From af5673015315d069b7e2d64acbbf8b5f5fcc385d Mon Sep 17 00:00:00 2001 From: Martin Krause Date: Mon, 21 Mar 2011 18:07:56 +0100 Subject: cfi_flash: fix bug with flash banks with different sector numbers The function find_sector() does not take into account if the flash bank has changed since the last call. This could lead to illegal accesses inside and beyond the flash_info_t info strcture. For example if the current flash bank has less sectors than the last used flash bank. This patch adds two cheks. One that insures, that the current sector does not exceed the allowed maximum (which is always a good idea). And one that checks if the current access is to the same flash bank as the last access. If not, the search loop will start with sector 0. Signed-off-by: Martin Krause Signed-off-by: Stefan Roese --- drivers/mtd/cfi_flash.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'drivers/mtd/cfi_flash.c') diff --git a/drivers/mtd/cfi_flash.c b/drivers/mtd/cfi_flash.c index dd394a81ff..0909fe715a 100644 --- a/drivers/mtd/cfi_flash.c +++ b/drivers/mtd/cfi_flash.c @@ -744,8 +744,12 @@ static void flash_add_byte (flash_info_t * info, cfiword_t * cword, uchar c) static flash_sect_t find_sector (flash_info_t * info, ulong addr) { static flash_sect_t saved_sector = 0; /* previously found sector */ + static flash_info_t *saved_info = 0; /* previously used flash bank */ flash_sect_t sector = saved_sector; + if ((info != saved_info) || (sector >= info->sector_count)) + sector = 0; + while ((info->start[sector] < addr) && (sector < info->sector_count - 1)) sector++; @@ -757,6 +761,7 @@ static flash_sect_t find_sector (flash_info_t * info, ulong addr) sector--; saved_sector = sector; + saved_info = info; return sector; } -- cgit v1.2.1