Finally fix the pesky x86-2.6 block2mtd related crash (#1058)

When erasing blocks, block2mtd checks the block on the physical disk
to see if everything's filled with 0xff. When grabbing a page from the page
cache, it initializes the limit as <start address> + PAGE_SIZE.
Turns out that the pointer to the status page is (unsigned long *), and
thus it adds (PAGE_SIZE * 4).
This would never have been caught, if it wasn't for the unlikely event
that block2mtd catches the *last* page available in the system ram and
thus tries to scan 4 memory pages from there.
The absolutely trivial fix is to do a double cast (cast to (u8 *), add
PAGE_SIZE, then cast to (unsigned long *))

... and there was much rejoicing

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@6318 3c298f89-4303-0410-b956-a3cf2f4a3e73

diff --git a/target/linux/generic-2.6/patches/212-block2mtd_erase_scan.patch b/target/linux/generic-2.6/patches/212-block2mtd_erase_scan.patch
new file mode 100644 (file)
index 0000000..76b4f5d
--- /dev/null
+++ b/target/linux/generic-2.6/patches/212-block2mtd_erase_scan.patch
@@ -0,0 +1,11 @@
+--- linux.dev/drivers/mtd/devices/block2mtd.c.old      2007-02-18 14:08:59.519952312 +0100
++++ linux.dev/drivers/mtd/devices/block2mtd.c  2007-02-18 14:09:04.219237912 +0100
+@@ -111,7 +111,7 @@
+               if (IS_ERR(page))
+                       return PTR_ERR(page);
+ 
+-              max = (u_long*)page_address(page) + PAGE_SIZE;
++              max = (u_long*) ((u8 *) page_address(page) + PAGE_SIZE);
+               for (p=(u_long*)page_address(page); p<max; p++)
+                       if (*p != -1UL) {
+                               lock_page(page);