blob: 2e2cde0f43e0ce2630912ade45f3478c5490f5f2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
Redboot supports storing the FIS directory and the RedBoot
configuration information in the same block of flash memory. This is
not the most common RedBoot configuration, but it is used on
commercially available boards supported by the kernel.
A recent patch to mtd/redboot.c (http://lkml.org/lkml/2006/3/20/410)
which corrected the skipping of deleted table entries has exposed the
latent problem of the kernel redboot parser running off the end of the
FIS directory and interpreting the RedBoot configuration information
as table entries.
This patch terminates the table parsing when the first truly empty
entry is found (table entry deletion only clears the first byte of the
name, so two cleared bytes in a row indicates the end of the table),
thereby supporting the combined redboot FIS directory and RedBoot
configuration information flash layout scenario.
Signed-off-by: Rod Whitby <rod@whitby.id.au>
--
Index: linux-2.6.19/drivers/mtd/redboot.c
===================================================================
--- linux-2.6.19.orig/drivers/mtd/redboot.c
+++ linux-2.6.19/drivers/mtd/redboot.c
@@ -96,7 +96,19 @@ static int parse_redboot_partitions(stru
*/
if (swab32(buf[i].size) == master->erasesize) {
int j;
- for (j = 0; j < numslots && buf[j].name[0] != 0xff; ++j) {
+ for (j = 0; j < numslots; ++j) {
+
+ /* A single 0xff denotes a deleted entry.
+ * Two of them in a row is the end of the table.
+ */
+ if (buf[j].name[0] == 0xff) {
+ if (buf[j].name[1] == 0xff) {
+ break;
+ } else {
+ continue;
+ }
+ }
+
/* The unsigned long fields were written with the
* wrong byte sex, name and pad have no byte sex.
*/
@@ -123,8 +135,13 @@ static int parse_redboot_partitions(stru
for (i = 0; i < numslots; i++) {
struct fis_list *new_fl, **prev;
- if (buf[i].name[0] == 0xff)
- continue;
+ if (buf[i].name[0] == 0xff) {
+ if (buf[i].name[1] == 0xff) {
+ break;
+ } else {
+ continue;
+ }
+ }
if (!redboot_checksum(&buf[i]))
break;
|