Patchwork Improve error messages, protect the user

login
register
about
Submitter Carl-Daniel Hailfinger
Date 2009-08-19 13:54:15
Message ID <4A8C0407.7050501@gmx.net>
Download mbox | patch
Permalink /patch/141/
State Accepted
Commit r692
Headers show

Comments

Carl-Daniel Hailfinger - 2009-08-19 13:54:15
On 19.08.2009 14:03, Stefan Reinauer wrote:
> This should be
>
> /* If we tried to write, and now we don't properly verify, we might have
> an emergency situation */
> if (write_it && ret)
>     emergency_help_message();
>   

Indeed, thanks!
New patch below.

> Otherwise
>
> Acked-by: Stefan Reinauer <stepan@coresystems.de>
>   

Disallow erase/write for known bad chips so people won't try without a
clear understanding. Allow override with --force.

If write/erase failed, warn the user to get help and not shutdown/reboot
the computer.

Warn that the result of a forced read is often garbage. Too many users
believed that a forced read meant that everything was fine.

Wait 1 second between erase and verify. This fixes a few reports where
verify directly after erase had unpleasant side effects like corrupting
flash or at least getting incorrect verify results.

Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net>
Acked-by: Stefan Reinauer <stepan@coresystems.de>
Carl-Daniel Hailfinger - 2009-08-19 13:56:36
On 19.08.2009 15:54, Carl-Daniel Hailfinger wrote:
> Disallow erase/write for known bad chips so people won't try without a
> clear understanding. Allow override with --force.
>
> If write/erase failed, warn the user to get help and not shutdown/reboot
> the computer.
>
> Warn that the result of a forced read is often garbage. Too many users
> believed that a forced read meant that everything was fine.
>
> Wait 1 second between erase and verify. This fixes a few reports where
> verify directly after erase had unpleasant side effects like corrupting
> flash or at least getting incorrect verify results.
>
> Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net>
> Acked-by: Stefan Reinauer <stepan@coresystems.de>
>   

Committed in r692. Thanks for the reviews!

Regards,
Carl-Daniel

Patch

Index: flashrom-errormessages/flashrom.c
===================================================================
--- flashrom-errormessages/flashrom.c	(Revision 691)
+++ flashrom-errormessages/flashrom.c	(Arbeitskopie)
@@ -234,6 +234,7 @@ 
 {
 	size_t size = flash->total_size * 1024;
 	/* Flash registers live 4 MByte below the flash. */
+	/* FIXME: This is incorrect for nonstandard flashbase. */
 	flash->virtual_registers = (chipaddr)programmer_map_flash_region("flash chip registers", (0xFFFFFFFF - 0x400000 - size + 1), size);
 }
 
@@ -488,6 +489,15 @@ 
 	return 0;
 }
 
+void emergency_help_message()
+{
+	fprintf(stderr, "Your flash chip is in an unknown state.\n"
+		"Get help on IRC at irc.freenode.net channel #flashrom or\n"
+		"mail flashrom@flashrom.org\n"
+		"------------------------------------------------------------\n"
+		"DO NOT REBOOT OR POWEROFF!\n");
+}
+
 void usage(const char *name)
 {
 	const char *pname;
@@ -792,6 +802,7 @@ 
 				printf("Run flashrom -L to view the hardware supported in this flashrom version.\n");
 				exit(1);
 			}
+			printf("Please note that forced reads most likely contain garbage.\n");
 			return read_flash(flashes[0], filename);
 		}
 		// FIXME: flash writes stay enabled!
@@ -857,14 +868,44 @@ 
 	buf = (uint8_t *) calloc(size, sizeof(char));
 
 	if (erase_it) {
-		if (erase_flash(flash))
+		if (flash->tested & TEST_BAD_ERASE) {
+			fprintf(stderr, "Erase is not working on this chip. ");
+			if (!force) {
+				fprintf(stderr, "Aborting.\n");
+				return 1;
+			} else {
+				fprintf(stderr, "Continuing anyway.\n");
+			}
+		}
+		if (erase_flash(flash)) {
+			emergency_help_message();
 			return 1;
+		}
 	} else if (read_it) {
 		if (read_flash(flash, filename))
 			return 1;
 	} else {
 		struct stat image_stat;
 
+		if (flash->tested & TEST_BAD_ERASE) {
+			fprintf(stderr, "Erase is not working on this chip "
+				"and erase is needed for write. ");
+			if (!force) {
+				fprintf(stderr, "Aborting.\n");
+				return 1;
+			} else {
+				fprintf(stderr, "Continuing anyway.\n");
+			}
+		}
+		if (flash->tested & TEST_BAD_WRITE) {
+			fprintf(stderr, "Write is not working on this chip. ");
+			if (!force) {
+				fprintf(stderr, "Aborting.\n");
+				return 1;
+			} else {
+				fprintf(stderr, "Continuing anyway.\n");
+			}
+		}
 		if ((image = fopen(filename, "r")) == NULL) {
 			perror(filename);
 			exit(1);
@@ -903,14 +944,24 @@ 
 		ret = flash->write(flash, buf);
 		if (ret) {
 			fprintf(stderr, "FAILED!\n");
+			emergency_help_message();
 			return 1;
 		} else {
 			printf("COMPLETE.\n");
 		}
 	}
 
-	if (verify_it)
+	if (verify_it) {
+		/* Work around chips which need some time to calm down. */
+		if (write_it)
+			programmer_delay(1000*1000);
 		ret = verify_flash(flash, buf);
+		/* If we tried to write, and now we don't properly verify, we
+		 * might have an emergency situation.
+		 */
+		if (ret && write_it)
+			emergency_help_message();
+	}
 
 	programmer_shutdown();