Wrong cache invalidation in cfi_cmdset0001.c (2.6.21 kernel)
Jared Hulbert
jaredeh at gmail.com
Mon Nov 26 13:36:08 EST 2007
> > We found an issue in cfi_cmdset0001.c file of 2.6.21 kernel.
> > It is related to cache region invalidation in the buffered
> > write procedure.
What was the test setup that uncovered this? I surprised this wasn't
found earlier.
> > The original code performs cache invalidation from "adr" to "adr + len" in
> > do_write_buffer() while we modify region from "cmd_adr" to "len2"
> > where len2 is equal to initial value of len.
>
> Could use a better name, initial_len or something like that. And David
> would surely appreciate a Signed-off-by: line. Otherwise appears to
> make sense.
>
> > The following is the patch to apply for 2.6.21 kernel.
> >
> > --- a/drivers/mtd/chips/cfi_cmdset_0001.c 2007-11-26 18:06:37.000000000 +0100
> > +++ b/drivers/mtd/chips/cfi_cmdset_0001.c 2007-11-26 18:06:44.000000000 +0100
> > @@ -1472,6 +1472,7 @@ static int __xipram do_write_buffer(stru
> > int ret, wbufsize, word_gap, words;
> > const struct kvec *vec;
> > unsigned long vec_seek;
> > + int len2=len;
> >
> > wbufsize = cfi_interleave(cfi) << cfi->cfiq->MaxBufWriteSize;
> > adr += chip->start;
> > @@ -1578,7 +1579,7 @@ static int __xipram do_write_buffer(stru
> > chip->state = FL_WRITING;
> >
> > ret = INVAL_CACHE_AND_WAIT(map, chip, cmd_adr,
> > - adr, len,
> > + cmd_adr, len2,
> > chip->buffer_write_time);
> > if (ret) {
> > map_write(map, CMD(0x70), cmd_adr);
> >
If cmd_adr <= adr then shouldn't initial_len >=len? Something like:
initial_len = (len + wbufsize) & ~(wbufsize-1);
More information about the linux-mtd
mailing list