[PATCH 3/7] mtd: spi-nor: add restriction for nmaps in smpt parser

From: Tudor.Ambarus
Date: Thu Nov 08 2018 - 06:07:18 EST

Next message: Tudor.Ambarus: "[PATCH 7/7] mtd: spi-nor: remove unneeded smpt zeroization"
Previous message: Tudor.Ambarus: "[PATCH 2/7] mtd: spi-nor: fix iteration over smpt array"
In reply to: Boris Brezillon: "Re: [PATCH 2/7] mtd: spi-nor: fix iteration over smpt array"
Next in thread: Boris Brezillon: "Re: [PATCH 3/7] mtd: spi-nor: add restriction for nmaps in smpt parser"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The map selector is limited to a maximum of 8 bits, allowing
for a maximum of 256 possible map configurations. The total
number of map configurations should be addressable by the
total number of bits described by the detection commands.

For example: if there are five to eight possible sector map
configurations, at least three configuration detection commands
will be needed to extract three bits of configuration selection
information from the device in order to identify which configuration
is currently in use.

Suggested-by: Boris Brezillon <boris.brezillon@xxxxxxxxxxx>
Signed-off-by: Tudor Ambarus <tudor.ambarus@xxxxxxxxxxxxx>
---
drivers/mtd/spi-nor/spi-nor.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/drivers/mtd/spi-nor/spi-nor.c b/drivers/mtd/spi-nor/spi-nor.c
index 59dcedb08691..bd1866d714f2 100644
--- a/drivers/mtd/spi-nor/spi-nor.c
+++ b/drivers/mtd/spi-nor/spi-nor.c
@@ -2868,7 +2868,7 @@ static const u32 *spi_nor_get_map_in_use(struct spi_nor *nor, const u32 *smpt,
const u32 *ret = NULL;
u32 addr;
int err;
- u8 i;
+ u8 i, ncmds, nmaps;
u8 addr_width, read_opcode, read_dummy;
u8 read_data_mask, data_byte, map_id;

@@ -2877,6 +2877,7 @@ static const u32 *spi_nor_get_map_in_use(struct spi_nor *nor, const u32 *smpt,
read_opcode = nor->read_opcode;

map_id = 0;
+ ncmds = 0;
/* Determine if there are any optional Detection Command Descriptors */
for (i = 0; i < smpt_len; i += 2) {
if (smpt[i] & SMPT_DESC_TYPE_MAP)
@@ -2896,6 +2897,7 @@ static const u32 *spi_nor_get_map_in_use(struct spi_nor *nor, const u32 *smpt,
* Configuration that is currently in use.
*/
map_id = map_id << 1 | !!(data_byte & read_data_mask);
+ ncmds++;
}

/*
@@ -2905,7 +2907,16 @@ static const u32 *spi_nor_get_map_in_use(struct spi_nor *nor, const u32 *smpt,
*
* Find the matching configuration map.
*/
- while (i < smpt_len) {
+ for (nmaps = 0; i < smpt_len; nmaps++) {
+ /*
+ * The map selector is limited to a maximum of 8 bits, allowing
+ * for a maximum of 256 possible map configurations. The total
+ * number of map configurations should be addressable by the
+ * total number of bits described by the detection commands.
+ */
+ if (ncmds && nmaps >= (1 << (ncmds + 1)))
+ break;
+
if (SMPT_MAP_ID(smpt[i]) == map_id) {
ret = smpt + i;
break;
--
2.9.4

Next message: Tudor.Ambarus: "[PATCH 7/7] mtd: spi-nor: remove unneeded smpt zeroization"
Previous message: Tudor.Ambarus: "[PATCH 2/7] mtd: spi-nor: fix iteration over smpt array"
In reply to: Boris Brezillon: "Re: [PATCH 2/7] mtd: spi-nor: fix iteration over smpt array"
Next in thread: Boris Brezillon: "Re: [PATCH 3/7] mtd: spi-nor: add restriction for nmaps in smpt parser"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]