From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:57650 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753363AbcI1JKY (ORCPT ); Wed, 28 Sep 2016 05:10:24 -0400 From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Giorgio , Brian Norris , Ezequiel Garcia Subject: [PATCH 4.7 26/69] mtd: spi-nor: fix wrong "fully unlocked" test Date: Wed, 28 Sep 2016 11:05:08 +0200 Message-Id: <20160928090446.205202242@linuxfoundation.org> In-Reply-To: <20160928090445.054716307@linuxfoundation.org> References: <20160928090445.054716307@linuxfoundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: stable-owner@vger.kernel.org List-ID: 4.7-stable review patch. If anyone has any objections, please let me know. ------------------ From: Brian Norris commit 06586204714b7befec99e554c71687b0b40f351c upstream. In stm_unlock(), the test to determine whether we've fully unlocked the flash checks for the lock length to be equal to the flash size. That is a typo/think-o -- the condition actually means the flash is completely *locked.* We should be using the inverse condition -- that the lock length is 0 (i.e., no protection). The result of this bug is that we never actually turn off the Status Register Write Disable bit, even if the flash is completely unlocked. Now we can. Fixes: 47b8edbf0d43 ("mtd: spi-nor: disallow further writes to SR if WP# is low") Reported-by: Giorgio Signed-off-by: Brian Norris Cc: Ezequiel Garcia Signed-off-by: Greg Kroah-Hartman --- drivers/mtd/spi-nor/spi-nor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/mtd/spi-nor/spi-nor.c +++ b/drivers/mtd/spi-nor/spi-nor.c @@ -661,7 +661,7 @@ static int stm_unlock(struct spi_nor *no status_new = (status_old & ~mask & ~SR_TB) | val; /* Don't protect status register if we're fully unlocked */ - if (lock_len == mtd->size) + if (lock_len == 0) status_new &= ~SR_SRWD; if (!use_top)