From: Hector Martin <hector@marcansoft.com>
To: LKML <linux-kernel@vger.kernel.org>
Cc: russ.dill@gmail.com
Subject: Re: [PATCH] usb: serial: Perform verification for FTDI FT232R devices
Date: Thu, 23 Oct 2014 21:44:42 +0900 [thread overview]
Message-ID: <5448F83A.7010903@marcansoft.com> (raw)
In-Reply-To: 1414054344-3688-1-git-send-email-Russ.Dill@gmail.com
NAK. This patch neither accomplishes what FTDI intended, nor what the
author humorously intended.
> + /* Attempt to set Vendor ID to 0 */
> + eeprom_data[1] = 0;
> +
> + /* Calculate new checksum to avoid bricking devices */
> + checksum = ftdi_checksum(eeprom_data, eeprom_size);
> +
> + /* Verify EEPROM programming behavior/nonbehavior */
> + write_eeprom(port, 1, 0);
> + write_eeprom(port, eeprom_size - 1, checksum);
FTDI's verification routine sets the Product ID (at address 2) to 0 and
a dummy word (at address 0x3e) to a correctly crafted value that makes
the existing checksum pass. This bricks clone devices (setting PID to
0), while original FT232RL devices are not affected as they only commit
writes when they receive a write command to an odd EEPROM address,
combining it with the most recently issued write to an even address and
writing 32 bits at a time.
This patch instead writes the Vendor ID (at address 1) and the real
checksum (at address 0x3f). As amusing as bricking all devices would be,
unfortunately, a real FT232RL would just write garbage at addresses 0
and 0x3e too (as writes are still 32 bits, and no prior even-addressed
writes have occurred, so the holding register on the chip contains
garbage). Therefore, the real effect of this patch is to brick clone
devices (in a different way from the official driver, killing the VID
instead of the PID), while merely resetting original FT232RL devices to
defaults, due to the inadvertently corrupted even words now causing a
checksum mismatch.
Props on the humor, try again with better code next time ;-). I suggest
the following:
+ write_eeprom(port, 0, eeprom_data[0]);
+ write_eeprom(port, 1, 0);
+ write_eeprom(port, eeprom_size - 2, eeprom_data[eeprom_size - 2]);
+ write_eeprom(port, eeprom_size - 1, checksum);
This will correctly set the Vendor ID to zero on all devices, counterfeit
or not.
--
Hector Martin (hector@marcansoft.com)
Public Key: http://www.marcansoft.com/marcan.asc
next reply other threads:[~2014-10-23 12:52 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-23 12:44 Hector Martin [this message]
2014-10-23 14:14 ` [PATCH] usb: serial: Perform verification for FTDI FT232R devices Russ Dill
2014-10-23 17:05 ` Hector Martin
2014-10-23 19:41 ` [PATCH v2] " Russ Dill
2014-10-23 19:53 ` John Stoffel
2014-10-24 6:22 ` [PATCH] " Perry Hung
-- strict thread matches above, loose matches on Subject: below --
2014-10-23 8:52 russ.dill
2014-10-23 9:40 ` Greg KH
2014-10-23 9:53 ` Frans Klaver
2014-10-23 11:18 ` One Thousand Gnomes
2014-10-23 11:19 ` Johan Hovold
2014-10-23 12:55 ` Mark Brown
2014-10-27 10:58 ` Oliver Neukum
2014-10-27 11:09 ` Oliver Neukum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5448F83A.7010903@marcansoft.com \
--to=hector@marcansoft.com \
--cc=linux-kernel@vger.kernel.org \
--cc=russ.dill@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.