[PATCH v3 0/4] Fix the SPL loading of a FIT image from NAND
Loading u-boot and its fdt from a NAND memory area with bad blocks led to the creation of these patches.
Next, the output generated by the script used to flash the NAND of the SOC that caused the issue.
.... ** Rewriting /dev/mtd0 with /mnt/MLO Erasing 128 Kibyte @ 0 -- 100 % complete Writing data to block 0 at offset 0x0 ** Rewriting /dev/mtd1 with /mnt/MLO Erasing 128 Kibyte @ 0 -- 100 % complete Writing data to block 0 at offset 0x0 ** Rewriting /dev/mtd2 with /mnt/MLO Erasing 128 Kibyte @ 0 -- 100 % complete Writing data to block 0 at offset 0x0 ** Rewriting /dev/mtd3 with /mnt/MLO Erasing 128 Kibyte @ 0 -- 100 % complete Writing data to block 0 at offset 0x0 ** Rewriting /dev/mtd4 with /mnt/u-boot.itb Skipping bad block at 00020000 Erasing 128 Kibyte @ e0000 -- 100 % complete Bad block at 20000, 1 block(s) will be skipped Writing data to block 0 at offset 0x0 Writing data to block 1 at offset 0x20000 Writing data to block 2 at offset 0x40000 Writing data to block 3 at offset 0x60000 Writing data to block 4 at offset 0x80000 Writing data to block 5 at offset 0xa0000 ** Rewriting /dev/mtd5 with /mnt/u-boot.itb Erasing 128 Kibyte @ e0000 -- 100 % complete Writing data to block 0 at offset 0x0 Writing data to block 1 at offset 0x20000 Writing data to block 2 at offset 0x40000 Writing data to block 3 at offset 0x60000 Writing data to block 4 at offset 0x80000 ...
- The bad block of the mtd4 partition at address 0x20000 is skipped during the writing of u-boot.itb. - A redundant copy of u-boot.itb is written on mtd5 partition. In this partition there are no bad blocks. - Every data written on mtd5 partition at address <addr> greater than or equal to 0x20000, has been written on partition mtd4 at address 0x40000 + <addr> - 0x20000. The current version of u-boot correctly manages bad blocks only if they are at addresses that follow the address from which to start reading data. If the starting address of the device tree, which can be taken from the itb header, is higher than the address of any bad block of the same partition, the address is no longer valid and it must be changed.
Changes in v3: The previous versions were buggy for devices others than NAND. This because the 'adjust_offset' helper was properly set only for the NAND case but called even for devices like MMC, RAM, and so on, crashing the boot up by that devices. Continuing to use the adjust_offset helper would mean checking the helper before calling it and patching too many files to set it properly before calling the spl_load_simple_fit routine. For this reason, the adjust_offset helper has been removed from the spl_image_info structure and the offset fixed inside the read helper for the NAND device only. This solution fixes the problem for the NAND device without side effects for other types of devices.
Changes in v2: - Replace CONFIG_IS_ENABLED(OF_EMBED) with IS_ENABLED(CONFIG_OF_EMBED))
Dario Binacchi (4): spl: fix format of function documentation spl: fit: fail fit loading in case of FDT appending error spl: fit: nand: fix fit loading in case of bad blocks spl: fit: improve spl_nand_fit_read(...) readability
common/spl/spl_fit.c | 9 +++++--- common/spl/spl_nand.c | 15 +++++++------ drivers/mtd/nand/raw/nand_spl_loaders.c | 28 +++++++++++++++++++++++++ include/nand.h | 1 + include/spl.h | 2 +- 5 files changed, 45 insertions(+), 10 deletions(-)
U-Boot adopted the kernel-doc annotation style.
cc: Michael Trimarchi michael@amarulasolutions.com Signed-off-by: Dario Binacchi dariobin@libero.it ---
Changes in v3: None Changes in v2: None
include/spl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/spl.h b/include/spl.h index b31c9bb4ab..580e4e024f 100644 --- a/include/spl.h +++ b/include/spl.h @@ -155,7 +155,7 @@ struct spl_image_info { #endif };
-/* +/** * Information required to load data from a device * * @dev: Pointer to the device, e.g. struct mmc *
On Wed, 27 May 2020 at 05:56, Dario Binacchi dariobin@libero.it wrote:
U-Boot adopted the kernel-doc annotation style.
cc: Michael Trimarchi michael@amarulasolutions.com Signed-off-by: Dario Binacchi dariobin@libero.it
Changes in v3: None Changes in v2: None
include/spl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Simon Glass sjg@chromium.org
On Wed, May 27, 2020 at 01:56:18PM +0200, Dario Binacchi wrote:
U-Boot adopted the kernel-doc annotation style.
cc: Michael Trimarchi michael@amarulasolutions.com Signed-off-by: Dario Binacchi dariobin@libero.it Reviewed-by: Simon Glass sjg@chromium.org
Applied to u-boot/master, thanks!
If uboot does not embed its device tree and the FIT loading function returns error in case of failure in the FDT append, the redundant itb image could be loaded.
cc: Michael Trimarchi michael@amarulasolutions.com Signed-off-by: Dario Binacchi dariobin@libero.it Reviewed-by: Michael Trimarchi michael@amarulasolutions.com
---
Changes in v3: None Changes in v2: - Replace CONFIG_IS_ENABLED(OF_EMBED) with IS_ENABLED(CONFIG_OF_EMBED))
common/spl/spl_fit.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c index f581a22421..365104fe02 100644 --- a/common/spl/spl_fit.c +++ b/common/spl/spl_fit.c @@ -619,9 +619,12 @@ int spl_load_simple_fit(struct spl_image_info *spl_image, * Booting a next-stage U-Boot may require us to append the FDT. * We allow this to fail, as the U-Boot image might embed its FDT. */ - if (spl_image->os == IH_OS_U_BOOT) - spl_fit_append_fdt(spl_image, info, sector, fit, - images, base_offset); + if (spl_image->os == IH_OS_U_BOOT) { + ret = spl_fit_append_fdt(spl_image, info, sector, fit, + images, base_offset); + if (!IS_ENABLED(CONFIG_OF_EMBED) && ret < 0) + return ret; + }
firmware_node = node; /* Now check if there are more images for us to load */
On Wed, 27 May 2020 at 05:56, Dario Binacchi dariobin@libero.it wrote:
If uboot does not embed its device tree and the FIT loading function
U-Boot
returns error in case of failure in the FDT append, the redundant itb image could be loaded.
cc: Michael Trimarchi michael@amarulasolutions.com Signed-off-by: Dario Binacchi dariobin@libero.it Reviewed-by: Michael Trimarchi michael@amarulasolutions.com
Changes in v3: None Changes in v2:
- Replace CONFIG_IS_ENABLED(OF_EMBED) with IS_ENABLED(CONFIG_OF_EMBED))
common/spl/spl_fit.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-)
Reviewed-by: Simon Glass sjg@chromium.org
On Wed, May 27, 2020 at 01:56:19PM +0200, Dario Binacchi wrote:
If uboot does not embed its device tree and the FIT loading function returns error in case of failure in the FDT append, the redundant itb image could be loaded.
cc: Michael Trimarchi michael@amarulasolutions.com Signed-off-by: Dario Binacchi dariobin@libero.it Reviewed-by: Michael Trimarchi michael@amarulasolutions.com Reviewed-by: Simon Glass sjg@chromium.org
Applied to u-boot/master, thanks!
The offset at which the image to be loaded from NAND is located is retrieved from the itb header. The presence of bad blocks in the area of the NAND where the itb image is located could invalidate the offset which must therefore be adjusted taking into account the state of the sectors concerned.
cc: Michael Trimarchi michael@amarulasolutions.com Signed-off-by: Dario Binacchi dariobin@libero.it
---
Changes in v3: The previous versions were buggy for devices others than NAND. This because the 'adjust_offset' helper was properly set only for the NAND case but called even for devices like MMC, RAM, and so on, crashing the boot up by that devices. Continuing to use the adjust_offset helper would mean checking the helper before calling it and patching too many files to set it properly before calling the spl_load_simple_fit routine. For this reason, the adjust_offset helper has been removed from the spl_image_info structure and the offset fixed inside the read helper for the NAND device only. This solution fixes the problem for the NAND device without side effects for other types of devices.
Changes in v2: None
common/spl/spl_nand.c | 5 ++++- drivers/mtd/nand/raw/nand_spl_loaders.c | 28 +++++++++++++++++++++++++ include/nand.h | 1 + 3 files changed, 33 insertions(+), 1 deletion(-)
diff --git a/common/spl/spl_nand.c b/common/spl/spl_nand.c index 48c97549eb..1e6f2dce56 100644 --- a/common/spl/spl_nand.c +++ b/common/spl/spl_nand.c @@ -42,8 +42,11 @@ static int spl_nand_load_image(struct spl_image_info *spl_image, static ulong spl_nand_fit_read(struct spl_load_info *load, ulong offs, ulong size, void *dst) { + ulong sector; int ret;
+ sector = *(int *)load->priv; + offs = sector + nand_spl_adjust_offset(sector, offs - sector); ret = nand_spl_load_image(offs, size, dst); if (!ret) return size; @@ -66,7 +69,7 @@ static int spl_nand_load_element(struct spl_image_info *spl_image,
debug("Found FIT\n"); load.dev = NULL; - load.priv = NULL; + load.priv = &offset; load.filename = NULL; load.bl_len = 1; load.read = spl_nand_fit_read; diff --git a/drivers/mtd/nand/raw/nand_spl_loaders.c b/drivers/mtd/nand/raw/nand_spl_loaders.c index 177c12b581..4befc75c04 100644 --- a/drivers/mtd/nand/raw/nand_spl_loaders.c +++ b/drivers/mtd/nand/raw/nand_spl_loaders.c @@ -41,6 +41,34 @@ int nand_spl_load_image(uint32_t offs, unsigned int size, void *dst) return 0; }
+/** + * nand_spl_adjust_offset - Adjust offset from a starting sector + * @sector: Address of the sector + * @offs: Offset starting from @sector + * + * If one or more bad blocks are in the address space between @sector + * and @sector + @offs, @offs is increased by the NAND block size for + * each bad block found. + */ +u32 nand_spl_adjust_offset(u32 sector, u32 offs) +{ + unsigned int block, lastblock; + + block = sector / CONFIG_SYS_NAND_BLOCK_SIZE; + lastblock = (sector + offs) / CONFIG_SYS_NAND_BLOCK_SIZE; + + while (block <= lastblock) { + if (nand_is_bad_block(block)) { + offs += CONFIG_SYS_NAND_BLOCK_SIZE; + lastblock++; + } + + block++; + } + + return offs; +} + #ifdef CONFIG_SPL_UBI /* * Temporary storage for non NAND page aligned and non NAND page sized diff --git a/include/nand.h b/include/nand.h index 93cbe1e25d..80dd6469bc 100644 --- a/include/nand.h +++ b/include/nand.h @@ -120,6 +120,7 @@ int nand_unlock(struct mtd_info *mtd, loff_t start, size_t length, int allexcept); int nand_get_lock_status(struct mtd_info *mtd, loff_t offset);
+u32 nand_spl_adjust_offset(u32 sector, u32 offs); int nand_spl_load_image(uint32_t offs, unsigned int size, void *dst); int nand_spl_read_block(int block, int offset, int len, void *dst); void nand_deselect(void);
Hi Dario
I know that is an important bug to be addressed and I would like to add even Tom on this
On Wed, May 27, 2020 at 1:56 PM Dario Binacchi dariobin@libero.it wrote:
The offset at which the image to be loaded from NAND is located is retrieved from the itb header. The presence of bad blocks in the area of the NAND where the itb image is located could invalidate the offset which must therefore be adjusted taking into account the state of the sectors concerned.
cc: Michael Trimarchi michael@amarulasolutions.com Signed-off-by: Dario Binacchi dariobin@libero.it
Changes in v3: The previous versions were buggy for devices others than NAND. This because the 'adjust_offset' helper was properly set only for the NAND case but called even for devices like MMC, RAM, and so on, crashing the boot up by that devices. Continuing to use the adjust_offset helper would mean checking the helper before calling it and patching too many files to set it properly before calling the spl_load_simple_fit routine. For this reason, the adjust_offset helper has been removed from the spl_image_info structure and the offset fixed inside the read helper for the NAND device only. This solution fixes the problem for the NAND device without side effects for other types of devices.
Changes in v2: None
common/spl/spl_nand.c | 5 ++++- drivers/mtd/nand/raw/nand_spl_loaders.c | 28 +++++++++++++++++++++++++ include/nand.h | 1 + 3 files changed, 33 insertions(+), 1 deletion(-)
diff --git a/common/spl/spl_nand.c b/common/spl/spl_nand.c index 48c97549eb..1e6f2dce56 100644 --- a/common/spl/spl_nand.c +++ b/common/spl/spl_nand.c @@ -42,8 +42,11 @@ static int spl_nand_load_image(struct spl_image_info *spl_image, static ulong spl_nand_fit_read(struct spl_load_info *load, ulong offs, ulong size, void *dst) {
ulong sector; int ret;sector = *(int *)load->priv;offs = sector + nand_spl_adjust_offset(sector, offs - sector);
Check if is needed to call adjust offset in case offs and sector are the same. Maybe a comment is needed on top of the function to describe a bit more why is called
ret = nand_spl_load_image(offs, size, dst); if (!ret) return size;@@ -66,7 +69,7 @@ static int spl_nand_load_element(struct spl_image_info *spl_image,
debug("Found FIT\n"); load.dev = NULL;
load.priv = NULL;
load.priv = &offset;
It's a bit an abuse here but I don't have a better plan on my side
Reviewed-by: Michael Trimarchi michael@amarulasolutions.com
Michael
load.filename = NULL; load.bl_len = 1; load.read = spl_nand_fit_read;diff --git a/drivers/mtd/nand/raw/nand_spl_loaders.c b/drivers/mtd/nand/raw/nand_spl_loaders.c index 177c12b581..4befc75c04 100644 --- a/drivers/mtd/nand/raw/nand_spl_loaders.c +++ b/drivers/mtd/nand/raw/nand_spl_loaders.c @@ -41,6 +41,34 @@ int nand_spl_load_image(uint32_t offs, unsigned int size, void *dst) return 0; }
+/**
- nand_spl_adjust_offset - Adjust offset from a starting sector
- @sector: Address of the sector
- @offs: Offset starting from @sector
- If one or more bad blocks are in the address space between @sector
- and @sector + @offs, @offs is increased by the NAND block size for
- each bad block found.
- */
+u32 nand_spl_adjust_offset(u32 sector, u32 offs) +{
unsigned int block, lastblock;block = sector / CONFIG_SYS_NAND_BLOCK_SIZE;lastblock = (sector + offs) / CONFIG_SYS_NAND_BLOCK_SIZE;while (block <= lastblock) {if (nand_is_bad_block(block)) {offs += CONFIG_SYS_NAND_BLOCK_SIZE;lastblock++;}block++;}return offs;+}
#ifdef CONFIG_SPL_UBI /*
- Temporary storage for non NAND page aligned and non NAND page sized
diff --git a/include/nand.h b/include/nand.h index 93cbe1e25d..80dd6469bc 100644 --- a/include/nand.h +++ b/include/nand.h @@ -120,6 +120,7 @@ int nand_unlock(struct mtd_info *mtd, loff_t start, size_t length, int allexcept); int nand_get_lock_status(struct mtd_info *mtd, loff_t offset);
+u32 nand_spl_adjust_offset(u32 sector, u32 offs); int nand_spl_load_image(uint32_t offs, unsigned int size, void *dst); int nand_spl_read_block(int block, int offset, int len, void *dst); void nand_deselect(void); -- 2.17.1
On Wed, May 27, 2020 at 01:56:20PM +0200, Dario Binacchi wrote:
The offset at which the image to be loaded from NAND is located is retrieved from the itb header. The presence of bad blocks in the area of the NAND where the itb image is located could invalidate the offset which must therefore be adjusted taking into account the state of the sectors concerned.
cc: Michael Trimarchi michael@amarulasolutions.com Signed-off-by: Dario Binacchi dariobin@libero.it Reviewed-by: Michael Trimarchi michael@amarulasolutions.com
Applied to u-boot/master, thanks!
Replacing the ret variable with err and handling first the error condition about the value returned by the spl_nand_fit_read routine, improves the code readability. Furthermore, the 'else' int the 'else return ret' instruction was useless.
cc: Michael Trimarchi michael@amarulasolutions.com Signed-off-by: Dario Binacchi dariobin@libero.it ---
Changes in v3: None Changes in v2: None
common/spl/spl_nand.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/common/spl/spl_nand.c b/common/spl/spl_nand.c index 1e6f2dce56..d13a524597 100644 --- a/common/spl/spl_nand.c +++ b/common/spl/spl_nand.c @@ -43,15 +43,15 @@ static ulong spl_nand_fit_read(struct spl_load_info *load, ulong offs, ulong size, void *dst) { ulong sector; - int ret; + int err;
sector = *(int *)load->priv; offs = sector + nand_spl_adjust_offset(sector, offs - sector); - ret = nand_spl_load_image(offs, size, dst); - if (!ret) - return size; - else + err = nand_spl_load_image(offs, size, dst); + if (err) return 0; + + return size; }
static int spl_nand_load_element(struct spl_image_info *spl_image,
Hi Dario,
On Wed, 27 May 2020 at 05:56, Dario Binacchi dariobin@libero.it wrote:
Replacing the ret variable with err and handling first the error condition about the value returned by the spl_nand_fit_read routine, improves the code readability. Furthermore, the 'else' int the 'else return ret' instruction was useless.
cc: Michael Trimarchi michael@amarulasolutions.com Signed-off-by: Dario Binacchi dariobin@libero.it
Changes in v3: None Changes in v2: None
common/spl/spl_nand.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)
I think 'ret' is better than 'err' since we don't know if it is an error until we check it, but we do know it is a return code.
Regards, Simon
On Wed, May 27, 2020 at 01:56:21PM +0200, Dario Binacchi wrote:
Replacing the ret variable with err and handling first the error condition about the value returned by the spl_nand_fit_read routine, improves the code readability. Furthermore, the 'else' int the 'else return ret' instruction was useless.
cc: Michael Trimarchi michael@amarulasolutions.com Signed-off-by: Dario Binacchi dariobin@libero.it
Applied to u-boot/master, thanks!
participants (4)
-
Dario Binacchi -
Michael Nazzareno Trimarchi -
Simon Glass -
Tom Rini