<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/drivers/mtd/chips, branch linux-4.1.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.</title>
<updated>2018-05-23T01:36:38+00:00</updated>
<author>
<name>Joakim Tjernlund</name>
<email>joakim.tjernlund@infinera.com</email>
</author>
<published>2018-03-01T13:39:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=cdf78b78f2a059c4063dd16407e0d3703530ea53'/>
<id>cdf78b78f2a059c4063dd16407e0d3703530ea53</id>
<content type='text'>
[ Upstream commit 7b70eb14392a7cf505f9b358d06c33b5af73d1e7 ]

Currently it is possible to read and/or write to suspend EB's.
Writing /dev/mtdX or /dev/mtdblockX from several processes may
break the flash state machine.

Taken from cfi_cmdset_0001 driver.

Signed-off-by: Joakim Tjernlund &lt;joakim.tjernlund@infinera.com&gt;
Cc: &lt;stable@vger.kernel.org&gt;
Reviewed-by: Richard Weinberger &lt;richard@nod.at&gt;
Signed-off-by: Boris Brezillon &lt;boris.brezillon@bootlin.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 7b70eb14392a7cf505f9b358d06c33b5af73d1e7 ]

Currently it is possible to read and/or write to suspend EB's.
Writing /dev/mtdX or /dev/mtdblockX from several processes may
break the flash state machine.

Taken from cfi_cmdset_0001 driver.

Signed-off-by: Joakim Tjernlund &lt;joakim.tjernlund@infinera.com&gt;
Cc: &lt;stable@vger.kernel.org&gt;
Reviewed-by: Richard Weinberger &lt;richard@nod.at&gt;
Signed-off-by: Boris Brezillon &lt;boris.brezillon@bootlin.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.</title>
<updated>2018-05-23T01:36:38+00:00</updated>
<author>
<name>Joakim Tjernlund</name>
<email>joakim.tjernlund@transmode.se</email>
</author>
<published>2018-03-01T13:39:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=5c69c2561c93dabb2c9265eb0798e08e2c99cf2e'/>
<id>5c69c2561c93dabb2c9265eb0798e08e2c99cf2e</id>
<content type='text'>
[ Upstream commit 46a16a2283f9e678a4e26829175e0c37a5191860 ]

Some Micron chips does not work well wrt Erase suspend for
boot blocks. This avoids the issue by not allowing Erase suspend
for the boot blocks for the 28F00AP30(1GBit) chip.

Signed-off-by: Joakim Tjernlund &lt;joakim.tjernlund@infinera.com&gt;
Cc: &lt;stable@vger.kernel.org&gt;
Reviewed-by: Richard Weinberger &lt;richard@nod.at&gt;
Signed-off-by: Boris Brezillon &lt;boris.brezillon@bootlin.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 46a16a2283f9e678a4e26829175e0c37a5191860 ]

Some Micron chips does not work well wrt Erase suspend for
boot blocks. This avoids the issue by not allowing Erase suspend
for the boot blocks for the 28F00AP30(1GBit) chip.

Signed-off-by: Joakim Tjernlund &lt;joakim.tjernlund@infinera.com&gt;
Cc: &lt;stable@vger.kernel.org&gt;
Reviewed-by: Richard Weinberger &lt;richard@nod.at&gt;
Signed-off-by: Boris Brezillon &lt;boris.brezillon@bootlin.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.</title>
<updated>2018-05-23T01:36:38+00:00</updated>
<author>
<name>Joakim Tjernlund</name>
<email>joakim.tjernlund@transmode.se</email>
</author>
<published>2018-03-01T13:39:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=52b254df5975fc40acdbfc4bdf4206c39bd0e7ea'/>
<id>52b254df5975fc40acdbfc4bdf4206c39bd0e7ea</id>
<content type='text'>
[ Upstream commit 6510bbc88e3258631831ade49033537081950605 ]

Currently it is possible to read and/or write to suspend EB's.
Writing /dev/mtdX or /dev/mtdblockX from several processes may
break the flash state machine.

Signed-off-by: Joakim Tjernlund &lt;joakim.tjernlund@infinera.com&gt;
Cc: &lt;stable@vger.kernel.org&gt;
Reviewed-by: Richard Weinberger &lt;richard@nod.at&gt;
Signed-off-by: Boris Brezillon &lt;boris.brezillon@bootlin.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 6510bbc88e3258631831ade49033537081950605 ]

Currently it is possible to read and/or write to suspend EB's.
Writing /dev/mtdX or /dev/mtdblockX from several processes may
break the flash state machine.

Signed-off-by: Joakim Tjernlund &lt;joakim.tjernlund@infinera.com&gt;
Cc: &lt;stable@vger.kernel.org&gt;
Reviewed-by: Richard Weinberger &lt;richard@nod.at&gt;
Signed-off-by: Boris Brezillon &lt;boris.brezillon@bootlin.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>mtd: jedec_probe: Fix crash in jedec_read_mfr()</title>
<updated>2018-05-23T01:33:55+00:00</updated>
<author>
<name>Linus Walleij</name>
<email>linus.walleij@linaro.org</email>
</author>
<published>2018-03-03T22:29:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=86cec14b092460e0ce6fd16ad00b6ec67e8a98b3'/>
<id>86cec14b092460e0ce6fd16ad00b6ec67e8a98b3</id>
<content type='text'>
[ Upstream commit 87a73eb5b56fd6e07c8e499fe8608ef2d8912b82 ]

It turns out that the loop where we read manufacturer
jedec_read_mfd() can under some circumstances get a
CFI_MFR_CONTINUATION repeatedly, making the loop go
over all banks and eventually hit the end of the
map and crash because of an access violation:

Unable to handle kernel paging request at virtual address c4980000
pgd = (ptrval)
[c4980000] *pgd=03808811, *pte=00000000, *ppte=00000000
Internal error: Oops: 7 [#1] PREEMPT ARM
CPU: 0 PID: 1 Comm: swapper Not tainted 4.16.0-rc1+ #150
Hardware name: Gemini (Device Tree)
PC is at jedec_probe_chip+0x6ec/0xcd0
LR is at 0x4
pc : [&lt;c03a2bf4&gt;]    lr : [&lt;00000004&gt;]    psr: 60000013
sp : c382dd18  ip : 0000ffff  fp : 00000000
r10: c0626388  r9 : 00020000  r8 : c0626340
r7 : 00000000  r6 : 00000001  r5 : c3a71afc  r4 : c382dd70
r3 : 00000001  r2 : c4900000  r1 : 00000002  r0 : 00080000
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 0000397f  Table: 00004000  DAC: 00000053
Process swapper (pid: 1, stack limit = 0x(ptrval))

Fix this by breaking the loop with a return 0 if
the offset exceeds the map size.

Fixes: 5c9c11e1c47c ("[MTD] [NOR] Add support for flash chips with ID in bank other than 0")
Cc: &lt;stable@vger.kernel.org&gt;
Signed-off-by: Linus Walleij &lt;linus.walleij@linaro.org&gt;
Signed-off-by: Boris Brezillon &lt;boris.brezillon@bootlin.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 87a73eb5b56fd6e07c8e499fe8608ef2d8912b82 ]

It turns out that the loop where we read manufacturer
jedec_read_mfd() can under some circumstances get a
CFI_MFR_CONTINUATION repeatedly, making the loop go
over all banks and eventually hit the end of the
map and crash because of an access violation:

Unable to handle kernel paging request at virtual address c4980000
pgd = (ptrval)
[c4980000] *pgd=03808811, *pte=00000000, *ppte=00000000
Internal error: Oops: 7 [#1] PREEMPT ARM
CPU: 0 PID: 1 Comm: swapper Not tainted 4.16.0-rc1+ #150
Hardware name: Gemini (Device Tree)
PC is at jedec_probe_chip+0x6ec/0xcd0
LR is at 0x4
pc : [&lt;c03a2bf4&gt;]    lr : [&lt;00000004&gt;]    psr: 60000013
sp : c382dd18  ip : 0000ffff  fp : 00000000
r10: c0626388  r9 : 00020000  r8 : c0626340
r7 : 00000000  r6 : 00000001  r5 : c3a71afc  r4 : c382dd70
r3 : 00000001  r2 : c4900000  r1 : 00000002  r0 : 00080000
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 0000397f  Table: 00004000  DAC: 00000053
Process swapper (pid: 1, stack limit = 0x(ptrval))

Fix this by breaking the loop with a return 0 if
the offset exceeds the map size.

Fixes: 5c9c11e1c47c ("[MTD] [NOR] Add support for flash chips with ID in bank other than 0")
Cc: &lt;stable@vger.kernel.org&gt;
Signed-off-by: Linus Walleij &lt;linus.walleij@linaro.org&gt;
Signed-off-by: Boris Brezillon &lt;boris.brezillon@bootlin.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>mtd: cfi: enforce valid geometry configuration</title>
<updated>2018-03-04T15:28:30+00:00</updated>
<author>
<name>Arnd Bergmann</name>
<email>arnd@arndb.de</email>
</author>
<published>2015-11-23T13:39:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a9548926a1c22fb59a3682b8a9e9137e5cb2fba1'/>
<id>a9548926a1c22fb59a3682b8a9e9137e5cb2fba1</id>
<content type='text'>
[ Upstream commit f5f92b36fbbb8ac7d70ff5fa39ec2637cce3094c ]

MTD allows compile-time configuration of the possible CFI geometry
settings that are allowed by the kernel, but that includes a couple of
invalid configurations, where no bank width or no interleave setting
is allowed. These are then caught with a compile-time warning:

include/linux/mtd/cfi.h:76:2: warning: #warning No CONFIG_MTD_CFI_Ix selected. No NOR chip support can work.
include/linux/mtd/map.h:145:2: warning: #warning "No CONFIG_MTD_MAP_BANK_WIDTH_xx selected. No NOR chip support can work"

This is a bit annoying for randconfig tests, and can be avoided if
we change the Kconfig logic to always select the simplest configuration
when no other one is enabled.

Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
Signed-off-by: Brian Norris &lt;computersforpeace@gmail.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit f5f92b36fbbb8ac7d70ff5fa39ec2637cce3094c ]

MTD allows compile-time configuration of the possible CFI geometry
settings that are allowed by the kernel, but that includes a couple of
invalid configurations, where no bank width or no interleave setting
is allowed. These are then caught with a compile-time warning:

include/linux/mtd/cfi.h:76:2: warning: #warning No CONFIG_MTD_CFI_Ix selected. No NOR chip support can work.
include/linux/mtd/map.h:145:2: warning: #warning "No CONFIG_MTD_MAP_BANK_WIDTH_xx selected. No NOR chip support can work"

This is a bit annoying for randconfig tests, and can be avoided if
we change the Kconfig logic to always select the simplest configuration
when no other one is enabled.

Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
Signed-off-by: Brian Norris &lt;computersforpeace@gmail.com&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>mtd: avoid stack overflow in MTD CFI code</title>
<updated>2017-06-13T13:29:19+00:00</updated>
<author>
<name>Arnd Bergmann</name>
<email>arnd@arndb.de</email>
</author>
<published>2016-02-29T12:20:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=95660aa2822dff51e73077865f3ed9fabe7bc48d'/>
<id>95660aa2822dff51e73077865f3ed9fabe7bc48d</id>
<content type='text'>
[ Upstream commit fddcca5107051adf9e4481d2a79ae0616577fd2c ]

When map_word gets too large, we use a lot of kernel stack, and for
MTD_MAP_BANK_WIDTH_32, this means we use more than the recommended
1024 bytes in a number of functions:

drivers/mtd/chips/cfi_cmdset_0020.c: In function 'cfi_staa_write_buffers':
drivers/mtd/chips/cfi_cmdset_0020.c:651:1: warning: the frame size of 1336 bytes is larger than 1024 bytes [-Wframe-larger-than=]
drivers/mtd/chips/cfi_cmdset_0020.c: In function 'cfi_staa_erase_varsize':
drivers/mtd/chips/cfi_cmdset_0020.c:972:1: warning: the frame size of 1208 bytes is larger than 1024 bytes [-Wframe-larger-than=]
drivers/mtd/chips/cfi_cmdset_0001.c: In function 'do_write_buffer':
drivers/mtd/chips/cfi_cmdset_0001.c:1835:1: warning: the frame size of 1240 bytes is larger than 1024 bytes [-Wframe-larger-than=]

This can be avoided if all operations on the map word are done
indirectly and the stack gets reused between the calls. We can
mostly achieve this by selecting MTD_COMPLEX_MAPPINGS whenever
MTD_MAP_BANK_WIDTH_32 is set, but for the case that no other
bank width is enabled, we also need to use a non-constant
map_bankwidth() to convince the compiler to use less stack.

Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
[Brian: this patch mostly achieves its goal by forcing
    MTD_COMPLEX_MAPPINGS (and the accompanying indirection) for 256-bit
    mappings; the rest of the change is mostly a wash, though it helps
    reduce stack size slightly. If we really care about supporting
    256-bit mappings though, we should consider rewriting some of this
    code to avoid keeping and assigning so many 256-bit objects on the
    stack.]
Signed-off-by: Brian Norris &lt;computersforpeace@gmail.com&gt;

Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit fddcca5107051adf9e4481d2a79ae0616577fd2c ]

When map_word gets too large, we use a lot of kernel stack, and for
MTD_MAP_BANK_WIDTH_32, this means we use more than the recommended
1024 bytes in a number of functions:

drivers/mtd/chips/cfi_cmdset_0020.c: In function 'cfi_staa_write_buffers':
drivers/mtd/chips/cfi_cmdset_0020.c:651:1: warning: the frame size of 1336 bytes is larger than 1024 bytes [-Wframe-larger-than=]
drivers/mtd/chips/cfi_cmdset_0020.c: In function 'cfi_staa_erase_varsize':
drivers/mtd/chips/cfi_cmdset_0020.c:972:1: warning: the frame size of 1208 bytes is larger than 1024 bytes [-Wframe-larger-than=]
drivers/mtd/chips/cfi_cmdset_0001.c: In function 'do_write_buffer':
drivers/mtd/chips/cfi_cmdset_0001.c:1835:1: warning: the frame size of 1240 bytes is larger than 1024 bytes [-Wframe-larger-than=]

This can be avoided if all operations on the map word are done
indirectly and the stack gets reused between the calls. We can
mostly achieve this by selecting MTD_COMPLEX_MAPPINGS whenever
MTD_MAP_BANK_WIDTH_32 is set, but for the case that no other
bank width is enabled, we also need to use a non-constant
map_bankwidth() to convince the compiler to use less stack.

Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
[Brian: this patch mostly achieves its goal by forcing
    MTD_COMPLEX_MAPPINGS (and the accompanying indirection) for 256-bit
    mappings; the rest of the change is mostly a wash, though it helps
    reduce stack size slightly. If we really care about supporting
    256-bit mappings though, we should consider rewriting some of this
    code to avoid keeping and assigning so many 256-bit objects on the
    stack.]
Signed-off-by: Brian Norris &lt;computersforpeace@gmail.com&gt;

Signed-off-by: Sasha Levin &lt;alexander.levin@verizon.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>mtd: cfi: clean up some indenting</title>
<updated>2015-03-31T01:01:04+00:00</updated>
<author>
<name>Dan Carpenter</name>
<email>dan.carpenter@oracle.com</email>
</author>
<published>2015-02-25T13:15:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=35cc3337b6d5bb71ec80daaaf268bf25514fb6a2'/>
<id>35cc3337b6d5bb71ec80daaaf268bf25514fb6a2</id>
<content type='text'>
These lines were all indented one tab more than they should be.

Signed-off-by: Dan Carpenter &lt;dan.carpenter@oracle.com&gt;
Signed-off-by: Brian Norris &lt;computersforpeace@gmail.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
These lines were all indented one tab more than they should be.

Signed-off-by: Dan Carpenter &lt;dan.carpenter@oracle.com&gt;
Signed-off-by: Brian Norris &lt;computersforpeace@gmail.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>mtd: map_rom: Support UBI on ROM</title>
<updated>2015-01-10T07:24:27+00:00</updated>
<author>
<name>Aaron Sierra</name>
<email>asierra@xes-inc.com</email>
</author>
<published>2014-09-25T17:20:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=6958024ad5cdd78deae4da47a8722b06317dff45'/>
<id>6958024ad5cdd78deae4da47a8722b06317dff45</id>
<content type='text'>
UBI needs to know the physical erase block size, even on read-only
devices, since it defines the on-device layout. Use a device-tree
provided value to support previously written UBI on read-only NOR.

UBI also needs a non-zero writebufsize, so we set it to one.

Note: This was implemented because hardware write-protected CFI
      NOR cannot be probed for the physical erase block size.

Signed-off-by: Joe Schultz &lt;jschultz@xes-inc.ccom&gt;
Signed-off-by: Aaron Sierra &lt;asierra@xes-inc.ccom&gt;
[Brian: removed unneeded #ifdef, note 'optional' erase-size property]
Signed-off-by: Brian Norris &lt;computersforpeace@gmail.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
UBI needs to know the physical erase block size, even on read-only
devices, since it defines the on-device layout. Use a device-tree
provided value to support previously written UBI on read-only NOR.

UBI also needs a non-zero writebufsize, so we set it to one.

Note: This was implemented because hardware write-protected CFI
      NOR cannot be probed for the physical erase block size.

Signed-off-by: Joe Schultz &lt;jschultz@xes-inc.ccom&gt;
Signed-off-by: Aaron Sierra &lt;asierra@xes-inc.ccom&gt;
[Brian: removed unneeded #ifdef, note 'optional' erase-size property]
Signed-off-by: Brian Norris &lt;computersforpeace@gmail.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>mtd: map_ram: Enable mtdoops</title>
<updated>2015-01-09T23:31:56+00:00</updated>
<author>
<name>Alessio Igor Bogani</name>
<email>alessio.bogani@elettra.eu</email>
</author>
<published>2014-12-11T09:38:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=106effbe18fa481c9355604dafe8095c9e418319'/>
<id>106effbe18fa481c9355604dafe8095c9e418319</id>
<content type='text'>
Signed-off-by: Alessio Igor Bogani &lt;alessio.bogani@elettra.eu&gt;
Signed-off-by: Brian Norris &lt;computersforpeace@gmail.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: Alessio Igor Bogani &lt;alessio.bogani@elettra.eu&gt;
Signed-off-by: Brian Norris &lt;computersforpeace@gmail.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>mtd: delete unnecessary checks before two function calls</title>
<updated>2014-11-26T06:44:10+00:00</updated>
<author>
<name>Markus Elfring</name>
<email>elfring@users.sourceforge.net</email>
</author>
<published>2014-11-20T12:50:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=05a221bb1f49e6eebc9a3858cb45506f403b3ab6'/>
<id>05a221bb1f49e6eebc9a3858cb45506f403b3ab6</id>
<content type='text'>
The functions kfree() and pci_dev_put() test whether their argument is NULL
and then return immediately. Thus the test around the call is not needed.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring &lt;elfring@users.sourceforge.net&gt;
Signed-off-by: Brian Norris &lt;computersforpeace@gmail.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The functions kfree() and pci_dev_put() test whether their argument is NULL
and then return immediately. Thus the test around the call is not needed.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring &lt;elfring@users.sourceforge.net&gt;
Signed-off-by: Brian Norris &lt;computersforpeace@gmail.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
