[patches.git] / 0001-cfi_flash-do-not-reset-flash-when-probe-fails.patch

From 14c7476b1cc961931e587aecae832f0c6e3edba1 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Thu, 2 Oct 2008 01:47:55 -0400
Subject: [PATCH] cfi_flash: do not reset flash when probe fails

The CFI flash driver starts at flash_init() which calls down into
flash_get_size().  This starts by calling flash_detect_cfi().  If said
function fails, flash_get_size() finishes by attempting to reset the
flash.  Unfortunately, it does this with an info->portwidth set to 0x10
which filters down into flash_make_cmd() and that happily smashes the
stack by sticking info->portwidth bytes into a cfiword_t variable that
lives on the stack.  On a 64bit system you probably won't notice, but
killing the last 8 bytes on a 32bit system usually leads to a corrupt
return address.  Which is what happens on a Blackfin system.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
---
 drivers/mtd/cfi_flash.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/drivers/mtd/cfi_flash.c b/drivers/mtd/cfi_flash.c
index 0d1ee8a..72d063a 100644
--- a/drivers/mtd/cfi_flash.c
+++ b/drivers/mtd/cfi_flash.c
@@ -1932,9 +1932,10 @@ ulong flash_get_size (ulong base, int banknum)
 			/* XXX - Need to test on x8/x16 in parallel. */
 			info->portwidth >>= 1;
 		}
+
+		flash_write_cmd (info, 0, 0, info->cmd_reset);
 	}
 
-	flash_write_cmd (info, 0, 0, info->cmd_reset);
 	return (info->size);
 }
 
-- 
1.6.0.2
Commit	Line	Data
5e993f12	1	From 14c7476b1cc961931e587aecae832f0c6e3edba1 Mon Sep 17 00:00:00 2001
	2	From: Mike Frysinger <vapier@gentoo.org>
	3	Date: Thu, 2 Oct 2008 01:47:55 -0400
	4	Subject: [PATCH] cfi_flash: do not reset flash when probe fails
	5
	6	The CFI flash driver starts at flash_init() which calls down into
	7	flash_get_size(). This starts by calling flash_detect_cfi(). If said
	8	function fails, flash_get_size() finishes by attempting to reset the
	9	flash. Unfortunately, it does this with an info->portwidth set to 0x10
	10	which filters down into flash_make_cmd() and that happily smashes the
	11	stack by sticking info->portwidth bytes into a cfiword_t variable that
	12	lives on the stack. On a 64bit system you probably won't notice, but
	13	killing the last 8 bytes on a 32bit system usually leads to a corrupt
	14	return address. Which is what happens on a Blackfin system.
	15
	16	Signed-off-by: Mike Frysinger <vapier@gentoo.org>
	17	---
	18	drivers/mtd/cfi_flash.c \| 3 ++-
	19	1 files changed, 2 insertions(+), 1 deletions(-)
	20
	21	diff --git a/drivers/mtd/cfi_flash.c b/drivers/mtd/cfi_flash.c
	22	index 0d1ee8a..72d063a 100644
	23	--- a/drivers/mtd/cfi_flash.c
	24	+++ b/drivers/mtd/cfi_flash.c
	25	@@ -1932,9 +1932,10 @@ ulong flash_get_size (ulong base, int banknum)
	26	/* XXX - Need to test on x8/x16 in parallel. */
	27	info->portwidth >>= 1;
	28	}
	29	+
	30	+ flash_write_cmd (info, 0, 0, info->cmd_reset);
	31	}
	32
	33	- flash_write_cmd (info, 0, 0, info->cmd_reset);
	34	return (info->size);
	35	}
	36
	37	--
	38	1.6.0.2
	39