The CFI flash driver starts at flash_init() which calls down into
flash_get_size(). This starts by calling flash_detect_cfi(). If said
function fails, flash_get_size() finishes by attempting to reset the
flash. Unfortunately, it does this with an info->portwidth set to 0x10
which filters down into flash_make_cmd() and that happily smashes the
stack by sticking info->portwidth bytes into a cfiword_t variable that
lives on the stack. On a 64bit system you probably won't notice, but
killing the last 8 bytes on a 32bit system usually leads to a corrupt
return address. Which is what happens on a Blackfin system.
based on U-Boot
Signed-off-by: Mike Frysinger <vapier@xxxxxxxxxx>
Signed-off-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@xxxxxxxxxxxx>
---
drivers/nor/cfi_flash.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/drivers/nor/cfi_flash.c b/drivers/nor/cfi_flash.c
index 041fb92..a7df3b4 100644
--- a/drivers/nor/cfi_flash.c
+++ b/drivers/nor/cfi_flash.c
@@ -494,9 +494,9 @@ static ulong flash_get_size (struct flash_info *info, ulong base)
if ((info->interface == FLASH_CFI_X8X16) && (info->chipwidth == FLASH_CFI_BY8)) {
info->portwidth >>= 1; /* XXX - Need to test on x8/x16 in parallel. */
}
+ flash_write_cmd (info, 0, 0, info->cmd_reset);
}
- flash_write_cmd (info, 0, 0, info->cmd_reset);
return info->size;
}
--
1.7.1
_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox
