Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Copyright (c) International Business Machines Corp., 2006
4 * Copyright (c) Nokia Corporation, 2006, 2007
5 *
6 * Author: Artem Bityutskiy (Битюцкий Артём)
7 */
8
9/*
10 * UBI input/output sub-system.
11 *
12 * This sub-system provides a uniform way to work with all kinds of the
13 * underlying MTD devices. It also implements handy functions for reading and
14 * writing UBI headers.
15 *
16 * We are trying to have a paranoid mindset and not to trust to what we read
17 * from the flash media in order to be more secure and robust. So this
18 * sub-system validates every single header it reads from the flash media.
19 *
20 * Some words about how the eraseblock headers are stored.
21 *
22 * The erase counter header is always stored at offset zero. By default, the
23 * VID header is stored after the EC header at the closest aligned offset
24 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID
25 * header at the closest aligned offset. But this default layout may be
26 * changed. For example, for different reasons (e.g., optimization) UBI may be
27 * asked to put the VID header at further offset, and even at an unaligned
28 * offset. Of course, if the offset of the VID header is unaligned, UBI adds
29 * proper padding in front of it. Data offset may also be changed but it has to
30 * be aligned.
31 *
32 * About minimal I/O units. In general, UBI assumes flash device model where
33 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1,
34 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the
35 * @ubi->mtd->writesize field. But as an exception, UBI admits use of another
36 * (smaller) minimal I/O unit size for EC and VID headers to make it possible
37 * to do different optimizations.
38 *
39 * This is extremely useful in case of NAND flashes which admit of several
40 * write operations to one NAND page. In this case UBI can fit EC and VID
41 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal
42 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still
43 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI
44 * users.
45 *
46 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so
47 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID
48 * headers.
49 *
50 * Q: why not just to treat sub-page as a minimal I/O unit of this flash
51 * device, e.g., make @ubi->min_io_size = 512 in the example above?
52 *
53 * A: because when writing a sub-page, MTD still writes a full 2K page but the
54 * bytes which are not relevant to the sub-page are 0xFF. So, basically,
55 * writing 4x512 sub-pages is 4 times slower than writing one 2KiB NAND page.
56 * Thus, we prefer to use sub-pages only for EC and VID headers.
57 *
58 * As it was noted above, the VID header may start at a non-aligned offset.
59 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page,
60 * the VID header may reside at offset 1984 which is the last 64 bytes of the
61 * last sub-page (EC header is always at offset zero). This causes some
62 * difficulties when reading and writing VID headers.
63 *
64 * Suppose we have a 64-byte buffer and we read a VID header at it. We change
65 * the data and want to write this VID header out. As we can only write in
66 * 512-byte chunks, we have to allocate one more buffer and copy our VID header
67 * to offset 448 of this buffer.
68 *
69 * The I/O sub-system does the following trick in order to avoid this extra
70 * copy. It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID
71 * header and returns a pointer to offset @ubi->vid_hdr_shift of this buffer.
72 * When the VID header is being written out, it shifts the VID header pointer
73 * back and writes the whole sub-page.
74 */
75
76#include <linux/crc32.h>
77#include <linux/err.h>
78#include <linux/slab.h>
79#include "ubi.h"
80
81static int self_check_not_bad(const struct ubi_device *ubi, int pnum);
82static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum);
83static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
84 const struct ubi_ec_hdr *ec_hdr);
85static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum);
86static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
87 const struct ubi_vid_hdr *vid_hdr);
88static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
89 int offset, int len);
90
91/**
92 * ubi_io_read - read data from a physical eraseblock.
93 * @ubi: UBI device description object
94 * @buf: buffer where to store the read data
95 * @pnum: physical eraseblock number to read from
96 * @offset: offset within the physical eraseblock from where to read
97 * @len: how many bytes to read
98 *
99 * This function reads data from offset @offset of physical eraseblock @pnum
100 * and stores the read data in the @buf buffer. The following return codes are
101 * possible:
102 *
103 * o %0 if all the requested data were successfully read;
104 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but
105 * correctable bit-flips were detected; this is harmless but may indicate
106 * that this eraseblock may become bad soon (but do not have to);
107 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for
108 * example it can be an ECC error in case of NAND; this most probably means
109 * that the data is corrupted;
110 * o %-EIO if some I/O error occurred;
111 * o other negative error codes in case of other errors.
112 */
113int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset,
114 int len)
115{
116 int err, retries = 0;
117 size_t read;
118 loff_t addr;
119
120 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset);
121
122 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
123 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
124 ubi_assert(len > 0);
125
126 err = self_check_not_bad(ubi, pnum);
127 if (err)
128 return err;
129
130 /*
131 * Deliberately corrupt the buffer to improve robustness. Indeed, if we
132 * do not do this, the following may happen:
133 * 1. The buffer contains data from previous operation, e.g., read from
134 * another PEB previously. The data looks like expected, e.g., if we
135 * just do not read anything and return - the caller would not
136 * notice this. E.g., if we are reading a VID header, the buffer may
137 * contain a valid VID header from another PEB.
138 * 2. The driver is buggy and returns us success or -EBADMSG or
139 * -EUCLEAN, but it does not actually put any data to the buffer.
140 *
141 * This may confuse UBI or upper layers - they may think the buffer
142 * contains valid data while in fact it is just old data. This is
143 * especially possible because UBI (and UBIFS) relies on CRC, and
144 * treats data as correct even in case of ECC errors if the CRC is
145 * correct.
146 *
147 * Try to prevent this situation by changing the first byte of the
148 * buffer.
149 */
150 *((uint8_t *)buf) ^= 0xFF;
151
152 addr = (loff_t)pnum * ubi->peb_size + offset;
153retry:
154 err = mtd_read(ubi->mtd, addr, len, &read, buf);
155 if (err) {
156 const char *errstr = mtd_is_eccerr(err) ? " (ECC error)" : "";
157
158 if (mtd_is_bitflip(err)) {
159 /*
160 * -EUCLEAN is reported if there was a bit-flip which
161 * was corrected, so this is harmless.
162 *
163 * We do not report about it here unless debugging is
164 * enabled. A corresponding message will be printed
165 * later, when it is has been scrubbed.
166 */
167 ubi_msg(ubi, "fixable bit-flip detected at PEB %d",
168 pnum);
169 ubi_assert(len == read);
170 return UBI_IO_BITFLIPS;
171 }
172
173 if (retries++ < UBI_IO_RETRIES) {
174 ubi_warn(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read only %zd bytes, retry",
175 err, errstr, len, pnum, offset, read);
176 yield();
177 goto retry;
178 }
179
180 ubi_err(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read %zd bytes",
181 err, errstr, len, pnum, offset, read);
182 dump_stack();
183
184 /*
185 * The driver should never return -EBADMSG if it failed to read
186 * all the requested data. But some buggy drivers might do
187 * this, so we change it to -EIO.
188 */
189 if (read != len && mtd_is_eccerr(err)) {
190 ubi_assert(0);
191 err = -EIO;
192 }
193 } else {
194 ubi_assert(len == read);
195
196 if (ubi_dbg_is_bitflip(ubi)) {
197 dbg_gen("bit-flip (emulated)");
198 err = UBI_IO_BITFLIPS;
199 }
200 }
201
202 return err;
203}
204
205/**
206 * ubi_io_write - write data to a physical eraseblock.
207 * @ubi: UBI device description object
208 * @buf: buffer with the data to write
209 * @pnum: physical eraseblock number to write to
210 * @offset: offset within the physical eraseblock where to write
211 * @len: how many bytes to write
212 *
213 * This function writes @len bytes of data from buffer @buf to offset @offset
214 * of physical eraseblock @pnum. If all the data were successfully written,
215 * zero is returned. If an error occurred, this function returns a negative
216 * error code. If %-EIO is returned, the physical eraseblock most probably went
217 * bad.
218 *
219 * Note, in case of an error, it is possible that something was still written
220 * to the flash media, but may be some garbage.
221 */
222int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset,
223 int len)
224{
225 int err;
226 size_t written;
227 loff_t addr;
228
229 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset);
230
231 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
232 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
233 ubi_assert(offset % ubi->hdrs_min_io_size == 0);
234 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0);
235
236 if (ubi->ro_mode) {
237 ubi_err(ubi, "read-only mode");
238 return -EROFS;
239 }
240
241 err = self_check_not_bad(ubi, pnum);
242 if (err)
243 return err;
244
245 /* The area we are writing to has to contain all 0xFF bytes */
246 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
247 if (err)
248 return err;
249
250 if (offset >= ubi->leb_start) {
251 /*
252 * We write to the data area of the physical eraseblock. Make
253 * sure it has valid EC and VID headers.
254 */
255 err = self_check_peb_ec_hdr(ubi, pnum);
256 if (err)
257 return err;
258 err = self_check_peb_vid_hdr(ubi, pnum);
259 if (err)
260 return err;
261 }
262
263 if (ubi_dbg_is_write_failure(ubi)) {
264 ubi_err(ubi, "cannot write %d bytes to PEB %d:%d (emulated)",
265 len, pnum, offset);
266 dump_stack();
267 return -EIO;
268 }
269
270 addr = (loff_t)pnum * ubi->peb_size + offset;
271 err = mtd_write(ubi->mtd, addr, len, &written, buf);
272 if (err) {
273 ubi_err(ubi, "error %d while writing %d bytes to PEB %d:%d, written %zd bytes",
274 err, len, pnum, offset, written);
275 dump_stack();
276 ubi_dump_flash(ubi, pnum, offset, len);
277 } else
278 ubi_assert(written == len);
279
280 if (!err) {
281 err = self_check_write(ubi, buf, pnum, offset, len);
282 if (err)
283 return err;
284
285 /*
286 * Since we always write sequentially, the rest of the PEB has
287 * to contain only 0xFF bytes.
288 */
289 offset += len;
290 len = ubi->peb_size - offset;
291 if (len)
292 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
293 }
294
295 return err;
296}
297
298/**
299 * do_sync_erase - synchronously erase a physical eraseblock.
300 * @ubi: UBI device description object
301 * @pnum: the physical eraseblock number to erase
302 *
303 * This function synchronously erases physical eraseblock @pnum and returns
304 * zero in case of success and a negative error code in case of failure. If
305 * %-EIO is returned, the physical eraseblock most probably went bad.
306 */
307static int do_sync_erase(struct ubi_device *ubi, int pnum)
308{
309 int err, retries = 0;
310 struct erase_info ei;
311
312 dbg_io("erase PEB %d", pnum);
313 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
314
315 if (ubi->ro_mode) {
316 ubi_err(ubi, "read-only mode");
317 return -EROFS;
318 }
319
320retry:
321 memset(&ei, 0, sizeof(struct erase_info));
322
323 ei.addr = (loff_t)pnum * ubi->peb_size;
324 ei.len = ubi->peb_size;
325
326 err = mtd_erase(ubi->mtd, &ei);
327 if (err) {
328 if (retries++ < UBI_IO_RETRIES) {
329 ubi_warn(ubi, "error %d while erasing PEB %d, retry",
330 err, pnum);
331 yield();
332 goto retry;
333 }
334 ubi_err(ubi, "cannot erase PEB %d, error %d", pnum, err);
335 dump_stack();
336 return err;
337 }
338
339 err = ubi_self_check_all_ff(ubi, pnum, 0, ubi->peb_size);
340 if (err)
341 return err;
342
343 if (ubi_dbg_is_erase_failure(ubi)) {
344 ubi_err(ubi, "cannot erase PEB %d (emulated)", pnum);
345 return -EIO;
346 }
347
348 return 0;
349}
350
351/* Patterns to write to a physical eraseblock when torturing it */
352static uint8_t patterns[] = {0xa5, 0x5a, 0x0};
353
354/**
355 * torture_peb - test a supposedly bad physical eraseblock.
356 * @ubi: UBI device description object
357 * @pnum: the physical eraseblock number to test
358 *
359 * This function returns %-EIO if the physical eraseblock did not pass the
360 * test, a positive number of erase operations done if the test was
361 * successfully passed, and other negative error codes in case of other errors.
362 */
363static int torture_peb(struct ubi_device *ubi, int pnum)
364{
365 int err, i, patt_count;
366
367 ubi_msg(ubi, "run torture test for PEB %d", pnum);
368 patt_count = ARRAY_SIZE(patterns);
369 ubi_assert(patt_count > 0);
370
371 mutex_lock(&ubi->buf_mutex);
372 for (i = 0; i < patt_count; i++) {
373 err = do_sync_erase(ubi, pnum);
374 if (err)
375 goto out;
376
377 /* Make sure the PEB contains only 0xFF bytes */
378 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
379 if (err)
380 goto out;
381
382 err = ubi_check_pattern(ubi->peb_buf, 0xFF, ubi->peb_size);
383 if (err == 0) {
384 ubi_err(ubi, "erased PEB %d, but a non-0xFF byte found",
385 pnum);
386 err = -EIO;
387 goto out;
388 }
389
390 /* Write a pattern and check it */
391 memset(ubi->peb_buf, patterns[i], ubi->peb_size);
392 err = ubi_io_write(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
393 if (err)
394 goto out;
395
396 memset(ubi->peb_buf, ~patterns[i], ubi->peb_size);
397 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
398 if (err)
399 goto out;
400
401 err = ubi_check_pattern(ubi->peb_buf, patterns[i],
402 ubi->peb_size);
403 if (err == 0) {
404 ubi_err(ubi, "pattern %x checking failed for PEB %d",
405 patterns[i], pnum);
406 err = -EIO;
407 goto out;
408 }
409 }
410
411 err = patt_count;
412 ubi_msg(ubi, "PEB %d passed torture test, do not mark it as bad", pnum);
413
414out:
415 mutex_unlock(&ubi->buf_mutex);
416 if (err == UBI_IO_BITFLIPS || mtd_is_eccerr(err)) {
417 /*
418 * If a bit-flip or data integrity error was detected, the test
419 * has not passed because it happened on a freshly erased
420 * physical eraseblock which means something is wrong with it.
421 */
422 ubi_err(ubi, "read problems on freshly erased PEB %d, must be bad",
423 pnum);
424 err = -EIO;
425 }
426 return err;
427}
428
429/**
430 * nor_erase_prepare - prepare a NOR flash PEB for erasure.
431 * @ubi: UBI device description object
432 * @pnum: physical eraseblock number to prepare
433 *
434 * NOR flash, or at least some of them, have peculiar embedded PEB erasure
435 * algorithm: the PEB is first filled with zeroes, then it is erased. And
436 * filling with zeroes starts from the end of the PEB. This was observed with
437 * Spansion S29GL512N NOR flash.
438 *
439 * This means that in case of a power cut we may end up with intact data at the
440 * beginning of the PEB, and all zeroes at the end of PEB. In other words, the
441 * EC and VID headers are OK, but a large chunk of data at the end of PEB is
442 * zeroed. This makes UBI mistakenly treat this PEB as used and associate it
443 * with an LEB, which leads to subsequent failures (e.g., UBIFS fails).
444 *
445 * This function is called before erasing NOR PEBs and it zeroes out EC and VID
446 * magic numbers in order to invalidate them and prevent the failures. Returns
447 * zero in case of success and a negative error code in case of failure.
448 */
449static int nor_erase_prepare(struct ubi_device *ubi, int pnum)
450{
451 int err;
452 size_t written;
453 loff_t addr;
454 uint32_t data = 0;
455 struct ubi_ec_hdr ec_hdr;
456 struct ubi_vid_io_buf vidb;
457
458 /*
459 * Note, we cannot generally define VID header buffers on stack,
460 * because of the way we deal with these buffers (see the header
461 * comment in this file). But we know this is a NOR-specific piece of
462 * code, so we can do this. But yes, this is error-prone and we should
463 * (pre-)allocate VID header buffer instead.
464 */
465 struct ubi_vid_hdr vid_hdr;
466
467 /*
468 * If VID or EC is valid, we have to corrupt them before erasing.
469 * It is important to first invalidate the EC header, and then the VID
470 * header. Otherwise a power cut may lead to valid EC header and
471 * invalid VID header, in which case UBI will treat this PEB as
472 * corrupted and will try to preserve it, and print scary warnings.
473 */
474 addr = (loff_t)pnum * ubi->peb_size;
475 err = ubi_io_read_ec_hdr(ubi, pnum, &ec_hdr, 0);
476 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
477 err != UBI_IO_FF){
478 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
479 if(err)
480 goto error;
481 }
482
483 ubi_init_vid_buf(ubi, &vidb, &vid_hdr);
484 ubi_assert(&vid_hdr == ubi_get_vid_hdr(&vidb));
485
486 err = ubi_io_read_vid_hdr(ubi, pnum, &vidb, 0);
487 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
488 err != UBI_IO_FF){
489 addr += ubi->vid_hdr_aloffset;
490 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
491 if (err)
492 goto error;
493 }
494 return 0;
495
496error:
497 /*
498 * The PEB contains a valid VID or EC header, but we cannot invalidate
499 * it. Supposedly the flash media or the driver is screwed up, so
500 * return an error.
501 */
502 ubi_err(ubi, "cannot invalidate PEB %d, write returned %d", pnum, err);
503 ubi_dump_flash(ubi, pnum, 0, ubi->peb_size);
504 return -EIO;
505}
506
507/**
508 * ubi_io_sync_erase - synchronously erase a physical eraseblock.
509 * @ubi: UBI device description object
510 * @pnum: physical eraseblock number to erase
511 * @torture: if this physical eraseblock has to be tortured
512 *
513 * This function synchronously erases physical eraseblock @pnum. If @torture
514 * flag is not zero, the physical eraseblock is checked by means of writing
515 * different patterns to it and reading them back. If the torturing is enabled,
516 * the physical eraseblock is erased more than once.
517 *
518 * This function returns the number of erasures made in case of success, %-EIO
519 * if the erasure failed or the torturing test failed, and other negative error
520 * codes in case of other errors. Note, %-EIO means that the physical
521 * eraseblock is bad.
522 */
523int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture)
524{
525 int err, ret = 0;
526
527 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
528
529 err = self_check_not_bad(ubi, pnum);
530 if (err != 0)
531 return err;
532
533 if (ubi->ro_mode) {
534 ubi_err(ubi, "read-only mode");
535 return -EROFS;
536 }
537
538 /*
539 * If the flash is ECC-ed then we have to erase the ECC block before we
540 * can write to it. But the write is in preparation to an erase in the
541 * first place. This means we cannot zero out EC and VID before the
542 * erase and we just have to hope the flash starts erasing from the
543 * start of the page.
544 */
545 if (ubi->nor_flash && ubi->mtd->writesize == 1) {
546 err = nor_erase_prepare(ubi, pnum);
547 if (err)
548 return err;
549 }
550
551 if (torture) {
552 ret = torture_peb(ubi, pnum);
553 if (ret < 0)
554 return ret;
555 }
556
557 err = do_sync_erase(ubi, pnum);
558 if (err)
559 return err;
560
561 return ret + 1;
562}
563
564/**
565 * ubi_io_is_bad - check if a physical eraseblock is bad.
566 * @ubi: UBI device description object
567 * @pnum: the physical eraseblock number to check
568 *
569 * This function returns a positive number if the physical eraseblock is bad,
570 * zero if not, and a negative error code if an error occurred.
571 */
572int ubi_io_is_bad(const struct ubi_device *ubi, int pnum)
573{
574 struct mtd_info *mtd = ubi->mtd;
575
576 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
577
578 if (ubi->bad_allowed) {
579 int ret;
580
581 ret = mtd_block_isbad(mtd, (loff_t)pnum * ubi->peb_size);
582 if (ret < 0)
583 ubi_err(ubi, "error %d while checking if PEB %d is bad",
584 ret, pnum);
585 else if (ret)
586 dbg_io("PEB %d is bad", pnum);
587 return ret;
588 }
589
590 return 0;
591}
592
593/**
594 * ubi_io_mark_bad - mark a physical eraseblock as bad.
595 * @ubi: UBI device description object
596 * @pnum: the physical eraseblock number to mark
597 *
598 * This function returns zero in case of success and a negative error code in
599 * case of failure.
600 */
601int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum)
602{
603 int err;
604 struct mtd_info *mtd = ubi->mtd;
605
606 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
607
608 if (ubi->ro_mode) {
609 ubi_err(ubi, "read-only mode");
610 return -EROFS;
611 }
612
613 if (!ubi->bad_allowed)
614 return 0;
615
616 err = mtd_block_markbad(mtd, (loff_t)pnum * ubi->peb_size);
617 if (err)
618 ubi_err(ubi, "cannot mark PEB %d bad, error %d", pnum, err);
619 return err;
620}
621
622/**
623 * validate_ec_hdr - validate an erase counter header.
624 * @ubi: UBI device description object
625 * @ec_hdr: the erase counter header to check
626 *
627 * This function returns zero if the erase counter header is OK, and %1 if
628 * not.
629 */
630static int validate_ec_hdr(const struct ubi_device *ubi,
631 const struct ubi_ec_hdr *ec_hdr)
632{
633 long long ec;
634 int vid_hdr_offset, leb_start;
635
636 ec = be64_to_cpu(ec_hdr->ec);
637 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset);
638 leb_start = be32_to_cpu(ec_hdr->data_offset);
639
640 if (ec_hdr->version != UBI_VERSION) {
641 ubi_err(ubi, "node with incompatible UBI version found: this UBI version is %d, image version is %d",
642 UBI_VERSION, (int)ec_hdr->version);
643 goto bad;
644 }
645
646 if (vid_hdr_offset != ubi->vid_hdr_offset) {
647 ubi_err(ubi, "bad VID header offset %d, expected %d",
648 vid_hdr_offset, ubi->vid_hdr_offset);
649 goto bad;
650 }
651
652 if (leb_start != ubi->leb_start) {
653 ubi_err(ubi, "bad data offset %d, expected %d",
654 leb_start, ubi->leb_start);
655 goto bad;
656 }
657
658 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) {
659 ubi_err(ubi, "bad erase counter %lld", ec);
660 goto bad;
661 }
662
663 return 0;
664
665bad:
666 ubi_err(ubi, "bad EC header");
667 ubi_dump_ec_hdr(ec_hdr);
668 dump_stack();
669 return 1;
670}
671
672/**
673 * ubi_io_read_ec_hdr - read and check an erase counter header.
674 * @ubi: UBI device description object
675 * @pnum: physical eraseblock to read from
676 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter
677 * header
678 * @verbose: be verbose if the header is corrupted or was not found
679 *
680 * This function reads erase counter header from physical eraseblock @pnum and
681 * stores it in @ec_hdr. This function also checks CRC checksum of the read
682 * erase counter header. The following codes may be returned:
683 *
684 * o %0 if the CRC checksum is correct and the header was successfully read;
685 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected
686 * and corrected by the flash driver; this is harmless but may indicate that
687 * this eraseblock may become bad soon (but may be not);
688 * o %UBI_IO_BAD_HDR if the erase counter header is corrupted (a CRC error);
689 * o %UBI_IO_BAD_HDR_EBADMSG is the same as %UBI_IO_BAD_HDR, but there also was
690 * a data integrity error (uncorrectable ECC error in case of NAND);
691 * o %UBI_IO_FF if only 0xFF bytes were read (the PEB is supposedly empty)
692 * o a negative error code in case of failure.
693 */
694int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum,
695 struct ubi_ec_hdr *ec_hdr, int verbose)
696{
697 int err, read_err;
698 uint32_t crc, magic, hdr_crc;
699
700 dbg_io("read EC header from PEB %d", pnum);
701 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
702
703 read_err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
704 if (read_err) {
705 if (read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
706 return read_err;
707
708 /*
709 * We read all the data, but either a correctable bit-flip
710 * occurred, or MTD reported a data integrity error
711 * (uncorrectable ECC error in case of NAND). The former is
712 * harmless, the later may mean that the read data is
713 * corrupted. But we have a CRC check-sum and we will detect
714 * this. If the EC header is still OK, we just report this as
715 * there was a bit-flip, to force scrubbing.
716 */
717 }
718
719 magic = be32_to_cpu(ec_hdr->magic);
720 if (magic != UBI_EC_HDR_MAGIC) {
721 if (mtd_is_eccerr(read_err))
722 return UBI_IO_BAD_HDR_EBADMSG;
723
724 /*
725 * The magic field is wrong. Let's check if we have read all
726 * 0xFF. If yes, this physical eraseblock is assumed to be
727 * empty.
728 */
729 if (ubi_check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) {
730 /* The physical eraseblock is supposedly empty */
731 if (verbose)
732 ubi_warn(ubi, "no EC header found at PEB %d, only 0xFF bytes",
733 pnum);
734 dbg_bld("no EC header found at PEB %d, only 0xFF bytes",
735 pnum);
736 if (!read_err)
737 return UBI_IO_FF;
738 else
739 return UBI_IO_FF_BITFLIPS;
740 }
741
742 /*
743 * This is not a valid erase counter header, and these are not
744 * 0xFF bytes. Report that the header is corrupted.
745 */
746 if (verbose) {
747 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
748 pnum, magic, UBI_EC_HDR_MAGIC);
749 ubi_dump_ec_hdr(ec_hdr);
750 }
751 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
752 pnum, magic, UBI_EC_HDR_MAGIC);
753 return UBI_IO_BAD_HDR;
754 }
755
756 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
757 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
758
759 if (hdr_crc != crc) {
760 if (verbose) {
761 ubi_warn(ubi, "bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
762 pnum, crc, hdr_crc);
763 ubi_dump_ec_hdr(ec_hdr);
764 }
765 dbg_bld("bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
766 pnum, crc, hdr_crc);
767
768 if (!read_err)
769 return UBI_IO_BAD_HDR;
770 else
771 return UBI_IO_BAD_HDR_EBADMSG;
772 }
773
774 /* And of course validate what has just been read from the media */
775 err = validate_ec_hdr(ubi, ec_hdr);
776 if (err) {
777 ubi_err(ubi, "validation failed for PEB %d", pnum);
778 return -EINVAL;
779 }
780
781 /*
782 * If there was %-EBADMSG, but the header CRC is still OK, report about
783 * a bit-flip to force scrubbing on this PEB.
784 */
785 return read_err ? UBI_IO_BITFLIPS : 0;
786}
787
788/**
789 * ubi_io_write_ec_hdr - write an erase counter header.
790 * @ubi: UBI device description object
791 * @pnum: physical eraseblock to write to
792 * @ec_hdr: the erase counter header to write
793 *
794 * This function writes erase counter header described by @ec_hdr to physical
795 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so
796 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec
797 * field.
798 *
799 * This function returns zero in case of success and a negative error code in
800 * case of failure. If %-EIO is returned, the physical eraseblock most probably
801 * went bad.
802 */
803int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum,
804 struct ubi_ec_hdr *ec_hdr)
805{
806 int err;
807 uint32_t crc;
808
809 dbg_io("write EC header to PEB %d", pnum);
810 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
811
812 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC);
813 ec_hdr->version = UBI_VERSION;
814 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset);
815 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start);
816 ec_hdr->image_seq = cpu_to_be32(ubi->image_seq);
817 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
818 ec_hdr->hdr_crc = cpu_to_be32(crc);
819
820 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
821 if (err)
822 return err;
823
824 if (ubi_dbg_power_cut(ubi, POWER_CUT_EC_WRITE))
825 return -EROFS;
826
827 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize);
828 return err;
829}
830
831/**
832 * validate_vid_hdr - validate a volume identifier header.
833 * @ubi: UBI device description object
834 * @vid_hdr: the volume identifier header to check
835 *
836 * This function checks that data stored in the volume identifier header
837 * @vid_hdr. Returns zero if the VID header is OK and %1 if not.
838 */
839static int validate_vid_hdr(const struct ubi_device *ubi,
840 const struct ubi_vid_hdr *vid_hdr)
841{
842 int vol_type = vid_hdr->vol_type;
843 int copy_flag = vid_hdr->copy_flag;
844 int vol_id = be32_to_cpu(vid_hdr->vol_id);
845 int lnum = be32_to_cpu(vid_hdr->lnum);
846 int compat = vid_hdr->compat;
847 int data_size = be32_to_cpu(vid_hdr->data_size);
848 int used_ebs = be32_to_cpu(vid_hdr->used_ebs);
849 int data_pad = be32_to_cpu(vid_hdr->data_pad);
850 int data_crc = be32_to_cpu(vid_hdr->data_crc);
851 int usable_leb_size = ubi->leb_size - data_pad;
852
853 if (copy_flag != 0 && copy_flag != 1) {
854 ubi_err(ubi, "bad copy_flag");
855 goto bad;
856 }
857
858 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 ||
859 data_pad < 0) {
860 ubi_err(ubi, "negative values");
861 goto bad;
862 }
863
864 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) {
865 ubi_err(ubi, "bad vol_id");
866 goto bad;
867 }
868
869 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) {
870 ubi_err(ubi, "bad compat");
871 goto bad;
872 }
873
874 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE &&
875 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE &&
876 compat != UBI_COMPAT_REJECT) {
877 ubi_err(ubi, "bad compat");
878 goto bad;
879 }
880
881 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) {
882 ubi_err(ubi, "bad vol_type");
883 goto bad;
884 }
885
886 if (data_pad >= ubi->leb_size / 2) {
887 ubi_err(ubi, "bad data_pad");
888 goto bad;
889 }
890
891 if (data_size > ubi->leb_size) {
892 ubi_err(ubi, "bad data_size");
893 goto bad;
894 }
895
896 if (vol_type == UBI_VID_STATIC) {
897 /*
898 * Although from high-level point of view static volumes may
899 * contain zero bytes of data, but no VID headers can contain
900 * zero at these fields, because they empty volumes do not have
901 * mapped logical eraseblocks.
902 */
903 if (used_ebs == 0) {
904 ubi_err(ubi, "zero used_ebs");
905 goto bad;
906 }
907 if (data_size == 0) {
908 ubi_err(ubi, "zero data_size");
909 goto bad;
910 }
911 if (lnum < used_ebs - 1) {
912 if (data_size != usable_leb_size) {
913 ubi_err(ubi, "bad data_size");
914 goto bad;
915 }
916 } else if (lnum > used_ebs - 1) {
917 ubi_err(ubi, "too high lnum");
918 goto bad;
919 }
920 } else {
921 if (copy_flag == 0) {
922 if (data_crc != 0) {
923 ubi_err(ubi, "non-zero data CRC");
924 goto bad;
925 }
926 if (data_size != 0) {
927 ubi_err(ubi, "non-zero data_size");
928 goto bad;
929 }
930 } else {
931 if (data_size == 0) {
932 ubi_err(ubi, "zero data_size of copy");
933 goto bad;
934 }
935 }
936 if (used_ebs != 0) {
937 ubi_err(ubi, "bad used_ebs");
938 goto bad;
939 }
940 }
941
942 return 0;
943
944bad:
945 ubi_err(ubi, "bad VID header");
946 ubi_dump_vid_hdr(vid_hdr);
947 dump_stack();
948 return 1;
949}
950
951/**
952 * ubi_io_read_vid_hdr - read and check a volume identifier header.
953 * @ubi: UBI device description object
954 * @pnum: physical eraseblock number to read from
955 * @vidb: the volume identifier buffer to store data in
956 * @verbose: be verbose if the header is corrupted or wasn't found
957 *
958 * This function reads the volume identifier header from physical eraseblock
959 * @pnum and stores it in @vidb. It also checks CRC checksum of the read
960 * volume identifier header. The error codes are the same as in
961 * 'ubi_io_read_ec_hdr()'.
962 *
963 * Note, the implementation of this function is also very similar to
964 * 'ubi_io_read_ec_hdr()', so refer commentaries in 'ubi_io_read_ec_hdr()'.
965 */
966int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum,
967 struct ubi_vid_io_buf *vidb, int verbose)
968{
969 int err, read_err;
970 uint32_t crc, magic, hdr_crc;
971 struct ubi_vid_hdr *vid_hdr = ubi_get_vid_hdr(vidb);
972 void *p = vidb->buffer;
973
974 dbg_io("read VID header from PEB %d", pnum);
975 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
976
977 read_err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
978 ubi->vid_hdr_shift + UBI_VID_HDR_SIZE);
979 if (read_err && read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
980 return read_err;
981
982 magic = be32_to_cpu(vid_hdr->magic);
983 if (magic != UBI_VID_HDR_MAGIC) {
984 if (mtd_is_eccerr(read_err))
985 return UBI_IO_BAD_HDR_EBADMSG;
986
987 if (ubi_check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) {
988 if (verbose)
989 ubi_warn(ubi, "no VID header found at PEB %d, only 0xFF bytes",
990 pnum);
991 dbg_bld("no VID header found at PEB %d, only 0xFF bytes",
992 pnum);
993 if (!read_err)
994 return UBI_IO_FF;
995 else
996 return UBI_IO_FF_BITFLIPS;
997 }
998
999 if (verbose) {
1000 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
1001 pnum, magic, UBI_VID_HDR_MAGIC);
1002 ubi_dump_vid_hdr(vid_hdr);
1003 }
1004 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
1005 pnum, magic, UBI_VID_HDR_MAGIC);
1006 return UBI_IO_BAD_HDR;
1007 }
1008
1009 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1010 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1011
1012 if (hdr_crc != crc) {
1013 if (verbose) {
1014 ubi_warn(ubi, "bad CRC at PEB %d, calculated %#08x, read %#08x",
1015 pnum, crc, hdr_crc);
1016 ubi_dump_vid_hdr(vid_hdr);
1017 }
1018 dbg_bld("bad CRC at PEB %d, calculated %#08x, read %#08x",
1019 pnum, crc, hdr_crc);
1020 if (!read_err)
1021 return UBI_IO_BAD_HDR;
1022 else
1023 return UBI_IO_BAD_HDR_EBADMSG;
1024 }
1025
1026 err = validate_vid_hdr(ubi, vid_hdr);
1027 if (err) {
1028 ubi_err(ubi, "validation failed for PEB %d", pnum);
1029 return -EINVAL;
1030 }
1031
1032 return read_err ? UBI_IO_BITFLIPS : 0;
1033}
1034
1035/**
1036 * ubi_io_write_vid_hdr - write a volume identifier header.
1037 * @ubi: UBI device description object
1038 * @pnum: the physical eraseblock number to write to
1039 * @vidb: the volume identifier buffer to write
1040 *
1041 * This function writes the volume identifier header described by @vid_hdr to
1042 * physical eraseblock @pnum. This function automatically fills the
1043 * @vidb->hdr->magic and the @vidb->hdr->version fields, as well as calculates
1044 * header CRC checksum and stores it at vidb->hdr->hdr_crc.
1045 *
1046 * This function returns zero in case of success and a negative error code in
1047 * case of failure. If %-EIO is returned, the physical eraseblock probably went
1048 * bad.
1049 */
1050int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum,
1051 struct ubi_vid_io_buf *vidb)
1052{
1053 struct ubi_vid_hdr *vid_hdr = ubi_get_vid_hdr(vidb);
1054 int err;
1055 uint32_t crc;
1056 void *p = vidb->buffer;
1057
1058 dbg_io("write VID header to PEB %d", pnum);
1059 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1060
1061 err = self_check_peb_ec_hdr(ubi, pnum);
1062 if (err)
1063 return err;
1064
1065 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC);
1066 vid_hdr->version = UBI_VERSION;
1067 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1068 vid_hdr->hdr_crc = cpu_to_be32(crc);
1069
1070 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1071 if (err)
1072 return err;
1073
1074 if (ubi_dbg_power_cut(ubi, POWER_CUT_VID_WRITE))
1075 return -EROFS;
1076
1077 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset,
1078 ubi->vid_hdr_alsize);
1079 return err;
1080}
1081
1082/**
1083 * self_check_not_bad - ensure that a physical eraseblock is not bad.
1084 * @ubi: UBI device description object
1085 * @pnum: physical eraseblock number to check
1086 *
1087 * This function returns zero if the physical eraseblock is good, %-EINVAL if
1088 * it is bad and a negative error code if an error occurred.
1089 */
1090static int self_check_not_bad(const struct ubi_device *ubi, int pnum)
1091{
1092 int err;
1093
1094 if (!ubi_dbg_chk_io(ubi))
1095 return 0;
1096
1097 err = ubi_io_is_bad(ubi, pnum);
1098 if (!err)
1099 return err;
1100
1101 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1102 dump_stack();
1103 return err > 0 ? -EINVAL : err;
1104}
1105
1106/**
1107 * self_check_ec_hdr - check if an erase counter header is all right.
1108 * @ubi: UBI device description object
1109 * @pnum: physical eraseblock number the erase counter header belongs to
1110 * @ec_hdr: the erase counter header to check
1111 *
1112 * This function returns zero if the erase counter header contains valid
1113 * values, and %-EINVAL if not.
1114 */
1115static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
1116 const struct ubi_ec_hdr *ec_hdr)
1117{
1118 int err;
1119 uint32_t magic;
1120
1121 if (!ubi_dbg_chk_io(ubi))
1122 return 0;
1123
1124 magic = be32_to_cpu(ec_hdr->magic);
1125 if (magic != UBI_EC_HDR_MAGIC) {
1126 ubi_err(ubi, "bad magic %#08x, must be %#08x",
1127 magic, UBI_EC_HDR_MAGIC);
1128 goto fail;
1129 }
1130
1131 err = validate_ec_hdr(ubi, ec_hdr);
1132 if (err) {
1133 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1134 goto fail;
1135 }
1136
1137 return 0;
1138
1139fail:
1140 ubi_dump_ec_hdr(ec_hdr);
1141 dump_stack();
1142 return -EINVAL;
1143}
1144
1145/**
1146 * self_check_peb_ec_hdr - check erase counter header.
1147 * @ubi: UBI device description object
1148 * @pnum: the physical eraseblock number to check
1149 *
1150 * This function returns zero if the erase counter header is all right and
1151 * a negative error code if not or if an error occurred.
1152 */
1153static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum)
1154{
1155 int err;
1156 uint32_t crc, hdr_crc;
1157 struct ubi_ec_hdr *ec_hdr;
1158
1159 if (!ubi_dbg_chk_io(ubi))
1160 return 0;
1161
1162 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS);
1163 if (!ec_hdr)
1164 return -ENOMEM;
1165
1166 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
1167 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1168 goto exit;
1169
1170 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
1171 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
1172 if (hdr_crc != crc) {
1173 ubi_err(ubi, "bad CRC, calculated %#08x, read %#08x",
1174 crc, hdr_crc);
1175 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1176 ubi_dump_ec_hdr(ec_hdr);
1177 dump_stack();
1178 err = -EINVAL;
1179 goto exit;
1180 }
1181
1182 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
1183
1184exit:
1185 kfree(ec_hdr);
1186 return err;
1187}
1188
1189/**
1190 * self_check_vid_hdr - check that a volume identifier header is all right.
1191 * @ubi: UBI device description object
1192 * @pnum: physical eraseblock number the volume identifier header belongs to
1193 * @vid_hdr: the volume identifier header to check
1194 *
1195 * This function returns zero if the volume identifier header is all right, and
1196 * %-EINVAL if not.
1197 */
1198static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
1199 const struct ubi_vid_hdr *vid_hdr)
1200{
1201 int err;
1202 uint32_t magic;
1203
1204 if (!ubi_dbg_chk_io(ubi))
1205 return 0;
1206
1207 magic = be32_to_cpu(vid_hdr->magic);
1208 if (magic != UBI_VID_HDR_MAGIC) {
1209 ubi_err(ubi, "bad VID header magic %#08x at PEB %d, must be %#08x",
1210 magic, pnum, UBI_VID_HDR_MAGIC);
1211 goto fail;
1212 }
1213
1214 err = validate_vid_hdr(ubi, vid_hdr);
1215 if (err) {
1216 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1217 goto fail;
1218 }
1219
1220 return err;
1221
1222fail:
1223 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1224 ubi_dump_vid_hdr(vid_hdr);
1225 dump_stack();
1226 return -EINVAL;
1227
1228}
1229
1230/**
1231 * self_check_peb_vid_hdr - check volume identifier header.
1232 * @ubi: UBI device description object
1233 * @pnum: the physical eraseblock number to check
1234 *
1235 * This function returns zero if the volume identifier header is all right,
1236 * and a negative error code if not or if an error occurred.
1237 */
1238static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum)
1239{
1240 int err;
1241 uint32_t crc, hdr_crc;
1242 struct ubi_vid_io_buf *vidb;
1243 struct ubi_vid_hdr *vid_hdr;
1244 void *p;
1245
1246 if (!ubi_dbg_chk_io(ubi))
1247 return 0;
1248
1249 vidb = ubi_alloc_vid_buf(ubi, GFP_NOFS);
1250 if (!vidb)
1251 return -ENOMEM;
1252
1253 vid_hdr = ubi_get_vid_hdr(vidb);
1254 p = vidb->buffer;
1255 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1256 ubi->vid_hdr_alsize);
1257 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1258 goto exit;
1259
1260 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1261 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1262 if (hdr_crc != crc) {
1263 ubi_err(ubi, "bad VID header CRC at PEB %d, calculated %#08x, read %#08x",
1264 pnum, crc, hdr_crc);
1265 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1266 ubi_dump_vid_hdr(vid_hdr);
1267 dump_stack();
1268 err = -EINVAL;
1269 goto exit;
1270 }
1271
1272 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1273
1274exit:
1275 ubi_free_vid_buf(vidb);
1276 return err;
1277}
1278
1279/**
1280 * self_check_write - make sure write succeeded.
1281 * @ubi: UBI device description object
1282 * @buf: buffer with data which were written
1283 * @pnum: physical eraseblock number the data were written to
1284 * @offset: offset within the physical eraseblock the data were written to
1285 * @len: how many bytes were written
1286 *
1287 * This functions reads data which were recently written and compares it with
1288 * the original data buffer - the data have to match. Returns zero if the data
1289 * match and a negative error code if not or in case of failure.
1290 */
1291static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
1292 int offset, int len)
1293{
1294 int err, i;
1295 size_t read;
1296 void *buf1;
1297 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1298
1299 if (!ubi_dbg_chk_io(ubi))
1300 return 0;
1301
1302 buf1 = __vmalloc(len, GFP_NOFS);
1303 if (!buf1) {
1304 ubi_err(ubi, "cannot allocate memory to check writes");
1305 return 0;
1306 }
1307
1308 err = mtd_read(ubi->mtd, addr, len, &read, buf1);
1309 if (err && !mtd_is_bitflip(err))
1310 goto out_free;
1311
1312 for (i = 0; i < len; i++) {
1313 uint8_t c = ((uint8_t *)buf)[i];
1314 uint8_t c1 = ((uint8_t *)buf1)[i];
1315 int dump_len;
1316
1317 if (c == c1)
1318 continue;
1319
1320 ubi_err(ubi, "self-check failed for PEB %d:%d, len %d",
1321 pnum, offset, len);
1322 ubi_msg(ubi, "data differ at position %d", i);
1323 dump_len = max_t(int, 128, len - i);
1324 ubi_msg(ubi, "hex dump of the original buffer from %d to %d",
1325 i, i + dump_len);
1326 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1327 buf + i, dump_len, 1);
1328 ubi_msg(ubi, "hex dump of the read buffer from %d to %d",
1329 i, i + dump_len);
1330 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1331 buf1 + i, dump_len, 1);
1332 dump_stack();
1333 err = -EINVAL;
1334 goto out_free;
1335 }
1336
1337 vfree(buf1);
1338 return 0;
1339
1340out_free:
1341 vfree(buf1);
1342 return err;
1343}
1344
1345/**
1346 * ubi_self_check_all_ff - check that a region of flash is empty.
1347 * @ubi: UBI device description object
1348 * @pnum: the physical eraseblock number to check
1349 * @offset: the starting offset within the physical eraseblock to check
1350 * @len: the length of the region to check
1351 *
1352 * This function returns zero if only 0xFF bytes are present at offset
1353 * @offset of the physical eraseblock @pnum, and a negative error code if not
1354 * or if an error occurred.
1355 */
1356int ubi_self_check_all_ff(struct ubi_device *ubi, int pnum, int offset, int len)
1357{
1358 size_t read;
1359 int err;
1360 void *buf;
1361 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1362
1363 if (!ubi_dbg_chk_io(ubi))
1364 return 0;
1365
1366 buf = __vmalloc(len, GFP_NOFS);
1367 if (!buf) {
1368 ubi_err(ubi, "cannot allocate memory to check for 0xFFs");
1369 return 0;
1370 }
1371
1372 err = mtd_read(ubi->mtd, addr, len, &read, buf);
1373 if (err && !mtd_is_bitflip(err)) {
1374 ubi_err(ubi, "err %d while reading %d bytes from PEB %d:%d, read %zd bytes",
1375 err, len, pnum, offset, read);
1376 goto error;
1377 }
1378
1379 err = ubi_check_pattern(buf, 0xFF, len);
1380 if (err == 0) {
1381 ubi_err(ubi, "flash region at PEB %d:%d, length %d does not contain all 0xFF bytes",
1382 pnum, offset, len);
1383 goto fail;
1384 }
1385
1386 vfree(buf);
1387 return 0;
1388
1389fail:
1390 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1391 ubi_msg(ubi, "hex dump of the %d-%d region", offset, offset + len);
1392 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1, buf, len, 1);
1393 err = -EINVAL;
1394error:
1395 dump_stack();
1396 vfree(buf);
1397 return err;
1398}
1/*
2 * Copyright (c) International Business Machines Corp., 2006
3 * Copyright (c) Nokia Corporation, 2006, 2007
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
13 * the GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 *
19 * Author: Artem Bityutskiy (Битюцкий Артём)
20 */
21
22/*
23 * UBI input/output sub-system.
24 *
25 * This sub-system provides a uniform way to work with all kinds of the
26 * underlying MTD devices. It also implements handy functions for reading and
27 * writing UBI headers.
28 *
29 * We are trying to have a paranoid mindset and not to trust to what we read
30 * from the flash media in order to be more secure and robust. So this
31 * sub-system validates every single header it reads from the flash media.
32 *
33 * Some words about how the eraseblock headers are stored.
34 *
35 * The erase counter header is always stored at offset zero. By default, the
36 * VID header is stored after the EC header at the closest aligned offset
37 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID
38 * header at the closest aligned offset. But this default layout may be
39 * changed. For example, for different reasons (e.g., optimization) UBI may be
40 * asked to put the VID header at further offset, and even at an unaligned
41 * offset. Of course, if the offset of the VID header is unaligned, UBI adds
42 * proper padding in front of it. Data offset may also be changed but it has to
43 * be aligned.
44 *
45 * About minimal I/O units. In general, UBI assumes flash device model where
46 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1,
47 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the
48 * @ubi->mtd->writesize field. But as an exception, UBI admits of using another
49 * (smaller) minimal I/O unit size for EC and VID headers to make it possible
50 * to do different optimizations.
51 *
52 * This is extremely useful in case of NAND flashes which admit of several
53 * write operations to one NAND page. In this case UBI can fit EC and VID
54 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal
55 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still
56 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI
57 * users.
58 *
59 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so
60 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID
61 * headers.
62 *
63 * Q: why not just to treat sub-page as a minimal I/O unit of this flash
64 * device, e.g., make @ubi->min_io_size = 512 in the example above?
65 *
66 * A: because when writing a sub-page, MTD still writes a full 2K page but the
67 * bytes which are not relevant to the sub-page are 0xFF. So, basically,
68 * writing 4x512 sub-pages is 4 times slower than writing one 2KiB NAND page.
69 * Thus, we prefer to use sub-pages only for EC and VID headers.
70 *
71 * As it was noted above, the VID header may start at a non-aligned offset.
72 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page,
73 * the VID header may reside at offset 1984 which is the last 64 bytes of the
74 * last sub-page (EC header is always at offset zero). This causes some
75 * difficulties when reading and writing VID headers.
76 *
77 * Suppose we have a 64-byte buffer and we read a VID header at it. We change
78 * the data and want to write this VID header out. As we can only write in
79 * 512-byte chunks, we have to allocate one more buffer and copy our VID header
80 * to offset 448 of this buffer.
81 *
82 * The I/O sub-system does the following trick in order to avoid this extra
83 * copy. It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID
84 * header and returns a pointer to offset @ubi->vid_hdr_shift of this buffer.
85 * When the VID header is being written out, it shifts the VID header pointer
86 * back and writes the whole sub-page.
87 */
88
89#include <linux/crc32.h>
90#include <linux/err.h>
91#include <linux/slab.h>
92#include "ubi.h"
93
94#ifdef CONFIG_MTD_UBI_DEBUG
95static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum);
96static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum);
97static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum,
98 const struct ubi_ec_hdr *ec_hdr);
99static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum);
100static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum,
101 const struct ubi_vid_hdr *vid_hdr);
102#else
103#define paranoid_check_not_bad(ubi, pnum) 0
104#define paranoid_check_peb_ec_hdr(ubi, pnum) 0
105#define paranoid_check_ec_hdr(ubi, pnum, ec_hdr) 0
106#define paranoid_check_peb_vid_hdr(ubi, pnum) 0
107#define paranoid_check_vid_hdr(ubi, pnum, vid_hdr) 0
108#endif
109
110/**
111 * ubi_io_read - read data from a physical eraseblock.
112 * @ubi: UBI device description object
113 * @buf: buffer where to store the read data
114 * @pnum: physical eraseblock number to read from
115 * @offset: offset within the physical eraseblock from where to read
116 * @len: how many bytes to read
117 *
118 * This function reads data from offset @offset of physical eraseblock @pnum
119 * and stores the read data in the @buf buffer. The following return codes are
120 * possible:
121 *
122 * o %0 if all the requested data were successfully read;
123 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but
124 * correctable bit-flips were detected; this is harmless but may indicate
125 * that this eraseblock may become bad soon (but do not have to);
126 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for
127 * example it can be an ECC error in case of NAND; this most probably means
128 * that the data is corrupted;
129 * o %-EIO if some I/O error occurred;
130 * o other negative error codes in case of other errors.
131 */
132int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset,
133 int len)
134{
135 int err, retries = 0;
136 size_t read;
137 loff_t addr;
138
139 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset);
140
141 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
142 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
143 ubi_assert(len > 0);
144
145 err = paranoid_check_not_bad(ubi, pnum);
146 if (err)
147 return err;
148
149 /*
150 * Deliberately corrupt the buffer to improve robustness. Indeed, if we
151 * do not do this, the following may happen:
152 * 1. The buffer contains data from previous operation, e.g., read from
153 * another PEB previously. The data looks like expected, e.g., if we
154 * just do not read anything and return - the caller would not
155 * notice this. E.g., if we are reading a VID header, the buffer may
156 * contain a valid VID header from another PEB.
157 * 2. The driver is buggy and returns us success or -EBADMSG or
158 * -EUCLEAN, but it does not actually put any data to the buffer.
159 *
160 * This may confuse UBI or upper layers - they may think the buffer
161 * contains valid data while in fact it is just old data. This is
162 * especially possible because UBI (and UBIFS) relies on CRC, and
163 * treats data as correct even in case of ECC errors if the CRC is
164 * correct.
165 *
166 * Try to prevent this situation by changing the first byte of the
167 * buffer.
168 */
169 *((uint8_t *)buf) ^= 0xFF;
170
171 addr = (loff_t)pnum * ubi->peb_size + offset;
172retry:
173 err = ubi->mtd->read(ubi->mtd, addr, len, &read, buf);
174 if (err) {
175 const char *errstr = (err == -EBADMSG) ? " (ECC error)" : "";
176
177 if (err == -EUCLEAN) {
178 /*
179 * -EUCLEAN is reported if there was a bit-flip which
180 * was corrected, so this is harmless.
181 *
182 * We do not report about it here unless debugging is
183 * enabled. A corresponding message will be printed
184 * later, when it is has been scrubbed.
185 */
186 dbg_msg("fixable bit-flip detected at PEB %d", pnum);
187 ubi_assert(len == read);
188 return UBI_IO_BITFLIPS;
189 }
190
191 if (retries++ < UBI_IO_RETRIES) {
192 dbg_io("error %d%s while reading %d bytes from PEB "
193 "%d:%d, read only %zd bytes, retry",
194 err, errstr, len, pnum, offset, read);
195 yield();
196 goto retry;
197 }
198
199 ubi_err("error %d%s while reading %d bytes from PEB %d:%d, "
200 "read %zd bytes", err, errstr, len, pnum, offset, read);
201 ubi_dbg_dump_stack();
202
203 /*
204 * The driver should never return -EBADMSG if it failed to read
205 * all the requested data. But some buggy drivers might do
206 * this, so we change it to -EIO.
207 */
208 if (read != len && err == -EBADMSG) {
209 ubi_assert(0);
210 err = -EIO;
211 }
212 } else {
213 ubi_assert(len == read);
214
215 if (ubi_dbg_is_bitflip(ubi)) {
216 dbg_gen("bit-flip (emulated)");
217 err = UBI_IO_BITFLIPS;
218 }
219 }
220
221 return err;
222}
223
224/**
225 * ubi_io_write - write data to a physical eraseblock.
226 * @ubi: UBI device description object
227 * @buf: buffer with the data to write
228 * @pnum: physical eraseblock number to write to
229 * @offset: offset within the physical eraseblock where to write
230 * @len: how many bytes to write
231 *
232 * This function writes @len bytes of data from buffer @buf to offset @offset
233 * of physical eraseblock @pnum. If all the data were successfully written,
234 * zero is returned. If an error occurred, this function returns a negative
235 * error code. If %-EIO is returned, the physical eraseblock most probably went
236 * bad.
237 *
238 * Note, in case of an error, it is possible that something was still written
239 * to the flash media, but may be some garbage.
240 */
241int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset,
242 int len)
243{
244 int err;
245 size_t written;
246 loff_t addr;
247
248 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset);
249
250 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
251 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
252 ubi_assert(offset % ubi->hdrs_min_io_size == 0);
253 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0);
254
255 if (ubi->ro_mode) {
256 ubi_err("read-only mode");
257 return -EROFS;
258 }
259
260 /* The below has to be compiled out if paranoid checks are disabled */
261
262 err = paranoid_check_not_bad(ubi, pnum);
263 if (err)
264 return err;
265
266 /* The area we are writing to has to contain all 0xFF bytes */
267 err = ubi_dbg_check_all_ff(ubi, pnum, offset, len);
268 if (err)
269 return err;
270
271 if (offset >= ubi->leb_start) {
272 /*
273 * We write to the data area of the physical eraseblock. Make
274 * sure it has valid EC and VID headers.
275 */
276 err = paranoid_check_peb_ec_hdr(ubi, pnum);
277 if (err)
278 return err;
279 err = paranoid_check_peb_vid_hdr(ubi, pnum);
280 if (err)
281 return err;
282 }
283
284 if (ubi_dbg_is_write_failure(ubi)) {
285 dbg_err("cannot write %d bytes to PEB %d:%d "
286 "(emulated)", len, pnum, offset);
287 ubi_dbg_dump_stack();
288 return -EIO;
289 }
290
291 addr = (loff_t)pnum * ubi->peb_size + offset;
292 err = ubi->mtd->write(ubi->mtd, addr, len, &written, buf);
293 if (err) {
294 ubi_err("error %d while writing %d bytes to PEB %d:%d, written "
295 "%zd bytes", err, len, pnum, offset, written);
296 ubi_dbg_dump_stack();
297 ubi_dbg_dump_flash(ubi, pnum, offset, len);
298 } else
299 ubi_assert(written == len);
300
301 if (!err) {
302 err = ubi_dbg_check_write(ubi, buf, pnum, offset, len);
303 if (err)
304 return err;
305
306 /*
307 * Since we always write sequentially, the rest of the PEB has
308 * to contain only 0xFF bytes.
309 */
310 offset += len;
311 len = ubi->peb_size - offset;
312 if (len)
313 err = ubi_dbg_check_all_ff(ubi, pnum, offset, len);
314 }
315
316 return err;
317}
318
319/**
320 * erase_callback - MTD erasure call-back.
321 * @ei: MTD erase information object.
322 *
323 * Note, even though MTD erase interface is asynchronous, all the current
324 * implementations are synchronous anyway.
325 */
326static void erase_callback(struct erase_info *ei)
327{
328 wake_up_interruptible((wait_queue_head_t *)ei->priv);
329}
330
331/**
332 * do_sync_erase - synchronously erase a physical eraseblock.
333 * @ubi: UBI device description object
334 * @pnum: the physical eraseblock number to erase
335 *
336 * This function synchronously erases physical eraseblock @pnum and returns
337 * zero in case of success and a negative error code in case of failure. If
338 * %-EIO is returned, the physical eraseblock most probably went bad.
339 */
340static int do_sync_erase(struct ubi_device *ubi, int pnum)
341{
342 int err, retries = 0;
343 struct erase_info ei;
344 wait_queue_head_t wq;
345
346 dbg_io("erase PEB %d", pnum);
347 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
348
349 if (ubi->ro_mode) {
350 ubi_err("read-only mode");
351 return -EROFS;
352 }
353
354retry:
355 init_waitqueue_head(&wq);
356 memset(&ei, 0, sizeof(struct erase_info));
357
358 ei.mtd = ubi->mtd;
359 ei.addr = (loff_t)pnum * ubi->peb_size;
360 ei.len = ubi->peb_size;
361 ei.callback = erase_callback;
362 ei.priv = (unsigned long)&wq;
363
364 err = ubi->mtd->erase(ubi->mtd, &ei);
365 if (err) {
366 if (retries++ < UBI_IO_RETRIES) {
367 dbg_io("error %d while erasing PEB %d, retry",
368 err, pnum);
369 yield();
370 goto retry;
371 }
372 ubi_err("cannot erase PEB %d, error %d", pnum, err);
373 ubi_dbg_dump_stack();
374 return err;
375 }
376
377 err = wait_event_interruptible(wq, ei.state == MTD_ERASE_DONE ||
378 ei.state == MTD_ERASE_FAILED);
379 if (err) {
380 ubi_err("interrupted PEB %d erasure", pnum);
381 return -EINTR;
382 }
383
384 if (ei.state == MTD_ERASE_FAILED) {
385 if (retries++ < UBI_IO_RETRIES) {
386 dbg_io("error while erasing PEB %d, retry", pnum);
387 yield();
388 goto retry;
389 }
390 ubi_err("cannot erase PEB %d", pnum);
391 ubi_dbg_dump_stack();
392 return -EIO;
393 }
394
395 err = ubi_dbg_check_all_ff(ubi, pnum, 0, ubi->peb_size);
396 if (err)
397 return err;
398
399 if (ubi_dbg_is_erase_failure(ubi)) {
400 dbg_err("cannot erase PEB %d (emulated)", pnum);
401 return -EIO;
402 }
403
404 return 0;
405}
406
407/* Patterns to write to a physical eraseblock when torturing it */
408static uint8_t patterns[] = {0xa5, 0x5a, 0x0};
409
410/**
411 * torture_peb - test a supposedly bad physical eraseblock.
412 * @ubi: UBI device description object
413 * @pnum: the physical eraseblock number to test
414 *
415 * This function returns %-EIO if the physical eraseblock did not pass the
416 * test, a positive number of erase operations done if the test was
417 * successfully passed, and other negative error codes in case of other errors.
418 */
419static int torture_peb(struct ubi_device *ubi, int pnum)
420{
421 int err, i, patt_count;
422
423 ubi_msg("run torture test for PEB %d", pnum);
424 patt_count = ARRAY_SIZE(patterns);
425 ubi_assert(patt_count > 0);
426
427 mutex_lock(&ubi->buf_mutex);
428 for (i = 0; i < patt_count; i++) {
429 err = do_sync_erase(ubi, pnum);
430 if (err)
431 goto out;
432
433 /* Make sure the PEB contains only 0xFF bytes */
434 err = ubi_io_read(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size);
435 if (err)
436 goto out;
437
438 err = ubi_check_pattern(ubi->peb_buf1, 0xFF, ubi->peb_size);
439 if (err == 0) {
440 ubi_err("erased PEB %d, but a non-0xFF byte found",
441 pnum);
442 err = -EIO;
443 goto out;
444 }
445
446 /* Write a pattern and check it */
447 memset(ubi->peb_buf1, patterns[i], ubi->peb_size);
448 err = ubi_io_write(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size);
449 if (err)
450 goto out;
451
452 memset(ubi->peb_buf1, ~patterns[i], ubi->peb_size);
453 err = ubi_io_read(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size);
454 if (err)
455 goto out;
456
457 err = ubi_check_pattern(ubi->peb_buf1, patterns[i],
458 ubi->peb_size);
459 if (err == 0) {
460 ubi_err("pattern %x checking failed for PEB %d",
461 patterns[i], pnum);
462 err = -EIO;
463 goto out;
464 }
465 }
466
467 err = patt_count;
468 ubi_msg("PEB %d passed torture test, do not mark it as bad", pnum);
469
470out:
471 mutex_unlock(&ubi->buf_mutex);
472 if (err == UBI_IO_BITFLIPS || err == -EBADMSG) {
473 /*
474 * If a bit-flip or data integrity error was detected, the test
475 * has not passed because it happened on a freshly erased
476 * physical eraseblock which means something is wrong with it.
477 */
478 ubi_err("read problems on freshly erased PEB %d, must be bad",
479 pnum);
480 err = -EIO;
481 }
482 return err;
483}
484
485/**
486 * nor_erase_prepare - prepare a NOR flash PEB for erasure.
487 * @ubi: UBI device description object
488 * @pnum: physical eraseblock number to prepare
489 *
490 * NOR flash, or at least some of them, have peculiar embedded PEB erasure
491 * algorithm: the PEB is first filled with zeroes, then it is erased. And
492 * filling with zeroes starts from the end of the PEB. This was observed with
493 * Spansion S29GL512N NOR flash.
494 *
495 * This means that in case of a power cut we may end up with intact data at the
496 * beginning of the PEB, and all zeroes at the end of PEB. In other words, the
497 * EC and VID headers are OK, but a large chunk of data at the end of PEB is
498 * zeroed. This makes UBI mistakenly treat this PEB as used and associate it
499 * with an LEB, which leads to subsequent failures (e.g., UBIFS fails).
500 *
501 * This function is called before erasing NOR PEBs and it zeroes out EC and VID
502 * magic numbers in order to invalidate them and prevent the failures. Returns
503 * zero in case of success and a negative error code in case of failure.
504 */
505static int nor_erase_prepare(struct ubi_device *ubi, int pnum)
506{
507 int err, err1;
508 size_t written;
509 loff_t addr;
510 uint32_t data = 0;
511 /*
512 * Note, we cannot generally define VID header buffers on stack,
513 * because of the way we deal with these buffers (see the header
514 * comment in this file). But we know this is a NOR-specific piece of
515 * code, so we can do this. But yes, this is error-prone and we should
516 * (pre-)allocate VID header buffer instead.
517 */
518 struct ubi_vid_hdr vid_hdr;
519
520 /*
521 * It is important to first invalidate the EC header, and then the VID
522 * header. Otherwise a power cut may lead to valid EC header and
523 * invalid VID header, in which case UBI will treat this PEB as
524 * corrupted and will try to preserve it, and print scary warnings (see
525 * the header comment in scan.c for more information).
526 */
527 addr = (loff_t)pnum * ubi->peb_size;
528 err = ubi->mtd->write(ubi->mtd, addr, 4, &written, (void *)&data);
529 if (!err) {
530 addr += ubi->vid_hdr_aloffset;
531 err = ubi->mtd->write(ubi->mtd, addr, 4, &written,
532 (void *)&data);
533 if (!err)
534 return 0;
535 }
536
537 /*
538 * We failed to write to the media. This was observed with Spansion
539 * S29GL512N NOR flash. Most probably the previously eraseblock erasure
540 * was interrupted at a very inappropriate moment, so it became
541 * unwritable. In this case we probably anyway have garbage in this
542 * PEB.
543 */
544 err1 = ubi_io_read_vid_hdr(ubi, pnum, &vid_hdr, 0);
545 if (err1 == UBI_IO_BAD_HDR_EBADMSG || err1 == UBI_IO_BAD_HDR ||
546 err1 == UBI_IO_FF) {
547 struct ubi_ec_hdr ec_hdr;
548
549 err1 = ubi_io_read_ec_hdr(ubi, pnum, &ec_hdr, 0);
550 if (err1 == UBI_IO_BAD_HDR_EBADMSG || err1 == UBI_IO_BAD_HDR ||
551 err1 == UBI_IO_FF)
552 /*
553 * Both VID and EC headers are corrupted, so we can
554 * safely erase this PEB and not afraid that it will be
555 * treated as a valid PEB in case of an unclean reboot.
556 */
557 return 0;
558 }
559
560 /*
561 * The PEB contains a valid VID header, but we cannot invalidate it.
562 * Supposedly the flash media or the driver is screwed up, so return an
563 * error.
564 */
565 ubi_err("cannot invalidate PEB %d, write returned %d read returned %d",
566 pnum, err, err1);
567 ubi_dbg_dump_flash(ubi, pnum, 0, ubi->peb_size);
568 return -EIO;
569}
570
571/**
572 * ubi_io_sync_erase - synchronously erase a physical eraseblock.
573 * @ubi: UBI device description object
574 * @pnum: physical eraseblock number to erase
575 * @torture: if this physical eraseblock has to be tortured
576 *
577 * This function synchronously erases physical eraseblock @pnum. If @torture
578 * flag is not zero, the physical eraseblock is checked by means of writing
579 * different patterns to it and reading them back. If the torturing is enabled,
580 * the physical eraseblock is erased more than once.
581 *
582 * This function returns the number of erasures made in case of success, %-EIO
583 * if the erasure failed or the torturing test failed, and other negative error
584 * codes in case of other errors. Note, %-EIO means that the physical
585 * eraseblock is bad.
586 */
587int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture)
588{
589 int err, ret = 0;
590
591 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
592
593 err = paranoid_check_not_bad(ubi, pnum);
594 if (err != 0)
595 return err;
596
597 if (ubi->ro_mode) {
598 ubi_err("read-only mode");
599 return -EROFS;
600 }
601
602 if (ubi->nor_flash) {
603 err = nor_erase_prepare(ubi, pnum);
604 if (err)
605 return err;
606 }
607
608 if (torture) {
609 ret = torture_peb(ubi, pnum);
610 if (ret < 0)
611 return ret;
612 }
613
614 err = do_sync_erase(ubi, pnum);
615 if (err)
616 return err;
617
618 return ret + 1;
619}
620
621/**
622 * ubi_io_is_bad - check if a physical eraseblock is bad.
623 * @ubi: UBI device description object
624 * @pnum: the physical eraseblock number to check
625 *
626 * This function returns a positive number if the physical eraseblock is bad,
627 * zero if not, and a negative error code if an error occurred.
628 */
629int ubi_io_is_bad(const struct ubi_device *ubi, int pnum)
630{
631 struct mtd_info *mtd = ubi->mtd;
632
633 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
634
635 if (ubi->bad_allowed) {
636 int ret;
637
638 ret = mtd->block_isbad(mtd, (loff_t)pnum * ubi->peb_size);
639 if (ret < 0)
640 ubi_err("error %d while checking if PEB %d is bad",
641 ret, pnum);
642 else if (ret)
643 dbg_io("PEB %d is bad", pnum);
644 return ret;
645 }
646
647 return 0;
648}
649
650/**
651 * ubi_io_mark_bad - mark a physical eraseblock as bad.
652 * @ubi: UBI device description object
653 * @pnum: the physical eraseblock number to mark
654 *
655 * This function returns zero in case of success and a negative error code in
656 * case of failure.
657 */
658int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum)
659{
660 int err;
661 struct mtd_info *mtd = ubi->mtd;
662
663 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
664
665 if (ubi->ro_mode) {
666 ubi_err("read-only mode");
667 return -EROFS;
668 }
669
670 if (!ubi->bad_allowed)
671 return 0;
672
673 err = mtd->block_markbad(mtd, (loff_t)pnum * ubi->peb_size);
674 if (err)
675 ubi_err("cannot mark PEB %d bad, error %d", pnum, err);
676 return err;
677}
678
679/**
680 * validate_ec_hdr - validate an erase counter header.
681 * @ubi: UBI device description object
682 * @ec_hdr: the erase counter header to check
683 *
684 * This function returns zero if the erase counter header is OK, and %1 if
685 * not.
686 */
687static int validate_ec_hdr(const struct ubi_device *ubi,
688 const struct ubi_ec_hdr *ec_hdr)
689{
690 long long ec;
691 int vid_hdr_offset, leb_start;
692
693 ec = be64_to_cpu(ec_hdr->ec);
694 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset);
695 leb_start = be32_to_cpu(ec_hdr->data_offset);
696
697 if (ec_hdr->version != UBI_VERSION) {
698 ubi_err("node with incompatible UBI version found: "
699 "this UBI version is %d, image version is %d",
700 UBI_VERSION, (int)ec_hdr->version);
701 goto bad;
702 }
703
704 if (vid_hdr_offset != ubi->vid_hdr_offset) {
705 ubi_err("bad VID header offset %d, expected %d",
706 vid_hdr_offset, ubi->vid_hdr_offset);
707 goto bad;
708 }
709
710 if (leb_start != ubi->leb_start) {
711 ubi_err("bad data offset %d, expected %d",
712 leb_start, ubi->leb_start);
713 goto bad;
714 }
715
716 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) {
717 ubi_err("bad erase counter %lld", ec);
718 goto bad;
719 }
720
721 return 0;
722
723bad:
724 ubi_err("bad EC header");
725 ubi_dbg_dump_ec_hdr(ec_hdr);
726 ubi_dbg_dump_stack();
727 return 1;
728}
729
730/**
731 * ubi_io_read_ec_hdr - read and check an erase counter header.
732 * @ubi: UBI device description object
733 * @pnum: physical eraseblock to read from
734 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter
735 * header
736 * @verbose: be verbose if the header is corrupted or was not found
737 *
738 * This function reads erase counter header from physical eraseblock @pnum and
739 * stores it in @ec_hdr. This function also checks CRC checksum of the read
740 * erase counter header. The following codes may be returned:
741 *
742 * o %0 if the CRC checksum is correct and the header was successfully read;
743 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected
744 * and corrected by the flash driver; this is harmless but may indicate that
745 * this eraseblock may become bad soon (but may be not);
746 * o %UBI_IO_BAD_HDR if the erase counter header is corrupted (a CRC error);
747 * o %UBI_IO_BAD_HDR_EBADMSG is the same as %UBI_IO_BAD_HDR, but there also was
748 * a data integrity error (uncorrectable ECC error in case of NAND);
749 * o %UBI_IO_FF if only 0xFF bytes were read (the PEB is supposedly empty)
750 * o a negative error code in case of failure.
751 */
752int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum,
753 struct ubi_ec_hdr *ec_hdr, int verbose)
754{
755 int err, read_err;
756 uint32_t crc, magic, hdr_crc;
757
758 dbg_io("read EC header from PEB %d", pnum);
759 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
760
761 read_err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
762 if (read_err) {
763 if (read_err != UBI_IO_BITFLIPS && read_err != -EBADMSG)
764 return read_err;
765
766 /*
767 * We read all the data, but either a correctable bit-flip
768 * occurred, or MTD reported a data integrity error
769 * (uncorrectable ECC error in case of NAND). The former is
770 * harmless, the later may mean that the read data is
771 * corrupted. But we have a CRC check-sum and we will detect
772 * this. If the EC header is still OK, we just report this as
773 * there was a bit-flip, to force scrubbing.
774 */
775 }
776
777 magic = be32_to_cpu(ec_hdr->magic);
778 if (magic != UBI_EC_HDR_MAGIC) {
779 if (read_err == -EBADMSG)
780 return UBI_IO_BAD_HDR_EBADMSG;
781
782 /*
783 * The magic field is wrong. Let's check if we have read all
784 * 0xFF. If yes, this physical eraseblock is assumed to be
785 * empty.
786 */
787 if (ubi_check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) {
788 /* The physical eraseblock is supposedly empty */
789 if (verbose)
790 ubi_warn("no EC header found at PEB %d, "
791 "only 0xFF bytes", pnum);
792 dbg_bld("no EC header found at PEB %d, "
793 "only 0xFF bytes", pnum);
794 if (!read_err)
795 return UBI_IO_FF;
796 else
797 return UBI_IO_FF_BITFLIPS;
798 }
799
800 /*
801 * This is not a valid erase counter header, and these are not
802 * 0xFF bytes. Report that the header is corrupted.
803 */
804 if (verbose) {
805 ubi_warn("bad magic number at PEB %d: %08x instead of "
806 "%08x", pnum, magic, UBI_EC_HDR_MAGIC);
807 ubi_dbg_dump_ec_hdr(ec_hdr);
808 }
809 dbg_bld("bad magic number at PEB %d: %08x instead of "
810 "%08x", pnum, magic, UBI_EC_HDR_MAGIC);
811 return UBI_IO_BAD_HDR;
812 }
813
814 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
815 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
816
817 if (hdr_crc != crc) {
818 if (verbose) {
819 ubi_warn("bad EC header CRC at PEB %d, calculated "
820 "%#08x, read %#08x", pnum, crc, hdr_crc);
821 ubi_dbg_dump_ec_hdr(ec_hdr);
822 }
823 dbg_bld("bad EC header CRC at PEB %d, calculated "
824 "%#08x, read %#08x", pnum, crc, hdr_crc);
825
826 if (!read_err)
827 return UBI_IO_BAD_HDR;
828 else
829 return UBI_IO_BAD_HDR_EBADMSG;
830 }
831
832 /* And of course validate what has just been read from the media */
833 err = validate_ec_hdr(ubi, ec_hdr);
834 if (err) {
835 ubi_err("validation failed for PEB %d", pnum);
836 return -EINVAL;
837 }
838
839 /*
840 * If there was %-EBADMSG, but the header CRC is still OK, report about
841 * a bit-flip to force scrubbing on this PEB.
842 */
843 return read_err ? UBI_IO_BITFLIPS : 0;
844}
845
846/**
847 * ubi_io_write_ec_hdr - write an erase counter header.
848 * @ubi: UBI device description object
849 * @pnum: physical eraseblock to write to
850 * @ec_hdr: the erase counter header to write
851 *
852 * This function writes erase counter header described by @ec_hdr to physical
853 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so
854 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec
855 * field.
856 *
857 * This function returns zero in case of success and a negative error code in
858 * case of failure. If %-EIO is returned, the physical eraseblock most probably
859 * went bad.
860 */
861int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum,
862 struct ubi_ec_hdr *ec_hdr)
863{
864 int err;
865 uint32_t crc;
866
867 dbg_io("write EC header to PEB %d", pnum);
868 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
869
870 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC);
871 ec_hdr->version = UBI_VERSION;
872 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset);
873 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start);
874 ec_hdr->image_seq = cpu_to_be32(ubi->image_seq);
875 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
876 ec_hdr->hdr_crc = cpu_to_be32(crc);
877
878 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr);
879 if (err)
880 return err;
881
882 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize);
883 return err;
884}
885
886/**
887 * validate_vid_hdr - validate a volume identifier header.
888 * @ubi: UBI device description object
889 * @vid_hdr: the volume identifier header to check
890 *
891 * This function checks that data stored in the volume identifier header
892 * @vid_hdr. Returns zero if the VID header is OK and %1 if not.
893 */
894static int validate_vid_hdr(const struct ubi_device *ubi,
895 const struct ubi_vid_hdr *vid_hdr)
896{
897 int vol_type = vid_hdr->vol_type;
898 int copy_flag = vid_hdr->copy_flag;
899 int vol_id = be32_to_cpu(vid_hdr->vol_id);
900 int lnum = be32_to_cpu(vid_hdr->lnum);
901 int compat = vid_hdr->compat;
902 int data_size = be32_to_cpu(vid_hdr->data_size);
903 int used_ebs = be32_to_cpu(vid_hdr->used_ebs);
904 int data_pad = be32_to_cpu(vid_hdr->data_pad);
905 int data_crc = be32_to_cpu(vid_hdr->data_crc);
906 int usable_leb_size = ubi->leb_size - data_pad;
907
908 if (copy_flag != 0 && copy_flag != 1) {
909 dbg_err("bad copy_flag");
910 goto bad;
911 }
912
913 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 ||
914 data_pad < 0) {
915 dbg_err("negative values");
916 goto bad;
917 }
918
919 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) {
920 dbg_err("bad vol_id");
921 goto bad;
922 }
923
924 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) {
925 dbg_err("bad compat");
926 goto bad;
927 }
928
929 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE &&
930 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE &&
931 compat != UBI_COMPAT_REJECT) {
932 dbg_err("bad compat");
933 goto bad;
934 }
935
936 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) {
937 dbg_err("bad vol_type");
938 goto bad;
939 }
940
941 if (data_pad >= ubi->leb_size / 2) {
942 dbg_err("bad data_pad");
943 goto bad;
944 }
945
946 if (vol_type == UBI_VID_STATIC) {
947 /*
948 * Although from high-level point of view static volumes may
949 * contain zero bytes of data, but no VID headers can contain
950 * zero at these fields, because they empty volumes do not have
951 * mapped logical eraseblocks.
952 */
953 if (used_ebs == 0) {
954 dbg_err("zero used_ebs");
955 goto bad;
956 }
957 if (data_size == 0) {
958 dbg_err("zero data_size");
959 goto bad;
960 }
961 if (lnum < used_ebs - 1) {
962 if (data_size != usable_leb_size) {
963 dbg_err("bad data_size");
964 goto bad;
965 }
966 } else if (lnum == used_ebs - 1) {
967 if (data_size == 0) {
968 dbg_err("bad data_size at last LEB");
969 goto bad;
970 }
971 } else {
972 dbg_err("too high lnum");
973 goto bad;
974 }
975 } else {
976 if (copy_flag == 0) {
977 if (data_crc != 0) {
978 dbg_err("non-zero data CRC");
979 goto bad;
980 }
981 if (data_size != 0) {
982 dbg_err("non-zero data_size");
983 goto bad;
984 }
985 } else {
986 if (data_size == 0) {
987 dbg_err("zero data_size of copy");
988 goto bad;
989 }
990 }
991 if (used_ebs != 0) {
992 dbg_err("bad used_ebs");
993 goto bad;
994 }
995 }
996
997 return 0;
998
999bad:
1000 ubi_err("bad VID header");
1001 ubi_dbg_dump_vid_hdr(vid_hdr);
1002 ubi_dbg_dump_stack();
1003 return 1;
1004}
1005
1006/**
1007 * ubi_io_read_vid_hdr - read and check a volume identifier header.
1008 * @ubi: UBI device description object
1009 * @pnum: physical eraseblock number to read from
1010 * @vid_hdr: &struct ubi_vid_hdr object where to store the read volume
1011 * identifier header
1012 * @verbose: be verbose if the header is corrupted or wasn't found
1013 *
1014 * This function reads the volume identifier header from physical eraseblock
1015 * @pnum and stores it in @vid_hdr. It also checks CRC checksum of the read
1016 * volume identifier header. The error codes are the same as in
1017 * 'ubi_io_read_ec_hdr()'.
1018 *
1019 * Note, the implementation of this function is also very similar to
1020 * 'ubi_io_read_ec_hdr()', so refer commentaries in 'ubi_io_read_ec_hdr()'.
1021 */
1022int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum,
1023 struct ubi_vid_hdr *vid_hdr, int verbose)
1024{
1025 int err, read_err;
1026 uint32_t crc, magic, hdr_crc;
1027 void *p;
1028
1029 dbg_io("read VID header from PEB %d", pnum);
1030 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1031
1032 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1033 read_err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1034 ubi->vid_hdr_alsize);
1035 if (read_err && read_err != UBI_IO_BITFLIPS && read_err != -EBADMSG)
1036 return read_err;
1037
1038 magic = be32_to_cpu(vid_hdr->magic);
1039 if (magic != UBI_VID_HDR_MAGIC) {
1040 if (read_err == -EBADMSG)
1041 return UBI_IO_BAD_HDR_EBADMSG;
1042
1043 if (ubi_check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) {
1044 if (verbose)
1045 ubi_warn("no VID header found at PEB %d, "
1046 "only 0xFF bytes", pnum);
1047 dbg_bld("no VID header found at PEB %d, "
1048 "only 0xFF bytes", pnum);
1049 if (!read_err)
1050 return UBI_IO_FF;
1051 else
1052 return UBI_IO_FF_BITFLIPS;
1053 }
1054
1055 if (verbose) {
1056 ubi_warn("bad magic number at PEB %d: %08x instead of "
1057 "%08x", pnum, magic, UBI_VID_HDR_MAGIC);
1058 ubi_dbg_dump_vid_hdr(vid_hdr);
1059 }
1060 dbg_bld("bad magic number at PEB %d: %08x instead of "
1061 "%08x", pnum, magic, UBI_VID_HDR_MAGIC);
1062 return UBI_IO_BAD_HDR;
1063 }
1064
1065 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1066 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1067
1068 if (hdr_crc != crc) {
1069 if (verbose) {
1070 ubi_warn("bad CRC at PEB %d, calculated %#08x, "
1071 "read %#08x", pnum, crc, hdr_crc);
1072 ubi_dbg_dump_vid_hdr(vid_hdr);
1073 }
1074 dbg_bld("bad CRC at PEB %d, calculated %#08x, "
1075 "read %#08x", pnum, crc, hdr_crc);
1076 if (!read_err)
1077 return UBI_IO_BAD_HDR;
1078 else
1079 return UBI_IO_BAD_HDR_EBADMSG;
1080 }
1081
1082 err = validate_vid_hdr(ubi, vid_hdr);
1083 if (err) {
1084 ubi_err("validation failed for PEB %d", pnum);
1085 return -EINVAL;
1086 }
1087
1088 return read_err ? UBI_IO_BITFLIPS : 0;
1089}
1090
1091/**
1092 * ubi_io_write_vid_hdr - write a volume identifier header.
1093 * @ubi: UBI device description object
1094 * @pnum: the physical eraseblock number to write to
1095 * @vid_hdr: the volume identifier header to write
1096 *
1097 * This function writes the volume identifier header described by @vid_hdr to
1098 * physical eraseblock @pnum. This function automatically fills the
1099 * @vid_hdr->magic and the @vid_hdr->version fields, as well as calculates
1100 * header CRC checksum and stores it at vid_hdr->hdr_crc.
1101 *
1102 * This function returns zero in case of success and a negative error code in
1103 * case of failure. If %-EIO is returned, the physical eraseblock probably went
1104 * bad.
1105 */
1106int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum,
1107 struct ubi_vid_hdr *vid_hdr)
1108{
1109 int err;
1110 uint32_t crc;
1111 void *p;
1112
1113 dbg_io("write VID header to PEB %d", pnum);
1114 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1115
1116 err = paranoid_check_peb_ec_hdr(ubi, pnum);
1117 if (err)
1118 return err;
1119
1120 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC);
1121 vid_hdr->version = UBI_VERSION;
1122 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1123 vid_hdr->hdr_crc = cpu_to_be32(crc);
1124
1125 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr);
1126 if (err)
1127 return err;
1128
1129 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1130 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset,
1131 ubi->vid_hdr_alsize);
1132 return err;
1133}
1134
1135#ifdef CONFIG_MTD_UBI_DEBUG
1136
1137/**
1138 * paranoid_check_not_bad - ensure that a physical eraseblock is not bad.
1139 * @ubi: UBI device description object
1140 * @pnum: physical eraseblock number to check
1141 *
1142 * This function returns zero if the physical eraseblock is good, %-EINVAL if
1143 * it is bad and a negative error code if an error occurred.
1144 */
1145static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum)
1146{
1147 int err;
1148
1149 if (!ubi->dbg->chk_io)
1150 return 0;
1151
1152 err = ubi_io_is_bad(ubi, pnum);
1153 if (!err)
1154 return err;
1155
1156 ubi_err("paranoid check failed for PEB %d", pnum);
1157 ubi_dbg_dump_stack();
1158 return err > 0 ? -EINVAL : err;
1159}
1160
1161/**
1162 * paranoid_check_ec_hdr - check if an erase counter header is all right.
1163 * @ubi: UBI device description object
1164 * @pnum: physical eraseblock number the erase counter header belongs to
1165 * @ec_hdr: the erase counter header to check
1166 *
1167 * This function returns zero if the erase counter header contains valid
1168 * values, and %-EINVAL if not.
1169 */
1170static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum,
1171 const struct ubi_ec_hdr *ec_hdr)
1172{
1173 int err;
1174 uint32_t magic;
1175
1176 if (!ubi->dbg->chk_io)
1177 return 0;
1178
1179 magic = be32_to_cpu(ec_hdr->magic);
1180 if (magic != UBI_EC_HDR_MAGIC) {
1181 ubi_err("bad magic %#08x, must be %#08x",
1182 magic, UBI_EC_HDR_MAGIC);
1183 goto fail;
1184 }
1185
1186 err = validate_ec_hdr(ubi, ec_hdr);
1187 if (err) {
1188 ubi_err("paranoid check failed for PEB %d", pnum);
1189 goto fail;
1190 }
1191
1192 return 0;
1193
1194fail:
1195 ubi_dbg_dump_ec_hdr(ec_hdr);
1196 ubi_dbg_dump_stack();
1197 return -EINVAL;
1198}
1199
1200/**
1201 * paranoid_check_peb_ec_hdr - check erase counter header.
1202 * @ubi: UBI device description object
1203 * @pnum: the physical eraseblock number to check
1204 *
1205 * This function returns zero if the erase counter header is all right and and
1206 * a negative error code if not or if an error occurred.
1207 */
1208static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum)
1209{
1210 int err;
1211 uint32_t crc, hdr_crc;
1212 struct ubi_ec_hdr *ec_hdr;
1213
1214 if (!ubi->dbg->chk_io)
1215 return 0;
1216
1217 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS);
1218 if (!ec_hdr)
1219 return -ENOMEM;
1220
1221 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
1222 if (err && err != UBI_IO_BITFLIPS && err != -EBADMSG)
1223 goto exit;
1224
1225 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
1226 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
1227 if (hdr_crc != crc) {
1228 ubi_err("bad CRC, calculated %#08x, read %#08x", crc, hdr_crc);
1229 ubi_err("paranoid check failed for PEB %d", pnum);
1230 ubi_dbg_dump_ec_hdr(ec_hdr);
1231 ubi_dbg_dump_stack();
1232 err = -EINVAL;
1233 goto exit;
1234 }
1235
1236 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr);
1237
1238exit:
1239 kfree(ec_hdr);
1240 return err;
1241}
1242
1243/**
1244 * paranoid_check_vid_hdr - check that a volume identifier header is all right.
1245 * @ubi: UBI device description object
1246 * @pnum: physical eraseblock number the volume identifier header belongs to
1247 * @vid_hdr: the volume identifier header to check
1248 *
1249 * This function returns zero if the volume identifier header is all right, and
1250 * %-EINVAL if not.
1251 */
1252static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum,
1253 const struct ubi_vid_hdr *vid_hdr)
1254{
1255 int err;
1256 uint32_t magic;
1257
1258 if (!ubi->dbg->chk_io)
1259 return 0;
1260
1261 magic = be32_to_cpu(vid_hdr->magic);
1262 if (magic != UBI_VID_HDR_MAGIC) {
1263 ubi_err("bad VID header magic %#08x at PEB %d, must be %#08x",
1264 magic, pnum, UBI_VID_HDR_MAGIC);
1265 goto fail;
1266 }
1267
1268 err = validate_vid_hdr(ubi, vid_hdr);
1269 if (err) {
1270 ubi_err("paranoid check failed for PEB %d", pnum);
1271 goto fail;
1272 }
1273
1274 return err;
1275
1276fail:
1277 ubi_err("paranoid check failed for PEB %d", pnum);
1278 ubi_dbg_dump_vid_hdr(vid_hdr);
1279 ubi_dbg_dump_stack();
1280 return -EINVAL;
1281
1282}
1283
1284/**
1285 * paranoid_check_peb_vid_hdr - check volume identifier header.
1286 * @ubi: UBI device description object
1287 * @pnum: the physical eraseblock number to check
1288 *
1289 * This function returns zero if the volume identifier header is all right,
1290 * and a negative error code if not or if an error occurred.
1291 */
1292static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum)
1293{
1294 int err;
1295 uint32_t crc, hdr_crc;
1296 struct ubi_vid_hdr *vid_hdr;
1297 void *p;
1298
1299 if (!ubi->dbg->chk_io)
1300 return 0;
1301
1302 vid_hdr = ubi_zalloc_vid_hdr(ubi, GFP_NOFS);
1303 if (!vid_hdr)
1304 return -ENOMEM;
1305
1306 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1307 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1308 ubi->vid_hdr_alsize);
1309 if (err && err != UBI_IO_BITFLIPS && err != -EBADMSG)
1310 goto exit;
1311
1312 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_EC_HDR_SIZE_CRC);
1313 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1314 if (hdr_crc != crc) {
1315 ubi_err("bad VID header CRC at PEB %d, calculated %#08x, "
1316 "read %#08x", pnum, crc, hdr_crc);
1317 ubi_err("paranoid check failed for PEB %d", pnum);
1318 ubi_dbg_dump_vid_hdr(vid_hdr);
1319 ubi_dbg_dump_stack();
1320 err = -EINVAL;
1321 goto exit;
1322 }
1323
1324 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr);
1325
1326exit:
1327 ubi_free_vid_hdr(ubi, vid_hdr);
1328 return err;
1329}
1330
1331/**
1332 * ubi_dbg_check_write - make sure write succeeded.
1333 * @ubi: UBI device description object
1334 * @buf: buffer with data which were written
1335 * @pnum: physical eraseblock number the data were written to
1336 * @offset: offset within the physical eraseblock the data were written to
1337 * @len: how many bytes were written
1338 *
1339 * This functions reads data which were recently written and compares it with
1340 * the original data buffer - the data have to match. Returns zero if the data
1341 * match and a negative error code if not or in case of failure.
1342 */
1343int ubi_dbg_check_write(struct ubi_device *ubi, const void *buf, int pnum,
1344 int offset, int len)
1345{
1346 int err, i;
1347 size_t read;
1348 void *buf1;
1349 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1350
1351 if (!ubi->dbg->chk_io)
1352 return 0;
1353
1354 buf1 = __vmalloc(len, GFP_NOFS, PAGE_KERNEL);
1355 if (!buf1) {
1356 ubi_err("cannot allocate memory to check writes");
1357 return 0;
1358 }
1359
1360 err = ubi->mtd->read(ubi->mtd, addr, len, &read, buf1);
1361 if (err && err != -EUCLEAN)
1362 goto out_free;
1363
1364 for (i = 0; i < len; i++) {
1365 uint8_t c = ((uint8_t *)buf)[i];
1366 uint8_t c1 = ((uint8_t *)buf1)[i];
1367 int dump_len;
1368
1369 if (c == c1)
1370 continue;
1371
1372 ubi_err("paranoid check failed for PEB %d:%d, len %d",
1373 pnum, offset, len);
1374 ubi_msg("data differ at position %d", i);
1375 dump_len = max_t(int, 128, len - i);
1376 ubi_msg("hex dump of the original buffer from %d to %d",
1377 i, i + dump_len);
1378 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1379 buf + i, dump_len, 1);
1380 ubi_msg("hex dump of the read buffer from %d to %d",
1381 i, i + dump_len);
1382 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1383 buf1 + i, dump_len, 1);
1384 ubi_dbg_dump_stack();
1385 err = -EINVAL;
1386 goto out_free;
1387 }
1388
1389 vfree(buf1);
1390 return 0;
1391
1392out_free:
1393 vfree(buf1);
1394 return err;
1395}
1396
1397/**
1398 * ubi_dbg_check_all_ff - check that a region of flash is empty.
1399 * @ubi: UBI device description object
1400 * @pnum: the physical eraseblock number to check
1401 * @offset: the starting offset within the physical eraseblock to check
1402 * @len: the length of the region to check
1403 *
1404 * This function returns zero if only 0xFF bytes are present at offset
1405 * @offset of the physical eraseblock @pnum, and a negative error code if not
1406 * or if an error occurred.
1407 */
1408int ubi_dbg_check_all_ff(struct ubi_device *ubi, int pnum, int offset, int len)
1409{
1410 size_t read;
1411 int err;
1412 void *buf;
1413 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1414
1415 if (!ubi->dbg->chk_io)
1416 return 0;
1417
1418 buf = __vmalloc(len, GFP_NOFS, PAGE_KERNEL);
1419 if (!buf) {
1420 ubi_err("cannot allocate memory to check for 0xFFs");
1421 return 0;
1422 }
1423
1424 err = ubi->mtd->read(ubi->mtd, addr, len, &read, buf);
1425 if (err && err != -EUCLEAN) {
1426 ubi_err("error %d while reading %d bytes from PEB %d:%d, "
1427 "read %zd bytes", err, len, pnum, offset, read);
1428 goto error;
1429 }
1430
1431 err = ubi_check_pattern(buf, 0xFF, len);
1432 if (err == 0) {
1433 ubi_err("flash region at PEB %d:%d, length %d does not "
1434 "contain all 0xFF bytes", pnum, offset, len);
1435 goto fail;
1436 }
1437
1438 vfree(buf);
1439 return 0;
1440
1441fail:
1442 ubi_err("paranoid check failed for PEB %d", pnum);
1443 ubi_msg("hex dump of the %d-%d region", offset, offset + len);
1444 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1, buf, len, 1);
1445 err = -EINVAL;
1446error:
1447 ubi_dbg_dump_stack();
1448 vfree(buf);
1449 return err;
1450}
1451
1452#endif /* CONFIG_MTD_UBI_DEBUG */