bug: STM32Cube, flash operation

cube sphere · ‎2016-10-10

Posted on October 10, 2016 at 16:05

Dear all,

using the flash and option byte functions from STM32CubeF4 (MCU: STM32F469) I am concerned about its implementation.

Does anyone from ST may check the following code:

1)

stm32f4xx_hal_flash.c: line 592 - 598, function ''FLASH_WaitForLastOperation''

if(__HAL_FLASH_GET_FLAG((FLASH_FLAG_OPERR | FLASH_FLAG_WRPERR | FLASH_FLAG_PGAERR | \

FLASH_FLAG_PGPERR | FLASH_FLAG_PGSERR | FLASH_FLAG_RDERR)) != RESET)

{

/*Save the error code*/

FLASH_SetErrorCode();

return HAL_ERROR;

}

If not all error flags are set, the if-clause is false. Is this your intention?

2)

stm32f4xx_hal_flash_ex.h: line 479

&sharpdefine OB_WRP_SECTOR_All ((uint32_t)0x00000FFFU << 12) /*!< Write protection of all Sectors */

Why do you say ''All'' and respect only sectors 12 to 23?

3)

The nested if-clause with all its ''and'' and ''or''s in functions ''FLASH_OB_EnableWRP'' and ''FLASH_OB_DisableWRP''.

I don't understand the intention of this if-clause. It seems to be terribly broken. By the way, the bank information is already in the sector mask. Why this redundancy?

Best regards,

sphere

#flash #bug #stm32cube

Nesrine M_O · ‎2016-10-11

Posted on October 11, 2016 at 11:17

Hi sphere,

1.Thanks for highlighting this issue. It is a known bug, but the fix has not yet been released on the web.

2.The issue has been reported internally

3.Could you please provide more explanation on your case, so that it will be easier to understand the issue?

-Syrine-

cube sphere · ‎2016-10-13

Posted on October 13, 2016 at 09:25

Hi Syrine,

thank you for the answer and confirmation that it is a bug.

My application uses a sector specific write protection. The write protection has to be removed occasionally.

Testing the application, I found that bit 30 (

DBM1

) of

FLASH_OPTCR

was unintentionally set. Besides that it differed from the reset value.

I considered this harmful as it changes the behaviour of some flash operations.

Reviewing my and your implementation the misbehaviour was confirmed. I refer to STMCubeF4 v1.11 :

* @file stm32f4xx_hal_flash_ex.c

* @author MCD Application Team

* @version V1.4.4

* @date 22-January-2016

- function ''

FLASH_OB_DisableWRP

'' accepts in parameter WRPsector a bit mask for 24 sectors - suppose all 24 bits are set

- then the code in line 753 is executed

*(__IO uint16_t*)OPTCR_BYTE2_ADDRESS |= (uint16_t)WRPSector;

- this code accidentallysets bits 31 and 30 (

SPRMOD

and

DBM1

) of

FLASH_OPTCR

This is really dangerous as it

1. activates the read protection accidentally

2. alters the behaviour of the flash operations to dual bank mode.

I wonder how this bug could pass reviews, tests and quality assurance.

I attach you a patch file with the bug fixed.

In the expectation to see the bug fixed in the upcoming release.

Best regards,

sphere

________________

Attachments :

stm32f4_flash_bug-fix.patch : https://st--c.eu10.content.force.com/sfc/dist/version/download/?oid=00Db0000000YtG6&ids=0680X000006HzXf&d=%2Fa%2F0X0000000bNK%2Ff.WyNvOdV9cSOopXnK43JVU6ZWHRkcLyuUVWOs9FLoY&asPdf=false