cfi_flash: do not reset flash when probe fails

The CFI flash driver starts at flash_init() which calls down into
flash_get_size().  This starts by calling flash_detect_cfi().  If said
function fails, flash_get_size() finishes by attempting to reset the
flash.  Unfortunately, it does this with an info->portwidth set to 0x10
which filters down into flash_make_cmd() and that happily smashes the
stack by sticking info->portwidth bytes into a cfiword_t variable that
lives on the stack.  On a 64bit system you probably won't notice, but
killing the last 8 bytes on a 32bit system usually leads to a corrupt
return address.  Which is what happens on a Blackfin system.

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Stefan Roese <sr@denx.de>

diff --git a/drivers/mtd/cfi_flash.c b/drivers/mtd/cfi_flash.c
index 0d1ee8a459d0cd01d5880ae4a92ce1c8e64fded7..72d063ae8900d6ec774a3363846a6f1cc3f4943c 100644 (file)
--- a/drivers/mtd/cfi_flash.c
+++ b/drivers/mtd/cfi_flash.c
@@ -1932,9 +1932,10 @@ ulong flash_get_size (ulong base, int banknum)
                        /* XXX - Need to test on x8/x16 in parallel. */
                        info->portwidth >>= 1;
                }
+
+               flash_write_cmd (info, 0, 0, info->cmd_reset);
        }
 
-       flash_write_cmd (info, 0, 0, info->cmd_reset);
        return (info->size);
 }