4.7-stable review patch. If anyone has any objections, please let me know.
------------------
From: Brian Norris <computersforpe...@gmail.com>
commit 06586204714b7befec99e554c71687b0b40f351c upstream.
In stm_unlock(), the test to determine whether we've fully unlocked the
flash checks for the lock length to be equal to the flash size. That is
a typo/think-o -- the condition actually means the flash is completely
*locked.* We should be using the inverse condition -- that the lock
length is 0 (i.e., no protection).
The result of this bug is that we never actually turn off the Status
Register Write Disable bit, even if the flash is completely unlocked.
Now we can.
Fixes: 47b8edbf0d43 ("mtd: spi-nor: disallow further writes to SR if WP# is
low")
Reported-by: Giorgio <giorgio.nic...@arcor.de>
Signed-off-by: Brian Norris <computersforpe...@gmail.com>
Cc: Ezequiel Garcia <ezequ...@vanguardiasur.com.ar>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
---
drivers/mtd/spi-nor/spi-nor.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/mtd/spi-nor/spi-nor.c
+++ b/drivers/mtd/spi-nor/spi-nor.c
@@ -661,7 +661,7 @@ static int stm_unlock(struct spi_nor *no
status_new = (status_old & ~mask & ~SR_TB) | val;
/* Don't protect status register if we're fully unlocked */
- if (lock_len == mtd->size)
+ if (lock_len == 0)
status_new &= ~SR_SRWD;
if (!use_top)
