Patch "mtd: spi-nor: fix wrong "fully unlocked" test" has been added to the 4.7-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Tue, 27 Sep 2016 17:05:38 +0200

This is a note to let you know that I've just added the patch titled

    mtd: spi-nor: fix wrong "fully unlocked" test

to the 4.7-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     mtd-spi-nor-fix-wrong-fully-unlocked-test.patch
and it can be found in the queue-4.7 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 06586204714b7befec99e554c71687b0b40f351c Mon Sep 17 00:00:00 2001
From: Brian Norris <computersforpeace@xxxxxxxxx>
Date: Fri, 24 Jun 2016 10:38:14 -0700
Subject: mtd: spi-nor: fix wrong "fully unlocked" test

From: Brian Norris <computersforpeace@xxxxxxxxx>

commit 06586204714b7befec99e554c71687b0b40f351c upstream.

In stm_unlock(), the test to determine whether we've fully unlocked the
flash checks for the lock length to be equal to the flash size. That is
a typo/think-o -- the condition actually means the flash is completely
*locked.* We should be using the inverse condition -- that the lock
length is 0 (i.e., no protection).

The result of this bug is that we never actually turn off the Status
Register Write Disable bit, even if the flash is completely unlocked.
Now we can.

Fixes: 47b8edbf0d43 ("mtd: spi-nor: disallow further writes to SR if WP# is low")
Reported-by: Giorgio <giorgio.nicole@xxxxxxxx>
Signed-off-by: Brian Norris <computersforpeace@xxxxxxxxx>
Cc: Ezequiel Garcia <ezequiel@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 drivers/mtd/spi-nor/spi-nor.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/mtd/spi-nor/spi-nor.c
+++ b/drivers/mtd/spi-nor/spi-nor.c
@@ -661,7 +661,7 @@ static int stm_unlock(struct spi_nor *no
 	status_new = (status_old & ~mask & ~SR_TB) | val;
 
 	/* Don't protect status register if we're fully unlocked */
-	if (lock_len == mtd->size)
+	if (lock_len == 0)
 		status_new &= ~SR_SRWD;
 
 	if (!use_top)


Patches currently in stable-queue which might be from computersforpeace@xxxxxxxxx are

queue-4.7/mtd-pmcmsp-flash-allocating-too-much-in-init_msp_flash.patch
queue-4.7/mtd-maps-sa1100-flash-potential-null-dereference.patch
queue-4.7/mtd-spi-nor-fix-wrong-fully-unlocked-test.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html






