Skip to content

fix(hw_support): Fix crash when reconfiguring flash from 40 to 80 MHz (IDFGH-16831) #17905

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(hw_support): Fix crash when reconfiguring flash from 40 to 80 MHz (IDFGH-16831) #17905

wants to merge 1 commit into from
+17 −4

Conversation

@MattiasTF
Copy link

@MattiasTF MattiasTF commented Nov 19, 2025
edited by cursor bot
Loading

7549d08 moved call_start_cpu0 from IRAM to flash. Unfortunately, this included code that reconfigures the flash if the application’s flash speed differs from the bootloader’s flash speed.

When an application with a flash speed of 80 MHz is started from a bootloader with a flash speed of 40 MHz, it will crash shortly after bootloader_flash_cs_timing_config() returns. This is caused by reading instructions from flash while the flash is being reconfigured to the higher speed, which results in corrupt instruction data being read.

Possible crashes to encounter:

  • IllegalInstruction at an address between two assembly instructions, possibly from a corrupt previous instruction that was shorter or longer than what should have been there.
  • IllegalInstruction at an address that should contain a valid instruction.
  • LoadProhibited at an address that should contain an instruction that cannot cause that exception, such as movi.n a8, 1.

As this code runs early during start-up, the device will be stuck in an infinite reboot loop. This means that loading an application built from the 5.5.1 release via OTA onto a device that contains an older bootloader with a slower flash speed will brick the device.

This PR fixes the problem by moving the flash configuration calls into a helper function that is placed in IRAM. The call to increase the flash clock has also been moved so that the GPIO settings and SPI dummy cycles are set to safe values before the clock is increased.

The commit that introduces the problem has already been backported to 5.5.1 as e1faf67, so this fix will also have to be backported.

Note

Moves ESP32 flash config sequence into IRAM helper configure_flash() and invokes it during early init (when PSRAM HW init is disabled) to avoid executing from flash while reconfiguring.

  • ESP32 boot/flash init:
    • Add IRAM-only helper configure_flash() to adjust flash GPIO, dummy cycles, clock, and CS timing safely.
    • Replace inline bootloader_flash_* calls with configure_flash(&fhdr) in early init when !CONFIG_SPIRAM_BOOT_HW_INIT.
    • Guard with CONFIG_IDF_TARGET_ESP32; no behavior change for other targets.

Written by Cursor Bugbot for commit 7565d53. This will update automatically on new commits. Configure here.

@MattiasTF
fix(hw_support): Fix crash when reconfiguring flash from 40 to 80 MHz
7565d53 
Reading from the flash while it is being reconfigured leads to data
corruption and a crash when the reconfiguration code is located in flash.
This is only an issue if a device has a bootloader that runs with 40 MHz
flash and an application flashed via OTA that runs with 80 MHz flash.
If bootloader and application run with the same flash speed, the
reconfiguration is basically a no-op and no data corruption occurs.
Fix reconfiguration by placing the code back into IRAM.
@CLAassistant
Copy link

CLAassistant commented Nov 19, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@github-actions
Copy link

github-actions bot commented Nov 19, 2025
edited
Loading

Messages
📖 🎉 Good Job! All checks are passing!

👋 Hello MattiasTF, we appreciate your contribution to this project!

📘 Please review the project's Contributions Guide for key guidelines on code, documentation, testing, and more.
🖊️ Please also make sure you have read and signed the Contributor License Agreement for this project.
Click to see more instructions ...


This automated output is generated by the PR linter DangerJS, which checks if your Pull Request meets the project's requirements and helps you fix potential issues.

DangerJS is triggered with each push event to a Pull Request and modify the contents of this comment.

Please consider the following:
- Danger mainly focuses on the PR structure and formatting and can't understand the meaning behind your code or changes.
- Danger is not a substitute for human code reviews; it's still important to request a code review from your colleagues.
- To manually retry these Danger checks, please navigate to the Actions tab and re-run last Danger workflow.

Review and merge process you can expect ...


We do welcome contributions in the form of bug reports, feature requests and pull requests via this public GitHub repository.

This GitHub project is public mirror of our internal git repository

1. An internal issue has been created for the PR, we assign it to the relevant engineer.
2. They review the PR and either approve it or ask you for changes or clarifications.
3. Once the GitHub PR is approved, we synchronize it into our internal git repository.
4. In the internal git repository we do the final review, collect approvals from core owners and make sure all the automated tests are passing.
- At this point we may do some adjustments to the proposed change, or extend it by adding tests or documentation.
5. If the change is approved and passes the tests it is merged into the default branch.
5. On next sync from the internal git repository merged change will appear in this public GitHub repository.

Generated by 🚫 dangerJS against 7565d53

@github-actions github-actions bot changed the title fix(hw_support): Fix crash when reconfiguring flash from 40 to 80 MHz fix(hw_support): Fix crash when reconfiguring flash from 40 to 80 MHz (IDFGH-16831) Nov 19, 2025
@espressif-bot espressif-bot added the Status: Opened Issue is new label Nov 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Status: Opened Issue is new

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MattiasTF @CLAassistant @espressif-bot