lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <DB0J1QW7DG98.CDM408QMNM74@kernel.org>
Date: Tue, 01 Jul 2025 09:07:10 +0200
From: "Michael Walle" <mwalle@...nel.org>
To: "Jean-Marc Ranger" <jmranger@...mail.com>, <tudor.ambarus@...aro.org>,
 <pratyush@...nel.org>, <miquel.raynal@...tlin.com>, <richard@....at>,
 <vigneshr@...com>, <linux-mtd@...ts.infradead.org>,
 <linux-kernel@...r.kernel.org>
Cc: <tim.j.wilkinson@...il.com>
Subject: Re: [bug] spi-nor not unlocking on Ubiquiti XW and WA

On Mon Jun 30, 2025 at 7:50 PM CEST, Jean-Marc Ranger wrote:
> On 2025-06-30 05:25, Michael Walle wrote:
> > This seems to be due to the use of the uninitalized "mtd->size".
> > Could you try the following patch which is based on the latest
> > next kernel. It replaces mtd->size with nor->params->size, so you
> > could backport it to 6.6, but maybe it will apply anyway.
>
> Thank you so much for taking the time!
>
> Your patch applies automatically on 6.6.93, with minimal fuzzing and 
> offset changes. And it fixes the issue! Formally:
> Tested-by: Jean-Marc Ranger <jmranger@...mail.com>

Great. I'll prepare a proper patch shortly.

But I have to wonder whether this flash is locked by default after
each power-up or if it's just locked once after it comes out of the
factory.

The MX25L12805D datasheet reads:

  BP3, BP2, BP1, BP0 bits. The Block Protect (BP3, BP2, BP1, BP0)
  bits, non-volatile bits, indicate the protected area(as defined in
  table 1) of the device to against the program/erase instruction
  without hardware protection mode being set.

Does the bootloader enable the protection bits on each bootup? If
that's the case be aware that the bits might wear out over time
depending on how often that device is restarted ;) Likely won't
happen but it's still not nice if the bootloader fights against what
linux is doing (or the other way around).

-michael

Download attachment "signature.asc" of type "application/pgp-signature" (298 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ