[MTD] [INFTL] Fix infinite loop in INFTL_foldchain

When iterating over a chain in reverse (oldest block first), this patch correctly marks the PUtable[] entry of the second to last erase block of a chain as BLOCK_NIL, regardless of whether or not it can format the last block successfully. Before, the second to last block was only marked as pointing to BLOCK_NIL if INFTL_formatblock() succeeded on the last block of the chain, which could potentially result in an infinite loop if the block was worn out and refused to format. Signed-off-by: Daniel Rosenthal <danielrosenthal@acm.org> Acked-by: Greg Ungerer <gerg@snapgear.com> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
tzwolf · Oct 8, 2008 · 63fd7f3 · 63fd7f3
1 parent f324277
commit 63fd7f3
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/drivers/mtd/inftlcore.c b/drivers/mtd/inftlcore.c
@@ -388,6 +388,10 @@ static u16 INFTL_foldchain(struct INFTLrecord *inftl, unsigned thisVUC, unsigned
 		if (thisEUN == targetEUN)
 			break;
 
+		/* Unlink the last block from the chain. */
+		inftl->PUtable[prevEUN] = BLOCK_NIL;
+
+		/* Now try to erase it. */
 		if (INFTL_formatblock(inftl, thisEUN) < 0) {
 			/*
 			 * Could not erase : mark block as reserved.
@@ -396,7 +400,6 @@ static u16 INFTL_foldchain(struct INFTLrecord *inftl, unsigned thisVUC, unsigned
 		} else {
 			/* Correctly erased : mark it as free */
 			inftl->PUtable[thisEUN] = BLOCK_FREE;
-			inftl->PUtable[prevEUN] = BLOCK_NIL;
 			inftl->numfreeEUNs++;
 		}
 	}