Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Copyright (c) International Business Machines Corp., 2006
4 * Copyright (c) Nokia Corporation, 2006, 2007
5 *
6 * Author: Artem Bityutskiy (Битюцкий Артём)
7 */
8
9/*
10 * UBI input/output sub-system.
11 *
12 * This sub-system provides a uniform way to work with all kinds of the
13 * underlying MTD devices. It also implements handy functions for reading and
14 * writing UBI headers.
15 *
16 * We are trying to have a paranoid mindset and not to trust to what we read
17 * from the flash media in order to be more secure and robust. So this
18 * sub-system validates every single header it reads from the flash media.
19 *
20 * Some words about how the eraseblock headers are stored.
21 *
22 * The erase counter header is always stored at offset zero. By default, the
23 * VID header is stored after the EC header at the closest aligned offset
24 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID
25 * header at the closest aligned offset. But this default layout may be
26 * changed. For example, for different reasons (e.g., optimization) UBI may be
27 * asked to put the VID header at further offset, and even at an unaligned
28 * offset. Of course, if the offset of the VID header is unaligned, UBI adds
29 * proper padding in front of it. Data offset may also be changed but it has to
30 * be aligned.
31 *
32 * About minimal I/O units. In general, UBI assumes flash device model where
33 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1,
34 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the
35 * @ubi->mtd->writesize field. But as an exception, UBI admits use of another
36 * (smaller) minimal I/O unit size for EC and VID headers to make it possible
37 * to do different optimizations.
38 *
39 * This is extremely useful in case of NAND flashes which admit of several
40 * write operations to one NAND page. In this case UBI can fit EC and VID
41 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal
42 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still
43 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI
44 * users.
45 *
46 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so
47 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID
48 * headers.
49 *
50 * Q: why not just to treat sub-page as a minimal I/O unit of this flash
51 * device, e.g., make @ubi->min_io_size = 512 in the example above?
52 *
53 * A: because when writing a sub-page, MTD still writes a full 2K page but the
54 * bytes which are not relevant to the sub-page are 0xFF. So, basically,
55 * writing 4x512 sub-pages is 4 times slower than writing one 2KiB NAND page.
56 * Thus, we prefer to use sub-pages only for EC and VID headers.
57 *
58 * As it was noted above, the VID header may start at a non-aligned offset.
59 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page,
60 * the VID header may reside at offset 1984 which is the last 64 bytes of the
61 * last sub-page (EC header is always at offset zero). This causes some
62 * difficulties when reading and writing VID headers.
63 *
64 * Suppose we have a 64-byte buffer and we read a VID header at it. We change
65 * the data and want to write this VID header out. As we can only write in
66 * 512-byte chunks, we have to allocate one more buffer and copy our VID header
67 * to offset 448 of this buffer.
68 *
69 * The I/O sub-system does the following trick in order to avoid this extra
70 * copy. It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID
71 * header and returns a pointer to offset @ubi->vid_hdr_shift of this buffer.
72 * When the VID header is being written out, it shifts the VID header pointer
73 * back and writes the whole sub-page.
74 */
75
76#include <linux/crc32.h>
77#include <linux/err.h>
78#include <linux/slab.h>
79#include "ubi.h"
80
81static int self_check_not_bad(const struct ubi_device *ubi, int pnum);
82static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum);
83static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
84 const struct ubi_ec_hdr *ec_hdr);
85static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum);
86static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
87 const struct ubi_vid_hdr *vid_hdr);
88static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
89 int offset, int len);
90
91/**
92 * ubi_io_read - read data from a physical eraseblock.
93 * @ubi: UBI device description object
94 * @buf: buffer where to store the read data
95 * @pnum: physical eraseblock number to read from
96 * @offset: offset within the physical eraseblock from where to read
97 * @len: how many bytes to read
98 *
99 * This function reads data from offset @offset of physical eraseblock @pnum
100 * and stores the read data in the @buf buffer. The following return codes are
101 * possible:
102 *
103 * o %0 if all the requested data were successfully read;
104 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but
105 * correctable bit-flips were detected; this is harmless but may indicate
106 * that this eraseblock may become bad soon (but do not have to);
107 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for
108 * example it can be an ECC error in case of NAND; this most probably means
109 * that the data is corrupted;
110 * o %-EIO if some I/O error occurred;
111 * o other negative error codes in case of other errors.
112 */
113int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset,
114 int len)
115{
116 int err, retries = 0;
117 size_t read;
118 loff_t addr;
119
120 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset);
121
122 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
123 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
124 ubi_assert(len > 0);
125
126 err = self_check_not_bad(ubi, pnum);
127 if (err)
128 return err;
129
130 /*
131 * Deliberately corrupt the buffer to improve robustness. Indeed, if we
132 * do not do this, the following may happen:
133 * 1. The buffer contains data from previous operation, e.g., read from
134 * another PEB previously. The data looks like expected, e.g., if we
135 * just do not read anything and return - the caller would not
136 * notice this. E.g., if we are reading a VID header, the buffer may
137 * contain a valid VID header from another PEB.
138 * 2. The driver is buggy and returns us success or -EBADMSG or
139 * -EUCLEAN, but it does not actually put any data to the buffer.
140 *
141 * This may confuse UBI or upper layers - they may think the buffer
142 * contains valid data while in fact it is just old data. This is
143 * especially possible because UBI (and UBIFS) relies on CRC, and
144 * treats data as correct even in case of ECC errors if the CRC is
145 * correct.
146 *
147 * Try to prevent this situation by changing the first byte of the
148 * buffer.
149 */
150 *((uint8_t *)buf) ^= 0xFF;
151
152 addr = (loff_t)pnum * ubi->peb_size + offset;
153retry:
154 err = mtd_read(ubi->mtd, addr, len, &read, buf);
155 if (err) {
156 const char *errstr = mtd_is_eccerr(err) ? " (ECC error)" : "";
157
158 if (mtd_is_bitflip(err)) {
159 /*
160 * -EUCLEAN is reported if there was a bit-flip which
161 * was corrected, so this is harmless.
162 *
163 * We do not report about it here unless debugging is
164 * enabled. A corresponding message will be printed
165 * later, when it is has been scrubbed.
166 */
167 ubi_msg(ubi, "fixable bit-flip detected at PEB %d",
168 pnum);
169 ubi_assert(len == read);
170 return UBI_IO_BITFLIPS;
171 }
172
173 if (retries++ < UBI_IO_RETRIES) {
174 ubi_warn(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read only %zd bytes, retry",
175 err, errstr, len, pnum, offset, read);
176 yield();
177 goto retry;
178 }
179
180 ubi_err(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read %zd bytes",
181 err, errstr, len, pnum, offset, read);
182 dump_stack();
183
184 /*
185 * The driver should never return -EBADMSG if it failed to read
186 * all the requested data. But some buggy drivers might do
187 * this, so we change it to -EIO.
188 */
189 if (read != len && mtd_is_eccerr(err)) {
190 ubi_assert(0);
191 err = -EIO;
192 }
193 } else {
194 ubi_assert(len == read);
195
196 if (ubi_dbg_is_bitflip(ubi)) {
197 dbg_gen("bit-flip (emulated)");
198 err = UBI_IO_BITFLIPS;
199 }
200 }
201
202 return err;
203}
204
205/**
206 * ubi_io_write - write data to a physical eraseblock.
207 * @ubi: UBI device description object
208 * @buf: buffer with the data to write
209 * @pnum: physical eraseblock number to write to
210 * @offset: offset within the physical eraseblock where to write
211 * @len: how many bytes to write
212 *
213 * This function writes @len bytes of data from buffer @buf to offset @offset
214 * of physical eraseblock @pnum. If all the data were successfully written,
215 * zero is returned. If an error occurred, this function returns a negative
216 * error code. If %-EIO is returned, the physical eraseblock most probably went
217 * bad.
218 *
219 * Note, in case of an error, it is possible that something was still written
220 * to the flash media, but may be some garbage.
221 */
222int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset,
223 int len)
224{
225 int err;
226 size_t written;
227 loff_t addr;
228
229 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset);
230
231 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
232 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
233 ubi_assert(offset % ubi->hdrs_min_io_size == 0);
234 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0);
235
236 if (ubi->ro_mode) {
237 ubi_err(ubi, "read-only mode");
238 return -EROFS;
239 }
240
241 err = self_check_not_bad(ubi, pnum);
242 if (err)
243 return err;
244
245 /* The area we are writing to has to contain all 0xFF bytes */
246 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
247 if (err)
248 return err;
249
250 if (offset >= ubi->leb_start) {
251 /*
252 * We write to the data area of the physical eraseblock. Make
253 * sure it has valid EC and VID headers.
254 */
255 err = self_check_peb_ec_hdr(ubi, pnum);
256 if (err)
257 return err;
258 err = self_check_peb_vid_hdr(ubi, pnum);
259 if (err)
260 return err;
261 }
262
263 if (ubi_dbg_is_write_failure(ubi)) {
264 ubi_err(ubi, "cannot write %d bytes to PEB %d:%d (emulated)",
265 len, pnum, offset);
266 dump_stack();
267 return -EIO;
268 }
269
270 addr = (loff_t)pnum * ubi->peb_size + offset;
271 err = mtd_write(ubi->mtd, addr, len, &written, buf);
272 if (err) {
273 ubi_err(ubi, "error %d while writing %d bytes to PEB %d:%d, written %zd bytes",
274 err, len, pnum, offset, written);
275 dump_stack();
276 ubi_dump_flash(ubi, pnum, offset, len);
277 } else
278 ubi_assert(written == len);
279
280 if (!err) {
281 err = self_check_write(ubi, buf, pnum, offset, len);
282 if (err)
283 return err;
284
285 /*
286 * Since we always write sequentially, the rest of the PEB has
287 * to contain only 0xFF bytes.
288 */
289 offset += len;
290 len = ubi->peb_size - offset;
291 if (len)
292 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
293 }
294
295 return err;
296}
297
298/**
299 * do_sync_erase - synchronously erase a physical eraseblock.
300 * @ubi: UBI device description object
301 * @pnum: the physical eraseblock number to erase
302 *
303 * This function synchronously erases physical eraseblock @pnum and returns
304 * zero in case of success and a negative error code in case of failure. If
305 * %-EIO is returned, the physical eraseblock most probably went bad.
306 */
307static int do_sync_erase(struct ubi_device *ubi, int pnum)
308{
309 int err, retries = 0;
310 struct erase_info ei;
311
312 dbg_io("erase PEB %d", pnum);
313 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
314
315 if (ubi->ro_mode) {
316 ubi_err(ubi, "read-only mode");
317 return -EROFS;
318 }
319
320retry:
321 memset(&ei, 0, sizeof(struct erase_info));
322
323 ei.addr = (loff_t)pnum * ubi->peb_size;
324 ei.len = ubi->peb_size;
325
326 err = mtd_erase(ubi->mtd, &ei);
327 if (err) {
328 if (retries++ < UBI_IO_RETRIES) {
329 ubi_warn(ubi, "error %d while erasing PEB %d, retry",
330 err, pnum);
331 yield();
332 goto retry;
333 }
334 ubi_err(ubi, "cannot erase PEB %d, error %d", pnum, err);
335 dump_stack();
336 return err;
337 }
338
339 err = ubi_self_check_all_ff(ubi, pnum, 0, ubi->peb_size);
340 if (err)
341 return err;
342
343 if (ubi_dbg_is_erase_failure(ubi)) {
344 ubi_err(ubi, "cannot erase PEB %d (emulated)", pnum);
345 return -EIO;
346 }
347
348 return 0;
349}
350
351/* Patterns to write to a physical eraseblock when torturing it */
352static uint8_t patterns[] = {0xa5, 0x5a, 0x0};
353
354/**
355 * torture_peb - test a supposedly bad physical eraseblock.
356 * @ubi: UBI device description object
357 * @pnum: the physical eraseblock number to test
358 *
359 * This function returns %-EIO if the physical eraseblock did not pass the
360 * test, a positive number of erase operations done if the test was
361 * successfully passed, and other negative error codes in case of other errors.
362 */
363static int torture_peb(struct ubi_device *ubi, int pnum)
364{
365 int err, i, patt_count;
366
367 ubi_msg(ubi, "run torture test for PEB %d", pnum);
368 patt_count = ARRAY_SIZE(patterns);
369 ubi_assert(patt_count > 0);
370
371 mutex_lock(&ubi->buf_mutex);
372 for (i = 0; i < patt_count; i++) {
373 err = do_sync_erase(ubi, pnum);
374 if (err)
375 goto out;
376
377 /* Make sure the PEB contains only 0xFF bytes */
378 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
379 if (err)
380 goto out;
381
382 err = ubi_check_pattern(ubi->peb_buf, 0xFF, ubi->peb_size);
383 if (err == 0) {
384 ubi_err(ubi, "erased PEB %d, but a non-0xFF byte found",
385 pnum);
386 err = -EIO;
387 goto out;
388 }
389
390 /* Write a pattern and check it */
391 memset(ubi->peb_buf, patterns[i], ubi->peb_size);
392 err = ubi_io_write(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
393 if (err)
394 goto out;
395
396 memset(ubi->peb_buf, ~patterns[i], ubi->peb_size);
397 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
398 if (err)
399 goto out;
400
401 err = ubi_check_pattern(ubi->peb_buf, patterns[i],
402 ubi->peb_size);
403 if (err == 0) {
404 ubi_err(ubi, "pattern %x checking failed for PEB %d",
405 patterns[i], pnum);
406 err = -EIO;
407 goto out;
408 }
409 }
410
411 err = patt_count;
412 ubi_msg(ubi, "PEB %d passed torture test, do not mark it as bad", pnum);
413
414out:
415 mutex_unlock(&ubi->buf_mutex);
416 if (err == UBI_IO_BITFLIPS || mtd_is_eccerr(err)) {
417 /*
418 * If a bit-flip or data integrity error was detected, the test
419 * has not passed because it happened on a freshly erased
420 * physical eraseblock which means something is wrong with it.
421 */
422 ubi_err(ubi, "read problems on freshly erased PEB %d, must be bad",
423 pnum);
424 err = -EIO;
425 }
426 return err;
427}
428
429/**
430 * nor_erase_prepare - prepare a NOR flash PEB for erasure.
431 * @ubi: UBI device description object
432 * @pnum: physical eraseblock number to prepare
433 *
434 * NOR flash, or at least some of them, have peculiar embedded PEB erasure
435 * algorithm: the PEB is first filled with zeroes, then it is erased. And
436 * filling with zeroes starts from the end of the PEB. This was observed with
437 * Spansion S29GL512N NOR flash.
438 *
439 * This means that in case of a power cut we may end up with intact data at the
440 * beginning of the PEB, and all zeroes at the end of PEB. In other words, the
441 * EC and VID headers are OK, but a large chunk of data at the end of PEB is
442 * zeroed. This makes UBI mistakenly treat this PEB as used and associate it
443 * with an LEB, which leads to subsequent failures (e.g., UBIFS fails).
444 *
445 * This function is called before erasing NOR PEBs and it zeroes out EC and VID
446 * magic numbers in order to invalidate them and prevent the failures. Returns
447 * zero in case of success and a negative error code in case of failure.
448 */
449static int nor_erase_prepare(struct ubi_device *ubi, int pnum)
450{
451 int err;
452 size_t written;
453 loff_t addr;
454 uint32_t data = 0;
455 struct ubi_ec_hdr ec_hdr;
456 struct ubi_vid_io_buf vidb;
457
458 /*
459 * Note, we cannot generally define VID header buffers on stack,
460 * because of the way we deal with these buffers (see the header
461 * comment in this file). But we know this is a NOR-specific piece of
462 * code, so we can do this. But yes, this is error-prone and we should
463 * (pre-)allocate VID header buffer instead.
464 */
465 struct ubi_vid_hdr vid_hdr;
466
467 /*
468 * If VID or EC is valid, we have to corrupt them before erasing.
469 * It is important to first invalidate the EC header, and then the VID
470 * header. Otherwise a power cut may lead to valid EC header and
471 * invalid VID header, in which case UBI will treat this PEB as
472 * corrupted and will try to preserve it, and print scary warnings.
473 */
474 addr = (loff_t)pnum * ubi->peb_size;
475 err = ubi_io_read_ec_hdr(ubi, pnum, &ec_hdr, 0);
476 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
477 err != UBI_IO_FF){
478 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
479 if(err)
480 goto error;
481 }
482
483 ubi_init_vid_buf(ubi, &vidb, &vid_hdr);
484 ubi_assert(&vid_hdr == ubi_get_vid_hdr(&vidb));
485
486 err = ubi_io_read_vid_hdr(ubi, pnum, &vidb, 0);
487 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
488 err != UBI_IO_FF){
489 addr += ubi->vid_hdr_aloffset;
490 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
491 if (err)
492 goto error;
493 }
494 return 0;
495
496error:
497 /*
498 * The PEB contains a valid VID or EC header, but we cannot invalidate
499 * it. Supposedly the flash media or the driver is screwed up, so
500 * return an error.
501 */
502 ubi_err(ubi, "cannot invalidate PEB %d, write returned %d", pnum, err);
503 ubi_dump_flash(ubi, pnum, 0, ubi->peb_size);
504 return -EIO;
505}
506
507/**
508 * ubi_io_sync_erase - synchronously erase a physical eraseblock.
509 * @ubi: UBI device description object
510 * @pnum: physical eraseblock number to erase
511 * @torture: if this physical eraseblock has to be tortured
512 *
513 * This function synchronously erases physical eraseblock @pnum. If @torture
514 * flag is not zero, the physical eraseblock is checked by means of writing
515 * different patterns to it and reading them back. If the torturing is enabled,
516 * the physical eraseblock is erased more than once.
517 *
518 * This function returns the number of erasures made in case of success, %-EIO
519 * if the erasure failed or the torturing test failed, and other negative error
520 * codes in case of other errors. Note, %-EIO means that the physical
521 * eraseblock is bad.
522 */
523int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture)
524{
525 int err, ret = 0;
526
527 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
528
529 err = self_check_not_bad(ubi, pnum);
530 if (err != 0)
531 return err;
532
533 if (ubi->ro_mode) {
534 ubi_err(ubi, "read-only mode");
535 return -EROFS;
536 }
537
538 /*
539 * If the flash is ECC-ed then we have to erase the ECC block before we
540 * can write to it. But the write is in preparation to an erase in the
541 * first place. This means we cannot zero out EC and VID before the
542 * erase and we just have to hope the flash starts erasing from the
543 * start of the page.
544 */
545 if (ubi->nor_flash && ubi->mtd->writesize == 1) {
546 err = nor_erase_prepare(ubi, pnum);
547 if (err)
548 return err;
549 }
550
551 if (torture) {
552 ret = torture_peb(ubi, pnum);
553 if (ret < 0)
554 return ret;
555 }
556
557 err = do_sync_erase(ubi, pnum);
558 if (err)
559 return err;
560
561 return ret + 1;
562}
563
564/**
565 * ubi_io_is_bad - check if a physical eraseblock is bad.
566 * @ubi: UBI device description object
567 * @pnum: the physical eraseblock number to check
568 *
569 * This function returns a positive number if the physical eraseblock is bad,
570 * zero if not, and a negative error code if an error occurred.
571 */
572int ubi_io_is_bad(const struct ubi_device *ubi, int pnum)
573{
574 struct mtd_info *mtd = ubi->mtd;
575
576 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
577
578 if (ubi->bad_allowed) {
579 int ret;
580
581 ret = mtd_block_isbad(mtd, (loff_t)pnum * ubi->peb_size);
582 if (ret < 0)
583 ubi_err(ubi, "error %d while checking if PEB %d is bad",
584 ret, pnum);
585 else if (ret)
586 dbg_io("PEB %d is bad", pnum);
587 return ret;
588 }
589
590 return 0;
591}
592
593/**
594 * ubi_io_mark_bad - mark a physical eraseblock as bad.
595 * @ubi: UBI device description object
596 * @pnum: the physical eraseblock number to mark
597 *
598 * This function returns zero in case of success and a negative error code in
599 * case of failure.
600 */
601int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum)
602{
603 int err;
604 struct mtd_info *mtd = ubi->mtd;
605
606 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
607
608 if (ubi->ro_mode) {
609 ubi_err(ubi, "read-only mode");
610 return -EROFS;
611 }
612
613 if (!ubi->bad_allowed)
614 return 0;
615
616 err = mtd_block_markbad(mtd, (loff_t)pnum * ubi->peb_size);
617 if (err)
618 ubi_err(ubi, "cannot mark PEB %d bad, error %d", pnum, err);
619 return err;
620}
621
622/**
623 * validate_ec_hdr - validate an erase counter header.
624 * @ubi: UBI device description object
625 * @ec_hdr: the erase counter header to check
626 *
627 * This function returns zero if the erase counter header is OK, and %1 if
628 * not.
629 */
630static int validate_ec_hdr(const struct ubi_device *ubi,
631 const struct ubi_ec_hdr *ec_hdr)
632{
633 long long ec;
634 int vid_hdr_offset, leb_start;
635
636 ec = be64_to_cpu(ec_hdr->ec);
637 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset);
638 leb_start = be32_to_cpu(ec_hdr->data_offset);
639
640 if (ec_hdr->version != UBI_VERSION) {
641 ubi_err(ubi, "node with incompatible UBI version found: this UBI version is %d, image version is %d",
642 UBI_VERSION, (int)ec_hdr->version);
643 goto bad;
644 }
645
646 if (vid_hdr_offset != ubi->vid_hdr_offset) {
647 ubi_err(ubi, "bad VID header offset %d, expected %d",
648 vid_hdr_offset, ubi->vid_hdr_offset);
649 goto bad;
650 }
651
652 if (leb_start != ubi->leb_start) {
653 ubi_err(ubi, "bad data offset %d, expected %d",
654 leb_start, ubi->leb_start);
655 goto bad;
656 }
657
658 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) {
659 ubi_err(ubi, "bad erase counter %lld", ec);
660 goto bad;
661 }
662
663 return 0;
664
665bad:
666 ubi_err(ubi, "bad EC header");
667 ubi_dump_ec_hdr(ec_hdr);
668 dump_stack();
669 return 1;
670}
671
672/**
673 * ubi_io_read_ec_hdr - read and check an erase counter header.
674 * @ubi: UBI device description object
675 * @pnum: physical eraseblock to read from
676 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter
677 * header
678 * @verbose: be verbose if the header is corrupted or was not found
679 *
680 * This function reads erase counter header from physical eraseblock @pnum and
681 * stores it in @ec_hdr. This function also checks CRC checksum of the read
682 * erase counter header. The following codes may be returned:
683 *
684 * o %0 if the CRC checksum is correct and the header was successfully read;
685 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected
686 * and corrected by the flash driver; this is harmless but may indicate that
687 * this eraseblock may become bad soon (but may be not);
688 * o %UBI_IO_BAD_HDR if the erase counter header is corrupted (a CRC error);
689 * o %UBI_IO_BAD_HDR_EBADMSG is the same as %UBI_IO_BAD_HDR, but there also was
690 * a data integrity error (uncorrectable ECC error in case of NAND);
691 * o %UBI_IO_FF if only 0xFF bytes were read (the PEB is supposedly empty)
692 * o a negative error code in case of failure.
693 */
694int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum,
695 struct ubi_ec_hdr *ec_hdr, int verbose)
696{
697 int err, read_err;
698 uint32_t crc, magic, hdr_crc;
699
700 dbg_io("read EC header from PEB %d", pnum);
701 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
702
703 read_err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
704 if (read_err) {
705 if (read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
706 return read_err;
707
708 /*
709 * We read all the data, but either a correctable bit-flip
710 * occurred, or MTD reported a data integrity error
711 * (uncorrectable ECC error in case of NAND). The former is
712 * harmless, the later may mean that the read data is
713 * corrupted. But we have a CRC check-sum and we will detect
714 * this. If the EC header is still OK, we just report this as
715 * there was a bit-flip, to force scrubbing.
716 */
717 }
718
719 magic = be32_to_cpu(ec_hdr->magic);
720 if (magic != UBI_EC_HDR_MAGIC) {
721 if (mtd_is_eccerr(read_err))
722 return UBI_IO_BAD_HDR_EBADMSG;
723
724 /*
725 * The magic field is wrong. Let's check if we have read all
726 * 0xFF. If yes, this physical eraseblock is assumed to be
727 * empty.
728 */
729 if (ubi_check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) {
730 /* The physical eraseblock is supposedly empty */
731 if (verbose)
732 ubi_warn(ubi, "no EC header found at PEB %d, only 0xFF bytes",
733 pnum);
734 dbg_bld("no EC header found at PEB %d, only 0xFF bytes",
735 pnum);
736 if (!read_err)
737 return UBI_IO_FF;
738 else
739 return UBI_IO_FF_BITFLIPS;
740 }
741
742 /*
743 * This is not a valid erase counter header, and these are not
744 * 0xFF bytes. Report that the header is corrupted.
745 */
746 if (verbose) {
747 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
748 pnum, magic, UBI_EC_HDR_MAGIC);
749 ubi_dump_ec_hdr(ec_hdr);
750 }
751 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
752 pnum, magic, UBI_EC_HDR_MAGIC);
753 return UBI_IO_BAD_HDR;
754 }
755
756 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
757 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
758
759 if (hdr_crc != crc) {
760 if (verbose) {
761 ubi_warn(ubi, "bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
762 pnum, crc, hdr_crc);
763 ubi_dump_ec_hdr(ec_hdr);
764 }
765 dbg_bld("bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
766 pnum, crc, hdr_crc);
767
768 if (!read_err)
769 return UBI_IO_BAD_HDR;
770 else
771 return UBI_IO_BAD_HDR_EBADMSG;
772 }
773
774 /* And of course validate what has just been read from the media */
775 err = validate_ec_hdr(ubi, ec_hdr);
776 if (err) {
777 ubi_err(ubi, "validation failed for PEB %d", pnum);
778 return -EINVAL;
779 }
780
781 /*
782 * If there was %-EBADMSG, but the header CRC is still OK, report about
783 * a bit-flip to force scrubbing on this PEB.
784 */
785 return read_err ? UBI_IO_BITFLIPS : 0;
786}
787
788/**
789 * ubi_io_write_ec_hdr - write an erase counter header.
790 * @ubi: UBI device description object
791 * @pnum: physical eraseblock to write to
792 * @ec_hdr: the erase counter header to write
793 *
794 * This function writes erase counter header described by @ec_hdr to physical
795 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so
796 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec
797 * field.
798 *
799 * This function returns zero in case of success and a negative error code in
800 * case of failure. If %-EIO is returned, the physical eraseblock most probably
801 * went bad.
802 */
803int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum,
804 struct ubi_ec_hdr *ec_hdr)
805{
806 int err;
807 uint32_t crc;
808
809 dbg_io("write EC header to PEB %d", pnum);
810 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
811
812 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC);
813 ec_hdr->version = UBI_VERSION;
814 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset);
815 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start);
816 ec_hdr->image_seq = cpu_to_be32(ubi->image_seq);
817 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
818 ec_hdr->hdr_crc = cpu_to_be32(crc);
819
820 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
821 if (err)
822 return err;
823
824 if (ubi_dbg_power_cut(ubi, POWER_CUT_EC_WRITE))
825 return -EROFS;
826
827 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize);
828 return err;
829}
830
831/**
832 * validate_vid_hdr - validate a volume identifier header.
833 * @ubi: UBI device description object
834 * @vid_hdr: the volume identifier header to check
835 *
836 * This function checks that data stored in the volume identifier header
837 * @vid_hdr. Returns zero if the VID header is OK and %1 if not.
838 */
839static int validate_vid_hdr(const struct ubi_device *ubi,
840 const struct ubi_vid_hdr *vid_hdr)
841{
842 int vol_type = vid_hdr->vol_type;
843 int copy_flag = vid_hdr->copy_flag;
844 int vol_id = be32_to_cpu(vid_hdr->vol_id);
845 int lnum = be32_to_cpu(vid_hdr->lnum);
846 int compat = vid_hdr->compat;
847 int data_size = be32_to_cpu(vid_hdr->data_size);
848 int used_ebs = be32_to_cpu(vid_hdr->used_ebs);
849 int data_pad = be32_to_cpu(vid_hdr->data_pad);
850 int data_crc = be32_to_cpu(vid_hdr->data_crc);
851 int usable_leb_size = ubi->leb_size - data_pad;
852
853 if (copy_flag != 0 && copy_flag != 1) {
854 ubi_err(ubi, "bad copy_flag");
855 goto bad;
856 }
857
858 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 ||
859 data_pad < 0) {
860 ubi_err(ubi, "negative values");
861 goto bad;
862 }
863
864 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) {
865 ubi_err(ubi, "bad vol_id");
866 goto bad;
867 }
868
869 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) {
870 ubi_err(ubi, "bad compat");
871 goto bad;
872 }
873
874 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE &&
875 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE &&
876 compat != UBI_COMPAT_REJECT) {
877 ubi_err(ubi, "bad compat");
878 goto bad;
879 }
880
881 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) {
882 ubi_err(ubi, "bad vol_type");
883 goto bad;
884 }
885
886 if (data_pad >= ubi->leb_size / 2) {
887 ubi_err(ubi, "bad data_pad");
888 goto bad;
889 }
890
891 if (data_size > ubi->leb_size) {
892 ubi_err(ubi, "bad data_size");
893 goto bad;
894 }
895
896 if (vol_type == UBI_VID_STATIC) {
897 /*
898 * Although from high-level point of view static volumes may
899 * contain zero bytes of data, but no VID headers can contain
900 * zero at these fields, because they empty volumes do not have
901 * mapped logical eraseblocks.
902 */
903 if (used_ebs == 0) {
904 ubi_err(ubi, "zero used_ebs");
905 goto bad;
906 }
907 if (data_size == 0) {
908 ubi_err(ubi, "zero data_size");
909 goto bad;
910 }
911 if (lnum < used_ebs - 1) {
912 if (data_size != usable_leb_size) {
913 ubi_err(ubi, "bad data_size");
914 goto bad;
915 }
916 } else if (lnum > used_ebs - 1) {
917 ubi_err(ubi, "too high lnum");
918 goto bad;
919 }
920 } else {
921 if (copy_flag == 0) {
922 if (data_crc != 0) {
923 ubi_err(ubi, "non-zero data CRC");
924 goto bad;
925 }
926 if (data_size != 0) {
927 ubi_err(ubi, "non-zero data_size");
928 goto bad;
929 }
930 } else {
931 if (data_size == 0) {
932 ubi_err(ubi, "zero data_size of copy");
933 goto bad;
934 }
935 }
936 if (used_ebs != 0) {
937 ubi_err(ubi, "bad used_ebs");
938 goto bad;
939 }
940 }
941
942 return 0;
943
944bad:
945 ubi_err(ubi, "bad VID header");
946 ubi_dump_vid_hdr(vid_hdr);
947 dump_stack();
948 return 1;
949}
950
951/**
952 * ubi_io_read_vid_hdr - read and check a volume identifier header.
953 * @ubi: UBI device description object
954 * @pnum: physical eraseblock number to read from
955 * @vidb: the volume identifier buffer to store data in
956 * @verbose: be verbose if the header is corrupted or wasn't found
957 *
958 * This function reads the volume identifier header from physical eraseblock
959 * @pnum and stores it in @vidb. It also checks CRC checksum of the read
960 * volume identifier header. The error codes are the same as in
961 * 'ubi_io_read_ec_hdr()'.
962 *
963 * Note, the implementation of this function is also very similar to
964 * 'ubi_io_read_ec_hdr()', so refer commentaries in 'ubi_io_read_ec_hdr()'.
965 */
966int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum,
967 struct ubi_vid_io_buf *vidb, int verbose)
968{
969 int err, read_err;
970 uint32_t crc, magic, hdr_crc;
971 struct ubi_vid_hdr *vid_hdr = ubi_get_vid_hdr(vidb);
972 void *p = vidb->buffer;
973
974 dbg_io("read VID header from PEB %d", pnum);
975 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
976
977 read_err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
978 ubi->vid_hdr_shift + UBI_VID_HDR_SIZE);
979 if (read_err && read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
980 return read_err;
981
982 magic = be32_to_cpu(vid_hdr->magic);
983 if (magic != UBI_VID_HDR_MAGIC) {
984 if (mtd_is_eccerr(read_err))
985 return UBI_IO_BAD_HDR_EBADMSG;
986
987 if (ubi_check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) {
988 if (verbose)
989 ubi_warn(ubi, "no VID header found at PEB %d, only 0xFF bytes",
990 pnum);
991 dbg_bld("no VID header found at PEB %d, only 0xFF bytes",
992 pnum);
993 if (!read_err)
994 return UBI_IO_FF;
995 else
996 return UBI_IO_FF_BITFLIPS;
997 }
998
999 if (verbose) {
1000 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
1001 pnum, magic, UBI_VID_HDR_MAGIC);
1002 ubi_dump_vid_hdr(vid_hdr);
1003 }
1004 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
1005 pnum, magic, UBI_VID_HDR_MAGIC);
1006 return UBI_IO_BAD_HDR;
1007 }
1008
1009 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1010 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1011
1012 if (hdr_crc != crc) {
1013 if (verbose) {
1014 ubi_warn(ubi, "bad CRC at PEB %d, calculated %#08x, read %#08x",
1015 pnum, crc, hdr_crc);
1016 ubi_dump_vid_hdr(vid_hdr);
1017 }
1018 dbg_bld("bad CRC at PEB %d, calculated %#08x, read %#08x",
1019 pnum, crc, hdr_crc);
1020 if (!read_err)
1021 return UBI_IO_BAD_HDR;
1022 else
1023 return UBI_IO_BAD_HDR_EBADMSG;
1024 }
1025
1026 err = validate_vid_hdr(ubi, vid_hdr);
1027 if (err) {
1028 ubi_err(ubi, "validation failed for PEB %d", pnum);
1029 return -EINVAL;
1030 }
1031
1032 return read_err ? UBI_IO_BITFLIPS : 0;
1033}
1034
1035/**
1036 * ubi_io_write_vid_hdr - write a volume identifier header.
1037 * @ubi: UBI device description object
1038 * @pnum: the physical eraseblock number to write to
1039 * @vidb: the volume identifier buffer to write
1040 *
1041 * This function writes the volume identifier header described by @vid_hdr to
1042 * physical eraseblock @pnum. This function automatically fills the
1043 * @vidb->hdr->magic and the @vidb->hdr->version fields, as well as calculates
1044 * header CRC checksum and stores it at vidb->hdr->hdr_crc.
1045 *
1046 * This function returns zero in case of success and a negative error code in
1047 * case of failure. If %-EIO is returned, the physical eraseblock probably went
1048 * bad.
1049 */
1050int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum,
1051 struct ubi_vid_io_buf *vidb)
1052{
1053 struct ubi_vid_hdr *vid_hdr = ubi_get_vid_hdr(vidb);
1054 int err;
1055 uint32_t crc;
1056 void *p = vidb->buffer;
1057
1058 dbg_io("write VID header to PEB %d", pnum);
1059 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1060
1061 err = self_check_peb_ec_hdr(ubi, pnum);
1062 if (err)
1063 return err;
1064
1065 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC);
1066 vid_hdr->version = UBI_VERSION;
1067 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1068 vid_hdr->hdr_crc = cpu_to_be32(crc);
1069
1070 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1071 if (err)
1072 return err;
1073
1074 if (ubi_dbg_power_cut(ubi, POWER_CUT_VID_WRITE))
1075 return -EROFS;
1076
1077 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset,
1078 ubi->vid_hdr_alsize);
1079 return err;
1080}
1081
1082/**
1083 * self_check_not_bad - ensure that a physical eraseblock is not bad.
1084 * @ubi: UBI device description object
1085 * @pnum: physical eraseblock number to check
1086 *
1087 * This function returns zero if the physical eraseblock is good, %-EINVAL if
1088 * it is bad and a negative error code if an error occurred.
1089 */
1090static int self_check_not_bad(const struct ubi_device *ubi, int pnum)
1091{
1092 int err;
1093
1094 if (!ubi_dbg_chk_io(ubi))
1095 return 0;
1096
1097 err = ubi_io_is_bad(ubi, pnum);
1098 if (!err)
1099 return err;
1100
1101 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1102 dump_stack();
1103 return err > 0 ? -EINVAL : err;
1104}
1105
1106/**
1107 * self_check_ec_hdr - check if an erase counter header is all right.
1108 * @ubi: UBI device description object
1109 * @pnum: physical eraseblock number the erase counter header belongs to
1110 * @ec_hdr: the erase counter header to check
1111 *
1112 * This function returns zero if the erase counter header contains valid
1113 * values, and %-EINVAL if not.
1114 */
1115static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
1116 const struct ubi_ec_hdr *ec_hdr)
1117{
1118 int err;
1119 uint32_t magic;
1120
1121 if (!ubi_dbg_chk_io(ubi))
1122 return 0;
1123
1124 magic = be32_to_cpu(ec_hdr->magic);
1125 if (magic != UBI_EC_HDR_MAGIC) {
1126 ubi_err(ubi, "bad magic %#08x, must be %#08x",
1127 magic, UBI_EC_HDR_MAGIC);
1128 goto fail;
1129 }
1130
1131 err = validate_ec_hdr(ubi, ec_hdr);
1132 if (err) {
1133 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1134 goto fail;
1135 }
1136
1137 return 0;
1138
1139fail:
1140 ubi_dump_ec_hdr(ec_hdr);
1141 dump_stack();
1142 return -EINVAL;
1143}
1144
1145/**
1146 * self_check_peb_ec_hdr - check erase counter header.
1147 * @ubi: UBI device description object
1148 * @pnum: the physical eraseblock number to check
1149 *
1150 * This function returns zero if the erase counter header is all right and
1151 * a negative error code if not or if an error occurred.
1152 */
1153static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum)
1154{
1155 int err;
1156 uint32_t crc, hdr_crc;
1157 struct ubi_ec_hdr *ec_hdr;
1158
1159 if (!ubi_dbg_chk_io(ubi))
1160 return 0;
1161
1162 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS);
1163 if (!ec_hdr)
1164 return -ENOMEM;
1165
1166 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
1167 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1168 goto exit;
1169
1170 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
1171 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
1172 if (hdr_crc != crc) {
1173 ubi_err(ubi, "bad CRC, calculated %#08x, read %#08x",
1174 crc, hdr_crc);
1175 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1176 ubi_dump_ec_hdr(ec_hdr);
1177 dump_stack();
1178 err = -EINVAL;
1179 goto exit;
1180 }
1181
1182 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
1183
1184exit:
1185 kfree(ec_hdr);
1186 return err;
1187}
1188
1189/**
1190 * self_check_vid_hdr - check that a volume identifier header is all right.
1191 * @ubi: UBI device description object
1192 * @pnum: physical eraseblock number the volume identifier header belongs to
1193 * @vid_hdr: the volume identifier header to check
1194 *
1195 * This function returns zero if the volume identifier header is all right, and
1196 * %-EINVAL if not.
1197 */
1198static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
1199 const struct ubi_vid_hdr *vid_hdr)
1200{
1201 int err;
1202 uint32_t magic;
1203
1204 if (!ubi_dbg_chk_io(ubi))
1205 return 0;
1206
1207 magic = be32_to_cpu(vid_hdr->magic);
1208 if (magic != UBI_VID_HDR_MAGIC) {
1209 ubi_err(ubi, "bad VID header magic %#08x at PEB %d, must be %#08x",
1210 magic, pnum, UBI_VID_HDR_MAGIC);
1211 goto fail;
1212 }
1213
1214 err = validate_vid_hdr(ubi, vid_hdr);
1215 if (err) {
1216 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1217 goto fail;
1218 }
1219
1220 return err;
1221
1222fail:
1223 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1224 ubi_dump_vid_hdr(vid_hdr);
1225 dump_stack();
1226 return -EINVAL;
1227
1228}
1229
1230/**
1231 * self_check_peb_vid_hdr - check volume identifier header.
1232 * @ubi: UBI device description object
1233 * @pnum: the physical eraseblock number to check
1234 *
1235 * This function returns zero if the volume identifier header is all right,
1236 * and a negative error code if not or if an error occurred.
1237 */
1238static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum)
1239{
1240 int err;
1241 uint32_t crc, hdr_crc;
1242 struct ubi_vid_io_buf *vidb;
1243 struct ubi_vid_hdr *vid_hdr;
1244 void *p;
1245
1246 if (!ubi_dbg_chk_io(ubi))
1247 return 0;
1248
1249 vidb = ubi_alloc_vid_buf(ubi, GFP_NOFS);
1250 if (!vidb)
1251 return -ENOMEM;
1252
1253 vid_hdr = ubi_get_vid_hdr(vidb);
1254 p = vidb->buffer;
1255 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1256 ubi->vid_hdr_alsize);
1257 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1258 goto exit;
1259
1260 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1261 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1262 if (hdr_crc != crc) {
1263 ubi_err(ubi, "bad VID header CRC at PEB %d, calculated %#08x, read %#08x",
1264 pnum, crc, hdr_crc);
1265 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1266 ubi_dump_vid_hdr(vid_hdr);
1267 dump_stack();
1268 err = -EINVAL;
1269 goto exit;
1270 }
1271
1272 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1273
1274exit:
1275 ubi_free_vid_buf(vidb);
1276 return err;
1277}
1278
1279/**
1280 * self_check_write - make sure write succeeded.
1281 * @ubi: UBI device description object
1282 * @buf: buffer with data which were written
1283 * @pnum: physical eraseblock number the data were written to
1284 * @offset: offset within the physical eraseblock the data were written to
1285 * @len: how many bytes were written
1286 *
1287 * This functions reads data which were recently written and compares it with
1288 * the original data buffer - the data have to match. Returns zero if the data
1289 * match and a negative error code if not or in case of failure.
1290 */
1291static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
1292 int offset, int len)
1293{
1294 int err, i;
1295 size_t read;
1296 void *buf1;
1297 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1298
1299 if (!ubi_dbg_chk_io(ubi))
1300 return 0;
1301
1302 buf1 = __vmalloc(len, GFP_NOFS);
1303 if (!buf1) {
1304 ubi_err(ubi, "cannot allocate memory to check writes");
1305 return 0;
1306 }
1307
1308 err = mtd_read(ubi->mtd, addr, len, &read, buf1);
1309 if (err && !mtd_is_bitflip(err))
1310 goto out_free;
1311
1312 for (i = 0; i < len; i++) {
1313 uint8_t c = ((uint8_t *)buf)[i];
1314 uint8_t c1 = ((uint8_t *)buf1)[i];
1315 int dump_len;
1316
1317 if (c == c1)
1318 continue;
1319
1320 ubi_err(ubi, "self-check failed for PEB %d:%d, len %d",
1321 pnum, offset, len);
1322 ubi_msg(ubi, "data differ at position %d", i);
1323 dump_len = max_t(int, 128, len - i);
1324 ubi_msg(ubi, "hex dump of the original buffer from %d to %d",
1325 i, i + dump_len);
1326 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1327 buf + i, dump_len, 1);
1328 ubi_msg(ubi, "hex dump of the read buffer from %d to %d",
1329 i, i + dump_len);
1330 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1331 buf1 + i, dump_len, 1);
1332 dump_stack();
1333 err = -EINVAL;
1334 goto out_free;
1335 }
1336
1337 vfree(buf1);
1338 return 0;
1339
1340out_free:
1341 vfree(buf1);
1342 return err;
1343}
1344
1345/**
1346 * ubi_self_check_all_ff - check that a region of flash is empty.
1347 * @ubi: UBI device description object
1348 * @pnum: the physical eraseblock number to check
1349 * @offset: the starting offset within the physical eraseblock to check
1350 * @len: the length of the region to check
1351 *
1352 * This function returns zero if only 0xFF bytes are present at offset
1353 * @offset of the physical eraseblock @pnum, and a negative error code if not
1354 * or if an error occurred.
1355 */
1356int ubi_self_check_all_ff(struct ubi_device *ubi, int pnum, int offset, int len)
1357{
1358 size_t read;
1359 int err;
1360 void *buf;
1361 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1362
1363 if (!ubi_dbg_chk_io(ubi))
1364 return 0;
1365
1366 buf = __vmalloc(len, GFP_NOFS);
1367 if (!buf) {
1368 ubi_err(ubi, "cannot allocate memory to check for 0xFFs");
1369 return 0;
1370 }
1371
1372 err = mtd_read(ubi->mtd, addr, len, &read, buf);
1373 if (err && !mtd_is_bitflip(err)) {
1374 ubi_err(ubi, "err %d while reading %d bytes from PEB %d:%d, read %zd bytes",
1375 err, len, pnum, offset, read);
1376 goto error;
1377 }
1378
1379 err = ubi_check_pattern(buf, 0xFF, len);
1380 if (err == 0) {
1381 ubi_err(ubi, "flash region at PEB %d:%d, length %d does not contain all 0xFF bytes",
1382 pnum, offset, len);
1383 goto fail;
1384 }
1385
1386 vfree(buf);
1387 return 0;
1388
1389fail:
1390 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1391 ubi_msg(ubi, "hex dump of the %d-%d region", offset, offset + len);
1392 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1, buf, len, 1);
1393 err = -EINVAL;
1394error:
1395 dump_stack();
1396 vfree(buf);
1397 return err;
1398}
1/*
2 * Copyright (c) International Business Machines Corp., 2006
3 * Copyright (c) Nokia Corporation, 2006, 2007
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
13 * the GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 *
19 * Author: Artem Bityutskiy (Битюцкий Артём)
20 */
21
22/*
23 * UBI input/output sub-system.
24 *
25 * This sub-system provides a uniform way to work with all kinds of the
26 * underlying MTD devices. It also implements handy functions for reading and
27 * writing UBI headers.
28 *
29 * We are trying to have a paranoid mindset and not to trust to what we read
30 * from the flash media in order to be more secure and robust. So this
31 * sub-system validates every single header it reads from the flash media.
32 *
33 * Some words about how the eraseblock headers are stored.
34 *
35 * The erase counter header is always stored at offset zero. By default, the
36 * VID header is stored after the EC header at the closest aligned offset
37 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID
38 * header at the closest aligned offset. But this default layout may be
39 * changed. For example, for different reasons (e.g., optimization) UBI may be
40 * asked to put the VID header at further offset, and even at an unaligned
41 * offset. Of course, if the offset of the VID header is unaligned, UBI adds
42 * proper padding in front of it. Data offset may also be changed but it has to
43 * be aligned.
44 *
45 * About minimal I/O units. In general, UBI assumes flash device model where
46 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1,
47 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the
48 * @ubi->mtd->writesize field. But as an exception, UBI admits of using another
49 * (smaller) minimal I/O unit size for EC and VID headers to make it possible
50 * to do different optimizations.
51 *
52 * This is extremely useful in case of NAND flashes which admit of several
53 * write operations to one NAND page. In this case UBI can fit EC and VID
54 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal
55 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still
56 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI
57 * users.
58 *
59 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so
60 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID
61 * headers.
62 *
63 * Q: why not just to treat sub-page as a minimal I/O unit of this flash
64 * device, e.g., make @ubi->min_io_size = 512 in the example above?
65 *
66 * A: because when writing a sub-page, MTD still writes a full 2K page but the
67 * bytes which are not relevant to the sub-page are 0xFF. So, basically,
68 * writing 4x512 sub-pages is 4 times slower than writing one 2KiB NAND page.
69 * Thus, we prefer to use sub-pages only for EC and VID headers.
70 *
71 * As it was noted above, the VID header may start at a non-aligned offset.
72 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page,
73 * the VID header may reside at offset 1984 which is the last 64 bytes of the
74 * last sub-page (EC header is always at offset zero). This causes some
75 * difficulties when reading and writing VID headers.
76 *
77 * Suppose we have a 64-byte buffer and we read a VID header at it. We change
78 * the data and want to write this VID header out. As we can only write in
79 * 512-byte chunks, we have to allocate one more buffer and copy our VID header
80 * to offset 448 of this buffer.
81 *
82 * The I/O sub-system does the following trick in order to avoid this extra
83 * copy. It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID
84 * header and returns a pointer to offset @ubi->vid_hdr_shift of this buffer.
85 * When the VID header is being written out, it shifts the VID header pointer
86 * back and writes the whole sub-page.
87 */
88
89#include <linux/crc32.h>
90#include <linux/err.h>
91#include <linux/slab.h>
92#include "ubi.h"
93
94static int self_check_not_bad(const struct ubi_device *ubi, int pnum);
95static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum);
96static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
97 const struct ubi_ec_hdr *ec_hdr);
98static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum);
99static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
100 const struct ubi_vid_hdr *vid_hdr);
101static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
102 int offset, int len);
103
104/**
105 * ubi_io_read - read data from a physical eraseblock.
106 * @ubi: UBI device description object
107 * @buf: buffer where to store the read data
108 * @pnum: physical eraseblock number to read from
109 * @offset: offset within the physical eraseblock from where to read
110 * @len: how many bytes to read
111 *
112 * This function reads data from offset @offset of physical eraseblock @pnum
113 * and stores the read data in the @buf buffer. The following return codes are
114 * possible:
115 *
116 * o %0 if all the requested data were successfully read;
117 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but
118 * correctable bit-flips were detected; this is harmless but may indicate
119 * that this eraseblock may become bad soon (but do not have to);
120 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for
121 * example it can be an ECC error in case of NAND; this most probably means
122 * that the data is corrupted;
123 * o %-EIO if some I/O error occurred;
124 * o other negative error codes in case of other errors.
125 */
126int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset,
127 int len)
128{
129 int err, retries = 0;
130 size_t read;
131 loff_t addr;
132
133 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset);
134
135 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
136 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
137 ubi_assert(len > 0);
138
139 err = self_check_not_bad(ubi, pnum);
140 if (err)
141 return err;
142
143 /*
144 * Deliberately corrupt the buffer to improve robustness. Indeed, if we
145 * do not do this, the following may happen:
146 * 1. The buffer contains data from previous operation, e.g., read from
147 * another PEB previously. The data looks like expected, e.g., if we
148 * just do not read anything and return - the caller would not
149 * notice this. E.g., if we are reading a VID header, the buffer may
150 * contain a valid VID header from another PEB.
151 * 2. The driver is buggy and returns us success or -EBADMSG or
152 * -EUCLEAN, but it does not actually put any data to the buffer.
153 *
154 * This may confuse UBI or upper layers - they may think the buffer
155 * contains valid data while in fact it is just old data. This is
156 * especially possible because UBI (and UBIFS) relies on CRC, and
157 * treats data as correct even in case of ECC errors if the CRC is
158 * correct.
159 *
160 * Try to prevent this situation by changing the first byte of the
161 * buffer.
162 */
163 *((uint8_t *)buf) ^= 0xFF;
164
165 addr = (loff_t)pnum * ubi->peb_size + offset;
166retry:
167 err = mtd_read(ubi->mtd, addr, len, &read, buf);
168 if (err) {
169 const char *errstr = mtd_is_eccerr(err) ? " (ECC error)" : "";
170
171 if (mtd_is_bitflip(err)) {
172 /*
173 * -EUCLEAN is reported if there was a bit-flip which
174 * was corrected, so this is harmless.
175 *
176 * We do not report about it here unless debugging is
177 * enabled. A corresponding message will be printed
178 * later, when it is has been scrubbed.
179 */
180 ubi_msg(ubi, "fixable bit-flip detected at PEB %d",
181 pnum);
182 ubi_assert(len == read);
183 return UBI_IO_BITFLIPS;
184 }
185
186 if (retries++ < UBI_IO_RETRIES) {
187 ubi_warn(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read only %zd bytes, retry",
188 err, errstr, len, pnum, offset, read);
189 yield();
190 goto retry;
191 }
192
193 ubi_err(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read %zd bytes",
194 err, errstr, len, pnum, offset, read);
195 dump_stack();
196
197 /*
198 * The driver should never return -EBADMSG if it failed to read
199 * all the requested data. But some buggy drivers might do
200 * this, so we change it to -EIO.
201 */
202 if (read != len && mtd_is_eccerr(err)) {
203 ubi_assert(0);
204 err = -EIO;
205 }
206 } else {
207 ubi_assert(len == read);
208
209 if (ubi_dbg_is_bitflip(ubi)) {
210 dbg_gen("bit-flip (emulated)");
211 err = UBI_IO_BITFLIPS;
212 }
213 }
214
215 return err;
216}
217
218/**
219 * ubi_io_write - write data to a physical eraseblock.
220 * @ubi: UBI device description object
221 * @buf: buffer with the data to write
222 * @pnum: physical eraseblock number to write to
223 * @offset: offset within the physical eraseblock where to write
224 * @len: how many bytes to write
225 *
226 * This function writes @len bytes of data from buffer @buf to offset @offset
227 * of physical eraseblock @pnum. If all the data were successfully written,
228 * zero is returned. If an error occurred, this function returns a negative
229 * error code. If %-EIO is returned, the physical eraseblock most probably went
230 * bad.
231 *
232 * Note, in case of an error, it is possible that something was still written
233 * to the flash media, but may be some garbage.
234 */
235int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset,
236 int len)
237{
238 int err;
239 size_t written;
240 loff_t addr;
241
242 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset);
243
244 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
245 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
246 ubi_assert(offset % ubi->hdrs_min_io_size == 0);
247 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0);
248
249 if (ubi->ro_mode) {
250 ubi_err(ubi, "read-only mode");
251 return -EROFS;
252 }
253
254 err = self_check_not_bad(ubi, pnum);
255 if (err)
256 return err;
257
258 /* The area we are writing to has to contain all 0xFF bytes */
259 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
260 if (err)
261 return err;
262
263 if (offset >= ubi->leb_start) {
264 /*
265 * We write to the data area of the physical eraseblock. Make
266 * sure it has valid EC and VID headers.
267 */
268 err = self_check_peb_ec_hdr(ubi, pnum);
269 if (err)
270 return err;
271 err = self_check_peb_vid_hdr(ubi, pnum);
272 if (err)
273 return err;
274 }
275
276 if (ubi_dbg_is_write_failure(ubi)) {
277 ubi_err(ubi, "cannot write %d bytes to PEB %d:%d (emulated)",
278 len, pnum, offset);
279 dump_stack();
280 return -EIO;
281 }
282
283 addr = (loff_t)pnum * ubi->peb_size + offset;
284 err = mtd_write(ubi->mtd, addr, len, &written, buf);
285 if (err) {
286 ubi_err(ubi, "error %d while writing %d bytes to PEB %d:%d, written %zd bytes",
287 err, len, pnum, offset, written);
288 dump_stack();
289 ubi_dump_flash(ubi, pnum, offset, len);
290 } else
291 ubi_assert(written == len);
292
293 if (!err) {
294 err = self_check_write(ubi, buf, pnum, offset, len);
295 if (err)
296 return err;
297
298 /*
299 * Since we always write sequentially, the rest of the PEB has
300 * to contain only 0xFF bytes.
301 */
302 offset += len;
303 len = ubi->peb_size - offset;
304 if (len)
305 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
306 }
307
308 return err;
309}
310
311/**
312 * erase_callback - MTD erasure call-back.
313 * @ei: MTD erase information object.
314 *
315 * Note, even though MTD erase interface is asynchronous, all the current
316 * implementations are synchronous anyway.
317 */
318static void erase_callback(struct erase_info *ei)
319{
320 wake_up_interruptible((wait_queue_head_t *)ei->priv);
321}
322
323/**
324 * do_sync_erase - synchronously erase a physical eraseblock.
325 * @ubi: UBI device description object
326 * @pnum: the physical eraseblock number to erase
327 *
328 * This function synchronously erases physical eraseblock @pnum and returns
329 * zero in case of success and a negative error code in case of failure. If
330 * %-EIO is returned, the physical eraseblock most probably went bad.
331 */
332static int do_sync_erase(struct ubi_device *ubi, int pnum)
333{
334 int err, retries = 0;
335 struct erase_info ei;
336 wait_queue_head_t wq;
337
338 dbg_io("erase PEB %d", pnum);
339 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
340
341 if (ubi->ro_mode) {
342 ubi_err(ubi, "read-only mode");
343 return -EROFS;
344 }
345
346retry:
347 init_waitqueue_head(&wq);
348 memset(&ei, 0, sizeof(struct erase_info));
349
350 ei.mtd = ubi->mtd;
351 ei.addr = (loff_t)pnum * ubi->peb_size;
352 ei.len = ubi->peb_size;
353 ei.callback = erase_callback;
354 ei.priv = (unsigned long)&wq;
355
356 err = mtd_erase(ubi->mtd, &ei);
357 if (err) {
358 if (retries++ < UBI_IO_RETRIES) {
359 ubi_warn(ubi, "error %d while erasing PEB %d, retry",
360 err, pnum);
361 yield();
362 goto retry;
363 }
364 ubi_err(ubi, "cannot erase PEB %d, error %d", pnum, err);
365 dump_stack();
366 return err;
367 }
368
369 err = wait_event_interruptible(wq, ei.state == MTD_ERASE_DONE ||
370 ei.state == MTD_ERASE_FAILED);
371 if (err) {
372 ubi_err(ubi, "interrupted PEB %d erasure", pnum);
373 return -EINTR;
374 }
375
376 if (ei.state == MTD_ERASE_FAILED) {
377 if (retries++ < UBI_IO_RETRIES) {
378 ubi_warn(ubi, "error while erasing PEB %d, retry",
379 pnum);
380 yield();
381 goto retry;
382 }
383 ubi_err(ubi, "cannot erase PEB %d", pnum);
384 dump_stack();
385 return -EIO;
386 }
387
388 err = ubi_self_check_all_ff(ubi, pnum, 0, ubi->peb_size);
389 if (err)
390 return err;
391
392 if (ubi_dbg_is_erase_failure(ubi)) {
393 ubi_err(ubi, "cannot erase PEB %d (emulated)", pnum);
394 return -EIO;
395 }
396
397 return 0;
398}
399
400/* Patterns to write to a physical eraseblock when torturing it */
401static uint8_t patterns[] = {0xa5, 0x5a, 0x0};
402
403/**
404 * torture_peb - test a supposedly bad physical eraseblock.
405 * @ubi: UBI device description object
406 * @pnum: the physical eraseblock number to test
407 *
408 * This function returns %-EIO if the physical eraseblock did not pass the
409 * test, a positive number of erase operations done if the test was
410 * successfully passed, and other negative error codes in case of other errors.
411 */
412static int torture_peb(struct ubi_device *ubi, int pnum)
413{
414 int err, i, patt_count;
415
416 ubi_msg(ubi, "run torture test for PEB %d", pnum);
417 patt_count = ARRAY_SIZE(patterns);
418 ubi_assert(patt_count > 0);
419
420 mutex_lock(&ubi->buf_mutex);
421 for (i = 0; i < patt_count; i++) {
422 err = do_sync_erase(ubi, pnum);
423 if (err)
424 goto out;
425
426 /* Make sure the PEB contains only 0xFF bytes */
427 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
428 if (err)
429 goto out;
430
431 err = ubi_check_pattern(ubi->peb_buf, 0xFF, ubi->peb_size);
432 if (err == 0) {
433 ubi_err(ubi, "erased PEB %d, but a non-0xFF byte found",
434 pnum);
435 err = -EIO;
436 goto out;
437 }
438
439 /* Write a pattern and check it */
440 memset(ubi->peb_buf, patterns[i], ubi->peb_size);
441 err = ubi_io_write(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
442 if (err)
443 goto out;
444
445 memset(ubi->peb_buf, ~patterns[i], ubi->peb_size);
446 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
447 if (err)
448 goto out;
449
450 err = ubi_check_pattern(ubi->peb_buf, patterns[i],
451 ubi->peb_size);
452 if (err == 0) {
453 ubi_err(ubi, "pattern %x checking failed for PEB %d",
454 patterns[i], pnum);
455 err = -EIO;
456 goto out;
457 }
458 }
459
460 err = patt_count;
461 ubi_msg(ubi, "PEB %d passed torture test, do not mark it as bad", pnum);
462
463out:
464 mutex_unlock(&ubi->buf_mutex);
465 if (err == UBI_IO_BITFLIPS || mtd_is_eccerr(err)) {
466 /*
467 * If a bit-flip or data integrity error was detected, the test
468 * has not passed because it happened on a freshly erased
469 * physical eraseblock which means something is wrong with it.
470 */
471 ubi_err(ubi, "read problems on freshly erased PEB %d, must be bad",
472 pnum);
473 err = -EIO;
474 }
475 return err;
476}
477
478/**
479 * nor_erase_prepare - prepare a NOR flash PEB for erasure.
480 * @ubi: UBI device description object
481 * @pnum: physical eraseblock number to prepare
482 *
483 * NOR flash, or at least some of them, have peculiar embedded PEB erasure
484 * algorithm: the PEB is first filled with zeroes, then it is erased. And
485 * filling with zeroes starts from the end of the PEB. This was observed with
486 * Spansion S29GL512N NOR flash.
487 *
488 * This means that in case of a power cut we may end up with intact data at the
489 * beginning of the PEB, and all zeroes at the end of PEB. In other words, the
490 * EC and VID headers are OK, but a large chunk of data at the end of PEB is
491 * zeroed. This makes UBI mistakenly treat this PEB as used and associate it
492 * with an LEB, which leads to subsequent failures (e.g., UBIFS fails).
493 *
494 * This function is called before erasing NOR PEBs and it zeroes out EC and VID
495 * magic numbers in order to invalidate them and prevent the failures. Returns
496 * zero in case of success and a negative error code in case of failure.
497 */
498static int nor_erase_prepare(struct ubi_device *ubi, int pnum)
499{
500 int err;
501 size_t written;
502 loff_t addr;
503 uint32_t data = 0;
504 struct ubi_ec_hdr ec_hdr;
505
506 /*
507 * Note, we cannot generally define VID header buffers on stack,
508 * because of the way we deal with these buffers (see the header
509 * comment in this file). But we know this is a NOR-specific piece of
510 * code, so we can do this. But yes, this is error-prone and we should
511 * (pre-)allocate VID header buffer instead.
512 */
513 struct ubi_vid_hdr vid_hdr;
514
515 /*
516 * If VID or EC is valid, we have to corrupt them before erasing.
517 * It is important to first invalidate the EC header, and then the VID
518 * header. Otherwise a power cut may lead to valid EC header and
519 * invalid VID header, in which case UBI will treat this PEB as
520 * corrupted and will try to preserve it, and print scary warnings.
521 */
522 addr = (loff_t)pnum * ubi->peb_size;
523 err = ubi_io_read_ec_hdr(ubi, pnum, &ec_hdr, 0);
524 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
525 err != UBI_IO_FF){
526 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
527 if(err)
528 goto error;
529 }
530
531 err = ubi_io_read_vid_hdr(ubi, pnum, &vid_hdr, 0);
532 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
533 err != UBI_IO_FF){
534 addr += ubi->vid_hdr_aloffset;
535 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
536 if (err)
537 goto error;
538 }
539 return 0;
540
541error:
542 /*
543 * The PEB contains a valid VID or EC header, but we cannot invalidate
544 * it. Supposedly the flash media or the driver is screwed up, so
545 * return an error.
546 */
547 ubi_err(ubi, "cannot invalidate PEB %d, write returned %d", pnum, err);
548 ubi_dump_flash(ubi, pnum, 0, ubi->peb_size);
549 return -EIO;
550}
551
552/**
553 * ubi_io_sync_erase - synchronously erase a physical eraseblock.
554 * @ubi: UBI device description object
555 * @pnum: physical eraseblock number to erase
556 * @torture: if this physical eraseblock has to be tortured
557 *
558 * This function synchronously erases physical eraseblock @pnum. If @torture
559 * flag is not zero, the physical eraseblock is checked by means of writing
560 * different patterns to it and reading them back. If the torturing is enabled,
561 * the physical eraseblock is erased more than once.
562 *
563 * This function returns the number of erasures made in case of success, %-EIO
564 * if the erasure failed or the torturing test failed, and other negative error
565 * codes in case of other errors. Note, %-EIO means that the physical
566 * eraseblock is bad.
567 */
568int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture)
569{
570 int err, ret = 0;
571
572 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
573
574 err = self_check_not_bad(ubi, pnum);
575 if (err != 0)
576 return err;
577
578 if (ubi->ro_mode) {
579 ubi_err(ubi, "read-only mode");
580 return -EROFS;
581 }
582
583 if (ubi->nor_flash) {
584 err = nor_erase_prepare(ubi, pnum);
585 if (err)
586 return err;
587 }
588
589 if (torture) {
590 ret = torture_peb(ubi, pnum);
591 if (ret < 0)
592 return ret;
593 }
594
595 err = do_sync_erase(ubi, pnum);
596 if (err)
597 return err;
598
599 return ret + 1;
600}
601
602/**
603 * ubi_io_is_bad - check if a physical eraseblock is bad.
604 * @ubi: UBI device description object
605 * @pnum: the physical eraseblock number to check
606 *
607 * This function returns a positive number if the physical eraseblock is bad,
608 * zero if not, and a negative error code if an error occurred.
609 */
610int ubi_io_is_bad(const struct ubi_device *ubi, int pnum)
611{
612 struct mtd_info *mtd = ubi->mtd;
613
614 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
615
616 if (ubi->bad_allowed) {
617 int ret;
618
619 ret = mtd_block_isbad(mtd, (loff_t)pnum * ubi->peb_size);
620 if (ret < 0)
621 ubi_err(ubi, "error %d while checking if PEB %d is bad",
622 ret, pnum);
623 else if (ret)
624 dbg_io("PEB %d is bad", pnum);
625 return ret;
626 }
627
628 return 0;
629}
630
631/**
632 * ubi_io_mark_bad - mark a physical eraseblock as bad.
633 * @ubi: UBI device description object
634 * @pnum: the physical eraseblock number to mark
635 *
636 * This function returns zero in case of success and a negative error code in
637 * case of failure.
638 */
639int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum)
640{
641 int err;
642 struct mtd_info *mtd = ubi->mtd;
643
644 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
645
646 if (ubi->ro_mode) {
647 ubi_err(ubi, "read-only mode");
648 return -EROFS;
649 }
650
651 if (!ubi->bad_allowed)
652 return 0;
653
654 err = mtd_block_markbad(mtd, (loff_t)pnum * ubi->peb_size);
655 if (err)
656 ubi_err(ubi, "cannot mark PEB %d bad, error %d", pnum, err);
657 return err;
658}
659
660/**
661 * validate_ec_hdr - validate an erase counter header.
662 * @ubi: UBI device description object
663 * @ec_hdr: the erase counter header to check
664 *
665 * This function returns zero if the erase counter header is OK, and %1 if
666 * not.
667 */
668static int validate_ec_hdr(const struct ubi_device *ubi,
669 const struct ubi_ec_hdr *ec_hdr)
670{
671 long long ec;
672 int vid_hdr_offset, leb_start;
673
674 ec = be64_to_cpu(ec_hdr->ec);
675 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset);
676 leb_start = be32_to_cpu(ec_hdr->data_offset);
677
678 if (ec_hdr->version != UBI_VERSION) {
679 ubi_err(ubi, "node with incompatible UBI version found: this UBI version is %d, image version is %d",
680 UBI_VERSION, (int)ec_hdr->version);
681 goto bad;
682 }
683
684 if (vid_hdr_offset != ubi->vid_hdr_offset) {
685 ubi_err(ubi, "bad VID header offset %d, expected %d",
686 vid_hdr_offset, ubi->vid_hdr_offset);
687 goto bad;
688 }
689
690 if (leb_start != ubi->leb_start) {
691 ubi_err(ubi, "bad data offset %d, expected %d",
692 leb_start, ubi->leb_start);
693 goto bad;
694 }
695
696 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) {
697 ubi_err(ubi, "bad erase counter %lld", ec);
698 goto bad;
699 }
700
701 return 0;
702
703bad:
704 ubi_err(ubi, "bad EC header");
705 ubi_dump_ec_hdr(ec_hdr);
706 dump_stack();
707 return 1;
708}
709
710/**
711 * ubi_io_read_ec_hdr - read and check an erase counter header.
712 * @ubi: UBI device description object
713 * @pnum: physical eraseblock to read from
714 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter
715 * header
716 * @verbose: be verbose if the header is corrupted or was not found
717 *
718 * This function reads erase counter header from physical eraseblock @pnum and
719 * stores it in @ec_hdr. This function also checks CRC checksum of the read
720 * erase counter header. The following codes may be returned:
721 *
722 * o %0 if the CRC checksum is correct and the header was successfully read;
723 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected
724 * and corrected by the flash driver; this is harmless but may indicate that
725 * this eraseblock may become bad soon (but may be not);
726 * o %UBI_IO_BAD_HDR if the erase counter header is corrupted (a CRC error);
727 * o %UBI_IO_BAD_HDR_EBADMSG is the same as %UBI_IO_BAD_HDR, but there also was
728 * a data integrity error (uncorrectable ECC error in case of NAND);
729 * o %UBI_IO_FF if only 0xFF bytes were read (the PEB is supposedly empty)
730 * o a negative error code in case of failure.
731 */
732int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum,
733 struct ubi_ec_hdr *ec_hdr, int verbose)
734{
735 int err, read_err;
736 uint32_t crc, magic, hdr_crc;
737
738 dbg_io("read EC header from PEB %d", pnum);
739 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
740
741 read_err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
742 if (read_err) {
743 if (read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
744 return read_err;
745
746 /*
747 * We read all the data, but either a correctable bit-flip
748 * occurred, or MTD reported a data integrity error
749 * (uncorrectable ECC error in case of NAND). The former is
750 * harmless, the later may mean that the read data is
751 * corrupted. But we have a CRC check-sum and we will detect
752 * this. If the EC header is still OK, we just report this as
753 * there was a bit-flip, to force scrubbing.
754 */
755 }
756
757 magic = be32_to_cpu(ec_hdr->magic);
758 if (magic != UBI_EC_HDR_MAGIC) {
759 if (mtd_is_eccerr(read_err))
760 return UBI_IO_BAD_HDR_EBADMSG;
761
762 /*
763 * The magic field is wrong. Let's check if we have read all
764 * 0xFF. If yes, this physical eraseblock is assumed to be
765 * empty.
766 */
767 if (ubi_check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) {
768 /* The physical eraseblock is supposedly empty */
769 if (verbose)
770 ubi_warn(ubi, "no EC header found at PEB %d, only 0xFF bytes",
771 pnum);
772 dbg_bld("no EC header found at PEB %d, only 0xFF bytes",
773 pnum);
774 if (!read_err)
775 return UBI_IO_FF;
776 else
777 return UBI_IO_FF_BITFLIPS;
778 }
779
780 /*
781 * This is not a valid erase counter header, and these are not
782 * 0xFF bytes. Report that the header is corrupted.
783 */
784 if (verbose) {
785 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
786 pnum, magic, UBI_EC_HDR_MAGIC);
787 ubi_dump_ec_hdr(ec_hdr);
788 }
789 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
790 pnum, magic, UBI_EC_HDR_MAGIC);
791 return UBI_IO_BAD_HDR;
792 }
793
794 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
795 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
796
797 if (hdr_crc != crc) {
798 if (verbose) {
799 ubi_warn(ubi, "bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
800 pnum, crc, hdr_crc);
801 ubi_dump_ec_hdr(ec_hdr);
802 }
803 dbg_bld("bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
804 pnum, crc, hdr_crc);
805
806 if (!read_err)
807 return UBI_IO_BAD_HDR;
808 else
809 return UBI_IO_BAD_HDR_EBADMSG;
810 }
811
812 /* And of course validate what has just been read from the media */
813 err = validate_ec_hdr(ubi, ec_hdr);
814 if (err) {
815 ubi_err(ubi, "validation failed for PEB %d", pnum);
816 return -EINVAL;
817 }
818
819 /*
820 * If there was %-EBADMSG, but the header CRC is still OK, report about
821 * a bit-flip to force scrubbing on this PEB.
822 */
823 return read_err ? UBI_IO_BITFLIPS : 0;
824}
825
826/**
827 * ubi_io_write_ec_hdr - write an erase counter header.
828 * @ubi: UBI device description object
829 * @pnum: physical eraseblock to write to
830 * @ec_hdr: the erase counter header to write
831 *
832 * This function writes erase counter header described by @ec_hdr to physical
833 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so
834 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec
835 * field.
836 *
837 * This function returns zero in case of success and a negative error code in
838 * case of failure. If %-EIO is returned, the physical eraseblock most probably
839 * went bad.
840 */
841int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum,
842 struct ubi_ec_hdr *ec_hdr)
843{
844 int err;
845 uint32_t crc;
846
847 dbg_io("write EC header to PEB %d", pnum);
848 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
849
850 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC);
851 ec_hdr->version = UBI_VERSION;
852 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset);
853 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start);
854 ec_hdr->image_seq = cpu_to_be32(ubi->image_seq);
855 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
856 ec_hdr->hdr_crc = cpu_to_be32(crc);
857
858 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
859 if (err)
860 return err;
861
862 if (ubi_dbg_power_cut(ubi, POWER_CUT_EC_WRITE))
863 return -EROFS;
864
865 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize);
866 return err;
867}
868
869/**
870 * validate_vid_hdr - validate a volume identifier header.
871 * @ubi: UBI device description object
872 * @vid_hdr: the volume identifier header to check
873 *
874 * This function checks that data stored in the volume identifier header
875 * @vid_hdr. Returns zero if the VID header is OK and %1 if not.
876 */
877static int validate_vid_hdr(const struct ubi_device *ubi,
878 const struct ubi_vid_hdr *vid_hdr)
879{
880 int vol_type = vid_hdr->vol_type;
881 int copy_flag = vid_hdr->copy_flag;
882 int vol_id = be32_to_cpu(vid_hdr->vol_id);
883 int lnum = be32_to_cpu(vid_hdr->lnum);
884 int compat = vid_hdr->compat;
885 int data_size = be32_to_cpu(vid_hdr->data_size);
886 int used_ebs = be32_to_cpu(vid_hdr->used_ebs);
887 int data_pad = be32_to_cpu(vid_hdr->data_pad);
888 int data_crc = be32_to_cpu(vid_hdr->data_crc);
889 int usable_leb_size = ubi->leb_size - data_pad;
890
891 if (copy_flag != 0 && copy_flag != 1) {
892 ubi_err(ubi, "bad copy_flag");
893 goto bad;
894 }
895
896 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 ||
897 data_pad < 0) {
898 ubi_err(ubi, "negative values");
899 goto bad;
900 }
901
902 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) {
903 ubi_err(ubi, "bad vol_id");
904 goto bad;
905 }
906
907 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) {
908 ubi_err(ubi, "bad compat");
909 goto bad;
910 }
911
912 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE &&
913 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE &&
914 compat != UBI_COMPAT_REJECT) {
915 ubi_err(ubi, "bad compat");
916 goto bad;
917 }
918
919 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) {
920 ubi_err(ubi, "bad vol_type");
921 goto bad;
922 }
923
924 if (data_pad >= ubi->leb_size / 2) {
925 ubi_err(ubi, "bad data_pad");
926 goto bad;
927 }
928
929 if (data_size > ubi->leb_size) {
930 ubi_err(ubi, "bad data_size");
931 goto bad;
932 }
933
934 if (vol_type == UBI_VID_STATIC) {
935 /*
936 * Although from high-level point of view static volumes may
937 * contain zero bytes of data, but no VID headers can contain
938 * zero at these fields, because they empty volumes do not have
939 * mapped logical eraseblocks.
940 */
941 if (used_ebs == 0) {
942 ubi_err(ubi, "zero used_ebs");
943 goto bad;
944 }
945 if (data_size == 0) {
946 ubi_err(ubi, "zero data_size");
947 goto bad;
948 }
949 if (lnum < used_ebs - 1) {
950 if (data_size != usable_leb_size) {
951 ubi_err(ubi, "bad data_size");
952 goto bad;
953 }
954 } else if (lnum == used_ebs - 1) {
955 if (data_size == 0) {
956 ubi_err(ubi, "bad data_size at last LEB");
957 goto bad;
958 }
959 } else {
960 ubi_err(ubi, "too high lnum");
961 goto bad;
962 }
963 } else {
964 if (copy_flag == 0) {
965 if (data_crc != 0) {
966 ubi_err(ubi, "non-zero data CRC");
967 goto bad;
968 }
969 if (data_size != 0) {
970 ubi_err(ubi, "non-zero data_size");
971 goto bad;
972 }
973 } else {
974 if (data_size == 0) {
975 ubi_err(ubi, "zero data_size of copy");
976 goto bad;
977 }
978 }
979 if (used_ebs != 0) {
980 ubi_err(ubi, "bad used_ebs");
981 goto bad;
982 }
983 }
984
985 return 0;
986
987bad:
988 ubi_err(ubi, "bad VID header");
989 ubi_dump_vid_hdr(vid_hdr);
990 dump_stack();
991 return 1;
992}
993
994/**
995 * ubi_io_read_vid_hdr - read and check a volume identifier header.
996 * @ubi: UBI device description object
997 * @pnum: physical eraseblock number to read from
998 * @vid_hdr: &struct ubi_vid_hdr object where to store the read volume
999 * identifier header
1000 * @verbose: be verbose if the header is corrupted or wasn't found
1001 *
1002 * This function reads the volume identifier header from physical eraseblock
1003 * @pnum and stores it in @vid_hdr. It also checks CRC checksum of the read
1004 * volume identifier header. The error codes are the same as in
1005 * 'ubi_io_read_ec_hdr()'.
1006 *
1007 * Note, the implementation of this function is also very similar to
1008 * 'ubi_io_read_ec_hdr()', so refer commentaries in 'ubi_io_read_ec_hdr()'.
1009 */
1010int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum,
1011 struct ubi_vid_hdr *vid_hdr, int verbose)
1012{
1013 int err, read_err;
1014 uint32_t crc, magic, hdr_crc;
1015 void *p;
1016
1017 dbg_io("read VID header from PEB %d", pnum);
1018 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1019
1020 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1021 read_err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1022 ubi->vid_hdr_alsize);
1023 if (read_err && read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
1024 return read_err;
1025
1026 magic = be32_to_cpu(vid_hdr->magic);
1027 if (magic != UBI_VID_HDR_MAGIC) {
1028 if (mtd_is_eccerr(read_err))
1029 return UBI_IO_BAD_HDR_EBADMSG;
1030
1031 if (ubi_check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) {
1032 if (verbose)
1033 ubi_warn(ubi, "no VID header found at PEB %d, only 0xFF bytes",
1034 pnum);
1035 dbg_bld("no VID header found at PEB %d, only 0xFF bytes",
1036 pnum);
1037 if (!read_err)
1038 return UBI_IO_FF;
1039 else
1040 return UBI_IO_FF_BITFLIPS;
1041 }
1042
1043 if (verbose) {
1044 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
1045 pnum, magic, UBI_VID_HDR_MAGIC);
1046 ubi_dump_vid_hdr(vid_hdr);
1047 }
1048 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
1049 pnum, magic, UBI_VID_HDR_MAGIC);
1050 return UBI_IO_BAD_HDR;
1051 }
1052
1053 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1054 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1055
1056 if (hdr_crc != crc) {
1057 if (verbose) {
1058 ubi_warn(ubi, "bad CRC at PEB %d, calculated %#08x, read %#08x",
1059 pnum, crc, hdr_crc);
1060 ubi_dump_vid_hdr(vid_hdr);
1061 }
1062 dbg_bld("bad CRC at PEB %d, calculated %#08x, read %#08x",
1063 pnum, crc, hdr_crc);
1064 if (!read_err)
1065 return UBI_IO_BAD_HDR;
1066 else
1067 return UBI_IO_BAD_HDR_EBADMSG;
1068 }
1069
1070 err = validate_vid_hdr(ubi, vid_hdr);
1071 if (err) {
1072 ubi_err(ubi, "validation failed for PEB %d", pnum);
1073 return -EINVAL;
1074 }
1075
1076 return read_err ? UBI_IO_BITFLIPS : 0;
1077}
1078
1079/**
1080 * ubi_io_write_vid_hdr - write a volume identifier header.
1081 * @ubi: UBI device description object
1082 * @pnum: the physical eraseblock number to write to
1083 * @vid_hdr: the volume identifier header to write
1084 *
1085 * This function writes the volume identifier header described by @vid_hdr to
1086 * physical eraseblock @pnum. This function automatically fills the
1087 * @vid_hdr->magic and the @vid_hdr->version fields, as well as calculates
1088 * header CRC checksum and stores it at vid_hdr->hdr_crc.
1089 *
1090 * This function returns zero in case of success and a negative error code in
1091 * case of failure. If %-EIO is returned, the physical eraseblock probably went
1092 * bad.
1093 */
1094int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum,
1095 struct ubi_vid_hdr *vid_hdr)
1096{
1097 int err;
1098 uint32_t crc;
1099 void *p;
1100
1101 dbg_io("write VID header to PEB %d", pnum);
1102 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1103
1104 err = self_check_peb_ec_hdr(ubi, pnum);
1105 if (err)
1106 return err;
1107
1108 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC);
1109 vid_hdr->version = UBI_VERSION;
1110 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1111 vid_hdr->hdr_crc = cpu_to_be32(crc);
1112
1113 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1114 if (err)
1115 return err;
1116
1117 if (ubi_dbg_power_cut(ubi, POWER_CUT_VID_WRITE))
1118 return -EROFS;
1119
1120 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1121 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset,
1122 ubi->vid_hdr_alsize);
1123 return err;
1124}
1125
1126/**
1127 * self_check_not_bad - ensure that a physical eraseblock is not bad.
1128 * @ubi: UBI device description object
1129 * @pnum: physical eraseblock number to check
1130 *
1131 * This function returns zero if the physical eraseblock is good, %-EINVAL if
1132 * it is bad and a negative error code if an error occurred.
1133 */
1134static int self_check_not_bad(const struct ubi_device *ubi, int pnum)
1135{
1136 int err;
1137
1138 if (!ubi_dbg_chk_io(ubi))
1139 return 0;
1140
1141 err = ubi_io_is_bad(ubi, pnum);
1142 if (!err)
1143 return err;
1144
1145 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1146 dump_stack();
1147 return err > 0 ? -EINVAL : err;
1148}
1149
1150/**
1151 * self_check_ec_hdr - check if an erase counter header is all right.
1152 * @ubi: UBI device description object
1153 * @pnum: physical eraseblock number the erase counter header belongs to
1154 * @ec_hdr: the erase counter header to check
1155 *
1156 * This function returns zero if the erase counter header contains valid
1157 * values, and %-EINVAL if not.
1158 */
1159static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
1160 const struct ubi_ec_hdr *ec_hdr)
1161{
1162 int err;
1163 uint32_t magic;
1164
1165 if (!ubi_dbg_chk_io(ubi))
1166 return 0;
1167
1168 magic = be32_to_cpu(ec_hdr->magic);
1169 if (magic != UBI_EC_HDR_MAGIC) {
1170 ubi_err(ubi, "bad magic %#08x, must be %#08x",
1171 magic, UBI_EC_HDR_MAGIC);
1172 goto fail;
1173 }
1174
1175 err = validate_ec_hdr(ubi, ec_hdr);
1176 if (err) {
1177 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1178 goto fail;
1179 }
1180
1181 return 0;
1182
1183fail:
1184 ubi_dump_ec_hdr(ec_hdr);
1185 dump_stack();
1186 return -EINVAL;
1187}
1188
1189/**
1190 * self_check_peb_ec_hdr - check erase counter header.
1191 * @ubi: UBI device description object
1192 * @pnum: the physical eraseblock number to check
1193 *
1194 * This function returns zero if the erase counter header is all right and and
1195 * a negative error code if not or if an error occurred.
1196 */
1197static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum)
1198{
1199 int err;
1200 uint32_t crc, hdr_crc;
1201 struct ubi_ec_hdr *ec_hdr;
1202
1203 if (!ubi_dbg_chk_io(ubi))
1204 return 0;
1205
1206 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS);
1207 if (!ec_hdr)
1208 return -ENOMEM;
1209
1210 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
1211 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1212 goto exit;
1213
1214 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
1215 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
1216 if (hdr_crc != crc) {
1217 ubi_err(ubi, "bad CRC, calculated %#08x, read %#08x",
1218 crc, hdr_crc);
1219 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1220 ubi_dump_ec_hdr(ec_hdr);
1221 dump_stack();
1222 err = -EINVAL;
1223 goto exit;
1224 }
1225
1226 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
1227
1228exit:
1229 kfree(ec_hdr);
1230 return err;
1231}
1232
1233/**
1234 * self_check_vid_hdr - check that a volume identifier header is all right.
1235 * @ubi: UBI device description object
1236 * @pnum: physical eraseblock number the volume identifier header belongs to
1237 * @vid_hdr: the volume identifier header to check
1238 *
1239 * This function returns zero if the volume identifier header is all right, and
1240 * %-EINVAL if not.
1241 */
1242static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
1243 const struct ubi_vid_hdr *vid_hdr)
1244{
1245 int err;
1246 uint32_t magic;
1247
1248 if (!ubi_dbg_chk_io(ubi))
1249 return 0;
1250
1251 magic = be32_to_cpu(vid_hdr->magic);
1252 if (magic != UBI_VID_HDR_MAGIC) {
1253 ubi_err(ubi, "bad VID header magic %#08x at PEB %d, must be %#08x",
1254 magic, pnum, UBI_VID_HDR_MAGIC);
1255 goto fail;
1256 }
1257
1258 err = validate_vid_hdr(ubi, vid_hdr);
1259 if (err) {
1260 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1261 goto fail;
1262 }
1263
1264 return err;
1265
1266fail:
1267 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1268 ubi_dump_vid_hdr(vid_hdr);
1269 dump_stack();
1270 return -EINVAL;
1271
1272}
1273
1274/**
1275 * self_check_peb_vid_hdr - check volume identifier header.
1276 * @ubi: UBI device description object
1277 * @pnum: the physical eraseblock number to check
1278 *
1279 * This function returns zero if the volume identifier header is all right,
1280 * and a negative error code if not or if an error occurred.
1281 */
1282static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum)
1283{
1284 int err;
1285 uint32_t crc, hdr_crc;
1286 struct ubi_vid_hdr *vid_hdr;
1287 void *p;
1288
1289 if (!ubi_dbg_chk_io(ubi))
1290 return 0;
1291
1292 vid_hdr = ubi_zalloc_vid_hdr(ubi, GFP_NOFS);
1293 if (!vid_hdr)
1294 return -ENOMEM;
1295
1296 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1297 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1298 ubi->vid_hdr_alsize);
1299 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1300 goto exit;
1301
1302 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1303 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1304 if (hdr_crc != crc) {
1305 ubi_err(ubi, "bad VID header CRC at PEB %d, calculated %#08x, read %#08x",
1306 pnum, crc, hdr_crc);
1307 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1308 ubi_dump_vid_hdr(vid_hdr);
1309 dump_stack();
1310 err = -EINVAL;
1311 goto exit;
1312 }
1313
1314 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1315
1316exit:
1317 ubi_free_vid_hdr(ubi, vid_hdr);
1318 return err;
1319}
1320
1321/**
1322 * self_check_write - make sure write succeeded.
1323 * @ubi: UBI device description object
1324 * @buf: buffer with data which were written
1325 * @pnum: physical eraseblock number the data were written to
1326 * @offset: offset within the physical eraseblock the data were written to
1327 * @len: how many bytes were written
1328 *
1329 * This functions reads data which were recently written and compares it with
1330 * the original data buffer - the data have to match. Returns zero if the data
1331 * match and a negative error code if not or in case of failure.
1332 */
1333static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
1334 int offset, int len)
1335{
1336 int err, i;
1337 size_t read;
1338 void *buf1;
1339 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1340
1341 if (!ubi_dbg_chk_io(ubi))
1342 return 0;
1343
1344 buf1 = __vmalloc(len, GFP_NOFS, PAGE_KERNEL);
1345 if (!buf1) {
1346 ubi_err(ubi, "cannot allocate memory to check writes");
1347 return 0;
1348 }
1349
1350 err = mtd_read(ubi->mtd, addr, len, &read, buf1);
1351 if (err && !mtd_is_bitflip(err))
1352 goto out_free;
1353
1354 for (i = 0; i < len; i++) {
1355 uint8_t c = ((uint8_t *)buf)[i];
1356 uint8_t c1 = ((uint8_t *)buf1)[i];
1357 int dump_len;
1358
1359 if (c == c1)
1360 continue;
1361
1362 ubi_err(ubi, "self-check failed for PEB %d:%d, len %d",
1363 pnum, offset, len);
1364 ubi_msg(ubi, "data differ at position %d", i);
1365 dump_len = max_t(int, 128, len - i);
1366 ubi_msg(ubi, "hex dump of the original buffer from %d to %d",
1367 i, i + dump_len);
1368 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1369 buf + i, dump_len, 1);
1370 ubi_msg(ubi, "hex dump of the read buffer from %d to %d",
1371 i, i + dump_len);
1372 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1373 buf1 + i, dump_len, 1);
1374 dump_stack();
1375 err = -EINVAL;
1376 goto out_free;
1377 }
1378
1379 vfree(buf1);
1380 return 0;
1381
1382out_free:
1383 vfree(buf1);
1384 return err;
1385}
1386
1387/**
1388 * ubi_self_check_all_ff - check that a region of flash is empty.
1389 * @ubi: UBI device description object
1390 * @pnum: the physical eraseblock number to check
1391 * @offset: the starting offset within the physical eraseblock to check
1392 * @len: the length of the region to check
1393 *
1394 * This function returns zero if only 0xFF bytes are present at offset
1395 * @offset of the physical eraseblock @pnum, and a negative error code if not
1396 * or if an error occurred.
1397 */
1398int ubi_self_check_all_ff(struct ubi_device *ubi, int pnum, int offset, int len)
1399{
1400 size_t read;
1401 int err;
1402 void *buf;
1403 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1404
1405 if (!ubi_dbg_chk_io(ubi))
1406 return 0;
1407
1408 buf = __vmalloc(len, GFP_NOFS, PAGE_KERNEL);
1409 if (!buf) {
1410 ubi_err(ubi, "cannot allocate memory to check for 0xFFs");
1411 return 0;
1412 }
1413
1414 err = mtd_read(ubi->mtd, addr, len, &read, buf);
1415 if (err && !mtd_is_bitflip(err)) {
1416 ubi_err(ubi, "err %d while reading %d bytes from PEB %d:%d, read %zd bytes",
1417 err, len, pnum, offset, read);
1418 goto error;
1419 }
1420
1421 err = ubi_check_pattern(buf, 0xFF, len);
1422 if (err == 0) {
1423 ubi_err(ubi, "flash region at PEB %d:%d, length %d does not contain all 0xFF bytes",
1424 pnum, offset, len);
1425 goto fail;
1426 }
1427
1428 vfree(buf);
1429 return 0;
1430
1431fail:
1432 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1433 ubi_msg(ubi, "hex dump of the %d-%d region", offset, offset + len);
1434 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1, buf, len, 1);
1435 err = -EINVAL;
1436error:
1437 dump_stack();
1438 vfree(buf);
1439 return err;
1440}