<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>
<title></title>
<meta http-equiv="content-type" content="text/html;charset=utf-8"/>
<meta http-equiv="Content-Style-Type" content="text/css"/>
</head>
<body>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">Hello,</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">there is a bug in cfi_flash.c in function flash_get_size(). The problem appears if the board
specific CFG_MAX_FLASH_SECT macro is smaller than the real number of sectors. </span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">In this case i use a 32 MiB Spansion flash (S29GL256), but we only want respectivly can use
16 MiB of the flash because of the broken A24 line on the AT91RM9200. Therefore i defined
CFG_MAX_FLASH_SECT to 128, but the real value is 256. The structure allocation of
flash_info_t in flash.h defines the size of the protect array to CFG_MAX_FLASH_SECT (in
my case 128). The for-loop in flash_get_size() initialises this array, but it does it for all
sectors (erase_region_count) which is 256 in my case. This will cause the info->portwidth
variable (and of course all following too) to be overwritten.</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">flash.h</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">****************************************</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">typedef struct {</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">           ulong   size;                   /* total bank size in bytes            
*/</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">           ushort  sector_count;           /* number of erase units               
*/</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">           ulong   flash_id;               /* combined device & manufacturer code  */</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">           ulong   start[CFG_MAX_FLASH_SECT];   /* physical sector start addresses */</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">           uchar   protect[CFG_MAX_FLASH_SECT]; /* sector protection status        */</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">   #ifdef CFG_FLASH_CFI</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">           uchar   portwidth;              /* the width of the port               
*/</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">           uchar   chipwidth;              /* the width of the chip               
*/</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">           ushort  buffer_size;            /* # of bytes in write buffer           */</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">           ulong   erase_blk_tout;         /* maximum block erase timeout          */</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">           ulong   write_tout;             /* maximum write timeout               
*/</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">           ulong   buffer_write_tout;      /* maximum buffer write timeout         */</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">           ushort  vendor;                 /* the primary vendor id               
*/</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">           ushort  cmd_reset;              /* Vendor specific reset command        */</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">           ushort  interface;              /* used for x8/x16 adjustments          */</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">           ushort  legacy_unlock;          /* support Intel legacy (un)locking     */</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">   #endif</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">   } flash_info_t;</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">****************************************</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">cfi_flash.c, flash_get_size()</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">****************************************</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">                         debug ("erase_region_count = %d erase_region_size = %d\n",</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">                                 erase_region_count, erase_region_size);</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">                         for (j = 0; j < erase_region_count; j++) {</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">                                 info->start[sect_cnt] = sector;</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">                                 sector += (erase_region_size * size_ratio);</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt"> </span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">                                 /*</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">                                  * Only read protection status from supported devices (intel...)</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">                                  */</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">                                 switch (info->vendor) {</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">                                 case CFI_CMDSET_INTEL_EXTENDED:</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">                                 case CFI_CMDSET_INTEL_STANDARD:</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">                                         info->protect[sect_cnt]
=</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">                                                
flash_isset (info, sect_cnt,</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">                                                             
FLASH_OFFSET_PROTECT,</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">                                                             
FLASH_STATUS_PROTECT);</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">                                         break;</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">                                 default:</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">                                         info->protect[sect_cnt]
= 0; /* default: not protected */</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">                                 }</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt"> </span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">                                 sect_cnt++;</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">                         }</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">                 }</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">******************************************</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">regards</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial" size="2"><span style="font-size:10pt">Mirco</span></font></div>
</body>
</html>