Fix internal offset calculations for SPI BYTE PROGRAM and SPI AAI PROGRAM

The bug was invisible so far because we always started at offset 0. The
pending partial write patch uses nonzero start offsets and trips over
this bug.

Clarify a few comments in IT87 SPI.

Thanks to Idwer Vollering for reporting write breakage with my latest
partial write patch. This should fix the underlying problem.

Corresponding to flashrom svn r1217.

Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net>
Acked-by: Idwer Vollering <vidwer@gmail.com>
diff --git a/it87spi.c b/it87spi.c
index f06efba..fb1448a 100644
--- a/it87spi.c
+++ b/it87spi.c
@@ -339,7 +339,10 @@
 {
 	/*
 	 * IT8716F only allows maximum of 512 kb SPI chip size for memory
-	 * mapped access. It also can't write more than 1+3+256 bytes at once.
+	 * mapped access. It also can't write more than 1+3+256 bytes at once,
+	 * so page_size > 256 bytes needs a fallback.
+	 * FIXME: Split too big page writes into chunks IT87* can handle instead
+	 * of degrading to single-byte program.
 	 */
 	if ((programmer == PROGRAMMER_IT87SPI) ||
 	    (flash->total_size * 1024 > 512 * 1024) ||
@@ -349,9 +352,8 @@
 		int lenhere;
 
 		if (start % flash->page_size) {
-			/* start to the end of the page or start + len,
-			 * whichever is smaller. Page length is hardcoded to
-			 * 256 bytes (IT87 SPI hardware limitation).
+			/* start to the end of the page or to start + len,
+			 * whichever is smaller.
 			 */
 			lenhere = min(len, flash->page_size - start % flash->page_size);
 			spi_chip_write_1(flash, buf, start, lenhere);
@@ -360,7 +362,6 @@
 			buf += lenhere;
 		}
 
-		/* FIXME: Handle chips which have max writechunk size >1 and <256. */
 		while (len >= flash->page_size) {
 			it8716f_spi_page_program(flash, buf, start);
 			start += flash->page_size;
diff --git a/spi25.c b/spi25.c
index 39e9c8c..fc3173f 100644
--- a/spi25.c
+++ b/spi25.c
@@ -1309,7 +1309,7 @@
 	int i, result = 0;
 
 	for (i = start; i < start + len; i++) {
-		result = spi_byte_program(i, buf[i]);
+		result = spi_byte_program(i, buf[i - start]);
 		if (result)
 			return 1;
 		while (spi_read_status_register() & JEDEC_RDSR_BIT_WIP)
@@ -1377,6 +1377,14 @@
 		if (spi_chip_write_1(flash, buf, start, start % 2))
 			return SPI_GENERIC_ERROR;
 		pos += start % 2;
+		cmds[1].writearr = (const unsigned char[]){
+					JEDEC_AAI_WORD_PROGRAM,
+					(pos >> 16) & 0xff,
+					(pos >> 8) & 0xff,
+					(pos & 0xff),
+					buf[pos - start],
+					buf[pos - start + 1]
+				};
 		/* Do not return an error for now. */
 		//return SPI_GENERIC_ERROR;
 	}
@@ -1406,8 +1414,8 @@
 
 	/* Are there at least two more bytes to write? */
 	while (pos < start + len - 1) {
-		cmd[1] = buf[pos++];
-		cmd[2] = buf[pos++];
+		cmd[1] = buf[pos++ - start];
+		cmd[2] = buf[pos++ - start];
 		spi_send_command(JEDEC_AAI_WORD_PROGRAM_CONT_OUTSIZE, 0, cmd, NULL);
 		while (spi_read_status_register() & JEDEC_RDSR_BIT_WIP)
 			programmer_delay(10);
@@ -1420,7 +1428,7 @@
 
 	/* Write remaining byte (if any). */
 	if (pos < start + len) {
-		if (spi_chip_write_1(flash, buf + pos, pos, pos % 2))
+		if (spi_chip_write_1(flash, buf + pos - start, pos, pos % 2))
 			return SPI_GENERIC_ERROR;
 		pos += pos % 2;
 	}