Prevent possible overflow in is_in_flash_area_bounds while
validating offset and length of an operation.
Fixes#89349
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Switches flash_sync to use stream_flash_erase_to_append
instead of stream_flash_erase_page in preparation of deprecating
the later and reming control on erase from API user.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit changes requirements for stream_flash_init, where size
can no longer be 0 and has to be explicitly set, to avoid situation
where size autodetection, invoked by size == 0, would miss changes in
layout and silently allow overflow of Stream Flash into other partitions.
There has also been new Kconfig option CONFIG_STREAM_FLASH_INSPECT,
set to y by default to keep legacy behaviour, that can be used to turn
off stream_flash_ctx vs device inspection, allowing user to shed
inspection code once it is not useful anymore.
Fixes: #71042
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit moves Settigns initialization out of stream_flash
initialization function into: stream_flash_progress_clear
stream_flash_progress_load and stream_flash_progress_save.
This slightly increases code size (~56 bytes on Arm) but allows
to initialize Stream Flash even if Settings subsystem fails
to initialize and continue providing its basic functionality.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit adds Kconfig option CONFIG_STREAM_FLASH_POST_WRITE_CALLBACK
that allows to turn off support for callback invoked after data
is written to storage device.
If the feature is not used disabling it allows to save some storage.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit adds flash_area_sectors function that allows to get information
on sector/erase page layout by flash_area object pointer instead of
index.
The only difference between flash_area_sectors and flash_area_get_sectors
is that the later calls flash_area_open internally and as such requires
flash map to be compiled in.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit adds FIXED_PARTITION(label) macro that allows to obtain
struct flash_area object for partition of given label.
The macro allows instantiation of partition at point of usage
and will be replacing need for defining flash map with all partition
entries.
Area obtained with the macro should not be passed to open, instead
flash_area_device_is_ready, basically equivalent of device_is_ready
should be called on the obtained pointer to check if area is ready
for use.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit adds flash_area_sectors function that allows to get information
on sector/erase page layout by flash_area object pointer instead of
index.
The only difference between flash_area_sectors and flash_area_get_sectors
is that the later calls flash_area_open internally and as such requires
flash map to be compiled in.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit adds FIXED_PARTITION(label) macro that allows to obtain
struct flash_area object for partition of given label.
The macro allows instantiation of partition at point of usage
and will be replacing need for defining flash map with all partition
entries.
Area obtained with the macro should not be passed to open, instead
flash_area_device_is_ready, basically equivalent of device_is_ready
should be called on the obtained pointer to check if area is ready
for use.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Change in default flash map generation, where partitions hanging of
disabled devices will not have flash area generated.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Added check where stream_flash_erase_page checks if requested
offset is actually within stream flash designated area.
Fixes#79800
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
As part of ongoing work to move away from TinyCrypt and towards PSA
(#43712), introduce a PSA option and remove the TinyCrypt one for the
SHA-256 implementation.
The Mbed TLS implementation is modified to use `mbedtls_sha256`
directly for smaller code size.
As of now the implementation defaults to PSA only if TF-M is enabled
because a dependency loop happens if using `PSA_CRYPTO_CLIENT` as a
condition in `FLASH_AREA_CHECK_INTEGRITY_BACKEND`.
A test case is added for the PSA implementation, and an NS platform is
added to the base test case to verify the compilation on a TF-M-enabled
platform.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Add equivalent of flash_erase, from Flash API, to Flash Map API;
idea is the same: function tries to erase area if driver provides
erase function, otherwise writes erase_value across the defined
area.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Remove the `_MAC` part because those Kconfig options enable only hash
algorithms, nothing MAC-related, and the `_ENABLED` part to align the
naming to the Mbed TLS defines (plus we don't need such a part).
As a bonus, enabling SHA-256 does not automatically enable SHA-224
anymore.
See the migration guide entries for more details on the practical
changes.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
The commit caches write_block_size and erase_value to stream flash
context, at init, to avoid calling Flash API multiple times
to get these values at various stages of code exectuion,
at run-time.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Add the labels from the device tree fixed flash partitions
as a column to the flash_map list shell command.
Signed-off-by: Maurits Fassaert <maurits.fassaert@sensorfy.ai>
MISRA Rule 5.7 requires uniqueness of tag identifiers. Shell is
frequently problematic because many code uses `const struct shell
*shell`. This causes CI noise every time one of these shell files is
edited, so let's update all of them with `const struct shell *sh`
instead.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Those files includes soc.h header which exists not for all boards.
soc.h consists soc-depended defenitions and need to be included by
soc-depended sources
Signed-off-by: Dmytro Semenets <dmytro_semenets@epam.com>
Currently choice for FLASH_AREA_CHECK_INTEGRITY does not have a
denomination. Without that it is not possible select a default
backend hash backend for integrity check at project configuration.
This add a name to allow select flash area check integrity backend.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
The commit changes flash_map list output to display flash_map
assigned pointer instead of device ID which was not propagated
anyway.
The commit also fixes formatting of the output.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
With the incoming removal of kernel.h/types.h from init.h, lots of files
start to show compile errors because they relied on indirect
definitions, including errno.h.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
As of today <zephyr/zephyr.h> is 100% equivalent to <zephyr/kernel.h>.
This patch proposes to then include <zephyr/kernel.h> instead of
<zephyr/zephyr.h> since it is more clear that you are including the
Kernel APIs and (probably) nothing else. <zephyr/zephyr.h> sounds like a
catch-all header that may be confusing. Most applications need to
include a bunch of other things to compile, e.g. driver headers or
subsystem headers like BT, logging, etc.
The idea of a catch-all header in Zephyr is probably not feasible
anyway. Reason is that Zephyr is not a library, like it could be for
example `libpython`. Zephyr provides many utilities nowadays: a kernel,
drivers, subsystems, etc and things will likely grow. A catch-all header
would be massive, difficult to keep up-to-date. It is also likely that
an application will only build a small subset. Note that subsystem-level
headers may use a catch-all approach to make things easier, though.
NOTE: This patch is **NOT** removing the header, just removing its usage
in-tree. I'd advocate for its deprecation (add a #warning on it), but I
understand many people will have concerns.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
A pointer is not properly declared properly which causes the
build to fail.
flash_map_shell.c and flash_map.h do not include device.h so
the device struct has an incomplete type hence the build error.
Including device.h resolves the problem.
Also fixes a Wformat warning when referencing fa_off which is a pointer.
Cast the pointer to an uint32_t.
Fixes#48722
Signed-off-by: Steven Slupsky <sslupsky@gmail.com>
Don't fail to compile when `fixed-partition`'s exist on a flash device
that is disabled. This does not fix the case where a `fixed-partition`
is on a flash device with `status = "okay"` but with no driver compiled
in.
Signed-off-by: Jordan Yates <jordan.yates@data61.csiro.au>
Remove all usage of `device_get_binding` in the subsys by directly
storing the `const struct device*` in the `struct flash_area`.
Signed-off-by: Jordan Yates <jordan.yates@data61.csiro.au>
The commit adds check, to flash_area_open, whether there is any
device driver attached and returns -ENODEV if there isn't any.
This works around a problem where flash_area_open succeeds but
consecutive read/write causes crash.
It is enough to check the condition, and return error, here as
the flash_area_open has to precede, and be checked for success,
any read/write operations.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
In order to bring consistency in-tree, migrate all subsystems code to
the new prefix <zephyr/...>. Note that the conversion has been scripted,
refer to zephyrproject-rtos#45388 for more details.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
According to Kconfig guidelines, boolean prompts must not start with
"Enable...". The following command has been used to automate the changes
in this patch:
sed -i "s/bool \"[Ee]nables\? \(\w\)/bool \"\U\1/g" **/Kconfig*
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
In MCUboot:
commit 4aa286d2db2d02a8f0ff29cdc3304f3185dbe261
Author: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
Date: Wed Nov 24 14:54:56 2021 -0300
flash_map: Increase minimum supported write align via
flash_area_align
MCUboot changed the type of the alignment value in flash from a uint8_t
to a uint32_t. Indeed, Zephyr contains flash devices that have a larger
alignment than will fit in an 8-bit value. This generally means that
`flash_area_align` will just return 0 on these platforms.
Change call in Zephyr as well.
This shouldn't cause any observable behavior changes in Zephyr, other
than making some cases that don't work currently begin to work. If a
client is storing these results in a u8, it will be truncated, the same
as things were previously. If, however, the caller is prepared to
handle a larger type, this will result in having correct information,
instead of the truncated value.
Signed-off-by: David Brown <david.brown@linaro.org>
The commit separates conditionally compiled API calls to separate
C files and moves conditional compilation to CMakeLists.txt.
Inline helpers have been moved to flash_map_priv.h.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit adds check if offset is positive; previously negative
offset would be allowed, which means that writing flash before flash
area start was possible.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Move the code responsible for aligning the flash write by writing fill
values - from stream_flash_buffered_write to flash_sync. This avoids
having to correct buf_bytes/buf_written after the write and thus
simplifies error handling.
This commit also fixes an issue where the write length passed to the
callback in flash_sync includes the fill length.
Signed-off-by: Jonathan Nilsen <Jonathan.Nilsen@nordicsemi.no>
Add additional API to stream_flash that can be used to make
stream write progress persistent using the settings subsystem.
This functionality makes it possible to resume a write operation
after it was interrupted, e.g. by power loss.
Signed-off-by: Jonathan Nilsen <Jonathan.Nilsen@nordicsemi.no>
This patch removes scenario which was testing deprecated
API behaviors. Needed as As flash_write_protection_set() was
deprecated and became no-operation.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The stream_flash_buffered_write, when invoked to do flush write, will
attempt to write the tail bytes from the buffer, filling the required
minimal write block size with erase value bytes; after write it rewinds
the buffer offset, bytes_written, by number of the "filler bytes".
Doe to lack of return code processing from flash_sync call, two things
would happen to context in case of failure:
1) the ctx->bytes_written would be rewind pass the value it had before
function call as it gets decremented by "filler bytes" even if write
failed;
2) the ctx->buf_bytes offset would be accounting for added "filler
bytes" which should not be counted as data in buffer.
Proper processing of return code has been added to remove effects
described above.
Unit tests have been expended to cover the scenarios.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The stream_flash_buffered_write used to read byte from flash, in front
of the current buffer pointer, to obtain value of errased flash;
the code has been replaced with obtaining the value from flash
parameters.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
