Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp628534ybl; Wed, 29 Jan 2020 06:54:31 -0800 (PST) X-Google-Smtp-Source: APXvYqxF4RGTj8Mvm/s9VJ0chQIH29Ob+sc+b225NVwjPqC9JZuPmUXOAiPUw/aKhpuVZXNr7vRZ X-Received: by 2002:a9d:6251:: with SMTP id i17mr21257512otk.14.1580309671690; Wed, 29 Jan 2020 06:54:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1580309671; cv=none; d=google.com; s=arc-20160816; b=uCz8H+w4jpY15OkDZAo8NSCItwYXRVZ4NdZzgh/gQsxmlEWethu9R+n3F7X+gGlW9L Z9HlrVBoAzRHSURyqSB0ltLZvUyqmxdZFob5LrMH4zBltZZBrlco0bp+1V75SoAeEHAL 0Q/22NN77k+VG4yNbb42MH56B3SGv2WKdUzOOF79MuM5rD8B6LU+ohHqiycX+sruAedt +h1qAjNXWFp2KtwwmtK7khDIdpKmkD9nkAUZJgvFCJozeINvdYmAz7MZs21jyB4LlbEt 4Df0OugdIoBOcfsXuRnBLacsl3vQPyHmmb2Nqa2+nf04baRCjaAY8k1ukbfDgig+qhcL rL8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date; bh=Kbq+BwGl87PWUI435jt997JUpE1QJnt/8gvR5iWge9k=; b=NI84bXW/EQXGdkOuZRFhPB5E6/r6WEhNCtadQ1vLYOaXJHRBfH2vvuxillh1l6NHq1 0xS8LTruKj3hNiSSHSsT12ZfVRpSeMlPJ8FploxSPNwtEy1267yKPB2Qpy6rrTg1GOGE LgZDILY2UypJlyrhv9tbnQsnhyLdLPm6EFkfWEKQsuLLuQK7qHprvQgRUhMlOFHF3OAO jw9ELfXj3GtTuxrCpBbm0vKB/gIfcAiWavHMPuPUnRnr1WT2t4MOMQVX/ievZIKQgC0n DZmolIvQ+Ur0Tku7+yZtKdYekYz3xHH7jomVwgwaVo1/uOhUajf+/BH2OJ0/bmt5hGKf YjWA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=collabora.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 10si1026006ois.76.2020.01.29.06.54.19; Wed, 29 Jan 2020 06:54:31 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=collabora.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726643AbgA2Owy (ORCPT + 99 others); Wed, 29 Jan 2020 09:52:54 -0500 Received: from bhuna.collabora.co.uk ([46.235.227.227]:58874 "EHLO bhuna.collabora.co.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726271AbgA2Owy (ORCPT ); Wed, 29 Jan 2020 09:52:54 -0500 Received: from localhost (unknown [IPv6:2a01:e0a:2c:6930:5cf4:84a1:2763:fe0d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: bbrezillon) by bhuna.collabora.co.uk (Postfix) with ESMTPSA id 9206B293113; Wed, 29 Jan 2020 14:52:51 +0000 (GMT) Date: Wed, 29 Jan 2020 15:52:48 +0100 From: Boris Brezillon To: Miquel Raynal , Linux Kernel Mailing List Cc: Masahiro Yamada , linux-mtd , Boris Brezillon Subject: Re: How to handle write-protect pin of NAND device ? Message-ID: <20200129155248.52bbbfb9@collabora.com> In-Reply-To: <20200129154926.50e955e8@collabora.com> References: <20200127153559.60a83e76@xps13> <20200127164554.34a21177@collabora.com> <20200127164755.29183962@xps13> <20200128075833.129902f6@collabora.com> <20200129143639.7f80addb@xps13> <20200129145336.66f840ea@collabora.com> <20200129145950.2a324acf@xps13> <20200129154926.50e955e8@collabora.com> Organization: Collabora X-Mailer: Claws Mail 3.17.4 (GTK+ 2.24.32; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 29 Jan 2020 15:49:26 +0100 Boris Brezillon wrote: > On Wed, 29 Jan 2020 14:59:50 +0100 > Miquel Raynal wrote: > > > Hi Boris, > > > > Boris Brezillon wrote on Wed, 29 Jan > > 2020 14:53:36 +0100: > > > > > On Wed, 29 Jan 2020 14:36:39 +0100 > > > Miquel Raynal wrote: > > > > > > > Hello, > > > > > > > > Masahiro Yamada wrote on Wed, 29 Jan 2020 > > > > 19:06:46 +0900: > > > > > > > > > On Tue, Jan 28, 2020 at 3:58 PM Boris Brezillon > > > > > wrote: > > > > > > > > > > > > On Mon, 27 Jan 2020 16:47:55 +0100 > > > > > > Miquel Raynal wrote: > > > > > > > > > > > > > Hi Hello, > > > > > > > > > > > > > > Boris Brezillon wrote on Mon, 27 Jan > > > > > > > 2020 16:45:54 +0100: > > > > > > > > > > > > > > > On Mon, 27 Jan 2020 15:35:59 +0100 > > > > > > > > Miquel Raynal wrote: > > > > > > > > > > > > > > > > > Hi Masahiro, > > > > > > > > > > > > > > > > > > Masahiro Yamada wrote on Mon, 27 Jan 2020 > > > > > > > > > 21:55:25 +0900: > > > > > > > > > > > > > > > > > > > Hi. > > > > > > > > > > > > > > > > > > > > I have a question about the > > > > > > > > > > WP_n pin of a NAND chip. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > As far as I see, the NAND framework does not > > > > > > > > > > handle it. > > > > > > > > > > > > > > > > > > There is a nand_check_wp() which reads the status of the pin before > > > > > > > > > erasing/writing. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Instead, it is handled in a driver level. > > > > > > > > > > I see some DT-bindings that handle the WP_n pin. > > > > > > > > > > > > > > > > > > > > $ git grep wp -- Documentation/devicetree/bindings/mtd/ > > > > > > > > > > Documentation/devicetree/bindings/mtd/brcm,brcmnand.txt:- > > > > > > > > > > brcm,nand-has-wp : Some versions of this IP include a > > > > > > > > > > write-protect > > > > > > > > > > > > > > > > > > Just checked: brcmnand de-assert WP when writing/erasing and asserts it > > > > > > > > > otherwise. IMHO this switching is useless. > > > > > > > > > > > > > > > > > > > Documentation/devicetree/bindings/mtd/ingenic,jz4780-nand.txt:- > > > > > > > > > > wp-gpios: GPIO specifier for the write protect pin. > > > > > > > > > > Documentation/devicetree/bindings/mtd/ingenic,jz4780-nand.txt: > > > > > > > > > > wp-gpios = <&gpf 22 GPIO_ACTIVE_LOW>; > > > > > > > > > > Documentation/devicetree/bindings/mtd/nvidia-tegra20-nand.txt:- > > > > > > > > > > wp-gpios: GPIO specifier for the write protect pin. > > > > > > > > > > Documentation/devicetree/bindings/mtd/nvidia-tegra20-nand.txt: > > > > > > > > > > wp-gpios = <&gpio TEGRA_GPIO(S, 0) GPIO_ACTIVE_LOW>; > > > > > > > > > > > > > > > > > > In both cases, the WP GPIO is unused in the code, just de-asserted at > > > > > > > > > boot time like what you do in the patch below. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I wrote a patch to avoid read-only issue in some cases: > > > > > > > > > > http://patchwork.ozlabs.org/patch/1229749/ > > > > > > > > > > > > > > > > > > > > Generally speaking, we expect NAND devices > > > > > > > > > > are writable in Linux. So, I think my patch is OK. > > > > > > > > > > > > > > > > > > I think the patch is fine. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > However, I asked this myself: > > > > > > > > > > Is there a useful case to assert the write protect > > > > > > > > > > pin in order to make the NAND chip really read-only? > > > > > > > > > > For example, the system recovery image is stored in > > > > > > > > > > a read-only device, and the write-protect pin is > > > > > > > > > > kept asserted to assure nobody accidentally corrupts it. > > > > > > > > > > > > > > > > > > It is very likely that the same device is used for RO and RW storage so > > > > > > > > > in most cases this is not possible. We already have squashfs which is > > > > > > > > > actually read-only at filesystem level, I'm not sure it is needed to > > > > > > > > > enforce this at a lower level... Anyway if there is actually a pin for > > > > > > > > > that, one might want to handle the pin directly as a GPIO, what do you > > > > > > > > > think? > > > > > > > > > > > > > > > > FWIW, I've always considered the WP pin as a way to protect against > > > > > > > > spurious destructive command emission, which is most likely to happen > > > > > > > > during transition phases (bootloader -> linux, linux -> kexeced-linux, > > > > > > > > platform reset, ..., or any other transition where the pin state might > > > > > > > > be undefined at some point). This being said, if you're worried about > > > > > > > > other sources of spurious cmds (say your bus is shared between > > > > > > > > different kind of memory devices, and the CS pin is unreliable), you > > > > > > > > might want to leave the NAND in a write-protected state de-asserting WP > > > > > > > > only when explicitly issuing a destructive command (program page, erase > > > > > > > > block). > > > > > > > > > > > > > > Ok so with this in mind, only the brcmnand driver does a useful use of > > > > > > > the WP output. > > > > > > > > > > > > Well, I'd just say that brcmnand is more paranoid, which is a good > > > > > > thing I guess, but that doesn't make other solutions useless, just less > > > > > > safe. We could probably flag operations as 'destructive' at the > > > > > > nand_operation level, so drivers can assert/de-assert the pin on a > > > > > > per-operation basis. > > > > > > > > > > Sounds a good idea. > > > > > > > > > > If it is supported in the NAND framework, > > > > > I will be happy to implement in the Denali NAND driver. > > > > > > > > > > > > > There is currently no such thing at NAND level but I doubt there is > > > > more than erase and write operation during which it would be needed > > > > to assert/deassert WP. I don't see why having this flag would help > > > > the controller drivers? > > > > > > Because ->exec_op() was designed to avoid leaving such decisions to the > > > NAND controller drivers :P. If you now ask drivers to look at the > > > opcode and guess when they should de-assert the WP pin, you're just > > > going back to the ->cmdfunc() mess. > > > > I was actually thinking to the ->write_page(_raw)() helpers, but > > yeah, in the case of ->exec_op() it's different. However, for these > > helpers as don't use ->exec_op(), we need another way to flag the > > operation as destructive. > > I don't think we really care about ancient (AKA non-exec_op()) drivers. > They seem to work fine as they are now, so let's focus on the modern > ones. > > > > > But actually we could let the driver toggle the pin for any operation. > > If we want to be protected against spurious access, not directly ordered > > by the controller driver itself, then we don't care if the operation is > > actually destructive or not as long as the pin is deasserted during our > > operations and asserted otherwise. > > Or we could patch the ->exec_op() path to pass this information (and > maybe provide helpers for the GPIO case). Should be as simple as: Just noticed that WP has to be de-asserted 100 ns (tWW) before issuing the command cycle, so it might have a minor impact on the perfs (let's be honest, 100ns is nothing compared to the page transfer/erase time so I don't think it's a good reason for not re-asserting the pin after each write program operation).