Commit a4d62bab authored by Wang Haitao's avatar Wang Haitao Committed by Brian Norris

mtd: map: fixed bug in 64-bit systems

Hardware:
	CPU: XLP832,the 64-bit OS
	NOR Flash:S29GL128S 128M
Software:
	Kernel:2.6.32.41
	Filesystem:JFFS2
When writing files, errors appear:
	Write len 182  but return retlen 180
	Write of 182 bytes at 0x072c815c failed. returned -5, retlen 180
	Write len 186  but return retlen 184
	Write of 186 bytes at 0x072caff4 failed. returned -5, retlen 184
These errors exist only in 64-bit systems,not in 32-bit systems. After analysis, we
found that the left shift operation is wrong in map_word_load_partial. For instance:
	unsigned char buf[3] ={0x9e,0x3a,0xea};
	map_bankwidth(map) is 4;
	for (i=0; i < 3; i++) {
		int bitpos;
		bitpos = (map_bankwidth(map)-1-i)*8;
		orig.x[0] &= ~(0xff << bitpos);
		orig.x[0] |= buf[i] << bitpos;
	}

The value of orig.x[0] is expected to be 0x9e3aeaff, but in this situation(64-bit
System) we'll get the wrong value of 0xffffffff9e3aeaff due to the 64-bit sign
extension:
buf[i] is defined as "unsigned char" and the left-shift operation will convert it
to the type of "signed int", so when left-shift buf[i] by 24 bits, the final result
will get the wrong value: 0xffffffff9e3aeaff.

If the left-shift bits are less than 24, then sign extension will not occur. Whereas
the bankwidth of the nor flash we used is 4, therefore this BUG emerges.
Signed-off-by: default avatarPang Xunlei <pang.xunlei@zte.com.cn>
Signed-off-by: default avatarZhang Yi <zhang.yi20@zte.com.cn>
Signed-off-by: default avatarLu Zhongjun <lu.zhongjun@zte.com.cn>
Cc: <stable@vger.kernel.org>
Signed-off-by: default avatarBrian Norris <computersforpeace@gmail.com>
parent f83c3838
...@@ -365,7 +365,7 @@ static inline map_word map_word_load_partial(struct map_info *map, map_word orig ...@@ -365,7 +365,7 @@ static inline map_word map_word_load_partial(struct map_info *map, map_word orig
bitpos = (map_bankwidth(map)-1-i)*8; bitpos = (map_bankwidth(map)-1-i)*8;
#endif #endif
orig.x[0] &= ~(0xff << bitpos); orig.x[0] &= ~(0xff << bitpos);
orig.x[0] |= buf[i-start] << bitpos; orig.x[0] |= (unsigned long)buf[i-start] << bitpos;
} }
} }
return orig; return orig;
...@@ -384,7 +384,7 @@ static inline map_word map_word_ff(struct map_info *map) ...@@ -384,7 +384,7 @@ static inline map_word map_word_ff(struct map_info *map)
if (map_bankwidth(map) < MAP_FF_LIMIT) { if (map_bankwidth(map) < MAP_FF_LIMIT) {
int bw = 8 * map_bankwidth(map); int bw = 8 * map_bankwidth(map);
r.x[0] = (1 << bw) - 1; r.x[0] = (1UL << bw) - 1;
} else { } else {
for (i=0; i<map_words(map); i++) for (i=0; i<map_words(map); i++)
r.x[i] = ~0UL; r.x[i] = ~0UL;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment