Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * NFTL mount code with extensive checks
4 *
5 * Author: Fabrice Bellard (fabrice.bellard@netgem.com)
6 * Copyright © 2000 Netgem S.A.
7 * Copyright © 1999-2010 David Woodhouse <dwmw2@infradead.org>
8 */
9
10#include <linux/kernel.h>
11#include <asm/errno.h>
12#include <linux/delay.h>
13#include <linux/slab.h>
14#include <linux/mtd/mtd.h>
15#include <linux/mtd/rawnand.h>
16#include <linux/mtd/nftl.h>
17
18#define SECTORSIZE 512
19
20/* find_boot_record: Find the NFTL Media Header and its Spare copy which contains the
21 * various device information of the NFTL partition and Bad Unit Table. Update
22 * the ReplUnitTable[] table according to the Bad Unit Table. ReplUnitTable[]
23 * is used for management of Erase Unit in other routines in nftl.c and nftlmount.c
24 */
25static int find_boot_record(struct NFTLrecord *nftl)
26{
27 struct nftl_uci1 h1;
28 unsigned int block, boot_record_count = 0;
29 size_t retlen;
30 u8 buf[SECTORSIZE];
31 struct NFTLMediaHeader *mh = &nftl->MediaHdr;
32 struct mtd_info *mtd = nftl->mbd.mtd;
33 unsigned int i;
34
35 /* Assume logical EraseSize == physical erasesize for starting the scan.
36 We'll sort it out later if we find a MediaHeader which says otherwise */
37 /* Actually, we won't. The new DiskOnChip driver has already scanned
38 the MediaHeader and adjusted the virtual erasesize it presents in
39 the mtd device accordingly. We could even get rid of
40 nftl->EraseSize if there were any point in doing so. */
41 nftl->EraseSize = nftl->mbd.mtd->erasesize;
42 nftl->nb_blocks = (u32)nftl->mbd.mtd->size / nftl->EraseSize;
43
44 nftl->MediaUnit = BLOCK_NIL;
45 nftl->SpareMediaUnit = BLOCK_NIL;
46
47 /* search for a valid boot record */
48 for (block = 0; block < nftl->nb_blocks; block++) {
49 int ret;
50
51 /* Check for ANAND header first. Then can whinge if it's found but later
52 checks fail */
53 ret = mtd_read(mtd, block * nftl->EraseSize, SECTORSIZE,
54 &retlen, buf);
55 /* We ignore ret in case the ECC of the MediaHeader is invalid
56 (which is apparently acceptable) */
57 if (retlen != SECTORSIZE) {
58 static int warncount = 5;
59
60 if (warncount) {
61 printk(KERN_WARNING "Block read at 0x%x of mtd%d failed: %d\n",
62 block * nftl->EraseSize, nftl->mbd.mtd->index, ret);
63 if (!--warncount)
64 printk(KERN_WARNING "Further failures for this block will not be printed\n");
65 }
66 continue;
67 }
68
69 if (retlen < 6 || memcmp(buf, "ANAND", 6)) {
70 /* ANAND\0 not found. Continue */
71#if 0
72 printk(KERN_DEBUG "ANAND header not found at 0x%x in mtd%d\n",
73 block * nftl->EraseSize, nftl->mbd.mtd->index);
74#endif
75 continue;
76 }
77
78 /* To be safer with BIOS, also use erase mark as discriminant */
79 ret = nftl_read_oob(mtd, block * nftl->EraseSize +
80 SECTORSIZE + 8, 8, &retlen,
81 (char *)&h1);
82 if (ret < 0) {
83 printk(KERN_WARNING "ANAND header found at 0x%x in mtd%d, but OOB data read failed (err %d)\n",
84 block * nftl->EraseSize, nftl->mbd.mtd->index, ret);
85 continue;
86 }
87
88#if 0 /* Some people seem to have devices without ECC or erase marks
89 on the Media Header blocks. There are enough other sanity
90 checks in here that we can probably do without it.
91 */
92 if (le16_to_cpu(h1.EraseMark | h1.EraseMark1) != ERASE_MARK) {
93 printk(KERN_NOTICE "ANAND header found at 0x%x in mtd%d, but erase mark not present (0x%04x,0x%04x instead)\n",
94 block * nftl->EraseSize, nftl->mbd.mtd->index,
95 le16_to_cpu(h1.EraseMark), le16_to_cpu(h1.EraseMark1));
96 continue;
97 }
98
99 /* Finally reread to check ECC */
100 ret = mtd->read(mtd, block * nftl->EraseSize, SECTORSIZE,
101 &retlen, buf);
102 if (ret < 0) {
103 printk(KERN_NOTICE "ANAND header found at 0x%x in mtd%d, but ECC read failed (err %d)\n",
104 block * nftl->EraseSize, nftl->mbd.mtd->index, ret);
105 continue;
106 }
107
108 /* Paranoia. Check the ANAND header is still there after the ECC read */
109 if (memcmp(buf, "ANAND", 6)) {
110 printk(KERN_NOTICE "ANAND header found at 0x%x in mtd%d, but went away on reread!\n",
111 block * nftl->EraseSize, nftl->mbd.mtd->index);
112 printk(KERN_NOTICE "New data are: %6ph\n", buf);
113 continue;
114 }
115#endif
116 /* OK, we like it. */
117
118 if (boot_record_count) {
119 /* We've already processed one. So we just check if
120 this one is the same as the first one we found */
121 if (memcmp(mh, buf, sizeof(struct NFTLMediaHeader))) {
122 printk(KERN_NOTICE "NFTL Media Headers at 0x%x and 0x%x disagree.\n",
123 nftl->MediaUnit * nftl->EraseSize, block * nftl->EraseSize);
124 /* if (debug) Print both side by side */
125 if (boot_record_count < 2) {
126 /* We haven't yet seen two real ones */
127 return -1;
128 }
129 continue;
130 }
131 if (boot_record_count == 1)
132 nftl->SpareMediaUnit = block;
133
134 /* Mark this boot record (NFTL MediaHeader) block as reserved */
135 nftl->ReplUnitTable[block] = BLOCK_RESERVED;
136
137
138 boot_record_count++;
139 continue;
140 }
141
142 /* This is the first we've seen. Copy the media header structure into place */
143 memcpy(mh, buf, sizeof(struct NFTLMediaHeader));
144
145 /* Do some sanity checks on it */
146#if 0
147The new DiskOnChip driver scans the MediaHeader itself, and presents a virtual
148erasesize based on UnitSizeFactor. So the erasesize we read from the mtd
149device is already correct.
150 if (mh->UnitSizeFactor == 0) {
151 printk(KERN_NOTICE "NFTL: UnitSizeFactor 0x00 detected. This violates the spec but we think we know what it means...\n");
152 } else if (mh->UnitSizeFactor < 0xfc) {
153 printk(KERN_NOTICE "Sorry, we don't support UnitSizeFactor 0x%02x\n",
154 mh->UnitSizeFactor);
155 return -1;
156 } else if (mh->UnitSizeFactor != 0xff) {
157 printk(KERN_NOTICE "WARNING: Support for NFTL with UnitSizeFactor 0x%02x is experimental\n",
158 mh->UnitSizeFactor);
159 nftl->EraseSize = nftl->mbd.mtd->erasesize << (0xff - mh->UnitSizeFactor);
160 nftl->nb_blocks = (u32)nftl->mbd.mtd->size / nftl->EraseSize;
161 }
162#endif
163 nftl->nb_boot_blocks = le16_to_cpu(mh->FirstPhysicalEUN);
164 if ((nftl->nb_boot_blocks + 2) >= nftl->nb_blocks) {
165 printk(KERN_NOTICE "NFTL Media Header sanity check failed:\n");
166 printk(KERN_NOTICE "nb_boot_blocks (%d) + 2 > nb_blocks (%d)\n",
167 nftl->nb_boot_blocks, nftl->nb_blocks);
168 return -1;
169 }
170
171 nftl->numvunits = le32_to_cpu(mh->FormattedSize) / nftl->EraseSize;
172 if (nftl->numvunits > (nftl->nb_blocks - nftl->nb_boot_blocks - 2)) {
173 printk(KERN_NOTICE "NFTL Media Header sanity check failed:\n");
174 printk(KERN_NOTICE "numvunits (%d) > nb_blocks (%d) - nb_boot_blocks(%d) - 2\n",
175 nftl->numvunits, nftl->nb_blocks, nftl->nb_boot_blocks);
176 return -1;
177 }
178
179 nftl->mbd.size = nftl->numvunits * (nftl->EraseSize / SECTORSIZE);
180
181 /* If we're not using the last sectors in the device for some reason,
182 reduce nb_blocks accordingly so we forget they're there */
183 nftl->nb_blocks = le16_to_cpu(mh->NumEraseUnits) + le16_to_cpu(mh->FirstPhysicalEUN);
184
185 /* XXX: will be suppressed */
186 nftl->lastEUN = nftl->nb_blocks - 1;
187
188 /* memory alloc */
189 nftl->EUNtable = kmalloc_array(nftl->nb_blocks, sizeof(u16),
190 GFP_KERNEL);
191 if (!nftl->EUNtable) {
192 printk(KERN_NOTICE "NFTL: allocation of EUNtable failed\n");
193 return -ENOMEM;
194 }
195
196 nftl->ReplUnitTable = kmalloc_array(nftl->nb_blocks,
197 sizeof(u16),
198 GFP_KERNEL);
199 if (!nftl->ReplUnitTable) {
200 kfree(nftl->EUNtable);
201 printk(KERN_NOTICE "NFTL: allocation of ReplUnitTable failed\n");
202 return -ENOMEM;
203 }
204
205 /* mark the bios blocks (blocks before NFTL MediaHeader) as reserved */
206 for (i = 0; i < nftl->nb_boot_blocks; i++)
207 nftl->ReplUnitTable[i] = BLOCK_RESERVED;
208 /* mark all remaining blocks as potentially containing data */
209 for (; i < nftl->nb_blocks; i++) {
210 nftl->ReplUnitTable[i] = BLOCK_NOTEXPLORED;
211 }
212
213 /* Mark this boot record (NFTL MediaHeader) block as reserved */
214 nftl->ReplUnitTable[block] = BLOCK_RESERVED;
215
216 /* read the Bad Erase Unit Table and modify ReplUnitTable[] accordingly */
217 for (i = 0; i < nftl->nb_blocks; i++) {
218#if 0
219The new DiskOnChip driver already scanned the bad block table. Just query it.
220 if ((i & (SECTORSIZE - 1)) == 0) {
221 /* read one sector for every SECTORSIZE of blocks */
222 ret = mtd->read(nftl->mbd.mtd,
223 block * nftl->EraseSize + i +
224 SECTORSIZE, SECTORSIZE,
225 &retlen, buf);
226 if (ret < 0) {
227 printk(KERN_NOTICE "Read of bad sector table failed (err %d)\n",
228 ret);
229 kfree(nftl->ReplUnitTable);
230 kfree(nftl->EUNtable);
231 return -1;
232 }
233 }
234 /* mark the Bad Erase Unit as RESERVED in ReplUnitTable */
235 if (buf[i & (SECTORSIZE - 1)] != 0xff)
236 nftl->ReplUnitTable[i] = BLOCK_RESERVED;
237#endif
238 if (mtd_block_isbad(nftl->mbd.mtd,
239 i * nftl->EraseSize))
240 nftl->ReplUnitTable[i] = BLOCK_RESERVED;
241 }
242
243 nftl->MediaUnit = block;
244 boot_record_count++;
245
246 } /* foreach (block) */
247
248 return boot_record_count?0:-1;
249}
250
251static int memcmpb(void *a, int c, int n)
252{
253 int i;
254 for (i = 0; i < n; i++) {
255 if (c != ((unsigned char *)a)[i])
256 return 1;
257 }
258 return 0;
259}
260
261/* check_free_sector: check if a free sector is actually FREE, i.e. All 0xff in data and oob area */
262static int check_free_sectors(struct NFTLrecord *nftl, unsigned int address, int len,
263 int check_oob)
264{
265 struct mtd_info *mtd = nftl->mbd.mtd;
266 size_t retlen;
267 int i, ret;
268 u8 *buf;
269
270 buf = kmalloc(SECTORSIZE + mtd->oobsize, GFP_KERNEL);
271 if (!buf)
272 return -1;
273
274 ret = -1;
275 for (i = 0; i < len; i += SECTORSIZE) {
276 if (mtd_read(mtd, address, SECTORSIZE, &retlen, buf))
277 goto out;
278 if (memcmpb(buf, 0xff, SECTORSIZE) != 0)
279 goto out;
280
281 if (check_oob) {
282 if(nftl_read_oob(mtd, address, mtd->oobsize,
283 &retlen, &buf[SECTORSIZE]) < 0)
284 goto out;
285 if (memcmpb(buf + SECTORSIZE, 0xff, mtd->oobsize) != 0)
286 goto out;
287 }
288 address += SECTORSIZE;
289 }
290
291 ret = 0;
292
293out:
294 kfree(buf);
295 return ret;
296}
297
298/* NFTL_format: format a Erase Unit by erasing ALL Erase Zones in the Erase Unit and
299 * Update NFTL metadata. Each erase operation is checked with check_free_sectors
300 *
301 * Return: 0 when succeed, -1 on error.
302 *
303 * ToDo: 1. Is it necessary to check_free_sector after erasing ??
304 */
305int NFTL_formatblock(struct NFTLrecord *nftl, int block)
306{
307 size_t retlen;
308 unsigned int nb_erases, erase_mark;
309 struct nftl_uci1 uci;
310 struct erase_info *instr = &nftl->instr;
311 struct mtd_info *mtd = nftl->mbd.mtd;
312
313 /* Read the Unit Control Information #1 for Wear-Leveling */
314 if (nftl_read_oob(mtd, block * nftl->EraseSize + SECTORSIZE + 8,
315 8, &retlen, (char *)&uci) < 0)
316 goto default_uci1;
317
318 erase_mark = le16_to_cpu ((uci.EraseMark | uci.EraseMark1));
319 if (erase_mark != ERASE_MARK) {
320 default_uci1:
321 uci.EraseMark = cpu_to_le16(ERASE_MARK);
322 uci.EraseMark1 = cpu_to_le16(ERASE_MARK);
323 uci.WearInfo = cpu_to_le32(0);
324 }
325
326 memset(instr, 0, sizeof(struct erase_info));
327
328 /* XXX: use async erase interface, XXX: test return code */
329 instr->addr = block * nftl->EraseSize;
330 instr->len = nftl->EraseSize;
331 if (mtd_erase(mtd, instr)) {
332 printk("Error while formatting block %d\n", block);
333 goto fail;
334 }
335
336 /* increase and write Wear-Leveling info */
337 nb_erases = le32_to_cpu(uci.WearInfo);
338 nb_erases++;
339
340 /* wrap (almost impossible with current flash) or free block */
341 if (nb_erases == 0)
342 nb_erases = 1;
343
344 /* check the "freeness" of Erase Unit before updating metadata
345 * FixMe: is this check really necessary ? since we have check the
346 * return code after the erase operation.
347 */
348 if (check_free_sectors(nftl, instr->addr, nftl->EraseSize, 1) != 0)
349 goto fail;
350
351 uci.WearInfo = le32_to_cpu(nb_erases);
352 if (nftl_write_oob(mtd, block * nftl->EraseSize + SECTORSIZE +
353 8, 8, &retlen, (char *)&uci) < 0)
354 goto fail;
355 return 0;
356fail:
357 /* could not format, update the bad block table (caller is responsible
358 for setting the ReplUnitTable to BLOCK_RESERVED on failure) */
359 mtd_block_markbad(nftl->mbd.mtd, instr->addr);
360 return -1;
361}
362
363/* check_sectors_in_chain: Check that each sector of a Virtual Unit Chain is correct.
364 * Mark as 'IGNORE' each incorrect sector. This check is only done if the chain
365 * was being folded when NFTL was interrupted.
366 *
367 * The check_free_sectors in this function is necessary. There is a possible
368 * situation that after writing the Data area, the Block Control Information is
369 * not updated according (due to power failure or something) which leaves the block
370 * in an inconsistent state. So we have to check if a block is really FREE in this
371 * case. */
372static void check_sectors_in_chain(struct NFTLrecord *nftl, unsigned int first_block)
373{
374 struct mtd_info *mtd = nftl->mbd.mtd;
375 unsigned int block, i, status;
376 struct nftl_bci bci;
377 int sectors_per_block;
378 size_t retlen;
379
380 sectors_per_block = nftl->EraseSize / SECTORSIZE;
381 block = first_block;
382 for (;;) {
383 for (i = 0; i < sectors_per_block; i++) {
384 if (nftl_read_oob(mtd,
385 block * nftl->EraseSize + i * SECTORSIZE,
386 8, &retlen, (char *)&bci) < 0)
387 status = SECTOR_IGNORE;
388 else
389 status = bci.Status | bci.Status1;
390
391 switch(status) {
392 case SECTOR_FREE:
393 /* verify that the sector is really free. If not, mark
394 as ignore */
395 if (memcmpb(&bci, 0xff, 8) != 0 ||
396 check_free_sectors(nftl, block * nftl->EraseSize + i * SECTORSIZE,
397 SECTORSIZE, 0) != 0) {
398 printk("Incorrect free sector %d in block %d: "
399 "marking it as ignored\n",
400 i, block);
401
402 /* sector not free actually : mark it as SECTOR_IGNORE */
403 bci.Status = SECTOR_IGNORE;
404 bci.Status1 = SECTOR_IGNORE;
405 nftl_write_oob(mtd, block *
406 nftl->EraseSize +
407 i * SECTORSIZE, 8,
408 &retlen, (char *)&bci);
409 }
410 break;
411 default:
412 break;
413 }
414 }
415
416 /* proceed to next Erase Unit on the chain */
417 block = nftl->ReplUnitTable[block];
418 if (!(block == BLOCK_NIL || block < nftl->nb_blocks))
419 printk("incorrect ReplUnitTable[] : %d\n", block);
420 if (block == BLOCK_NIL || block >= nftl->nb_blocks)
421 break;
422 }
423}
424
425/* calc_chain_length: Walk through a Virtual Unit Chain and estimate chain length */
426static int calc_chain_length(struct NFTLrecord *nftl, unsigned int first_block)
427{
428 unsigned int length = 0, block = first_block;
429
430 for (;;) {
431 length++;
432 /* avoid infinite loops, although this is guaranteed not to
433 happen because of the previous checks */
434 if (length >= nftl->nb_blocks) {
435 printk("nftl: length too long %d !\n", length);
436 break;
437 }
438
439 block = nftl->ReplUnitTable[block];
440 if (!(block == BLOCK_NIL || block < nftl->nb_blocks))
441 printk("incorrect ReplUnitTable[] : %d\n", block);
442 if (block == BLOCK_NIL || block >= nftl->nb_blocks)
443 break;
444 }
445 return length;
446}
447
448/* format_chain: Format an invalid Virtual Unit chain. It frees all the Erase Units in a
449 * Virtual Unit Chain, i.e. all the units are disconnected.
450 *
451 * It is not strictly correct to begin from the first block of the chain because
452 * if we stop the code, we may see again a valid chain if there was a first_block
453 * flag in a block inside it. But is it really a problem ?
454 *
455 * FixMe: Figure out what the last statement means. What if power failure when we are
456 * in the for (;;) loop formatting blocks ??
457 */
458static void format_chain(struct NFTLrecord *nftl, unsigned int first_block)
459{
460 unsigned int block = first_block, block1;
461
462 printk("Formatting chain at block %d\n", first_block);
463
464 for (;;) {
465 block1 = nftl->ReplUnitTable[block];
466
467 printk("Formatting block %d\n", block);
468 if (NFTL_formatblock(nftl, block) < 0) {
469 /* cannot format !!!! Mark it as Bad Unit */
470 nftl->ReplUnitTable[block] = BLOCK_RESERVED;
471 } else {
472 nftl->ReplUnitTable[block] = BLOCK_FREE;
473 }
474
475 /* goto next block on the chain */
476 block = block1;
477
478 if (!(block == BLOCK_NIL || block < nftl->nb_blocks))
479 printk("incorrect ReplUnitTable[] : %d\n", block);
480 if (block == BLOCK_NIL || block >= nftl->nb_blocks)
481 break;
482 }
483}
484
485/* check_and_mark_free_block: Verify that a block is free in the NFTL sense (valid erase mark) or
486 * totally free (only 0xff).
487 *
488 * Definition: Free Erase Unit -- A properly erased/formatted Free Erase Unit should have meet the
489 * following criteria:
490 * 1. */
491static int check_and_mark_free_block(struct NFTLrecord *nftl, int block)
492{
493 struct mtd_info *mtd = nftl->mbd.mtd;
494 struct nftl_uci1 h1;
495 unsigned int erase_mark;
496 size_t retlen;
497
498 /* check erase mark. */
499 if (nftl_read_oob(mtd, block * nftl->EraseSize + SECTORSIZE + 8, 8,
500 &retlen, (char *)&h1) < 0)
501 return -1;
502
503 erase_mark = le16_to_cpu ((h1.EraseMark | h1.EraseMark1));
504 if (erase_mark != ERASE_MARK) {
505 /* if no erase mark, the block must be totally free. This is
506 possible in two cases : empty filesystem or interrupted erase (very unlikely) */
507 if (check_free_sectors (nftl, block * nftl->EraseSize, nftl->EraseSize, 1) != 0)
508 return -1;
509
510 /* free block : write erase mark */
511 h1.EraseMark = cpu_to_le16(ERASE_MARK);
512 h1.EraseMark1 = cpu_to_le16(ERASE_MARK);
513 h1.WearInfo = cpu_to_le32(0);
514 if (nftl_write_oob(mtd,
515 block * nftl->EraseSize + SECTORSIZE + 8, 8,
516 &retlen, (char *)&h1) < 0)
517 return -1;
518 } else {
519#if 0
520 /* if erase mark present, need to skip it when doing check */
521 for (i = 0; i < nftl->EraseSize; i += SECTORSIZE) {
522 /* check free sector */
523 if (check_free_sectors (nftl, block * nftl->EraseSize + i,
524 SECTORSIZE, 0) != 0)
525 return -1;
526
527 if (nftl_read_oob(mtd, block * nftl->EraseSize + i,
528 16, &retlen, buf) < 0)
529 return -1;
530 if (i == SECTORSIZE) {
531 /* skip erase mark */
532 if (memcmpb(buf, 0xff, 8))
533 return -1;
534 } else {
535 if (memcmpb(buf, 0xff, 16))
536 return -1;
537 }
538 }
539#endif
540 }
541
542 return 0;
543}
544
545/* get_fold_mark: Read fold mark from Unit Control Information #2, we use FOLD_MARK_IN_PROGRESS
546 * to indicate that we are in the progression of a Virtual Unit Chain folding. If the UCI #2
547 * is FOLD_MARK_IN_PROGRESS when mounting the NFTL, the (previous) folding process is interrupted
548 * for some reason. A clean up/check of the VUC is necessary in this case.
549 *
550 * WARNING: return 0 if read error
551 */
552static int get_fold_mark(struct NFTLrecord *nftl, unsigned int block)
553{
554 struct mtd_info *mtd = nftl->mbd.mtd;
555 struct nftl_uci2 uci;
556 size_t retlen;
557
558 if (nftl_read_oob(mtd, block * nftl->EraseSize + 2 * SECTORSIZE + 8,
559 8, &retlen, (char *)&uci) < 0)
560 return 0;
561
562 return le16_to_cpu((uci.FoldMark | uci.FoldMark1));
563}
564
565int NFTL_mount(struct NFTLrecord *s)
566{
567 int i;
568 unsigned int first_logical_block, logical_block, rep_block, erase_mark;
569 unsigned int block, first_block, is_first_block;
570 int chain_length, do_format_chain;
571 struct nftl_uci0 h0;
572 struct nftl_uci1 h1;
573 struct mtd_info *mtd = s->mbd.mtd;
574 size_t retlen;
575
576 /* search for NFTL MediaHeader and Spare NFTL Media Header */
577 if (find_boot_record(s) < 0) {
578 printk("Could not find valid boot record\n");
579 return -1;
580 }
581
582 /* init the logical to physical table */
583 for (i = 0; i < s->nb_blocks; i++) {
584 s->EUNtable[i] = BLOCK_NIL;
585 }
586
587 /* first pass : explore each block chain */
588 first_logical_block = 0;
589 for (first_block = 0; first_block < s->nb_blocks; first_block++) {
590 /* if the block was not already explored, we can look at it */
591 if (s->ReplUnitTable[first_block] == BLOCK_NOTEXPLORED) {
592 block = first_block;
593 chain_length = 0;
594 do_format_chain = 0;
595
596 for (;;) {
597 /* read the block header. If error, we format the chain */
598 if (nftl_read_oob(mtd,
599 block * s->EraseSize + 8, 8,
600 &retlen, (char *)&h0) < 0 ||
601 nftl_read_oob(mtd,
602 block * s->EraseSize +
603 SECTORSIZE + 8, 8,
604 &retlen, (char *)&h1) < 0) {
605 s->ReplUnitTable[block] = BLOCK_NIL;
606 do_format_chain = 1;
607 break;
608 }
609
610 logical_block = le16_to_cpu ((h0.VirtUnitNum | h0.SpareVirtUnitNum));
611 rep_block = le16_to_cpu ((h0.ReplUnitNum | h0.SpareReplUnitNum));
612 erase_mark = le16_to_cpu ((h1.EraseMark | h1.EraseMark1));
613
614 is_first_block = !(logical_block >> 15);
615 logical_block = logical_block & 0x7fff;
616
617 /* invalid/free block test */
618 if (erase_mark != ERASE_MARK || logical_block >= s->nb_blocks) {
619 if (chain_length == 0) {
620 /* if not currently in a chain, we can handle it safely */
621 if (check_and_mark_free_block(s, block) < 0) {
622 /* not really free: format it */
623 printk("Formatting block %d\n", block);
624 if (NFTL_formatblock(s, block) < 0) {
625 /* could not format: reserve the block */
626 s->ReplUnitTable[block] = BLOCK_RESERVED;
627 } else {
628 s->ReplUnitTable[block] = BLOCK_FREE;
629 }
630 } else {
631 /* free block: mark it */
632 s->ReplUnitTable[block] = BLOCK_FREE;
633 }
634 /* directly examine the next block. */
635 goto examine_ReplUnitTable;
636 } else {
637 /* the block was in a chain : this is bad. We
638 must format all the chain */
639 printk("Block %d: free but referenced in chain %d\n",
640 block, first_block);
641 s->ReplUnitTable[block] = BLOCK_NIL;
642 do_format_chain = 1;
643 break;
644 }
645 }
646
647 /* we accept only first blocks here */
648 if (chain_length == 0) {
649 /* this block is not the first block in chain :
650 ignore it, it will be included in a chain
651 later, or marked as not explored */
652 if (!is_first_block)
653 goto examine_ReplUnitTable;
654 first_logical_block = logical_block;
655 } else {
656 if (logical_block != first_logical_block) {
657 printk("Block %d: incorrect logical block: %d expected: %d\n",
658 block, logical_block, first_logical_block);
659 /* the chain is incorrect : we must format it,
660 but we need to read it completely */
661 do_format_chain = 1;
662 }
663 if (is_first_block) {
664 /* we accept that a block is marked as first
665 block while being last block in a chain
666 only if the chain is being folded */
667 if (get_fold_mark(s, block) != FOLD_MARK_IN_PROGRESS ||
668 rep_block != 0xffff) {
669 printk("Block %d: incorrectly marked as first block in chain\n",
670 block);
671 /* the chain is incorrect : we must format it,
672 but we need to read it completely */
673 do_format_chain = 1;
674 } else {
675 printk("Block %d: folding in progress - ignoring first block flag\n",
676 block);
677 }
678 }
679 }
680 chain_length++;
681 if (rep_block == 0xffff) {
682 /* no more blocks after */
683 s->ReplUnitTable[block] = BLOCK_NIL;
684 break;
685 } else if (rep_block >= s->nb_blocks) {
686 printk("Block %d: referencing invalid block %d\n",
687 block, rep_block);
688 do_format_chain = 1;
689 s->ReplUnitTable[block] = BLOCK_NIL;
690 break;
691 } else if (s->ReplUnitTable[rep_block] != BLOCK_NOTEXPLORED) {
692 /* same problem as previous 'is_first_block' test:
693 we accept that the last block of a chain has
694 the first_block flag set if folding is in
695 progress. We handle here the case where the
696 last block appeared first */
697 if (s->ReplUnitTable[rep_block] == BLOCK_NIL &&
698 s->EUNtable[first_logical_block] == rep_block &&
699 get_fold_mark(s, first_block) == FOLD_MARK_IN_PROGRESS) {
700 /* EUNtable[] will be set after */
701 printk("Block %d: folding in progress - ignoring first block flag\n",
702 rep_block);
703 s->ReplUnitTable[block] = rep_block;
704 s->EUNtable[first_logical_block] = BLOCK_NIL;
705 } else {
706 printk("Block %d: referencing block %d already in another chain\n",
707 block, rep_block);
708 /* XXX: should handle correctly fold in progress chains */
709 do_format_chain = 1;
710 s->ReplUnitTable[block] = BLOCK_NIL;
711 }
712 break;
713 } else {
714 /* this is OK */
715 s->ReplUnitTable[block] = rep_block;
716 block = rep_block;
717 }
718 }
719
720 /* the chain was completely explored. Now we can decide
721 what to do with it */
722 if (do_format_chain) {
723 /* invalid chain : format it */
724 format_chain(s, first_block);
725 } else {
726 unsigned int first_block1, chain_to_format, chain_length1;
727 int fold_mark;
728
729 /* valid chain : get foldmark */
730 fold_mark = get_fold_mark(s, first_block);
731 if (fold_mark == 0) {
732 /* cannot get foldmark : format the chain */
733 printk("Could read foldmark at block %d\n", first_block);
734 format_chain(s, first_block);
735 } else {
736 if (fold_mark == FOLD_MARK_IN_PROGRESS)
737 check_sectors_in_chain(s, first_block);
738
739 /* now handle the case where we find two chains at the
740 same virtual address : we select the longer one,
741 because the shorter one is the one which was being
742 folded if the folding was not done in place */
743 first_block1 = s->EUNtable[first_logical_block];
744 if (first_block1 != BLOCK_NIL) {
745 /* XXX: what to do if same length ? */
746 chain_length1 = calc_chain_length(s, first_block1);
747 printk("Two chains at blocks %d (len=%d) and %d (len=%d)\n",
748 first_block1, chain_length1, first_block, chain_length);
749
750 if (chain_length >= chain_length1) {
751 chain_to_format = first_block1;
752 s->EUNtable[first_logical_block] = first_block;
753 } else {
754 chain_to_format = first_block;
755 }
756 format_chain(s, chain_to_format);
757 } else {
758 s->EUNtable[first_logical_block] = first_block;
759 }
760 }
761 }
762 }
763 examine_ReplUnitTable:;
764 }
765
766 /* second pass to format unreferenced blocks and init free block count */
767 s->numfreeEUNs = 0;
768 s->LastFreeEUN = le16_to_cpu(s->MediaHdr.FirstPhysicalEUN);
769
770 for (block = 0; block < s->nb_blocks; block++) {
771 if (s->ReplUnitTable[block] == BLOCK_NOTEXPLORED) {
772 printk("Unreferenced block %d, formatting it\n", block);
773 if (NFTL_formatblock(s, block) < 0)
774 s->ReplUnitTable[block] = BLOCK_RESERVED;
775 else
776 s->ReplUnitTable[block] = BLOCK_FREE;
777 }
778 if (s->ReplUnitTable[block] == BLOCK_FREE) {
779 s->numfreeEUNs++;
780 s->LastFreeEUN = block;
781 }
782 }
783
784 return 0;
785}
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * NFTL mount code with extensive checks
4 *
5 * Author: Fabrice Bellard (fabrice.bellard@netgem.com)
6 * Copyright © 2000 Netgem S.A.
7 * Copyright © 1999-2010 David Woodhouse <dwmw2@infradead.org>
8 */
9
10#include <linux/kernel.h>
11#include <asm/errno.h>
12#include <linux/delay.h>
13#include <linux/slab.h>
14#include <linux/mtd/mtd.h>
15#include <linux/mtd/rawnand.h>
16#include <linux/mtd/nftl.h>
17
18#define SECTORSIZE 512
19
20/* find_boot_record: Find the NFTL Media Header and its Spare copy which contains the
21 * various device information of the NFTL partition and Bad Unit Table. Update
22 * the ReplUnitTable[] table according to the Bad Unit Table. ReplUnitTable[]
23 * is used for management of Erase Unit in other routines in nftl.c and nftlmount.c
24 */
25static int find_boot_record(struct NFTLrecord *nftl)
26{
27 struct nftl_uci1 h1;
28 unsigned int block, boot_record_count = 0;
29 size_t retlen;
30 u8 buf[SECTORSIZE];
31 struct NFTLMediaHeader *mh = &nftl->MediaHdr;
32 struct mtd_info *mtd = nftl->mbd.mtd;
33 unsigned int i;
34
35 /* Assume logical EraseSize == physical erasesize for starting the scan.
36 We'll sort it out later if we find a MediaHeader which says otherwise */
37 /* Actually, we won't. The new DiskOnChip driver has already scanned
38 the MediaHeader and adjusted the virtual erasesize it presents in
39 the mtd device accordingly. We could even get rid of
40 nftl->EraseSize if there were any point in doing so. */
41 nftl->EraseSize = nftl->mbd.mtd->erasesize;
42 nftl->nb_blocks = (u32)nftl->mbd.mtd->size / nftl->EraseSize;
43
44 nftl->MediaUnit = BLOCK_NIL;
45 nftl->SpareMediaUnit = BLOCK_NIL;
46
47 /* search for a valid boot record */
48 for (block = 0; block < nftl->nb_blocks; block++) {
49 int ret;
50
51 /* Check for ANAND header first. Then can whinge if it's found but later
52 checks fail */
53 ret = mtd_read(mtd, block * nftl->EraseSize, SECTORSIZE,
54 &retlen, buf);
55 /* We ignore ret in case the ECC of the MediaHeader is invalid
56 (which is apparently acceptable) */
57 if (retlen != SECTORSIZE) {
58 static int warncount = 5;
59
60 if (warncount) {
61 printk(KERN_WARNING "Block read at 0x%x of mtd%d failed: %d\n",
62 block * nftl->EraseSize, nftl->mbd.mtd->index, ret);
63 if (!--warncount)
64 printk(KERN_WARNING "Further failures for this block will not be printed\n");
65 }
66 continue;
67 }
68
69 if (retlen < 6 || memcmp(buf, "ANAND", 6)) {
70 /* ANAND\0 not found. Continue */
71#if 0
72 printk(KERN_DEBUG "ANAND header not found at 0x%x in mtd%d\n",
73 block * nftl->EraseSize, nftl->mbd.mtd->index);
74#endif
75 continue;
76 }
77
78 /* To be safer with BIOS, also use erase mark as discriminant */
79 ret = nftl_read_oob(mtd, block * nftl->EraseSize +
80 SECTORSIZE + 8, 8, &retlen,
81 (char *)&h1);
82 if (ret < 0) {
83 printk(KERN_WARNING "ANAND header found at 0x%x in mtd%d, but OOB data read failed (err %d)\n",
84 block * nftl->EraseSize, nftl->mbd.mtd->index, ret);
85 continue;
86 }
87
88#if 0 /* Some people seem to have devices without ECC or erase marks
89 on the Media Header blocks. There are enough other sanity
90 checks in here that we can probably do without it.
91 */
92 if (le16_to_cpu(h1.EraseMark | h1.EraseMark1) != ERASE_MARK) {
93 printk(KERN_NOTICE "ANAND header found at 0x%x in mtd%d, but erase mark not present (0x%04x,0x%04x instead)\n",
94 block * nftl->EraseSize, nftl->mbd.mtd->index,
95 le16_to_cpu(h1.EraseMark), le16_to_cpu(h1.EraseMark1));
96 continue;
97 }
98
99 /* Finally reread to check ECC */
100 ret = mtd->read(mtd, block * nftl->EraseSize, SECTORSIZE,
101 &retlen, buf);
102 if (ret < 0) {
103 printk(KERN_NOTICE "ANAND header found at 0x%x in mtd%d, but ECC read failed (err %d)\n",
104 block * nftl->EraseSize, nftl->mbd.mtd->index, ret);
105 continue;
106 }
107
108 /* Paranoia. Check the ANAND header is still there after the ECC read */
109 if (memcmp(buf, "ANAND", 6)) {
110 printk(KERN_NOTICE "ANAND header found at 0x%x in mtd%d, but went away on reread!\n",
111 block * nftl->EraseSize, nftl->mbd.mtd->index);
112 printk(KERN_NOTICE "New data are: %6ph\n", buf);
113 continue;
114 }
115#endif
116 /* OK, we like it. */
117
118 if (boot_record_count) {
119 /* We've already processed one. So we just check if
120 this one is the same as the first one we found */
121 if (memcmp(mh, buf, sizeof(struct NFTLMediaHeader))) {
122 printk(KERN_NOTICE "NFTL Media Headers at 0x%x and 0x%x disagree.\n",
123 nftl->MediaUnit * nftl->EraseSize, block * nftl->EraseSize);
124 /* if (debug) Print both side by side */
125 if (boot_record_count < 2) {
126 /* We haven't yet seen two real ones */
127 return -1;
128 }
129 continue;
130 }
131 if (boot_record_count == 1)
132 nftl->SpareMediaUnit = block;
133
134 /* Mark this boot record (NFTL MediaHeader) block as reserved */
135 nftl->ReplUnitTable[block] = BLOCK_RESERVED;
136
137
138 boot_record_count++;
139 continue;
140 }
141
142 /* This is the first we've seen. Copy the media header structure into place */
143 memcpy(mh, buf, sizeof(struct NFTLMediaHeader));
144
145 /* Do some sanity checks on it */
146#if 0
147The new DiskOnChip driver scans the MediaHeader itself, and presents a virtual
148erasesize based on UnitSizeFactor. So the erasesize we read from the mtd
149device is already correct.
150 if (mh->UnitSizeFactor == 0) {
151 printk(KERN_NOTICE "NFTL: UnitSizeFactor 0x00 detected. This violates the spec but we think we know what it means...\n");
152 } else if (mh->UnitSizeFactor < 0xfc) {
153 printk(KERN_NOTICE "Sorry, we don't support UnitSizeFactor 0x%02x\n",
154 mh->UnitSizeFactor);
155 return -1;
156 } else if (mh->UnitSizeFactor != 0xff) {
157 printk(KERN_NOTICE "WARNING: Support for NFTL with UnitSizeFactor 0x%02x is experimental\n",
158 mh->UnitSizeFactor);
159 nftl->EraseSize = nftl->mbd.mtd->erasesize << (0xff - mh->UnitSizeFactor);
160 nftl->nb_blocks = (u32)nftl->mbd.mtd->size / nftl->EraseSize;
161 }
162#endif
163 nftl->nb_boot_blocks = le16_to_cpu(mh->FirstPhysicalEUN);
164 if ((nftl->nb_boot_blocks + 2) >= nftl->nb_blocks) {
165 printk(KERN_NOTICE "NFTL Media Header sanity check failed:\n");
166 printk(KERN_NOTICE "nb_boot_blocks (%d) + 2 > nb_blocks (%d)\n",
167 nftl->nb_boot_blocks, nftl->nb_blocks);
168 return -1;
169 }
170
171 nftl->numvunits = le32_to_cpu(mh->FormattedSize) / nftl->EraseSize;
172 if (nftl->numvunits > (nftl->nb_blocks - nftl->nb_boot_blocks - 2)) {
173 printk(KERN_NOTICE "NFTL Media Header sanity check failed:\n");
174 printk(KERN_NOTICE "numvunits (%d) > nb_blocks (%d) - nb_boot_blocks(%d) - 2\n",
175 nftl->numvunits, nftl->nb_blocks, nftl->nb_boot_blocks);
176 return -1;
177 }
178
179 nftl->mbd.size = nftl->numvunits * (nftl->EraseSize / SECTORSIZE);
180
181 /* If we're not using the last sectors in the device for some reason,
182 reduce nb_blocks accordingly so we forget they're there */
183 nftl->nb_blocks = le16_to_cpu(mh->NumEraseUnits) + le16_to_cpu(mh->FirstPhysicalEUN);
184
185 /* XXX: will be suppressed */
186 nftl->lastEUN = nftl->nb_blocks - 1;
187
188 /* memory alloc */
189 nftl->EUNtable = kmalloc_array(nftl->nb_blocks, sizeof(u16),
190 GFP_KERNEL);
191 if (!nftl->EUNtable)
192 return -ENOMEM;
193
194 nftl->ReplUnitTable = kmalloc_array(nftl->nb_blocks,
195 sizeof(u16),
196 GFP_KERNEL);
197 if (!nftl->ReplUnitTable) {
198 kfree(nftl->EUNtable);
199 return -ENOMEM;
200 }
201
202 /* mark the bios blocks (blocks before NFTL MediaHeader) as reserved */
203 for (i = 0; i < nftl->nb_boot_blocks; i++)
204 nftl->ReplUnitTable[i] = BLOCK_RESERVED;
205 /* mark all remaining blocks as potentially containing data */
206 for (; i < nftl->nb_blocks; i++) {
207 nftl->ReplUnitTable[i] = BLOCK_NOTEXPLORED;
208 }
209
210 /* Mark this boot record (NFTL MediaHeader) block as reserved */
211 nftl->ReplUnitTable[block] = BLOCK_RESERVED;
212
213 /* read the Bad Erase Unit Table and modify ReplUnitTable[] accordingly */
214 for (i = 0; i < nftl->nb_blocks; i++) {
215#if 0
216The new DiskOnChip driver already scanned the bad block table. Just query it.
217 if ((i & (SECTORSIZE - 1)) == 0) {
218 /* read one sector for every SECTORSIZE of blocks */
219 ret = mtd->read(nftl->mbd.mtd,
220 block * nftl->EraseSize + i +
221 SECTORSIZE, SECTORSIZE,
222 &retlen, buf);
223 if (ret < 0) {
224 printk(KERN_NOTICE "Read of bad sector table failed (err %d)\n",
225 ret);
226 kfree(nftl->ReplUnitTable);
227 kfree(nftl->EUNtable);
228 return -1;
229 }
230 }
231 /* mark the Bad Erase Unit as RESERVED in ReplUnitTable */
232 if (buf[i & (SECTORSIZE - 1)] != 0xff)
233 nftl->ReplUnitTable[i] = BLOCK_RESERVED;
234#endif
235 if (mtd_block_isbad(nftl->mbd.mtd,
236 i * nftl->EraseSize))
237 nftl->ReplUnitTable[i] = BLOCK_RESERVED;
238 }
239
240 nftl->MediaUnit = block;
241 boot_record_count++;
242
243 } /* foreach (block) */
244
245 return boot_record_count?0:-1;
246}
247
248static int memcmpb(void *a, int c, int n)
249{
250 int i;
251 for (i = 0; i < n; i++) {
252 if (c != ((unsigned char *)a)[i])
253 return 1;
254 }
255 return 0;
256}
257
258/* check_free_sector: check if a free sector is actually FREE, i.e. All 0xff in data and oob area */
259static int check_free_sectors(struct NFTLrecord *nftl, unsigned int address, int len,
260 int check_oob)
261{
262 struct mtd_info *mtd = nftl->mbd.mtd;
263 size_t retlen;
264 int i, ret;
265 u8 *buf;
266
267 buf = kmalloc(SECTORSIZE + mtd->oobsize, GFP_KERNEL);
268 if (!buf)
269 return -ENOMEM;
270
271 ret = -1;
272 for (i = 0; i < len; i += SECTORSIZE) {
273 if (mtd_read(mtd, address, SECTORSIZE, &retlen, buf))
274 goto out;
275 if (memcmpb(buf, 0xff, SECTORSIZE) != 0)
276 goto out;
277
278 if (check_oob) {
279 if(nftl_read_oob(mtd, address, mtd->oobsize,
280 &retlen, &buf[SECTORSIZE]) < 0)
281 goto out;
282 if (memcmpb(buf + SECTORSIZE, 0xff, mtd->oobsize) != 0)
283 goto out;
284 }
285 address += SECTORSIZE;
286 }
287
288 ret = 0;
289
290out:
291 kfree(buf);
292 return ret;
293}
294
295/* NFTL_format: format a Erase Unit by erasing ALL Erase Zones in the Erase Unit and
296 * Update NFTL metadata. Each erase operation is checked with check_free_sectors
297 *
298 * Return: 0 when succeed, -1 on error.
299 *
300 * ToDo: 1. Is it necessary to check_free_sector after erasing ??
301 */
302int NFTL_formatblock(struct NFTLrecord *nftl, int block)
303{
304 size_t retlen;
305 unsigned int nb_erases, erase_mark;
306 struct nftl_uci1 uci;
307 struct erase_info *instr = &nftl->instr;
308 struct mtd_info *mtd = nftl->mbd.mtd;
309
310 /* Read the Unit Control Information #1 for Wear-Leveling */
311 if (nftl_read_oob(mtd, block * nftl->EraseSize + SECTORSIZE + 8,
312 8, &retlen, (char *)&uci) < 0)
313 goto default_uci1;
314
315 erase_mark = le16_to_cpu ((uci.EraseMark | uci.EraseMark1));
316 if (erase_mark != ERASE_MARK) {
317 default_uci1:
318 uci.EraseMark = cpu_to_le16(ERASE_MARK);
319 uci.EraseMark1 = cpu_to_le16(ERASE_MARK);
320 uci.WearInfo = cpu_to_le32(0);
321 }
322
323 memset(instr, 0, sizeof(struct erase_info));
324
325 /* XXX: use async erase interface, XXX: test return code */
326 instr->addr = block * nftl->EraseSize;
327 instr->len = nftl->EraseSize;
328 if (mtd_erase(mtd, instr)) {
329 printk("Error while formatting block %d\n", block);
330 goto fail;
331 }
332
333 /* increase and write Wear-Leveling info */
334 nb_erases = le32_to_cpu(uci.WearInfo);
335 nb_erases++;
336
337 /* wrap (almost impossible with current flash) or free block */
338 if (nb_erases == 0)
339 nb_erases = 1;
340
341 /* check the "freeness" of Erase Unit before updating metadata
342 * FixMe: is this check really necessary ? since we have check the
343 * return code after the erase operation.
344 */
345 if (check_free_sectors(nftl, instr->addr, nftl->EraseSize, 1) != 0)
346 goto fail;
347
348 uci.WearInfo = le32_to_cpu(nb_erases);
349 if (nftl_write_oob(mtd, block * nftl->EraseSize + SECTORSIZE +
350 8, 8, &retlen, (char *)&uci) < 0)
351 goto fail;
352 return 0;
353fail:
354 /* could not format, update the bad block table (caller is responsible
355 for setting the ReplUnitTable to BLOCK_RESERVED on failure) */
356 mtd_block_markbad(nftl->mbd.mtd, instr->addr);
357 return -1;
358}
359
360/* check_sectors_in_chain: Check that each sector of a Virtual Unit Chain is correct.
361 * Mark as 'IGNORE' each incorrect sector. This check is only done if the chain
362 * was being folded when NFTL was interrupted.
363 *
364 * The check_free_sectors in this function is necessary. There is a possible
365 * situation that after writing the Data area, the Block Control Information is
366 * not updated according (due to power failure or something) which leaves the block
367 * in an inconsistent state. So we have to check if a block is really FREE in this
368 * case. */
369static void check_sectors_in_chain(struct NFTLrecord *nftl, unsigned int first_block)
370{
371 struct mtd_info *mtd = nftl->mbd.mtd;
372 unsigned int block, i, status;
373 struct nftl_bci bci;
374 int sectors_per_block;
375 size_t retlen;
376
377 sectors_per_block = nftl->EraseSize / SECTORSIZE;
378 block = first_block;
379 for (;;) {
380 for (i = 0; i < sectors_per_block; i++) {
381 if (nftl_read_oob(mtd,
382 block * nftl->EraseSize + i * SECTORSIZE,
383 8, &retlen, (char *)&bci) < 0)
384 status = SECTOR_IGNORE;
385 else
386 status = bci.Status | bci.Status1;
387
388 switch(status) {
389 case SECTOR_FREE:
390 /* verify that the sector is really free. If not, mark
391 as ignore */
392 if (memcmpb(&bci, 0xff, 8) != 0 ||
393 check_free_sectors(nftl, block * nftl->EraseSize + i * SECTORSIZE,
394 SECTORSIZE, 0) != 0) {
395 printk("Incorrect free sector %d in block %d: "
396 "marking it as ignored\n",
397 i, block);
398
399 /* sector not free actually : mark it as SECTOR_IGNORE */
400 bci.Status = SECTOR_IGNORE;
401 bci.Status1 = SECTOR_IGNORE;
402 nftl_write_oob(mtd, block *
403 nftl->EraseSize +
404 i * SECTORSIZE, 8,
405 &retlen, (char *)&bci);
406 }
407 break;
408 default:
409 break;
410 }
411 }
412
413 /* proceed to next Erase Unit on the chain */
414 block = nftl->ReplUnitTable[block];
415 if (!(block == BLOCK_NIL || block < nftl->nb_blocks))
416 printk("incorrect ReplUnitTable[] : %d\n", block);
417 if (block == BLOCK_NIL || block >= nftl->nb_blocks)
418 break;
419 }
420}
421
422/* calc_chain_length: Walk through a Virtual Unit Chain and estimate chain length */
423static int calc_chain_length(struct NFTLrecord *nftl, unsigned int first_block)
424{
425 unsigned int length = 0, block = first_block;
426
427 for (;;) {
428 length++;
429 /* avoid infinite loops, although this is guaranteed not to
430 happen because of the previous checks */
431 if (length >= nftl->nb_blocks) {
432 printk("nftl: length too long %d !\n", length);
433 break;
434 }
435
436 block = nftl->ReplUnitTable[block];
437 if (!(block == BLOCK_NIL || block < nftl->nb_blocks))
438 printk("incorrect ReplUnitTable[] : %d\n", block);
439 if (block == BLOCK_NIL || block >= nftl->nb_blocks)
440 break;
441 }
442 return length;
443}
444
445/* format_chain: Format an invalid Virtual Unit chain. It frees all the Erase Units in a
446 * Virtual Unit Chain, i.e. all the units are disconnected.
447 *
448 * It is not strictly correct to begin from the first block of the chain because
449 * if we stop the code, we may see again a valid chain if there was a first_block
450 * flag in a block inside it. But is it really a problem ?
451 *
452 * FixMe: Figure out what the last statement means. What if power failure when we are
453 * in the for (;;) loop formatting blocks ??
454 */
455static void format_chain(struct NFTLrecord *nftl, unsigned int first_block)
456{
457 unsigned int block = first_block, block1;
458
459 printk("Formatting chain at block %d\n", first_block);
460
461 for (;;) {
462 block1 = nftl->ReplUnitTable[block];
463
464 printk("Formatting block %d\n", block);
465 if (NFTL_formatblock(nftl, block) < 0) {
466 /* cannot format !!!! Mark it as Bad Unit */
467 nftl->ReplUnitTable[block] = BLOCK_RESERVED;
468 } else {
469 nftl->ReplUnitTable[block] = BLOCK_FREE;
470 }
471
472 /* goto next block on the chain */
473 block = block1;
474
475 if (!(block == BLOCK_NIL || block < nftl->nb_blocks))
476 printk("incorrect ReplUnitTable[] : %d\n", block);
477 if (block == BLOCK_NIL || block >= nftl->nb_blocks)
478 break;
479 }
480}
481
482/* check_and_mark_free_block: Verify that a block is free in the NFTL sense (valid erase mark) or
483 * totally free (only 0xff).
484 *
485 * Definition: Free Erase Unit -- A properly erased/formatted Free Erase Unit should have meet the
486 * following criteria:
487 * 1. */
488static int check_and_mark_free_block(struct NFTLrecord *nftl, int block)
489{
490 struct mtd_info *mtd = nftl->mbd.mtd;
491 struct nftl_uci1 h1;
492 unsigned int erase_mark;
493 size_t retlen;
494
495 /* check erase mark. */
496 if (nftl_read_oob(mtd, block * nftl->EraseSize + SECTORSIZE + 8, 8,
497 &retlen, (char *)&h1) < 0)
498 return -1;
499
500 erase_mark = le16_to_cpu ((h1.EraseMark | h1.EraseMark1));
501 if (erase_mark != ERASE_MARK) {
502 /* if no erase mark, the block must be totally free. This is
503 possible in two cases : empty filesystem or interrupted erase (very unlikely) */
504 if (check_free_sectors (nftl, block * nftl->EraseSize, nftl->EraseSize, 1) != 0)
505 return -1;
506
507 /* free block : write erase mark */
508 h1.EraseMark = cpu_to_le16(ERASE_MARK);
509 h1.EraseMark1 = cpu_to_le16(ERASE_MARK);
510 h1.WearInfo = cpu_to_le32(0);
511 if (nftl_write_oob(mtd,
512 block * nftl->EraseSize + SECTORSIZE + 8, 8,
513 &retlen, (char *)&h1) < 0)
514 return -1;
515 } else {
516#if 0
517 /* if erase mark present, need to skip it when doing check */
518 for (i = 0; i < nftl->EraseSize; i += SECTORSIZE) {
519 /* check free sector */
520 if (check_free_sectors (nftl, block * nftl->EraseSize + i,
521 SECTORSIZE, 0) != 0)
522 return -1;
523
524 if (nftl_read_oob(mtd, block * nftl->EraseSize + i,
525 16, &retlen, buf) < 0)
526 return -1;
527 if (i == SECTORSIZE) {
528 /* skip erase mark */
529 if (memcmpb(buf, 0xff, 8))
530 return -1;
531 } else {
532 if (memcmpb(buf, 0xff, 16))
533 return -1;
534 }
535 }
536#endif
537 }
538
539 return 0;
540}
541
542/* get_fold_mark: Read fold mark from Unit Control Information #2, we use FOLD_MARK_IN_PROGRESS
543 * to indicate that we are in the progression of a Virtual Unit Chain folding. If the UCI #2
544 * is FOLD_MARK_IN_PROGRESS when mounting the NFTL, the (previous) folding process is interrupted
545 * for some reason. A clean up/check of the VUC is necessary in this case.
546 *
547 * WARNING: return 0 if read error
548 */
549static int get_fold_mark(struct NFTLrecord *nftl, unsigned int block)
550{
551 struct mtd_info *mtd = nftl->mbd.mtd;
552 struct nftl_uci2 uci;
553 size_t retlen;
554
555 if (nftl_read_oob(mtd, block * nftl->EraseSize + 2 * SECTORSIZE + 8,
556 8, &retlen, (char *)&uci) < 0)
557 return 0;
558
559 return le16_to_cpu((uci.FoldMark | uci.FoldMark1));
560}
561
562int NFTL_mount(struct NFTLrecord *s)
563{
564 int i;
565 unsigned int first_logical_block, logical_block, rep_block, erase_mark;
566 unsigned int block, first_block, is_first_block;
567 int chain_length, do_format_chain;
568 struct nftl_uci0 h0;
569 struct nftl_uci1 h1;
570 struct mtd_info *mtd = s->mbd.mtd;
571 size_t retlen;
572
573 /* search for NFTL MediaHeader and Spare NFTL Media Header */
574 if (find_boot_record(s) < 0) {
575 printk("Could not find valid boot record\n");
576 return -1;
577 }
578
579 /* init the logical to physical table */
580 for (i = 0; i < s->nb_blocks; i++) {
581 s->EUNtable[i] = BLOCK_NIL;
582 }
583
584 /* first pass : explore each block chain */
585 first_logical_block = 0;
586 for (first_block = 0; first_block < s->nb_blocks; first_block++) {
587 /* if the block was not already explored, we can look at it */
588 if (s->ReplUnitTable[first_block] == BLOCK_NOTEXPLORED) {
589 block = first_block;
590 chain_length = 0;
591 do_format_chain = 0;
592
593 for (;;) {
594 /* read the block header. If error, we format the chain */
595 if (nftl_read_oob(mtd,
596 block * s->EraseSize + 8, 8,
597 &retlen, (char *)&h0) < 0 ||
598 nftl_read_oob(mtd,
599 block * s->EraseSize +
600 SECTORSIZE + 8, 8,
601 &retlen, (char *)&h1) < 0) {
602 s->ReplUnitTable[block] = BLOCK_NIL;
603 do_format_chain = 1;
604 break;
605 }
606
607 logical_block = le16_to_cpu ((h0.VirtUnitNum | h0.SpareVirtUnitNum));
608 rep_block = le16_to_cpu ((h0.ReplUnitNum | h0.SpareReplUnitNum));
609 erase_mark = le16_to_cpu ((h1.EraseMark | h1.EraseMark1));
610
611 is_first_block = !(logical_block >> 15);
612 logical_block = logical_block & 0x7fff;
613
614 /* invalid/free block test */
615 if (erase_mark != ERASE_MARK || logical_block >= s->nb_blocks) {
616 if (chain_length == 0) {
617 /* if not currently in a chain, we can handle it safely */
618 if (check_and_mark_free_block(s, block) < 0) {
619 /* not really free: format it */
620 printk("Formatting block %d\n", block);
621 if (NFTL_formatblock(s, block) < 0) {
622 /* could not format: reserve the block */
623 s->ReplUnitTable[block] = BLOCK_RESERVED;
624 } else {
625 s->ReplUnitTable[block] = BLOCK_FREE;
626 }
627 } else {
628 /* free block: mark it */
629 s->ReplUnitTable[block] = BLOCK_FREE;
630 }
631 /* directly examine the next block. */
632 goto examine_ReplUnitTable;
633 } else {
634 /* the block was in a chain : this is bad. We
635 must format all the chain */
636 printk("Block %d: free but referenced in chain %d\n",
637 block, first_block);
638 s->ReplUnitTable[block] = BLOCK_NIL;
639 do_format_chain = 1;
640 break;
641 }
642 }
643
644 /* we accept only first blocks here */
645 if (chain_length == 0) {
646 /* this block is not the first block in chain :
647 ignore it, it will be included in a chain
648 later, or marked as not explored */
649 if (!is_first_block)
650 goto examine_ReplUnitTable;
651 first_logical_block = logical_block;
652 } else {
653 if (logical_block != first_logical_block) {
654 printk("Block %d: incorrect logical block: %d expected: %d\n",
655 block, logical_block, first_logical_block);
656 /* the chain is incorrect : we must format it,
657 but we need to read it completely */
658 do_format_chain = 1;
659 }
660 if (is_first_block) {
661 /* we accept that a block is marked as first
662 block while being last block in a chain
663 only if the chain is being folded */
664 if (get_fold_mark(s, block) != FOLD_MARK_IN_PROGRESS ||
665 rep_block != 0xffff) {
666 printk("Block %d: incorrectly marked as first block in chain\n",
667 block);
668 /* the chain is incorrect : we must format it,
669 but we need to read it completely */
670 do_format_chain = 1;
671 } else {
672 printk("Block %d: folding in progress - ignoring first block flag\n",
673 block);
674 }
675 }
676 }
677 chain_length++;
678 if (rep_block == 0xffff) {
679 /* no more blocks after */
680 s->ReplUnitTable[block] = BLOCK_NIL;
681 break;
682 } else if (rep_block >= s->nb_blocks) {
683 printk("Block %d: referencing invalid block %d\n",
684 block, rep_block);
685 do_format_chain = 1;
686 s->ReplUnitTable[block] = BLOCK_NIL;
687 break;
688 } else if (s->ReplUnitTable[rep_block] != BLOCK_NOTEXPLORED) {
689 /* same problem as previous 'is_first_block' test:
690 we accept that the last block of a chain has
691 the first_block flag set if folding is in
692 progress. We handle here the case where the
693 last block appeared first */
694 if (s->ReplUnitTable[rep_block] == BLOCK_NIL &&
695 s->EUNtable[first_logical_block] == rep_block &&
696 get_fold_mark(s, first_block) == FOLD_MARK_IN_PROGRESS) {
697 /* EUNtable[] will be set after */
698 printk("Block %d: folding in progress - ignoring first block flag\n",
699 rep_block);
700 s->ReplUnitTable[block] = rep_block;
701 s->EUNtable[first_logical_block] = BLOCK_NIL;
702 } else {
703 printk("Block %d: referencing block %d already in another chain\n",
704 block, rep_block);
705 /* XXX: should handle correctly fold in progress chains */
706 do_format_chain = 1;
707 s->ReplUnitTable[block] = BLOCK_NIL;
708 }
709 break;
710 } else {
711 /* this is OK */
712 s->ReplUnitTable[block] = rep_block;
713 block = rep_block;
714 }
715 }
716
717 /* the chain was completely explored. Now we can decide
718 what to do with it */
719 if (do_format_chain) {
720 /* invalid chain : format it */
721 format_chain(s, first_block);
722 } else {
723 unsigned int first_block1, chain_to_format, chain_length1;
724 int fold_mark;
725
726 /* valid chain : get foldmark */
727 fold_mark = get_fold_mark(s, first_block);
728 if (fold_mark == 0) {
729 /* cannot get foldmark : format the chain */
730 printk("Could read foldmark at block %d\n", first_block);
731 format_chain(s, first_block);
732 } else {
733 if (fold_mark == FOLD_MARK_IN_PROGRESS)
734 check_sectors_in_chain(s, first_block);
735
736 /* now handle the case where we find two chains at the
737 same virtual address : we select the longer one,
738 because the shorter one is the one which was being
739 folded if the folding was not done in place */
740 first_block1 = s->EUNtable[first_logical_block];
741 if (first_block1 != BLOCK_NIL) {
742 /* XXX: what to do if same length ? */
743 chain_length1 = calc_chain_length(s, first_block1);
744 printk("Two chains at blocks %d (len=%d) and %d (len=%d)\n",
745 first_block1, chain_length1, first_block, chain_length);
746
747 if (chain_length >= chain_length1) {
748 chain_to_format = first_block1;
749 s->EUNtable[first_logical_block] = first_block;
750 } else {
751 chain_to_format = first_block;
752 }
753 format_chain(s, chain_to_format);
754 } else {
755 s->EUNtable[first_logical_block] = first_block;
756 }
757 }
758 }
759 }
760 examine_ReplUnitTable:;
761 }
762
763 /* second pass to format unreferenced blocks and init free block count */
764 s->numfreeEUNs = 0;
765 s->LastFreeEUN = le16_to_cpu(s->MediaHdr.FirstPhysicalEUN);
766
767 for (block = 0; block < s->nb_blocks; block++) {
768 if (s->ReplUnitTable[block] == BLOCK_NOTEXPLORED) {
769 printk("Unreferenced block %d, formatting it\n", block);
770 if (NFTL_formatblock(s, block) < 0)
771 s->ReplUnitTable[block] = BLOCK_RESERVED;
772 else
773 s->ReplUnitTable[block] = BLOCK_FREE;
774 }
775 if (s->ReplUnitTable[block] == BLOCK_FREE) {
776 s->numfreeEUNs++;
777 s->LastFreeEUN = block;
778 }
779 }
780
781 return 0;
782}