1 /*
2 * Copyright (c) International Business Machines Corp., 2006
3 * Copyright (c) Nokia Corporation, 2006, 2007
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
13 * the GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 *
19 * Author: Artem Bityutskiy (Битюцкий Артём)
20 */
21
22 /*
23 * UBI input/output sub-system.
24 *
25 * This sub-system provides a uniform way to work with all kinds of the
26 * underlying MTD devices. It also implements handy functions for reading and
27 * writing UBI headers.
28 *
29 * We are trying to have a paranoid mindset and not to trust to what we read
30 * from the flash media in order to be more secure and robust. So this
31 * sub-system validates every single header it reads from the flash media.
32 *
33 * Some words about how the eraseblock headers are stored.
34 *
35 * The erase counter header is always stored at offset zero. By default, the
36 * VID header is stored after the EC header at the closest aligned offset
37 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID
38 * header at the closest aligned offset. But this default layout may be
39 * changed. For example, for different reasons (e.g., optimization) UBI may be
40 * asked to put the VID header at further offset, and even at an unaligned
41 * offset. Of course, if the offset of the VID header is unaligned, UBI adds
42 * proper padding in front of it. Data offset may also be changed but it has to
43 * be aligned.
44 *
45 * About minimal I/O units. In general, UBI assumes flash device model where
46 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1,
47 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the
48 * @ubi->mtd->writesize field. But as an exception, UBI admits of using another
49 * (smaller) minimal I/O unit size for EC and VID headers to make it possible
50 * to do different optimizations.
51 *
52 * This is extremely useful in case of NAND flashes which admit of several
53 * write operations to one NAND page. In this case UBI can fit EC and VID
54 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal
55 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still
56 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI
57 * users.
58 *
59 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so
60 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID
61 * headers.
62 *
63 * Q: why not just to treat sub-page as a minimal I/O unit of this flash
64 * device, e.g., make @ubi->min_io_size = 512 in the example above?
65 *
66 * A: because when writing a sub-page, MTD still writes a full 2K page but the
67 * bytes which are not relevant to the sub-page are 0xFF. So, basically,
68 * writing 4x512 sub-pages is 4 times slower than writing one 2KiB NAND page.
69 * Thus, we prefer to use sub-pages only for EC and VID headers.
70 *
71 * As it was noted above, the VID header may start at a non-aligned offset.
72 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page,
73 * the VID header may reside at offset 1984 which is the last 64 bytes of the
74 * last sub-page (EC header is always at offset zero). This causes some
75 * difficulties when reading and writing VID headers.
76 *
77 * Suppose we have a 64-byte buffer and we read a VID header at it. We change
78 * the data and want to write this VID header out. As we can only write in
79 * 512-byte chunks, we have to allocate one more buffer and copy our VID header
80 * to offset 448 of this buffer.
81 *
82 * The I/O sub-system does the following trick in order to avoid this extra
83 * copy. It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID
84 * header and returns a pointer to offset @ubi->vid_hdr_shift of this buffer.
85 * When the VID header is being written out, it shifts the VID header pointer
86 * back and writes the whole sub-page.
87 */
88
89 #include <linux/crc32.h>
90 #include <linux/err.h>
91 #include <linux/slab.h>
92 #include "ubi.h"
93
94 #ifdef CONFIG_MTD_UBI_DEBUG
95 static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum);
96 static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum);
97 static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum,
98 const struct ubi_ec_hdr *ec_hdr);
99 static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum);
100 static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum,
101 const struct ubi_vid_hdr *vid_hdr);
102 #else
103 #define paranoid_check_not_bad(ubi, pnum) 0
104 #define paranoid_check_peb_ec_hdr(ubi, pnum) 0
105 #define paranoid_check_ec_hdr(ubi, pnum, ec_hdr) 0
106 #define paranoid_check_peb_vid_hdr(ubi, pnum) 0
107 #define paranoid_check_vid_hdr(ubi, pnum, vid_hdr) 0
108 #endif
109
110 /**
111 * ubi_io_read - read data from a physical eraseblock.
112 * @ubi: UBI device description object
113 * @buf: buffer where to store the read data
114 * @pnum: physical eraseblock number to read from
115 * @offset: offset within the physical eraseblock from where to read
116 * @len: how many bytes to read
117 *
118 * This function reads data from offset @offset of physical eraseblock @pnum
119 * and stores the read data in the @buf buffer. The following return codes are
120 * possible:
121 *
122 * o %0 if all the requested data were successfully read;
123 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but
124 * correctable bit-flips were detected; this is harmless but may indicate
125 * that this eraseblock may become bad soon (but do not have to);
126 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for
127 * example it can be an ECC error in case of NAND; this most probably means
128 * that the data is corrupted;
129 * o %-EIO if some I/O error occurred;
130 * o other negative error codes in case of other errors.
131 */
ubi_io_read(const struct ubi_device * ubi,void * buf,int pnum,int offset,int len)132 int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset,
133 int len)
134 {
135 int err, retries = 0;
136 size_t read;
137 loff_t addr;
138
139 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset);
140
141 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
142 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
143 ubi_assert(len > 0);
144
145 err = paranoid_check_not_bad(ubi, pnum);
146 if (err)
147 return err;
148
149 /*
150 * Deliberately corrupt the buffer to improve robustness. Indeed, if we
151 * do not do this, the following may happen:
152 * 1. The buffer contains data from previous operation, e.g., read from
153 * another PEB previously. The data looks like expected, e.g., if we
154 * just do not read anything and return - the caller would not
155 * notice this. E.g., if we are reading a VID header, the buffer may
156 * contain a valid VID header from another PEB.
157 * 2. The driver is buggy and returns us success or -EBADMSG or
158 * -EUCLEAN, but it does not actually put any data to the buffer.
159 *
160 * This may confuse UBI or upper layers - they may think the buffer
161 * contains valid data while in fact it is just old data. This is
162 * especially possible because UBI (and UBIFS) relies on CRC, and
163 * treats data as correct even in case of ECC errors if the CRC is
164 * correct.
165 *
166 * Try to prevent this situation by changing the first byte of the
167 * buffer.
168 */
169 *((uint8_t *)buf) ^= 0xFF;
170
171 addr = (loff_t)pnum * ubi->peb_size + offset;
172 retry:
173 err = mtd_read(ubi->mtd, addr, len, &read, buf);
174 if (err) {
175 const char *errstr = mtd_is_eccerr(err) ? " (ECC error)" : "";
176
177 if (mtd_is_bitflip(err)) {
178 /*
179 * -EUCLEAN is reported if there was a bit-flip which
180 * was corrected, so this is harmless.
181 *
182 * We do not report about it here unless debugging is
183 * enabled. A corresponding message will be printed
184 * later, when it is has been scrubbed.
185 */
186 dbg_msg("fixable bit-flip detected at PEB %d", pnum);
187 ubi_assert(len == read);
188 return UBI_IO_BITFLIPS;
189 }
190
191 if (retries++ < UBI_IO_RETRIES) {
192 dbg_io("error %d%s while reading %d bytes from PEB "
193 "%d:%d, read only %zd bytes, retry",
194 err, errstr, len, pnum, offset, read);
195 yield();
196 goto retry;
197 }
198
199 ubi_err("error %d%s while reading %d bytes from PEB %d:%d, "
200 "read %zd bytes", err, errstr, len, pnum, offset, read);
201 ubi_dbg_dump_stack();
202
203 /*
204 * The driver should never return -EBADMSG if it failed to read
205 * all the requested data. But some buggy drivers might do
206 * this, so we change it to -EIO.
207 */
208 if (read != len && mtd_is_eccerr(err)) {
209 ubi_assert(0);
210 err = -EIO;
211 }
212 } else {
213 ubi_assert(len == read);
214
215 if (ubi_dbg_is_bitflip(ubi)) {
216 dbg_gen("bit-flip (emulated)");
217 err = UBI_IO_BITFLIPS;
218 }
219 }
220
221 return err;
222 }
223
224 /**
225 * ubi_io_write - write data to a physical eraseblock.
226 * @ubi: UBI device description object
227 * @buf: buffer with the data to write
228 * @pnum: physical eraseblock number to write to
229 * @offset: offset within the physical eraseblock where to write
230 * @len: how many bytes to write
231 *
232 * This function writes @len bytes of data from buffer @buf to offset @offset
233 * of physical eraseblock @pnum. If all the data were successfully written,
234 * zero is returned. If an error occurred, this function returns a negative
235 * error code. If %-EIO is returned, the physical eraseblock most probably went
236 * bad.
237 *
238 * Note, in case of an error, it is possible that something was still written
239 * to the flash media, but may be some garbage.
240 */
ubi_io_write(struct ubi_device * ubi,const void * buf,int pnum,int offset,int len)241 int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset,
242 int len)
243 {
244 int err;
245 size_t written;
246 loff_t addr;
247
248 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset);
249
250 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
251 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
252 ubi_assert(offset % ubi->hdrs_min_io_size == 0);
253 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0);
254
255 if (ubi->ro_mode) {
256 ubi_err("read-only mode");
257 return -EROFS;
258 }
259
260 /* The below has to be compiled out if paranoid checks are disabled */
261
262 err = paranoid_check_not_bad(ubi, pnum);
263 if (err)
264 return err;
265
266 /* The area we are writing to has to contain all 0xFF bytes */
267 err = ubi_dbg_check_all_ff(ubi, pnum, offset, len);
268 if (err)
269 return err;
270
271 if (offset >= ubi->leb_start) {
272 /*
273 * We write to the data area of the physical eraseblock. Make
274 * sure it has valid EC and VID headers.
275 */
276 err = paranoid_check_peb_ec_hdr(ubi, pnum);
277 if (err)
278 return err;
279 err = paranoid_check_peb_vid_hdr(ubi, pnum);
280 if (err)
281 return err;
282 }
283
284 if (ubi_dbg_is_write_failure(ubi)) {
285 dbg_err("cannot write %d bytes to PEB %d:%d "
286 "(emulated)", len, pnum, offset);
287 ubi_dbg_dump_stack();
288 return -EIO;
289 }
290
291 addr = (loff_t)pnum * ubi->peb_size + offset;
292 err = mtd_write(ubi->mtd, addr, len, &written, buf);
293 if (err) {
294 ubi_err("error %d while writing %d bytes to PEB %d:%d, written "
295 "%zd bytes", err, len, pnum, offset, written);
296 ubi_dbg_dump_stack();
297 ubi_dbg_dump_flash(ubi, pnum, offset, len);
298 } else
299 ubi_assert(written == len);
300
301 if (!err) {
302 err = ubi_dbg_check_write(ubi, buf, pnum, offset, len);
303 if (err)
304 return err;
305
306 /*
307 * Since we always write sequentially, the rest of the PEB has
308 * to contain only 0xFF bytes.
309 */
310 offset += len;
311 len = ubi->peb_size - offset;
312 if (len)
313 err = ubi_dbg_check_all_ff(ubi, pnum, offset, len);
314 }
315
316 return err;
317 }
318
319 /**
320 * erase_callback - MTD erasure call-back.
321 * @ei: MTD erase information object.
322 *
323 * Note, even though MTD erase interface is asynchronous, all the current
324 * implementations are synchronous anyway.
325 */
erase_callback(struct erase_info * ei)326 static void erase_callback(struct erase_info *ei)
327 {
328 wake_up_interruptible((wait_queue_head_t *)ei->priv);
329 }
330
331 /**
332 * do_sync_erase - synchronously erase a physical eraseblock.
333 * @ubi: UBI device description object
334 * @pnum: the physical eraseblock number to erase
335 *
336 * This function synchronously erases physical eraseblock @pnum and returns
337 * zero in case of success and a negative error code in case of failure. If
338 * %-EIO is returned, the physical eraseblock most probably went bad.
339 */
do_sync_erase(struct ubi_device * ubi,int pnum)340 static int do_sync_erase(struct ubi_device *ubi, int pnum)
341 {
342 int err, retries = 0;
343 struct erase_info ei;
344 wait_queue_head_t wq;
345
346 dbg_io("erase PEB %d", pnum);
347 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
348
349 if (ubi->ro_mode) {
350 ubi_err("read-only mode");
351 return -EROFS;
352 }
353
354 retry:
355 init_waitqueue_head(&wq);
356 memset(&ei, 0, sizeof(struct erase_info));
357
358 ei.mtd = ubi->mtd;
359 ei.addr = (loff_t)pnum * ubi->peb_size;
360 ei.len = ubi->peb_size;
361 ei.callback = erase_callback;
362 ei.priv = (unsigned long)&wq;
363
364 err = mtd_erase(ubi->mtd, &ei);
365 if (err) {
366 if (retries++ < UBI_IO_RETRIES) {
367 dbg_io("error %d while erasing PEB %d, retry",
368 err, pnum);
369 yield();
370 goto retry;
371 }
372 ubi_err("cannot erase PEB %d, error %d", pnum, err);
373 ubi_dbg_dump_stack();
374 return err;
375 }
376
377 err = wait_event_interruptible(wq, ei.state == MTD_ERASE_DONE ||
378 ei.state == MTD_ERASE_FAILED);
379 if (err) {
380 ubi_err("interrupted PEB %d erasure", pnum);
381 return -EINTR;
382 }
383
384 if (ei.state == MTD_ERASE_FAILED) {
385 if (retries++ < UBI_IO_RETRIES) {
386 dbg_io("error while erasing PEB %d, retry", pnum);
387 yield();
388 goto retry;
389 }
390 ubi_err("cannot erase PEB %d", pnum);
391 ubi_dbg_dump_stack();
392 return -EIO;
393 }
394
395 err = ubi_dbg_check_all_ff(ubi, pnum, 0, ubi->peb_size);
396 if (err)
397 return err;
398
399 if (ubi_dbg_is_erase_failure(ubi)) {
400 dbg_err("cannot erase PEB %d (emulated)", pnum);
401 return -EIO;
402 }
403
404 return 0;
405 }
406
407 /* Patterns to write to a physical eraseblock when torturing it */
408 static uint8_t patterns[] = {0xa5, 0x5a, 0x0};
409
410 /**
411 * torture_peb - test a supposedly bad physical eraseblock.
412 * @ubi: UBI device description object
413 * @pnum: the physical eraseblock number to test
414 *
415 * This function returns %-EIO if the physical eraseblock did not pass the
416 * test, a positive number of erase operations done if the test was
417 * successfully passed, and other negative error codes in case of other errors.
418 */
torture_peb(struct ubi_device * ubi,int pnum)419 static int torture_peb(struct ubi_device *ubi, int pnum)
420 {
421 int err, i, patt_count;
422
423 ubi_msg("run torture test for PEB %d", pnum);
424 patt_count = ARRAY_SIZE(patterns);
425 ubi_assert(patt_count > 0);
426
427 mutex_lock(&ubi->buf_mutex);
428 for (i = 0; i < patt_count; i++) {
429 err = do_sync_erase(ubi, pnum);
430 if (err)
431 goto out;
432
433 /* Make sure the PEB contains only 0xFF bytes */
434 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
435 if (err)
436 goto out;
437
438 err = ubi_check_pattern(ubi->peb_buf, 0xFF, ubi->peb_size);
439 if (err == 0) {
440 ubi_err("erased PEB %d, but a non-0xFF byte found",
441 pnum);
442 err = -EIO;
443 goto out;
444 }
445
446 /* Write a pattern and check it */
447 memset(ubi->peb_buf, patterns[i], ubi->peb_size);
448 err = ubi_io_write(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
449 if (err)
450 goto out;
451
452 memset(ubi->peb_buf, ~patterns[i], ubi->peb_size);
453 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
454 if (err)
455 goto out;
456
457 err = ubi_check_pattern(ubi->peb_buf, patterns[i],
458 ubi->peb_size);
459 if (err == 0) {
460 ubi_err("pattern %x checking failed for PEB %d",
461 patterns[i], pnum);
462 err = -EIO;
463 goto out;
464 }
465 }
466
467 err = patt_count;
468 ubi_msg("PEB %d passed torture test, do not mark it as bad", pnum);
469
470 out:
471 mutex_unlock(&ubi->buf_mutex);
472 if (err == UBI_IO_BITFLIPS || mtd_is_eccerr(err)) {
473 /*
474 * If a bit-flip or data integrity error was detected, the test
475 * has not passed because it happened on a freshly erased
476 * physical eraseblock which means something is wrong with it.
477 */
478 ubi_err("read problems on freshly erased PEB %d, must be bad",
479 pnum);
480 err = -EIO;
481 }
482 return err;
483 }
484
485 /**
486 * nor_erase_prepare - prepare a NOR flash PEB for erasure.
487 * @ubi: UBI device description object
488 * @pnum: physical eraseblock number to prepare
489 *
490 * NOR flash, or at least some of them, have peculiar embedded PEB erasure
491 * algorithm: the PEB is first filled with zeroes, then it is erased. And
492 * filling with zeroes starts from the end of the PEB. This was observed with
493 * Spansion S29GL512N NOR flash.
494 *
495 * This means that in case of a power cut we may end up with intact data at the
496 * beginning of the PEB, and all zeroes at the end of PEB. In other words, the
497 * EC and VID headers are OK, but a large chunk of data at the end of PEB is
498 * zeroed. This makes UBI mistakenly treat this PEB as used and associate it
499 * with an LEB, which leads to subsequent failures (e.g., UBIFS fails).
500 *
501 * This function is called before erasing NOR PEBs and it zeroes out EC and VID
502 * magic numbers in order to invalidate them and prevent the failures. Returns
503 * zero in case of success and a negative error code in case of failure.
504 */
nor_erase_prepare(struct ubi_device * ubi,int pnum)505 static int nor_erase_prepare(struct ubi_device *ubi, int pnum)
506 {
507 int err, err1;
508 size_t written;
509 loff_t addr;
510 uint32_t data = 0;
511 /*
512 * Note, we cannot generally define VID header buffers on stack,
513 * because of the way we deal with these buffers (see the header
514 * comment in this file). But we know this is a NOR-specific piece of
515 * code, so we can do this. But yes, this is error-prone and we should
516 * (pre-)allocate VID header buffer instead.
517 */
518 struct ubi_vid_hdr vid_hdr;
519
520 /*
521 * It is important to first invalidate the EC header, and then the VID
522 * header. Otherwise a power cut may lead to valid EC header and
523 * invalid VID header, in which case UBI will treat this PEB as
524 * corrupted and will try to preserve it, and print scary warnings (see
525 * the header comment in scan.c for more information).
526 */
527 addr = (loff_t)pnum * ubi->peb_size;
528 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
529 if (!err) {
530 addr += ubi->vid_hdr_aloffset;
531 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
532 if (!err)
533 return 0;
534 }
535
536 /*
537 * We failed to write to the media. This was observed with Spansion
538 * S29GL512N NOR flash. Most probably the previously eraseblock erasure
539 * was interrupted at a very inappropriate moment, so it became
540 * unwritable. In this case we probably anyway have garbage in this
541 * PEB.
542 */
543 err1 = ubi_io_read_vid_hdr(ubi, pnum, &vid_hdr, 0);
544 if (err1 == UBI_IO_BAD_HDR_EBADMSG || err1 == UBI_IO_BAD_HDR ||
545 err1 == UBI_IO_FF) {
546 struct ubi_ec_hdr ec_hdr;
547
548 err1 = ubi_io_read_ec_hdr(ubi, pnum, &ec_hdr, 0);
549 if (err1 == UBI_IO_BAD_HDR_EBADMSG || err1 == UBI_IO_BAD_HDR ||
550 err1 == UBI_IO_FF)
551 /*
552 * Both VID and EC headers are corrupted, so we can
553 * safely erase this PEB and not afraid that it will be
554 * treated as a valid PEB in case of an unclean reboot.
555 */
556 return 0;
557 }
558
559 /*
560 * The PEB contains a valid VID header, but we cannot invalidate it.
561 * Supposedly the flash media or the driver is screwed up, so return an
562 * error.
563 */
564 ubi_err("cannot invalidate PEB %d, write returned %d read returned %d",
565 pnum, err, err1);
566 ubi_dbg_dump_flash(ubi, pnum, 0, ubi->peb_size);
567 return -EIO;
568 }
569
570 /**
571 * ubi_io_sync_erase - synchronously erase a physical eraseblock.
572 * @ubi: UBI device description object
573 * @pnum: physical eraseblock number to erase
574 * @torture: if this physical eraseblock has to be tortured
575 *
576 * This function synchronously erases physical eraseblock @pnum. If @torture
577 * flag is not zero, the physical eraseblock is checked by means of writing
578 * different patterns to it and reading them back. If the torturing is enabled,
579 * the physical eraseblock is erased more than once.
580 *
581 * This function returns the number of erasures made in case of success, %-EIO
582 * if the erasure failed or the torturing test failed, and other negative error
583 * codes in case of other errors. Note, %-EIO means that the physical
584 * eraseblock is bad.
585 */
ubi_io_sync_erase(struct ubi_device * ubi,int pnum,int torture)586 int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture)
587 {
588 int err, ret = 0;
589
590 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
591
592 err = paranoid_check_not_bad(ubi, pnum);
593 if (err != 0)
594 return err;
595
596 if (ubi->ro_mode) {
597 ubi_err("read-only mode");
598 return -EROFS;
599 }
600
601 if (ubi->nor_flash) {
602 err = nor_erase_prepare(ubi, pnum);
603 if (err)
604 return err;
605 }
606
607 if (torture) {
608 ret = torture_peb(ubi, pnum);
609 if (ret < 0)
610 return ret;
611 }
612
613 err = do_sync_erase(ubi, pnum);
614 if (err)
615 return err;
616
617 return ret + 1;
618 }
619
620 /**
621 * ubi_io_is_bad - check if a physical eraseblock is bad.
622 * @ubi: UBI device description object
623 * @pnum: the physical eraseblock number to check
624 *
625 * This function returns a positive number if the physical eraseblock is bad,
626 * zero if not, and a negative error code if an error occurred.
627 */
ubi_io_is_bad(const struct ubi_device * ubi,int pnum)628 int ubi_io_is_bad(const struct ubi_device *ubi, int pnum)
629 {
630 struct mtd_info *mtd = ubi->mtd;
631
632 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
633
634 if (ubi->bad_allowed) {
635 int ret;
636
637 ret = mtd_block_isbad(mtd, (loff_t)pnum * ubi->peb_size);
638 if (ret < 0)
639 ubi_err("error %d while checking if PEB %d is bad",
640 ret, pnum);
641 else if (ret)
642 dbg_io("PEB %d is bad", pnum);
643 return ret;
644 }
645
646 return 0;
647 }
648
649 /**
650 * ubi_io_mark_bad - mark a physical eraseblock as bad.
651 * @ubi: UBI device description object
652 * @pnum: the physical eraseblock number to mark
653 *
654 * This function returns zero in case of success and a negative error code in
655 * case of failure.
656 */
ubi_io_mark_bad(const struct ubi_device * ubi,int pnum)657 int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum)
658 {
659 int err;
660 struct mtd_info *mtd = ubi->mtd;
661
662 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
663
664 if (ubi->ro_mode) {
665 ubi_err("read-only mode");
666 return -EROFS;
667 }
668
669 if (!ubi->bad_allowed)
670 return 0;
671
672 err = mtd_block_markbad(mtd, (loff_t)pnum * ubi->peb_size);
673 if (err)
674 ubi_err("cannot mark PEB %d bad, error %d", pnum, err);
675 return err;
676 }
677
678 /**
679 * validate_ec_hdr - validate an erase counter header.
680 * @ubi: UBI device description object
681 * @ec_hdr: the erase counter header to check
682 *
683 * This function returns zero if the erase counter header is OK, and %1 if
684 * not.
685 */
validate_ec_hdr(const struct ubi_device * ubi,const struct ubi_ec_hdr * ec_hdr)686 static int validate_ec_hdr(const struct ubi_device *ubi,
687 const struct ubi_ec_hdr *ec_hdr)
688 {
689 long long ec;
690 int vid_hdr_offset, leb_start;
691
692 ec = be64_to_cpu(ec_hdr->ec);
693 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset);
694 leb_start = be32_to_cpu(ec_hdr->data_offset);
695
696 if (ec_hdr->version != UBI_VERSION) {
697 ubi_err("node with incompatible UBI version found: "
698 "this UBI version is %d, image version is %d",
699 UBI_VERSION, (int)ec_hdr->version);
700 goto bad;
701 }
702
703 if (vid_hdr_offset != ubi->vid_hdr_offset) {
704 ubi_err("bad VID header offset %d, expected %d",
705 vid_hdr_offset, ubi->vid_hdr_offset);
706 goto bad;
707 }
708
709 if (leb_start != ubi->leb_start) {
710 ubi_err("bad data offset %d, expected %d",
711 leb_start, ubi->leb_start);
712 goto bad;
713 }
714
715 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) {
716 ubi_err("bad erase counter %lld", ec);
717 goto bad;
718 }
719
720 return 0;
721
722 bad:
723 ubi_err("bad EC header");
724 ubi_dbg_dump_ec_hdr(ec_hdr);
725 ubi_dbg_dump_stack();
726 return 1;
727 }
728
729 /**
730 * ubi_io_read_ec_hdr - read and check an erase counter header.
731 * @ubi: UBI device description object
732 * @pnum: physical eraseblock to read from
733 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter
734 * header
735 * @verbose: be verbose if the header is corrupted or was not found
736 *
737 * This function reads erase counter header from physical eraseblock @pnum and
738 * stores it in @ec_hdr. This function also checks CRC checksum of the read
739 * erase counter header. The following codes may be returned:
740 *
741 * o %0 if the CRC checksum is correct and the header was successfully read;
742 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected
743 * and corrected by the flash driver; this is harmless but may indicate that
744 * this eraseblock may become bad soon (but may be not);
745 * o %UBI_IO_BAD_HDR if the erase counter header is corrupted (a CRC error);
746 * o %UBI_IO_BAD_HDR_EBADMSG is the same as %UBI_IO_BAD_HDR, but there also was
747 * a data integrity error (uncorrectable ECC error in case of NAND);
748 * o %UBI_IO_FF if only 0xFF bytes were read (the PEB is supposedly empty)
749 * o a negative error code in case of failure.
750 */
ubi_io_read_ec_hdr(struct ubi_device * ubi,int pnum,struct ubi_ec_hdr * ec_hdr,int verbose)751 int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum,
752 struct ubi_ec_hdr *ec_hdr, int verbose)
753 {
754 int err, read_err;
755 uint32_t crc, magic, hdr_crc;
756
757 dbg_io("read EC header from PEB %d", pnum);
758 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
759
760 read_err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
761 if (read_err) {
762 if (read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
763 return read_err;
764
765 /*
766 * We read all the data, but either a correctable bit-flip
767 * occurred, or MTD reported a data integrity error
768 * (uncorrectable ECC error in case of NAND). The former is
769 * harmless, the later may mean that the read data is
770 * corrupted. But we have a CRC check-sum and we will detect
771 * this. If the EC header is still OK, we just report this as
772 * there was a bit-flip, to force scrubbing.
773 */
774 }
775
776 magic = be32_to_cpu(ec_hdr->magic);
777 if (magic != UBI_EC_HDR_MAGIC) {
778 if (mtd_is_eccerr(read_err))
779 return UBI_IO_BAD_HDR_EBADMSG;
780
781 /*
782 * The magic field is wrong. Let's check if we have read all
783 * 0xFF. If yes, this physical eraseblock is assumed to be
784 * empty.
785 */
786 if (ubi_check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) {
787 /* The physical eraseblock is supposedly empty */
788 if (verbose)
789 ubi_warn("no EC header found at PEB %d, "
790 "only 0xFF bytes", pnum);
791 dbg_bld("no EC header found at PEB %d, "
792 "only 0xFF bytes", pnum);
793 if (!read_err)
794 return UBI_IO_FF;
795 else
796 return UBI_IO_FF_BITFLIPS;
797 }
798
799 /*
800 * This is not a valid erase counter header, and these are not
801 * 0xFF bytes. Report that the header is corrupted.
802 */
803 if (verbose) {
804 ubi_warn("bad magic number at PEB %d: %08x instead of "
805 "%08x", pnum, magic, UBI_EC_HDR_MAGIC);
806 ubi_dbg_dump_ec_hdr(ec_hdr);
807 }
808 dbg_bld("bad magic number at PEB %d: %08x instead of "
809 "%08x", pnum, magic, UBI_EC_HDR_MAGIC);
810 return UBI_IO_BAD_HDR;
811 }
812
813 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
814 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
815
816 if (hdr_crc != crc) {
817 if (verbose) {
818 ubi_warn("bad EC header CRC at PEB %d, calculated "
819 "%#08x, read %#08x", pnum, crc, hdr_crc);
820 ubi_dbg_dump_ec_hdr(ec_hdr);
821 }
822 dbg_bld("bad EC header CRC at PEB %d, calculated "
823 "%#08x, read %#08x", pnum, crc, hdr_crc);
824
825 if (!read_err)
826 return UBI_IO_BAD_HDR;
827 else
828 return UBI_IO_BAD_HDR_EBADMSG;
829 }
830
831 /* And of course validate what has just been read from the media */
832 err = validate_ec_hdr(ubi, ec_hdr);
833 if (err) {
834 ubi_err("validation failed for PEB %d", pnum);
835 return -EINVAL;
836 }
837
838 /*
839 * If there was %-EBADMSG, but the header CRC is still OK, report about
840 * a bit-flip to force scrubbing on this PEB.
841 */
842 return read_err ? UBI_IO_BITFLIPS : 0;
843 }
844
845 /**
846 * ubi_io_write_ec_hdr - write an erase counter header.
847 * @ubi: UBI device description object
848 * @pnum: physical eraseblock to write to
849 * @ec_hdr: the erase counter header to write
850 *
851 * This function writes erase counter header described by @ec_hdr to physical
852 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so
853 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec
854 * field.
855 *
856 * This function returns zero in case of success and a negative error code in
857 * case of failure. If %-EIO is returned, the physical eraseblock most probably
858 * went bad.
859 */
ubi_io_write_ec_hdr(struct ubi_device * ubi,int pnum,struct ubi_ec_hdr * ec_hdr)860 int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum,
861 struct ubi_ec_hdr *ec_hdr)
862 {
863 int err;
864 uint32_t crc;
865
866 dbg_io("write EC header to PEB %d", pnum);
867 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
868
869 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC);
870 ec_hdr->version = UBI_VERSION;
871 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset);
872 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start);
873 ec_hdr->image_seq = cpu_to_be32(ubi->image_seq);
874 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
875 ec_hdr->hdr_crc = cpu_to_be32(crc);
876
877 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr);
878 if (err)
879 return err;
880
881 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize);
882 return err;
883 }
884
885 /**
886 * validate_vid_hdr - validate a volume identifier header.
887 * @ubi: UBI device description object
888 * @vid_hdr: the volume identifier header to check
889 *
890 * This function checks that data stored in the volume identifier header
891 * @vid_hdr. Returns zero if the VID header is OK and %1 if not.
892 */
validate_vid_hdr(const struct ubi_device * ubi,const struct ubi_vid_hdr * vid_hdr)893 static int validate_vid_hdr(const struct ubi_device *ubi,
894 const struct ubi_vid_hdr *vid_hdr)
895 {
896 int vol_type = vid_hdr->vol_type;
897 int copy_flag = vid_hdr->copy_flag;
898 int vol_id = be32_to_cpu(vid_hdr->vol_id);
899 int lnum = be32_to_cpu(vid_hdr->lnum);
900 int compat = vid_hdr->compat;
901 int data_size = be32_to_cpu(vid_hdr->data_size);
902 int used_ebs = be32_to_cpu(vid_hdr->used_ebs);
903 int data_pad = be32_to_cpu(vid_hdr->data_pad);
904 int data_crc = be32_to_cpu(vid_hdr->data_crc);
905 int usable_leb_size = ubi->leb_size - data_pad;
906
907 if (copy_flag != 0 && copy_flag != 1) {
908 dbg_err("bad copy_flag");
909 goto bad;
910 }
911
912 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 ||
913 data_pad < 0) {
914 dbg_err("negative values");
915 goto bad;
916 }
917
918 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) {
919 dbg_err("bad vol_id");
920 goto bad;
921 }
922
923 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) {
924 dbg_err("bad compat");
925 goto bad;
926 }
927
928 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE &&
929 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE &&
930 compat != UBI_COMPAT_REJECT) {
931 dbg_err("bad compat");
932 goto bad;
933 }
934
935 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) {
936 dbg_err("bad vol_type");
937 goto bad;
938 }
939
940 if (data_pad >= ubi->leb_size / 2) {
941 dbg_err("bad data_pad");
942 goto bad;
943 }
944
945 if (vol_type == UBI_VID_STATIC) {
946 /*
947 * Although from high-level point of view static volumes may
948 * contain zero bytes of data, but no VID headers can contain
949 * zero at these fields, because they empty volumes do not have
950 * mapped logical eraseblocks.
951 */
952 if (used_ebs == 0) {
953 dbg_err("zero used_ebs");
954 goto bad;
955 }
956 if (data_size == 0) {
957 dbg_err("zero data_size");
958 goto bad;
959 }
960 if (lnum < used_ebs - 1) {
961 if (data_size != usable_leb_size) {
962 dbg_err("bad data_size");
963 goto bad;
964 }
965 } else if (lnum == used_ebs - 1) {
966 if (data_size == 0) {
967 dbg_err("bad data_size at last LEB");
968 goto bad;
969 }
970 } else {
971 dbg_err("too high lnum");
972 goto bad;
973 }
974 } else {
975 if (copy_flag == 0) {
976 if (data_crc != 0) {
977 dbg_err("non-zero data CRC");
978 goto bad;
979 }
980 if (data_size != 0) {
981 dbg_err("non-zero data_size");
982 goto bad;
983 }
984 } else {
985 if (data_size == 0) {
986 dbg_err("zero data_size of copy");
987 goto bad;
988 }
989 }
990 if (used_ebs != 0) {
991 dbg_err("bad used_ebs");
992 goto bad;
993 }
994 }
995
996 return 0;
997
998 bad:
999 ubi_err("bad VID header");
1000 ubi_dbg_dump_vid_hdr(vid_hdr);
1001 ubi_dbg_dump_stack();
1002 return 1;
1003 }
1004
1005 /**
1006 * ubi_io_read_vid_hdr - read and check a volume identifier header.
1007 * @ubi: UBI device description object
1008 * @pnum: physical eraseblock number to read from
1009 * @vid_hdr: &struct ubi_vid_hdr object where to store the read volume
1010 * identifier header
1011 * @verbose: be verbose if the header is corrupted or wasn't found
1012 *
1013 * This function reads the volume identifier header from physical eraseblock
1014 * @pnum and stores it in @vid_hdr. It also checks CRC checksum of the read
1015 * volume identifier header. The error codes are the same as in
1016 * 'ubi_io_read_ec_hdr()'.
1017 *
1018 * Note, the implementation of this function is also very similar to
1019 * 'ubi_io_read_ec_hdr()', so refer commentaries in 'ubi_io_read_ec_hdr()'.
1020 */
ubi_io_read_vid_hdr(struct ubi_device * ubi,int pnum,struct ubi_vid_hdr * vid_hdr,int verbose)1021 int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum,
1022 struct ubi_vid_hdr *vid_hdr, int verbose)
1023 {
1024 int err, read_err;
1025 uint32_t crc, magic, hdr_crc;
1026 void *p;
1027
1028 dbg_io("read VID header from PEB %d", pnum);
1029 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1030
1031 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1032 read_err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1033 ubi->vid_hdr_alsize);
1034 if (read_err && read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
1035 return read_err;
1036
1037 magic = be32_to_cpu(vid_hdr->magic);
1038 if (magic != UBI_VID_HDR_MAGIC) {
1039 if (mtd_is_eccerr(read_err))
1040 return UBI_IO_BAD_HDR_EBADMSG;
1041
1042 if (ubi_check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) {
1043 if (verbose)
1044 ubi_warn("no VID header found at PEB %d, "
1045 "only 0xFF bytes", pnum);
1046 dbg_bld("no VID header found at PEB %d, "
1047 "only 0xFF bytes", pnum);
1048 if (!read_err)
1049 return UBI_IO_FF;
1050 else
1051 return UBI_IO_FF_BITFLIPS;
1052 }
1053
1054 if (verbose) {
1055 ubi_warn("bad magic number at PEB %d: %08x instead of "
1056 "%08x", pnum, magic, UBI_VID_HDR_MAGIC);
1057 ubi_dbg_dump_vid_hdr(vid_hdr);
1058 }
1059 dbg_bld("bad magic number at PEB %d: %08x instead of "
1060 "%08x", pnum, magic, UBI_VID_HDR_MAGIC);
1061 return UBI_IO_BAD_HDR;
1062 }
1063
1064 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1065 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1066
1067 if (hdr_crc != crc) {
1068 if (verbose) {
1069 ubi_warn("bad CRC at PEB %d, calculated %#08x, "
1070 "read %#08x", pnum, crc, hdr_crc);
1071 ubi_dbg_dump_vid_hdr(vid_hdr);
1072 }
1073 dbg_bld("bad CRC at PEB %d, calculated %#08x, "
1074 "read %#08x", pnum, crc, hdr_crc);
1075 if (!read_err)
1076 return UBI_IO_BAD_HDR;
1077 else
1078 return UBI_IO_BAD_HDR_EBADMSG;
1079 }
1080
1081 err = validate_vid_hdr(ubi, vid_hdr);
1082 if (err) {
1083 ubi_err("validation failed for PEB %d", pnum);
1084 return -EINVAL;
1085 }
1086
1087 return read_err ? UBI_IO_BITFLIPS : 0;
1088 }
1089
1090 /**
1091 * ubi_io_write_vid_hdr - write a volume identifier header.
1092 * @ubi: UBI device description object
1093 * @pnum: the physical eraseblock number to write to
1094 * @vid_hdr: the volume identifier header to write
1095 *
1096 * This function writes the volume identifier header described by @vid_hdr to
1097 * physical eraseblock @pnum. This function automatically fills the
1098 * @vid_hdr->magic and the @vid_hdr->version fields, as well as calculates
1099 * header CRC checksum and stores it at vid_hdr->hdr_crc.
1100 *
1101 * This function returns zero in case of success and a negative error code in
1102 * case of failure. If %-EIO is returned, the physical eraseblock probably went
1103 * bad.
1104 */
ubi_io_write_vid_hdr(struct ubi_device * ubi,int pnum,struct ubi_vid_hdr * vid_hdr)1105 int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum,
1106 struct ubi_vid_hdr *vid_hdr)
1107 {
1108 int err;
1109 uint32_t crc;
1110 void *p;
1111
1112 dbg_io("write VID header to PEB %d", pnum);
1113 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1114
1115 err = paranoid_check_peb_ec_hdr(ubi, pnum);
1116 if (err)
1117 return err;
1118
1119 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC);
1120 vid_hdr->version = UBI_VERSION;
1121 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1122 vid_hdr->hdr_crc = cpu_to_be32(crc);
1123
1124 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr);
1125 if (err)
1126 return err;
1127
1128 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1129 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset,
1130 ubi->vid_hdr_alsize);
1131 return err;
1132 }
1133
1134 #ifdef CONFIG_MTD_UBI_DEBUG
1135
1136 /**
1137 * paranoid_check_not_bad - ensure that a physical eraseblock is not bad.
1138 * @ubi: UBI device description object
1139 * @pnum: physical eraseblock number to check
1140 *
1141 * This function returns zero if the physical eraseblock is good, %-EINVAL if
1142 * it is bad and a negative error code if an error occurred.
1143 */
paranoid_check_not_bad(const struct ubi_device * ubi,int pnum)1144 static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum)
1145 {
1146 int err;
1147
1148 if (!ubi->dbg->chk_io)
1149 return 0;
1150
1151 err = ubi_io_is_bad(ubi, pnum);
1152 if (!err)
1153 return err;
1154
1155 ubi_err("paranoid check failed for PEB %d", pnum);
1156 ubi_dbg_dump_stack();
1157 return err > 0 ? -EINVAL : err;
1158 }
1159
1160 /**
1161 * paranoid_check_ec_hdr - check if an erase counter header is all right.
1162 * @ubi: UBI device description object
1163 * @pnum: physical eraseblock number the erase counter header belongs to
1164 * @ec_hdr: the erase counter header to check
1165 *
1166 * This function returns zero if the erase counter header contains valid
1167 * values, and %-EINVAL if not.
1168 */
paranoid_check_ec_hdr(const struct ubi_device * ubi,int pnum,const struct ubi_ec_hdr * ec_hdr)1169 static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum,
1170 const struct ubi_ec_hdr *ec_hdr)
1171 {
1172 int err;
1173 uint32_t magic;
1174
1175 if (!ubi->dbg->chk_io)
1176 return 0;
1177
1178 magic = be32_to_cpu(ec_hdr->magic);
1179 if (magic != UBI_EC_HDR_MAGIC) {
1180 ubi_err("bad magic %#08x, must be %#08x",
1181 magic, UBI_EC_HDR_MAGIC);
1182 goto fail;
1183 }
1184
1185 err = validate_ec_hdr(ubi, ec_hdr);
1186 if (err) {
1187 ubi_err("paranoid check failed for PEB %d", pnum);
1188 goto fail;
1189 }
1190
1191 return 0;
1192
1193 fail:
1194 ubi_dbg_dump_ec_hdr(ec_hdr);
1195 ubi_dbg_dump_stack();
1196 return -EINVAL;
1197 }
1198
1199 /**
1200 * paranoid_check_peb_ec_hdr - check erase counter header.
1201 * @ubi: UBI device description object
1202 * @pnum: the physical eraseblock number to check
1203 *
1204 * This function returns zero if the erase counter header is all right and and
1205 * a negative error code if not or if an error occurred.
1206 */
paranoid_check_peb_ec_hdr(const struct ubi_device * ubi,int pnum)1207 static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum)
1208 {
1209 int err;
1210 uint32_t crc, hdr_crc;
1211 struct ubi_ec_hdr *ec_hdr;
1212
1213 if (!ubi->dbg->chk_io)
1214 return 0;
1215
1216 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS);
1217 if (!ec_hdr)
1218 return -ENOMEM;
1219
1220 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
1221 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1222 goto exit;
1223
1224 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
1225 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
1226 if (hdr_crc != crc) {
1227 ubi_err("bad CRC, calculated %#08x, read %#08x", crc, hdr_crc);
1228 ubi_err("paranoid check failed for PEB %d", pnum);
1229 ubi_dbg_dump_ec_hdr(ec_hdr);
1230 ubi_dbg_dump_stack();
1231 err = -EINVAL;
1232 goto exit;
1233 }
1234
1235 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr);
1236
1237 exit:
1238 kfree(ec_hdr);
1239 return err;
1240 }
1241
1242 /**
1243 * paranoid_check_vid_hdr - check that a volume identifier header is all right.
1244 * @ubi: UBI device description object
1245 * @pnum: physical eraseblock number the volume identifier header belongs to
1246 * @vid_hdr: the volume identifier header to check
1247 *
1248 * This function returns zero if the volume identifier header is all right, and
1249 * %-EINVAL if not.
1250 */
paranoid_check_vid_hdr(const struct ubi_device * ubi,int pnum,const struct ubi_vid_hdr * vid_hdr)1251 static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum,
1252 const struct ubi_vid_hdr *vid_hdr)
1253 {
1254 int err;
1255 uint32_t magic;
1256
1257 if (!ubi->dbg->chk_io)
1258 return 0;
1259
1260 magic = be32_to_cpu(vid_hdr->magic);
1261 if (magic != UBI_VID_HDR_MAGIC) {
1262 ubi_err("bad VID header magic %#08x at PEB %d, must be %#08x",
1263 magic, pnum, UBI_VID_HDR_MAGIC);
1264 goto fail;
1265 }
1266
1267 err = validate_vid_hdr(ubi, vid_hdr);
1268 if (err) {
1269 ubi_err("paranoid check failed for PEB %d", pnum);
1270 goto fail;
1271 }
1272
1273 return err;
1274
1275 fail:
1276 ubi_err("paranoid check failed for PEB %d", pnum);
1277 ubi_dbg_dump_vid_hdr(vid_hdr);
1278 ubi_dbg_dump_stack();
1279 return -EINVAL;
1280
1281 }
1282
1283 /**
1284 * paranoid_check_peb_vid_hdr - check volume identifier header.
1285 * @ubi: UBI device description object
1286 * @pnum: the physical eraseblock number to check
1287 *
1288 * This function returns zero if the volume identifier header is all right,
1289 * and a negative error code if not or if an error occurred.
1290 */
paranoid_check_peb_vid_hdr(const struct ubi_device * ubi,int pnum)1291 static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum)
1292 {
1293 int err;
1294 uint32_t crc, hdr_crc;
1295 struct ubi_vid_hdr *vid_hdr;
1296 void *p;
1297
1298 if (!ubi->dbg->chk_io)
1299 return 0;
1300
1301 vid_hdr = ubi_zalloc_vid_hdr(ubi, GFP_NOFS);
1302 if (!vid_hdr)
1303 return -ENOMEM;
1304
1305 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1306 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1307 ubi->vid_hdr_alsize);
1308 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1309 goto exit;
1310
1311 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_EC_HDR_SIZE_CRC);
1312 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1313 if (hdr_crc != crc) {
1314 ubi_err("bad VID header CRC at PEB %d, calculated %#08x, "
1315 "read %#08x", pnum, crc, hdr_crc);
1316 ubi_err("paranoid check failed for PEB %d", pnum);
1317 ubi_dbg_dump_vid_hdr(vid_hdr);
1318 ubi_dbg_dump_stack();
1319 err = -EINVAL;
1320 goto exit;
1321 }
1322
1323 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr);
1324
1325 exit:
1326 ubi_free_vid_hdr(ubi, vid_hdr);
1327 return err;
1328 }
1329
1330 /**
1331 * ubi_dbg_check_write - make sure write succeeded.
1332 * @ubi: UBI device description object
1333 * @buf: buffer with data which were written
1334 * @pnum: physical eraseblock number the data were written to
1335 * @offset: offset within the physical eraseblock the data were written to
1336 * @len: how many bytes were written
1337 *
1338 * This functions reads data which were recently written and compares it with
1339 * the original data buffer - the data have to match. Returns zero if the data
1340 * match and a negative error code if not or in case of failure.
1341 */
ubi_dbg_check_write(struct ubi_device * ubi,const void * buf,int pnum,int offset,int len)1342 int ubi_dbg_check_write(struct ubi_device *ubi, const void *buf, int pnum,
1343 int offset, int len)
1344 {
1345 int err, i;
1346 size_t read;
1347 void *buf1;
1348 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1349
1350 if (!ubi->dbg->chk_io)
1351 return 0;
1352
1353 buf1 = __vmalloc(len, GFP_NOFS, PAGE_KERNEL);
1354 if (!buf1) {
1355 ubi_err("cannot allocate memory to check writes");
1356 return 0;
1357 }
1358
1359 err = mtd_read(ubi->mtd, addr, len, &read, buf1);
1360 if (err && !mtd_is_bitflip(err))
1361 goto out_free;
1362
1363 for (i = 0; i < len; i++) {
1364 uint8_t c = ((uint8_t *)buf)[i];
1365 uint8_t c1 = ((uint8_t *)buf1)[i];
1366 int dump_len;
1367
1368 if (c == c1)
1369 continue;
1370
1371 ubi_err("paranoid check failed for PEB %d:%d, len %d",
1372 pnum, offset, len);
1373 ubi_msg("data differ at position %d", i);
1374 dump_len = max_t(int, 128, len - i);
1375 ubi_msg("hex dump of the original buffer from %d to %d",
1376 i, i + dump_len);
1377 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1378 buf + i, dump_len, 1);
1379 ubi_msg("hex dump of the read buffer from %d to %d",
1380 i, i + dump_len);
1381 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1382 buf1 + i, dump_len, 1);
1383 ubi_dbg_dump_stack();
1384 err = -EINVAL;
1385 goto out_free;
1386 }
1387
1388 vfree(buf1);
1389 return 0;
1390
1391 out_free:
1392 vfree(buf1);
1393 return err;
1394 }
1395
1396 /**
1397 * ubi_dbg_check_all_ff - check that a region of flash is empty.
1398 * @ubi: UBI device description object
1399 * @pnum: the physical eraseblock number to check
1400 * @offset: the starting offset within the physical eraseblock to check
1401 * @len: the length of the region to check
1402 *
1403 * This function returns zero if only 0xFF bytes are present at offset
1404 * @offset of the physical eraseblock @pnum, and a negative error code if not
1405 * or if an error occurred.
1406 */
ubi_dbg_check_all_ff(struct ubi_device * ubi,int pnum,int offset,int len)1407 int ubi_dbg_check_all_ff(struct ubi_device *ubi, int pnum, int offset, int len)
1408 {
1409 size_t read;
1410 int err;
1411 void *buf;
1412 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1413
1414 if (!ubi->dbg->chk_io)
1415 return 0;
1416
1417 buf = __vmalloc(len, GFP_NOFS, PAGE_KERNEL);
1418 if (!buf) {
1419 ubi_err("cannot allocate memory to check for 0xFFs");
1420 return 0;
1421 }
1422
1423 err = mtd_read(ubi->mtd, addr, len, &read, buf);
1424 if (err && !mtd_is_bitflip(err)) {
1425 ubi_err("error %d while reading %d bytes from PEB %d:%d, "
1426 "read %zd bytes", err, len, pnum, offset, read);
1427 goto error;
1428 }
1429
1430 err = ubi_check_pattern(buf, 0xFF, len);
1431 if (err == 0) {
1432 ubi_err("flash region at PEB %d:%d, length %d does not "
1433 "contain all 0xFF bytes", pnum, offset, len);
1434 goto fail;
1435 }
1436
1437 vfree(buf);
1438 return 0;
1439
1440 fail:
1441 ubi_err("paranoid check failed for PEB %d", pnum);
1442 ubi_msg("hex dump of the %d-%d region", offset, offset + len);
1443 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1, buf, len, 1);
1444 err = -EINVAL;
1445 error:
1446 ubi_dbg_dump_stack();
1447 vfree(buf);
1448 return err;
1449 }
1450
1451 #endif /* CONFIG_MTD_UBI_DEBUG */
1452