[PATCH 4.17 108/220] mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary

From: Greg Kroah-Hartman
Date: Sun Jul 01 2018 - 13:08:28 EST

4.17-stable review patch. If anyone has any objections, please let me know.


From: Joakim Tjernlund <joakim.tjernlund@xxxxxxxxxxxx>

commit 0cd8116f172eed018907303dbff5c112690eeb91 upstream.

The "sector is in requested range" test used to determine whether
sectors should be re-locked or not is done on a variable that is reset
everytime we cross a chip boundary, which can lead to some blocks being
re-locked while the caller expect them to be unlocked.
Fix the check to make sure this cannot happen.

Fixes: 1648eaaa1575 ("mtd: cfi_cmdset_0002: Support Persistent Protection Bits (PPB) locking")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Joakim Tjernlund <joakim.tjernlund@xxxxxxxxxxxx>
Signed-off-by: Boris Brezillon <boris.brezillon@xxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

drivers/mtd/chips/cfi_cmdset_0002.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/mtd/chips/cfi_cmdset_0002.c
+++ b/drivers/mtd/chips/cfi_cmdset_0002.c
@@ -2649,7 +2649,7 @@ static int __maybe_unused cfi_ppb_unlock
* sectors shall be unlocked, so lets keep their locking
* status at "unlocked" (locked=0) for the final re-locking.
- if ((adr < ofs) || (adr >= (ofs + len))) {
+ if ((offset < ofs) || (offset >= (ofs + len))) {
sect[sectors].chip = &cfi->chips[chipnum];
sect[sectors].adr = adr;
sect[sectors].locked = do_ppb_xxlock(