From patchwork Sun Nov 28 01:13:33 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anatolij Gustschin X-Patchwork-Id: 73311 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from theia.denx.de (theia.denx.de [85.214.87.163]) by ozlabs.org (Postfix) with ESMTP id 11C96B70A9 for ; Sun, 28 Nov 2010 12:13:48 +1100 (EST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 27B512824A; Sun, 28 Nov 2010 02:13:46 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at theia.denx.de Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G9MItkVOniJE; Sun, 28 Nov 2010 02:13:45 +0100 (CET) Received: from theia.denx.de (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 7D19A28235; Sun, 28 Nov 2010 02:13:44 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 227A028234 for ; Sun, 28 Nov 2010 02:13:42 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at theia.denx.de Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uCU4fNcgR8JD for ; Sun, 28 Nov 2010 02:13:40 +0100 (CET) X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested) Received: from mail-out.m-online.net (mail-out.m-online.net [212.18.0.9]) by theia.denx.de (Postfix) with ESMTP id 09B0628231 for ; Sun, 28 Nov 2010 02:13:38 +0100 (CET) Received: from frontend1.mail.m-online.net (unknown [192.168.8.180]) by mail-out.m-online.net (Postfix) with ESMTP id CC62A1C1D9E5; Sun, 28 Nov 2010 02:13:37 +0100 (CET) X-Auth-Info: dYyByAOlGH99/9JkMTSOmNRjgvMwk0+00dDR41Dy+kQ= Received: from localhost (p4FE3ED7E.dip.t-dialin.net [79.227.237.126]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPSA id 8BB8A1C00134; Sun, 28 Nov 2010 02:13:37 +0100 (CET) From: Anatolij Gustschin To: u-boot@lists.denx.de Date: Sun, 28 Nov 2010 02:13:33 +0100 Message-Id: <1290906813-12017-1-git-send-email-agust@denx.de> X-Mailer: git-send-email 1.7.1 Cc: Stefan Roese , Ilya Yanok Subject: [U-Boot] [PATCH] cfi_flash: fix bug introduced while recent change to flash_get_size() X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.9 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: u-boot-bounces@lists.denx.de Errors-To: u-boot-bounces@lists.denx.de commit ec50a8e389863ac35bfd9d9a2e8b30187318e59e "cfi_flash: handle 'chip size exceeds address window' situation" added 3rd argument to flash_get_size() but didn't fix all the function calls from the board specific code. Many boards have their own flash_get_size() definitions in the board code and use them there, but some boards (e.g. tqm834x, tqm85xx, pdm360ng) use flash_get_size() from the cfi_flash.c driver. The bug shows up if the value of the "max_size" argument (which is not defined when calling the function with two arguments) happens to be less than "info->size". In this case on the affected boards we end up with a bank of reduced size and in the worst case might even be not able to update U-Boot or to boot the kernel from flash: => fli Bank # 1: CFI conformant FLASH (32 x 16) Size: 0 kB in 1 Sectors AMD Standard command set, Manufacturer ID: 0x01, Device ID: 0x227E Erase timeout: 4096 ms, write timeout: 1 ms Buffer write timeout: 3 ms, buffer size: 64 bytes Sector Start Addresses: F0000000 RO Bank # 2: CFI conformant FLASH (32 x 16) Size: 128 MB in 512 Sectors AMD Standard command set, Manufacturer ID: 0x01, Device ID: 0x227E Erase timeout: 4096 ms, write timeout: 1 ms Buffer write timeout: 3 ms, buffer size: 64 bytes Sector Start Addresses: F8000000 F8040000 F8080000 F80C0000 F8100000 F8140000 F8180000 F81C0000 F8200000 F8240000 ... E.g., updating U-Boot is not possible now: => protect off ${u-boot_addr} +${u-boot_size} Error: end address (0xf007ffff) not in flash! Bad address format => era ${u-boot_addr} +${u-boot_size} Error: end address (0xf007ffff) not in flash! Bad address format This patch removes the 3rd argument of flash_get_size() again and sets "max_size" in the function itself instead of passing it as a function argument. Signed-off-by: Anatolij Gustschin --- Probably we should put the prototype of flash_get_size() into include/flash.h and not use prototype definitions in the board code. This could prevent such a nasty bug (compile time errors would show it). But I'm not sure here, need to look more at the code. drivers/mtd/cfi_flash.c | 7 ++++--- 1 files changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/mtd/cfi_flash.c b/drivers/mtd/cfi_flash.c index c92c7a7..39c235e 100644 --- a/drivers/mtd/cfi_flash.c +++ b/drivers/mtd/cfi_flash.c @@ -1837,7 +1837,7 @@ static void flash_fixup_stm(flash_info_t *info, struct cfi_qry *qry) * The following code cannot be run from FLASH! * */ -ulong flash_get_size (phys_addr_t base, int banknum, unsigned long max_size) +ulong flash_get_size (phys_addr_t base, int banknum) { flash_info_t *info = &flash_info[banknum]; int i, j; @@ -1849,6 +1849,7 @@ ulong flash_get_size (phys_addr_t base, int banknum, unsigned long max_size) int erase_region_size; int erase_region_count; struct cfi_qry qry; + unsigned long max_size; memset(&qry, 0, sizeof(qry)); @@ -1929,6 +1930,7 @@ ulong flash_get_size (phys_addr_t base, int banknum, unsigned long max_size) info->size = 1 << qry.dev_size; /* multiply the size by the number of chips */ info->size *= size_ratio; + max_size = cfi_flash_bank_size(banknum); if (max_size && (info->size > max_size)) { debug("[truncated from %ldMiB]", info->size >> 20); info->size = max_size; @@ -2043,8 +2045,7 @@ unsigned long flash_init (void) flash_info[i].flash_id = FLASH_UNKNOWN; if (!flash_detect_legacy(cfi_flash_bank_addr(i), i)) - flash_get_size(cfi_flash_bank_addr(i), i, - cfi_flash_bank_size(i)); + flash_get_size(cfi_flash_bank_addr(i), i); size += flash_info[i].size; if (flash_info[i].flash_id == FLASH_UNKNOWN) { #ifndef CONFIG_SYS_FLASH_QUIET_TEST