1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (c) International Business Machines Corp., 2006
4 * Copyright (c) Nokia Corporation, 2006, 2007
5 *
6 * Author: Artem Bityutskiy (Битюцкий Артём)
7 */
8
9 /*
10 * UBI input/output sub-system.
11 *
12 * This sub-system provides a uniform way to work with all kinds of the
13 * underlying MTD devices. It also implements handy functions for reading and
14 * writing UBI headers.
15 *
16 * We are trying to have a paranoid mindset and not to trust to what we read
17 * from the flash media in order to be more secure and robust. So this
18 * sub-system validates every single header it reads from the flash media.
19 *
20 * Some words about how the eraseblock headers are stored.
21 *
22 * The erase counter header is always stored at offset zero. By default, the
23 * VID header is stored after the EC header at the closest aligned offset
24 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID
25 * header at the closest aligned offset. But this default layout may be
26 * changed. For example, for different reasons (e.g., optimization) UBI may be
27 * asked to put the VID header at further offset, and even at an unaligned
28 * offset. Of course, if the offset of the VID header is unaligned, UBI adds
29 * proper padding in front of it. Data offset may also be changed but it has to
30 * be aligned.
31 *
32 * About minimal I/O units. In general, UBI assumes flash device model where
33 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1,
34 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the
35 * @ubi->mtd->writesize field. But as an exception, UBI admits use of another
36 * (smaller) minimal I/O unit size for EC and VID headers to make it possible
37 * to do different optimizations.
38 *
39 * This is extremely useful in case of NAND flashes which admit of several
40 * write operations to one NAND page. In this case UBI can fit EC and VID
41 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal
42 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still
43 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI
44 * users.
45 *
46 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so
47 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID
48 * headers.
49 *
50 * Q: why not just to treat sub-page as a minimal I/O unit of this flash
51 * device, e.g., make @ubi->min_io_size = 512 in the example above?
52 *
53 * A: because when writing a sub-page, MTD still writes a full 2K page but the
54 * bytes which are not relevant to the sub-page are 0xFF. So, basically,
55 * writing 4x512 sub-pages is 4 times slower than writing one 2KiB NAND page.
56 * Thus, we prefer to use sub-pages only for EC and VID headers.
57 *
58 * As it was noted above, the VID header may start at a non-aligned offset.
59 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page,
60 * the VID header may reside at offset 1984 which is the last 64 bytes of the
61 * last sub-page (EC header is always at offset zero). This causes some
62 * difficulties when reading and writing VID headers.
63 *
64 * Suppose we have a 64-byte buffer and we read a VID header at it. We change
65 * the data and want to write this VID header out. As we can only write in
66 * 512-byte chunks, we have to allocate one more buffer and copy our VID header
67 * to offset 448 of this buffer.
68 *
69 * The I/O sub-system does the following trick in order to avoid this extra
70 * copy. It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID
71 * header and returns a pointer to offset @ubi->vid_hdr_shift of this buffer.
72 * When the VID header is being written out, it shifts the VID header pointer
73 * back and writes the whole sub-page.
74 */
75
76 #include <linux/crc32.h>
77 #include <linux/err.h>
78 #include <linux/slab.h>
79 #include "ubi.h"
80
81 static int self_check_not_bad(const struct ubi_device *ubi, int pnum);
82 static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum);
83 static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
84 const struct ubi_ec_hdr *ec_hdr);
85 static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum);
86 static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
87 const struct ubi_vid_hdr *vid_hdr);
88 static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
89 int offset, int len);
90
91 /**
92 * ubi_io_read - read data from a physical eraseblock.
93 * @ubi: UBI device description object
94 * @buf: buffer where to store the read data
95 * @pnum: physical eraseblock number to read from
96 * @offset: offset within the physical eraseblock from where to read
97 * @len: how many bytes to read
98 *
99 * This function reads data from offset @offset of physical eraseblock @pnum
100 * and stores the read data in the @buf buffer. The following return codes are
101 * possible:
102 *
103 * o %0 if all the requested data were successfully read;
104 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but
105 * correctable bit-flips were detected; this is harmless but may indicate
106 * that this eraseblock may become bad soon (but do not have to);
107 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for
108 * example it can be an ECC error in case of NAND; this most probably means
109 * that the data is corrupted;
110 * o %-EIO if some I/O error occurred;
111 * o other negative error codes in case of other errors.
112 */
ubi_io_read(const struct ubi_device * ubi,void * buf,int pnum,int offset,int len)113 int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset,
114 int len)
115 {
116 int err, retries = 0;
117 size_t read;
118 loff_t addr;
119
120 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset);
121
122 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
123 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
124 ubi_assert(len > 0);
125
126 err = self_check_not_bad(ubi, pnum);
127 if (err)
128 return err;
129
130 /*
131 * Deliberately corrupt the buffer to improve robustness. Indeed, if we
132 * do not do this, the following may happen:
133 * 1. The buffer contains data from previous operation, e.g., read from
134 * another PEB previously. The data looks like expected, e.g., if we
135 * just do not read anything and return - the caller would not
136 * notice this. E.g., if we are reading a VID header, the buffer may
137 * contain a valid VID header from another PEB.
138 * 2. The driver is buggy and returns us success or -EBADMSG or
139 * -EUCLEAN, but it does not actually put any data to the buffer.
140 *
141 * This may confuse UBI or upper layers - they may think the buffer
142 * contains valid data while in fact it is just old data. This is
143 * especially possible because UBI (and UBIFS) relies on CRC, and
144 * treats data as correct even in case of ECC errors if the CRC is
145 * correct.
146 *
147 * Try to prevent this situation by changing the first byte of the
148 * buffer.
149 */
150 *((uint8_t *)buf) ^= 0xFF;
151
152 addr = (loff_t)pnum * ubi->peb_size + offset;
153 retry:
154 err = mtd_read(ubi->mtd, addr, len, &read, buf);
155 if (err) {
156 const char *errstr = mtd_is_eccerr(err) ? " (ECC error)" : "";
157
158 if (mtd_is_bitflip(err)) {
159 /*
160 * -EUCLEAN is reported if there was a bit-flip which
161 * was corrected, so this is harmless.
162 *
163 * We do not report about it here unless debugging is
164 * enabled. A corresponding message will be printed
165 * later, when it is has been scrubbed.
166 */
167 ubi_msg(ubi, "fixable bit-flip detected at PEB %d",
168 pnum);
169 ubi_assert(len == read);
170 return UBI_IO_BITFLIPS;
171 }
172
173 if (retries++ < UBI_IO_RETRIES) {
174 ubi_warn(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read only %zd bytes, retry",
175 err, errstr, len, pnum, offset, read);
176 yield();
177 goto retry;
178 }
179
180 ubi_err(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read %zd bytes",
181 err, errstr, len, pnum, offset, read);
182 dump_stack();
183
184 /*
185 * The driver should never return -EBADMSG if it failed to read
186 * all the requested data. But some buggy drivers might do
187 * this, so we change it to -EIO.
188 */
189 if (read != len && mtd_is_eccerr(err)) {
190 ubi_assert(0);
191 err = -EIO;
192 }
193 } else {
194 ubi_assert(len == read);
195
196 if (ubi_dbg_is_bitflip(ubi)) {
197 dbg_gen("bit-flip (emulated)");
198 err = UBI_IO_BITFLIPS;
199 }
200 }
201
202 return err;
203 }
204
205 /**
206 * ubi_io_write - write data to a physical eraseblock.
207 * @ubi: UBI device description object
208 * @buf: buffer with the data to write
209 * @pnum: physical eraseblock number to write to
210 * @offset: offset within the physical eraseblock where to write
211 * @len: how many bytes to write
212 *
213 * This function writes @len bytes of data from buffer @buf to offset @offset
214 * of physical eraseblock @pnum. If all the data were successfully written,
215 * zero is returned. If an error occurred, this function returns a negative
216 * error code. If %-EIO is returned, the physical eraseblock most probably went
217 * bad.
218 *
219 * Note, in case of an error, it is possible that something was still written
220 * to the flash media, but may be some garbage.
221 */
ubi_io_write(struct ubi_device * ubi,const void * buf,int pnum,int offset,int len)222 int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset,
223 int len)
224 {
225 int err;
226 size_t written;
227 loff_t addr;
228
229 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset);
230
231 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
232 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
233 ubi_assert(offset % ubi->hdrs_min_io_size == 0);
234 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0);
235
236 if (ubi->ro_mode) {
237 ubi_err(ubi, "read-only mode");
238 return -EROFS;
239 }
240
241 err = self_check_not_bad(ubi, pnum);
242 if (err)
243 return err;
244
245 /* The area we are writing to has to contain all 0xFF bytes */
246 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
247 if (err)
248 return err;
249
250 if (offset >= ubi->leb_start) {
251 /*
252 * We write to the data area of the physical eraseblock. Make
253 * sure it has valid EC and VID headers.
254 */
255 err = self_check_peb_ec_hdr(ubi, pnum);
256 if (err)
257 return err;
258 err = self_check_peb_vid_hdr(ubi, pnum);
259 if (err)
260 return err;
261 }
262
263 if (ubi_dbg_is_write_failure(ubi)) {
264 ubi_err(ubi, "cannot write %d bytes to PEB %d:%d (emulated)",
265 len, pnum, offset);
266 dump_stack();
267 return -EIO;
268 }
269
270 addr = (loff_t)pnum * ubi->peb_size + offset;
271 err = mtd_write(ubi->mtd, addr, len, &written, buf);
272 if (err) {
273 ubi_err(ubi, "error %d while writing %d bytes to PEB %d:%d, written %zd bytes",
274 err, len, pnum, offset, written);
275 dump_stack();
276 ubi_dump_flash(ubi, pnum, offset, len);
277 } else
278 ubi_assert(written == len);
279
280 if (!err) {
281 err = self_check_write(ubi, buf, pnum, offset, len);
282 if (err)
283 return err;
284
285 /*
286 * Since we always write sequentially, the rest of the PEB has
287 * to contain only 0xFF bytes.
288 */
289 offset += len;
290 len = ubi->peb_size - offset;
291 if (len)
292 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
293 }
294
295 return err;
296 }
297
298 /**
299 * do_sync_erase - synchronously erase a physical eraseblock.
300 * @ubi: UBI device description object
301 * @pnum: the physical eraseblock number to erase
302 *
303 * This function synchronously erases physical eraseblock @pnum and returns
304 * zero in case of success and a negative error code in case of failure. If
305 * %-EIO is returned, the physical eraseblock most probably went bad.
306 */
do_sync_erase(struct ubi_device * ubi,int pnum)307 static int do_sync_erase(struct ubi_device *ubi, int pnum)
308 {
309 int err, retries = 0;
310 struct erase_info ei;
311
312 dbg_io("erase PEB %d", pnum);
313 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
314
315 if (ubi->ro_mode) {
316 ubi_err(ubi, "read-only mode");
317 return -EROFS;
318 }
319
320 retry:
321 memset(&ei, 0, sizeof(struct erase_info));
322
323 ei.addr = (loff_t)pnum * ubi->peb_size;
324 ei.len = ubi->peb_size;
325
326 err = mtd_erase(ubi->mtd, &ei);
327 if (err) {
328 if (retries++ < UBI_IO_RETRIES) {
329 ubi_warn(ubi, "error %d while erasing PEB %d, retry",
330 err, pnum);
331 yield();
332 goto retry;
333 }
334 ubi_err(ubi, "cannot erase PEB %d, error %d", pnum, err);
335 dump_stack();
336 return err;
337 }
338
339 err = ubi_self_check_all_ff(ubi, pnum, 0, ubi->peb_size);
340 if (err)
341 return err;
342
343 if (ubi_dbg_is_erase_failure(ubi)) {
344 ubi_err(ubi, "cannot erase PEB %d (emulated)", pnum);
345 return -EIO;
346 }
347
348 return 0;
349 }
350
351 /* Patterns to write to a physical eraseblock when torturing it */
352 static uint8_t patterns[] = {0xa5, 0x5a, 0x0};
353
354 /**
355 * torture_peb - test a supposedly bad physical eraseblock.
356 * @ubi: UBI device description object
357 * @pnum: the physical eraseblock number to test
358 *
359 * This function returns %-EIO if the physical eraseblock did not pass the
360 * test, a positive number of erase operations done if the test was
361 * successfully passed, and other negative error codes in case of other errors.
362 */
torture_peb(struct ubi_device * ubi,int pnum)363 static int torture_peb(struct ubi_device *ubi, int pnum)
364 {
365 int err, i, patt_count;
366
367 ubi_msg(ubi, "run torture test for PEB %d", pnum);
368 patt_count = ARRAY_SIZE(patterns);
369 ubi_assert(patt_count > 0);
370
371 mutex_lock(&ubi->buf_mutex);
372 for (i = 0; i < patt_count; i++) {
373 err = do_sync_erase(ubi, pnum);
374 if (err)
375 goto out;
376
377 /* Make sure the PEB contains only 0xFF bytes */
378 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
379 if (err)
380 goto out;
381
382 err = ubi_check_pattern(ubi->peb_buf, 0xFF, ubi->peb_size);
383 if (err == 0) {
384 ubi_err(ubi, "erased PEB %d, but a non-0xFF byte found",
385 pnum);
386 err = -EIO;
387 goto out;
388 }
389
390 /* Write a pattern and check it */
391 memset(ubi->peb_buf, patterns[i], ubi->peb_size);
392 err = ubi_io_write(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
393 if (err)
394 goto out;
395
396 memset(ubi->peb_buf, ~patterns[i], ubi->peb_size);
397 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
398 if (err)
399 goto out;
400
401 err = ubi_check_pattern(ubi->peb_buf, patterns[i],
402 ubi->peb_size);
403 if (err == 0) {
404 ubi_err(ubi, "pattern %x checking failed for PEB %d",
405 patterns[i], pnum);
406 err = -EIO;
407 goto out;
408 }
409 }
410
411 err = patt_count;
412 ubi_msg(ubi, "PEB %d passed torture test, do not mark it as bad", pnum);
413
414 out:
415 mutex_unlock(&ubi->buf_mutex);
416 if (err == UBI_IO_BITFLIPS || mtd_is_eccerr(err)) {
417 /*
418 * If a bit-flip or data integrity error was detected, the test
419 * has not passed because it happened on a freshly erased
420 * physical eraseblock which means something is wrong with it.
421 */
422 ubi_err(ubi, "read problems on freshly erased PEB %d, must be bad",
423 pnum);
424 err = -EIO;
425 }
426 return err;
427 }
428
429 /**
430 * nor_erase_prepare - prepare a NOR flash PEB for erasure.
431 * @ubi: UBI device description object
432 * @pnum: physical eraseblock number to prepare
433 *
434 * NOR flash, or at least some of them, have peculiar embedded PEB erasure
435 * algorithm: the PEB is first filled with zeroes, then it is erased. And
436 * filling with zeroes starts from the end of the PEB. This was observed with
437 * Spansion S29GL512N NOR flash.
438 *
439 * This means that in case of a power cut we may end up with intact data at the
440 * beginning of the PEB, and all zeroes at the end of PEB. In other words, the
441 * EC and VID headers are OK, but a large chunk of data at the end of PEB is
442 * zeroed. This makes UBI mistakenly treat this PEB as used and associate it
443 * with an LEB, which leads to subsequent failures (e.g., UBIFS fails).
444 *
445 * This function is called before erasing NOR PEBs and it zeroes out EC and VID
446 * magic numbers in order to invalidate them and prevent the failures. Returns
447 * zero in case of success and a negative error code in case of failure.
448 */
nor_erase_prepare(struct ubi_device * ubi,int pnum)449 static int nor_erase_prepare(struct ubi_device *ubi, int pnum)
450 {
451 int err;
452 size_t written;
453 loff_t addr;
454 uint32_t data = 0;
455 struct ubi_ec_hdr ec_hdr;
456 struct ubi_vid_io_buf vidb;
457
458 /*
459 * Note, we cannot generally define VID header buffers on stack,
460 * because of the way we deal with these buffers (see the header
461 * comment in this file). But we know this is a NOR-specific piece of
462 * code, so we can do this. But yes, this is error-prone and we should
463 * (pre-)allocate VID header buffer instead.
464 */
465 struct ubi_vid_hdr vid_hdr;
466
467 /*
468 * If VID or EC is valid, we have to corrupt them before erasing.
469 * It is important to first invalidate the EC header, and then the VID
470 * header. Otherwise a power cut may lead to valid EC header and
471 * invalid VID header, in which case UBI will treat this PEB as
472 * corrupted and will try to preserve it, and print scary warnings.
473 */
474 addr = (loff_t)pnum * ubi->peb_size;
475 err = ubi_io_read_ec_hdr(ubi, pnum, &ec_hdr, 0);
476 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
477 err != UBI_IO_FF){
478 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
479 if(err)
480 goto error;
481 }
482
483 ubi_init_vid_buf(ubi, &vidb, &vid_hdr);
484 ubi_assert(&vid_hdr == ubi_get_vid_hdr(&vidb));
485
486 err = ubi_io_read_vid_hdr(ubi, pnum, &vidb, 0);
487 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
488 err != UBI_IO_FF){
489 addr += ubi->vid_hdr_aloffset;
490 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
491 if (err)
492 goto error;
493 }
494 return 0;
495
496 error:
497 /*
498 * The PEB contains a valid VID or EC header, but we cannot invalidate
499 * it. Supposedly the flash media or the driver is screwed up, so
500 * return an error.
501 */
502 ubi_err(ubi, "cannot invalidate PEB %d, write returned %d", pnum, err);
503 ubi_dump_flash(ubi, pnum, 0, ubi->peb_size);
504 return -EIO;
505 }
506
507 /**
508 * ubi_io_sync_erase - synchronously erase a physical eraseblock.
509 * @ubi: UBI device description object
510 * @pnum: physical eraseblock number to erase
511 * @torture: if this physical eraseblock has to be tortured
512 *
513 * This function synchronously erases physical eraseblock @pnum. If @torture
514 * flag is not zero, the physical eraseblock is checked by means of writing
515 * different patterns to it and reading them back. If the torturing is enabled,
516 * the physical eraseblock is erased more than once.
517 *
518 * This function returns the number of erasures made in case of success, %-EIO
519 * if the erasure failed or the torturing test failed, and other negative error
520 * codes in case of other errors. Note, %-EIO means that the physical
521 * eraseblock is bad.
522 */
ubi_io_sync_erase(struct ubi_device * ubi,int pnum,int torture)523 int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture)
524 {
525 int err, ret = 0;
526
527 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
528
529 err = self_check_not_bad(ubi, pnum);
530 if (err != 0)
531 return err;
532
533 if (ubi->ro_mode) {
534 ubi_err(ubi, "read-only mode");
535 return -EROFS;
536 }
537
538 if (ubi->nor_flash) {
539 err = nor_erase_prepare(ubi, pnum);
540 if (err)
541 return err;
542 }
543
544 if (torture) {
545 ret = torture_peb(ubi, pnum);
546 if (ret < 0)
547 return ret;
548 }
549
550 err = do_sync_erase(ubi, pnum);
551 if (err)
552 return err;
553
554 return ret + 1;
555 }
556
557 /**
558 * ubi_io_is_bad - check if a physical eraseblock is bad.
559 * @ubi: UBI device description object
560 * @pnum: the physical eraseblock number to check
561 *
562 * This function returns a positive number if the physical eraseblock is bad,
563 * zero if not, and a negative error code if an error occurred.
564 */
ubi_io_is_bad(const struct ubi_device * ubi,int pnum)565 int ubi_io_is_bad(const struct ubi_device *ubi, int pnum)
566 {
567 struct mtd_info *mtd = ubi->mtd;
568
569 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
570
571 if (ubi->bad_allowed) {
572 int ret;
573
574 ret = mtd_block_isbad(mtd, (loff_t)pnum * ubi->peb_size);
575 if (ret < 0)
576 ubi_err(ubi, "error %d while checking if PEB %d is bad",
577 ret, pnum);
578 else if (ret)
579 dbg_io("PEB %d is bad", pnum);
580 return ret;
581 }
582
583 return 0;
584 }
585
586 /**
587 * ubi_io_mark_bad - mark a physical eraseblock as bad.
588 * @ubi: UBI device description object
589 * @pnum: the physical eraseblock number to mark
590 *
591 * This function returns zero in case of success and a negative error code in
592 * case of failure.
593 */
ubi_io_mark_bad(const struct ubi_device * ubi,int pnum)594 int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum)
595 {
596 int err;
597 struct mtd_info *mtd = ubi->mtd;
598
599 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
600
601 if (ubi->ro_mode) {
602 ubi_err(ubi, "read-only mode");
603 return -EROFS;
604 }
605
606 if (!ubi->bad_allowed)
607 return 0;
608
609 err = mtd_block_markbad(mtd, (loff_t)pnum * ubi->peb_size);
610 if (err)
611 ubi_err(ubi, "cannot mark PEB %d bad, error %d", pnum, err);
612 return err;
613 }
614
615 /**
616 * validate_ec_hdr - validate an erase counter header.
617 * @ubi: UBI device description object
618 * @ec_hdr: the erase counter header to check
619 *
620 * This function returns zero if the erase counter header is OK, and %1 if
621 * not.
622 */
validate_ec_hdr(const struct ubi_device * ubi,const struct ubi_ec_hdr * ec_hdr)623 static int validate_ec_hdr(const struct ubi_device *ubi,
624 const struct ubi_ec_hdr *ec_hdr)
625 {
626 long long ec;
627 int vid_hdr_offset, leb_start;
628
629 ec = be64_to_cpu(ec_hdr->ec);
630 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset);
631 leb_start = be32_to_cpu(ec_hdr->data_offset);
632
633 if (ec_hdr->version != UBI_VERSION) {
634 ubi_err(ubi, "node with incompatible UBI version found: this UBI version is %d, image version is %d",
635 UBI_VERSION, (int)ec_hdr->version);
636 goto bad;
637 }
638
639 if (vid_hdr_offset != ubi->vid_hdr_offset) {
640 ubi_err(ubi, "bad VID header offset %d, expected %d",
641 vid_hdr_offset, ubi->vid_hdr_offset);
642 goto bad;
643 }
644
645 if (leb_start != ubi->leb_start) {
646 ubi_err(ubi, "bad data offset %d, expected %d",
647 leb_start, ubi->leb_start);
648 goto bad;
649 }
650
651 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) {
652 ubi_err(ubi, "bad erase counter %lld", ec);
653 goto bad;
654 }
655
656 return 0;
657
658 bad:
659 ubi_err(ubi, "bad EC header");
660 ubi_dump_ec_hdr(ec_hdr);
661 dump_stack();
662 return 1;
663 }
664
665 /**
666 * ubi_io_read_ec_hdr - read and check an erase counter header.
667 * @ubi: UBI device description object
668 * @pnum: physical eraseblock to read from
669 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter
670 * header
671 * @verbose: be verbose if the header is corrupted or was not found
672 *
673 * This function reads erase counter header from physical eraseblock @pnum and
674 * stores it in @ec_hdr. This function also checks CRC checksum of the read
675 * erase counter header. The following codes may be returned:
676 *
677 * o %0 if the CRC checksum is correct and the header was successfully read;
678 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected
679 * and corrected by the flash driver; this is harmless but may indicate that
680 * this eraseblock may become bad soon (but may be not);
681 * o %UBI_IO_BAD_HDR if the erase counter header is corrupted (a CRC error);
682 * o %UBI_IO_BAD_HDR_EBADMSG is the same as %UBI_IO_BAD_HDR, but there also was
683 * a data integrity error (uncorrectable ECC error in case of NAND);
684 * o %UBI_IO_FF if only 0xFF bytes were read (the PEB is supposedly empty)
685 * o a negative error code in case of failure.
686 */
ubi_io_read_ec_hdr(struct ubi_device * ubi,int pnum,struct ubi_ec_hdr * ec_hdr,int verbose)687 int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum,
688 struct ubi_ec_hdr *ec_hdr, int verbose)
689 {
690 int err, read_err;
691 uint32_t crc, magic, hdr_crc;
692
693 dbg_io("read EC header from PEB %d", pnum);
694 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
695
696 read_err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
697 if (read_err) {
698 if (read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
699 return read_err;
700
701 /*
702 * We read all the data, but either a correctable bit-flip
703 * occurred, or MTD reported a data integrity error
704 * (uncorrectable ECC error in case of NAND). The former is
705 * harmless, the later may mean that the read data is
706 * corrupted. But we have a CRC check-sum and we will detect
707 * this. If the EC header is still OK, we just report this as
708 * there was a bit-flip, to force scrubbing.
709 */
710 }
711
712 magic = be32_to_cpu(ec_hdr->magic);
713 if (magic != UBI_EC_HDR_MAGIC) {
714 if (mtd_is_eccerr(read_err))
715 return UBI_IO_BAD_HDR_EBADMSG;
716
717 /*
718 * The magic field is wrong. Let's check if we have read all
719 * 0xFF. If yes, this physical eraseblock is assumed to be
720 * empty.
721 */
722 if (ubi_check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) {
723 /* The physical eraseblock is supposedly empty */
724 if (verbose)
725 ubi_warn(ubi, "no EC header found at PEB %d, only 0xFF bytes",
726 pnum);
727 dbg_bld("no EC header found at PEB %d, only 0xFF bytes",
728 pnum);
729 if (!read_err)
730 return UBI_IO_FF;
731 else
732 return UBI_IO_FF_BITFLIPS;
733 }
734
735 /*
736 * This is not a valid erase counter header, and these are not
737 * 0xFF bytes. Report that the header is corrupted.
738 */
739 if (verbose) {
740 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
741 pnum, magic, UBI_EC_HDR_MAGIC);
742 ubi_dump_ec_hdr(ec_hdr);
743 }
744 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
745 pnum, magic, UBI_EC_HDR_MAGIC);
746 return UBI_IO_BAD_HDR;
747 }
748
749 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
750 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
751
752 if (hdr_crc != crc) {
753 if (verbose) {
754 ubi_warn(ubi, "bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
755 pnum, crc, hdr_crc);
756 ubi_dump_ec_hdr(ec_hdr);
757 }
758 dbg_bld("bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
759 pnum, crc, hdr_crc);
760
761 if (!read_err)
762 return UBI_IO_BAD_HDR;
763 else
764 return UBI_IO_BAD_HDR_EBADMSG;
765 }
766
767 /* And of course validate what has just been read from the media */
768 err = validate_ec_hdr(ubi, ec_hdr);
769 if (err) {
770 ubi_err(ubi, "validation failed for PEB %d", pnum);
771 return -EINVAL;
772 }
773
774 /*
775 * If there was %-EBADMSG, but the header CRC is still OK, report about
776 * a bit-flip to force scrubbing on this PEB.
777 */
778 return read_err ? UBI_IO_BITFLIPS : 0;
779 }
780
781 /**
782 * ubi_io_write_ec_hdr - write an erase counter header.
783 * @ubi: UBI device description object
784 * @pnum: physical eraseblock to write to
785 * @ec_hdr: the erase counter header to write
786 *
787 * This function writes erase counter header described by @ec_hdr to physical
788 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so
789 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec
790 * field.
791 *
792 * This function returns zero in case of success and a negative error code in
793 * case of failure. If %-EIO is returned, the physical eraseblock most probably
794 * went bad.
795 */
ubi_io_write_ec_hdr(struct ubi_device * ubi,int pnum,struct ubi_ec_hdr * ec_hdr)796 int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum,
797 struct ubi_ec_hdr *ec_hdr)
798 {
799 int err;
800 uint32_t crc;
801
802 dbg_io("write EC header to PEB %d", pnum);
803 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
804
805 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC);
806 ec_hdr->version = UBI_VERSION;
807 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset);
808 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start);
809 ec_hdr->image_seq = cpu_to_be32(ubi->image_seq);
810 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
811 ec_hdr->hdr_crc = cpu_to_be32(crc);
812
813 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
814 if (err)
815 return err;
816
817 if (ubi_dbg_power_cut(ubi, POWER_CUT_EC_WRITE))
818 return -EROFS;
819
820 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize);
821 return err;
822 }
823
824 /**
825 * validate_vid_hdr - validate a volume identifier header.
826 * @ubi: UBI device description object
827 * @vid_hdr: the volume identifier header to check
828 *
829 * This function checks that data stored in the volume identifier header
830 * @vid_hdr. Returns zero if the VID header is OK and %1 if not.
831 */
validate_vid_hdr(const struct ubi_device * ubi,const struct ubi_vid_hdr * vid_hdr)832 static int validate_vid_hdr(const struct ubi_device *ubi,
833 const struct ubi_vid_hdr *vid_hdr)
834 {
835 int vol_type = vid_hdr->vol_type;
836 int copy_flag = vid_hdr->copy_flag;
837 int vol_id = be32_to_cpu(vid_hdr->vol_id);
838 int lnum = be32_to_cpu(vid_hdr->lnum);
839 int compat = vid_hdr->compat;
840 int data_size = be32_to_cpu(vid_hdr->data_size);
841 int used_ebs = be32_to_cpu(vid_hdr->used_ebs);
842 int data_pad = be32_to_cpu(vid_hdr->data_pad);
843 int data_crc = be32_to_cpu(vid_hdr->data_crc);
844 int usable_leb_size = ubi->leb_size - data_pad;
845
846 if (copy_flag != 0 && copy_flag != 1) {
847 ubi_err(ubi, "bad copy_flag");
848 goto bad;
849 }
850
851 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 ||
852 data_pad < 0) {
853 ubi_err(ubi, "negative values");
854 goto bad;
855 }
856
857 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) {
858 ubi_err(ubi, "bad vol_id");
859 goto bad;
860 }
861
862 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) {
863 ubi_err(ubi, "bad compat");
864 goto bad;
865 }
866
867 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE &&
868 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE &&
869 compat != UBI_COMPAT_REJECT) {
870 ubi_err(ubi, "bad compat");
871 goto bad;
872 }
873
874 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) {
875 ubi_err(ubi, "bad vol_type");
876 goto bad;
877 }
878
879 if (data_pad >= ubi->leb_size / 2) {
880 ubi_err(ubi, "bad data_pad");
881 goto bad;
882 }
883
884 if (data_size > ubi->leb_size) {
885 ubi_err(ubi, "bad data_size");
886 goto bad;
887 }
888
889 if (vol_type == UBI_VID_STATIC) {
890 /*
891 * Although from high-level point of view static volumes may
892 * contain zero bytes of data, but no VID headers can contain
893 * zero at these fields, because they empty volumes do not have
894 * mapped logical eraseblocks.
895 */
896 if (used_ebs == 0) {
897 ubi_err(ubi, "zero used_ebs");
898 goto bad;
899 }
900 if (data_size == 0) {
901 ubi_err(ubi, "zero data_size");
902 goto bad;
903 }
904 if (lnum < used_ebs - 1) {
905 if (data_size != usable_leb_size) {
906 ubi_err(ubi, "bad data_size");
907 goto bad;
908 }
909 } else if (lnum == used_ebs - 1) {
910 if (data_size == 0) {
911 ubi_err(ubi, "bad data_size at last LEB");
912 goto bad;
913 }
914 } else {
915 ubi_err(ubi, "too high lnum");
916 goto bad;
917 }
918 } else {
919 if (copy_flag == 0) {
920 if (data_crc != 0) {
921 ubi_err(ubi, "non-zero data CRC");
922 goto bad;
923 }
924 if (data_size != 0) {
925 ubi_err(ubi, "non-zero data_size");
926 goto bad;
927 }
928 } else {
929 if (data_size == 0) {
930 ubi_err(ubi, "zero data_size of copy");
931 goto bad;
932 }
933 }
934 if (used_ebs != 0) {
935 ubi_err(ubi, "bad used_ebs");
936 goto bad;
937 }
938 }
939
940 return 0;
941
942 bad:
943 ubi_err(ubi, "bad VID header");
944 ubi_dump_vid_hdr(vid_hdr);
945 dump_stack();
946 return 1;
947 }
948
949 /**
950 * ubi_io_read_vid_hdr - read and check a volume identifier header.
951 * @ubi: UBI device description object
952 * @pnum: physical eraseblock number to read from
953 * @vidb: the volume identifier buffer to store data in
954 * @verbose: be verbose if the header is corrupted or wasn't found
955 *
956 * This function reads the volume identifier header from physical eraseblock
957 * @pnum and stores it in @vidb. It also checks CRC checksum of the read
958 * volume identifier header. The error codes are the same as in
959 * 'ubi_io_read_ec_hdr()'.
960 *
961 * Note, the implementation of this function is also very similar to
962 * 'ubi_io_read_ec_hdr()', so refer commentaries in 'ubi_io_read_ec_hdr()'.
963 */
ubi_io_read_vid_hdr(struct ubi_device * ubi,int pnum,struct ubi_vid_io_buf * vidb,int verbose)964 int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum,
965 struct ubi_vid_io_buf *vidb, int verbose)
966 {
967 int err, read_err;
968 uint32_t crc, magic, hdr_crc;
969 struct ubi_vid_hdr *vid_hdr = ubi_get_vid_hdr(vidb);
970 void *p = vidb->buffer;
971
972 dbg_io("read VID header from PEB %d", pnum);
973 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
974
975 read_err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
976 ubi->vid_hdr_shift + UBI_VID_HDR_SIZE);
977 if (read_err && read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
978 return read_err;
979
980 magic = be32_to_cpu(vid_hdr->magic);
981 if (magic != UBI_VID_HDR_MAGIC) {
982 if (mtd_is_eccerr(read_err))
983 return UBI_IO_BAD_HDR_EBADMSG;
984
985 if (ubi_check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) {
986 if (verbose)
987 ubi_warn(ubi, "no VID header found at PEB %d, only 0xFF bytes",
988 pnum);
989 dbg_bld("no VID header found at PEB %d, only 0xFF bytes",
990 pnum);
991 if (!read_err)
992 return UBI_IO_FF;
993 else
994 return UBI_IO_FF_BITFLIPS;
995 }
996
997 if (verbose) {
998 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
999 pnum, magic, UBI_VID_HDR_MAGIC);
1000 ubi_dump_vid_hdr(vid_hdr);
1001 }
1002 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
1003 pnum, magic, UBI_VID_HDR_MAGIC);
1004 return UBI_IO_BAD_HDR;
1005 }
1006
1007 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1008 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1009
1010 if (hdr_crc != crc) {
1011 if (verbose) {
1012 ubi_warn(ubi, "bad CRC at PEB %d, calculated %#08x, read %#08x",
1013 pnum, crc, hdr_crc);
1014 ubi_dump_vid_hdr(vid_hdr);
1015 }
1016 dbg_bld("bad CRC at PEB %d, calculated %#08x, read %#08x",
1017 pnum, crc, hdr_crc);
1018 if (!read_err)
1019 return UBI_IO_BAD_HDR;
1020 else
1021 return UBI_IO_BAD_HDR_EBADMSG;
1022 }
1023
1024 err = validate_vid_hdr(ubi, vid_hdr);
1025 if (err) {
1026 ubi_err(ubi, "validation failed for PEB %d", pnum);
1027 return -EINVAL;
1028 }
1029
1030 return read_err ? UBI_IO_BITFLIPS : 0;
1031 }
1032
1033 /**
1034 * ubi_io_write_vid_hdr - write a volume identifier header.
1035 * @ubi: UBI device description object
1036 * @pnum: the physical eraseblock number to write to
1037 * @vidb: the volume identifier buffer to write
1038 *
1039 * This function writes the volume identifier header described by @vid_hdr to
1040 * physical eraseblock @pnum. This function automatically fills the
1041 * @vidb->hdr->magic and the @vidb->hdr->version fields, as well as calculates
1042 * header CRC checksum and stores it at vidb->hdr->hdr_crc.
1043 *
1044 * This function returns zero in case of success and a negative error code in
1045 * case of failure. If %-EIO is returned, the physical eraseblock probably went
1046 * bad.
1047 */
ubi_io_write_vid_hdr(struct ubi_device * ubi,int pnum,struct ubi_vid_io_buf * vidb)1048 int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum,
1049 struct ubi_vid_io_buf *vidb)
1050 {
1051 struct ubi_vid_hdr *vid_hdr = ubi_get_vid_hdr(vidb);
1052 int err;
1053 uint32_t crc;
1054 void *p = vidb->buffer;
1055
1056 dbg_io("write VID header to PEB %d", pnum);
1057 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1058
1059 err = self_check_peb_ec_hdr(ubi, pnum);
1060 if (err)
1061 return err;
1062
1063 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC);
1064 vid_hdr->version = UBI_VERSION;
1065 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1066 vid_hdr->hdr_crc = cpu_to_be32(crc);
1067
1068 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1069 if (err)
1070 return err;
1071
1072 if (ubi_dbg_power_cut(ubi, POWER_CUT_VID_WRITE))
1073 return -EROFS;
1074
1075 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset,
1076 ubi->vid_hdr_alsize);
1077 return err;
1078 }
1079
1080 /**
1081 * self_check_not_bad - ensure that a physical eraseblock is not bad.
1082 * @ubi: UBI device description object
1083 * @pnum: physical eraseblock number to check
1084 *
1085 * This function returns zero if the physical eraseblock is good, %-EINVAL if
1086 * it is bad and a negative error code if an error occurred.
1087 */
self_check_not_bad(const struct ubi_device * ubi,int pnum)1088 static int self_check_not_bad(const struct ubi_device *ubi, int pnum)
1089 {
1090 int err;
1091
1092 if (!ubi_dbg_chk_io(ubi))
1093 return 0;
1094
1095 err = ubi_io_is_bad(ubi, pnum);
1096 if (!err)
1097 return err;
1098
1099 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1100 dump_stack();
1101 return err > 0 ? -EINVAL : err;
1102 }
1103
1104 /**
1105 * self_check_ec_hdr - check if an erase counter header is all right.
1106 * @ubi: UBI device description object
1107 * @pnum: physical eraseblock number the erase counter header belongs to
1108 * @ec_hdr: the erase counter header to check
1109 *
1110 * This function returns zero if the erase counter header contains valid
1111 * values, and %-EINVAL if not.
1112 */
self_check_ec_hdr(const struct ubi_device * ubi,int pnum,const struct ubi_ec_hdr * ec_hdr)1113 static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
1114 const struct ubi_ec_hdr *ec_hdr)
1115 {
1116 int err;
1117 uint32_t magic;
1118
1119 if (!ubi_dbg_chk_io(ubi))
1120 return 0;
1121
1122 magic = be32_to_cpu(ec_hdr->magic);
1123 if (magic != UBI_EC_HDR_MAGIC) {
1124 ubi_err(ubi, "bad magic %#08x, must be %#08x",
1125 magic, UBI_EC_HDR_MAGIC);
1126 goto fail;
1127 }
1128
1129 err = validate_ec_hdr(ubi, ec_hdr);
1130 if (err) {
1131 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1132 goto fail;
1133 }
1134
1135 return 0;
1136
1137 fail:
1138 ubi_dump_ec_hdr(ec_hdr);
1139 dump_stack();
1140 return -EINVAL;
1141 }
1142
1143 /**
1144 * self_check_peb_ec_hdr - check erase counter header.
1145 * @ubi: UBI device description object
1146 * @pnum: the physical eraseblock number to check
1147 *
1148 * This function returns zero if the erase counter header is all right and and
1149 * a negative error code if not or if an error occurred.
1150 */
self_check_peb_ec_hdr(const struct ubi_device * ubi,int pnum)1151 static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum)
1152 {
1153 int err;
1154 uint32_t crc, hdr_crc;
1155 struct ubi_ec_hdr *ec_hdr;
1156
1157 if (!ubi_dbg_chk_io(ubi))
1158 return 0;
1159
1160 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS);
1161 if (!ec_hdr)
1162 return -ENOMEM;
1163
1164 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
1165 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1166 goto exit;
1167
1168 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
1169 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
1170 if (hdr_crc != crc) {
1171 ubi_err(ubi, "bad CRC, calculated %#08x, read %#08x",
1172 crc, hdr_crc);
1173 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1174 ubi_dump_ec_hdr(ec_hdr);
1175 dump_stack();
1176 err = -EINVAL;
1177 goto exit;
1178 }
1179
1180 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
1181
1182 exit:
1183 kfree(ec_hdr);
1184 return err;
1185 }
1186
1187 /**
1188 * self_check_vid_hdr - check that a volume identifier header is all right.
1189 * @ubi: UBI device description object
1190 * @pnum: physical eraseblock number the volume identifier header belongs to
1191 * @vid_hdr: the volume identifier header to check
1192 *
1193 * This function returns zero if the volume identifier header is all right, and
1194 * %-EINVAL if not.
1195 */
self_check_vid_hdr(const struct ubi_device * ubi,int pnum,const struct ubi_vid_hdr * vid_hdr)1196 static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
1197 const struct ubi_vid_hdr *vid_hdr)
1198 {
1199 int err;
1200 uint32_t magic;
1201
1202 if (!ubi_dbg_chk_io(ubi))
1203 return 0;
1204
1205 magic = be32_to_cpu(vid_hdr->magic);
1206 if (magic != UBI_VID_HDR_MAGIC) {
1207 ubi_err(ubi, "bad VID header magic %#08x at PEB %d, must be %#08x",
1208 magic, pnum, UBI_VID_HDR_MAGIC);
1209 goto fail;
1210 }
1211
1212 err = validate_vid_hdr(ubi, vid_hdr);
1213 if (err) {
1214 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1215 goto fail;
1216 }
1217
1218 return err;
1219
1220 fail:
1221 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1222 ubi_dump_vid_hdr(vid_hdr);
1223 dump_stack();
1224 return -EINVAL;
1225
1226 }
1227
1228 /**
1229 * self_check_peb_vid_hdr - check volume identifier header.
1230 * @ubi: UBI device description object
1231 * @pnum: the physical eraseblock number to check
1232 *
1233 * This function returns zero if the volume identifier header is all right,
1234 * and a negative error code if not or if an error occurred.
1235 */
self_check_peb_vid_hdr(const struct ubi_device * ubi,int pnum)1236 static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum)
1237 {
1238 int err;
1239 uint32_t crc, hdr_crc;
1240 struct ubi_vid_io_buf *vidb;
1241 struct ubi_vid_hdr *vid_hdr;
1242 void *p;
1243
1244 if (!ubi_dbg_chk_io(ubi))
1245 return 0;
1246
1247 vidb = ubi_alloc_vid_buf(ubi, GFP_NOFS);
1248 if (!vidb)
1249 return -ENOMEM;
1250
1251 vid_hdr = ubi_get_vid_hdr(vidb);
1252 p = vidb->buffer;
1253 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1254 ubi->vid_hdr_alsize);
1255 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1256 goto exit;
1257
1258 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1259 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1260 if (hdr_crc != crc) {
1261 ubi_err(ubi, "bad VID header CRC at PEB %d, calculated %#08x, read %#08x",
1262 pnum, crc, hdr_crc);
1263 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1264 ubi_dump_vid_hdr(vid_hdr);
1265 dump_stack();
1266 err = -EINVAL;
1267 goto exit;
1268 }
1269
1270 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1271
1272 exit:
1273 ubi_free_vid_buf(vidb);
1274 return err;
1275 }
1276
1277 /**
1278 * self_check_write - make sure write succeeded.
1279 * @ubi: UBI device description object
1280 * @buf: buffer with data which were written
1281 * @pnum: physical eraseblock number the data were written to
1282 * @offset: offset within the physical eraseblock the data were written to
1283 * @len: how many bytes were written
1284 *
1285 * This functions reads data which were recently written and compares it with
1286 * the original data buffer - the data have to match. Returns zero if the data
1287 * match and a negative error code if not or in case of failure.
1288 */
self_check_write(struct ubi_device * ubi,const void * buf,int pnum,int offset,int len)1289 static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
1290 int offset, int len)
1291 {
1292 int err, i;
1293 size_t read;
1294 void *buf1;
1295 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1296
1297 if (!ubi_dbg_chk_io(ubi))
1298 return 0;
1299
1300 buf1 = __vmalloc(len, GFP_NOFS);
1301 if (!buf1) {
1302 ubi_err(ubi, "cannot allocate memory to check writes");
1303 return 0;
1304 }
1305
1306 err = mtd_read(ubi->mtd, addr, len, &read, buf1);
1307 if (err && !mtd_is_bitflip(err))
1308 goto out_free;
1309
1310 for (i = 0; i < len; i++) {
1311 uint8_t c = ((uint8_t *)buf)[i];
1312 uint8_t c1 = ((uint8_t *)buf1)[i];
1313 int dump_len;
1314
1315 if (c == c1)
1316 continue;
1317
1318 ubi_err(ubi, "self-check failed for PEB %d:%d, len %d",
1319 pnum, offset, len);
1320 ubi_msg(ubi, "data differ at position %d", i);
1321 dump_len = max_t(int, 128, len - i);
1322 ubi_msg(ubi, "hex dump of the original buffer from %d to %d",
1323 i, i + dump_len);
1324 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1325 buf + i, dump_len, 1);
1326 ubi_msg(ubi, "hex dump of the read buffer from %d to %d",
1327 i, i + dump_len);
1328 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1329 buf1 + i, dump_len, 1);
1330 dump_stack();
1331 err = -EINVAL;
1332 goto out_free;
1333 }
1334
1335 vfree(buf1);
1336 return 0;
1337
1338 out_free:
1339 vfree(buf1);
1340 return err;
1341 }
1342
1343 /**
1344 * ubi_self_check_all_ff - check that a region of flash is empty.
1345 * @ubi: UBI device description object
1346 * @pnum: the physical eraseblock number to check
1347 * @offset: the starting offset within the physical eraseblock to check
1348 * @len: the length of the region to check
1349 *
1350 * This function returns zero if only 0xFF bytes are present at offset
1351 * @offset of the physical eraseblock @pnum, and a negative error code if not
1352 * or if an error occurred.
1353 */
ubi_self_check_all_ff(struct ubi_device * ubi,int pnum,int offset,int len)1354 int ubi_self_check_all_ff(struct ubi_device *ubi, int pnum, int offset, int len)
1355 {
1356 size_t read;
1357 int err;
1358 void *buf;
1359 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1360
1361 if (!ubi_dbg_chk_io(ubi))
1362 return 0;
1363
1364 buf = __vmalloc(len, GFP_NOFS);
1365 if (!buf) {
1366 ubi_err(ubi, "cannot allocate memory to check for 0xFFs");
1367 return 0;
1368 }
1369
1370 err = mtd_read(ubi->mtd, addr, len, &read, buf);
1371 if (err && !mtd_is_bitflip(err)) {
1372 ubi_err(ubi, "err %d while reading %d bytes from PEB %d:%d, read %zd bytes",
1373 err, len, pnum, offset, read);
1374 goto error;
1375 }
1376
1377 err = ubi_check_pattern(buf, 0xFF, len);
1378 if (err == 0) {
1379 ubi_err(ubi, "flash region at PEB %d:%d, length %d does not contain all 0xFF bytes",
1380 pnum, offset, len);
1381 goto fail;
1382 }
1383
1384 vfree(buf);
1385 return 0;
1386
1387 fail:
1388 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1389 ubi_msg(ubi, "hex dump of the %d-%d region", offset, offset + len);
1390 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1, buf, len, 1);
1391 err = -EINVAL;
1392 error:
1393 dump_stack();
1394 vfree(buf);
1395 return err;
1396 }
1397