From patchwork Fri Jan 29 19:25:33 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brian Norris X-Patchwork-Id: 575809 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2001:1868:205::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 03D511402D2 for ; Sat, 30 Jan 2016 06:27:59 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b=LcT/l1jk; dkim-atps=neutral Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1aPEgj-0005lG-8H; Fri, 29 Jan 2016 19:26:33 +0000 Received: from mail-pa0-x243.google.com ([2607:f8b0:400e:c03::243]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1aPEgf-0005bW-H3 for linux-mtd@lists.infradead.org; Fri, 29 Jan 2016 19:26:30 +0000 Received: by mail-pa0-x243.google.com with SMTP id yy13so3962676pab.1 for ; Fri, 29 Jan 2016 11:26:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=hyhECY3nd1UiOKEF9i29yZQveLibZbyFNDpBeSbSAWU=; b=LcT/l1jklG7Mub3nmbQFfVrcY42kVZ1o/lw4USKmTl9drKfyLp+nqqrgejFoDycXx/ f8H9g0iE5+Ne9rDZJZuM/L2K+blwwszQXfbQGGKJhLK3IlTVpfkmq5RLUSPB8Z9SqXog n/SgGssT2NfQzAji+7fR1tGX+aLweDMSqRkW8TJHRJ3sdogVbXlF1GzWibqbZ1wRyNFL RB7ERp5EQsfP3tDI7NxR+GhcdYQVE4jPTwT7IVCIUPYNBFlq4hQd08KacSwCkOEXTdAS 7Ol4sGvWMd/8MMfmStq5FX/YoMXjwvHAUwZID184YBddAARQ6kWnkbqp35yuFQ44Jb3J u2gQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=hyhECY3nd1UiOKEF9i29yZQveLibZbyFNDpBeSbSAWU=; b=kMNp29miTLYnvpxk2geoGfpvNlbeG+wmxEB6uariFkyWS/XS0bO7lEUOt6VxcXbulH +hnJAapT6ZJKKeGJoPjSKZ1JViTMsGvTQyhJ/VLl8/CLaTRHH7e6LS1dtNuzpJCoZj49 I9vTQz5KMVYKuNuge/wPueAOTeljTAHmtKJ6O5HjrXev24YF7zqtJTlra2LPU1NHaMYK mUG9E4TG4HBx7s8sXjPWX/zf6TJiY6WhiAiXIlhD6p2Thu8zCKtj00aCx+mj2U2GyJaU 5V3LOfRr7HYJR0ppLSvrVip+h+wjaNh8AbPXxJqBB+vvH3p1GnI1xvvmftR8foixmNc5 o4hw== X-Gm-Message-State: AG10YOSUF4kMRmxiiEB6GxJSiI9Hc0iP1oBSAUAWTaBIkh3UawikRckWVz/OaGLYTWDE4w== X-Received: by 10.66.102.106 with SMTP id fn10mr16220393pab.60.1454095572734; Fri, 29 Jan 2016 11:26:12 -0800 (PST) Received: from ban.mtv.corp.google.com ([172.22.64.120]) by smtp.gmail.com with ESMTPSA id dg12sm25264001pac.47.2016.01.29.11.26.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 29 Jan 2016 11:26:12 -0800 (PST) From: Brian Norris To: Subject: [PATCH v2 4/8] mtd: spi-nor: disallow further writes to SR if WP# is low Date: Fri, 29 Jan 2016 11:25:33 -0800 Message-Id: <1454095537-130536-5-git-send-email-computersforpeace@gmail.com> X-Mailer: git-send-email 2.7.0.rc3.207.g0ac5344 In-Reply-To: <1454095537-130536-1-git-send-email-computersforpeace@gmail.com> References: <1454095537-130536-1-git-send-email-computersforpeace@gmail.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20160129_112629_661221_9E6E2FFE X-CRM114-Status: GOOD ( 11.04 ) X-Spam-Score: -2.7 (--) X-Spam-Report: SpamAssassin version 3.4.0 on bombadil.infradead.org summary: Content analysis details: (-2.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [2607:f8b0:400e:c03:0:0:0:243 listed in] [list.dnswl.org] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (computersforpeace[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-BeenThere: linux-mtd@lists.infradead.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Linux MTD discussion mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Marek Vasut , Boris Brezillon , djkurtz@chromium.org, =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= , linux-kernel@vger.kernel.org, Bayi Cheng , Ezequiel Garcia , Brian Norris MIME-Version: 1.0 Sender: "linux-mtd" Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Locking the flash is most useful if it provides real hardware security. Otherwise, it's little more than a software permission bit. A reasonable use case that provides real HW security might be like follows: (1) hardware WP# is deasserted (2) program flash (3) flash range is protected via status register (4) hardware WP# is asserted (5) flash protection range can no longer be changed, until WP# is deasserted In this way, flash protection is co-owned by hardware and software. Now, one would expect to be able to perform step (3) with ioctl(MEMLOCK), except that the spi-nor driver does not set the Status Register Protect bit (a.k.a. Status Register Write Disable (SRWD)), so even though the range is now locked, it does not satisfy step (5) -- it can still be changed by a call to ioctl(MEMUNLOCK). So, let's enable status register protection after the first lock command, and disable protection only when the flash is fully unlocked. Signed-off-by: Brian Norris --- v2: * added clearing the SRWD bit when unlocking the entire flash drivers/mtd/spi-nor/spi-nor.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/mtd/spi-nor/spi-nor.c b/drivers/mtd/spi-nor/spi-nor.c index 68133b949fe5..54eaf4b5bf05 100644 --- a/drivers/mtd/spi-nor/spi-nor.c +++ b/drivers/mtd/spi-nor/spi-nor.c @@ -540,6 +540,9 @@ static int stm_lock(struct spi_nor *nor, loff_t ofs, uint64_t len) status_new = (status_old & ~mask) | val; + /* Disallow further writes if WP pin is asserted */ + status_new |= SR_SRWD; + /* Don't bother if they're the same */ if (status_new == status_old) return 0; @@ -605,6 +608,10 @@ static int stm_unlock(struct spi_nor *nor, loff_t ofs, uint64_t len) status_new = (status_old & ~mask) | val; + /* Don't protect status register if we're fully unlocked */ + if (lock_len == mtd->size) + status_new &= ~SR_SRWD; + /* Don't bother if they're the same */ if (status_new == status_old) return 0;