OpenWrt/LEDE Project

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Bug Report
  • Category Base system
  • Assigned To No-one
  • Operating System All
  • Severity Critical
  • Priority Very Low
  • Reported Version Trunk
  • Due in Version Undecided
  • Due Date Undecided
  • Private
Attached to Project: OpenWrt/LEDE Project
Opened by tmn505 - 05.08.2019

FS#2428 - ath79: sysupgrade will brick devices with RedBoot bootloader

The current code responsible for upgrading devices with sysupgrade image, doesn’t take in to the account that “FIS” partition and “RedBoot config” partition can be on the same erase block. This can cause erasing the “RedBoot config” partition and make the device inoperable. The recovery would involve external SPI programmer or usage of JTAG.

The cause is still assumption so it will need confirmation. Flashing devices with factory image should be safe.

- Device problem occurs on:

   Ubiquiti RouterStation and RouterStation Pro
   jjPlus JA76PF2
   Adtran BSAP1880, BSAP1800 V2 and BSAP1840

- Software versions of OpenWrt release, packages, etc.:

   master and possibly 19.07

- Steps to reproduce

   syupgrade the device
Daniel Gimpelevich commented on 05.08.2019 19:28

On the Adtran devices, the "RedBoot config" partition has its own dedicated erase block, so they will not be affected in this way. However, related problems may still apply.

tmn505 commented on 13.08.2019 15:28

After further investigating on jjPlus JA76PF2:
a) sysupgrade works on current master for ath79 with 4.14 kernel meaning that:

 4.14 -> 4.14 works
 4.14 -> 4.19 works
 4.19 -> any other fails

b) when sysupgrading on 4.19, mtd will wipe "RedBoot config" if it's on the same erase block as "FIS directory" and also corrupt area between 0xF000 and 0x10000 where usually bootloader resides, which makes the board inoperable

c) this issue probably stems from kernel bump from 4.14 to 4.19 in which mtd driver can't handle partial erase blocks, the culprits could be either upstream changes or 'target/linux/generic/pending-4.19/411-mtd-partial_eraseblock_write.patch' which had bigger modification on the bump

d) affects only master

For reference the flash map of the tested board

dev:    size   erasesize  name
mtd0: 00040000 00010000 "RedBoot"
mtd1: 00120000 00010000 "linux"
mtd2: 00e80000 00010000 "rootfs"
mtd3: 00c60000 00010000 "rootfs_data"
mtd4: 0000f000 0000f000 "FIS directory"
mtd5: 00001000 00001000 "RedBoot config"
tmn505 commented on 20.08.2019 13:20

Finally I found backup of Ubiquiti RouterStation flash, and it behaves same as in previous comment:
a) corrupted area between 0xF000 and 0x10000

b) wiped "RedBoot config" partition which is on the same erase block as "FIS directory"

Weedy commented on 08.10.2019 21:27

Ping

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing