flashchips,writeprotect_ranges: add range decoding function

Allow chips to specify functions that map status register bits to
protection ranges. These are used to enumerate available ranges and
determine the protection state of chips. The patch also adds a range
decoding function for the example chips. Many other chips can also be
handled by it, though some will require different functions (e.g.
MX25L6406 and related chips).

Another approach that has been tried in cros flashrom is maintaining
tables of range data, but it quickly becomes error prone and hard to
validate.

Using a function to interpret the ranges allows compact encoding with
most chips and is flexible enough to allow chips with less predictable
ranges to be handled as well.

Tested: dumped range tables, checked against datasheets

Change-Id: Id163ed80938a946a502ed116e48e8236e36eb203
Signed-off-by: Nikolai Artemiev <nartemiev@google.com>
Original-Reviewed-on: https://review.coreboot.org/c/flashrom/+/58480
Original-Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Original-Reviewed-by: Nico Huber <nico.h@gmx.de>
Original-Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom-stable/+/70969
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
diff --git a/Makefile b/Makefile
index c6841bd..ed46b13 100644
--- a/Makefile
+++ b/Makefile
@@ -571,7 +571,8 @@
 CHIP_OBJS = jedec.o stm50.o w39.o w29ee011.o \
 	sst28sf040.o 82802ab.o \
 	sst49lfxxxc.o sst_fwhub.o edi.o flashchips.o spi.o spi25.o spi25_statusreg.o \
-	spi95.o opaque.o sfdp.o en29lv640b.o at45db.o writeprotect.o
+	spi95.o opaque.o sfdp.o en29lv640b.o at45db.o \
+	writeprotect.o writeprotect_ranges.o
 
 ###############################################################################
 # Library code.
diff --git a/chipdrivers.h b/chipdrivers.h
index 9e2b44b..e5f426c 100644
--- a/chipdrivers.h
+++ b/chipdrivers.h
@@ -208,4 +208,7 @@
 int probe_spi_st95(struct flashctx *flash);
 int spi_block_erase_emulation(struct flashctx *flash, unsigned int addr, unsigned int blocklen);
 
+/* writeprotect_ranges.c */
+void decode_range_spi25(size_t *start, size_t *len, const struct wp_bits *, size_t chip_len);
+
 #endif /* !__CHIPDRIVERS_H__ */
diff --git a/flash.h b/flash.h
index 9129335..c6173ba 100644
--- a/flash.h
+++ b/flash.h
@@ -198,6 +198,8 @@
 	} writability;
 };
 
+struct wp_bits;
+
 struct flashchip {
 	const char *vendor;
 	const char *name;
@@ -306,6 +308,10 @@
 		/* Complement bit (CMP) */
 		struct reg_bit_info cmp;
 	} reg_bits;
+
+	/* Function that takes a set of WP config bits (e.g. BP, SEC, TB, etc) */
+	/* and determines what protection range they select. */
+	void (*decode_range)(size_t *start, size_t *len, const struct wp_bits *, size_t chip_len);
 };
 
 typedef int (*chip_restore_fn_cb_t)(struct flashctx *flash, uint8_t status);
diff --git a/flashchips.c b/flashchips.c
index ab25079..9bdf764 100644
--- a/flashchips.c
+++ b/flashchips.c
@@ -6316,6 +6316,7 @@
 			.sec    = {STATUS1, 6, RW}, /* Called BP4 in datasheet, acts like SEC */
 			.cmp    = {STATUS2, 6, RW},
 		},
+		.decode_range	= decode_range_spi25,
 	},
 
 	{
@@ -6722,6 +6723,7 @@
 			.bp     = {{STATUS1, 2, RW}, {STATUS1, 3, RW}, {STATUS1, 4, RW}, {STATUS1, 5, RW}},
 			.tb     = {STATUS1, 6, RW},
 		},
+		.decode_range	= decode_range_spi25,
 	},
 
 	{
@@ -6770,6 +6772,7 @@
 			.sec    = {STATUS1, 6, RW}, /* Called BP4 in datasheet, acts like SEC */
 			.cmp    = {STATUS2, 6, RW},
 		},
+		.decode_range	= decode_range_spi25,
 	},
 
 	{
diff --git a/meson.build b/meson.build
index a9043c6..c312ca6 100644
--- a/meson.build
+++ b/meson.build
@@ -334,6 +334,7 @@
 srcs += 'w29ee011.c'
 srcs += 'w39.c'
 srcs += 'writeprotect.c'
+srcs += 'writeprotect_ranges.c'
 
 mapfile = 'libflashrom.map'
 vflag = '-Wl,--version-script,@0@/@1@'.format(meson.current_source_dir(), mapfile)
diff --git a/writeprotect_ranges.c b/writeprotect_ranges.c
new file mode 100644
index 0000000..04e3881
--- /dev/null
+++ b/writeprotect_ranges.c
@@ -0,0 +1,93 @@
+/*
+ * This file is part of the flashrom project.
+ *
+ * Copyright 2021 Google LLC
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#include "writeprotect.h"
+#include "chipdrivers.h"
+
+/*
+ * Protection range calculation that works with many common SPI flash chips.
+ */
+void decode_range_spi25(size_t *start, size_t *len, const struct wp_bits *bits, size_t chip_len)
+{
+	/* Interpret BP bits as an integer */
+	size_t i;
+	size_t bp = 0;
+	size_t bp_max = 0;
+
+	for (i = 0; i < bits->bp_bit_count; i++) {
+		bp |= bits->bp[i] << i;
+		bp_max |= 1 << i;
+	}
+
+	if (bp == 0) {
+		/* Special case: all BP bits are 0 => no write protection */
+		*len = 0;
+	} else if (bp == bp_max) {
+		/* Special case: all BP bits are 1 => full write protection */
+		*len = chip_len;
+	} else {
+		/*
+		 * Usual case: the BP bits encode a coefficient in the form
+		 * `coeff = 2 ** (bp - 1)`.
+		 *
+		 * The range's length is given by multiplying the coefficient
+		 * by a base unit, usually a 4K sector or a 64K block.
+		 */
+
+		size_t coeff     = 1 << (bp - 1);
+		size_t max_coeff = 1 << (bp_max - 2);
+
+		size_t sector_len        = 4  * KiB;
+		size_t default_block_len = 64 * KiB;
+
+		if (bits->sec_bit_present && bits->sec == 1) {
+			/*
+			 * SEC=1, protect 4K sectors. Flash chips clamp the
+			 * protection length at 32K, probably to avoid overlap
+			 * with the SEC=0 case.
+			 */
+			*len = min(sector_len * coeff, default_block_len / 2);
+		} else {
+			/*
+			 * SEC=0 or is not present, protect blocks.
+			 *
+			 * With very large chips, the 'block' size can be
+			 * larger than 64K. This occurs when a larger block
+			 * size is needed so that half the chip can be
+			 * protected by the maximum possible coefficient.
+			 */
+			size_t min_block_len = chip_len / 2 / max_coeff;
+			size_t block_len = max(min_block_len, default_block_len);
+
+			*len = min(block_len * coeff, chip_len);
+		}
+	}
+
+	/* Apply TB bit */
+	bool protect_top = bits->tb_bit_present ? (bits->tb == 0) : 1;
+
+	/* Apply CMP bit */
+	if (bits->cmp_bit_present && bits->cmp == 1) {
+		*len = chip_len - *len;
+		protect_top = !protect_top;
+	}
+
+	/* Calculate start address, ensuring that empty ranges start at 0 */
+	if (protect_top && *len > 0)
+		*start = chip_len - *len;
+	else
+		*start = 0;
+}