1 /* 2 * Copyright (c) International Business Machines Corp., 2006 3 * Copyright (c) Nokia Corporation, 2006, 2007 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 13 * the GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program; if not, write to the Free Software 17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 18 * 19 * Author: Artem Bityutskiy (Битюцкий Артём) 20 */ 21 22 /* 23 * UBI input/output unit. 24 * 25 * This unit provides a uniform way to work with all kinds of the underlying 26 * MTD devices. It also implements handy functions for reading and writing UBI 27 * headers. 28 * 29 * We are trying to have a paranoid mindset and not to trust to what we read 30 * from the flash media in order to be more secure and robust. So this unit 31 * validates every single header it reads from the flash media. 32 * 33 * Some words about how the eraseblock headers are stored. 34 * 35 * The erase counter header is always stored at offset zero. By default, the 36 * VID header is stored after the EC header at the closest aligned offset 37 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID 38 * header at the closest aligned offset. But this default layout may be 39 * changed. For example, for different reasons (e.g., optimization) UBI may be 40 * asked to put the VID header at further offset, and even at an unaligned 41 * offset. Of course, if the offset of the VID header is unaligned, UBI adds 42 * proper padding in front of it. Data offset may also be changed but it has to 43 * be aligned. 44 * 45 * About minimal I/O units. In general, UBI assumes flash device model where 46 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1, 47 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the 48 * @ubi->mtd->writesize field. But as an exception, UBI admits of using another 49 * (smaller) minimal I/O unit size for EC and VID headers to make it possible 50 * to do different optimizations. 51 * 52 * This is extremely useful in case of NAND flashes which admit of several 53 * write operations to one NAND page. In this case UBI can fit EC and VID 54 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal 55 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still 56 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI 57 * users. 58 * 59 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so 60 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID 61 * headers. 62 * 63 * Q: why not just to treat sub-page as a minimal I/O unit of this flash 64 * device, e.g., make @ubi->min_io_size = 512 in the example above? 65 * 66 * A: because when writing a sub-page, MTD still writes a full 2K page but the 67 * bytes which are no relevant to the sub-page are 0xFF. So, basically, writing 68 * 4x512 sub-pages is 4 times slower then writing one 2KiB NAND page. Thus, we 69 * prefer to use sub-pages only for EV and VID headers. 70 * 71 * As it was noted above, the VID header may start at a non-aligned offset. 72 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page, 73 * the VID header may reside at offset 1984 which is the last 64 bytes of the 74 * last sub-page (EC header is always at offset zero). This causes some 75 * difficulties when reading and writing VID headers. 76 * 77 * Suppose we have a 64-byte buffer and we read a VID header at it. We change 78 * the data and want to write this VID header out. As we can only write in 79 * 512-byte chunks, we have to allocate one more buffer and copy our VID header 80 * to offset 448 of this buffer. 81 * 82 * The I/O unit does the following trick in order to avoid this extra copy. 83 * It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID header 84 * and returns a pointer to offset @ubi->vid_hdr_shift of this buffer. When the 85 * VID header is being written out, it shifts the VID header pointer back and 86 * writes the whole sub-page. 87 */ 88 89 #include <linux/crc32.h> 90 #include <linux/err.h> 91 #include "ubi.h" 92 93 #ifdef CONFIG_MTD_UBI_DEBUG_PARANOID 94 static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum); 95 static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum); 96 static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum, 97 const struct ubi_ec_hdr *ec_hdr); 98 static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum); 99 static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum, 100 const struct ubi_vid_hdr *vid_hdr); 101 static int paranoid_check_all_ff(const struct ubi_device *ubi, int pnum, 102 int offset, int len); 103 #else 104 #define paranoid_check_not_bad(ubi, pnum) 0 105 #define paranoid_check_peb_ec_hdr(ubi, pnum) 0 106 #define paranoid_check_ec_hdr(ubi, pnum, ec_hdr) 0 107 #define paranoid_check_peb_vid_hdr(ubi, pnum) 0 108 #define paranoid_check_vid_hdr(ubi, pnum, vid_hdr) 0 109 #define paranoid_check_all_ff(ubi, pnum, offset, len) 0 110 #endif 111 112 /** 113 * ubi_io_read - read data from a physical eraseblock. 114 * @ubi: UBI device description object 115 * @buf: buffer where to store the read data 116 * @pnum: physical eraseblock number to read from 117 * @offset: offset within the physical eraseblock from where to read 118 * @len: how many bytes to read 119 * 120 * This function reads data from offset @offset of physical eraseblock @pnum 121 * and stores the read data in the @buf buffer. The following return codes are 122 * possible: 123 * 124 * o %0 if all the requested data were successfully read; 125 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but 126 * correctable bit-flips were detected; this is harmless but may indicate 127 * that this eraseblock may become bad soon (but do not have to); 128 * o %-EBADMSG if the MTD subsystem reported about data data integrity 129 * problems, for example it can me an ECC error in case of NAND; this most 130 * probably means that the data is corrupted; 131 * o %-EIO if some I/O error occurred; 132 * o other negative error codes in case of other errors. 133 */ 134 int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset, 135 int len) 136 { 137 int err, retries = 0; 138 size_t read; 139 loff_t addr; 140 141 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset); 142 143 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 144 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size); 145 ubi_assert(len > 0); 146 147 err = paranoid_check_not_bad(ubi, pnum); 148 if (err) 149 return err > 0 ? -EINVAL : err; 150 151 addr = (loff_t)pnum * ubi->peb_size + offset; 152 retry: 153 err = ubi->mtd->read(ubi->mtd, addr, len, &read, buf); 154 if (err) { 155 if (err == -EUCLEAN) { 156 /* 157 * -EUCLEAN is reported if there was a bit-flip which 158 * was corrected, so this is harmless. 159 */ 160 ubi_msg("fixable bit-flip detected at PEB %d", pnum); 161 ubi_assert(len == read); 162 return UBI_IO_BITFLIPS; 163 } 164 165 if (read != len && retries++ < UBI_IO_RETRIES) { 166 dbg_io("error %d while reading %d bytes from PEB %d:%d, " 167 "read only %zd bytes, retry", 168 err, len, pnum, offset, read); 169 yield(); 170 goto retry; 171 } 172 173 ubi_err("error %d while reading %d bytes from PEB %d:%d, " 174 "read %zd bytes", err, len, pnum, offset, read); 175 ubi_dbg_dump_stack(); 176 } else { 177 ubi_assert(len == read); 178 179 if (ubi_dbg_is_bitflip()) { 180 dbg_msg("bit-flip (emulated)"); 181 err = UBI_IO_BITFLIPS; 182 } 183 } 184 185 return err; 186 } 187 188 /** 189 * ubi_io_write - write data to a physical eraseblock. 190 * @ubi: UBI device description object 191 * @buf: buffer with the data to write 192 * @pnum: physical eraseblock number to write to 193 * @offset: offset within the physical eraseblock where to write 194 * @len: how many bytes to write 195 * 196 * This function writes @len bytes of data from buffer @buf to offset @offset 197 * of physical eraseblock @pnum. If all the data were successfully written, 198 * zero is returned. If an error occurred, this function returns a negative 199 * error code. If %-EIO is returned, the physical eraseblock most probably went 200 * bad. 201 * 202 * Note, in case of an error, it is possible that something was still written 203 * to the flash media, but may be some garbage. 204 */ 205 int ubi_io_write(const struct ubi_device *ubi, const void *buf, int pnum, 206 int offset, int len) 207 { 208 int err; 209 size_t written; 210 loff_t addr; 211 212 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset); 213 214 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 215 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size); 216 ubi_assert(offset % ubi->hdrs_min_io_size == 0); 217 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0); 218 219 if (ubi->ro_mode) { 220 ubi_err("read-only mode"); 221 return -EROFS; 222 } 223 224 /* The below has to be compiled out if paranoid checks are disabled */ 225 226 err = paranoid_check_not_bad(ubi, pnum); 227 if (err) 228 return err > 0 ? -EINVAL : err; 229 230 /* The area we are writing to has to contain all 0xFF bytes */ 231 err = paranoid_check_all_ff(ubi, pnum, offset, len); 232 if (err) 233 return err > 0 ? -EINVAL : err; 234 235 if (offset >= ubi->leb_start) { 236 /* 237 * We write to the data area of the physical eraseblock. Make 238 * sure it has valid EC and VID headers. 239 */ 240 err = paranoid_check_peb_ec_hdr(ubi, pnum); 241 if (err) 242 return err > 0 ? -EINVAL : err; 243 err = paranoid_check_peb_vid_hdr(ubi, pnum); 244 if (err) 245 return err > 0 ? -EINVAL : err; 246 } 247 248 if (ubi_dbg_is_write_failure()) { 249 dbg_err("cannot write %d bytes to PEB %d:%d " 250 "(emulated)", len, pnum, offset); 251 ubi_dbg_dump_stack(); 252 return -EIO; 253 } 254 255 addr = (loff_t)pnum * ubi->peb_size + offset; 256 err = ubi->mtd->write(ubi->mtd, addr, len, &written, buf); 257 if (err) { 258 ubi_err("error %d while writing %d bytes to PEB %d:%d, written" 259 " %zd bytes", err, len, pnum, offset, written); 260 ubi_dbg_dump_stack(); 261 } else 262 ubi_assert(written == len); 263 264 return err; 265 } 266 267 /** 268 * erase_callback - MTD erasure call-back. 269 * @ei: MTD erase information object. 270 * 271 * Note, even though MTD erase interface is asynchronous, all the current 272 * implementations are synchronous anyway. 273 */ 274 static void erase_callback(struct erase_info *ei) 275 { 276 wake_up_interruptible((wait_queue_head_t *)ei->priv); 277 } 278 279 /** 280 * do_sync_erase - synchronously erase a physical eraseblock. 281 * @ubi: UBI device description object 282 * @pnum: the physical eraseblock number to erase 283 * 284 * This function synchronously erases physical eraseblock @pnum and returns 285 * zero in case of success and a negative error code in case of failure. If 286 * %-EIO is returned, the physical eraseblock most probably went bad. 287 */ 288 static int do_sync_erase(const struct ubi_device *ubi, int pnum) 289 { 290 int err, retries = 0; 291 struct erase_info ei; 292 wait_queue_head_t wq; 293 294 dbg_io("erase PEB %d", pnum); 295 296 retry: 297 init_waitqueue_head(&wq); 298 memset(&ei, 0, sizeof(struct erase_info)); 299 300 ei.mtd = ubi->mtd; 301 ei.addr = pnum * ubi->peb_size; 302 ei.len = ubi->peb_size; 303 ei.callback = erase_callback; 304 ei.priv = (unsigned long)&wq; 305 306 err = ubi->mtd->erase(ubi->mtd, &ei); 307 if (err) { 308 if (retries++ < UBI_IO_RETRIES) { 309 dbg_io("error %d while erasing PEB %d, retry", 310 err, pnum); 311 yield(); 312 goto retry; 313 } 314 ubi_err("cannot erase PEB %d, error %d", pnum, err); 315 ubi_dbg_dump_stack(); 316 return err; 317 } 318 319 err = wait_event_interruptible(wq, ei.state == MTD_ERASE_DONE || 320 ei.state == MTD_ERASE_FAILED); 321 if (err) { 322 ubi_err("interrupted PEB %d erasure", pnum); 323 return -EINTR; 324 } 325 326 if (ei.state == MTD_ERASE_FAILED) { 327 if (retries++ < UBI_IO_RETRIES) { 328 dbg_io("error while erasing PEB %d, retry", pnum); 329 yield(); 330 goto retry; 331 } 332 ubi_err("cannot erase PEB %d", pnum); 333 ubi_dbg_dump_stack(); 334 return -EIO; 335 } 336 337 err = paranoid_check_all_ff(ubi, pnum, 0, ubi->peb_size); 338 if (err) 339 return err > 0 ? -EINVAL : err; 340 341 if (ubi_dbg_is_erase_failure() && !err) { 342 dbg_err("cannot erase PEB %d (emulated)", pnum); 343 return -EIO; 344 } 345 346 return 0; 347 } 348 349 /** 350 * check_pattern - check if buffer contains only a certain byte pattern. 351 * @buf: buffer to check 352 * @patt: the pattern to check 353 * @size: buffer size in bytes 354 * 355 * This function returns %1 in there are only @patt bytes in @buf, and %0 if 356 * something else was also found. 357 */ 358 static int check_pattern(const void *buf, uint8_t patt, int size) 359 { 360 int i; 361 362 for (i = 0; i < size; i++) 363 if (((const uint8_t *)buf)[i] != patt) 364 return 0; 365 return 1; 366 } 367 368 /* Patterns to write to a physical eraseblock when torturing it */ 369 static uint8_t patterns[] = {0xa5, 0x5a, 0x0}; 370 371 /** 372 * torture_peb - test a supposedly bad physical eraseblock. 373 * @ubi: UBI device description object 374 * @pnum: the physical eraseblock number to test 375 * 376 * This function returns %-EIO if the physical eraseblock did not pass the 377 * test, a positive number of erase operations done if the test was 378 * successfully passed, and other negative error codes in case of other errors. 379 */ 380 static int torture_peb(const struct ubi_device *ubi, int pnum) 381 { 382 void *buf; 383 int err, i, patt_count; 384 385 buf = kmalloc(ubi->peb_size, GFP_KERNEL); 386 if (!buf) 387 return -ENOMEM; 388 389 patt_count = ARRAY_SIZE(patterns); 390 ubi_assert(patt_count > 0); 391 392 for (i = 0; i < patt_count; i++) { 393 err = do_sync_erase(ubi, pnum); 394 if (err) 395 goto out; 396 397 /* Make sure the PEB contains only 0xFF bytes */ 398 err = ubi_io_read(ubi, buf, pnum, 0, ubi->peb_size); 399 if (err) 400 goto out; 401 402 err = check_pattern(buf, 0xFF, ubi->peb_size); 403 if (err == 0) { 404 ubi_err("erased PEB %d, but a non-0xFF byte found", 405 pnum); 406 err = -EIO; 407 goto out; 408 } 409 410 /* Write a pattern and check it */ 411 memset(buf, patterns[i], ubi->peb_size); 412 err = ubi_io_write(ubi, buf, pnum, 0, ubi->peb_size); 413 if (err) 414 goto out; 415 416 memset(buf, ~patterns[i], ubi->peb_size); 417 err = ubi_io_read(ubi, buf, pnum, 0, ubi->peb_size); 418 if (err) 419 goto out; 420 421 err = check_pattern(buf, patterns[i], ubi->peb_size); 422 if (err == 0) { 423 ubi_err("pattern %x checking failed for PEB %d", 424 patterns[i], pnum); 425 err = -EIO; 426 goto out; 427 } 428 } 429 430 err = patt_count; 431 432 out: 433 if (err == UBI_IO_BITFLIPS || err == -EBADMSG) 434 /* 435 * If a bit-flip or data integrity error was detected, the test 436 * has not passed because it happened on a freshly erased 437 * physical eraseblock which means something is wrong with it. 438 */ 439 err = -EIO; 440 kfree(buf); 441 return err; 442 } 443 444 /** 445 * ubi_io_sync_erase - synchronously erase a physical eraseblock. 446 * @ubi: UBI device description object 447 * @pnum: physical eraseblock number to erase 448 * @torture: if this physical eraseblock has to be tortured 449 * 450 * This function synchronously erases physical eraseblock @pnum. If @torture 451 * flag is not zero, the physical eraseblock is checked by means of writing 452 * different patterns to it and reading them back. If the torturing is enabled, 453 * the physical eraseblock is erased more then once. 454 * 455 * This function returns the number of erasures made in case of success, %-EIO 456 * if the erasure failed or the torturing test failed, and other negative error 457 * codes in case of other errors. Note, %-EIO means that the physical 458 * eraseblock is bad. 459 */ 460 int ubi_io_sync_erase(const struct ubi_device *ubi, int pnum, int torture) 461 { 462 int err, ret = 0; 463 464 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 465 466 err = paranoid_check_not_bad(ubi, pnum); 467 if (err != 0) 468 return err > 0 ? -EINVAL : err; 469 470 if (ubi->ro_mode) { 471 ubi_err("read-only mode"); 472 return -EROFS; 473 } 474 475 if (torture) { 476 ret = torture_peb(ubi, pnum); 477 if (ret < 0) 478 return ret; 479 } 480 481 err = do_sync_erase(ubi, pnum); 482 if (err) 483 return err; 484 485 return ret + 1; 486 } 487 488 /** 489 * ubi_io_is_bad - check if a physical eraseblock is bad. 490 * @ubi: UBI device description object 491 * @pnum: the physical eraseblock number to check 492 * 493 * This function returns a positive number if the physical eraseblock is bad, 494 * zero if not, and a negative error code if an error occurred. 495 */ 496 int ubi_io_is_bad(const struct ubi_device *ubi, int pnum) 497 { 498 struct mtd_info *mtd = ubi->mtd; 499 500 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 501 502 if (ubi->bad_allowed) { 503 int ret; 504 505 ret = mtd->block_isbad(mtd, (loff_t)pnum * ubi->peb_size); 506 if (ret < 0) 507 ubi_err("error %d while checking if PEB %d is bad", 508 ret, pnum); 509 else if (ret) 510 dbg_io("PEB %d is bad", pnum); 511 return ret; 512 } 513 514 return 0; 515 } 516 517 /** 518 * ubi_io_mark_bad - mark a physical eraseblock as bad. 519 * @ubi: UBI device description object 520 * @pnum: the physical eraseblock number to mark 521 * 522 * This function returns zero in case of success and a negative error code in 523 * case of failure. 524 */ 525 int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum) 526 { 527 int err; 528 struct mtd_info *mtd = ubi->mtd; 529 530 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 531 532 if (ubi->ro_mode) { 533 ubi_err("read-only mode"); 534 return -EROFS; 535 } 536 537 if (!ubi->bad_allowed) 538 return 0; 539 540 err = mtd->block_markbad(mtd, (loff_t)pnum * ubi->peb_size); 541 if (err) 542 ubi_err("cannot mark PEB %d bad, error %d", pnum, err); 543 return err; 544 } 545 546 /** 547 * validate_ec_hdr - validate an erase counter header. 548 * @ubi: UBI device description object 549 * @ec_hdr: the erase counter header to check 550 * 551 * This function returns zero if the erase counter header is OK, and %1 if 552 * not. 553 */ 554 static int validate_ec_hdr(const struct ubi_device *ubi, 555 const struct ubi_ec_hdr *ec_hdr) 556 { 557 long long ec; 558 int vid_hdr_offset, leb_start; 559 560 ec = ubi64_to_cpu(ec_hdr->ec); 561 vid_hdr_offset = ubi32_to_cpu(ec_hdr->vid_hdr_offset); 562 leb_start = ubi32_to_cpu(ec_hdr->data_offset); 563 564 if (ec_hdr->version != UBI_VERSION) { 565 ubi_err("node with incompatible UBI version found: " 566 "this UBI version is %d, image version is %d", 567 UBI_VERSION, (int)ec_hdr->version); 568 goto bad; 569 } 570 571 if (vid_hdr_offset != ubi->vid_hdr_offset) { 572 ubi_err("bad VID header offset %d, expected %d", 573 vid_hdr_offset, ubi->vid_hdr_offset); 574 goto bad; 575 } 576 577 if (leb_start != ubi->leb_start) { 578 ubi_err("bad data offset %d, expected %d", 579 leb_start, ubi->leb_start); 580 goto bad; 581 } 582 583 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) { 584 ubi_err("bad erase counter %lld", ec); 585 goto bad; 586 } 587 588 return 0; 589 590 bad: 591 ubi_err("bad EC header"); 592 ubi_dbg_dump_ec_hdr(ec_hdr); 593 ubi_dbg_dump_stack(); 594 return 1; 595 } 596 597 /** 598 * ubi_io_read_ec_hdr - read and check an erase counter header. 599 * @ubi: UBI device description object 600 * @pnum: physical eraseblock to read from 601 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter 602 * header 603 * @verbose: be verbose if the header is corrupted or was not found 604 * 605 * This function reads erase counter header from physical eraseblock @pnum and 606 * stores it in @ec_hdr. This function also checks CRC checksum of the read 607 * erase counter header. The following codes may be returned: 608 * 609 * o %0 if the CRC checksum is correct and the header was successfully read; 610 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected 611 * and corrected by the flash driver; this is harmless but may indicate that 612 * this eraseblock may become bad soon (but may be not); 613 * o %UBI_IO_BAD_EC_HDR if the erase counter header is corrupted (a CRC error); 614 * o %UBI_IO_PEB_EMPTY if the physical eraseblock is empty; 615 * o a negative error code in case of failure. 616 */ 617 int ubi_io_read_ec_hdr(const struct ubi_device *ubi, int pnum, 618 struct ubi_ec_hdr *ec_hdr, int verbose) 619 { 620 int err, read_err = 0; 621 uint32_t crc, magic, hdr_crc; 622 623 dbg_io("read EC header from PEB %d", pnum); 624 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 625 626 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE); 627 if (err) { 628 if (err != UBI_IO_BITFLIPS && err != -EBADMSG) 629 return err; 630 631 /* 632 * We read all the data, but either a correctable bit-flip 633 * occurred, or MTD reported about some data integrity error, 634 * like an ECC error in case of NAND. The former is harmless, 635 * the later may mean that the read data is corrupted. But we 636 * have a CRC check-sum and we will detect this. If the EC 637 * header is still OK, we just report this as there was a 638 * bit-flip. 639 */ 640 read_err = err; 641 } 642 643 magic = ubi32_to_cpu(ec_hdr->magic); 644 if (magic != UBI_EC_HDR_MAGIC) { 645 /* 646 * The magic field is wrong. Let's check if we have read all 647 * 0xFF. If yes, this physical eraseblock is assumed to be 648 * empty. 649 * 650 * But if there was a read error, we do not test it for all 651 * 0xFFs. Even if it does contain all 0xFFs, this error 652 * indicates that something is still wrong with this physical 653 * eraseblock and we anyway cannot treat it as empty. 654 */ 655 if (read_err != -EBADMSG && 656 check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) { 657 /* The physical eraseblock is supposedly empty */ 658 659 /* 660 * The below is just a paranoid check, it has to be 661 * compiled out if paranoid checks are disabled. 662 */ 663 err = paranoid_check_all_ff(ubi, pnum, 0, 664 ubi->peb_size); 665 if (err) 666 return err > 0 ? UBI_IO_BAD_EC_HDR : err; 667 668 if (verbose) 669 ubi_warn("no EC header found at PEB %d, " 670 "only 0xFF bytes", pnum); 671 return UBI_IO_PEB_EMPTY; 672 } 673 674 /* 675 * This is not a valid erase counter header, and these are not 676 * 0xFF bytes. Report that the header is corrupted. 677 */ 678 if (verbose) { 679 ubi_warn("bad magic number at PEB %d: %08x instead of " 680 "%08x", pnum, magic, UBI_EC_HDR_MAGIC); 681 ubi_dbg_dump_ec_hdr(ec_hdr); 682 } 683 return UBI_IO_BAD_EC_HDR; 684 } 685 686 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC); 687 hdr_crc = ubi32_to_cpu(ec_hdr->hdr_crc); 688 689 if (hdr_crc != crc) { 690 if (verbose) { 691 ubi_warn("bad EC header CRC at PEB %d, calculated %#08x," 692 " read %#08x", pnum, crc, hdr_crc); 693 ubi_dbg_dump_ec_hdr(ec_hdr); 694 } 695 return UBI_IO_BAD_EC_HDR; 696 } 697 698 /* And of course validate what has just been read from the media */ 699 err = validate_ec_hdr(ubi, ec_hdr); 700 if (err) { 701 ubi_err("validation failed for PEB %d", pnum); 702 return -EINVAL; 703 } 704 705 return read_err ? UBI_IO_BITFLIPS : 0; 706 } 707 708 /** 709 * ubi_io_write_ec_hdr - write an erase counter header. 710 * @ubi: UBI device description object 711 * @pnum: physical eraseblock to write to 712 * @ec_hdr: the erase counter header to write 713 * 714 * This function writes erase counter header described by @ec_hdr to physical 715 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so 716 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec 717 * field. 718 * 719 * This function returns zero in case of success and a negative error code in 720 * case of failure. If %-EIO is returned, the physical eraseblock most probably 721 * went bad. 722 */ 723 int ubi_io_write_ec_hdr(const struct ubi_device *ubi, int pnum, 724 struct ubi_ec_hdr *ec_hdr) 725 { 726 int err; 727 uint32_t crc; 728 729 dbg_io("write EC header to PEB %d", pnum); 730 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 731 732 ec_hdr->magic = cpu_to_ubi32(UBI_EC_HDR_MAGIC); 733 ec_hdr->version = UBI_VERSION; 734 ec_hdr->vid_hdr_offset = cpu_to_ubi32(ubi->vid_hdr_offset); 735 ec_hdr->data_offset = cpu_to_ubi32(ubi->leb_start); 736 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC); 737 ec_hdr->hdr_crc = cpu_to_ubi32(crc); 738 739 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr); 740 if (err) 741 return -EINVAL; 742 743 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize); 744 return err; 745 } 746 747 /** 748 * validate_vid_hdr - validate a volume identifier header. 749 * @ubi: UBI device description object 750 * @vid_hdr: the volume identifier header to check 751 * 752 * This function checks that data stored in the volume identifier header 753 * @vid_hdr. Returns zero if the VID header is OK and %1 if not. 754 */ 755 static int validate_vid_hdr(const struct ubi_device *ubi, 756 const struct ubi_vid_hdr *vid_hdr) 757 { 758 int vol_type = vid_hdr->vol_type; 759 int copy_flag = vid_hdr->copy_flag; 760 int vol_id = ubi32_to_cpu(vid_hdr->vol_id); 761 int lnum = ubi32_to_cpu(vid_hdr->lnum); 762 int compat = vid_hdr->compat; 763 int data_size = ubi32_to_cpu(vid_hdr->data_size); 764 int used_ebs = ubi32_to_cpu(vid_hdr->used_ebs); 765 int data_pad = ubi32_to_cpu(vid_hdr->data_pad); 766 int data_crc = ubi32_to_cpu(vid_hdr->data_crc); 767 int usable_leb_size = ubi->leb_size - data_pad; 768 769 if (copy_flag != 0 && copy_flag != 1) { 770 dbg_err("bad copy_flag"); 771 goto bad; 772 } 773 774 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 || 775 data_pad < 0) { 776 dbg_err("negative values"); 777 goto bad; 778 } 779 780 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) { 781 dbg_err("bad vol_id"); 782 goto bad; 783 } 784 785 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) { 786 dbg_err("bad compat"); 787 goto bad; 788 } 789 790 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE && 791 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE && 792 compat != UBI_COMPAT_REJECT) { 793 dbg_err("bad compat"); 794 goto bad; 795 } 796 797 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) { 798 dbg_err("bad vol_type"); 799 goto bad; 800 } 801 802 if (data_pad >= ubi->leb_size / 2) { 803 dbg_err("bad data_pad"); 804 goto bad; 805 } 806 807 if (vol_type == UBI_VID_STATIC) { 808 /* 809 * Although from high-level point of view static volumes may 810 * contain zero bytes of data, but no VID headers can contain 811 * zero at these fields, because they empty volumes do not have 812 * mapped logical eraseblocks. 813 */ 814 if (used_ebs == 0) { 815 dbg_err("zero used_ebs"); 816 goto bad; 817 } 818 if (data_size == 0) { 819 dbg_err("zero data_size"); 820 goto bad; 821 } 822 if (lnum < used_ebs - 1) { 823 if (data_size != usable_leb_size) { 824 dbg_err("bad data_size"); 825 goto bad; 826 } 827 } else if (lnum == used_ebs - 1) { 828 if (data_size == 0) { 829 dbg_err("bad data_size at last LEB"); 830 goto bad; 831 } 832 } else { 833 dbg_err("too high lnum"); 834 goto bad; 835 } 836 } else { 837 if (copy_flag == 0) { 838 if (data_crc != 0) { 839 dbg_err("non-zero data CRC"); 840 goto bad; 841 } 842 if (data_size != 0) { 843 dbg_err("non-zero data_size"); 844 goto bad; 845 } 846 } else { 847 if (data_size == 0) { 848 dbg_err("zero data_size of copy"); 849 goto bad; 850 } 851 } 852 if (used_ebs != 0) { 853 dbg_err("bad used_ebs"); 854 goto bad; 855 } 856 } 857 858 return 0; 859 860 bad: 861 ubi_err("bad VID header"); 862 ubi_dbg_dump_vid_hdr(vid_hdr); 863 ubi_dbg_dump_stack(); 864 return 1; 865 } 866 867 /** 868 * ubi_io_read_vid_hdr - read and check a volume identifier header. 869 * @ubi: UBI device description object 870 * @pnum: physical eraseblock number to read from 871 * @vid_hdr: &struct ubi_vid_hdr object where to store the read volume 872 * identifier header 873 * @verbose: be verbose if the header is corrupted or wasn't found 874 * 875 * This function reads the volume identifier header from physical eraseblock 876 * @pnum and stores it in @vid_hdr. It also checks CRC checksum of the read 877 * volume identifier header. The following codes may be returned: 878 * 879 * o %0 if the CRC checksum is correct and the header was successfully read; 880 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected 881 * and corrected by the flash driver; this is harmless but may indicate that 882 * this eraseblock may become bad soon; 883 * o %UBI_IO_BAD_VID_HRD if the volume identifier header is corrupted (a CRC 884 * error detected); 885 * o %UBI_IO_PEB_FREE if the physical eraseblock is free (i.e., there is no VID 886 * header there); 887 * o a negative error code in case of failure. 888 */ 889 int ubi_io_read_vid_hdr(const struct ubi_device *ubi, int pnum, 890 struct ubi_vid_hdr *vid_hdr, int verbose) 891 { 892 int err, read_err = 0; 893 uint32_t crc, magic, hdr_crc; 894 void *p; 895 896 dbg_io("read VID header from PEB %d", pnum); 897 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 898 899 p = (char *)vid_hdr - ubi->vid_hdr_shift; 900 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset, 901 ubi->vid_hdr_alsize); 902 if (err) { 903 if (err != UBI_IO_BITFLIPS && err != -EBADMSG) 904 return err; 905 906 /* 907 * We read all the data, but either a correctable bit-flip 908 * occurred, or MTD reported about some data integrity error, 909 * like an ECC error in case of NAND. The former is harmless, 910 * the later may mean the read data is corrupted. But we have a 911 * CRC check-sum and we will identify this. If the VID header is 912 * still OK, we just report this as there was a bit-flip. 913 */ 914 read_err = err; 915 } 916 917 magic = ubi32_to_cpu(vid_hdr->magic); 918 if (magic != UBI_VID_HDR_MAGIC) { 919 /* 920 * If we have read all 0xFF bytes, the VID header probably does 921 * not exist and the physical eraseblock is assumed to be free. 922 * 923 * But if there was a read error, we do not test the data for 924 * 0xFFs. Even if it does contain all 0xFFs, this error 925 * indicates that something is still wrong with this physical 926 * eraseblock and it cannot be regarded as free. 927 */ 928 if (read_err != -EBADMSG && 929 check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) { 930 /* The physical eraseblock is supposedly free */ 931 932 /* 933 * The below is just a paranoid check, it has to be 934 * compiled out if paranoid checks are disabled. 935 */ 936 err = paranoid_check_all_ff(ubi, pnum, ubi->leb_start, 937 ubi->leb_size); 938 if (err) 939 return err > 0 ? UBI_IO_BAD_VID_HDR : err; 940 941 if (verbose) 942 ubi_warn("no VID header found at PEB %d, " 943 "only 0xFF bytes", pnum); 944 return UBI_IO_PEB_FREE; 945 } 946 947 /* 948 * This is not a valid VID header, and these are not 0xFF 949 * bytes. Report that the header is corrupted. 950 */ 951 if (verbose) { 952 ubi_warn("bad magic number at PEB %d: %08x instead of " 953 "%08x", pnum, magic, UBI_VID_HDR_MAGIC); 954 ubi_dbg_dump_vid_hdr(vid_hdr); 955 } 956 return UBI_IO_BAD_VID_HDR; 957 } 958 959 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC); 960 hdr_crc = ubi32_to_cpu(vid_hdr->hdr_crc); 961 962 if (hdr_crc != crc) { 963 if (verbose) { 964 ubi_warn("bad CRC at PEB %d, calculated %#08x, " 965 "read %#08x", pnum, crc, hdr_crc); 966 ubi_dbg_dump_vid_hdr(vid_hdr); 967 } 968 return UBI_IO_BAD_VID_HDR; 969 } 970 971 /* Validate the VID header that we have just read */ 972 err = validate_vid_hdr(ubi, vid_hdr); 973 if (err) { 974 ubi_err("validation failed for PEB %d", pnum); 975 return -EINVAL; 976 } 977 978 return read_err ? UBI_IO_BITFLIPS : 0; 979 } 980 981 /** 982 * ubi_io_write_vid_hdr - write a volume identifier header. 983 * @ubi: UBI device description object 984 * @pnum: the physical eraseblock number to write to 985 * @vid_hdr: the volume identifier header to write 986 * 987 * This function writes the volume identifier header described by @vid_hdr to 988 * physical eraseblock @pnum. This function automatically fills the 989 * @vid_hdr->magic and the @vid_hdr->version fields, as well as calculates 990 * header CRC checksum and stores it at vid_hdr->hdr_crc. 991 * 992 * This function returns zero in case of success and a negative error code in 993 * case of failure. If %-EIO is returned, the physical eraseblock probably went 994 * bad. 995 */ 996 int ubi_io_write_vid_hdr(const struct ubi_device *ubi, int pnum, 997 struct ubi_vid_hdr *vid_hdr) 998 { 999 int err; 1000 uint32_t crc; 1001 void *p; 1002 1003 dbg_io("write VID header to PEB %d", pnum); 1004 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 1005 1006 err = paranoid_check_peb_ec_hdr(ubi, pnum); 1007 if (err) 1008 return err > 0 ? -EINVAL: err; 1009 1010 vid_hdr->magic = cpu_to_ubi32(UBI_VID_HDR_MAGIC); 1011 vid_hdr->version = UBI_VERSION; 1012 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC); 1013 vid_hdr->hdr_crc = cpu_to_ubi32(crc); 1014 1015 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr); 1016 if (err) 1017 return -EINVAL; 1018 1019 p = (char *)vid_hdr - ubi->vid_hdr_shift; 1020 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset, 1021 ubi->vid_hdr_alsize); 1022 return err; 1023 } 1024 1025 #ifdef CONFIG_MTD_UBI_DEBUG_PARANOID 1026 1027 /** 1028 * paranoid_check_not_bad - ensure that a physical eraseblock is not bad. 1029 * @ubi: UBI device description object 1030 * @pnum: physical eraseblock number to check 1031 * 1032 * This function returns zero if the physical eraseblock is good, a positive 1033 * number if it is bad and a negative error code if an error occurred. 1034 */ 1035 static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum) 1036 { 1037 int err; 1038 1039 err = ubi_io_is_bad(ubi, pnum); 1040 if (!err) 1041 return err; 1042 1043 ubi_err("paranoid check failed for PEB %d", pnum); 1044 ubi_dbg_dump_stack(); 1045 return err; 1046 } 1047 1048 /** 1049 * paranoid_check_ec_hdr - check if an erase counter header is all right. 1050 * @ubi: UBI device description object 1051 * @pnum: physical eraseblock number the erase counter header belongs to 1052 * @ec_hdr: the erase counter header to check 1053 * 1054 * This function returns zero if the erase counter header contains valid 1055 * values, and %1 if not. 1056 */ 1057 static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum, 1058 const struct ubi_ec_hdr *ec_hdr) 1059 { 1060 int err; 1061 uint32_t magic; 1062 1063 magic = ubi32_to_cpu(ec_hdr->magic); 1064 if (magic != UBI_EC_HDR_MAGIC) { 1065 ubi_err("bad magic %#08x, must be %#08x", 1066 magic, UBI_EC_HDR_MAGIC); 1067 goto fail; 1068 } 1069 1070 err = validate_ec_hdr(ubi, ec_hdr); 1071 if (err) { 1072 ubi_err("paranoid check failed for PEB %d", pnum); 1073 goto fail; 1074 } 1075 1076 return 0; 1077 1078 fail: 1079 ubi_dbg_dump_ec_hdr(ec_hdr); 1080 ubi_dbg_dump_stack(); 1081 return 1; 1082 } 1083 1084 /** 1085 * paranoid_check_peb_ec_hdr - check that the erase counter header of a 1086 * physical eraseblock is in-place and is all right. 1087 * @ubi: UBI device description object 1088 * @pnum: the physical eraseblock number to check 1089 * 1090 * This function returns zero if the erase counter header is all right, %1 if 1091 * not, and a negative error code if an error occurred. 1092 */ 1093 static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum) 1094 { 1095 int err; 1096 uint32_t crc, hdr_crc; 1097 struct ubi_ec_hdr *ec_hdr; 1098 1099 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_KERNEL); 1100 if (!ec_hdr) 1101 return -ENOMEM; 1102 1103 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE); 1104 if (err && err != UBI_IO_BITFLIPS && err != -EBADMSG) 1105 goto exit; 1106 1107 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC); 1108 hdr_crc = ubi32_to_cpu(ec_hdr->hdr_crc); 1109 if (hdr_crc != crc) { 1110 ubi_err("bad CRC, calculated %#08x, read %#08x", crc, hdr_crc); 1111 ubi_err("paranoid check failed for PEB %d", pnum); 1112 ubi_dbg_dump_ec_hdr(ec_hdr); 1113 ubi_dbg_dump_stack(); 1114 err = 1; 1115 goto exit; 1116 } 1117 1118 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr); 1119 1120 exit: 1121 kfree(ec_hdr); 1122 return err; 1123 } 1124 1125 /** 1126 * paranoid_check_vid_hdr - check that a volume identifier header is all right. 1127 * @ubi: UBI device description object 1128 * @pnum: physical eraseblock number the volume identifier header belongs to 1129 * @vid_hdr: the volume identifier header to check 1130 * 1131 * This function returns zero if the volume identifier header is all right, and 1132 * %1 if not. 1133 */ 1134 static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum, 1135 const struct ubi_vid_hdr *vid_hdr) 1136 { 1137 int err; 1138 uint32_t magic; 1139 1140 magic = ubi32_to_cpu(vid_hdr->magic); 1141 if (magic != UBI_VID_HDR_MAGIC) { 1142 ubi_err("bad VID header magic %#08x at PEB %d, must be %#08x", 1143 magic, pnum, UBI_VID_HDR_MAGIC); 1144 goto fail; 1145 } 1146 1147 err = validate_vid_hdr(ubi, vid_hdr); 1148 if (err) { 1149 ubi_err("paranoid check failed for PEB %d", pnum); 1150 goto fail; 1151 } 1152 1153 return err; 1154 1155 fail: 1156 ubi_err("paranoid check failed for PEB %d", pnum); 1157 ubi_dbg_dump_vid_hdr(vid_hdr); 1158 ubi_dbg_dump_stack(); 1159 return 1; 1160 1161 } 1162 1163 /** 1164 * paranoid_check_peb_vid_hdr - check that the volume identifier header of a 1165 * physical eraseblock is in-place and is all right. 1166 * @ubi: UBI device description object 1167 * @pnum: the physical eraseblock number to check 1168 * 1169 * This function returns zero if the volume identifier header is all right, 1170 * %1 if not, and a negative error code if an error occurred. 1171 */ 1172 static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum) 1173 { 1174 int err; 1175 uint32_t crc, hdr_crc; 1176 struct ubi_vid_hdr *vid_hdr; 1177 void *p; 1178 1179 vid_hdr = ubi_zalloc_vid_hdr(ubi); 1180 if (!vid_hdr) 1181 return -ENOMEM; 1182 1183 p = (char *)vid_hdr - ubi->vid_hdr_shift; 1184 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset, 1185 ubi->vid_hdr_alsize); 1186 if (err && err != UBI_IO_BITFLIPS && err != -EBADMSG) 1187 goto exit; 1188 1189 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_EC_HDR_SIZE_CRC); 1190 hdr_crc = ubi32_to_cpu(vid_hdr->hdr_crc); 1191 if (hdr_crc != crc) { 1192 ubi_err("bad VID header CRC at PEB %d, calculated %#08x, " 1193 "read %#08x", pnum, crc, hdr_crc); 1194 ubi_err("paranoid check failed for PEB %d", pnum); 1195 ubi_dbg_dump_vid_hdr(vid_hdr); 1196 ubi_dbg_dump_stack(); 1197 err = 1; 1198 goto exit; 1199 } 1200 1201 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr); 1202 1203 exit: 1204 ubi_free_vid_hdr(ubi, vid_hdr); 1205 return err; 1206 } 1207 1208 /** 1209 * paranoid_check_all_ff - check that a region of flash is empty. 1210 * @ubi: UBI device description object 1211 * @pnum: the physical eraseblock number to check 1212 * @offset: the starting offset within the physical eraseblock to check 1213 * @len: the length of the region to check 1214 * 1215 * This function returns zero if only 0xFF bytes are present at offset 1216 * @offset of the physical eraseblock @pnum, %1 if not, and a negative error 1217 * code if an error occurred. 1218 */ 1219 static int paranoid_check_all_ff(const struct ubi_device *ubi, int pnum, 1220 int offset, int len) 1221 { 1222 size_t read; 1223 int err; 1224 void *buf; 1225 loff_t addr = (loff_t)pnum * ubi->peb_size + offset; 1226 1227 buf = kzalloc(len, GFP_KERNEL); 1228 if (!buf) 1229 return -ENOMEM; 1230 1231 err = ubi->mtd->read(ubi->mtd, addr, len, &read, buf); 1232 if (err && err != -EUCLEAN) { 1233 ubi_err("error %d while reading %d bytes from PEB %d:%d, " 1234 "read %zd bytes", err, len, pnum, offset, read); 1235 goto error; 1236 } 1237 1238 err = check_pattern(buf, 0xFF, len); 1239 if (err == 0) { 1240 ubi_err("flash region at PEB %d:%d, length %d does not " 1241 "contain all 0xFF bytes", pnum, offset, len); 1242 goto fail; 1243 } 1244 1245 kfree(buf); 1246 return 0; 1247 1248 fail: 1249 ubi_err("paranoid check failed for PEB %d", pnum); 1250 dbg_msg("hex dump of the %d-%d region", offset, offset + len); 1251 ubi_dbg_hexdump(buf, len); 1252 err = 1; 1253 error: 1254 ubi_dbg_dump_stack(); 1255 kfree(buf); 1256 return err; 1257 } 1258 1259 #endif /* CONFIG_MTD_UBI_DEBUG_PARANOID */ 1260