Bug #573
closedInvalid opcode in the logs, erase/write failure
0%
Description
Note: this was reported when using flashrom MrChromebox-v1.5.0-rc1 however it is suspected that upstream code might have the bug, so let's dig into it.
Extract from the logs:
read_flash: region (00000000..0x7fffff) is readable, reading range (0x7ff000..0x7fffff).
E(7ff000:7fffff)Invalid OPCODE 0x06, will not execute.
spi_write_cmd failed during command execution at address 0x558000
Erase/write done from 200000 to 7fffff
Write Failed!Uh oh. Erase/write failed.
Full log here: https://paste.flashrom.org/view.php?id=3746
Updated by Anastasia Klimchuk 9 days ago
What stands out, is Invalid OPCODE error, moreover looking through full log it is happening even earlier, during probing.
Relevant parts of the code are "possible opcodes" and "reprogramming on the fly" concepts in ichspi.c. I will look closely there.
Another useful pieces of information:
- 1.3 does not repro the issue.
- Retrying with flashrom 1.5 provided by their distro, does repro.
Updated by Anastasia Klimchuk 9 days ago
I found something.
Firstly, the "reprogramming on the fly" is not happening, because ichspi_lock is set. In the full logs, there is a message SPI Configuration is locked down which is from here: https://github.com/flashrom/flashrom/blob/main/ichspi.c#L2180
With configuration being locked, it is only possible to operate with locked list of opcodes, which is populated in generate_opcodes here: https://github.com/flashrom/flashrom/blob/main/ichspi.c#L740
For some reasons 0x06 (JEDEC_WREN) is not on the list, and an attempt to use it during erase fails, and so fails the erase.
In the full logs, there is a list of opcodes which is read from the chipset config:
Reading OPCODES... done
OP Type Pre-OP
op[0]: 0x01, write w/o addr, none
op[1]: 0x02, write w/ addr, none
op[2]: 0x03, read w/ addr, none
op[3]: 0x05, read w/o addr, none
op[4]: 0x20, write w/ addr, none
op[5]: 0x9f, read w/o addr, none
op[6]: 0xd8, write w/ addr, none
op[7]: 0x0b, read w/ addr, none
Indeed, no 0x06 on the list
I can see few ways from here:
1) unlock the chipset
2) check how generate_opcodes work, because currently, it looks like 0x06 was not even supposed to be used
3) just for completeness, check why JEDEC_WREN is invoked in this case
Updated by Matt DeVillier 8 days ago
two more logs on the same board, back to back for easy diffing:
working: https://paste.flashrom.org/view.php?id=3749
non-working: https://paste.flashrom.org/view.php?id=3750
Updated by Matt DeVillier 8 days ago
just tested, and reverting 26a1eb514ccefc61b110068cf0eea73c397ba045 - ichspi: Probe opcode in POSSIBLE_OPCODES[] as well resolves the issue
Updated by Anastasia Klimchuk 7 days ago
Yeah the commit was fixing a real bug, ticket for context: https://ticket.coreboot.org/issues/556
But I think we missed to handle locked chipsets there.
I made a patch https://review.coreboot.org/c/flashrom/+/85592 , I think this is the missing part of 26a1eb514ccefc61b110068cf0eea73c397ba045
I am not entirely sure that it will fix this issue, but I do think that it is the missing part.
Updated by Matt DeVillier 7 days ago
Anastasia Klimchuk wrote in #note-5:
Yeah the commit was fixing a real bug, ticket for context: https://ticket.coreboot.org/issues/556
But I think we missed to handle locked chipsets there.
I made a patch https://review.coreboot.org/c/flashrom/+/85592 , I think this is the missing part of26a1eb514ccefc61b110068cf0eea73c397ba045I am not entirely sure that it will fix this issue, but I do think that it is the missing part.
tested and appears to resolve the issue :)
Updated by Anastasia Klimchuk 6 days ago
Oh great! Thank you for lots of info and detailed logs, this helped a lot!
Updated by Matt DeVillier 2 days ago
- Status changed from In Progress to Resolved