| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a0b0b7cf-31d4-4932-945a-bf138cfe2f33@iopsys.eu>
Date: Fri, 21 Nov 2025 17:51:51 +0300
From: Mikhail Kshevetskiy <mikhail.kshevetskiy@...sys.eu>
To: AngeloGioacchino Del Regno <angelogioacchino.delregno@...labora.com>,
Lorenzo Bianconi <lorenzo@...nel.org>, Ray Liu <ray.liu@...oha.com>,
Mark Brown <broonie@...nel.org>, Rob Herring <robh@...nel.org>,
Krzysztof Kozlowski <krzk+dt@...nel.org>, Conor Dooley
<conor+dt@...nel.org>, Matthias Brugger <matthias.bgg@...il.com>,
linux-arm-kernel@...ts.infradead.org, linux-spi@...r.kernel.org,
devicetree@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-mediatek@...ts.infradead.org
Cc: Andreas Gnau <andreas.gnau@...sys.eu>
Subject: Re: [PATCH v3 1/3] spi: airoha-snfi: en7523: workaround flash
damaging if UART_TXD was short to GND
On 11/20/25 13:18, AngeloGioacchino Del Regno wrote:
> Il 20/11/25 05:27, Mikhail Kshevetskiy ha scritto:
>> We found that some serial console may pull TX line to GROUND during
>> board
>> boot time. Airoha uses TX line as one of it's BOOT pins. This will lead
>> to booting in RESERVED boot mode.
>>
>> It was found that some flashes operates incorrectly in RESERVED mode.
>> Micron and Skyhigh flashes are definitely affected by the issue,
>> Winbond flashes are NOT affected.
>>
>> Details:
>> --------
>> DMA reading of odd pages on affected flashes operates incorrectly. Page
>> reading offset (start of the page) on hardware level is replaced by
>> 0x10.
>> Thus results in incorrect data reading. Usage of UBI make things even
>> worse. Any attempt to access UBI leads to ubi damaging. As result OS
>> loading
>> becomes impossible.
>>
>> Non-DMA reading is OK.
>>
>> This patch detects booting in reserved mode, turn off DMA and print big
>> fat warning.
>>
>> Signed-off-by: Mikhail Kshevetskiy <mikhail.kshevetskiy@...sys.eu>
>
> This is important enough to get a Fixes tag.
Actually I don't know what version should be mentioned in the Fixes tag.
First of all the issue is en7523 specific, but en7523 was not supported
by the driver before this series. So it looks like no issue was present
early.
Second, we don't actually know when the issue actually appears. It
definitely present in the latest version. I would say:
* with almost 100% probability an issue present since the first driver
revision
* with a quite small probability an issue appeared within my commits:
- 70eec454f2d6 ("spi: airoha: avoid setting of page/oob sizes in
REG_SPI_NFI_PAGEFMT")
- d1ff30df1d9a ("spi: airoha: reduce the number of modification
of REG_SPI_NFI_CNFG and REG_SPI_NFI_SECCUS_SIZE registers")
- fb81b5cecb85 ("spi: airoha: set custom sector size equal to flash
page size")
- 902c0ea18a97 ("spi: airoha: avoid reading flash page settings
from SNFI registers during driver startup")
We start using something similar to 902c0ea18a97 ("spi: airoha: avoid
reading flash page settings from SNFI registers during driver startup")
since June of 2022. Before this date we was using code similar to what
was before 70eec454f2d6 ("spi: airoha: avoid setting of page/oob sizes
in REG_SPI_NFI_PAGEFMT").
The mentioned issue was fixed in the February of 2024. We never test
old code for the issue presence.
Regards,
Mikhail Kshevetskiy
>
> Please resend with the appropriate one, after which:
>
> Reviewed-by: AngeloGioacchino Del Regno
> <angelogioacchino.delregno@...labora.com>
>
>
Powered by blists - more mailing lists