mirror of https://github.com/torvalds/linux.git
87a73eb5b5
It turns out that the loop where we read manufacturer
jedec_read_mfd() can under some circumstances get a
CFI_MFR_CONTINUATION repeatedly, making the loop go
over all banks and eventually hit the end of the
map and crash because of an access violation:
Unable to handle kernel paging request at virtual address c4980000
pgd = (ptrval)
[c4980000] *pgd=03808811, *pte=00000000, *ppte=00000000
Internal error: Oops: 7 [#1] PREEMPT ARM
CPU: 0 PID: 1 Comm: swapper Not tainted 4.16.0-rc1+ #150
Hardware name: Gemini (Device Tree)
PC is at jedec_probe_chip+0x6ec/0xcd0
LR is at 0x4
pc : [<c03a2bf4>] lr : [<00000004>] psr: 60000013
sp : c382dd18 ip : 0000ffff fp : 00000000
r10: c0626388 r9 : 00020000 r8 : c0626340
r7 : 00000000 r6 : 00000001 r5 : c3a71afc r4 : c382dd70
r3 : 00000001 r2 : c4900000 r1 : 00000002 r0 : 00080000
Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
Control: 0000397f Table: 00004000 DAC: 00000053
Process swapper (pid: 1, stack limit = 0x(ptrval))
Fix this by breaking the loop with a return 0 if
the offset exceeds the map size.
Fixes:
|
||
|---|---|---|
| .. | ||
| chips | ||
| devices | ||
| lpddr | ||
| maps | ||
| nand | ||
| onenand | ||
| parsers | ||
| spi-nor | ||
| tests | ||
| ubi | ||
| Kconfig | ||
| Makefile | ||
| afs.c | ||
| ar7part.c | ||
| bcm47xxpart.c | ||
| bcm63xxpart.c | ||
| cmdlinepart.c | ||
| ftl.c | ||
| inftlcore.c | ||
| inftlmount.c | ||
| mtd_blkdevs.c | ||
| mtdblock.c | ||
| mtdblock_ro.c | ||
| mtdchar.c | ||
| mtdconcat.c | ||
| mtdcore.c | ||
| mtdcore.h | ||
| mtdoops.c | ||
| mtdpart.c | ||
| mtdsuper.c | ||
| mtdswap.c | ||
| nftlcore.c | ||
| nftlmount.c | ||
| ofpart.c | ||
| redboot.c | ||
| rfd_ftl.c | ||
| sm_ftl.c | ||
| sm_ftl.h | ||
| ssfdc.c | ||