1 /*
2 * Copyright (c) International Business Machines Corp., 2006
3 * Copyright (c) Nokia Corporation, 2006, 2007
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
13 * the GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 *
19 * Author: Artem Bityutskiy (Битюцкий Артём)
20 */
21
22 /*
23 * UBI input/output sub-system.
24 *
25 * This sub-system provides a uniform way to work with all kinds of the
26 * underlying MTD devices. It also implements handy functions for reading and
27 * writing UBI headers.
28 *
29 * We are trying to have a paranoid mindset and not to trust to what we read
30 * from the flash media in order to be more secure and robust. So this
31 * sub-system validates every single header it reads from the flash media.
32 *
33 * Some words about how the eraseblock headers are stored.
34 *
35 * The erase counter header is always stored at offset zero. By default, the
36 * VID header is stored after the EC header at the closest aligned offset
37 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID
38 * header at the closest aligned offset. But this default layout may be
39 * changed. For example, for different reasons (e.g., optimization) UBI may be
40 * asked to put the VID header at further offset, and even at an unaligned
41 * offset. Of course, if the offset of the VID header is unaligned, UBI adds
42 * proper padding in front of it. Data offset may also be changed but it has to
43 * be aligned.
44 *
45 * About minimal I/O units. In general, UBI assumes flash device model where
46 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1,
47 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the
48 * @ubi->mtd->writesize field. But as an exception, UBI admits use of another
49 * (smaller) minimal I/O unit size for EC and VID headers to make it possible
50 * to do different optimizations.
51 *
52 * This is extremely useful in case of NAND flashes which admit of several
53 * write operations to one NAND page. In this case UBI can fit EC and VID
54 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal
55 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still
56 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI
57 * users.
58 *
59 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so
60 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID
61 * headers.
62 *
63 * Q: why not just to treat sub-page as a minimal I/O unit of this flash
64 * device, e.g., make @ubi->min_io_size = 512 in the example above?
65 *
66 * A: because when writing a sub-page, MTD still writes a full 2K page but the
67 * bytes which are not relevant to the sub-page are 0xFF. So, basically,
68 * writing 4x512 sub-pages is 4 times slower than writing one 2KiB NAND page.
69 * Thus, we prefer to use sub-pages only for EC and VID headers.
70 *
71 * As it was noted above, the VID header may start at a non-aligned offset.
72 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page,
73 * the VID header may reside at offset 1984 which is the last 64 bytes of the
74 * last sub-page (EC header is always at offset zero). This causes some
75 * difficulties when reading and writing VID headers.
76 *
77 * Suppose we have a 64-byte buffer and we read a VID header at it. We change
78 * the data and want to write this VID header out. As we can only write in
79 * 512-byte chunks, we have to allocate one more buffer and copy our VID header
80 * to offset 448 of this buffer.
81 *
82 * The I/O sub-system does the following trick in order to avoid this extra
83 * copy. It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID
84 * header and returns a pointer to offset @ubi->vid_hdr_shift of this buffer.
85 * When the VID header is being written out, it shifts the VID header pointer
86 * back and writes the whole sub-page.
87 */
88
89 #include <linux/crc32.h>
90 #include <linux/err.h>
91 #include <linux/slab.h>
92 #include "ubi.h"
93
94 static int self_check_not_bad(const struct ubi_device *ubi, int pnum);
95 static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum);
96 static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
97 const struct ubi_ec_hdr *ec_hdr);
98 static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum);
99 static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
100 const struct ubi_vid_hdr *vid_hdr);
101 static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
102 int offset, int len);
103
104 /**
105 * ubi_io_read - read data from a physical eraseblock.
106 * @ubi: UBI device description object
107 * @buf: buffer where to store the read data
108 * @pnum: physical eraseblock number to read from
109 * @offset: offset within the physical eraseblock from where to read
110 * @len: how many bytes to read
111 *
112 * This function reads data from offset @offset of physical eraseblock @pnum
113 * and stores the read data in the @buf buffer. The following return codes are
114 * possible:
115 *
116 * o %0 if all the requested data were successfully read;
117 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but
118 * correctable bit-flips were detected; this is harmless but may indicate
119 * that this eraseblock may become bad soon (but do not have to);
120 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for
121 * example it can be an ECC error in case of NAND; this most probably means
122 * that the data is corrupted;
123 * o %-EIO if some I/O error occurred;
124 * o other negative error codes in case of other errors.
125 */
ubi_io_read(const struct ubi_device * ubi,void * buf,int pnum,int offset,int len)126 int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset,
127 int len)
128 {
129 int err, retries = 0;
130 size_t read;
131 loff_t addr;
132
133 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset);
134
135 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
136 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
137 ubi_assert(len > 0);
138
139 err = self_check_not_bad(ubi, pnum);
140 if (err)
141 return err;
142
143 /*
144 * Deliberately corrupt the buffer to improve robustness. Indeed, if we
145 * do not do this, the following may happen:
146 * 1. The buffer contains data from previous operation, e.g., read from
147 * another PEB previously. The data looks like expected, e.g., if we
148 * just do not read anything and return - the caller would not
149 * notice this. E.g., if we are reading a VID header, the buffer may
150 * contain a valid VID header from another PEB.
151 * 2. The driver is buggy and returns us success or -EBADMSG or
152 * -EUCLEAN, but it does not actually put any data to the buffer.
153 *
154 * This may confuse UBI or upper layers - they may think the buffer
155 * contains valid data while in fact it is just old data. This is
156 * especially possible because UBI (and UBIFS) relies on CRC, and
157 * treats data as correct even in case of ECC errors if the CRC is
158 * correct.
159 *
160 * Try to prevent this situation by changing the first byte of the
161 * buffer.
162 */
163 *((uint8_t *)buf) ^= 0xFF;
164
165 addr = (loff_t)pnum * ubi->peb_size + offset;
166 retry:
167 err = mtd_read(ubi->mtd, addr, len, &read, buf);
168 if (err) {
169 const char *errstr = mtd_is_eccerr(err) ? " (ECC error)" : "";
170
171 if (mtd_is_bitflip(err)) {
172 /*
173 * -EUCLEAN is reported if there was a bit-flip which
174 * was corrected, so this is harmless.
175 *
176 * We do not report about it here unless debugging is
177 * enabled. A corresponding message will be printed
178 * later, when it is has been scrubbed.
179 */
180 ubi_msg(ubi, "fixable bit-flip detected at PEB %d",
181 pnum);
182 ubi_assert(len == read);
183 return UBI_IO_BITFLIPS;
184 }
185
186 if (retries++ < UBI_IO_RETRIES) {
187 ubi_warn(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read only %zd bytes, retry",
188 err, errstr, len, pnum, offset, read);
189 yield();
190 goto retry;
191 }
192
193 ubi_err(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read %zd bytes",
194 err, errstr, len, pnum, offset, read);
195 dump_stack();
196
197 /*
198 * The driver should never return -EBADMSG if it failed to read
199 * all the requested data. But some buggy drivers might do
200 * this, so we change it to -EIO.
201 */
202 if (read != len && mtd_is_eccerr(err)) {
203 ubi_assert(0);
204 err = -EIO;
205 }
206 } else {
207 ubi_assert(len == read);
208
209 if (ubi_dbg_is_bitflip(ubi)) {
210 dbg_gen("bit-flip (emulated)");
211 err = UBI_IO_BITFLIPS;
212 }
213 }
214
215 return err;
216 }
217
218 /**
219 * ubi_io_write - write data to a physical eraseblock.
220 * @ubi: UBI device description object
221 * @buf: buffer with the data to write
222 * @pnum: physical eraseblock number to write to
223 * @offset: offset within the physical eraseblock where to write
224 * @len: how many bytes to write
225 *
226 * This function writes @len bytes of data from buffer @buf to offset @offset
227 * of physical eraseblock @pnum. If all the data were successfully written,
228 * zero is returned. If an error occurred, this function returns a negative
229 * error code. If %-EIO is returned, the physical eraseblock most probably went
230 * bad.
231 *
232 * Note, in case of an error, it is possible that something was still written
233 * to the flash media, but may be some garbage.
234 */
ubi_io_write(struct ubi_device * ubi,const void * buf,int pnum,int offset,int len)235 int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset,
236 int len)
237 {
238 int err;
239 size_t written;
240 loff_t addr;
241
242 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset);
243
244 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
245 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
246 ubi_assert(offset % ubi->hdrs_min_io_size == 0);
247 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0);
248
249 if (ubi->ro_mode) {
250 ubi_err(ubi, "read-only mode");
251 return -EROFS;
252 }
253
254 err = self_check_not_bad(ubi, pnum);
255 if (err)
256 return err;
257
258 /* The area we are writing to has to contain all 0xFF bytes */
259 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
260 if (err)
261 return err;
262
263 if (offset >= ubi->leb_start) {
264 /*
265 * We write to the data area of the physical eraseblock. Make
266 * sure it has valid EC and VID headers.
267 */
268 err = self_check_peb_ec_hdr(ubi, pnum);
269 if (err)
270 return err;
271 err = self_check_peb_vid_hdr(ubi, pnum);
272 if (err)
273 return err;
274 }
275
276 if (ubi_dbg_is_write_failure(ubi)) {
277 ubi_err(ubi, "cannot write %d bytes to PEB %d:%d (emulated)",
278 len, pnum, offset);
279 dump_stack();
280 return -EIO;
281 }
282
283 addr = (loff_t)pnum * ubi->peb_size + offset;
284 err = mtd_write(ubi->mtd, addr, len, &written, buf);
285 if (err) {
286 ubi_err(ubi, "error %d while writing %d bytes to PEB %d:%d, written %zd bytes",
287 err, len, pnum, offset, written);
288 dump_stack();
289 ubi_dump_flash(ubi, pnum, offset, len);
290 } else
291 ubi_assert(written == len);
292
293 if (!err) {
294 err = self_check_write(ubi, buf, pnum, offset, len);
295 if (err)
296 return err;
297
298 /*
299 * Since we always write sequentially, the rest of the PEB has
300 * to contain only 0xFF bytes.
301 */
302 offset += len;
303 len = ubi->peb_size - offset;
304 if (len)
305 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
306 }
307
308 return err;
309 }
310
311 /**
312 * do_sync_erase - synchronously erase a physical eraseblock.
313 * @ubi: UBI device description object
314 * @pnum: the physical eraseblock number to erase
315 *
316 * This function synchronously erases physical eraseblock @pnum and returns
317 * zero in case of success and a negative error code in case of failure. If
318 * %-EIO is returned, the physical eraseblock most probably went bad.
319 */
do_sync_erase(struct ubi_device * ubi,int pnum)320 static int do_sync_erase(struct ubi_device *ubi, int pnum)
321 {
322 int err, retries = 0;
323 struct erase_info ei;
324
325 dbg_io("erase PEB %d", pnum);
326 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
327
328 if (ubi->ro_mode) {
329 ubi_err(ubi, "read-only mode");
330 return -EROFS;
331 }
332
333 retry:
334 memset(&ei, 0, sizeof(struct erase_info));
335
336 ei.addr = (loff_t)pnum * ubi->peb_size;
337 ei.len = ubi->peb_size;
338
339 err = mtd_erase(ubi->mtd, &ei);
340 if (err) {
341 if (retries++ < UBI_IO_RETRIES) {
342 ubi_warn(ubi, "error %d while erasing PEB %d, retry",
343 err, pnum);
344 yield();
345 goto retry;
346 }
347 ubi_err(ubi, "cannot erase PEB %d, error %d", pnum, err);
348 dump_stack();
349 return err;
350 }
351
352 err = ubi_self_check_all_ff(ubi, pnum, 0, ubi->peb_size);
353 if (err)
354 return err;
355
356 if (ubi_dbg_is_erase_failure(ubi)) {
357 ubi_err(ubi, "cannot erase PEB %d (emulated)", pnum);
358 return -EIO;
359 }
360
361 return 0;
362 }
363
364 /* Patterns to write to a physical eraseblock when torturing it */
365 static uint8_t patterns[] = {0xa5, 0x5a, 0x0};
366
367 /**
368 * torture_peb - test a supposedly bad physical eraseblock.
369 * @ubi: UBI device description object
370 * @pnum: the physical eraseblock number to test
371 *
372 * This function returns %-EIO if the physical eraseblock did not pass the
373 * test, a positive number of erase operations done if the test was
374 * successfully passed, and other negative error codes in case of other errors.
375 */
torture_peb(struct ubi_device * ubi,int pnum)376 static int torture_peb(struct ubi_device *ubi, int pnum)
377 {
378 int err, i, patt_count;
379
380 ubi_msg(ubi, "run torture test for PEB %d", pnum);
381 patt_count = ARRAY_SIZE(patterns);
382 ubi_assert(patt_count > 0);
383
384 mutex_lock(&ubi->buf_mutex);
385 for (i = 0; i < patt_count; i++) {
386 err = do_sync_erase(ubi, pnum);
387 if (err)
388 goto out;
389
390 /* Make sure the PEB contains only 0xFF bytes */
391 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
392 if (err)
393 goto out;
394
395 err = ubi_check_pattern(ubi->peb_buf, 0xFF, ubi->peb_size);
396 if (err == 0) {
397 ubi_err(ubi, "erased PEB %d, but a non-0xFF byte found",
398 pnum);
399 err = -EIO;
400 goto out;
401 }
402
403 /* Write a pattern and check it */
404 memset(ubi->peb_buf, patterns[i], ubi->peb_size);
405 err = ubi_io_write(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
406 if (err)
407 goto out;
408
409 memset(ubi->peb_buf, ~patterns[i], ubi->peb_size);
410 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
411 if (err)
412 goto out;
413
414 err = ubi_check_pattern(ubi->peb_buf, patterns[i],
415 ubi->peb_size);
416 if (err == 0) {
417 ubi_err(ubi, "pattern %x checking failed for PEB %d",
418 patterns[i], pnum);
419 err = -EIO;
420 goto out;
421 }
422 }
423
424 err = patt_count;
425 ubi_msg(ubi, "PEB %d passed torture test, do not mark it as bad", pnum);
426
427 out:
428 mutex_unlock(&ubi->buf_mutex);
429 if (err == UBI_IO_BITFLIPS || mtd_is_eccerr(err)) {
430 /*
431 * If a bit-flip or data integrity error was detected, the test
432 * has not passed because it happened on a freshly erased
433 * physical eraseblock which means something is wrong with it.
434 */
435 ubi_err(ubi, "read problems on freshly erased PEB %d, must be bad",
436 pnum);
437 err = -EIO;
438 }
439 return err;
440 }
441
442 /**
443 * nor_erase_prepare - prepare a NOR flash PEB for erasure.
444 * @ubi: UBI device description object
445 * @pnum: physical eraseblock number to prepare
446 *
447 * NOR flash, or at least some of them, have peculiar embedded PEB erasure
448 * algorithm: the PEB is first filled with zeroes, then it is erased. And
449 * filling with zeroes starts from the end of the PEB. This was observed with
450 * Spansion S29GL512N NOR flash.
451 *
452 * This means that in case of a power cut we may end up with intact data at the
453 * beginning of the PEB, and all zeroes at the end of PEB. In other words, the
454 * EC and VID headers are OK, but a large chunk of data at the end of PEB is
455 * zeroed. This makes UBI mistakenly treat this PEB as used and associate it
456 * with an LEB, which leads to subsequent failures (e.g., UBIFS fails).
457 *
458 * This function is called before erasing NOR PEBs and it zeroes out EC and VID
459 * magic numbers in order to invalidate them and prevent the failures. Returns
460 * zero in case of success and a negative error code in case of failure.
461 */
nor_erase_prepare(struct ubi_device * ubi,int pnum)462 static int nor_erase_prepare(struct ubi_device *ubi, int pnum)
463 {
464 int err;
465 size_t written;
466 loff_t addr;
467 uint32_t data = 0;
468 struct ubi_ec_hdr ec_hdr;
469 struct ubi_vid_io_buf vidb;
470
471 /*
472 * Note, we cannot generally define VID header buffers on stack,
473 * because of the way we deal with these buffers (see the header
474 * comment in this file). But we know this is a NOR-specific piece of
475 * code, so we can do this. But yes, this is error-prone and we should
476 * (pre-)allocate VID header buffer instead.
477 */
478 struct ubi_vid_hdr vid_hdr;
479
480 /*
481 * If VID or EC is valid, we have to corrupt them before erasing.
482 * It is important to first invalidate the EC header, and then the VID
483 * header. Otherwise a power cut may lead to valid EC header and
484 * invalid VID header, in which case UBI will treat this PEB as
485 * corrupted and will try to preserve it, and print scary warnings.
486 */
487 addr = (loff_t)pnum * ubi->peb_size;
488 err = ubi_io_read_ec_hdr(ubi, pnum, &ec_hdr, 0);
489 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
490 err != UBI_IO_FF){
491 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
492 if(err)
493 goto error;
494 }
495
496 ubi_init_vid_buf(ubi, &vidb, &vid_hdr);
497 ubi_assert(&vid_hdr == ubi_get_vid_hdr(&vidb));
498
499 err = ubi_io_read_vid_hdr(ubi, pnum, &vidb, 0);
500 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
501 err != UBI_IO_FF){
502 addr += ubi->vid_hdr_aloffset;
503 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
504 if (err)
505 goto error;
506 }
507 return 0;
508
509 error:
510 /*
511 * The PEB contains a valid VID or EC header, but we cannot invalidate
512 * it. Supposedly the flash media or the driver is screwed up, so
513 * return an error.
514 */
515 ubi_err(ubi, "cannot invalidate PEB %d, write returned %d", pnum, err);
516 ubi_dump_flash(ubi, pnum, 0, ubi->peb_size);
517 return -EIO;
518 }
519
520 /**
521 * ubi_io_sync_erase - synchronously erase a physical eraseblock.
522 * @ubi: UBI device description object
523 * @pnum: physical eraseblock number to erase
524 * @torture: if this physical eraseblock has to be tortured
525 *
526 * This function synchronously erases physical eraseblock @pnum. If @torture
527 * flag is not zero, the physical eraseblock is checked by means of writing
528 * different patterns to it and reading them back. If the torturing is enabled,
529 * the physical eraseblock is erased more than once.
530 *
531 * This function returns the number of erasures made in case of success, %-EIO
532 * if the erasure failed or the torturing test failed, and other negative error
533 * codes in case of other errors. Note, %-EIO means that the physical
534 * eraseblock is bad.
535 */
ubi_io_sync_erase(struct ubi_device * ubi,int pnum,int torture)536 int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture)
537 {
538 int err, ret = 0;
539
540 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
541
542 err = self_check_not_bad(ubi, pnum);
543 if (err != 0)
544 return err;
545
546 if (ubi->ro_mode) {
547 ubi_err(ubi, "read-only mode");
548 return -EROFS;
549 }
550
551 if (ubi->nor_flash) {
552 err = nor_erase_prepare(ubi, pnum);
553 if (err)
554 return err;
555 }
556
557 if (torture) {
558 ret = torture_peb(ubi, pnum);
559 if (ret < 0)
560 return ret;
561 }
562
563 err = do_sync_erase(ubi, pnum);
564 if (err)
565 return err;
566
567 return ret + 1;
568 }
569
570 /**
571 * ubi_io_is_bad - check if a physical eraseblock is bad.
572 * @ubi: UBI device description object
573 * @pnum: the physical eraseblock number to check
574 *
575 * This function returns a positive number if the physical eraseblock is bad,
576 * zero if not, and a negative error code if an error occurred.
577 */
ubi_io_is_bad(const struct ubi_device * ubi,int pnum)578 int ubi_io_is_bad(const struct ubi_device *ubi, int pnum)
579 {
580 struct mtd_info *mtd = ubi->mtd;
581
582 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
583
584 if (ubi->bad_allowed) {
585 int ret;
586
587 ret = mtd_block_isbad(mtd, (loff_t)pnum * ubi->peb_size);
588 if (ret < 0)
589 ubi_err(ubi, "error %d while checking if PEB %d is bad",
590 ret, pnum);
591 else if (ret)
592 dbg_io("PEB %d is bad", pnum);
593 return ret;
594 }
595
596 return 0;
597 }
598
599 /**
600 * ubi_io_mark_bad - mark a physical eraseblock as bad.
601 * @ubi: UBI device description object
602 * @pnum: the physical eraseblock number to mark
603 *
604 * This function returns zero in case of success and a negative error code in
605 * case of failure.
606 */
ubi_io_mark_bad(const struct ubi_device * ubi,int pnum)607 int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum)
608 {
609 int err;
610 struct mtd_info *mtd = ubi->mtd;
611
612 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
613
614 if (ubi->ro_mode) {
615 ubi_err(ubi, "read-only mode");
616 return -EROFS;
617 }
618
619 if (!ubi->bad_allowed)
620 return 0;
621
622 err = mtd_block_markbad(mtd, (loff_t)pnum * ubi->peb_size);
623 if (err)
624 ubi_err(ubi, "cannot mark PEB %d bad, error %d", pnum, err);
625 return err;
626 }
627
628 /**
629 * validate_ec_hdr - validate an erase counter header.
630 * @ubi: UBI device description object
631 * @ec_hdr: the erase counter header to check
632 *
633 * This function returns zero if the erase counter header is OK, and %1 if
634 * not.
635 */
validate_ec_hdr(const struct ubi_device * ubi,const struct ubi_ec_hdr * ec_hdr)636 static int validate_ec_hdr(const struct ubi_device *ubi,
637 const struct ubi_ec_hdr *ec_hdr)
638 {
639 long long ec;
640 int vid_hdr_offset, leb_start;
641
642 ec = be64_to_cpu(ec_hdr->ec);
643 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset);
644 leb_start = be32_to_cpu(ec_hdr->data_offset);
645
646 if (ec_hdr->version != UBI_VERSION) {
647 ubi_err(ubi, "node with incompatible UBI version found: this UBI version is %d, image version is %d",
648 UBI_VERSION, (int)ec_hdr->version);
649 goto bad;
650 }
651
652 if (vid_hdr_offset != ubi->vid_hdr_offset) {
653 ubi_err(ubi, "bad VID header offset %d, expected %d",
654 vid_hdr_offset, ubi->vid_hdr_offset);
655 goto bad;
656 }
657
658 if (leb_start != ubi->leb_start) {
659 ubi_err(ubi, "bad data offset %d, expected %d",
660 leb_start, ubi->leb_start);
661 goto bad;
662 }
663
664 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) {
665 ubi_err(ubi, "bad erase counter %lld", ec);
666 goto bad;
667 }
668
669 return 0;
670
671 bad:
672 ubi_err(ubi, "bad EC header");
673 ubi_dump_ec_hdr(ec_hdr);
674 dump_stack();
675 return 1;
676 }
677
678 /**
679 * ubi_io_read_ec_hdr - read and check an erase counter header.
680 * @ubi: UBI device description object
681 * @pnum: physical eraseblock to read from
682 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter
683 * header
684 * @verbose: be verbose if the header is corrupted or was not found
685 *
686 * This function reads erase counter header from physical eraseblock @pnum and
687 * stores it in @ec_hdr. This function also checks CRC checksum of the read
688 * erase counter header. The following codes may be returned:
689 *
690 * o %0 if the CRC checksum is correct and the header was successfully read;
691 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected
692 * and corrected by the flash driver; this is harmless but may indicate that
693 * this eraseblock may become bad soon (but may be not);
694 * o %UBI_IO_BAD_HDR if the erase counter header is corrupted (a CRC error);
695 * o %UBI_IO_BAD_HDR_EBADMSG is the same as %UBI_IO_BAD_HDR, but there also was
696 * a data integrity error (uncorrectable ECC error in case of NAND);
697 * o %UBI_IO_FF if only 0xFF bytes were read (the PEB is supposedly empty)
698 * o a negative error code in case of failure.
699 */
ubi_io_read_ec_hdr(struct ubi_device * ubi,int pnum,struct ubi_ec_hdr * ec_hdr,int verbose)700 int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum,
701 struct ubi_ec_hdr *ec_hdr, int verbose)
702 {
703 int err, read_err;
704 uint32_t crc, magic, hdr_crc;
705
706 dbg_io("read EC header from PEB %d", pnum);
707 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
708
709 read_err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
710 if (read_err) {
711 if (read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
712 return read_err;
713
714 /*
715 * We read all the data, but either a correctable bit-flip
716 * occurred, or MTD reported a data integrity error
717 * (uncorrectable ECC error in case of NAND). The former is
718 * harmless, the later may mean that the read data is
719 * corrupted. But we have a CRC check-sum and we will detect
720 * this. If the EC header is still OK, we just report this as
721 * there was a bit-flip, to force scrubbing.
722 */
723 }
724
725 magic = be32_to_cpu(ec_hdr->magic);
726 if (magic != UBI_EC_HDR_MAGIC) {
727 if (mtd_is_eccerr(read_err))
728 return UBI_IO_BAD_HDR_EBADMSG;
729
730 /*
731 * The magic field is wrong. Let's check if we have read all
732 * 0xFF. If yes, this physical eraseblock is assumed to be
733 * empty.
734 */
735 if (ubi_check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) {
736 /* The physical eraseblock is supposedly empty */
737 if (verbose)
738 ubi_warn(ubi, "no EC header found at PEB %d, only 0xFF bytes",
739 pnum);
740 dbg_bld("no EC header found at PEB %d, only 0xFF bytes",
741 pnum);
742 if (!read_err)
743 return UBI_IO_FF;
744 else
745 return UBI_IO_FF_BITFLIPS;
746 }
747
748 /*
749 * This is not a valid erase counter header, and these are not
750 * 0xFF bytes. Report that the header is corrupted.
751 */
752 if (verbose) {
753 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
754 pnum, magic, UBI_EC_HDR_MAGIC);
755 ubi_dump_ec_hdr(ec_hdr);
756 }
757 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
758 pnum, magic, UBI_EC_HDR_MAGIC);
759 return UBI_IO_BAD_HDR;
760 }
761
762 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
763 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
764
765 if (hdr_crc != crc) {
766 if (verbose) {
767 ubi_warn(ubi, "bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
768 pnum, crc, hdr_crc);
769 ubi_dump_ec_hdr(ec_hdr);
770 }
771 dbg_bld("bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
772 pnum, crc, hdr_crc);
773
774 if (!read_err)
775 return UBI_IO_BAD_HDR;
776 else
777 return UBI_IO_BAD_HDR_EBADMSG;
778 }
779
780 /* And of course validate what has just been read from the media */
781 err = validate_ec_hdr(ubi, ec_hdr);
782 if (err) {
783 ubi_err(ubi, "validation failed for PEB %d", pnum);
784 return -EINVAL;
785 }
786
787 /*
788 * If there was %-EBADMSG, but the header CRC is still OK, report about
789 * a bit-flip to force scrubbing on this PEB.
790 */
791 return read_err ? UBI_IO_BITFLIPS : 0;
792 }
793
794 /**
795 * ubi_io_write_ec_hdr - write an erase counter header.
796 * @ubi: UBI device description object
797 * @pnum: physical eraseblock to write to
798 * @ec_hdr: the erase counter header to write
799 *
800 * This function writes erase counter header described by @ec_hdr to physical
801 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so
802 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec
803 * field.
804 *
805 * This function returns zero in case of success and a negative error code in
806 * case of failure. If %-EIO is returned, the physical eraseblock most probably
807 * went bad.
808 */
ubi_io_write_ec_hdr(struct ubi_device * ubi,int pnum,struct ubi_ec_hdr * ec_hdr)809 int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum,
810 struct ubi_ec_hdr *ec_hdr)
811 {
812 int err;
813 uint32_t crc;
814
815 dbg_io("write EC header to PEB %d", pnum);
816 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
817
818 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC);
819 ec_hdr->version = UBI_VERSION;
820 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset);
821 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start);
822 ec_hdr->image_seq = cpu_to_be32(ubi->image_seq);
823 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
824 ec_hdr->hdr_crc = cpu_to_be32(crc);
825
826 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
827 if (err)
828 return err;
829
830 if (ubi_dbg_power_cut(ubi, POWER_CUT_EC_WRITE))
831 return -EROFS;
832
833 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize);
834 return err;
835 }
836
837 /**
838 * validate_vid_hdr - validate a volume identifier header.
839 * @ubi: UBI device description object
840 * @vid_hdr: the volume identifier header to check
841 *
842 * This function checks that data stored in the volume identifier header
843 * @vid_hdr. Returns zero if the VID header is OK and %1 if not.
844 */
validate_vid_hdr(const struct ubi_device * ubi,const struct ubi_vid_hdr * vid_hdr)845 static int validate_vid_hdr(const struct ubi_device *ubi,
846 const struct ubi_vid_hdr *vid_hdr)
847 {
848 int vol_type = vid_hdr->vol_type;
849 int copy_flag = vid_hdr->copy_flag;
850 int vol_id = be32_to_cpu(vid_hdr->vol_id);
851 int lnum = be32_to_cpu(vid_hdr->lnum);
852 int compat = vid_hdr->compat;
853 int data_size = be32_to_cpu(vid_hdr->data_size);
854 int used_ebs = be32_to_cpu(vid_hdr->used_ebs);
855 int data_pad = be32_to_cpu(vid_hdr->data_pad);
856 int data_crc = be32_to_cpu(vid_hdr->data_crc);
857 int usable_leb_size = ubi->leb_size - data_pad;
858
859 if (copy_flag != 0 && copy_flag != 1) {
860 ubi_err(ubi, "bad copy_flag");
861 goto bad;
862 }
863
864 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 ||
865 data_pad < 0) {
866 ubi_err(ubi, "negative values");
867 goto bad;
868 }
869
870 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) {
871 ubi_err(ubi, "bad vol_id");
872 goto bad;
873 }
874
875 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) {
876 ubi_err(ubi, "bad compat");
877 goto bad;
878 }
879
880 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE &&
881 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE &&
882 compat != UBI_COMPAT_REJECT) {
883 ubi_err(ubi, "bad compat");
884 goto bad;
885 }
886
887 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) {
888 ubi_err(ubi, "bad vol_type");
889 goto bad;
890 }
891
892 if (data_pad >= ubi->leb_size / 2) {
893 ubi_err(ubi, "bad data_pad");
894 goto bad;
895 }
896
897 if (data_size > ubi->leb_size) {
898 ubi_err(ubi, "bad data_size");
899 goto bad;
900 }
901
902 if (vol_type == UBI_VID_STATIC) {
903 /*
904 * Although from high-level point of view static volumes may
905 * contain zero bytes of data, but no VID headers can contain
906 * zero at these fields, because they empty volumes do not have
907 * mapped logical eraseblocks.
908 */
909 if (used_ebs == 0) {
910 ubi_err(ubi, "zero used_ebs");
911 goto bad;
912 }
913 if (data_size == 0) {
914 ubi_err(ubi, "zero data_size");
915 goto bad;
916 }
917 if (lnum < used_ebs - 1) {
918 if (data_size != usable_leb_size) {
919 ubi_err(ubi, "bad data_size");
920 goto bad;
921 }
922 } else if (lnum == used_ebs - 1) {
923 if (data_size == 0) {
924 ubi_err(ubi, "bad data_size at last LEB");
925 goto bad;
926 }
927 } else {
928 ubi_err(ubi, "too high lnum");
929 goto bad;
930 }
931 } else {
932 if (copy_flag == 0) {
933 if (data_crc != 0) {
934 ubi_err(ubi, "non-zero data CRC");
935 goto bad;
936 }
937 if (data_size != 0) {
938 ubi_err(ubi, "non-zero data_size");
939 goto bad;
940 }
941 } else {
942 if (data_size == 0) {
943 ubi_err(ubi, "zero data_size of copy");
944 goto bad;
945 }
946 }
947 if (used_ebs != 0) {
948 ubi_err(ubi, "bad used_ebs");
949 goto bad;
950 }
951 }
952
953 return 0;
954
955 bad:
956 ubi_err(ubi, "bad VID header");
957 ubi_dump_vid_hdr(vid_hdr);
958 dump_stack();
959 return 1;
960 }
961
962 /**
963 * ubi_io_read_vid_hdr - read and check a volume identifier header.
964 * @ubi: UBI device description object
965 * @pnum: physical eraseblock number to read from
966 * @vidb: the volume identifier buffer to store data in
967 * @verbose: be verbose if the header is corrupted or wasn't found
968 *
969 * This function reads the volume identifier header from physical eraseblock
970 * @pnum and stores it in @vidb. It also checks CRC checksum of the read
971 * volume identifier header. The error codes are the same as in
972 * 'ubi_io_read_ec_hdr()'.
973 *
974 * Note, the implementation of this function is also very similar to
975 * 'ubi_io_read_ec_hdr()', so refer commentaries in 'ubi_io_read_ec_hdr()'.
976 */
ubi_io_read_vid_hdr(struct ubi_device * ubi,int pnum,struct ubi_vid_io_buf * vidb,int verbose)977 int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum,
978 struct ubi_vid_io_buf *vidb, int verbose)
979 {
980 int err, read_err;
981 uint32_t crc, magic, hdr_crc;
982 struct ubi_vid_hdr *vid_hdr = ubi_get_vid_hdr(vidb);
983 void *p = vidb->buffer;
984
985 dbg_io("read VID header from PEB %d", pnum);
986 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
987
988 read_err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
989 ubi->vid_hdr_shift + UBI_VID_HDR_SIZE);
990 if (read_err && read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
991 return read_err;
992
993 magic = be32_to_cpu(vid_hdr->magic);
994 if (magic != UBI_VID_HDR_MAGIC) {
995 if (mtd_is_eccerr(read_err))
996 return UBI_IO_BAD_HDR_EBADMSG;
997
998 if (ubi_check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) {
999 if (verbose)
1000 ubi_warn(ubi, "no VID header found at PEB %d, only 0xFF bytes",
1001 pnum);
1002 dbg_bld("no VID header found at PEB %d, only 0xFF bytes",
1003 pnum);
1004 if (!read_err)
1005 return UBI_IO_FF;
1006 else
1007 return UBI_IO_FF_BITFLIPS;
1008 }
1009
1010 if (verbose) {
1011 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
1012 pnum, magic, UBI_VID_HDR_MAGIC);
1013 ubi_dump_vid_hdr(vid_hdr);
1014 }
1015 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
1016 pnum, magic, UBI_VID_HDR_MAGIC);
1017 return UBI_IO_BAD_HDR;
1018 }
1019
1020 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1021 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1022
1023 if (hdr_crc != crc) {
1024 if (verbose) {
1025 ubi_warn(ubi, "bad CRC at PEB %d, calculated %#08x, read %#08x",
1026 pnum, crc, hdr_crc);
1027 ubi_dump_vid_hdr(vid_hdr);
1028 }
1029 dbg_bld("bad CRC at PEB %d, calculated %#08x, read %#08x",
1030 pnum, crc, hdr_crc);
1031 if (!read_err)
1032 return UBI_IO_BAD_HDR;
1033 else
1034 return UBI_IO_BAD_HDR_EBADMSG;
1035 }
1036
1037 err = validate_vid_hdr(ubi, vid_hdr);
1038 if (err) {
1039 ubi_err(ubi, "validation failed for PEB %d", pnum);
1040 return -EINVAL;
1041 }
1042
1043 return read_err ? UBI_IO_BITFLIPS : 0;
1044 }
1045
1046 /**
1047 * ubi_io_write_vid_hdr - write a volume identifier header.
1048 * @ubi: UBI device description object
1049 * @pnum: the physical eraseblock number to write to
1050 * @vidb: the volume identifier buffer to write
1051 *
1052 * This function writes the volume identifier header described by @vid_hdr to
1053 * physical eraseblock @pnum. This function automatically fills the
1054 * @vidb->hdr->magic and the @vidb->hdr->version fields, as well as calculates
1055 * header CRC checksum and stores it at vidb->hdr->hdr_crc.
1056 *
1057 * This function returns zero in case of success and a negative error code in
1058 * case of failure. If %-EIO is returned, the physical eraseblock probably went
1059 * bad.
1060 */
ubi_io_write_vid_hdr(struct ubi_device * ubi,int pnum,struct ubi_vid_io_buf * vidb)1061 int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum,
1062 struct ubi_vid_io_buf *vidb)
1063 {
1064 struct ubi_vid_hdr *vid_hdr = ubi_get_vid_hdr(vidb);
1065 int err;
1066 uint32_t crc;
1067 void *p = vidb->buffer;
1068
1069 dbg_io("write VID header to PEB %d", pnum);
1070 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1071
1072 err = self_check_peb_ec_hdr(ubi, pnum);
1073 if (err)
1074 return err;
1075
1076 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC);
1077 vid_hdr->version = UBI_VERSION;
1078 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1079 vid_hdr->hdr_crc = cpu_to_be32(crc);
1080
1081 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1082 if (err)
1083 return err;
1084
1085 if (ubi_dbg_power_cut(ubi, POWER_CUT_VID_WRITE))
1086 return -EROFS;
1087
1088 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset,
1089 ubi->vid_hdr_alsize);
1090 return err;
1091 }
1092
1093 /**
1094 * self_check_not_bad - ensure that a physical eraseblock is not bad.
1095 * @ubi: UBI device description object
1096 * @pnum: physical eraseblock number to check
1097 *
1098 * This function returns zero if the physical eraseblock is good, %-EINVAL if
1099 * it is bad and a negative error code if an error occurred.
1100 */
self_check_not_bad(const struct ubi_device * ubi,int pnum)1101 static int self_check_not_bad(const struct ubi_device *ubi, int pnum)
1102 {
1103 int err;
1104
1105 if (!ubi_dbg_chk_io(ubi))
1106 return 0;
1107
1108 err = ubi_io_is_bad(ubi, pnum);
1109 if (!err)
1110 return err;
1111
1112 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1113 dump_stack();
1114 return err > 0 ? -EINVAL : err;
1115 }
1116
1117 /**
1118 * self_check_ec_hdr - check if an erase counter header is all right.
1119 * @ubi: UBI device description object
1120 * @pnum: physical eraseblock number the erase counter header belongs to
1121 * @ec_hdr: the erase counter header to check
1122 *
1123 * This function returns zero if the erase counter header contains valid
1124 * values, and %-EINVAL if not.
1125 */
self_check_ec_hdr(const struct ubi_device * ubi,int pnum,const struct ubi_ec_hdr * ec_hdr)1126 static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
1127 const struct ubi_ec_hdr *ec_hdr)
1128 {
1129 int err;
1130 uint32_t magic;
1131
1132 if (!ubi_dbg_chk_io(ubi))
1133 return 0;
1134
1135 magic = be32_to_cpu(ec_hdr->magic);
1136 if (magic != UBI_EC_HDR_MAGIC) {
1137 ubi_err(ubi, "bad magic %#08x, must be %#08x",
1138 magic, UBI_EC_HDR_MAGIC);
1139 goto fail;
1140 }
1141
1142 err = validate_ec_hdr(ubi, ec_hdr);
1143 if (err) {
1144 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1145 goto fail;
1146 }
1147
1148 return 0;
1149
1150 fail:
1151 ubi_dump_ec_hdr(ec_hdr);
1152 dump_stack();
1153 return -EINVAL;
1154 }
1155
1156 /**
1157 * self_check_peb_ec_hdr - check erase counter header.
1158 * @ubi: UBI device description object
1159 * @pnum: the physical eraseblock number to check
1160 *
1161 * This function returns zero if the erase counter header is all right and and
1162 * a negative error code if not or if an error occurred.
1163 */
self_check_peb_ec_hdr(const struct ubi_device * ubi,int pnum)1164 static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum)
1165 {
1166 int err;
1167 uint32_t crc, hdr_crc;
1168 struct ubi_ec_hdr *ec_hdr;
1169
1170 if (!ubi_dbg_chk_io(ubi))
1171 return 0;
1172
1173 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS);
1174 if (!ec_hdr)
1175 return -ENOMEM;
1176
1177 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
1178 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1179 goto exit;
1180
1181 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
1182 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
1183 if (hdr_crc != crc) {
1184 ubi_err(ubi, "bad CRC, calculated %#08x, read %#08x",
1185 crc, hdr_crc);
1186 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1187 ubi_dump_ec_hdr(ec_hdr);
1188 dump_stack();
1189 err = -EINVAL;
1190 goto exit;
1191 }
1192
1193 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
1194
1195 exit:
1196 kfree(ec_hdr);
1197 return err;
1198 }
1199
1200 /**
1201 * self_check_vid_hdr - check that a volume identifier header is all right.
1202 * @ubi: UBI device description object
1203 * @pnum: physical eraseblock number the volume identifier header belongs to
1204 * @vid_hdr: the volume identifier header to check
1205 *
1206 * This function returns zero if the volume identifier header is all right, and
1207 * %-EINVAL if not.
1208 */
self_check_vid_hdr(const struct ubi_device * ubi,int pnum,const struct ubi_vid_hdr * vid_hdr)1209 static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
1210 const struct ubi_vid_hdr *vid_hdr)
1211 {
1212 int err;
1213 uint32_t magic;
1214
1215 if (!ubi_dbg_chk_io(ubi))
1216 return 0;
1217
1218 magic = be32_to_cpu(vid_hdr->magic);
1219 if (magic != UBI_VID_HDR_MAGIC) {
1220 ubi_err(ubi, "bad VID header magic %#08x at PEB %d, must be %#08x",
1221 magic, pnum, UBI_VID_HDR_MAGIC);
1222 goto fail;
1223 }
1224
1225 err = validate_vid_hdr(ubi, vid_hdr);
1226 if (err) {
1227 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1228 goto fail;
1229 }
1230
1231 return err;
1232
1233 fail:
1234 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1235 ubi_dump_vid_hdr(vid_hdr);
1236 dump_stack();
1237 return -EINVAL;
1238
1239 }
1240
1241 /**
1242 * self_check_peb_vid_hdr - check volume identifier header.
1243 * @ubi: UBI device description object
1244 * @pnum: the physical eraseblock number to check
1245 *
1246 * This function returns zero if the volume identifier header is all right,
1247 * and a negative error code if not or if an error occurred.
1248 */
self_check_peb_vid_hdr(const struct ubi_device * ubi,int pnum)1249 static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum)
1250 {
1251 int err;
1252 uint32_t crc, hdr_crc;
1253 struct ubi_vid_io_buf *vidb;
1254 struct ubi_vid_hdr *vid_hdr;
1255 void *p;
1256
1257 if (!ubi_dbg_chk_io(ubi))
1258 return 0;
1259
1260 vidb = ubi_alloc_vid_buf(ubi, GFP_NOFS);
1261 if (!vidb)
1262 return -ENOMEM;
1263
1264 vid_hdr = ubi_get_vid_hdr(vidb);
1265 p = vidb->buffer;
1266 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1267 ubi->vid_hdr_alsize);
1268 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1269 goto exit;
1270
1271 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1272 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1273 if (hdr_crc != crc) {
1274 ubi_err(ubi, "bad VID header CRC at PEB %d, calculated %#08x, read %#08x",
1275 pnum, crc, hdr_crc);
1276 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1277 ubi_dump_vid_hdr(vid_hdr);
1278 dump_stack();
1279 err = -EINVAL;
1280 goto exit;
1281 }
1282
1283 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1284
1285 exit:
1286 ubi_free_vid_buf(vidb);
1287 return err;
1288 }
1289
1290 /**
1291 * self_check_write - make sure write succeeded.
1292 * @ubi: UBI device description object
1293 * @buf: buffer with data which were written
1294 * @pnum: physical eraseblock number the data were written to
1295 * @offset: offset within the physical eraseblock the data were written to
1296 * @len: how many bytes were written
1297 *
1298 * This functions reads data which were recently written and compares it with
1299 * the original data buffer - the data have to match. Returns zero if the data
1300 * match and a negative error code if not or in case of failure.
1301 */
self_check_write(struct ubi_device * ubi,const void * buf,int pnum,int offset,int len)1302 static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
1303 int offset, int len)
1304 {
1305 int err, i;
1306 size_t read;
1307 void *buf1;
1308 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1309
1310 if (!ubi_dbg_chk_io(ubi))
1311 return 0;
1312
1313 buf1 = __vmalloc(len, GFP_NOFS, PAGE_KERNEL);
1314 if (!buf1) {
1315 ubi_err(ubi, "cannot allocate memory to check writes");
1316 return 0;
1317 }
1318
1319 err = mtd_read(ubi->mtd, addr, len, &read, buf1);
1320 if (err && !mtd_is_bitflip(err))
1321 goto out_free;
1322
1323 for (i = 0; i < len; i++) {
1324 uint8_t c = ((uint8_t *)buf)[i];
1325 uint8_t c1 = ((uint8_t *)buf1)[i];
1326 int dump_len;
1327
1328 if (c == c1)
1329 continue;
1330
1331 ubi_err(ubi, "self-check failed for PEB %d:%d, len %d",
1332 pnum, offset, len);
1333 ubi_msg(ubi, "data differ at position %d", i);
1334 dump_len = max_t(int, 128, len - i);
1335 ubi_msg(ubi, "hex dump of the original buffer from %d to %d",
1336 i, i + dump_len);
1337 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1338 buf + i, dump_len, 1);
1339 ubi_msg(ubi, "hex dump of the read buffer from %d to %d",
1340 i, i + dump_len);
1341 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1342 buf1 + i, dump_len, 1);
1343 dump_stack();
1344 err = -EINVAL;
1345 goto out_free;
1346 }
1347
1348 vfree(buf1);
1349 return 0;
1350
1351 out_free:
1352 vfree(buf1);
1353 return err;
1354 }
1355
1356 /**
1357 * ubi_self_check_all_ff - check that a region of flash is empty.
1358 * @ubi: UBI device description object
1359 * @pnum: the physical eraseblock number to check
1360 * @offset: the starting offset within the physical eraseblock to check
1361 * @len: the length of the region to check
1362 *
1363 * This function returns zero if only 0xFF bytes are present at offset
1364 * @offset of the physical eraseblock @pnum, and a negative error code if not
1365 * or if an error occurred.
1366 */
ubi_self_check_all_ff(struct ubi_device * ubi,int pnum,int offset,int len)1367 int ubi_self_check_all_ff(struct ubi_device *ubi, int pnum, int offset, int len)
1368 {
1369 size_t read;
1370 int err;
1371 void *buf;
1372 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1373
1374 if (!ubi_dbg_chk_io(ubi))
1375 return 0;
1376
1377 buf = __vmalloc(len, GFP_NOFS, PAGE_KERNEL);
1378 if (!buf) {
1379 ubi_err(ubi, "cannot allocate memory to check for 0xFFs");
1380 return 0;
1381 }
1382
1383 err = mtd_read(ubi->mtd, addr, len, &read, buf);
1384 if (err && !mtd_is_bitflip(err)) {
1385 ubi_err(ubi, "err %d while reading %d bytes from PEB %d:%d, read %zd bytes",
1386 err, len, pnum, offset, read);
1387 goto error;
1388 }
1389
1390 err = ubi_check_pattern(buf, 0xFF, len);
1391 if (err == 0) {
1392 ubi_err(ubi, "flash region at PEB %d:%d, length %d does not contain all 0xFF bytes",
1393 pnum, offset, len);
1394 goto fail;
1395 }
1396
1397 vfree(buf);
1398 return 0;
1399
1400 fail:
1401 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1402 ubi_msg(ubi, "hex dump of the %d-%d region", offset, offset + len);
1403 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1, buf, len, 1);
1404 err = -EINVAL;
1405 error:
1406 dump_stack();
1407 vfree(buf);
1408 return err;
1409 }
1410
