Redboot supports storing the FIS directory and the RedBoot configuration information in the same block of flash memory. This is not the most common RedBoot configuration, but it is used on commercially available boards supported by the kernel. A recent patch to mtd/redboot.c (http://lkml.org/lkml/2006/3/20/410) which corrected the skipping of deleted table entries has exposed the latent problem of the kernel redboot parser running off the end of the FIS directory and interpreting the RedBoot configuration information as table entries. This patch terminates the table parsing when the first truly empty entry is found (table entry deletion only clears the first byte of the name, so two cleared bytes in a row indicates the end of the table), thereby supporting the combined redboot FIS directory and RedBoot configuration information flash layout scenario. Signed-off-by: Rod Whitby -- Index: linux-2.6.19/drivers/mtd/redboot.c =================================================================== --- linux-2.6.19.orig/drivers/mtd/redboot.c +++ linux-2.6.19/drivers/mtd/redboot.c @@ -96,7 +96,19 @@ static int parse_redboot_partitions(stru */ if (swab32(buf[i].size) == master->erasesize) { int j; - for (j = 0; j < numslots && buf[j].name[0] != 0xff; ++j) { + for (j = 0; j < numslots; ++j) { + + /* A single 0xff denotes a deleted entry. + * Two of them in a row is the end of the table. + */ + if (buf[j].name[0] == 0xff) { + if (buf[j].name[1] == 0xff) { + break; + } else { + continue; + } + } + /* The unsigned long fields were written with the * wrong byte sex, name and pad have no byte sex. */ @@ -123,8 +135,13 @@ static int parse_redboot_partitions(stru for (i = 0; i < numslots; i++) { struct fis_list *new_fl, **prev; - if (buf[i].name[0] == 0xff) - continue; + if (buf[i].name[0] == 0xff) { + if (buf[i].name[1] == 0xff) { + break; + } else { + continue; + } + } if (!redboot_checksum(&buf[i])) break;