lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <DD6SI06QNEE4.2YCRTWJHEAAQM@kernel.org>
Date: Wed, 01 Oct 2025 08:59:31 +0200
From: "Michael Walle" <mwalle@...nel.org>
To: "Maarten Zanders" <maarten@...ders.be>, "Pratyush Yadav"
 <pratyush@...nel.org>
Cc: "Cheng Ming Lin" <linchengming884@...il.com>, "Tudor Ambarus"
 <tudor.ambarus@...aro.org>, "Guenter Roeck" <linux@...ck-us.net>, "Cheng
 Ming Lin" <chengminglin@...c.com.tw>, <miquel.raynal@...tlin.com>,
 <richard@....at>, <vigneshr@...com>, <linux-mtd@...ts.infradead.org>,
 <linux-kernel@...r.kernel.org>, <alvinzhou@...c.com.tw>,
 <leoyu@...c.com.tw>
Subject: Re: [PATCH v2 1/3] mtd: spi-nor: macronix: Drop the redundant flash
 info fields

On Tue Sep 30, 2025 at 3:15 PM CEST, Maarten Zanders wrote:
> Hi all,
>
> On Tue, Sep 30, 2025 at 2:19 PM Pratyush Yadav <pratyush@...nel.org> wrote:
>> > I agree with reverting this patch. When I initially verified it, the
>> > devices I had on hand all supported SFDP, so I did not catch this issue.
>> > After checking again, I confirm that some older flashes without SFDP are
>> > indeed affected.
>>
>> Do you know if these flashes are used in any devices that are actively
>> used and maintained? If so, we should revert. If it is likely they
>> aren't actively used, then maybe we just keep things as they are?
>> Dunno...
>
> The non-SFDP parts have been obsoleted in 2009-2010 according to
> Macronix's PCN's. So they're pretty ancient.
>
> If we choose to keep the patch in, I think we should make it more
> consistent and drop support for the smaller flashes without SFDP as
> well. The behavior is different in the spi-nor core for SFDP-parsed vs
> non-SFDP-parsed cases.
> In particular ID's 0xc22016 and 0xc22017 could be handled in the same
> way I believe?

Being EOL doesn't mean they aren't used anymore. SPI (NOR) flashes
tend to be used because they are a rather reliable. So I could
imagine that they are still in use somewhere. My main concern is,
that if we just drop them now and thus make newer flashes work (like
the one from Maarten), we might find ourselves in an uncomfortable
situation in the future. What if someone is reporting a regression
with older flashes? We can't just revert this patch then because we
already support newer flashes. Actually we are in this situation
right now, but not *that* much time has passed.

If we decide to drop older flash support just like that, I'd vote
for a grace period where the user is informed about it.

But I still think we have a better solution: always parse SFDP.
Pre-populate the flash parameters with the info from the flashdb and
then just try to parse the SFDP. There was always the concern to
issue the RDSFDP command on flashes which doesn't support it and
cause unknown behavior. But we are already doing that today with
unknown flashes. So far there was no single report and we have that
behavior for years now (commit 773bbe104497 ("mtd: spi-nor: add
generic flash driver")).

-michael

Download attachment "signature.asc" of type "application/pgp-signature" (298 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ