BUG in mtd/chips/cfi_cmdset_0002.c for 64bit width flashes (linuxppc_2_4_devel)

Fri Feb 6 09:03:49 EST 2004

On Fri, 2004-02-06 at 06:53, Steffen Rumler wrote:
> Hi,
> 
> We have found the following bug in mtd/chips/cfi_cmdset_0002.c
> for 64bit bus width.
> 
> The routine do_write_oneword() uses the DQ6 algorithm in order
> to detect the end of programming phase (see bitkeeper: linuxppc_2_4_devel)
> 
> 
> oldstatus = cfi_read(map, adr);
> status = cfi_read(map, adr);
> 
> while( (status & dq6) != (oldstatus & dq6) &&
>          (status & dq5) != dq5 &&
>          !time_after(jiffies, timeo) ) {
> 
>      if (need_resched()) {
>          cfi_spin_unlock(chip->mutex);
>          yield();
>          cfi_spin_lock(chip->mutex);
>      } else
>          udelay(1);
> 
>      oldstatus = cfi_read( map, adr );
>      status = cfi_read( map, adr );
> }
> 
> There are two contiguous calls of cfi_read() to check for the DQ6 toggling.
> 
> But for 64bit one cfi_read() results in two flash accesses, one for
> the upper 32bit and the other for lower 32bit. In this way the DQ6 bits toggle
> for the two accesses related to one cfi_read(). The first access will be
> compared with the third and the second with the fourth.
> The end detection is broken, the body of the while loop will never be executed.
> 
> I suggest to switch to the alternative DQ7 algorithm.

You should probably discuss this with the folks that support the MTD
layer (cc'd)

-- 
Gary Thomas <gary at mlbassoc.com>
MLB Associates