[SPI_DEVICE|SPI_FLASH] Added a write-protection on en4b/ex4b to avoid… #15326
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
… SW overwrite - Issue : as reported in lowRISC#14940, hhen CSB has a short deassertion time, the next sck_csb_asserted_pulse can show up at the next SPI transaction while the previous propagation is still ongoing. Since spi_reg_cfg_addr_4b_en_sync still shows the old value different from spi_cfg_addr_4b_en_o, spi_cfg_addr_4b_en_o is written again by the old value. - In this fix, the HW source-of-truth value is protected till its mirrorred SW regs is updated Signed-off-by: Joshua Park <[email protected]>
| logic addr_4b_en_unlock_condition; | ||
| logic addr_4b_en_sw_update_condition; | ||
|
|
||
| assign addr_4b_en_lock_condition = spi_reg_cfg_addr_4b_en_sync ? spi_addr_4b_clr_i : |
There was a problem hiding this comment.
In the doc, the diagram shows lock condition is XOR of spi_reg_cfg_addr_4b_en_sync and spi_cfg_addr_4b_en_o. Here, it uses EN4B/EX4B condition. Is this to retract update (of locked FF) by one SPI clock ?
There was a problem hiding this comment.
Line 111 : assign addr_4b_en_sw_update_condition = (spi_reg_cfg_addr_4b_en_sync != spi_cfg_addr_4b_en_o);
corresponds to XOR. XOR output is also marked with addr_4b_en_sw_update_condition in the doc.
addr_4b_en_lock_condition needs en4b/ex4b condition to protect spi_cfg_addr_4b_en_o at the right next cycle after en4b/ex4b.
| end else if (spi_csb_asserted_pulse_i | ||
| && (spi_cfg_addr_4b_en_o != spi_reg_cfg_addr_4b_en_sync)) begin | ||
| end else if (spi_csb_asserted_pulse_i & !addr_4b_en_locked & | ||
| addr_4b_en_sw_update_condition) begin | ||
| // Update |
There was a problem hiding this comment.
ah this is kind of neat, it's like the reverse of what we're doing in prim_reg_cdc i think.
So to make sure i understand..
when there is a spi host update, that takes priority. If the value is different from the mirrored software value, the software update becomes "locked" until they are the same.
I'm sure you guys have tested, but can we make sure that if the software side needs to change the value before host transaction ever starts that this works correctly? It looks like it should.
There was a problem hiding this comment.
@tjaychen your understanding is correct. As I've run regression test with mp 100, they are all passing. But, I am not sure if this corner case was covered by the regression. I will clarify with @weicaiyang once @eunchan confirms this HW fix.
There was a problem hiding this comment.
I'm sure you guys have tested, but can we make sure that if the software side needs to change the value before host transaction ever starts that this works correctly? It looks like it should.
CSR addr_4b_en could be updated before or after host sends transactions. But it can be only updated when spi interface is idle. I suppose we don't have race condition that both HW and SW update it at the same time.
https://cs.opensource.google/opentitan/opentitan/+/master:hw/ip/spi_device/dv/env/seq_lib/spi_device_pass_base_vseq.sv;l=323?q=addr_4b_en&ss=opentitan%2Fopentitan:hw%2F&start=11
|
I think I am OK with this change as this PR removes the issue (short CSb inactive rolls back the addr_4b value). But I think we may use general CDC logic (primitives) for readers to understand more easily. +1 for merging this. I will delegate to @tjaychen to final stamp. :) |
ah yeah agreed with @eunchan if we can re-use cdc primitives it would be better. Which ones did you have in mind? |
|
|
ahhh, are you thinking about using the ack kind of as the "lock" condition? |
|
Kind of.
I assume SW updates addr_4b only when it restores the config after power cycles. So it is one-time program only. In that case, asynchronous FIFO is too much in my opinion. By using reqack_data, the `src_ack` comes from `dst_ack`, the acceptance indicator @ SPI_CLK. We could create a logic showing pending bit (connecting to `src_req` and cleared by `src_ack`) and make it visible to SW. Then SW knows when the value has been accepted (committed).
… On Oct 7, 2022, at 3:30 PM, tjaychen ***@***.***> wrote:
ahhh, are you thinking about using the ack kind of as the "lock" condition?
—
Reply to this email directly, view it on GitHub <#15326 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAJDG3S5BJAWJDJN2EYCF43WCCP7TANCNFSM6AAAAAAQ7DK6PQ>.
You are receiving this because you were mentioned.
|
|
Honestly, I feel guilty by designing this logic poorly at the beginning. :( I didn't think deeply at that time (incl. CSb timing.. ) Thanks for fixing the logic, Joshua! |
i would "probably" be careful about assuming that it's one-time only. I know that's the direction Alex gave also, but you never know with these things...something could show up that we completely did not anticipate. |
ah no worries. We did not exactly have a lot of time, and there were many complicated things in this block :) |
|
Yeah.. That’s possible also. Good thing is, the request can be accepted in a SPI transaction. So, SW may updated frequently without any harm if they want.
… On Oct 7, 2022, at 3:50 PM, tjaychen ***@***.***> wrote:
Kind of. I assume SW updates addr_4b only when it restores the config after power cycles. So it is one-time program only. In that case, asynchronous FIFO is too much in my opinion. By using reqack_data, the src_ack comes from dst_ack, the acceptance indicator @ SPI_CLK. We could create a logic showing pending bit (connecting to src_req and cleared by src_ack) and make it visible to SW. Then SW knows when the value has been accepted (committed).
… <x-msg://3/#>
On Oct 7, 2022, at 3:30 PM, tjaychen @.***> wrote: ahhh, are you thinking about using the ack kind of as the "lock" condition? — Reply to this email directly, view it on GitHub <#15326 (comment) <#15326 (comment)>>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJDG3S5BJAWJDJN2EYCF43WCCP7TANCNFSM6AAAAAAQ7DK6PQ <https://github.com/notifications/unsubscribe-auth/AAJDG3S5BJAWJDJN2EYCF43WCCP7TANCNFSM6AAAAAAQ7DK6PQ>. You are receiving this because you were mentioned.
i would "probably" be careful about assuming that it's one-time only. I know that's the direction Alex gave also, but you never know with these things...something could show up that we completely did not anticipate.
—
Reply to this email directly, view it on GitHub <#15326 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAJDG3VREOTKX3DPNLMNRNTWCCSKJANCNFSM6AAAAAAQ7DK6PQ>.
You are receiving this because you were mentioned.
|
|
I agree, delegating the approval to @tjaychen
… On Oct 12, 2022, at 12:16 PM, weicaiyang ***@***.***> wrote:
@tjaychen <https://github.com/tjaychen> @eunchan <https://github.com/eunchan> can we merge this? If we want to make a reusable prim for this, we could do it in another PR. WDYT?
—
Reply to this email directly, view it on GitHub <#15326 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAJDG3V2LQKLZHB7WRS44QTWC4FAZANCNFSM6AAAAAAQ7DK6PQ>.
You are receiving this because you were mentioned.
|
|
sounds good. |
|
@eunchan can you approve if it looks good to you? It looks okay to me, but I think you guys had discussed the implementation and probably know the details better than I do. |
… SW overwrite
Signed-off-by: Joshua Park [email protected]