fix(esp_flash): fixed issue of escaping boundary check

Also patched corresponding ROM functions

components/spi_flash/test_apps/esp_flash/main/test_esp_flash_drv.c

@@ -781,6 +781,41 @@ static void test_write_large_buffer(const esp_partition_t* part, const uint8_t *
     read_and_check(part, source, length);
 }
 
+#if CONFIG_SPI_FLASH_DANGEROUS_WRITE_ALLOWED
+static void test_write_over_boundary(const esp_partition_t* part)
+{
+    esp_flash_t* chip = part->flash_chip;
+    uint32_t flash_size;
+    esp_err_t err = esp_flash_get_size(chip, &flash_size);
+    TEST_ESP_OK(err);
+    const uint32_t SECTOR_SIZE = 4096;
+    uint8_t buf[0];
+
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_erase_region(chip, 0, flash_size+SECTOR_SIZE));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_erase_region(chip, SECTOR_SIZE, flash_size));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_erase_region(chip, flash_size/2, flash_size/2 + SECTOR_SIZE));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_erase_region(chip, flash_size/2 + SECTOR_SIZE, flash_size/2));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_erase_region(chip, flash_size - SECTOR_SIZE, 2 * SECTOR_SIZE));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_erase_region(chip, 2 * SECTOR_SIZE, flash_size - SECTOR_SIZE));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_erase_region(chip, flash_size - SECTOR_SIZE, flash_size - SECTOR_SIZE));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_erase_region(chip, flash_size - SECTOR_SIZE, UINT32_MAX - SECTOR_SIZE + 1));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_erase_region(chip, UINT32_MAX - SECTOR_SIZE + 1, flash_size - SECTOR_SIZE));
+
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_write(chip, buf, 0, flash_size+SECTOR_SIZE));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_write(chip, buf, SECTOR_SIZE, flash_size));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_write(chip, buf, flash_size/2, flash_size/2 + SECTOR_SIZE));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_write(chip, buf, flash_size/2 + SECTOR_SIZE, flash_size/2));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_write(chip, buf, flash_size - SECTOR_SIZE, 2 * SECTOR_SIZE));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_write(chip, buf, 2 * SECTOR_SIZE, flash_size - SECTOR_SIZE));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_write(chip, buf, flash_size - SECTOR_SIZE, flash_size - SECTOR_SIZE));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_write(chip, buf, flash_size - SECTOR_SIZE, UINT32_MAX - SECTOR_SIZE + 1));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_write(chip, buf, UINT32_MAX - SECTOR_SIZE + 1, flash_size - SECTOR_SIZE));
+}
+
+TEST_CASE_FLASH("Test flash write over boundary", test_write_over_boundary);
+TEST_CASE_MULTI_FLASH("Test flash write over boundary", test_write_over_boundary);
+#endif //CONFIG_SPI_FLASH_DANGEROUS_WRITE_ALLOWED
+
 #if !CONFIG_SPI_FLASH_WARN_SETTING_ZERO_TO_ONE
 
 typedef struct {
@@ -1094,3 +1129,16 @@ void test_flash_counter(const esp_partition_t* part)
 
 TEST_CASE_FLASH("SPI flash counter test", test_flash_counter);
 #endif //CONFIG_SPI_FLASH_ENABLE_COUNTERS
+
+#if CONFIG_SPI_FLASH_DANGEROUS_WRITE_FAILS
+TEST_CASE("test writes to dangerous regions like bootloader", "[esp_flash]")
+{
+    TEST_ASSERT_EQUAL_HEX(ESP_ERR_INVALID_ARG, esp_flash_erase_region(NULL, CONFIG_BOOTLOADER_OFFSET_IN_FLASH, 4*4096));
+    TEST_ASSERT_EQUAL_HEX(ESP_ERR_INVALID_ARG, esp_flash_erase_region(NULL, CONFIG_PARTITION_TABLE_OFFSET, 4096));
+    char buffer[32] = {0xa5};
+    // Encrypted writes to bootloader region not allowed
+    TEST_ASSERT_EQUAL_HEX(ESP_ERR_INVALID_ARG, esp_flash_write(NULL, buffer, CONFIG_BOOTLOADER_OFFSET_IN_FLASH, sizeof(buffer)));
+    // Encrypted writes to partition table region not allowed
+    TEST_ASSERT_EQUAL_HEX(ESP_ERR_INVALID_ARG, esp_flash_write(NULL, buffer, CONFIG_PARTITION_TABLE_OFFSET, sizeof(buffer)));
+}
+#endif //!CONFIG_SPI_FLASH_DANGEROUS_WRITE_FAILS

components/spi_flash/test_apps/esp_flash/sdkconfig.ci.rom_impl

@@ -1,2 +1,4 @@
 CONFIG_ESP_TASK_WDT_EN=n
 CONFIG_SPI_FLASH_ROM_IMPL=y
+# Unrelated to rom, but to test if the boundary checking works well
+CONFIG_SPI_FLASH_DANGEROUS_WRITE_ALLOWED=y

components/spi_flash/test_apps/esp_flash/sdkconfig.ci.verify

@@ -1,4 +1,6 @@
-CONFIG_ESP_TASK_WDT=n
+CONFIG_ESP_TASK_WDT_INIT=n
 CONFIG_SPI_FLASH_VERIFY_WRITE=y
 CONFIG_SPI_FLASH_LOG_FAILED_WRITE=y
 CONFIG_SPI_FLASH_WARN_SETTING_ZERO_TO_ONE=y
+# Unrelated to verify, but to test if the boundary checking works well
+CONFIG_SPI_FLASH_DANGEROUS_WRITE_ALLOWED=y

components/spi_flash/test_apps/flash_encryption/main/test_flash_encryption.c

@@ -452,6 +452,7 @@ TEST_CASE("test read & write encrypted data with large buffer in ram", "[flash_e
     free(buf);
 }
 
+#if CONFIG_SPI_FLASH_DANGEROUS_WRITE_FAILS
 TEST_CASE("test encrypted writes to dangerous regions like bootloader", "[flash_encryption]")
 {
     TEST_ASSERT_EQUAL_HEX(ESP_ERR_INVALID_ARG, esp_flash_erase_region(NULL, CONFIG_BOOTLOADER_OFFSET_IN_FLASH, 4*4096));
@@ -462,4 +463,36 @@ TEST_CASE("test encrypted writes to dangerous regions like bootloader", "[flash_
     // Encrypted writes to partition table region not allowed
     TEST_ASSERT_EQUAL_HEX(ESP_ERR_INVALID_ARG, esp_flash_write_encrypted(NULL, CONFIG_PARTITION_TABLE_OFFSET, buffer, sizeof(buffer)));
 }
+#elif CONFIG_SPI_FLASH_DANGEROUS_WRITE_ALLOWED
+TEST_CASE("Test flash encrypted write over boundary", "[flash_encryption]")
+{
+    esp_flash_t* chip = NULL;
+    uint32_t flash_size;
+    esp_err_t err = esp_flash_get_size(chip, &flash_size);
+    TEST_ESP_OK(err);
+    const uint32_t SECTOR_SIZE = 4096;
+    uint8_t buf[0];
+
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_erase_region(chip, 0, flash_size+SECTOR_SIZE));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_erase_region(chip, SECTOR_SIZE, flash_size));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_erase_region(chip, flash_size/2, flash_size/2 + SECTOR_SIZE));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_erase_region(chip, flash_size/2 + SECTOR_SIZE, flash_size/2));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_erase_region(chip, flash_size - SECTOR_SIZE, 2 * SECTOR_SIZE));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_erase_region(chip, 2 * SECTOR_SIZE, flash_size - SECTOR_SIZE));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_erase_region(chip, flash_size - SECTOR_SIZE, flash_size - SECTOR_SIZE));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_erase_region(chip, flash_size - SECTOR_SIZE, UINT32_MAX - SECTOR_SIZE + 1));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_erase_region(chip, UINT32_MAX - SECTOR_SIZE + 1, flash_size - SECTOR_SIZE));
+
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_write_encrypted(chip, 0, buf, flash_size+SECTOR_SIZE));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_write_encrypted(chip, SECTOR_SIZE, buf, flash_size));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_write_encrypted(chip, flash_size/2, buf, flash_size/2 + SECTOR_SIZE));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_write_encrypted(chip, flash_size/2 + SECTOR_SIZE, buf, flash_size/2));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_write_encrypted(chip, flash_size - SECTOR_SIZE, buf, 2 * SECTOR_SIZE));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_write_encrypted(chip, 2 * SECTOR_SIZE, buf, flash_size - SECTOR_SIZE));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_write_encrypted(chip, flash_size - SECTOR_SIZE, buf, flash_size - SECTOR_SIZE));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_write_encrypted(chip, flash_size - SECTOR_SIZE, buf, UINT32_MAX - SECTOR_SIZE + 1));
+    TEST_ASSERT_EQUAL(ESP_ERR_INVALID_ARG, esp_flash_write_encrypted(chip, UINT32_MAX - SECTOR_SIZE + 1, buf, flash_size - SECTOR_SIZE));
+}
+#endif //CONFIG_SPI_FLASH_DANGEROUS_WRITE_FAILS
+
 #endif // CONFIG_SECURE_FLASH_ENC_ENABLED

components/spi_flash/test_apps/flash_encryption/sdkconfig.ci.rom_impl

@@ -3,3 +3,5 @@ CONFIG_SPI_FLASH_ROM_IMPL=y
 CONFIG_COMPILER_OPTIMIZATION_SIZE=y
 CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_SIZE=y
 CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT=y
+# Unrelated to rom, but to test if the boundary checking works well
+CONFIG_SPI_FLASH_DANGEROUS_WRITE_ALLOWED=y

components/spi_flash/test_apps/flash_encryption/sdkconfig.ci.verify

@@ -17,3 +17,6 @@ CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED=y
 CONFIG_SPI_FLASH_VERIFY_WRITE=y
 CONFIG_SPI_FLASH_LOG_FAILED_WRITE=y
 CONFIG_SPI_FLASH_WARN_SETTING_ZERO_TO_ONE=y
+
+# Unrelated to verify, but to test if the boundary checking works well
+CONFIG_SPI_FLASH_DANGEROUS_WRITE_ALLOWED=y

components/spi_flash/test_apps/flash_mmap/sdkconfig.ci.release

@@ -1,4 +1,4 @@
-CONFIG_ESP_TASK_WDT=n
+CONFIG_ESP_TASK_WDT_INIT=n
 CONFIG_COMPILER_OPTIMIZATION_SIZE=y
 CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_SIZE=y
 CONFIG_COMPILER_OPTIMIZATION_ASSERTIONS_SILENT=y

components/spi_flash/test_apps/flash_mmap/sdkconfig.defaults

@@ -1,3 +1,3 @@
-CONFIG_ESP_TASK_WDT=n
+CONFIG_ESP_TASK_WDT_INIT=n
 CONFIG_PARTITION_TABLE_CUSTOM=y
 CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions.csv"