drivers/nvmem/core.c | 6 ++++++ 1 file changed, 6 insertions(+)
In case the nvmem DT node contains "wp-gpios" DT property, the device
currently defaults to read-write and the force_ro sysfs attribute reads
0. Switch to the default read-only, which is both safer, and aligned
with eMMC HW BOOT partition force_ro sysfs attribute behavior, which
also defaults to read-only.
The adjustment of nvmem->read_only value to read-only in case wp-gpios
DT property is present must be done only after the device_add() got
called because device_add() does internally call nvmem_bin_attr_get_umode(),
which configures the permissions of 'nvmem' bin attr based on the value
of nvmem->read_only that is only parsed from DT property 'read-only',
without any adjustment. This way, if DT property 'read-only' is present,
the 'nvmem' attribute is always read-only. Otherwise, if the device is
writeable, then 'nvmem' attribute is writeable, and nvmem->read_only
defaults to read-only, but can be switched to read-write at runtime via
the 'force_ro' attribute.
The updated behavior can be tested as follows:
Current content:
"
$ cat /sys/bus/nvmem/devices/logging7/force_ro
1
$ hexdump -C /sys/bus/nvmem/devices/logging7/nvmem
00000000 66 6f 6f 0a ff ff ff ff
"
Write into default-read-only device:
"
$ echo bar > /sys/bus/nvmem/devices/logging7/nvmem
bash: echo: write error: Operation not permitted
$ cat /sys/bus/nvmem/devices/logging7/force_ro
1
"
Unlock and write into device:
"
$ echo 0 > /sys/bus/nvmem/devices/logging7/force_ro
$ cat /sys/bus/nvmem/devices/logging7/force_ro
0
$ echo bar > /sys/bus/nvmem/devices/logging7/nvmem
$ hexdump -C /sys/bus/nvmem/devices/logging7/nvmem
00000000 62 61 72 0a ff ff ff ff
"
Relock and write into device, fails because device is read-only again:
"
$ echo 1 > /sys/bus/nvmem/devices/logging7/force_ro
$ echo baz > /sys/bus/nvmem/devices/logging7/nvmem
bash: echo: write error: Operation not permitted
$ hexdump -C /sys/bus/nvmem/devices/logging7/nvmem
00000000 62 61 72 0a ff ff ff ff
"
Signed-off-by: Marek Vasut <marex@nabladev.com>
---
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Bartosz Golaszewski <brgl@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Srinivas Kandagatla <srini@kernel.org>
Cc: linux-i2c@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
---
V2: Simplify the implementation, make devices with wp-gpios default
to read-only and let users unlock those devices via force_ro
sysfs attribute, just like eMMC HW BOOT partitions
---
drivers/nvmem/core.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
index 311cb2e5a5c02..0b1942e389113 100644
--- a/drivers/nvmem/core.c
+++ b/drivers/nvmem/core.c
@@ -1019,6 +1019,12 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
if (rval)
goto err_remove_dev;
+ /* If the device has WP GPIO, default to read-only */
+ if (nvmem->wp_gpio) {
+ nvmem->read_only = true;
+ gpiod_set_value_cansleep(nvmem->wp_gpio, 1);
+ }
+
#ifdef CONFIG_NVMEM_SYSFS
rval = nvmem_populate_sysfs_cells(nvmem);
if (rval)
--
2.53.0On Sun, 26 Apr 2026 04:44:32 +0200, Marek Vasut <marex@nabladev.com> said:
> In case the nvmem DT node contains "wp-gpios" DT property, the device
> currently defaults to read-write and the force_ro sysfs attribute reads
> 0. Switch to the default read-only, which is both safer, and aligned
> with eMMC HW BOOT partition force_ro sysfs attribute behavior, which
> also defaults to read-only.
>
> The adjustment of nvmem->read_only value to read-only in case wp-gpios
> DT property is present must be done only after the device_add() got
> called because device_add() does internally call nvmem_bin_attr_get_umode(),
> which configures the permissions of 'nvmem' bin attr based on the value
> of nvmem->read_only that is only parsed from DT property 'read-only',
> without any adjustment. This way, if DT property 'read-only' is present,
> the 'nvmem' attribute is always read-only. Otherwise, if the device is
> writeable, then 'nvmem' attribute is writeable, and nvmem->read_only
> defaults to read-only, but can be switched to read-write at runtime via
> the 'force_ro' attribute.
>
> The updated behavior can be tested as follows:
>
> Current content:
> "
> $ cat /sys/bus/nvmem/devices/logging7/force_ro
> 1
>
> $ hexdump -C /sys/bus/nvmem/devices/logging7/nvmem
> 00000000 66 6f 6f 0a ff ff ff ff
> "
>
> Write into default-read-only device:
> "
> $ echo bar > /sys/bus/nvmem/devices/logging7/nvmem
> bash: echo: write error: Operation not permitted
> $ cat /sys/bus/nvmem/devices/logging7/force_ro
> 1
> "
>
> Unlock and write into device:
> "
> $ echo 0 > /sys/bus/nvmem/devices/logging7/force_ro
> $ cat /sys/bus/nvmem/devices/logging7/force_ro
> 0
>
> $ echo bar > /sys/bus/nvmem/devices/logging7/nvmem
> $ hexdump -C /sys/bus/nvmem/devices/logging7/nvmem
> 00000000 62 61 72 0a ff ff ff ff
> "
>
> Relock and write into device, fails because device is read-only again:
> "
> $ echo 1 > /sys/bus/nvmem/devices/logging7/force_ro
> $ echo baz > /sys/bus/nvmem/devices/logging7/nvmem
> bash: echo: write error: Operation not permitted
>
> $ hexdump -C /sys/bus/nvmem/devices/logging7/nvmem
> 00000000 62 61 72 0a ff ff ff ff
> "
>
> Signed-off-by: Marek Vasut <marex@nabladev.com>
> ---
> Cc: Arnd Bergmann <arnd@arndb.de>
> Cc: Bartosz Golaszewski <brgl@kernel.org>
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Cc: Srinivas Kandagatla <srini@kernel.org>
> Cc: linux-i2c@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> ---
> V2: Simplify the implementation, make devices with wp-gpios default
> to read-only and let users unlock those devices via force_ro
> sysfs attribute, just like eMMC HW BOOT partitions
> ---
> drivers/nvmem/core.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
> index 311cb2e5a5c02..0b1942e389113 100644
> --- a/drivers/nvmem/core.c
> +++ b/drivers/nvmem/core.c
> @@ -1019,6 +1019,12 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
> if (rval)
> goto err_remove_dev;
>
> + /* If the device has WP GPIO, default to read-only */
> + if (nvmem->wp_gpio) {
> + nvmem->read_only = true;
> + gpiod_set_value_cansleep(nvmem->wp_gpio, 1);
Why is this needed if we already did:
nvmem->wp_gpio = gpiod_get_optional(config->dev, "wp", GPIOD_OUT_HIGH);
?
Bart
> + }
> +
> #ifdef CONFIG_NVMEM_SYSFS
> rval = nvmem_populate_sysfs_cells(nvmem);
> if (rval)
> --
> 2.53.0
>
>
On 4/27/26 11:44 AM, Bartosz Golaszewski wrote:
> On Sun, 26 Apr 2026 04:44:32 +0200, Marek Vasut <marex@nabladev.com> said:
>> In case the nvmem DT node contains "wp-gpios" DT property, the device
>> currently defaults to read-write and the force_ro sysfs attribute reads
>> 0. Switch to the default read-only, which is both safer, and aligned
>> with eMMC HW BOOT partition force_ro sysfs attribute behavior, which
>> also defaults to read-only.
>>
>> The adjustment of nvmem->read_only value to read-only in case wp-gpios
>> DT property is present must be done only after the device_add() got
>> called because device_add() does internally call nvmem_bin_attr_get_umode(),
>> which configures the permissions of 'nvmem' bin attr based on the value
>> of nvmem->read_only that is only parsed from DT property 'read-only',
>> without any adjustment. This way, if DT property 'read-only' is present,
>> the 'nvmem' attribute is always read-only. Otherwise, if the device is
>> writeable, then 'nvmem' attribute is writeable, and nvmem->read_only
>> defaults to read-only, but can be switched to read-write at runtime via
>> the 'force_ro' attribute.
>>
>> The updated behavior can be tested as follows:
>>
>> Current content:
>> "
>> $ cat /sys/bus/nvmem/devices/logging7/force_ro
>> 1
>>
>> $ hexdump -C /sys/bus/nvmem/devices/logging7/nvmem
>> 00000000 66 6f 6f 0a ff ff ff ff
>> "
>>
>> Write into default-read-only device:
>> "
>> $ echo bar > /sys/bus/nvmem/devices/logging7/nvmem
>> bash: echo: write error: Operation not permitted
>> $ cat /sys/bus/nvmem/devices/logging7/force_ro
>> 1
>> "
>>
>> Unlock and write into device:
>> "
>> $ echo 0 > /sys/bus/nvmem/devices/logging7/force_ro
>> $ cat /sys/bus/nvmem/devices/logging7/force_ro
>> 0
>>
>> $ echo bar > /sys/bus/nvmem/devices/logging7/nvmem
>> $ hexdump -C /sys/bus/nvmem/devices/logging7/nvmem
>> 00000000 62 61 72 0a ff ff ff ff
>> "
>>
>> Relock and write into device, fails because device is read-only again:
>> "
>> $ echo 1 > /sys/bus/nvmem/devices/logging7/force_ro
>> $ echo baz > /sys/bus/nvmem/devices/logging7/nvmem
>> bash: echo: write error: Operation not permitted
>>
>> $ hexdump -C /sys/bus/nvmem/devices/logging7/nvmem
>> 00000000 62 61 72 0a ff ff ff ff
>> "
>>
>> Signed-off-by: Marek Vasut <marex@nabladev.com>
>> ---
>> Cc: Arnd Bergmann <arnd@arndb.de>
>> Cc: Bartosz Golaszewski <brgl@kernel.org>
>> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>> Cc: Srinivas Kandagatla <srini@kernel.org>
>> Cc: linux-i2c@vger.kernel.org
>> Cc: linux-kernel@vger.kernel.org
>> ---
>> V2: Simplify the implementation, make devices with wp-gpios default
>> to read-only and let users unlock those devices via force_ro
>> sysfs attribute, just like eMMC HW BOOT partitions
>> ---
>> drivers/nvmem/core.c | 6 ++++++
>> 1 file changed, 6 insertions(+)
>>
>> diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
>> index 311cb2e5a5c02..0b1942e389113 100644
>> --- a/drivers/nvmem/core.c
>> +++ b/drivers/nvmem/core.c
>> @@ -1019,6 +1019,12 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
>> if (rval)
>> goto err_remove_dev;
>>
>> + /* If the device has WP GPIO, default to read-only */
>> + if (nvmem->wp_gpio) {
>> + nvmem->read_only = true;
>> + gpiod_set_value_cansleep(nvmem->wp_gpio, 1);
>
> Why is this needed if we already did:
>
> nvmem->wp_gpio = gpiod_get_optional(config->dev, "wp", GPIOD_OUT_HIGH);
It is not. I double-checked with a scope and dropped it in V3.
Thanks !
© 2016 - 2026 Red Hat, Inc.