Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(spi_nand_flash): Add Kconfig option to verify write operations #436

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat(spi_nand_flash): Add Kconfig option to verify write operations #436

wants to merge 1 commit into from
+139 −7

Conversation

RathiSonika
Copy link
Collaborator

@RathiSonika RathiSonika commented Oct 22, 2024
edited
Loading

Change description

  1. Added an Kconfig option to verify write operations which will be useful when debugging hardware issues or issues with the driver itself.
  2. Fixed an issue in the spi_nand_erase_chip() API where the mutex was not released, leading to a deadlock if another API attempted to acquire the mutex after calling spi_nand_erase_chip(). Updated test case for the same.
  3. Added spi_nand_flash_copy_sector() API in nand.c and test case for the same.

@RathiSonika RathiSonika marked this pull request as draft October 22, 2024 09:43
@RathiSonika RathiSonika force-pushed the feat/nand_flash_write_verify branch 2 times, most recently from f4d2a95 to 0ac8c3c Compare October 23, 2024 07:13
@RathiSonika RathiSonika marked this pull request as ready for review October 23, 2024 07:19
@RathiSonika RathiSonika marked this pull request as draft October 23, 2024 07:26
@RathiSonika RathiSonika force-pushed the feat/nand_flash_write_verify branch 2 times, most recently from be53084 to 01fe332 Compare October 23, 2024 07:49
@RathiSonika RathiSonika requested a review from igrr October 23, 2024 07:51
@RathiSonika RathiSonika marked this pull request as ready for review October 23, 2024 12:59
igrr
igrr reviewed Oct 29, 2024
View reviewed changes
Copy link
Member

@igrr igrr left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @RathiSonika.

I left a few minor comments. The major one is whether we should indeed verify writes above Dhara layer, like you did, or below it, in nand.c dhara_glue.c.

To me it seems that verifying writes at lower layer achieves the goal of making sure our Flash operations work correctly, while verifying at upper layer doesn't.

We do writes to Flash in dhara_nand_prog, dhara_nand_copy, dhara_nand_mark_bad. If we fail to perform the write in dhara_nand_mark_bad correctly, we might not get the verification error in spi_nand_flash_write_sector. Dhara will consider the page as "bad" until next reset, but after reset we will mistakenly detect the page as not "bad" because the bad block marker wasn't written correctly.

spi_nand_flash/src/nand.c Outdated Show resolved Hide resolved
spi_nand_flash/src/nand.c Outdated Show resolved Hide resolved
spi_nand_flash/src/nand.c Outdated Show resolved Hide resolved
spi_nand_flash/src/nand.c Outdated Show resolved Hide resolved
spi_nand_flash/idf_component.yml Outdated Show resolved Hide resolved
@RathiSonika
Copy link
Collaborator Author

The major one is whether we should indeed verify writes above Dhara layer, like you did, or below it, in nand.c.

I had the same thought to add it in below Dhara layer. Currently added it to nand.c. I wasn’t entirely sure if it should go in dhara_glue.c, given its tight coupling with the Dhara library. However, you’re right; we should verify the write operation below Dhara layer. So, for the current structure, it makes sense to add this in dhara_glue.c. We could consider refactoring this in the future.

@RathiSonika RathiSonika force-pushed the feat/nand_flash_write_verify branch 4 times, most recently from a7220f2 to 33f6ef4 Compare October 31, 2024 08:58
@RathiSonika RathiSonika requested a review from igrr October 31, 2024 15:04
igrr
igrr approved these changes Nov 1, 2024
View reviewed changes
spi_nand_flash/src/dhara_glue.c
ret = s_verify_write(dev, data, 0, dev->page_size);
if (ret != ESP_OK) {
ESP_LOGE(TAG, "%s: prog page=%"PRIu32" write verification failed", __func__, p);
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Technically we also have to verify the used marker here

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, I see. So you mean it should return -1/failure if the write verification fails, correct?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mean that a few lines above, we write two parts:

    ESP_GOTO_ON_ERROR(spi_nand_program_load(dev->config.device_handle, data, 0, dev->page_size),
                      fail, TAG, "");
    ESP_GOTO_ON_ERROR(spi_nand_program_load(dev->config.device_handle, (uint8_t *)&used_marker,
                                            dev->page_size + 2, 2),

This s_verify_write call checks that the first part (from 0 to page_size) is written correctly. We should call s_verify_write second time to check that the used page marker (page_size ... page_size + 2) is also written correctly.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, my mistake—I misunderstood. Yes, it should verify the markers. I’ll update it. Thank you!

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 1, 2024
View reviewed changes
spi_nand_flash/src/nand.c
{
dhara_error_t err;
esp_err_t ret = ESP_OK;

Check warning

Code scanning / clang-tidy

Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] Warning

Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@igrr igrr igrr approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@RathiSonika @igrr