The CFI flash driver starts at flash_init() which calls down into
flash_get_size(). This starts by calling flash_detect_cfi(). If said
function fails, flash_get_size() finishes by attempting to reset the
flash. Unfortunately, it does this with an info->portwidth set to 0x10
which filters down into flash_make_cmd() and that happily smashes the
stack by sticking info->portwidth bytes into a cfiword_t variable that
lives on the stack. On a 64bit system you probably won't notice, but
killing the last 8 bytes on a 32bit system usually leads to a corrupt
return address. Which is what happens on a Blackfin system.
Signed-off-by: Mike Frysinger <[EMAIL PROTECTED]>
---
drivers/mtd/cfi_flash.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/drivers/mtd/cfi_flash.c b/drivers/mtd/cfi_flash.c
index 0d1ee8a..72d063a 100644
--- a/drivers/mtd/cfi_flash.c
+++ b/drivers/mtd/cfi_flash.c
@@ -1932,9 +1932,10 @@ ulong flash_get_size (ulong base, int banknum)
/* XXX - Need to test on x8/x16 in parallel. */
info->portwidth >>= 1;
}
+
+ flash_write_cmd (info, 0, 0, info->cmd_reset);
}
- flash_write_cmd (info, 0, 0, info->cmd_reset);
return (info->size);
}
--
1.6.0.2
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
U-Boot-Users mailing list
U-Boot-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/u-boot-users
