Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Copyright (c) International Business Machines Corp., 2006
4 * Copyright (c) Nokia Corporation, 2006, 2007
5 *
6 * Author: Artem Bityutskiy (Битюцкий Артём)
7 */
8
9/*
10 * UBI input/output sub-system.
11 *
12 * This sub-system provides a uniform way to work with all kinds of the
13 * underlying MTD devices. It also implements handy functions for reading and
14 * writing UBI headers.
15 *
16 * We are trying to have a paranoid mindset and not to trust to what we read
17 * from the flash media in order to be more secure and robust. So this
18 * sub-system validates every single header it reads from the flash media.
19 *
20 * Some words about how the eraseblock headers are stored.
21 *
22 * The erase counter header is always stored at offset zero. By default, the
23 * VID header is stored after the EC header at the closest aligned offset
24 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID
25 * header at the closest aligned offset. But this default layout may be
26 * changed. For example, for different reasons (e.g., optimization) UBI may be
27 * asked to put the VID header at further offset, and even at an unaligned
28 * offset. Of course, if the offset of the VID header is unaligned, UBI adds
29 * proper padding in front of it. Data offset may also be changed but it has to
30 * be aligned.
31 *
32 * About minimal I/O units. In general, UBI assumes flash device model where
33 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1,
34 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the
35 * @ubi->mtd->writesize field. But as an exception, UBI admits use of another
36 * (smaller) minimal I/O unit size for EC and VID headers to make it possible
37 * to do different optimizations.
38 *
39 * This is extremely useful in case of NAND flashes which admit of several
40 * write operations to one NAND page. In this case UBI can fit EC and VID
41 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal
42 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still
43 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI
44 * users.
45 *
46 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so
47 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID
48 * headers.
49 *
50 * Q: why not just to treat sub-page as a minimal I/O unit of this flash
51 * device, e.g., make @ubi->min_io_size = 512 in the example above?
52 *
53 * A: because when writing a sub-page, MTD still writes a full 2K page but the
54 * bytes which are not relevant to the sub-page are 0xFF. So, basically,
55 * writing 4x512 sub-pages is 4 times slower than writing one 2KiB NAND page.
56 * Thus, we prefer to use sub-pages only for EC and VID headers.
57 *
58 * As it was noted above, the VID header may start at a non-aligned offset.
59 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page,
60 * the VID header may reside at offset 1984 which is the last 64 bytes of the
61 * last sub-page (EC header is always at offset zero). This causes some
62 * difficulties when reading and writing VID headers.
63 *
64 * Suppose we have a 64-byte buffer and we read a VID header at it. We change
65 * the data and want to write this VID header out. As we can only write in
66 * 512-byte chunks, we have to allocate one more buffer and copy our VID header
67 * to offset 448 of this buffer.
68 *
69 * The I/O sub-system does the following trick in order to avoid this extra
70 * copy. It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID
71 * header and returns a pointer to offset @ubi->vid_hdr_shift of this buffer.
72 * When the VID header is being written out, it shifts the VID header pointer
73 * back and writes the whole sub-page.
74 */
75
76#include <linux/crc32.h>
77#include <linux/err.h>
78#include <linux/slab.h>
79#include "ubi.h"
80
81static int self_check_not_bad(const struct ubi_device *ubi, int pnum);
82static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum);
83static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
84 const struct ubi_ec_hdr *ec_hdr);
85static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum);
86static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
87 const struct ubi_vid_hdr *vid_hdr);
88static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
89 int offset, int len);
90
91/**
92 * ubi_io_read - read data from a physical eraseblock.
93 * @ubi: UBI device description object
94 * @buf: buffer where to store the read data
95 * @pnum: physical eraseblock number to read from
96 * @offset: offset within the physical eraseblock from where to read
97 * @len: how many bytes to read
98 *
99 * This function reads data from offset @offset of physical eraseblock @pnum
100 * and stores the read data in the @buf buffer. The following return codes are
101 * possible:
102 *
103 * o %0 if all the requested data were successfully read;
104 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but
105 * correctable bit-flips were detected; this is harmless but may indicate
106 * that this eraseblock may become bad soon (but do not have to);
107 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for
108 * example it can be an ECC error in case of NAND; this most probably means
109 * that the data is corrupted;
110 * o %-EIO if some I/O error occurred;
111 * o other negative error codes in case of other errors.
112 */
113int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset,
114 int len)
115{
116 int err, retries = 0;
117 size_t read;
118 loff_t addr;
119
120 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset);
121
122 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
123 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
124 ubi_assert(len > 0);
125
126 err = self_check_not_bad(ubi, pnum);
127 if (err)
128 return err;
129
130 /*
131 * Deliberately corrupt the buffer to improve robustness. Indeed, if we
132 * do not do this, the following may happen:
133 * 1. The buffer contains data from previous operation, e.g., read from
134 * another PEB previously. The data looks like expected, e.g., if we
135 * just do not read anything and return - the caller would not
136 * notice this. E.g., if we are reading a VID header, the buffer may
137 * contain a valid VID header from another PEB.
138 * 2. The driver is buggy and returns us success or -EBADMSG or
139 * -EUCLEAN, but it does not actually put any data to the buffer.
140 *
141 * This may confuse UBI or upper layers - they may think the buffer
142 * contains valid data while in fact it is just old data. This is
143 * especially possible because UBI (and UBIFS) relies on CRC, and
144 * treats data as correct even in case of ECC errors if the CRC is
145 * correct.
146 *
147 * Try to prevent this situation by changing the first byte of the
148 * buffer.
149 */
150 *((uint8_t *)buf) ^= 0xFF;
151
152 addr = (loff_t)pnum * ubi->peb_size + offset;
153retry:
154 err = mtd_read(ubi->mtd, addr, len, &read, buf);
155 if (err) {
156 const char *errstr = mtd_is_eccerr(err) ? " (ECC error)" : "";
157
158 if (mtd_is_bitflip(err)) {
159 /*
160 * -EUCLEAN is reported if there was a bit-flip which
161 * was corrected, so this is harmless.
162 *
163 * We do not report about it here unless debugging is
164 * enabled. A corresponding message will be printed
165 * later, when it is has been scrubbed.
166 */
167 ubi_msg(ubi, "fixable bit-flip detected at PEB %d",
168 pnum);
169 ubi_assert(len == read);
170 return UBI_IO_BITFLIPS;
171 }
172
173 if (retries++ < UBI_IO_RETRIES) {
174 ubi_warn(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read only %zd bytes, retry",
175 err, errstr, len, pnum, offset, read);
176 yield();
177 goto retry;
178 }
179
180 ubi_err(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read %zd bytes",
181 err, errstr, len, pnum, offset, read);
182 dump_stack();
183
184 /*
185 * The driver should never return -EBADMSG if it failed to read
186 * all the requested data. But some buggy drivers might do
187 * this, so we change it to -EIO.
188 */
189 if (read != len && mtd_is_eccerr(err)) {
190 ubi_assert(0);
191 err = -EIO;
192 }
193 } else {
194 ubi_assert(len == read);
195
196 if (ubi_dbg_is_bitflip(ubi)) {
197 dbg_gen("bit-flip (emulated)");
198 err = UBI_IO_BITFLIPS;
199 }
200 }
201
202 return err;
203}
204
205/**
206 * ubi_io_write - write data to a physical eraseblock.
207 * @ubi: UBI device description object
208 * @buf: buffer with the data to write
209 * @pnum: physical eraseblock number to write to
210 * @offset: offset within the physical eraseblock where to write
211 * @len: how many bytes to write
212 *
213 * This function writes @len bytes of data from buffer @buf to offset @offset
214 * of physical eraseblock @pnum. If all the data were successfully written,
215 * zero is returned. If an error occurred, this function returns a negative
216 * error code. If %-EIO is returned, the physical eraseblock most probably went
217 * bad.
218 *
219 * Note, in case of an error, it is possible that something was still written
220 * to the flash media, but may be some garbage.
221 */
222int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset,
223 int len)
224{
225 int err;
226 size_t written;
227 loff_t addr;
228
229 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset);
230
231 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
232 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
233 ubi_assert(offset % ubi->hdrs_min_io_size == 0);
234 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0);
235
236 if (ubi->ro_mode) {
237 ubi_err(ubi, "read-only mode");
238 return -EROFS;
239 }
240
241 err = self_check_not_bad(ubi, pnum);
242 if (err)
243 return err;
244
245 /* The area we are writing to has to contain all 0xFF bytes */
246 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
247 if (err)
248 return err;
249
250 if (offset >= ubi->leb_start) {
251 /*
252 * We write to the data area of the physical eraseblock. Make
253 * sure it has valid EC and VID headers.
254 */
255 err = self_check_peb_ec_hdr(ubi, pnum);
256 if (err)
257 return err;
258 err = self_check_peb_vid_hdr(ubi, pnum);
259 if (err)
260 return err;
261 }
262
263 if (ubi_dbg_is_write_failure(ubi)) {
264 ubi_err(ubi, "cannot write %d bytes to PEB %d:%d (emulated)",
265 len, pnum, offset);
266 dump_stack();
267 return -EIO;
268 }
269
270 addr = (loff_t)pnum * ubi->peb_size + offset;
271 err = mtd_write(ubi->mtd, addr, len, &written, buf);
272 if (err) {
273 ubi_err(ubi, "error %d while writing %d bytes to PEB %d:%d, written %zd bytes",
274 err, len, pnum, offset, written);
275 dump_stack();
276 ubi_dump_flash(ubi, pnum, offset, len);
277 } else
278 ubi_assert(written == len);
279
280 if (!err) {
281 err = self_check_write(ubi, buf, pnum, offset, len);
282 if (err)
283 return err;
284
285 /*
286 * Since we always write sequentially, the rest of the PEB has
287 * to contain only 0xFF bytes.
288 */
289 offset += len;
290 len = ubi->peb_size - offset;
291 if (len)
292 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
293 }
294
295 return err;
296}
297
298/**
299 * do_sync_erase - synchronously erase a physical eraseblock.
300 * @ubi: UBI device description object
301 * @pnum: the physical eraseblock number to erase
302 *
303 * This function synchronously erases physical eraseblock @pnum and returns
304 * zero in case of success and a negative error code in case of failure. If
305 * %-EIO is returned, the physical eraseblock most probably went bad.
306 */
307static int do_sync_erase(struct ubi_device *ubi, int pnum)
308{
309 int err, retries = 0;
310 struct erase_info ei;
311
312 dbg_io("erase PEB %d", pnum);
313 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
314
315 if (ubi->ro_mode) {
316 ubi_err(ubi, "read-only mode");
317 return -EROFS;
318 }
319
320retry:
321 memset(&ei, 0, sizeof(struct erase_info));
322
323 ei.addr = (loff_t)pnum * ubi->peb_size;
324 ei.len = ubi->peb_size;
325
326 err = mtd_erase(ubi->mtd, &ei);
327 if (err) {
328 if (retries++ < UBI_IO_RETRIES) {
329 ubi_warn(ubi, "error %d while erasing PEB %d, retry",
330 err, pnum);
331 yield();
332 goto retry;
333 }
334 ubi_err(ubi, "cannot erase PEB %d, error %d", pnum, err);
335 dump_stack();
336 return err;
337 }
338
339 err = ubi_self_check_all_ff(ubi, pnum, 0, ubi->peb_size);
340 if (err)
341 return err;
342
343 if (ubi_dbg_is_erase_failure(ubi)) {
344 ubi_err(ubi, "cannot erase PEB %d (emulated)", pnum);
345 return -EIO;
346 }
347
348 return 0;
349}
350
351/* Patterns to write to a physical eraseblock when torturing it */
352static uint8_t patterns[] = {0xa5, 0x5a, 0x0};
353
354/**
355 * torture_peb - test a supposedly bad physical eraseblock.
356 * @ubi: UBI device description object
357 * @pnum: the physical eraseblock number to test
358 *
359 * This function returns %-EIO if the physical eraseblock did not pass the
360 * test, a positive number of erase operations done if the test was
361 * successfully passed, and other negative error codes in case of other errors.
362 */
363static int torture_peb(struct ubi_device *ubi, int pnum)
364{
365 int err, i, patt_count;
366
367 ubi_msg(ubi, "run torture test for PEB %d", pnum);
368 patt_count = ARRAY_SIZE(patterns);
369 ubi_assert(patt_count > 0);
370
371 mutex_lock(&ubi->buf_mutex);
372 for (i = 0; i < patt_count; i++) {
373 err = do_sync_erase(ubi, pnum);
374 if (err)
375 goto out;
376
377 /* Make sure the PEB contains only 0xFF bytes */
378 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
379 if (err)
380 goto out;
381
382 err = ubi_check_pattern(ubi->peb_buf, 0xFF, ubi->peb_size);
383 if (err == 0) {
384 ubi_err(ubi, "erased PEB %d, but a non-0xFF byte found",
385 pnum);
386 err = -EIO;
387 goto out;
388 }
389
390 /* Write a pattern and check it */
391 memset(ubi->peb_buf, patterns[i], ubi->peb_size);
392 err = ubi_io_write(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
393 if (err)
394 goto out;
395
396 memset(ubi->peb_buf, ~patterns[i], ubi->peb_size);
397 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
398 if (err)
399 goto out;
400
401 err = ubi_check_pattern(ubi->peb_buf, patterns[i],
402 ubi->peb_size);
403 if (err == 0) {
404 ubi_err(ubi, "pattern %x checking failed for PEB %d",
405 patterns[i], pnum);
406 err = -EIO;
407 goto out;
408 }
409 }
410
411 err = patt_count;
412 ubi_msg(ubi, "PEB %d passed torture test, do not mark it as bad", pnum);
413
414out:
415 mutex_unlock(&ubi->buf_mutex);
416 if (err == UBI_IO_BITFLIPS || mtd_is_eccerr(err)) {
417 /*
418 * If a bit-flip or data integrity error was detected, the test
419 * has not passed because it happened on a freshly erased
420 * physical eraseblock which means something is wrong with it.
421 */
422 ubi_err(ubi, "read problems on freshly erased PEB %d, must be bad",
423 pnum);
424 err = -EIO;
425 }
426 return err;
427}
428
429/**
430 * nor_erase_prepare - prepare a NOR flash PEB for erasure.
431 * @ubi: UBI device description object
432 * @pnum: physical eraseblock number to prepare
433 *
434 * NOR flash, or at least some of them, have peculiar embedded PEB erasure
435 * algorithm: the PEB is first filled with zeroes, then it is erased. And
436 * filling with zeroes starts from the end of the PEB. This was observed with
437 * Spansion S29GL512N NOR flash.
438 *
439 * This means that in case of a power cut we may end up with intact data at the
440 * beginning of the PEB, and all zeroes at the end of PEB. In other words, the
441 * EC and VID headers are OK, but a large chunk of data at the end of PEB is
442 * zeroed. This makes UBI mistakenly treat this PEB as used and associate it
443 * with an LEB, which leads to subsequent failures (e.g., UBIFS fails).
444 *
445 * This function is called before erasing NOR PEBs and it zeroes out EC and VID
446 * magic numbers in order to invalidate them and prevent the failures. Returns
447 * zero in case of success and a negative error code in case of failure.
448 */
449static int nor_erase_prepare(struct ubi_device *ubi, int pnum)
450{
451 int err;
452 size_t written;
453 loff_t addr;
454 uint32_t data = 0;
455 struct ubi_ec_hdr ec_hdr;
456 struct ubi_vid_io_buf vidb;
457
458 /*
459 * Note, we cannot generally define VID header buffers on stack,
460 * because of the way we deal with these buffers (see the header
461 * comment in this file). But we know this is a NOR-specific piece of
462 * code, so we can do this. But yes, this is error-prone and we should
463 * (pre-)allocate VID header buffer instead.
464 */
465 struct ubi_vid_hdr vid_hdr;
466
467 /*
468 * If VID or EC is valid, we have to corrupt them before erasing.
469 * It is important to first invalidate the EC header, and then the VID
470 * header. Otherwise a power cut may lead to valid EC header and
471 * invalid VID header, in which case UBI will treat this PEB as
472 * corrupted and will try to preserve it, and print scary warnings.
473 */
474 addr = (loff_t)pnum * ubi->peb_size;
475 err = ubi_io_read_ec_hdr(ubi, pnum, &ec_hdr, 0);
476 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
477 err != UBI_IO_FF){
478 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
479 if(err)
480 goto error;
481 }
482
483 ubi_init_vid_buf(ubi, &vidb, &vid_hdr);
484 ubi_assert(&vid_hdr == ubi_get_vid_hdr(&vidb));
485
486 err = ubi_io_read_vid_hdr(ubi, pnum, &vidb, 0);
487 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
488 err != UBI_IO_FF){
489 addr += ubi->vid_hdr_aloffset;
490 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
491 if (err)
492 goto error;
493 }
494 return 0;
495
496error:
497 /*
498 * The PEB contains a valid VID or EC header, but we cannot invalidate
499 * it. Supposedly the flash media or the driver is screwed up, so
500 * return an error.
501 */
502 ubi_err(ubi, "cannot invalidate PEB %d, write returned %d", pnum, err);
503 ubi_dump_flash(ubi, pnum, 0, ubi->peb_size);
504 return -EIO;
505}
506
507/**
508 * ubi_io_sync_erase - synchronously erase a physical eraseblock.
509 * @ubi: UBI device description object
510 * @pnum: physical eraseblock number to erase
511 * @torture: if this physical eraseblock has to be tortured
512 *
513 * This function synchronously erases physical eraseblock @pnum. If @torture
514 * flag is not zero, the physical eraseblock is checked by means of writing
515 * different patterns to it and reading them back. If the torturing is enabled,
516 * the physical eraseblock is erased more than once.
517 *
518 * This function returns the number of erasures made in case of success, %-EIO
519 * if the erasure failed or the torturing test failed, and other negative error
520 * codes in case of other errors. Note, %-EIO means that the physical
521 * eraseblock is bad.
522 */
523int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture)
524{
525 int err, ret = 0;
526
527 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
528
529 err = self_check_not_bad(ubi, pnum);
530 if (err != 0)
531 return err;
532
533 if (ubi->ro_mode) {
534 ubi_err(ubi, "read-only mode");
535 return -EROFS;
536 }
537
538 if (ubi->nor_flash) {
539 err = nor_erase_prepare(ubi, pnum);
540 if (err)
541 return err;
542 }
543
544 if (torture) {
545 ret = torture_peb(ubi, pnum);
546 if (ret < 0)
547 return ret;
548 }
549
550 err = do_sync_erase(ubi, pnum);
551 if (err)
552 return err;
553
554 return ret + 1;
555}
556
557/**
558 * ubi_io_is_bad - check if a physical eraseblock is bad.
559 * @ubi: UBI device description object
560 * @pnum: the physical eraseblock number to check
561 *
562 * This function returns a positive number if the physical eraseblock is bad,
563 * zero if not, and a negative error code if an error occurred.
564 */
565int ubi_io_is_bad(const struct ubi_device *ubi, int pnum)
566{
567 struct mtd_info *mtd = ubi->mtd;
568
569 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
570
571 if (ubi->bad_allowed) {
572 int ret;
573
574 ret = mtd_block_isbad(mtd, (loff_t)pnum * ubi->peb_size);
575 if (ret < 0)
576 ubi_err(ubi, "error %d while checking if PEB %d is bad",
577 ret, pnum);
578 else if (ret)
579 dbg_io("PEB %d is bad", pnum);
580 return ret;
581 }
582
583 return 0;
584}
585
586/**
587 * ubi_io_mark_bad - mark a physical eraseblock as bad.
588 * @ubi: UBI device description object
589 * @pnum: the physical eraseblock number to mark
590 *
591 * This function returns zero in case of success and a negative error code in
592 * case of failure.
593 */
594int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum)
595{
596 int err;
597 struct mtd_info *mtd = ubi->mtd;
598
599 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
600
601 if (ubi->ro_mode) {
602 ubi_err(ubi, "read-only mode");
603 return -EROFS;
604 }
605
606 if (!ubi->bad_allowed)
607 return 0;
608
609 err = mtd_block_markbad(mtd, (loff_t)pnum * ubi->peb_size);
610 if (err)
611 ubi_err(ubi, "cannot mark PEB %d bad, error %d", pnum, err);
612 return err;
613}
614
615/**
616 * validate_ec_hdr - validate an erase counter header.
617 * @ubi: UBI device description object
618 * @ec_hdr: the erase counter header to check
619 *
620 * This function returns zero if the erase counter header is OK, and %1 if
621 * not.
622 */
623static int validate_ec_hdr(const struct ubi_device *ubi,
624 const struct ubi_ec_hdr *ec_hdr)
625{
626 long long ec;
627 int vid_hdr_offset, leb_start;
628
629 ec = be64_to_cpu(ec_hdr->ec);
630 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset);
631 leb_start = be32_to_cpu(ec_hdr->data_offset);
632
633 if (ec_hdr->version != UBI_VERSION) {
634 ubi_err(ubi, "node with incompatible UBI version found: this UBI version is %d, image version is %d",
635 UBI_VERSION, (int)ec_hdr->version);
636 goto bad;
637 }
638
639 if (vid_hdr_offset != ubi->vid_hdr_offset) {
640 ubi_err(ubi, "bad VID header offset %d, expected %d",
641 vid_hdr_offset, ubi->vid_hdr_offset);
642 goto bad;
643 }
644
645 if (leb_start != ubi->leb_start) {
646 ubi_err(ubi, "bad data offset %d, expected %d",
647 leb_start, ubi->leb_start);
648 goto bad;
649 }
650
651 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) {
652 ubi_err(ubi, "bad erase counter %lld", ec);
653 goto bad;
654 }
655
656 return 0;
657
658bad:
659 ubi_err(ubi, "bad EC header");
660 ubi_dump_ec_hdr(ec_hdr);
661 dump_stack();
662 return 1;
663}
664
665/**
666 * ubi_io_read_ec_hdr - read and check an erase counter header.
667 * @ubi: UBI device description object
668 * @pnum: physical eraseblock to read from
669 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter
670 * header
671 * @verbose: be verbose if the header is corrupted or was not found
672 *
673 * This function reads erase counter header from physical eraseblock @pnum and
674 * stores it in @ec_hdr. This function also checks CRC checksum of the read
675 * erase counter header. The following codes may be returned:
676 *
677 * o %0 if the CRC checksum is correct and the header was successfully read;
678 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected
679 * and corrected by the flash driver; this is harmless but may indicate that
680 * this eraseblock may become bad soon (but may be not);
681 * o %UBI_IO_BAD_HDR if the erase counter header is corrupted (a CRC error);
682 * o %UBI_IO_BAD_HDR_EBADMSG is the same as %UBI_IO_BAD_HDR, but there also was
683 * a data integrity error (uncorrectable ECC error in case of NAND);
684 * o %UBI_IO_FF if only 0xFF bytes were read (the PEB is supposedly empty)
685 * o a negative error code in case of failure.
686 */
687int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum,
688 struct ubi_ec_hdr *ec_hdr, int verbose)
689{
690 int err, read_err;
691 uint32_t crc, magic, hdr_crc;
692
693 dbg_io("read EC header from PEB %d", pnum);
694 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
695
696 read_err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
697 if (read_err) {
698 if (read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
699 return read_err;
700
701 /*
702 * We read all the data, but either a correctable bit-flip
703 * occurred, or MTD reported a data integrity error
704 * (uncorrectable ECC error in case of NAND). The former is
705 * harmless, the later may mean that the read data is
706 * corrupted. But we have a CRC check-sum and we will detect
707 * this. If the EC header is still OK, we just report this as
708 * there was a bit-flip, to force scrubbing.
709 */
710 }
711
712 magic = be32_to_cpu(ec_hdr->magic);
713 if (magic != UBI_EC_HDR_MAGIC) {
714 if (mtd_is_eccerr(read_err))
715 return UBI_IO_BAD_HDR_EBADMSG;
716
717 /*
718 * The magic field is wrong. Let's check if we have read all
719 * 0xFF. If yes, this physical eraseblock is assumed to be
720 * empty.
721 */
722 if (ubi_check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) {
723 /* The physical eraseblock is supposedly empty */
724 if (verbose)
725 ubi_warn(ubi, "no EC header found at PEB %d, only 0xFF bytes",
726 pnum);
727 dbg_bld("no EC header found at PEB %d, only 0xFF bytes",
728 pnum);
729 if (!read_err)
730 return UBI_IO_FF;
731 else
732 return UBI_IO_FF_BITFLIPS;
733 }
734
735 /*
736 * This is not a valid erase counter header, and these are not
737 * 0xFF bytes. Report that the header is corrupted.
738 */
739 if (verbose) {
740 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
741 pnum, magic, UBI_EC_HDR_MAGIC);
742 ubi_dump_ec_hdr(ec_hdr);
743 }
744 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
745 pnum, magic, UBI_EC_HDR_MAGIC);
746 return UBI_IO_BAD_HDR;
747 }
748
749 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
750 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
751
752 if (hdr_crc != crc) {
753 if (verbose) {
754 ubi_warn(ubi, "bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
755 pnum, crc, hdr_crc);
756 ubi_dump_ec_hdr(ec_hdr);
757 }
758 dbg_bld("bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
759 pnum, crc, hdr_crc);
760
761 if (!read_err)
762 return UBI_IO_BAD_HDR;
763 else
764 return UBI_IO_BAD_HDR_EBADMSG;
765 }
766
767 /* And of course validate what has just been read from the media */
768 err = validate_ec_hdr(ubi, ec_hdr);
769 if (err) {
770 ubi_err(ubi, "validation failed for PEB %d", pnum);
771 return -EINVAL;
772 }
773
774 /*
775 * If there was %-EBADMSG, but the header CRC is still OK, report about
776 * a bit-flip to force scrubbing on this PEB.
777 */
778 return read_err ? UBI_IO_BITFLIPS : 0;
779}
780
781/**
782 * ubi_io_write_ec_hdr - write an erase counter header.
783 * @ubi: UBI device description object
784 * @pnum: physical eraseblock to write to
785 * @ec_hdr: the erase counter header to write
786 *
787 * This function writes erase counter header described by @ec_hdr to physical
788 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so
789 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec
790 * field.
791 *
792 * This function returns zero in case of success and a negative error code in
793 * case of failure. If %-EIO is returned, the physical eraseblock most probably
794 * went bad.
795 */
796int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum,
797 struct ubi_ec_hdr *ec_hdr)
798{
799 int err;
800 uint32_t crc;
801
802 dbg_io("write EC header to PEB %d", pnum);
803 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
804
805 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC);
806 ec_hdr->version = UBI_VERSION;
807 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset);
808 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start);
809 ec_hdr->image_seq = cpu_to_be32(ubi->image_seq);
810 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
811 ec_hdr->hdr_crc = cpu_to_be32(crc);
812
813 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
814 if (err)
815 return err;
816
817 if (ubi_dbg_power_cut(ubi, POWER_CUT_EC_WRITE))
818 return -EROFS;
819
820 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize);
821 return err;
822}
823
824/**
825 * validate_vid_hdr - validate a volume identifier header.
826 * @ubi: UBI device description object
827 * @vid_hdr: the volume identifier header to check
828 *
829 * This function checks that data stored in the volume identifier header
830 * @vid_hdr. Returns zero if the VID header is OK and %1 if not.
831 */
832static int validate_vid_hdr(const struct ubi_device *ubi,
833 const struct ubi_vid_hdr *vid_hdr)
834{
835 int vol_type = vid_hdr->vol_type;
836 int copy_flag = vid_hdr->copy_flag;
837 int vol_id = be32_to_cpu(vid_hdr->vol_id);
838 int lnum = be32_to_cpu(vid_hdr->lnum);
839 int compat = vid_hdr->compat;
840 int data_size = be32_to_cpu(vid_hdr->data_size);
841 int used_ebs = be32_to_cpu(vid_hdr->used_ebs);
842 int data_pad = be32_to_cpu(vid_hdr->data_pad);
843 int data_crc = be32_to_cpu(vid_hdr->data_crc);
844 int usable_leb_size = ubi->leb_size - data_pad;
845
846 if (copy_flag != 0 && copy_flag != 1) {
847 ubi_err(ubi, "bad copy_flag");
848 goto bad;
849 }
850
851 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 ||
852 data_pad < 0) {
853 ubi_err(ubi, "negative values");
854 goto bad;
855 }
856
857 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) {
858 ubi_err(ubi, "bad vol_id");
859 goto bad;
860 }
861
862 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) {
863 ubi_err(ubi, "bad compat");
864 goto bad;
865 }
866
867 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE &&
868 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE &&
869 compat != UBI_COMPAT_REJECT) {
870 ubi_err(ubi, "bad compat");
871 goto bad;
872 }
873
874 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) {
875 ubi_err(ubi, "bad vol_type");
876 goto bad;
877 }
878
879 if (data_pad >= ubi->leb_size / 2) {
880 ubi_err(ubi, "bad data_pad");
881 goto bad;
882 }
883
884 if (data_size > ubi->leb_size) {
885 ubi_err(ubi, "bad data_size");
886 goto bad;
887 }
888
889 if (vol_type == UBI_VID_STATIC) {
890 /*
891 * Although from high-level point of view static volumes may
892 * contain zero bytes of data, but no VID headers can contain
893 * zero at these fields, because they empty volumes do not have
894 * mapped logical eraseblocks.
895 */
896 if (used_ebs == 0) {
897 ubi_err(ubi, "zero used_ebs");
898 goto bad;
899 }
900 if (data_size == 0) {
901 ubi_err(ubi, "zero data_size");
902 goto bad;
903 }
904 if (lnum < used_ebs - 1) {
905 if (data_size != usable_leb_size) {
906 ubi_err(ubi, "bad data_size");
907 goto bad;
908 }
909 } else if (lnum == used_ebs - 1) {
910 if (data_size == 0) {
911 ubi_err(ubi, "bad data_size at last LEB");
912 goto bad;
913 }
914 } else {
915 ubi_err(ubi, "too high lnum");
916 goto bad;
917 }
918 } else {
919 if (copy_flag == 0) {
920 if (data_crc != 0) {
921 ubi_err(ubi, "non-zero data CRC");
922 goto bad;
923 }
924 if (data_size != 0) {
925 ubi_err(ubi, "non-zero data_size");
926 goto bad;
927 }
928 } else {
929 if (data_size == 0) {
930 ubi_err(ubi, "zero data_size of copy");
931 goto bad;
932 }
933 }
934 if (used_ebs != 0) {
935 ubi_err(ubi, "bad used_ebs");
936 goto bad;
937 }
938 }
939
940 return 0;
941
942bad:
943 ubi_err(ubi, "bad VID header");
944 ubi_dump_vid_hdr(vid_hdr);
945 dump_stack();
946 return 1;
947}
948
949/**
950 * ubi_io_read_vid_hdr - read and check a volume identifier header.
951 * @ubi: UBI device description object
952 * @pnum: physical eraseblock number to read from
953 * @vidb: the volume identifier buffer to store data in
954 * @verbose: be verbose if the header is corrupted or wasn't found
955 *
956 * This function reads the volume identifier header from physical eraseblock
957 * @pnum and stores it in @vidb. It also checks CRC checksum of the read
958 * volume identifier header. The error codes are the same as in
959 * 'ubi_io_read_ec_hdr()'.
960 *
961 * Note, the implementation of this function is also very similar to
962 * 'ubi_io_read_ec_hdr()', so refer commentaries in 'ubi_io_read_ec_hdr()'.
963 */
964int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum,
965 struct ubi_vid_io_buf *vidb, int verbose)
966{
967 int err, read_err;
968 uint32_t crc, magic, hdr_crc;
969 struct ubi_vid_hdr *vid_hdr = ubi_get_vid_hdr(vidb);
970 void *p = vidb->buffer;
971
972 dbg_io("read VID header from PEB %d", pnum);
973 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
974
975 read_err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
976 ubi->vid_hdr_shift + UBI_VID_HDR_SIZE);
977 if (read_err && read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
978 return read_err;
979
980 magic = be32_to_cpu(vid_hdr->magic);
981 if (magic != UBI_VID_HDR_MAGIC) {
982 if (mtd_is_eccerr(read_err))
983 return UBI_IO_BAD_HDR_EBADMSG;
984
985 if (ubi_check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) {
986 if (verbose)
987 ubi_warn(ubi, "no VID header found at PEB %d, only 0xFF bytes",
988 pnum);
989 dbg_bld("no VID header found at PEB %d, only 0xFF bytes",
990 pnum);
991 if (!read_err)
992 return UBI_IO_FF;
993 else
994 return UBI_IO_FF_BITFLIPS;
995 }
996
997 if (verbose) {
998 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
999 pnum, magic, UBI_VID_HDR_MAGIC);
1000 ubi_dump_vid_hdr(vid_hdr);
1001 }
1002 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
1003 pnum, magic, UBI_VID_HDR_MAGIC);
1004 return UBI_IO_BAD_HDR;
1005 }
1006
1007 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1008 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1009
1010 if (hdr_crc != crc) {
1011 if (verbose) {
1012 ubi_warn(ubi, "bad CRC at PEB %d, calculated %#08x, read %#08x",
1013 pnum, crc, hdr_crc);
1014 ubi_dump_vid_hdr(vid_hdr);
1015 }
1016 dbg_bld("bad CRC at PEB %d, calculated %#08x, read %#08x",
1017 pnum, crc, hdr_crc);
1018 if (!read_err)
1019 return UBI_IO_BAD_HDR;
1020 else
1021 return UBI_IO_BAD_HDR_EBADMSG;
1022 }
1023
1024 err = validate_vid_hdr(ubi, vid_hdr);
1025 if (err) {
1026 ubi_err(ubi, "validation failed for PEB %d", pnum);
1027 return -EINVAL;
1028 }
1029
1030 return read_err ? UBI_IO_BITFLIPS : 0;
1031}
1032
1033/**
1034 * ubi_io_write_vid_hdr - write a volume identifier header.
1035 * @ubi: UBI device description object
1036 * @pnum: the physical eraseblock number to write to
1037 * @vidb: the volume identifier buffer to write
1038 *
1039 * This function writes the volume identifier header described by @vid_hdr to
1040 * physical eraseblock @pnum. This function automatically fills the
1041 * @vidb->hdr->magic and the @vidb->hdr->version fields, as well as calculates
1042 * header CRC checksum and stores it at vidb->hdr->hdr_crc.
1043 *
1044 * This function returns zero in case of success and a negative error code in
1045 * case of failure. If %-EIO is returned, the physical eraseblock probably went
1046 * bad.
1047 */
1048int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum,
1049 struct ubi_vid_io_buf *vidb)
1050{
1051 struct ubi_vid_hdr *vid_hdr = ubi_get_vid_hdr(vidb);
1052 int err;
1053 uint32_t crc;
1054 void *p = vidb->buffer;
1055
1056 dbg_io("write VID header to PEB %d", pnum);
1057 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1058
1059 err = self_check_peb_ec_hdr(ubi, pnum);
1060 if (err)
1061 return err;
1062
1063 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC);
1064 vid_hdr->version = UBI_VERSION;
1065 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1066 vid_hdr->hdr_crc = cpu_to_be32(crc);
1067
1068 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1069 if (err)
1070 return err;
1071
1072 if (ubi_dbg_power_cut(ubi, POWER_CUT_VID_WRITE))
1073 return -EROFS;
1074
1075 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset,
1076 ubi->vid_hdr_alsize);
1077 return err;
1078}
1079
1080/**
1081 * self_check_not_bad - ensure that a physical eraseblock is not bad.
1082 * @ubi: UBI device description object
1083 * @pnum: physical eraseblock number to check
1084 *
1085 * This function returns zero if the physical eraseblock is good, %-EINVAL if
1086 * it is bad and a negative error code if an error occurred.
1087 */
1088static int self_check_not_bad(const struct ubi_device *ubi, int pnum)
1089{
1090 int err;
1091
1092 if (!ubi_dbg_chk_io(ubi))
1093 return 0;
1094
1095 err = ubi_io_is_bad(ubi, pnum);
1096 if (!err)
1097 return err;
1098
1099 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1100 dump_stack();
1101 return err > 0 ? -EINVAL : err;
1102}
1103
1104/**
1105 * self_check_ec_hdr - check if an erase counter header is all right.
1106 * @ubi: UBI device description object
1107 * @pnum: physical eraseblock number the erase counter header belongs to
1108 * @ec_hdr: the erase counter header to check
1109 *
1110 * This function returns zero if the erase counter header contains valid
1111 * values, and %-EINVAL if not.
1112 */
1113static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
1114 const struct ubi_ec_hdr *ec_hdr)
1115{
1116 int err;
1117 uint32_t magic;
1118
1119 if (!ubi_dbg_chk_io(ubi))
1120 return 0;
1121
1122 magic = be32_to_cpu(ec_hdr->magic);
1123 if (magic != UBI_EC_HDR_MAGIC) {
1124 ubi_err(ubi, "bad magic %#08x, must be %#08x",
1125 magic, UBI_EC_HDR_MAGIC);
1126 goto fail;
1127 }
1128
1129 err = validate_ec_hdr(ubi, ec_hdr);
1130 if (err) {
1131 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1132 goto fail;
1133 }
1134
1135 return 0;
1136
1137fail:
1138 ubi_dump_ec_hdr(ec_hdr);
1139 dump_stack();
1140 return -EINVAL;
1141}
1142
1143/**
1144 * self_check_peb_ec_hdr - check erase counter header.
1145 * @ubi: UBI device description object
1146 * @pnum: the physical eraseblock number to check
1147 *
1148 * This function returns zero if the erase counter header is all right and and
1149 * a negative error code if not or if an error occurred.
1150 */
1151static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum)
1152{
1153 int err;
1154 uint32_t crc, hdr_crc;
1155 struct ubi_ec_hdr *ec_hdr;
1156
1157 if (!ubi_dbg_chk_io(ubi))
1158 return 0;
1159
1160 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS);
1161 if (!ec_hdr)
1162 return -ENOMEM;
1163
1164 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
1165 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1166 goto exit;
1167
1168 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
1169 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
1170 if (hdr_crc != crc) {
1171 ubi_err(ubi, "bad CRC, calculated %#08x, read %#08x",
1172 crc, hdr_crc);
1173 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1174 ubi_dump_ec_hdr(ec_hdr);
1175 dump_stack();
1176 err = -EINVAL;
1177 goto exit;
1178 }
1179
1180 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
1181
1182exit:
1183 kfree(ec_hdr);
1184 return err;
1185}
1186
1187/**
1188 * self_check_vid_hdr - check that a volume identifier header is all right.
1189 * @ubi: UBI device description object
1190 * @pnum: physical eraseblock number the volume identifier header belongs to
1191 * @vid_hdr: the volume identifier header to check
1192 *
1193 * This function returns zero if the volume identifier header is all right, and
1194 * %-EINVAL if not.
1195 */
1196static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
1197 const struct ubi_vid_hdr *vid_hdr)
1198{
1199 int err;
1200 uint32_t magic;
1201
1202 if (!ubi_dbg_chk_io(ubi))
1203 return 0;
1204
1205 magic = be32_to_cpu(vid_hdr->magic);
1206 if (magic != UBI_VID_HDR_MAGIC) {
1207 ubi_err(ubi, "bad VID header magic %#08x at PEB %d, must be %#08x",
1208 magic, pnum, UBI_VID_HDR_MAGIC);
1209 goto fail;
1210 }
1211
1212 err = validate_vid_hdr(ubi, vid_hdr);
1213 if (err) {
1214 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1215 goto fail;
1216 }
1217
1218 return err;
1219
1220fail:
1221 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1222 ubi_dump_vid_hdr(vid_hdr);
1223 dump_stack();
1224 return -EINVAL;
1225
1226}
1227
1228/**
1229 * self_check_peb_vid_hdr - check volume identifier header.
1230 * @ubi: UBI device description object
1231 * @pnum: the physical eraseblock number to check
1232 *
1233 * This function returns zero if the volume identifier header is all right,
1234 * and a negative error code if not or if an error occurred.
1235 */
1236static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum)
1237{
1238 int err;
1239 uint32_t crc, hdr_crc;
1240 struct ubi_vid_io_buf *vidb;
1241 struct ubi_vid_hdr *vid_hdr;
1242 void *p;
1243
1244 if (!ubi_dbg_chk_io(ubi))
1245 return 0;
1246
1247 vidb = ubi_alloc_vid_buf(ubi, GFP_NOFS);
1248 if (!vidb)
1249 return -ENOMEM;
1250
1251 vid_hdr = ubi_get_vid_hdr(vidb);
1252 p = vidb->buffer;
1253 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1254 ubi->vid_hdr_alsize);
1255 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1256 goto exit;
1257
1258 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1259 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1260 if (hdr_crc != crc) {
1261 ubi_err(ubi, "bad VID header CRC at PEB %d, calculated %#08x, read %#08x",
1262 pnum, crc, hdr_crc);
1263 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1264 ubi_dump_vid_hdr(vid_hdr);
1265 dump_stack();
1266 err = -EINVAL;
1267 goto exit;
1268 }
1269
1270 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1271
1272exit:
1273 ubi_free_vid_buf(vidb);
1274 return err;
1275}
1276
1277/**
1278 * self_check_write - make sure write succeeded.
1279 * @ubi: UBI device description object
1280 * @buf: buffer with data which were written
1281 * @pnum: physical eraseblock number the data were written to
1282 * @offset: offset within the physical eraseblock the data were written to
1283 * @len: how many bytes were written
1284 *
1285 * This functions reads data which were recently written and compares it with
1286 * the original data buffer - the data have to match. Returns zero if the data
1287 * match and a negative error code if not or in case of failure.
1288 */
1289static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
1290 int offset, int len)
1291{
1292 int err, i;
1293 size_t read;
1294 void *buf1;
1295 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1296
1297 if (!ubi_dbg_chk_io(ubi))
1298 return 0;
1299
1300 buf1 = __vmalloc(len, GFP_NOFS);
1301 if (!buf1) {
1302 ubi_err(ubi, "cannot allocate memory to check writes");
1303 return 0;
1304 }
1305
1306 err = mtd_read(ubi->mtd, addr, len, &read, buf1);
1307 if (err && !mtd_is_bitflip(err))
1308 goto out_free;
1309
1310 for (i = 0; i < len; i++) {
1311 uint8_t c = ((uint8_t *)buf)[i];
1312 uint8_t c1 = ((uint8_t *)buf1)[i];
1313 int dump_len;
1314
1315 if (c == c1)
1316 continue;
1317
1318 ubi_err(ubi, "self-check failed for PEB %d:%d, len %d",
1319 pnum, offset, len);
1320 ubi_msg(ubi, "data differ at position %d", i);
1321 dump_len = max_t(int, 128, len - i);
1322 ubi_msg(ubi, "hex dump of the original buffer from %d to %d",
1323 i, i + dump_len);
1324 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1325 buf + i, dump_len, 1);
1326 ubi_msg(ubi, "hex dump of the read buffer from %d to %d",
1327 i, i + dump_len);
1328 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1329 buf1 + i, dump_len, 1);
1330 dump_stack();
1331 err = -EINVAL;
1332 goto out_free;
1333 }
1334
1335 vfree(buf1);
1336 return 0;
1337
1338out_free:
1339 vfree(buf1);
1340 return err;
1341}
1342
1343/**
1344 * ubi_self_check_all_ff - check that a region of flash is empty.
1345 * @ubi: UBI device description object
1346 * @pnum: the physical eraseblock number to check
1347 * @offset: the starting offset within the physical eraseblock to check
1348 * @len: the length of the region to check
1349 *
1350 * This function returns zero if only 0xFF bytes are present at offset
1351 * @offset of the physical eraseblock @pnum, and a negative error code if not
1352 * or if an error occurred.
1353 */
1354int ubi_self_check_all_ff(struct ubi_device *ubi, int pnum, int offset, int len)
1355{
1356 size_t read;
1357 int err;
1358 void *buf;
1359 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1360
1361 if (!ubi_dbg_chk_io(ubi))
1362 return 0;
1363
1364 buf = __vmalloc(len, GFP_NOFS);
1365 if (!buf) {
1366 ubi_err(ubi, "cannot allocate memory to check for 0xFFs");
1367 return 0;
1368 }
1369
1370 err = mtd_read(ubi->mtd, addr, len, &read, buf);
1371 if (err && !mtd_is_bitflip(err)) {
1372 ubi_err(ubi, "err %d while reading %d bytes from PEB %d:%d, read %zd bytes",
1373 err, len, pnum, offset, read);
1374 goto error;
1375 }
1376
1377 err = ubi_check_pattern(buf, 0xFF, len);
1378 if (err == 0) {
1379 ubi_err(ubi, "flash region at PEB %d:%d, length %d does not contain all 0xFF bytes",
1380 pnum, offset, len);
1381 goto fail;
1382 }
1383
1384 vfree(buf);
1385 return 0;
1386
1387fail:
1388 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1389 ubi_msg(ubi, "hex dump of the %d-%d region", offset, offset + len);
1390 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1, buf, len, 1);
1391 err = -EINVAL;
1392error:
1393 dump_stack();
1394 vfree(buf);
1395 return err;
1396}
1/*
2 * Copyright (c) International Business Machines Corp., 2006
3 * Copyright (c) Nokia Corporation, 2006, 2007
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
13 * the GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 *
19 * Author: Artem Bityutskiy (Битюцкий Артём)
20 */
21
22/*
23 * UBI input/output sub-system.
24 *
25 * This sub-system provides a uniform way to work with all kinds of the
26 * underlying MTD devices. It also implements handy functions for reading and
27 * writing UBI headers.
28 *
29 * We are trying to have a paranoid mindset and not to trust to what we read
30 * from the flash media in order to be more secure and robust. So this
31 * sub-system validates every single header it reads from the flash media.
32 *
33 * Some words about how the eraseblock headers are stored.
34 *
35 * The erase counter header is always stored at offset zero. By default, the
36 * VID header is stored after the EC header at the closest aligned offset
37 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID
38 * header at the closest aligned offset. But this default layout may be
39 * changed. For example, for different reasons (e.g., optimization) UBI may be
40 * asked to put the VID header at further offset, and even at an unaligned
41 * offset. Of course, if the offset of the VID header is unaligned, UBI adds
42 * proper padding in front of it. Data offset may also be changed but it has to
43 * be aligned.
44 *
45 * About minimal I/O units. In general, UBI assumes flash device model where
46 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1,
47 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the
48 * @ubi->mtd->writesize field. But as an exception, UBI admits use of another
49 * (smaller) minimal I/O unit size for EC and VID headers to make it possible
50 * to do different optimizations.
51 *
52 * This is extremely useful in case of NAND flashes which admit of several
53 * write operations to one NAND page. In this case UBI can fit EC and VID
54 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal
55 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still
56 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI
57 * users.
58 *
59 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so
60 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID
61 * headers.
62 *
63 * Q: why not just to treat sub-page as a minimal I/O unit of this flash
64 * device, e.g., make @ubi->min_io_size = 512 in the example above?
65 *
66 * A: because when writing a sub-page, MTD still writes a full 2K page but the
67 * bytes which are not relevant to the sub-page are 0xFF. So, basically,
68 * writing 4x512 sub-pages is 4 times slower than writing one 2KiB NAND page.
69 * Thus, we prefer to use sub-pages only for EC and VID headers.
70 *
71 * As it was noted above, the VID header may start at a non-aligned offset.
72 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page,
73 * the VID header may reside at offset 1984 which is the last 64 bytes of the
74 * last sub-page (EC header is always at offset zero). This causes some
75 * difficulties when reading and writing VID headers.
76 *
77 * Suppose we have a 64-byte buffer and we read a VID header at it. We change
78 * the data and want to write this VID header out. As we can only write in
79 * 512-byte chunks, we have to allocate one more buffer and copy our VID header
80 * to offset 448 of this buffer.
81 *
82 * The I/O sub-system does the following trick in order to avoid this extra
83 * copy. It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID
84 * header and returns a pointer to offset @ubi->vid_hdr_shift of this buffer.
85 * When the VID header is being written out, it shifts the VID header pointer
86 * back and writes the whole sub-page.
87 */
88
89#include <linux/crc32.h>
90#include <linux/err.h>
91#include <linux/slab.h>
92#include "ubi.h"
93
94static int self_check_not_bad(const struct ubi_device *ubi, int pnum);
95static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum);
96static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
97 const struct ubi_ec_hdr *ec_hdr);
98static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum);
99static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
100 const struct ubi_vid_hdr *vid_hdr);
101static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
102 int offset, int len);
103
104/**
105 * ubi_io_read - read data from a physical eraseblock.
106 * @ubi: UBI device description object
107 * @buf: buffer where to store the read data
108 * @pnum: physical eraseblock number to read from
109 * @offset: offset within the physical eraseblock from where to read
110 * @len: how many bytes to read
111 *
112 * This function reads data from offset @offset of physical eraseblock @pnum
113 * and stores the read data in the @buf buffer. The following return codes are
114 * possible:
115 *
116 * o %0 if all the requested data were successfully read;
117 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but
118 * correctable bit-flips were detected; this is harmless but may indicate
119 * that this eraseblock may become bad soon (but do not have to);
120 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for
121 * example it can be an ECC error in case of NAND; this most probably means
122 * that the data is corrupted;
123 * o %-EIO if some I/O error occurred;
124 * o other negative error codes in case of other errors.
125 */
126int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset,
127 int len)
128{
129 int err, retries = 0;
130 size_t read;
131 loff_t addr;
132
133 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset);
134
135 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
136 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
137 ubi_assert(len > 0);
138
139 err = self_check_not_bad(ubi, pnum);
140 if (err)
141 return err;
142
143 /*
144 * Deliberately corrupt the buffer to improve robustness. Indeed, if we
145 * do not do this, the following may happen:
146 * 1. The buffer contains data from previous operation, e.g., read from
147 * another PEB previously. The data looks like expected, e.g., if we
148 * just do not read anything and return - the caller would not
149 * notice this. E.g., if we are reading a VID header, the buffer may
150 * contain a valid VID header from another PEB.
151 * 2. The driver is buggy and returns us success or -EBADMSG or
152 * -EUCLEAN, but it does not actually put any data to the buffer.
153 *
154 * This may confuse UBI or upper layers - they may think the buffer
155 * contains valid data while in fact it is just old data. This is
156 * especially possible because UBI (and UBIFS) relies on CRC, and
157 * treats data as correct even in case of ECC errors if the CRC is
158 * correct.
159 *
160 * Try to prevent this situation by changing the first byte of the
161 * buffer.
162 */
163 *((uint8_t *)buf) ^= 0xFF;
164
165 addr = (loff_t)pnum * ubi->peb_size + offset;
166retry:
167 err = mtd_read(ubi->mtd, addr, len, &read, buf);
168 if (err) {
169 const char *errstr = mtd_is_eccerr(err) ? " (ECC error)" : "";
170
171 if (mtd_is_bitflip(err)) {
172 /*
173 * -EUCLEAN is reported if there was a bit-flip which
174 * was corrected, so this is harmless.
175 *
176 * We do not report about it here unless debugging is
177 * enabled. A corresponding message will be printed
178 * later, when it is has been scrubbed.
179 */
180 ubi_msg(ubi, "fixable bit-flip detected at PEB %d",
181 pnum);
182 ubi_assert(len == read);
183 return UBI_IO_BITFLIPS;
184 }
185
186 if (retries++ < UBI_IO_RETRIES) {
187 ubi_warn(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read only %zd bytes, retry",
188 err, errstr, len, pnum, offset, read);
189 yield();
190 goto retry;
191 }
192
193 ubi_err(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read %zd bytes",
194 err, errstr, len, pnum, offset, read);
195 dump_stack();
196
197 /*
198 * The driver should never return -EBADMSG if it failed to read
199 * all the requested data. But some buggy drivers might do
200 * this, so we change it to -EIO.
201 */
202 if (read != len && mtd_is_eccerr(err)) {
203 ubi_assert(0);
204 err = -EIO;
205 }
206 } else {
207 ubi_assert(len == read);
208
209 if (ubi_dbg_is_bitflip(ubi)) {
210 dbg_gen("bit-flip (emulated)");
211 err = UBI_IO_BITFLIPS;
212 }
213 }
214
215 return err;
216}
217
218/**
219 * ubi_io_write - write data to a physical eraseblock.
220 * @ubi: UBI device description object
221 * @buf: buffer with the data to write
222 * @pnum: physical eraseblock number to write to
223 * @offset: offset within the physical eraseblock where to write
224 * @len: how many bytes to write
225 *
226 * This function writes @len bytes of data from buffer @buf to offset @offset
227 * of physical eraseblock @pnum. If all the data were successfully written,
228 * zero is returned. If an error occurred, this function returns a negative
229 * error code. If %-EIO is returned, the physical eraseblock most probably went
230 * bad.
231 *
232 * Note, in case of an error, it is possible that something was still written
233 * to the flash media, but may be some garbage.
234 */
235int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset,
236 int len)
237{
238 int err;
239 size_t written;
240 loff_t addr;
241
242 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset);
243
244 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
245 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
246 ubi_assert(offset % ubi->hdrs_min_io_size == 0);
247 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0);
248
249 if (ubi->ro_mode) {
250 ubi_err(ubi, "read-only mode");
251 return -EROFS;
252 }
253
254 err = self_check_not_bad(ubi, pnum);
255 if (err)
256 return err;
257
258 /* The area we are writing to has to contain all 0xFF bytes */
259 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
260 if (err)
261 return err;
262
263 if (offset >= ubi->leb_start) {
264 /*
265 * We write to the data area of the physical eraseblock. Make
266 * sure it has valid EC and VID headers.
267 */
268 err = self_check_peb_ec_hdr(ubi, pnum);
269 if (err)
270 return err;
271 err = self_check_peb_vid_hdr(ubi, pnum);
272 if (err)
273 return err;
274 }
275
276 if (ubi_dbg_is_write_failure(ubi)) {
277 ubi_err(ubi, "cannot write %d bytes to PEB %d:%d (emulated)",
278 len, pnum, offset);
279 dump_stack();
280 return -EIO;
281 }
282
283 addr = (loff_t)pnum * ubi->peb_size + offset;
284 err = mtd_write(ubi->mtd, addr, len, &written, buf);
285 if (err) {
286 ubi_err(ubi, "error %d while writing %d bytes to PEB %d:%d, written %zd bytes",
287 err, len, pnum, offset, written);
288 dump_stack();
289 ubi_dump_flash(ubi, pnum, offset, len);
290 } else
291 ubi_assert(written == len);
292
293 if (!err) {
294 err = self_check_write(ubi, buf, pnum, offset, len);
295 if (err)
296 return err;
297
298 /*
299 * Since we always write sequentially, the rest of the PEB has
300 * to contain only 0xFF bytes.
301 */
302 offset += len;
303 len = ubi->peb_size - offset;
304 if (len)
305 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
306 }
307
308 return err;
309}
310
311/**
312 * do_sync_erase - synchronously erase a physical eraseblock.
313 * @ubi: UBI device description object
314 * @pnum: the physical eraseblock number to erase
315 *
316 * This function synchronously erases physical eraseblock @pnum and returns
317 * zero in case of success and a negative error code in case of failure. If
318 * %-EIO is returned, the physical eraseblock most probably went bad.
319 */
320static int do_sync_erase(struct ubi_device *ubi, int pnum)
321{
322 int err, retries = 0;
323 struct erase_info ei;
324
325 dbg_io("erase PEB %d", pnum);
326 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
327
328 if (ubi->ro_mode) {
329 ubi_err(ubi, "read-only mode");
330 return -EROFS;
331 }
332
333retry:
334 memset(&ei, 0, sizeof(struct erase_info));
335
336 ei.addr = (loff_t)pnum * ubi->peb_size;
337 ei.len = ubi->peb_size;
338
339 err = mtd_erase(ubi->mtd, &ei);
340 if (err) {
341 if (retries++ < UBI_IO_RETRIES) {
342 ubi_warn(ubi, "error %d while erasing PEB %d, retry",
343 err, pnum);
344 yield();
345 goto retry;
346 }
347 ubi_err(ubi, "cannot erase PEB %d, error %d", pnum, err);
348 dump_stack();
349 return err;
350 }
351
352 err = ubi_self_check_all_ff(ubi, pnum, 0, ubi->peb_size);
353 if (err)
354 return err;
355
356 if (ubi_dbg_is_erase_failure(ubi)) {
357 ubi_err(ubi, "cannot erase PEB %d (emulated)", pnum);
358 return -EIO;
359 }
360
361 return 0;
362}
363
364/* Patterns to write to a physical eraseblock when torturing it */
365static uint8_t patterns[] = {0xa5, 0x5a, 0x0};
366
367/**
368 * torture_peb - test a supposedly bad physical eraseblock.
369 * @ubi: UBI device description object
370 * @pnum: the physical eraseblock number to test
371 *
372 * This function returns %-EIO if the physical eraseblock did not pass the
373 * test, a positive number of erase operations done if the test was
374 * successfully passed, and other negative error codes in case of other errors.
375 */
376static int torture_peb(struct ubi_device *ubi, int pnum)
377{
378 int err, i, patt_count;
379
380 ubi_msg(ubi, "run torture test for PEB %d", pnum);
381 patt_count = ARRAY_SIZE(patterns);
382 ubi_assert(patt_count > 0);
383
384 mutex_lock(&ubi->buf_mutex);
385 for (i = 0; i < patt_count; i++) {
386 err = do_sync_erase(ubi, pnum);
387 if (err)
388 goto out;
389
390 /* Make sure the PEB contains only 0xFF bytes */
391 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
392 if (err)
393 goto out;
394
395 err = ubi_check_pattern(ubi->peb_buf, 0xFF, ubi->peb_size);
396 if (err == 0) {
397 ubi_err(ubi, "erased PEB %d, but a non-0xFF byte found",
398 pnum);
399 err = -EIO;
400 goto out;
401 }
402
403 /* Write a pattern and check it */
404 memset(ubi->peb_buf, patterns[i], ubi->peb_size);
405 err = ubi_io_write(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
406 if (err)
407 goto out;
408
409 memset(ubi->peb_buf, ~patterns[i], ubi->peb_size);
410 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
411 if (err)
412 goto out;
413
414 err = ubi_check_pattern(ubi->peb_buf, patterns[i],
415 ubi->peb_size);
416 if (err == 0) {
417 ubi_err(ubi, "pattern %x checking failed for PEB %d",
418 patterns[i], pnum);
419 err = -EIO;
420 goto out;
421 }
422 }
423
424 err = patt_count;
425 ubi_msg(ubi, "PEB %d passed torture test, do not mark it as bad", pnum);
426
427out:
428 mutex_unlock(&ubi->buf_mutex);
429 if (err == UBI_IO_BITFLIPS || mtd_is_eccerr(err)) {
430 /*
431 * If a bit-flip or data integrity error was detected, the test
432 * has not passed because it happened on a freshly erased
433 * physical eraseblock which means something is wrong with it.
434 */
435 ubi_err(ubi, "read problems on freshly erased PEB %d, must be bad",
436 pnum);
437 err = -EIO;
438 }
439 return err;
440}
441
442/**
443 * nor_erase_prepare - prepare a NOR flash PEB for erasure.
444 * @ubi: UBI device description object
445 * @pnum: physical eraseblock number to prepare
446 *
447 * NOR flash, or at least some of them, have peculiar embedded PEB erasure
448 * algorithm: the PEB is first filled with zeroes, then it is erased. And
449 * filling with zeroes starts from the end of the PEB. This was observed with
450 * Spansion S29GL512N NOR flash.
451 *
452 * This means that in case of a power cut we may end up with intact data at the
453 * beginning of the PEB, and all zeroes at the end of PEB. In other words, the
454 * EC and VID headers are OK, but a large chunk of data at the end of PEB is
455 * zeroed. This makes UBI mistakenly treat this PEB as used and associate it
456 * with an LEB, which leads to subsequent failures (e.g., UBIFS fails).
457 *
458 * This function is called before erasing NOR PEBs and it zeroes out EC and VID
459 * magic numbers in order to invalidate them and prevent the failures. Returns
460 * zero in case of success and a negative error code in case of failure.
461 */
462static int nor_erase_prepare(struct ubi_device *ubi, int pnum)
463{
464 int err;
465 size_t written;
466 loff_t addr;
467 uint32_t data = 0;
468 struct ubi_ec_hdr ec_hdr;
469 struct ubi_vid_io_buf vidb;
470
471 /*
472 * Note, we cannot generally define VID header buffers on stack,
473 * because of the way we deal with these buffers (see the header
474 * comment in this file). But we know this is a NOR-specific piece of
475 * code, so we can do this. But yes, this is error-prone and we should
476 * (pre-)allocate VID header buffer instead.
477 */
478 struct ubi_vid_hdr vid_hdr;
479
480 /*
481 * If VID or EC is valid, we have to corrupt them before erasing.
482 * It is important to first invalidate the EC header, and then the VID
483 * header. Otherwise a power cut may lead to valid EC header and
484 * invalid VID header, in which case UBI will treat this PEB as
485 * corrupted and will try to preserve it, and print scary warnings.
486 */
487 addr = (loff_t)pnum * ubi->peb_size;
488 err = ubi_io_read_ec_hdr(ubi, pnum, &ec_hdr, 0);
489 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
490 err != UBI_IO_FF){
491 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
492 if(err)
493 goto error;
494 }
495
496 ubi_init_vid_buf(ubi, &vidb, &vid_hdr);
497 ubi_assert(&vid_hdr == ubi_get_vid_hdr(&vidb));
498
499 err = ubi_io_read_vid_hdr(ubi, pnum, &vidb, 0);
500 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
501 err != UBI_IO_FF){
502 addr += ubi->vid_hdr_aloffset;
503 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
504 if (err)
505 goto error;
506 }
507 return 0;
508
509error:
510 /*
511 * The PEB contains a valid VID or EC header, but we cannot invalidate
512 * it. Supposedly the flash media or the driver is screwed up, so
513 * return an error.
514 */
515 ubi_err(ubi, "cannot invalidate PEB %d, write returned %d", pnum, err);
516 ubi_dump_flash(ubi, pnum, 0, ubi->peb_size);
517 return -EIO;
518}
519
520/**
521 * ubi_io_sync_erase - synchronously erase a physical eraseblock.
522 * @ubi: UBI device description object
523 * @pnum: physical eraseblock number to erase
524 * @torture: if this physical eraseblock has to be tortured
525 *
526 * This function synchronously erases physical eraseblock @pnum. If @torture
527 * flag is not zero, the physical eraseblock is checked by means of writing
528 * different patterns to it and reading them back. If the torturing is enabled,
529 * the physical eraseblock is erased more than once.
530 *
531 * This function returns the number of erasures made in case of success, %-EIO
532 * if the erasure failed or the torturing test failed, and other negative error
533 * codes in case of other errors. Note, %-EIO means that the physical
534 * eraseblock is bad.
535 */
536int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture)
537{
538 int err, ret = 0;
539
540 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
541
542 err = self_check_not_bad(ubi, pnum);
543 if (err != 0)
544 return err;
545
546 if (ubi->ro_mode) {
547 ubi_err(ubi, "read-only mode");
548 return -EROFS;
549 }
550
551 if (ubi->nor_flash) {
552 err = nor_erase_prepare(ubi, pnum);
553 if (err)
554 return err;
555 }
556
557 if (torture) {
558 ret = torture_peb(ubi, pnum);
559 if (ret < 0)
560 return ret;
561 }
562
563 err = do_sync_erase(ubi, pnum);
564 if (err)
565 return err;
566
567 return ret + 1;
568}
569
570/**
571 * ubi_io_is_bad - check if a physical eraseblock is bad.
572 * @ubi: UBI device description object
573 * @pnum: the physical eraseblock number to check
574 *
575 * This function returns a positive number if the physical eraseblock is bad,
576 * zero if not, and a negative error code if an error occurred.
577 */
578int ubi_io_is_bad(const struct ubi_device *ubi, int pnum)
579{
580 struct mtd_info *mtd = ubi->mtd;
581
582 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
583
584 if (ubi->bad_allowed) {
585 int ret;
586
587 ret = mtd_block_isbad(mtd, (loff_t)pnum * ubi->peb_size);
588 if (ret < 0)
589 ubi_err(ubi, "error %d while checking if PEB %d is bad",
590 ret, pnum);
591 else if (ret)
592 dbg_io("PEB %d is bad", pnum);
593 return ret;
594 }
595
596 return 0;
597}
598
599/**
600 * ubi_io_mark_bad - mark a physical eraseblock as bad.
601 * @ubi: UBI device description object
602 * @pnum: the physical eraseblock number to mark
603 *
604 * This function returns zero in case of success and a negative error code in
605 * case of failure.
606 */
607int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum)
608{
609 int err;
610 struct mtd_info *mtd = ubi->mtd;
611
612 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
613
614 if (ubi->ro_mode) {
615 ubi_err(ubi, "read-only mode");
616 return -EROFS;
617 }
618
619 if (!ubi->bad_allowed)
620 return 0;
621
622 err = mtd_block_markbad(mtd, (loff_t)pnum * ubi->peb_size);
623 if (err)
624 ubi_err(ubi, "cannot mark PEB %d bad, error %d", pnum, err);
625 return err;
626}
627
628/**
629 * validate_ec_hdr - validate an erase counter header.
630 * @ubi: UBI device description object
631 * @ec_hdr: the erase counter header to check
632 *
633 * This function returns zero if the erase counter header is OK, and %1 if
634 * not.
635 */
636static int validate_ec_hdr(const struct ubi_device *ubi,
637 const struct ubi_ec_hdr *ec_hdr)
638{
639 long long ec;
640 int vid_hdr_offset, leb_start;
641
642 ec = be64_to_cpu(ec_hdr->ec);
643 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset);
644 leb_start = be32_to_cpu(ec_hdr->data_offset);
645
646 if (ec_hdr->version != UBI_VERSION) {
647 ubi_err(ubi, "node with incompatible UBI version found: this UBI version is %d, image version is %d",
648 UBI_VERSION, (int)ec_hdr->version);
649 goto bad;
650 }
651
652 if (vid_hdr_offset != ubi->vid_hdr_offset) {
653 ubi_err(ubi, "bad VID header offset %d, expected %d",
654 vid_hdr_offset, ubi->vid_hdr_offset);
655 goto bad;
656 }
657
658 if (leb_start != ubi->leb_start) {
659 ubi_err(ubi, "bad data offset %d, expected %d",
660 leb_start, ubi->leb_start);
661 goto bad;
662 }
663
664 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) {
665 ubi_err(ubi, "bad erase counter %lld", ec);
666 goto bad;
667 }
668
669 return 0;
670
671bad:
672 ubi_err(ubi, "bad EC header");
673 ubi_dump_ec_hdr(ec_hdr);
674 dump_stack();
675 return 1;
676}
677
678/**
679 * ubi_io_read_ec_hdr - read and check an erase counter header.
680 * @ubi: UBI device description object
681 * @pnum: physical eraseblock to read from
682 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter
683 * header
684 * @verbose: be verbose if the header is corrupted or was not found
685 *
686 * This function reads erase counter header from physical eraseblock @pnum and
687 * stores it in @ec_hdr. This function also checks CRC checksum of the read
688 * erase counter header. The following codes may be returned:
689 *
690 * o %0 if the CRC checksum is correct and the header was successfully read;
691 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected
692 * and corrected by the flash driver; this is harmless but may indicate that
693 * this eraseblock may become bad soon (but may be not);
694 * o %UBI_IO_BAD_HDR if the erase counter header is corrupted (a CRC error);
695 * o %UBI_IO_BAD_HDR_EBADMSG is the same as %UBI_IO_BAD_HDR, but there also was
696 * a data integrity error (uncorrectable ECC error in case of NAND);
697 * o %UBI_IO_FF if only 0xFF bytes were read (the PEB is supposedly empty)
698 * o a negative error code in case of failure.
699 */
700int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum,
701 struct ubi_ec_hdr *ec_hdr, int verbose)
702{
703 int err, read_err;
704 uint32_t crc, magic, hdr_crc;
705
706 dbg_io("read EC header from PEB %d", pnum);
707 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
708
709 read_err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
710 if (read_err) {
711 if (read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
712 return read_err;
713
714 /*
715 * We read all the data, but either a correctable bit-flip
716 * occurred, or MTD reported a data integrity error
717 * (uncorrectable ECC error in case of NAND). The former is
718 * harmless, the later may mean that the read data is
719 * corrupted. But we have a CRC check-sum and we will detect
720 * this. If the EC header is still OK, we just report this as
721 * there was a bit-flip, to force scrubbing.
722 */
723 }
724
725 magic = be32_to_cpu(ec_hdr->magic);
726 if (magic != UBI_EC_HDR_MAGIC) {
727 if (mtd_is_eccerr(read_err))
728 return UBI_IO_BAD_HDR_EBADMSG;
729
730 /*
731 * The magic field is wrong. Let's check if we have read all
732 * 0xFF. If yes, this physical eraseblock is assumed to be
733 * empty.
734 */
735 if (ubi_check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) {
736 /* The physical eraseblock is supposedly empty */
737 if (verbose)
738 ubi_warn(ubi, "no EC header found at PEB %d, only 0xFF bytes",
739 pnum);
740 dbg_bld("no EC header found at PEB %d, only 0xFF bytes",
741 pnum);
742 if (!read_err)
743 return UBI_IO_FF;
744 else
745 return UBI_IO_FF_BITFLIPS;
746 }
747
748 /*
749 * This is not a valid erase counter header, and these are not
750 * 0xFF bytes. Report that the header is corrupted.
751 */
752 if (verbose) {
753 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
754 pnum, magic, UBI_EC_HDR_MAGIC);
755 ubi_dump_ec_hdr(ec_hdr);
756 }
757 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
758 pnum, magic, UBI_EC_HDR_MAGIC);
759 return UBI_IO_BAD_HDR;
760 }
761
762 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
763 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
764
765 if (hdr_crc != crc) {
766 if (verbose) {
767 ubi_warn(ubi, "bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
768 pnum, crc, hdr_crc);
769 ubi_dump_ec_hdr(ec_hdr);
770 }
771 dbg_bld("bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
772 pnum, crc, hdr_crc);
773
774 if (!read_err)
775 return UBI_IO_BAD_HDR;
776 else
777 return UBI_IO_BAD_HDR_EBADMSG;
778 }
779
780 /* And of course validate what has just been read from the media */
781 err = validate_ec_hdr(ubi, ec_hdr);
782 if (err) {
783 ubi_err(ubi, "validation failed for PEB %d", pnum);
784 return -EINVAL;
785 }
786
787 /*
788 * If there was %-EBADMSG, but the header CRC is still OK, report about
789 * a bit-flip to force scrubbing on this PEB.
790 */
791 return read_err ? UBI_IO_BITFLIPS : 0;
792}
793
794/**
795 * ubi_io_write_ec_hdr - write an erase counter header.
796 * @ubi: UBI device description object
797 * @pnum: physical eraseblock to write to
798 * @ec_hdr: the erase counter header to write
799 *
800 * This function writes erase counter header described by @ec_hdr to physical
801 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so
802 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec
803 * field.
804 *
805 * This function returns zero in case of success and a negative error code in
806 * case of failure. If %-EIO is returned, the physical eraseblock most probably
807 * went bad.
808 */
809int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum,
810 struct ubi_ec_hdr *ec_hdr)
811{
812 int err;
813 uint32_t crc;
814
815 dbg_io("write EC header to PEB %d", pnum);
816 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
817
818 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC);
819 ec_hdr->version = UBI_VERSION;
820 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset);
821 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start);
822 ec_hdr->image_seq = cpu_to_be32(ubi->image_seq);
823 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
824 ec_hdr->hdr_crc = cpu_to_be32(crc);
825
826 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
827 if (err)
828 return err;
829
830 if (ubi_dbg_power_cut(ubi, POWER_CUT_EC_WRITE))
831 return -EROFS;
832
833 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize);
834 return err;
835}
836
837/**
838 * validate_vid_hdr - validate a volume identifier header.
839 * @ubi: UBI device description object
840 * @vid_hdr: the volume identifier header to check
841 *
842 * This function checks that data stored in the volume identifier header
843 * @vid_hdr. Returns zero if the VID header is OK and %1 if not.
844 */
845static int validate_vid_hdr(const struct ubi_device *ubi,
846 const struct ubi_vid_hdr *vid_hdr)
847{
848 int vol_type = vid_hdr->vol_type;
849 int copy_flag = vid_hdr->copy_flag;
850 int vol_id = be32_to_cpu(vid_hdr->vol_id);
851 int lnum = be32_to_cpu(vid_hdr->lnum);
852 int compat = vid_hdr->compat;
853 int data_size = be32_to_cpu(vid_hdr->data_size);
854 int used_ebs = be32_to_cpu(vid_hdr->used_ebs);
855 int data_pad = be32_to_cpu(vid_hdr->data_pad);
856 int data_crc = be32_to_cpu(vid_hdr->data_crc);
857 int usable_leb_size = ubi->leb_size - data_pad;
858
859 if (copy_flag != 0 && copy_flag != 1) {
860 ubi_err(ubi, "bad copy_flag");
861 goto bad;
862 }
863
864 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 ||
865 data_pad < 0) {
866 ubi_err(ubi, "negative values");
867 goto bad;
868 }
869
870 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) {
871 ubi_err(ubi, "bad vol_id");
872 goto bad;
873 }
874
875 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) {
876 ubi_err(ubi, "bad compat");
877 goto bad;
878 }
879
880 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE &&
881 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE &&
882 compat != UBI_COMPAT_REJECT) {
883 ubi_err(ubi, "bad compat");
884 goto bad;
885 }
886
887 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) {
888 ubi_err(ubi, "bad vol_type");
889 goto bad;
890 }
891
892 if (data_pad >= ubi->leb_size / 2) {
893 ubi_err(ubi, "bad data_pad");
894 goto bad;
895 }
896
897 if (data_size > ubi->leb_size) {
898 ubi_err(ubi, "bad data_size");
899 goto bad;
900 }
901
902 if (vol_type == UBI_VID_STATIC) {
903 /*
904 * Although from high-level point of view static volumes may
905 * contain zero bytes of data, but no VID headers can contain
906 * zero at these fields, because they empty volumes do not have
907 * mapped logical eraseblocks.
908 */
909 if (used_ebs == 0) {
910 ubi_err(ubi, "zero used_ebs");
911 goto bad;
912 }
913 if (data_size == 0) {
914 ubi_err(ubi, "zero data_size");
915 goto bad;
916 }
917 if (lnum < used_ebs - 1) {
918 if (data_size != usable_leb_size) {
919 ubi_err(ubi, "bad data_size");
920 goto bad;
921 }
922 } else if (lnum == used_ebs - 1) {
923 if (data_size == 0) {
924 ubi_err(ubi, "bad data_size at last LEB");
925 goto bad;
926 }
927 } else {
928 ubi_err(ubi, "too high lnum");
929 goto bad;
930 }
931 } else {
932 if (copy_flag == 0) {
933 if (data_crc != 0) {
934 ubi_err(ubi, "non-zero data CRC");
935 goto bad;
936 }
937 if (data_size != 0) {
938 ubi_err(ubi, "non-zero data_size");
939 goto bad;
940 }
941 } else {
942 if (data_size == 0) {
943 ubi_err(ubi, "zero data_size of copy");
944 goto bad;
945 }
946 }
947 if (used_ebs != 0) {
948 ubi_err(ubi, "bad used_ebs");
949 goto bad;
950 }
951 }
952
953 return 0;
954
955bad:
956 ubi_err(ubi, "bad VID header");
957 ubi_dump_vid_hdr(vid_hdr);
958 dump_stack();
959 return 1;
960}
961
962/**
963 * ubi_io_read_vid_hdr - read and check a volume identifier header.
964 * @ubi: UBI device description object
965 * @pnum: physical eraseblock number to read from
966 * @vidb: the volume identifier buffer to store data in
967 * @verbose: be verbose if the header is corrupted or wasn't found
968 *
969 * This function reads the volume identifier header from physical eraseblock
970 * @pnum and stores it in @vidb. It also checks CRC checksum of the read
971 * volume identifier header. The error codes are the same as in
972 * 'ubi_io_read_ec_hdr()'.
973 *
974 * Note, the implementation of this function is also very similar to
975 * 'ubi_io_read_ec_hdr()', so refer commentaries in 'ubi_io_read_ec_hdr()'.
976 */
977int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum,
978 struct ubi_vid_io_buf *vidb, int verbose)
979{
980 int err, read_err;
981 uint32_t crc, magic, hdr_crc;
982 struct ubi_vid_hdr *vid_hdr = ubi_get_vid_hdr(vidb);
983 void *p = vidb->buffer;
984
985 dbg_io("read VID header from PEB %d", pnum);
986 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
987
988 read_err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
989 ubi->vid_hdr_shift + UBI_VID_HDR_SIZE);
990 if (read_err && read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
991 return read_err;
992
993 magic = be32_to_cpu(vid_hdr->magic);
994 if (magic != UBI_VID_HDR_MAGIC) {
995 if (mtd_is_eccerr(read_err))
996 return UBI_IO_BAD_HDR_EBADMSG;
997
998 if (ubi_check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) {
999 if (verbose)
1000 ubi_warn(ubi, "no VID header found at PEB %d, only 0xFF bytes",
1001 pnum);
1002 dbg_bld("no VID header found at PEB %d, only 0xFF bytes",
1003 pnum);
1004 if (!read_err)
1005 return UBI_IO_FF;
1006 else
1007 return UBI_IO_FF_BITFLIPS;
1008 }
1009
1010 if (verbose) {
1011 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
1012 pnum, magic, UBI_VID_HDR_MAGIC);
1013 ubi_dump_vid_hdr(vid_hdr);
1014 }
1015 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
1016 pnum, magic, UBI_VID_HDR_MAGIC);
1017 return UBI_IO_BAD_HDR;
1018 }
1019
1020 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1021 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1022
1023 if (hdr_crc != crc) {
1024 if (verbose) {
1025 ubi_warn(ubi, "bad CRC at PEB %d, calculated %#08x, read %#08x",
1026 pnum, crc, hdr_crc);
1027 ubi_dump_vid_hdr(vid_hdr);
1028 }
1029 dbg_bld("bad CRC at PEB %d, calculated %#08x, read %#08x",
1030 pnum, crc, hdr_crc);
1031 if (!read_err)
1032 return UBI_IO_BAD_HDR;
1033 else
1034 return UBI_IO_BAD_HDR_EBADMSG;
1035 }
1036
1037 err = validate_vid_hdr(ubi, vid_hdr);
1038 if (err) {
1039 ubi_err(ubi, "validation failed for PEB %d", pnum);
1040 return -EINVAL;
1041 }
1042
1043 return read_err ? UBI_IO_BITFLIPS : 0;
1044}
1045
1046/**
1047 * ubi_io_write_vid_hdr - write a volume identifier header.
1048 * @ubi: UBI device description object
1049 * @pnum: the physical eraseblock number to write to
1050 * @vidb: the volume identifier buffer to write
1051 *
1052 * This function writes the volume identifier header described by @vid_hdr to
1053 * physical eraseblock @pnum. This function automatically fills the
1054 * @vidb->hdr->magic and the @vidb->hdr->version fields, as well as calculates
1055 * header CRC checksum and stores it at vidb->hdr->hdr_crc.
1056 *
1057 * This function returns zero in case of success and a negative error code in
1058 * case of failure. If %-EIO is returned, the physical eraseblock probably went
1059 * bad.
1060 */
1061int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum,
1062 struct ubi_vid_io_buf *vidb)
1063{
1064 struct ubi_vid_hdr *vid_hdr = ubi_get_vid_hdr(vidb);
1065 int err;
1066 uint32_t crc;
1067 void *p = vidb->buffer;
1068
1069 dbg_io("write VID header to PEB %d", pnum);
1070 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1071
1072 err = self_check_peb_ec_hdr(ubi, pnum);
1073 if (err)
1074 return err;
1075
1076 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC);
1077 vid_hdr->version = UBI_VERSION;
1078 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1079 vid_hdr->hdr_crc = cpu_to_be32(crc);
1080
1081 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1082 if (err)
1083 return err;
1084
1085 if (ubi_dbg_power_cut(ubi, POWER_CUT_VID_WRITE))
1086 return -EROFS;
1087
1088 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset,
1089 ubi->vid_hdr_alsize);
1090 return err;
1091}
1092
1093/**
1094 * self_check_not_bad - ensure that a physical eraseblock is not bad.
1095 * @ubi: UBI device description object
1096 * @pnum: physical eraseblock number to check
1097 *
1098 * This function returns zero if the physical eraseblock is good, %-EINVAL if
1099 * it is bad and a negative error code if an error occurred.
1100 */
1101static int self_check_not_bad(const struct ubi_device *ubi, int pnum)
1102{
1103 int err;
1104
1105 if (!ubi_dbg_chk_io(ubi))
1106 return 0;
1107
1108 err = ubi_io_is_bad(ubi, pnum);
1109 if (!err)
1110 return err;
1111
1112 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1113 dump_stack();
1114 return err > 0 ? -EINVAL : err;
1115}
1116
1117/**
1118 * self_check_ec_hdr - check if an erase counter header is all right.
1119 * @ubi: UBI device description object
1120 * @pnum: physical eraseblock number the erase counter header belongs to
1121 * @ec_hdr: the erase counter header to check
1122 *
1123 * This function returns zero if the erase counter header contains valid
1124 * values, and %-EINVAL if not.
1125 */
1126static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
1127 const struct ubi_ec_hdr *ec_hdr)
1128{
1129 int err;
1130 uint32_t magic;
1131
1132 if (!ubi_dbg_chk_io(ubi))
1133 return 0;
1134
1135 magic = be32_to_cpu(ec_hdr->magic);
1136 if (magic != UBI_EC_HDR_MAGIC) {
1137 ubi_err(ubi, "bad magic %#08x, must be %#08x",
1138 magic, UBI_EC_HDR_MAGIC);
1139 goto fail;
1140 }
1141
1142 err = validate_ec_hdr(ubi, ec_hdr);
1143 if (err) {
1144 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1145 goto fail;
1146 }
1147
1148 return 0;
1149
1150fail:
1151 ubi_dump_ec_hdr(ec_hdr);
1152 dump_stack();
1153 return -EINVAL;
1154}
1155
1156/**
1157 * self_check_peb_ec_hdr - check erase counter header.
1158 * @ubi: UBI device description object
1159 * @pnum: the physical eraseblock number to check
1160 *
1161 * This function returns zero if the erase counter header is all right and and
1162 * a negative error code if not or if an error occurred.
1163 */
1164static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum)
1165{
1166 int err;
1167 uint32_t crc, hdr_crc;
1168 struct ubi_ec_hdr *ec_hdr;
1169
1170 if (!ubi_dbg_chk_io(ubi))
1171 return 0;
1172
1173 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS);
1174 if (!ec_hdr)
1175 return -ENOMEM;
1176
1177 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
1178 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1179 goto exit;
1180
1181 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
1182 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
1183 if (hdr_crc != crc) {
1184 ubi_err(ubi, "bad CRC, calculated %#08x, read %#08x",
1185 crc, hdr_crc);
1186 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1187 ubi_dump_ec_hdr(ec_hdr);
1188 dump_stack();
1189 err = -EINVAL;
1190 goto exit;
1191 }
1192
1193 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
1194
1195exit:
1196 kfree(ec_hdr);
1197 return err;
1198}
1199
1200/**
1201 * self_check_vid_hdr - check that a volume identifier header is all right.
1202 * @ubi: UBI device description object
1203 * @pnum: physical eraseblock number the volume identifier header belongs to
1204 * @vid_hdr: the volume identifier header to check
1205 *
1206 * This function returns zero if the volume identifier header is all right, and
1207 * %-EINVAL if not.
1208 */
1209static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
1210 const struct ubi_vid_hdr *vid_hdr)
1211{
1212 int err;
1213 uint32_t magic;
1214
1215 if (!ubi_dbg_chk_io(ubi))
1216 return 0;
1217
1218 magic = be32_to_cpu(vid_hdr->magic);
1219 if (magic != UBI_VID_HDR_MAGIC) {
1220 ubi_err(ubi, "bad VID header magic %#08x at PEB %d, must be %#08x",
1221 magic, pnum, UBI_VID_HDR_MAGIC);
1222 goto fail;
1223 }
1224
1225 err = validate_vid_hdr(ubi, vid_hdr);
1226 if (err) {
1227 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1228 goto fail;
1229 }
1230
1231 return err;
1232
1233fail:
1234 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1235 ubi_dump_vid_hdr(vid_hdr);
1236 dump_stack();
1237 return -EINVAL;
1238
1239}
1240
1241/**
1242 * self_check_peb_vid_hdr - check volume identifier header.
1243 * @ubi: UBI device description object
1244 * @pnum: the physical eraseblock number to check
1245 *
1246 * This function returns zero if the volume identifier header is all right,
1247 * and a negative error code if not or if an error occurred.
1248 */
1249static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum)
1250{
1251 int err;
1252 uint32_t crc, hdr_crc;
1253 struct ubi_vid_io_buf *vidb;
1254 struct ubi_vid_hdr *vid_hdr;
1255 void *p;
1256
1257 if (!ubi_dbg_chk_io(ubi))
1258 return 0;
1259
1260 vidb = ubi_alloc_vid_buf(ubi, GFP_NOFS);
1261 if (!vidb)
1262 return -ENOMEM;
1263
1264 vid_hdr = ubi_get_vid_hdr(vidb);
1265 p = vidb->buffer;
1266 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1267 ubi->vid_hdr_alsize);
1268 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1269 goto exit;
1270
1271 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1272 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1273 if (hdr_crc != crc) {
1274 ubi_err(ubi, "bad VID header CRC at PEB %d, calculated %#08x, read %#08x",
1275 pnum, crc, hdr_crc);
1276 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1277 ubi_dump_vid_hdr(vid_hdr);
1278 dump_stack();
1279 err = -EINVAL;
1280 goto exit;
1281 }
1282
1283 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1284
1285exit:
1286 ubi_free_vid_buf(vidb);
1287 return err;
1288}
1289
1290/**
1291 * self_check_write - make sure write succeeded.
1292 * @ubi: UBI device description object
1293 * @buf: buffer with data which were written
1294 * @pnum: physical eraseblock number the data were written to
1295 * @offset: offset within the physical eraseblock the data were written to
1296 * @len: how many bytes were written
1297 *
1298 * This functions reads data which were recently written and compares it with
1299 * the original data buffer - the data have to match. Returns zero if the data
1300 * match and a negative error code if not or in case of failure.
1301 */
1302static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
1303 int offset, int len)
1304{
1305 int err, i;
1306 size_t read;
1307 void *buf1;
1308 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1309
1310 if (!ubi_dbg_chk_io(ubi))
1311 return 0;
1312
1313 buf1 = __vmalloc(len, GFP_NOFS, PAGE_KERNEL);
1314 if (!buf1) {
1315 ubi_err(ubi, "cannot allocate memory to check writes");
1316 return 0;
1317 }
1318
1319 err = mtd_read(ubi->mtd, addr, len, &read, buf1);
1320 if (err && !mtd_is_bitflip(err))
1321 goto out_free;
1322
1323 for (i = 0; i < len; i++) {
1324 uint8_t c = ((uint8_t *)buf)[i];
1325 uint8_t c1 = ((uint8_t *)buf1)[i];
1326 int dump_len;
1327
1328 if (c == c1)
1329 continue;
1330
1331 ubi_err(ubi, "self-check failed for PEB %d:%d, len %d",
1332 pnum, offset, len);
1333 ubi_msg(ubi, "data differ at position %d", i);
1334 dump_len = max_t(int, 128, len - i);
1335 ubi_msg(ubi, "hex dump of the original buffer from %d to %d",
1336 i, i + dump_len);
1337 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1338 buf + i, dump_len, 1);
1339 ubi_msg(ubi, "hex dump of the read buffer from %d to %d",
1340 i, i + dump_len);
1341 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1342 buf1 + i, dump_len, 1);
1343 dump_stack();
1344 err = -EINVAL;
1345 goto out_free;
1346 }
1347
1348 vfree(buf1);
1349 return 0;
1350
1351out_free:
1352 vfree(buf1);
1353 return err;
1354}
1355
1356/**
1357 * ubi_self_check_all_ff - check that a region of flash is empty.
1358 * @ubi: UBI device description object
1359 * @pnum: the physical eraseblock number to check
1360 * @offset: the starting offset within the physical eraseblock to check
1361 * @len: the length of the region to check
1362 *
1363 * This function returns zero if only 0xFF bytes are present at offset
1364 * @offset of the physical eraseblock @pnum, and a negative error code if not
1365 * or if an error occurred.
1366 */
1367int ubi_self_check_all_ff(struct ubi_device *ubi, int pnum, int offset, int len)
1368{
1369 size_t read;
1370 int err;
1371 void *buf;
1372 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1373
1374 if (!ubi_dbg_chk_io(ubi))
1375 return 0;
1376
1377 buf = __vmalloc(len, GFP_NOFS, PAGE_KERNEL);
1378 if (!buf) {
1379 ubi_err(ubi, "cannot allocate memory to check for 0xFFs");
1380 return 0;
1381 }
1382
1383 err = mtd_read(ubi->mtd, addr, len, &read, buf);
1384 if (err && !mtd_is_bitflip(err)) {
1385 ubi_err(ubi, "err %d while reading %d bytes from PEB %d:%d, read %zd bytes",
1386 err, len, pnum, offset, read);
1387 goto error;
1388 }
1389
1390 err = ubi_check_pattern(buf, 0xFF, len);
1391 if (err == 0) {
1392 ubi_err(ubi, "flash region at PEB %d:%d, length %d does not contain all 0xFF bytes",
1393 pnum, offset, len);
1394 goto fail;
1395 }
1396
1397 vfree(buf);
1398 return 0;
1399
1400fail:
1401 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1402 ubi_msg(ubi, "hex dump of the %d-%d region", offset, offset + len);
1403 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1, buf, len, 1);
1404 err = -EINVAL;
1405error:
1406 dump_stack();
1407 vfree(buf);
1408 return err;
1409}