[MTD] [INFTL] Fix infinite loop in INFTL_foldchain
When iterating over a chain in reverse (oldest block first), this
patch correctly marks the PUtable[] entry of the second to last erase
block of a chain as BLOCK_NIL, regardless of whether or not it can
format the last block successfully. Before, the second to last block
was only marked as pointing to BLOCK_NIL if INFTL_formatblock()
succeeded on the last block of the chain, which could potentially
result in an infinite loop if the block was worn out and refused to
format.
Signed-off-by: Daniel Rosenthal <danielrosenthal@acm.org>
Acked-by: Greg Ungerer <gerg@snapgear.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
diff --git a/drivers/mtd/inftlcore.c b/drivers/mtd/inftlcore.c
index c4f9d33..50ce138 100644
--- a/drivers/mtd/inftlcore.c
+++ b/drivers/mtd/inftlcore.c
@@ -388,6 +388,10 @@
if (thisEUN == targetEUN)
break;
+ /* Unlink the last block from the chain. */
+ inftl->PUtable[prevEUN] = BLOCK_NIL;
+
+ /* Now try to erase it. */
if (INFTL_formatblock(inftl, thisEUN) < 0) {
/*
* Could not erase : mark block as reserved.
@@ -396,7 +400,6 @@
} else {
/* Correctly erased : mark it as free */
inftl->PUtable[thisEUN] = BLOCK_FREE;
- inftl->PUtable[prevEUN] = BLOCK_NIL;
inftl->numfreeEUNs++;
}
}