[flashrom] Urgent: Flash part would be destroied by flashrom 0.9.2 once manager application is running.

Carl-Daniel Hailfinger c-d.hailfinger.devel.2006 at gmx.net
Fri Aug 13 04:21:40 CEST 2010 

Hi Hony,

Q1: If the third party application must call flashrom, then the only way
to fix this is to have flashrom kill the third party application with
SIGSTOP and send SIGCONT once flashrom has finished. That should be
safe, but it also means that the third party application will be
completely frozen while flashrom runs.

Q2: If you look at 0xFFC00000-0xFFFFFFFF with the hardware ICE, can you
check that nothing accesses (read/write) the region while flashrom is
running? flashrom will not access the region, and the third party
application should not access the region because it will result in
corruption.

Q3: I think safe locking for /dev/mem is impossible without a new kernel
driver. If you can lock /dev/mem completely, Xorg will stop working and
you will not have a graphical interface any more.


Does UpdateXpress use flashrom by default, or did you supply your own
configuration and tell it to use flashrom?

Please also see my mail with subject:
[flashrom] [PATCH] SB600 SPI paranoid checks

It has a patch and some testing instructions.

Regards,
Carl-Daniel

On 13.08.2010 04:04, Hony.Chiang at mic.com.tw wrote:
> Hi Daniel,
>
> Thanks for your input. Whatever, it must be to run this 3rd application to call up flashrom for BIOS update according to our norm. I would like to do flashrom enhancement for defect fix. 
> Q1:Is it possible according to your view? 
> Q2: I have examined that physical address space with hardware ICE, but data on these addresses is not changed once 3rd application is running. May I ensure that it does not access this physical address space used by SPI controller?
> Q3: Would you have any idea to lock mapped virtual address or /dev/mem to prevent access by other process?
>
> Best Regards,
> Hony
>
> -----Original Message-----
> From: Carl-Daniel Hailfinger [mailto:c-d.hailfinger.devel.2006 at gmx.net] 
> Sent: Friday, August 13, 2010 9:26 AM
> To: hony.chiang (江昆仲 - MIC)
> Cc: flashrom at flashrom.org
> Subject: Re: [flashrom] Urgent: Flash part would be destroied by flashrom 0.9.2 once manager application is running.
>
> Hi Hony,
>
> my suspicion is that either the third party application may access flash
> regions between 0xFFC00000 and 0xFFFFFFFF or that the builtin management
> engine in the southbridge may be asked by the third party application to
> access those flash regions or run those commands.
>
> You wrote that the problem does not exist if the third party application
> (IBM UpdateXpress System Pack Installer) is not running. I see three
> ways to handle this:
> - Always terminate UpdateXpress before running flashrom.
> - Have flashrom detect a running UpdateXpress instance and freeze it as
> long as it accesses flash.
> - Ask IBM to modify UpdateXpress in a way that does not access flash
> unless explicitly requested.
>
> As an alternative, we could add paranoid checks to the SB600 SPI driver
> and hope that those checks will help detect the issue. Once we detect
> the issue, we can print a warning and tell the user to stop all other
> programs accessing the flash.
>
> I will send a SB600 paranoid checks patch as reply to this mail.
>
> Regards,
> Carl-Daniel
>
>
> On 12.08.2010 09:19, Hony.Chiang at mic.com.tw wrote:
>   
>> Hi Daniel,
>>
>>  
>>
>> Here is verbose log about SPI registers for reference.
>>
>>  
>>
>> Best Regards,
>>
>> Hony
>>
>> ________________________________
>>
>> From: hony.chiang (江昆仲 - MIC) 
>> Sent: Wednesday, August 11, 2010 11:23 PM
>> To: Carl-Daniel Hailfinger
>> Cc: flashrom at flashrom.org; hony.chiang (江昆仲 - MIC)
>> Subject: RE: [flashrom] Urgent: Flash part would be destroied by flashrom 0.9.2 once manager application is running.
>>
>>  
>>
>> Hi Daniel, 
>>
>>  
>>
>> Thanks for your quick response. Please kindly see my answers with blue texts  as below and share you my experiments today.
>>
>> I use AMD HDT hardware ICE to interrupt CPU for examining data on physical address 0xFEC10000 ~ 0xFEC100F used by SPI host controller registers today. They are changed once flashrom is running, and I can also capture SPI opcode commands on 0xFEC10000 address. However, they are fixed even though 3rd application is running. It means that registers are not overwritten by this application. I have added code to set process prority -20 in flashrom, but the failure is still there.
>>
>>  
>>
>> Best regards,
>>
>> Hony 
>>
>> ________________________________
>>
>> From: Carl-Daniel Hailfinger [mailto:c-d.hailfinger.devel.2006 at gmx.net]
>> Sent: 2010/8/11 [星期三] 下午 09:05
>> To: hony.chiang (江昆仲 - MIC)
>> Cc: flashrom at flashrom.org
>> Subject: Re: [flashrom] Urgent: Flash part would be destroied by flashrom 0.9.2 once manager application is running.
>>
>> Hi Hony,
>>
>> we will help you.
>>
>> On 11.08.2010 04:27, Hony.Chiang at mic.com.tw wrote:
>>   
>>     
>>> I get the serious problem on flashrom 0.9.2 on our server systems. We always have to run 3rd party manager application to call up flashrom for BIOS upgrade.
>>>     
>>>       
>> Can you tell us the name of the manager application you are using?
>>
>> UpdateXpress System Pack Installer through a graphical user interface (GUI).
>> http://publib.boulder.ibm.com/infocenter/toolsctr/v1r0/index.jsp?topic=/uxspi/uspi_r_using_compare_update.html
>>
>>
>>   
>>     
>>> However, flashrom would be failed on “Verifying flash” step because some of programmed data in flash part is different with ones in golden ROM image file on random offset addresses. This defect occurs on Red Hat 5 x64, SLES 10 x64 and SLES 11 x64. If I run flashrom tool manually without this 3rd application, it would always flash SPI part successfully.
>>>     
>>>       
>> This is good. It means that flashrom works fine if nothing else accesses
>> the flash chip.
>>
>>
>>   
>>     
>>> Due to the 3rd party application is confidential, it can not be provided to you for defect reproduction.
>>>
>>>
>>> Q1: May I suspect that expected data that is written to mapped virtual memory space by flashrom is overwritten or interfered by other process from 3rd application before SPI host controller operates these data to SPI ROM?
>>>
>>> Q2: May I suspect that expected data that is written to mapped virtual memory space by flashrom is not sync to physical memory space immediately when SPI host controller operates these data to SPI ROM?
>>>  
>>>     
>>>       
>> flashrom does not write to the mapped memory space of the flash chip on
>> SP5100. flashrom uses only the SPI host controller registers to
>> read/write. If any other software accesses (read or write) the mapped
>> memory space of the flash chip or the SPI host controller registers at
>> the same time, the SPI host controller registers will change in
>> unexpected ways. This can lead to corruption of the flash chip or
>> corruption of reads.
>>
>>
>>   
>>     
>>> Q3: In order to prevent other process to interfere /dev/mem, mapped virtual memory space or physical memory space that flashrom uses, would you have any idea or some slice codes to lock them during flashrom operation?
>>>  
>>>     
>>>       
>> Locking under most operating systems is not mandatory, and this means
>> even if flashrom asks for a lock, all other applications can ignore the
>> lock. I don't know any application which does locking on /dev/mem
>> because that might interfere with X.org graphics and other software.
>>
>>
>>   
>>     
>>> Q4: Would you have any idea to trace the root cause interfered flashrom?
>>>  
>>>     
>>>       
>> I wrote a patch which should be able to detect interference from other
>> applications. I will send it later once it is tested.
>>
>> Thank you. I will try it to give you more inputs.
>>
>>   
>>     
>>> Verbose message:
>>> Programming flash done.
>>> COMPLETE.
>>> Verifying flash... VERIFY FAILED at 0x00017ca4! Expected=0xff, Read=0x25, failed
>>> byte count from 0x00000000-0x003fffff: 0x3a
>>>
>>> Syntax:
>>> ./flashrom –w 24a.rom
>>>
>>> Hardware configuration:
>>> MB: AMD platform solution
>>> South Bridge: AMD SP5100
>>> Flash part: ST M25P32
>>>
>>> NOS:
>>> Reg Hat 5 X86_X64
>>> SLES 10 X86_X64
>>> SLES 11 X86_X64
>>>  
>>>     
>>>       
>> Could you please send the output of "flashrom -V" so I can check the
>> contents of some SP5100 registers? Thanks.
>> I will capture message with -V parameter on my lab tomorrow, and will provide you output.
>> Regards,
>> Carl-Daniel
>>
>> --
>> http://www.hailfinger.org/
>>
>>
>>   
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> flashrom mailing list
>> flashrom at flashrom.org
>> http://www.flashrom.org/mailman/listinfo/flashrom
>>     
>
>
>   


-- 
http://www.hailfinger.org/

More information about the flashrom mailing list