1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (c) International Business Machines Corp., 2006
4 * Copyright (c) Nokia Corporation, 2006, 2007
5 *
6 * Author: Artem Bityutskiy (Битюцкий Артём)
7 */
8
9 /*
10 * UBI input/output sub-system.
11 *
12 * This sub-system provides a uniform way to work with all kinds of the
13 * underlying MTD devices. It also implements handy functions for reading and
14 * writing UBI headers.
15 *
16 * We are trying to have a paranoid mindset and not to trust to what we read
17 * from the flash media in order to be more secure and robust. So this
18 * sub-system validates every single header it reads from the flash media.
19 *
20 * Some words about how the eraseblock headers are stored.
21 *
22 * The erase counter header is always stored at offset zero. By default, the
23 * VID header is stored after the EC header at the closest aligned offset
24 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID
25 * header at the closest aligned offset. But this default layout may be
26 * changed. For example, for different reasons (e.g., optimization) UBI may be
27 * asked to put the VID header at further offset, and even at an unaligned
28 * offset. Of course, if the offset of the VID header is unaligned, UBI adds
29 * proper padding in front of it. Data offset may also be changed but it has to
30 * be aligned.
31 *
32 * About minimal I/O units. In general, UBI assumes flash device model where
33 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1,
34 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the
35 * @ubi->mtd->writesize field. But as an exception, UBI admits use of another
36 * (smaller) minimal I/O unit size for EC and VID headers to make it possible
37 * to do different optimizations.
38 *
39 * This is extremely useful in case of NAND flashes which admit of several
40 * write operations to one NAND page. In this case UBI can fit EC and VID
41 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal
42 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still
43 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI
44 * users.
45 *
46 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so
47 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID
48 * headers.
49 *
50 * Q: why not just to treat sub-page as a minimal I/O unit of this flash
51 * device, e.g., make @ubi->min_io_size = 512 in the example above?
52 *
53 * A: because when writing a sub-page, MTD still writes a full 2K page but the
54 * bytes which are not relevant to the sub-page are 0xFF. So, basically,
55 * writing 4x512 sub-pages is 4 times slower than writing one 2KiB NAND page.
56 * Thus, we prefer to use sub-pages only for EC and VID headers.
57 *
58 * As it was noted above, the VID header may start at a non-aligned offset.
59 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page,
60 * the VID header may reside at offset 1984 which is the last 64 bytes of the
61 * last sub-page (EC header is always at offset zero). This causes some
62 * difficulties when reading and writing VID headers.
63 *
64 * Suppose we have a 64-byte buffer and we read a VID header at it. We change
65 * the data and want to write this VID header out. As we can only write in
66 * 512-byte chunks, we have to allocate one more buffer and copy our VID header
67 * to offset 448 of this buffer.
68 *
69 * The I/O sub-system does the following trick in order to avoid this extra
70 * copy. It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID
71 * header and returns a pointer to offset @ubi->vid_hdr_shift of this buffer.
72 * When the VID header is being written out, it shifts the VID header pointer
73 * back and writes the whole sub-page.
74 */
75
76 #include <linux/crc32.h>
77 #include <linux/err.h>
78 #include <linux/slab.h>
79 #include "ubi.h"
80
81 static int self_check_not_bad(const struct ubi_device *ubi, int pnum);
82 static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum);
83 static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
84 const struct ubi_ec_hdr *ec_hdr);
85 static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum);
86 static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
87 const struct ubi_vid_hdr *vid_hdr);
88 static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
89 int offset, int len);
90
91 /**
92 * ubi_io_read - read data from a physical eraseblock.
93 * @ubi: UBI device description object
94 * @buf: buffer where to store the read data
95 * @pnum: physical eraseblock number to read from
96 * @offset: offset within the physical eraseblock from where to read
97 * @len: how many bytes to read
98 *
99 * This function reads data from offset @offset of physical eraseblock @pnum
100 * and stores the read data in the @buf buffer. The following return codes are
101 * possible:
102 *
103 * o %0 if all the requested data were successfully read;
104 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but
105 * correctable bit-flips were detected; this is harmless but may indicate
106 * that this eraseblock may become bad soon (but do not have to);
107 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for
108 * example it can be an ECC error in case of NAND; this most probably means
109 * that the data is corrupted;
110 * o %-EIO if some I/O error occurred;
111 * o other negative error codes in case of other errors.
112 */
ubi_io_read(const struct ubi_device * ubi,void * buf,int pnum,int offset,int len)113 int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset,
114 int len)
115 {
116 int err, retries = 0;
117 size_t read;
118 loff_t addr;
119
120 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset);
121
122 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
123 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
124 ubi_assert(len > 0);
125
126 err = self_check_not_bad(ubi, pnum);
127 if (err)
128 return err;
129
130 /*
131 * Deliberately corrupt the buffer to improve robustness. Indeed, if we
132 * do not do this, the following may happen:
133 * 1. The buffer contains data from previous operation, e.g., read from
134 * another PEB previously. The data looks like expected, e.g., if we
135 * just do not read anything and return - the caller would not
136 * notice this. E.g., if we are reading a VID header, the buffer may
137 * contain a valid VID header from another PEB.
138 * 2. The driver is buggy and returns us success or -EBADMSG or
139 * -EUCLEAN, but it does not actually put any data to the buffer.
140 *
141 * This may confuse UBI or upper layers - they may think the buffer
142 * contains valid data while in fact it is just old data. This is
143 * especially possible because UBI (and UBIFS) relies on CRC, and
144 * treats data as correct even in case of ECC errors if the CRC is
145 * correct.
146 *
147 * Try to prevent this situation by changing the first byte of the
148 * buffer.
149 */
150 *((uint8_t *)buf) ^= 0xFF;
151
152 addr = (loff_t)pnum * ubi->peb_size + offset;
153 retry:
154 err = mtd_read(ubi->mtd, addr, len, &read, buf);
155 if (err) {
156 const char *errstr = mtd_is_eccerr(err) ? " (ECC error)" : "";
157
158 if (mtd_is_bitflip(err)) {
159 /*
160 * -EUCLEAN is reported if there was a bit-flip which
161 * was corrected, so this is harmless.
162 *
163 * We do not report about it here unless debugging is
164 * enabled. A corresponding message will be printed
165 * later, when it is has been scrubbed.
166 */
167 ubi_msg(ubi, "fixable bit-flip detected at PEB %d",
168 pnum);
169 ubi_assert(len == read);
170 return UBI_IO_BITFLIPS;
171 }
172
173 if (retries++ < UBI_IO_RETRIES) {
174 ubi_warn(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read only %zd bytes, retry",
175 err, errstr, len, pnum, offset, read);
176 yield();
177 goto retry;
178 }
179
180 ubi_err(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read %zd bytes",
181 err, errstr, len, pnum, offset, read);
182 dump_stack();
183
184 /*
185 * The driver should never return -EBADMSG if it failed to read
186 * all the requested data. But some buggy drivers might do
187 * this, so we change it to -EIO.
188 */
189 if (read != len && mtd_is_eccerr(err)) {
190 ubi_assert(0);
191 err = -EIO;
192 }
193 } else {
194 ubi_assert(len == read);
195
196 if (ubi_dbg_is_bitflip(ubi)) {
197 dbg_gen("bit-flip (emulated)");
198 err = UBI_IO_BITFLIPS;
199 }
200 }
201
202 return err;
203 }
204
205 /**
206 * ubi_io_write - write data to a physical eraseblock.
207 * @ubi: UBI device description object
208 * @buf: buffer with the data to write
209 * @pnum: physical eraseblock number to write to
210 * @offset: offset within the physical eraseblock where to write
211 * @len: how many bytes to write
212 *
213 * This function writes @len bytes of data from buffer @buf to offset @offset
214 * of physical eraseblock @pnum. If all the data were successfully written,
215 * zero is returned. If an error occurred, this function returns a negative
216 * error code. If %-EIO is returned, the physical eraseblock most probably went
217 * bad.
218 *
219 * Note, in case of an error, it is possible that something was still written
220 * to the flash media, but may be some garbage.
221 */
ubi_io_write(struct ubi_device * ubi,const void * buf,int pnum,int offset,int len)222 int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset,
223 int len)
224 {
225 int err;
226 size_t written;
227 loff_t addr;
228
229 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset);
230
231 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
232 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
233 ubi_assert(offset % ubi->hdrs_min_io_size == 0);
234 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0);
235
236 if (ubi->ro_mode) {
237 ubi_err(ubi, "read-only mode");
238 return -EROFS;
239 }
240
241 err = self_check_not_bad(ubi, pnum);
242 if (err)
243 return err;
244
245 /* The area we are writing to has to contain all 0xFF bytes */
246 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
247 if (err)
248 return err;
249
250 if (offset >= ubi->leb_start) {
251 /*
252 * We write to the data area of the physical eraseblock. Make
253 * sure it has valid EC and VID headers.
254 */
255 err = self_check_peb_ec_hdr(ubi, pnum);
256 if (err)
257 return err;
258 err = self_check_peb_vid_hdr(ubi, pnum);
259 if (err)
260 return err;
261 }
262
263 if (ubi_dbg_is_write_failure(ubi)) {
264 ubi_err(ubi, "cannot write %d bytes to PEB %d:%d (emulated)",
265 len, pnum, offset);
266 dump_stack();
267 return -EIO;
268 }
269
270 addr = (loff_t)pnum * ubi->peb_size + offset;
271 err = mtd_write(ubi->mtd, addr, len, &written, buf);
272 if (err) {
273 ubi_err(ubi, "error %d while writing %d bytes to PEB %d:%d, written %zd bytes",
274 err, len, pnum, offset, written);
275 dump_stack();
276 ubi_dump_flash(ubi, pnum, offset, len);
277 } else
278 ubi_assert(written == len);
279
280 if (!err) {
281 err = self_check_write(ubi, buf, pnum, offset, len);
282 if (err)
283 return err;
284
285 /*
286 * Since we always write sequentially, the rest of the PEB has
287 * to contain only 0xFF bytes.
288 */
289 offset += len;
290 len = ubi->peb_size - offset;
291 if (len)
292 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
293 }
294
295 return err;
296 }
297
298 /**
299 * do_sync_erase - synchronously erase a physical eraseblock.
300 * @ubi: UBI device description object
301 * @pnum: the physical eraseblock number to erase
302 *
303 * This function synchronously erases physical eraseblock @pnum and returns
304 * zero in case of success and a negative error code in case of failure. If
305 * %-EIO is returned, the physical eraseblock most probably went bad.
306 */
do_sync_erase(struct ubi_device * ubi,int pnum)307 static int do_sync_erase(struct ubi_device *ubi, int pnum)
308 {
309 int err, retries = 0;
310 struct erase_info ei;
311
312 dbg_io("erase PEB %d", pnum);
313 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
314
315 if (ubi->ro_mode) {
316 ubi_err(ubi, "read-only mode");
317 return -EROFS;
318 }
319
320 retry:
321 memset(&ei, 0, sizeof(struct erase_info));
322
323 ei.addr = (loff_t)pnum * ubi->peb_size;
324 ei.len = ubi->peb_size;
325
326 err = mtd_erase(ubi->mtd, &ei);
327 if (err) {
328 if (retries++ < UBI_IO_RETRIES) {
329 ubi_warn(ubi, "error %d while erasing PEB %d, retry",
330 err, pnum);
331 yield();
332 goto retry;
333 }
334 ubi_err(ubi, "cannot erase PEB %d, error %d", pnum, err);
335 dump_stack();
336 return err;
337 }
338
339 err = ubi_self_check_all_ff(ubi, pnum, 0, ubi->peb_size);
340 if (err)
341 return err;
342
343 if (ubi_dbg_is_erase_failure(ubi)) {
344 ubi_err(ubi, "cannot erase PEB %d (emulated)", pnum);
345 return -EIO;
346 }
347
348 return 0;
349 }
350
351 /* Patterns to write to a physical eraseblock when torturing it */
352 static uint8_t patterns[] = {0xa5, 0x5a, 0x0};
353
354 /**
355 * torture_peb - test a supposedly bad physical eraseblock.
356 * @ubi: UBI device description object
357 * @pnum: the physical eraseblock number to test
358 *
359 * This function returns %-EIO if the physical eraseblock did not pass the
360 * test, a positive number of erase operations done if the test was
361 * successfully passed, and other negative error codes in case of other errors.
362 */
torture_peb(struct ubi_device * ubi,int pnum)363 static int torture_peb(struct ubi_device *ubi, int pnum)
364 {
365 int err, i, patt_count;
366
367 ubi_msg(ubi, "run torture test for PEB %d", pnum);
368 patt_count = ARRAY_SIZE(patterns);
369 ubi_assert(patt_count > 0);
370
371 mutex_lock(&ubi->buf_mutex);
372 for (i = 0; i < patt_count; i++) {
373 err = do_sync_erase(ubi, pnum);
374 if (err)
375 goto out;
376
377 /* Make sure the PEB contains only 0xFF bytes */
378 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
379 if (err)
380 goto out;
381
382 err = ubi_check_pattern(ubi->peb_buf, 0xFF, ubi->peb_size);
383 if (err == 0) {
384 ubi_err(ubi, "erased PEB %d, but a non-0xFF byte found",
385 pnum);
386 err = -EIO;
387 goto out;
388 }
389
390 /* Write a pattern and check it */
391 memset(ubi->peb_buf, patterns[i], ubi->peb_size);
392 err = ubi_io_write(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
393 if (err)
394 goto out;
395
396 memset(ubi->peb_buf, ~patterns[i], ubi->peb_size);
397 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
398 if (err)
399 goto out;
400
401 err = ubi_check_pattern(ubi->peb_buf, patterns[i],
402 ubi->peb_size);
403 if (err == 0) {
404 ubi_err(ubi, "pattern %x checking failed for PEB %d",
405 patterns[i], pnum);
406 err = -EIO;
407 goto out;
408 }
409 }
410
411 err = patt_count;
412 ubi_msg(ubi, "PEB %d passed torture test, do not mark it as bad", pnum);
413
414 out:
415 mutex_unlock(&ubi->buf_mutex);
416 if (err == UBI_IO_BITFLIPS || mtd_is_eccerr(err)) {
417 /*
418 * If a bit-flip or data integrity error was detected, the test
419 * has not passed because it happened on a freshly erased
420 * physical eraseblock which means something is wrong with it.
421 */
422 ubi_err(ubi, "read problems on freshly erased PEB %d, must be bad",
423 pnum);
424 err = -EIO;
425 }
426 return err;
427 }
428
429 /**
430 * nor_erase_prepare - prepare a NOR flash PEB for erasure.
431 * @ubi: UBI device description object
432 * @pnum: physical eraseblock number to prepare
433 *
434 * NOR flash, or at least some of them, have peculiar embedded PEB erasure
435 * algorithm: the PEB is first filled with zeroes, then it is erased. And
436 * filling with zeroes starts from the end of the PEB. This was observed with
437 * Spansion S29GL512N NOR flash.
438 *
439 * This means that in case of a power cut we may end up with intact data at the
440 * beginning of the PEB, and all zeroes at the end of PEB. In other words, the
441 * EC and VID headers are OK, but a large chunk of data at the end of PEB is
442 * zeroed. This makes UBI mistakenly treat this PEB as used and associate it
443 * with an LEB, which leads to subsequent failures (e.g., UBIFS fails).
444 *
445 * This function is called before erasing NOR PEBs and it zeroes out EC and VID
446 * magic numbers in order to invalidate them and prevent the failures. Returns
447 * zero in case of success and a negative error code in case of failure.
448 */
nor_erase_prepare(struct ubi_device * ubi,int pnum)449 static int nor_erase_prepare(struct ubi_device *ubi, int pnum)
450 {
451 int err;
452 size_t written;
453 loff_t addr;
454 uint32_t data = 0;
455 struct ubi_ec_hdr ec_hdr;
456 struct ubi_vid_io_buf vidb;
457
458 /*
459 * Note, we cannot generally define VID header buffers on stack,
460 * because of the way we deal with these buffers (see the header
461 * comment in this file). But we know this is a NOR-specific piece of
462 * code, so we can do this. But yes, this is error-prone and we should
463 * (pre-)allocate VID header buffer instead.
464 */
465 struct ubi_vid_hdr vid_hdr;
466
467 /*
468 * If VID or EC is valid, we have to corrupt them before erasing.
469 * It is important to first invalidate the EC header, and then the VID
470 * header. Otherwise a power cut may lead to valid EC header and
471 * invalid VID header, in which case UBI will treat this PEB as
472 * corrupted and will try to preserve it, and print scary warnings.
473 */
474 addr = (loff_t)pnum * ubi->peb_size;
475 err = ubi_io_read_ec_hdr(ubi, pnum, &ec_hdr, 0);
476 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
477 err != UBI_IO_FF){
478 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
479 if(err)
480 goto error;
481 }
482
483 ubi_init_vid_buf(ubi, &vidb, &vid_hdr);
484 ubi_assert(&vid_hdr == ubi_get_vid_hdr(&vidb));
485
486 err = ubi_io_read_vid_hdr(ubi, pnum, &vidb, 0);
487 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
488 err != UBI_IO_FF){
489 addr += ubi->vid_hdr_aloffset;
490 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
491 if (err)
492 goto error;
493 }
494 return 0;
495
496 error:
497 /*
498 * The PEB contains a valid VID or EC header, but we cannot invalidate
499 * it. Supposedly the flash media or the driver is screwed up, so
500 * return an error.
501 */
502 ubi_err(ubi, "cannot invalidate PEB %d, write returned %d", pnum, err);
503 ubi_dump_flash(ubi, pnum, 0, ubi->peb_size);
504 return -EIO;
505 }
506
507 /**
508 * ubi_io_sync_erase - synchronously erase a physical eraseblock.
509 * @ubi: UBI device description object
510 * @pnum: physical eraseblock number to erase
511 * @torture: if this physical eraseblock has to be tortured
512 *
513 * This function synchronously erases physical eraseblock @pnum. If @torture
514 * flag is not zero, the physical eraseblock is checked by means of writing
515 * different patterns to it and reading them back. If the torturing is enabled,
516 * the physical eraseblock is erased more than once.
517 *
518 * This function returns the number of erasures made in case of success, %-EIO
519 * if the erasure failed or the torturing test failed, and other negative error
520 * codes in case of other errors. Note, %-EIO means that the physical
521 * eraseblock is bad.
522 */
ubi_io_sync_erase(struct ubi_device * ubi,int pnum,int torture)523 int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture)
524 {
525 int err, ret = 0;
526
527 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
528
529 err = self_check_not_bad(ubi, pnum);
530 if (err != 0)
531 return err;
532
533 if (ubi->ro_mode) {
534 ubi_err(ubi, "read-only mode");
535 return -EROFS;
536 }
537
538 /*
539 * If the flash is ECC-ed then we have to erase the ECC block before we
540 * can write to it. But the write is in preparation to an erase in the
541 * first place. This means we cannot zero out EC and VID before the
542 * erase and we just have to hope the flash starts erasing from the
543 * start of the page.
544 */
545 if (ubi->nor_flash && ubi->mtd->writesize == 1) {
546 err = nor_erase_prepare(ubi, pnum);
547 if (err)
548 return err;
549 }
550
551 if (torture) {
552 ret = torture_peb(ubi, pnum);
553 if (ret < 0)
554 return ret;
555 }
556
557 err = do_sync_erase(ubi, pnum);
558 if (err)
559 return err;
560
561 return ret + 1;
562 }
563
564 /**
565 * ubi_io_is_bad - check if a physical eraseblock is bad.
566 * @ubi: UBI device description object
567 * @pnum: the physical eraseblock number to check
568 *
569 * This function returns a positive number if the physical eraseblock is bad,
570 * zero if not, and a negative error code if an error occurred.
571 */
ubi_io_is_bad(const struct ubi_device * ubi,int pnum)572 int ubi_io_is_bad(const struct ubi_device *ubi, int pnum)
573 {
574 struct mtd_info *mtd = ubi->mtd;
575
576 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
577
578 if (ubi->bad_allowed) {
579 int ret;
580
581 ret = mtd_block_isbad(mtd, (loff_t)pnum * ubi->peb_size);
582 if (ret < 0)
583 ubi_err(ubi, "error %d while checking if PEB %d is bad",
584 ret, pnum);
585 else if (ret)
586 dbg_io("PEB %d is bad", pnum);
587 return ret;
588 }
589
590 return 0;
591 }
592
593 /**
594 * ubi_io_mark_bad - mark a physical eraseblock as bad.
595 * @ubi: UBI device description object
596 * @pnum: the physical eraseblock number to mark
597 *
598 * This function returns zero in case of success and a negative error code in
599 * case of failure.
600 */
ubi_io_mark_bad(const struct ubi_device * ubi,int pnum)601 int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum)
602 {
603 int err;
604 struct mtd_info *mtd = ubi->mtd;
605
606 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
607
608 if (ubi->ro_mode) {
609 ubi_err(ubi, "read-only mode");
610 return -EROFS;
611 }
612
613 if (!ubi->bad_allowed)
614 return 0;
615
616 err = mtd_block_markbad(mtd, (loff_t)pnum * ubi->peb_size);
617 if (err)
618 ubi_err(ubi, "cannot mark PEB %d bad, error %d", pnum, err);
619 return err;
620 }
621
622 /**
623 * validate_ec_hdr - validate an erase counter header.
624 * @ubi: UBI device description object
625 * @ec_hdr: the erase counter header to check
626 *
627 * This function returns zero if the erase counter header is OK, and %1 if
628 * not.
629 */
validate_ec_hdr(const struct ubi_device * ubi,const struct ubi_ec_hdr * ec_hdr)630 static int validate_ec_hdr(const struct ubi_device *ubi,
631 const struct ubi_ec_hdr *ec_hdr)
632 {
633 long long ec;
634 int vid_hdr_offset, leb_start;
635
636 ec = be64_to_cpu(ec_hdr->ec);
637 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset);
638 leb_start = be32_to_cpu(ec_hdr->data_offset);
639
640 if (ec_hdr->version != UBI_VERSION) {
641 ubi_err(ubi, "node with incompatible UBI version found: this UBI version is %d, image version is %d",
642 UBI_VERSION, (int)ec_hdr->version);
643 goto bad;
644 }
645
646 if (vid_hdr_offset != ubi->vid_hdr_offset) {
647 ubi_err(ubi, "bad VID header offset %d, expected %d",
648 vid_hdr_offset, ubi->vid_hdr_offset);
649 goto bad;
650 }
651
652 if (leb_start != ubi->leb_start) {
653 ubi_err(ubi, "bad data offset %d, expected %d",
654 leb_start, ubi->leb_start);
655 goto bad;
656 }
657
658 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) {
659 ubi_err(ubi, "bad erase counter %lld", ec);
660 goto bad;
661 }
662
663 return 0;
664
665 bad:
666 ubi_err(ubi, "bad EC header");
667 ubi_dump_ec_hdr(ec_hdr);
668 dump_stack();
669 return 1;
670 }
671
672 /**
673 * ubi_io_read_ec_hdr - read and check an erase counter header.
674 * @ubi: UBI device description object
675 * @pnum: physical eraseblock to read from
676 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter
677 * header
678 * @verbose: be verbose if the header is corrupted or was not found
679 *
680 * This function reads erase counter header from physical eraseblock @pnum and
681 * stores it in @ec_hdr. This function also checks CRC checksum of the read
682 * erase counter header. The following codes may be returned:
683 *
684 * o %0 if the CRC checksum is correct and the header was successfully read;
685 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected
686 * and corrected by the flash driver; this is harmless but may indicate that
687 * this eraseblock may become bad soon (but may be not);
688 * o %UBI_IO_BAD_HDR if the erase counter header is corrupted (a CRC error);
689 * o %UBI_IO_BAD_HDR_EBADMSG is the same as %UBI_IO_BAD_HDR, but there also was
690 * a data integrity error (uncorrectable ECC error in case of NAND);
691 * o %UBI_IO_FF if only 0xFF bytes were read (the PEB is supposedly empty)
692 * o a negative error code in case of failure.
693 */
ubi_io_read_ec_hdr(struct ubi_device * ubi,int pnum,struct ubi_ec_hdr * ec_hdr,int verbose)694 int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum,
695 struct ubi_ec_hdr *ec_hdr, int verbose)
696 {
697 int err, read_err;
698 uint32_t crc, magic, hdr_crc;
699
700 dbg_io("read EC header from PEB %d", pnum);
701 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
702
703 read_err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
704 if (read_err) {
705 if (read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
706 return read_err;
707
708 /*
709 * We read all the data, but either a correctable bit-flip
710 * occurred, or MTD reported a data integrity error
711 * (uncorrectable ECC error in case of NAND). The former is
712 * harmless, the later may mean that the read data is
713 * corrupted. But we have a CRC check-sum and we will detect
714 * this. If the EC header is still OK, we just report this as
715 * there was a bit-flip, to force scrubbing.
716 */
717 }
718
719 magic = be32_to_cpu(ec_hdr->magic);
720 if (magic != UBI_EC_HDR_MAGIC) {
721 if (mtd_is_eccerr(read_err))
722 return UBI_IO_BAD_HDR_EBADMSG;
723
724 /*
725 * The magic field is wrong. Let's check if we have read all
726 * 0xFF. If yes, this physical eraseblock is assumed to be
727 * empty.
728 */
729 if (ubi_check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) {
730 /* The physical eraseblock is supposedly empty */
731 if (verbose)
732 ubi_warn(ubi, "no EC header found at PEB %d, only 0xFF bytes",
733 pnum);
734 dbg_bld("no EC header found at PEB %d, only 0xFF bytes",
735 pnum);
736 if (!read_err)
737 return UBI_IO_FF;
738 else
739 return UBI_IO_FF_BITFLIPS;
740 }
741
742 /*
743 * This is not a valid erase counter header, and these are not
744 * 0xFF bytes. Report that the header is corrupted.
745 */
746 if (verbose) {
747 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
748 pnum, magic, UBI_EC_HDR_MAGIC);
749 ubi_dump_ec_hdr(ec_hdr);
750 }
751 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
752 pnum, magic, UBI_EC_HDR_MAGIC);
753 return UBI_IO_BAD_HDR;
754 }
755
756 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
757 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
758
759 if (hdr_crc != crc) {
760 if (verbose) {
761 ubi_warn(ubi, "bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
762 pnum, crc, hdr_crc);
763 ubi_dump_ec_hdr(ec_hdr);
764 }
765 dbg_bld("bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
766 pnum, crc, hdr_crc);
767
768 if (!read_err)
769 return UBI_IO_BAD_HDR;
770 else
771 return UBI_IO_BAD_HDR_EBADMSG;
772 }
773
774 /* And of course validate what has just been read from the media */
775 err = validate_ec_hdr(ubi, ec_hdr);
776 if (err) {
777 ubi_err(ubi, "validation failed for PEB %d", pnum);
778 return -EINVAL;
779 }
780
781 /*
782 * If there was %-EBADMSG, but the header CRC is still OK, report about
783 * a bit-flip to force scrubbing on this PEB.
784 */
785 return read_err ? UBI_IO_BITFLIPS : 0;
786 }
787
788 /**
789 * ubi_io_write_ec_hdr - write an erase counter header.
790 * @ubi: UBI device description object
791 * @pnum: physical eraseblock to write to
792 * @ec_hdr: the erase counter header to write
793 *
794 * This function writes erase counter header described by @ec_hdr to physical
795 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so
796 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec
797 * field.
798 *
799 * This function returns zero in case of success and a negative error code in
800 * case of failure. If %-EIO is returned, the physical eraseblock most probably
801 * went bad.
802 */
ubi_io_write_ec_hdr(struct ubi_device * ubi,int pnum,struct ubi_ec_hdr * ec_hdr)803 int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum,
804 struct ubi_ec_hdr *ec_hdr)
805 {
806 int err;
807 uint32_t crc;
808
809 dbg_io("write EC header to PEB %d", pnum);
810 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
811
812 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC);
813 ec_hdr->version = UBI_VERSION;
814 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset);
815 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start);
816 ec_hdr->image_seq = cpu_to_be32(ubi->image_seq);
817 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
818 ec_hdr->hdr_crc = cpu_to_be32(crc);
819
820 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
821 if (err)
822 return err;
823
824 if (ubi_dbg_power_cut(ubi, POWER_CUT_EC_WRITE))
825 return -EROFS;
826
827 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize);
828 return err;
829 }
830
831 /**
832 * validate_vid_hdr - validate a volume identifier header.
833 * @ubi: UBI device description object
834 * @vid_hdr: the volume identifier header to check
835 *
836 * This function checks that data stored in the volume identifier header
837 * @vid_hdr. Returns zero if the VID header is OK and %1 if not.
838 */
validate_vid_hdr(const struct ubi_device * ubi,const struct ubi_vid_hdr * vid_hdr)839 static int validate_vid_hdr(const struct ubi_device *ubi,
840 const struct ubi_vid_hdr *vid_hdr)
841 {
842 int vol_type = vid_hdr->vol_type;
843 int copy_flag = vid_hdr->copy_flag;
844 int vol_id = be32_to_cpu(vid_hdr->vol_id);
845 int lnum = be32_to_cpu(vid_hdr->lnum);
846 int compat = vid_hdr->compat;
847 int data_size = be32_to_cpu(vid_hdr->data_size);
848 int used_ebs = be32_to_cpu(vid_hdr->used_ebs);
849 int data_pad = be32_to_cpu(vid_hdr->data_pad);
850 int data_crc = be32_to_cpu(vid_hdr->data_crc);
851 int usable_leb_size = ubi->leb_size - data_pad;
852
853 if (copy_flag != 0 && copy_flag != 1) {
854 ubi_err(ubi, "bad copy_flag");
855 goto bad;
856 }
857
858 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 ||
859 data_pad < 0) {
860 ubi_err(ubi, "negative values");
861 goto bad;
862 }
863
864 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) {
865 ubi_err(ubi, "bad vol_id");
866 goto bad;
867 }
868
869 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) {
870 ubi_err(ubi, "bad compat");
871 goto bad;
872 }
873
874 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE &&
875 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE &&
876 compat != UBI_COMPAT_REJECT) {
877 ubi_err(ubi, "bad compat");
878 goto bad;
879 }
880
881 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) {
882 ubi_err(ubi, "bad vol_type");
883 goto bad;
884 }
885
886 if (data_pad >= ubi->leb_size / 2) {
887 ubi_err(ubi, "bad data_pad");
888 goto bad;
889 }
890
891 if (data_size > ubi->leb_size) {
892 ubi_err(ubi, "bad data_size");
893 goto bad;
894 }
895
896 if (vol_type == UBI_VID_STATIC) {
897 /*
898 * Although from high-level point of view static volumes may
899 * contain zero bytes of data, but no VID headers can contain
900 * zero at these fields, because they empty volumes do not have
901 * mapped logical eraseblocks.
902 */
903 if (used_ebs == 0) {
904 ubi_err(ubi, "zero used_ebs");
905 goto bad;
906 }
907 if (data_size == 0) {
908 ubi_err(ubi, "zero data_size");
909 goto bad;
910 }
911 if (lnum < used_ebs - 1) {
912 if (data_size != usable_leb_size) {
913 ubi_err(ubi, "bad data_size");
914 goto bad;
915 }
916 } else if (lnum > used_ebs - 1) {
917 ubi_err(ubi, "too high lnum");
918 goto bad;
919 }
920 } else {
921 if (copy_flag == 0) {
922 if (data_crc != 0) {
923 ubi_err(ubi, "non-zero data CRC");
924 goto bad;
925 }
926 if (data_size != 0) {
927 ubi_err(ubi, "non-zero data_size");
928 goto bad;
929 }
930 } else {
931 if (data_size == 0) {
932 ubi_err(ubi, "zero data_size of copy");
933 goto bad;
934 }
935 }
936 if (used_ebs != 0) {
937 ubi_err(ubi, "bad used_ebs");
938 goto bad;
939 }
940 }
941
942 return 0;
943
944 bad:
945 ubi_err(ubi, "bad VID header");
946 ubi_dump_vid_hdr(vid_hdr);
947 dump_stack();
948 return 1;
949 }
950
951 /**
952 * ubi_io_read_vid_hdr - read and check a volume identifier header.
953 * @ubi: UBI device description object
954 * @pnum: physical eraseblock number to read from
955 * @vidb: the volume identifier buffer to store data in
956 * @verbose: be verbose if the header is corrupted or wasn't found
957 *
958 * This function reads the volume identifier header from physical eraseblock
959 * @pnum and stores it in @vidb. It also checks CRC checksum of the read
960 * volume identifier header. The error codes are the same as in
961 * 'ubi_io_read_ec_hdr()'.
962 *
963 * Note, the implementation of this function is also very similar to
964 * 'ubi_io_read_ec_hdr()', so refer commentaries in 'ubi_io_read_ec_hdr()'.
965 */
ubi_io_read_vid_hdr(struct ubi_device * ubi,int pnum,struct ubi_vid_io_buf * vidb,int verbose)966 int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum,
967 struct ubi_vid_io_buf *vidb, int verbose)
968 {
969 int err, read_err;
970 uint32_t crc, magic, hdr_crc;
971 struct ubi_vid_hdr *vid_hdr = ubi_get_vid_hdr(vidb);
972 void *p = vidb->buffer;
973
974 dbg_io("read VID header from PEB %d", pnum);
975 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
976
977 read_err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
978 ubi->vid_hdr_shift + UBI_VID_HDR_SIZE);
979 if (read_err && read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
980 return read_err;
981
982 magic = be32_to_cpu(vid_hdr->magic);
983 if (magic != UBI_VID_HDR_MAGIC) {
984 if (mtd_is_eccerr(read_err))
985 return UBI_IO_BAD_HDR_EBADMSG;
986
987 if (ubi_check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) {
988 if (verbose)
989 ubi_warn(ubi, "no VID header found at PEB %d, only 0xFF bytes",
990 pnum);
991 dbg_bld("no VID header found at PEB %d, only 0xFF bytes",
992 pnum);
993 if (!read_err)
994 return UBI_IO_FF;
995 else
996 return UBI_IO_FF_BITFLIPS;
997 }
998
999 if (verbose) {
1000 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
1001 pnum, magic, UBI_VID_HDR_MAGIC);
1002 ubi_dump_vid_hdr(vid_hdr);
1003 }
1004 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
1005 pnum, magic, UBI_VID_HDR_MAGIC);
1006 return UBI_IO_BAD_HDR;
1007 }
1008
1009 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1010 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1011
1012 if (hdr_crc != crc) {
1013 if (verbose) {
1014 ubi_warn(ubi, "bad CRC at PEB %d, calculated %#08x, read %#08x",
1015 pnum, crc, hdr_crc);
1016 ubi_dump_vid_hdr(vid_hdr);
1017 }
1018 dbg_bld("bad CRC at PEB %d, calculated %#08x, read %#08x",
1019 pnum, crc, hdr_crc);
1020 if (!read_err)
1021 return UBI_IO_BAD_HDR;
1022 else
1023 return UBI_IO_BAD_HDR_EBADMSG;
1024 }
1025
1026 err = validate_vid_hdr(ubi, vid_hdr);
1027 if (err) {
1028 ubi_err(ubi, "validation failed for PEB %d", pnum);
1029 return -EINVAL;
1030 }
1031
1032 return read_err ? UBI_IO_BITFLIPS : 0;
1033 }
1034
1035 /**
1036 * ubi_io_write_vid_hdr - write a volume identifier header.
1037 * @ubi: UBI device description object
1038 * @pnum: the physical eraseblock number to write to
1039 * @vidb: the volume identifier buffer to write
1040 *
1041 * This function writes the volume identifier header described by @vid_hdr to
1042 * physical eraseblock @pnum. This function automatically fills the
1043 * @vidb->hdr->magic and the @vidb->hdr->version fields, as well as calculates
1044 * header CRC checksum and stores it at vidb->hdr->hdr_crc.
1045 *
1046 * This function returns zero in case of success and a negative error code in
1047 * case of failure. If %-EIO is returned, the physical eraseblock probably went
1048 * bad.
1049 */
ubi_io_write_vid_hdr(struct ubi_device * ubi,int pnum,struct ubi_vid_io_buf * vidb)1050 int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum,
1051 struct ubi_vid_io_buf *vidb)
1052 {
1053 struct ubi_vid_hdr *vid_hdr = ubi_get_vid_hdr(vidb);
1054 int err;
1055 uint32_t crc;
1056 void *p = vidb->buffer;
1057
1058 dbg_io("write VID header to PEB %d", pnum);
1059 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1060
1061 err = self_check_peb_ec_hdr(ubi, pnum);
1062 if (err)
1063 return err;
1064
1065 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC);
1066 vid_hdr->version = UBI_VERSION;
1067 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1068 vid_hdr->hdr_crc = cpu_to_be32(crc);
1069
1070 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1071 if (err)
1072 return err;
1073
1074 if (ubi_dbg_power_cut(ubi, POWER_CUT_VID_WRITE))
1075 return -EROFS;
1076
1077 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset,
1078 ubi->vid_hdr_alsize);
1079 return err;
1080 }
1081
1082 /**
1083 * self_check_not_bad - ensure that a physical eraseblock is not bad.
1084 * @ubi: UBI device description object
1085 * @pnum: physical eraseblock number to check
1086 *
1087 * This function returns zero if the physical eraseblock is good, %-EINVAL if
1088 * it is bad and a negative error code if an error occurred.
1089 */
self_check_not_bad(const struct ubi_device * ubi,int pnum)1090 static int self_check_not_bad(const struct ubi_device *ubi, int pnum)
1091 {
1092 int err;
1093
1094 if (!ubi_dbg_chk_io(ubi))
1095 return 0;
1096
1097 err = ubi_io_is_bad(ubi, pnum);
1098 if (!err)
1099 return err;
1100
1101 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1102 dump_stack();
1103 return err > 0 ? -EINVAL : err;
1104 }
1105
1106 /**
1107 * self_check_ec_hdr - check if an erase counter header is all right.
1108 * @ubi: UBI device description object
1109 * @pnum: physical eraseblock number the erase counter header belongs to
1110 * @ec_hdr: the erase counter header to check
1111 *
1112 * This function returns zero if the erase counter header contains valid
1113 * values, and %-EINVAL if not.
1114 */
self_check_ec_hdr(const struct ubi_device * ubi,int pnum,const struct ubi_ec_hdr * ec_hdr)1115 static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
1116 const struct ubi_ec_hdr *ec_hdr)
1117 {
1118 int err;
1119 uint32_t magic;
1120
1121 if (!ubi_dbg_chk_io(ubi))
1122 return 0;
1123
1124 magic = be32_to_cpu(ec_hdr->magic);
1125 if (magic != UBI_EC_HDR_MAGIC) {
1126 ubi_err(ubi, "bad magic %#08x, must be %#08x",
1127 magic, UBI_EC_HDR_MAGIC);
1128 goto fail;
1129 }
1130
1131 err = validate_ec_hdr(ubi, ec_hdr);
1132 if (err) {
1133 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1134 goto fail;
1135 }
1136
1137 return 0;
1138
1139 fail:
1140 ubi_dump_ec_hdr(ec_hdr);
1141 dump_stack();
1142 return -EINVAL;
1143 }
1144
1145 /**
1146 * self_check_peb_ec_hdr - check erase counter header.
1147 * @ubi: UBI device description object
1148 * @pnum: the physical eraseblock number to check
1149 *
1150 * This function returns zero if the erase counter header is all right and and
1151 * a negative error code if not or if an error occurred.
1152 */
self_check_peb_ec_hdr(const struct ubi_device * ubi,int pnum)1153 static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum)
1154 {
1155 int err;
1156 uint32_t crc, hdr_crc;
1157 struct ubi_ec_hdr *ec_hdr;
1158
1159 if (!ubi_dbg_chk_io(ubi))
1160 return 0;
1161
1162 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS);
1163 if (!ec_hdr)
1164 return -ENOMEM;
1165
1166 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
1167 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1168 goto exit;
1169
1170 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
1171 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
1172 if (hdr_crc != crc) {
1173 ubi_err(ubi, "bad CRC, calculated %#08x, read %#08x",
1174 crc, hdr_crc);
1175 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1176 ubi_dump_ec_hdr(ec_hdr);
1177 dump_stack();
1178 err = -EINVAL;
1179 goto exit;
1180 }
1181
1182 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
1183
1184 exit:
1185 kfree(ec_hdr);
1186 return err;
1187 }
1188
1189 /**
1190 * self_check_vid_hdr - check that a volume identifier header is all right.
1191 * @ubi: UBI device description object
1192 * @pnum: physical eraseblock number the volume identifier header belongs to
1193 * @vid_hdr: the volume identifier header to check
1194 *
1195 * This function returns zero if the volume identifier header is all right, and
1196 * %-EINVAL if not.
1197 */
self_check_vid_hdr(const struct ubi_device * ubi,int pnum,const struct ubi_vid_hdr * vid_hdr)1198 static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
1199 const struct ubi_vid_hdr *vid_hdr)
1200 {
1201 int err;
1202 uint32_t magic;
1203
1204 if (!ubi_dbg_chk_io(ubi))
1205 return 0;
1206
1207 magic = be32_to_cpu(vid_hdr->magic);
1208 if (magic != UBI_VID_HDR_MAGIC) {
1209 ubi_err(ubi, "bad VID header magic %#08x at PEB %d, must be %#08x",
1210 magic, pnum, UBI_VID_HDR_MAGIC);
1211 goto fail;
1212 }
1213
1214 err = validate_vid_hdr(ubi, vid_hdr);
1215 if (err) {
1216 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1217 goto fail;
1218 }
1219
1220 return err;
1221
1222 fail:
1223 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1224 ubi_dump_vid_hdr(vid_hdr);
1225 dump_stack();
1226 return -EINVAL;
1227
1228 }
1229
1230 /**
1231 * self_check_peb_vid_hdr - check volume identifier header.
1232 * @ubi: UBI device description object
1233 * @pnum: the physical eraseblock number to check
1234 *
1235 * This function returns zero if the volume identifier header is all right,
1236 * and a negative error code if not or if an error occurred.
1237 */
self_check_peb_vid_hdr(const struct ubi_device * ubi,int pnum)1238 static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum)
1239 {
1240 int err;
1241 uint32_t crc, hdr_crc;
1242 struct ubi_vid_io_buf *vidb;
1243 struct ubi_vid_hdr *vid_hdr;
1244 void *p;
1245
1246 if (!ubi_dbg_chk_io(ubi))
1247 return 0;
1248
1249 vidb = ubi_alloc_vid_buf(ubi, GFP_NOFS);
1250 if (!vidb)
1251 return -ENOMEM;
1252
1253 vid_hdr = ubi_get_vid_hdr(vidb);
1254 p = vidb->buffer;
1255 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1256 ubi->vid_hdr_alsize);
1257 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1258 goto exit;
1259
1260 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1261 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1262 if (hdr_crc != crc) {
1263 ubi_err(ubi, "bad VID header CRC at PEB %d, calculated %#08x, read %#08x",
1264 pnum, crc, hdr_crc);
1265 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1266 ubi_dump_vid_hdr(vid_hdr);
1267 dump_stack();
1268 err = -EINVAL;
1269 goto exit;
1270 }
1271
1272 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1273
1274 exit:
1275 ubi_free_vid_buf(vidb);
1276 return err;
1277 }
1278
1279 /**
1280 * self_check_write - make sure write succeeded.
1281 * @ubi: UBI device description object
1282 * @buf: buffer with data which were written
1283 * @pnum: physical eraseblock number the data were written to
1284 * @offset: offset within the physical eraseblock the data were written to
1285 * @len: how many bytes were written
1286 *
1287 * This functions reads data which were recently written and compares it with
1288 * the original data buffer - the data have to match. Returns zero if the data
1289 * match and a negative error code if not or in case of failure.
1290 */
self_check_write(struct ubi_device * ubi,const void * buf,int pnum,int offset,int len)1291 static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
1292 int offset, int len)
1293 {
1294 int err, i;
1295 size_t read;
1296 void *buf1;
1297 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1298
1299 if (!ubi_dbg_chk_io(ubi))
1300 return 0;
1301
1302 buf1 = __vmalloc(len, GFP_NOFS);
1303 if (!buf1) {
1304 ubi_err(ubi, "cannot allocate memory to check writes");
1305 return 0;
1306 }
1307
1308 err = mtd_read(ubi->mtd, addr, len, &read, buf1);
1309 if (err && !mtd_is_bitflip(err))
1310 goto out_free;
1311
1312 for (i = 0; i < len; i++) {
1313 uint8_t c = ((uint8_t *)buf)[i];
1314 uint8_t c1 = ((uint8_t *)buf1)[i];
1315 int dump_len;
1316
1317 if (c == c1)
1318 continue;
1319
1320 ubi_err(ubi, "self-check failed for PEB %d:%d, len %d",
1321 pnum, offset, len);
1322 ubi_msg(ubi, "data differ at position %d", i);
1323 dump_len = max_t(int, 128, len - i);
1324 ubi_msg(ubi, "hex dump of the original buffer from %d to %d",
1325 i, i + dump_len);
1326 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1327 buf + i, dump_len, 1);
1328 ubi_msg(ubi, "hex dump of the read buffer from %d to %d",
1329 i, i + dump_len);
1330 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1331 buf1 + i, dump_len, 1);
1332 dump_stack();
1333 err = -EINVAL;
1334 goto out_free;
1335 }
1336
1337 vfree(buf1);
1338 return 0;
1339
1340 out_free:
1341 vfree(buf1);
1342 return err;
1343 }
1344
1345 /**
1346 * ubi_self_check_all_ff - check that a region of flash is empty.
1347 * @ubi: UBI device description object
1348 * @pnum: the physical eraseblock number to check
1349 * @offset: the starting offset within the physical eraseblock to check
1350 * @len: the length of the region to check
1351 *
1352 * This function returns zero if only 0xFF bytes are present at offset
1353 * @offset of the physical eraseblock @pnum, and a negative error code if not
1354 * or if an error occurred.
1355 */
ubi_self_check_all_ff(struct ubi_device * ubi,int pnum,int offset,int len)1356 int ubi_self_check_all_ff(struct ubi_device *ubi, int pnum, int offset, int len)
1357 {
1358 size_t read;
1359 int err;
1360 void *buf;
1361 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1362
1363 if (!ubi_dbg_chk_io(ubi))
1364 return 0;
1365
1366 buf = __vmalloc(len, GFP_NOFS);
1367 if (!buf) {
1368 ubi_err(ubi, "cannot allocate memory to check for 0xFFs");
1369 return 0;
1370 }
1371
1372 err = mtd_read(ubi->mtd, addr, len, &read, buf);
1373 if (err && !mtd_is_bitflip(err)) {
1374 ubi_err(ubi, "err %d while reading %d bytes from PEB %d:%d, read %zd bytes",
1375 err, len, pnum, offset, read);
1376 goto error;
1377 }
1378
1379 err = ubi_check_pattern(buf, 0xFF, len);
1380 if (err == 0) {
1381 ubi_err(ubi, "flash region at PEB %d:%d, length %d does not contain all 0xFF bytes",
1382 pnum, offset, len);
1383 goto fail;
1384 }
1385
1386 vfree(buf);
1387 return 0;
1388
1389 fail:
1390 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1391 ubi_msg(ubi, "hex dump of the %d-%d region", offset, offset + len);
1392 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1, buf, len, 1);
1393 err = -EINVAL;
1394 error:
1395 dump_stack();
1396 vfree(buf);
1397 return err;
1398 }
1399