cfi_cmdset_0002.c: do_xxlock_oneblock: overflow subtract causing oopsen on iPAQ h1900

[Joshua Wise]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have done some debugging and traced an oops during unlock to this function.

I have an AMD AM29LV400BT flash chip as detected by MTD.

When I try to unlock address 0x0, I get the following: (with my debugging 
statements added).

unlock_varsize: about to frob!
unlock_varsize: ofs: 00000000. len: 00000000.
frob: about to frob ---> 00000000 00000000
frob: about to REALLY from: adr 00000000
about to write 0000 to ca471002 (ca871000 + ffc00002)
<1>Unable to handle kernel paging request at virtual address ca471002

Note that ca871000 is the virtbase of the chip - doing an overflow subtract 
obviously FUBARs things there by bringing it below the ioremapped base!

The offending line of code seems to be the following:
adr = ((adr & ~0xffff) | 0x2) + ~0x3fffff;

This is approximately line 2119 in drivers/mtd/chips/cfi_cmdset_0002.c - give 
or take a few lines because of my debugging statements added.

Can anybody shed a little bit of light on why we are doing a 4MiB overflow 
subtract? Indeed the comment is annotated with a little "(danger)"... I 
assume that we cannot always expect there to be lock block registers 
ioremapped below on all platforms (this does not make sense on systems where 
boot flash is at 0x0, so I know it's not just an oddity in what I'm doing :)

Thanks,
joshua


- -- 
Joshua Wise | www.joshuawise.com
GPG Key     | 0xEA80E0B3
Quote       | <RockShox> charge up a 50v 1000uf cap and toss it to someone
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFAKcOTPn9tWOqA4LMRAgAOAJ92vd+ZYZe1jslalcVzAJ42rw1vKACfT9uh
WZQ/olAVv+aDm5cGpKhg6mI=
=Olba
-----END PGP SIGNATURE-----