the missing "& HSFC_FDBC" there makes it possible to enable smm interrupts as happened to dhendrix. lesson to learn: always check/limit input values even if they were previously constants ;)
-- Kind regards/Mit freundlichen Grüßen, Stefan Tauner
>From c9ebe12659d712fdab95e6842bb787a5a3c1b643 Mon Sep 17 00:00:00 2001 From: Stefan Tauner <[email protected]> Date: Thu, 30 Jun 2011 02:03:27 +0200 Subject: [PATCH 10/10] fixup! ichspi.c: add support for Intel Hardware Sequencing Signed-off-by: Stefan Tauner <[email protected]> --- ichspi.c | 16 ++++++++-------- 1 files changed, 8 insertions(+), 8 deletions(-) diff --git a/ichspi.c b/ichspi.c index 8f5c0b5..e8119ce 100644 --- a/ichspi.c +++ b/ichspi.c @@ -1269,7 +1269,7 @@ int ich_hwseq_block_erase(struct flashchip *flash, return -1; } - if (addr < 0 || addr + len > 0x00FFFFFF) { + if (addr + len >= flash->total_size * 1024) { msg_perr("Request to erase some inaccessible memory address(es)" " (addr=0x%x, len=%d). " "Not erasing anything.\n", addr, len); @@ -1307,7 +1307,7 @@ int ich_hwseq_read(struct flashchip *flash, uint8_t *buf, int addr, int len) return -1; } - if (addr < 0 || addr + len > 0x01FFFFFF) { + if (addr < 0 || addr + len >= flash->total_size * 1024) { msg_perr("Request to read from an inaccessible memory address " "(addr=0x%x, len=%d).\n", addr, len); return -1; @@ -1323,11 +1323,12 @@ int ich_hwseq_read(struct flashchip *flash, uint8_t *buf, int addr, int len) hsfc = REGREAD16(ICH9_REG_HSFC); hsfc &= ~HSFC_FCYCLE; /* set read operation */ hsfc &= ~HSFC_FDBC; /* clear byte count */ - hsfc |= ((block_len - 1) << HSFC_FDBC_OFF); /* set byte count */ + /* set byte count */ + hsfc |= (((block_len - 1) << HSFC_FDBC_OFF) & HSFC_FDBC); hsfc |= HSFC_FGO; /* start */ REGWRITE16(ICH9_REG_HSFC, hsfc); - if (ich_hwseq_wait_for_cycle_complete(timeout, 4)) + if (ich_hwseq_wait_for_cycle_complete(timeout, block_len)) return 1; ich_read_data(buf, block_len, ICH9_REG_FDATA0); addr += block_len; @@ -1350,7 +1351,7 @@ int ich_hwseq_write_256(struct flashchip *flash, uint8_t *buf, int addr, int len return -1; } - if (addr < 0 || addr + len > 0x00FFFFFF) { + if (addr < 0 || addr + len >= flash->total_size * 1024) { msg_perr("Request to write to an inaccessible memory address " "(addr=0x%x, len=%d).\n", addr, len); return -1; @@ -1363,13 +1364,12 @@ int ich_hwseq_write_256(struct flashchip *flash, uint8_t *buf, int addr, int len while (len > 0) { ich_hwseq_set_addr(addr); block_len = ich_fill_data(buf, len, ICH9_REG_FDATA0); - if (block_len < 0) - return block_len; hsfc = REGREAD16(ICH9_REG_HSFC); hsfc &= ~HSFC_FCYCLE; /* clear operation */ hsfc |= (0x2 << HSFC_FCYCLE_OFF); /* set write operation */ hsfc &= ~HSFC_FDBC; /* clear byte count */ - hsfc |= ((block_len - 1) << HSFC_FDBC_OFF); /* set byte count */ + /* set byte count */ + hsfc |= (((block_len - 1) << HSFC_FDBC_OFF) & HSFC_FDBC); hsfc |= HSFC_FGO; /* start */ REGWRITE16(ICH9_REG_HSFC, hsfc); -- 1.7.1
_______________________________________________ flashrom mailing list [email protected] http://www.flashrom.org/mailman/listinfo/flashrom
