[PATCH] fastboot: fb_mmc: Fix write/erase logic when buffer address is zero
Mattijs Korpershoek
mkorpershoek at kernel.org
Fri Jul 11 09:48:36 CEST 2025
Hi Chance,
Thank you for the patch.
On Tue, Jul 08, 2025 at 08:59, Chance Yang <chance.yang at kneron.us> wrote:
> When CONFIG_FASTBOOT_BUF_ADDR is set to 0x0, the buffer pointer becomes
> NULL, causing fb_mmc_blk_write() to incorrectly perform erase operations
> instead of write operations. This happens because the function uses
> buffer pointer NULL check to determine whether to write or erase.
>
> Add an explicit is_erase parameter to fb_mmc_blk_write() to clearly
> distinguish between write and erase operations, removing the ambiguity
> when buffer address is zero.
>
> Signed-off-by: Chance Yang <chance.yang at kneron.us>
Reviewed-by: Mattijs Korpershoek <mkorpershoek at kernel.org>
Unfortunately, this patch is not publicly available on the mailing list:
http://lore.kernel.org/all/20250708-master-v1-1-f97e40dd395b@kneron.us
Neither on patchwork:
https://patchwork.ozlabs.org/project/uboot/list/?submitter=91223&state=%2A&series=&q=&delegate=&archive=both
Is it possible that you are not subscribed to the u-boot mailing list?
Maybe it got (wrongly) filtered out as spam.
If possible, please re-send it so that it gets properly tracked on the
public mailing list.
Thanks
Mattijs
> ---
> drivers/fastboot/fb_mmc.c | 25 +++++++++++++------------
> 1 file changed, 13 insertions(+), 12 deletions(-)
>
> diff --git a/drivers/fastboot/fb_mmc.c b/drivers/fastboot/fb_mmc.c
> index dca7c222f35659b22d327541b245760a6a6d7b35..65305c55eb9b70627e6ac5a3f0933b9cebb18a9d 100644
> --- a/drivers/fastboot/fb_mmc.c
> +++ b/drivers/fastboot/fb_mmc.c
> @@ -120,10 +120,11 @@ static int part_get_info_by_name_or_alias(struct blk_desc **dev_desc,
> * @block_dev: Pointer to block device
> * @start: First block to write/erase
> * @blkcnt: Count of blocks
> - * @buffer: Pointer to data buffer for write or NULL for erase
> + * @buffer: Pointer to data buffer for write
> + * @is_erase: Set to true to force erase operation
> */
> static lbaint_t fb_mmc_blk_write(struct blk_desc *block_dev, lbaint_t start,
> - lbaint_t blkcnt, const void *buffer)
> + lbaint_t blkcnt, const void *buffer, bool is_erase)
> {
> lbaint_t blk = start;
> lbaint_t blks_written;
> @@ -133,15 +134,15 @@ static lbaint_t fb_mmc_blk_write(struct blk_desc *block_dev, lbaint_t start,
>
> for (i = 0; i < blkcnt; i += FASTBOOT_MAX_BLK_WRITE) {
> cur_blkcnt = min((int)blkcnt - i, FASTBOOT_MAX_BLK_WRITE);
> - if (buffer) {
> + if (is_erase) {
> + if (fastboot_progress_callback)
> + fastboot_progress_callback("erasing");
> + blks_written = blk_derase(block_dev, blk, cur_blkcnt);
> + } else {
> if (fastboot_progress_callback)
> fastboot_progress_callback("writing");
> blks_written = blk_dwrite(block_dev, blk, cur_blkcnt,
> buffer + (i * block_dev->blksz));
> - } else {
> - if (fastboot_progress_callback)
> - fastboot_progress_callback("erasing");
> - blks_written = blk_derase(block_dev, blk, cur_blkcnt);
> }
> blk += blks_written;
> blks += blks_written;
> @@ -155,7 +156,7 @@ static lbaint_t fb_mmc_sparse_write(struct sparse_storage *info,
> struct fb_mmc_sparse *sparse = info->priv;
> struct blk_desc *dev_desc = sparse->dev_desc;
>
> - return fb_mmc_blk_write(dev_desc, blk, blkcnt, buffer);
> + return fb_mmc_blk_write(dev_desc, blk, blkcnt, buffer, false);
> }
>
> static lbaint_t fb_mmc_sparse_reserve(struct sparse_storage *info,
> @@ -183,7 +184,7 @@ static void write_raw_image(struct blk_desc *dev_desc,
>
> puts("Flashing Raw Image\n");
>
> - blks = fb_mmc_blk_write(dev_desc, info->start, blkcnt, buffer);
> + blks = fb_mmc_blk_write(dev_desc, info->start, blkcnt, buffer, false);
>
> if (blks != blkcnt) {
> pr_err("failed writing to device %d\n", dev_desc->devnum);
> @@ -204,7 +205,7 @@ static int fb_mmc_erase_mmc_hwpart(struct blk_desc *dev_desc)
>
> debug("Start Erasing mmc hwpart[%u]...\n", dev_desc->hwpart);
>
> - blks = fb_mmc_blk_write(dev_desc, 0, dev_desc->lba, NULL);
> + blks = fb_mmc_blk_write(dev_desc, 0, dev_desc->lba, NULL, true);
>
> if (blks != dev_desc->lba) {
> pr_err("Failed to erase mmc hwpart[%u]\n", dev_desc->hwpart);
> @@ -248,7 +249,7 @@ static void fb_mmc_boot_ops(struct blk_desc *dev_desc, void *buffer,
>
> debug("Start Flashing Image to EMMC_BOOT%d...\n", hwpart);
>
> - blks = fb_mmc_blk_write(dev_desc, 0, blkcnt, buffer);
> + blks = fb_mmc_blk_write(dev_desc, 0, blkcnt, buffer, false);
>
> if (blks != blkcnt) {
> pr_err("Failed to write EMMC_BOOT%d\n", hwpart);
> @@ -696,7 +697,7 @@ void fastboot_mmc_erase(const char *cmd, char *response)
> printf("Erasing blocks " LBAFU " to " LBAFU " due to alignment\n",
> blks_start, blks_start + blks_size);
>
> - blks = fb_mmc_blk_write(dev_desc, blks_start, blks_size, NULL);
> + blks = fb_mmc_blk_write(dev_desc, blks_start, blks_size, NULL, true);
>
> if (blks != blks_size) {
> pr_err("failed erasing from device %d\n", dev_desc->devnum);
>
> ---
> base-commit: d1d53c252a4a746db5ebcdf0d6de3aa0feec504e
> change-id: 20250708-master-1ada88b99b35
>
> Best regards,
> --
> Chance Yang <chance.yang at kneron.us>
More information about the U-Boot
mailing list