_write; if (max_data == MAX_DATA_UNSPECIFIED) { msg_perr("%s called, but SPI write chunk size not defined " "on this hardware. Please report a bug at " @@ -106,6 +128,11 @@ { unsigned int addrbase = 0;
+ if (!(flash->pgm->buses_supported & BUS_SPI)) { + msg_perr("%s called for wrong programmer type! Please report " + "a bug at flashrom@flashrom.org.\n", __func__); + shutdown_and_exit(1); + } /* Check if the chip fits between lowest valid and highest possible * address. Highest possible address with the current SPI implementation * means 0xffffff, the highest unsigned 24bit number. @@ -138,6 +165,11 @@ int spi_chip_write_256(struct flashctx *flash, uint8_t *buf, unsigned int start, unsigned int len) { + if (!(flash->pgm->buses_supported & BUS_SPI)) { + msg_perr("%s called for wrong programmer type! Please report " + "a bug at flashrom@flashrom.org.\n", __func__); + shutdown_and_exit(1); + } return flash->pgm->spi.write_256(flash, buf, start, len); }
@@ -148,6 +180,11 @@ */ uint32_t spi_get_valid_read_addr(struct flashctx *flash) { + if (!(flash->pgm->buses_supported & BUS_SPI)) { + msg_perr("%s called for wrong programmer type! Please report " + "a bug at flashrom@flashrom.org.\n", __func__); + shutdown_and_exit(1); + } switch (flash->pgm->spi.type) { #if CONFIG_INTERNAL == 1 #if defined(__i386__) || defined(__x86_64__) Index: flashrom-fix_par_programmer_access_from_spi/flashrom.c =================================================================== --- flashrom-fix_par_programmer_access_from_spi/flashrom.c (Revision 1510) +++ flashrom-fix_par_programmer_access_from_spi/flashrom.c (Arbeitskopie) @@ -357,43 +357,83 @@
void chip_writeb(const struct flashctx *flash, uint8_t val, chipaddr addr) { + if (!(flash->pgm->buses_supported & BUS_NONSPI)) { + msg_perr("%s called for wrong programmer type! Please report " + "a bug at flashrom@flashrom.org.\n", __func__); + shutdown_and_exit(1); + } flash->pgm->par.chip_writeb(flash, val, addr); }
void chip_writew(const struct flashctx *flash, uint16_t val, chipaddr addr) { + if (!(flash->pgm->buses_supported & BUS_NONSPI)) { + msg_perr("%s called for wrong programmer type! Please report " + "a bug at flashrom@flashrom.org.\n", __func__); + shutdown_and_exit(1); + } flash->pgm->par.chip_writew(flash, val, addr); }
void chip_writel(const struct flashctx *flash, uint32_t val, chipaddr addr) { + if (!(flash->pgm->buses_supported & BUS_NONSPI)) { + msg_perr("%s called for wrong programmer type! Please report " + "a bug at flashrom@flashrom.org.\n", __func__); + shutdown_and_exit(1); + } flash->pgm->par.chip_writel(flash, val, addr); }
void chip_writen(const struct flashctx *flash, uint8_t *buf, chipaddr addr, size_t len) { + if (!(flash->pgm->buses_supported & BUS_NONSPI)) { + msg_perr("%s called for wrong programmer type! Please report " + "a bug at flashrom@flashrom.org.\n", __func__); + shutdown_and_exit(1); + } flash->pgm->par.chip_writen(flash, buf, addr, len); }
uint8_t chip_readb(const struct flashctx *flash, const chipaddr addr) { + if (!(flash->pgm->buses_supported & BUS_NONSPI)) { + msg_perr("%s called for wrong programmer type! Please report " + "a bug at flashrom@flashrom.org.\n", __func__); + shutdown_and_exit(1); + } return flash->pgm->par.chip_readb(flash, addr); }
uint16_t chip_readw(const struct flashctx *flash, const chipaddr addr) { + if (!(flash->pgm->buses_supported & BUS_NONSPI)) { + msg_perr("%s called for wrong programmer type! Please report " + "a bug at flashrom@flashrom.org.\n", __func__); + shutdown_and_exit(1); + } return flash->pgm->par.chip_readw(flash, addr); }
uint32_t chip_readl(const struct flashctx *flash, const chipaddr addr) { + if (!(flash->pgm->buses_supported & BUS_NONSPI)) { + msg_perr("%s called for wrong programmer type! Please report " + "a bug at flashrom@flashrom.org.\n", __func__); + shutdown_and_exit(1); + } return flash->pgm->par.chip_readl(flash, addr); }
void chip_readn(const struct flashctx *flash, uint8_t *buf, chipaddr addr, size_t len) { + if (!(flash->pgm->buses_supported & BUS_NONSPI)) { + msg_perr("%s called for wrong programmer type! Please report " + "a bug at flashrom@flashrom.org.\n", __func__); + shutdown_and_exit(1); + } flash->pgm->par.chip_readn(flash, buf, addr, len); }
@@ -1700,6 +1740,15 @@ return 0; }
+/* FIXME: Totally unacceptable for libflashrom, but it's better than a simple + * exit(1) for most places which just exit(1) for now. + */ +void shutdown_and_exit(int exitcode) +{ + programmer_shutdown(); + exit(exitcode); +} + /* This function signature is horrible. We need to design a better interface, * but right now it allows us to split off the CLI code. * Besides that, the function itself is a textbook example of abysmal code flow. Index: flashrom-fix_par_programmer_access_from_spi/programmer.h =================================================================== --- flashrom-fix_par_programmer_access_from_spi/programmer.h (Revision 1510) +++ flashrom-fix_par_programmer_access_from_spi/programmer.h (Arbeitskopie) @@ -312,6 +312,7 @@ uint8_t mmio_readb(void *addr); uint16_t mmio_readw(void *addr); uint32_t mmio_readl(void *addr); +void mmio_readn(void *addr, uint8_t *buf, size_t len); void mmio_le_writeb(uint8_t val, void *addr); void mmio_le_writew(uint16_t val, void *addr); void mmio_le_writel(uint32_t val, void *addr);