xref: /openbmc/linux/drivers/mtd/ubi/fastmap.c (revision 82003e04)
1 /*
2  * Copyright (c) 2012 Linutronix GmbH
3  * Copyright (c) 2014 sigma star gmbh
4  * Author: Richard Weinberger <richard@nod.at>
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation; version 2.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
13  * the GNU General Public License for more details.
14  *
15  */
16 
17 #include <linux/crc32.h>
18 #include <linux/bitmap.h>
19 #include "ubi.h"
20 
21 /**
22  * init_seen - allocate memory for used for debugging.
23  * @ubi: UBI device description object
24  */
25 static inline unsigned long *init_seen(struct ubi_device *ubi)
26 {
27 	unsigned long *ret;
28 
29 	if (!ubi_dbg_chk_fastmap(ubi))
30 		return NULL;
31 
32 	ret = kcalloc(BITS_TO_LONGS(ubi->peb_count), sizeof(unsigned long),
33 		      GFP_KERNEL);
34 	if (!ret)
35 		return ERR_PTR(-ENOMEM);
36 
37 	return ret;
38 }
39 
40 /**
41  * free_seen - free the seen logic integer array.
42  * @seen: integer array of @ubi->peb_count size
43  */
44 static inline void free_seen(unsigned long *seen)
45 {
46 	kfree(seen);
47 }
48 
49 /**
50  * set_seen - mark a PEB as seen.
51  * @ubi: UBI device description object
52  * @pnum: The PEB to be makred as seen
53  * @seen: integer array of @ubi->peb_count size
54  */
55 static inline void set_seen(struct ubi_device *ubi, int pnum, unsigned long *seen)
56 {
57 	if (!ubi_dbg_chk_fastmap(ubi) || !seen)
58 		return;
59 
60 	set_bit(pnum, seen);
61 }
62 
63 /**
64  * self_check_seen - check whether all PEB have been seen by fastmap.
65  * @ubi: UBI device description object
66  * @seen: integer array of @ubi->peb_count size
67  */
68 static int self_check_seen(struct ubi_device *ubi, unsigned long *seen)
69 {
70 	int pnum, ret = 0;
71 
72 	if (!ubi_dbg_chk_fastmap(ubi) || !seen)
73 		return 0;
74 
75 	for (pnum = 0; pnum < ubi->peb_count; pnum++) {
76 		if (test_bit(pnum, seen) && ubi->lookuptbl[pnum]) {
77 			ubi_err(ubi, "self-check failed for PEB %d, fastmap didn't see it", pnum);
78 			ret = -EINVAL;
79 		}
80 	}
81 
82 	return ret;
83 }
84 
85 /**
86  * ubi_calc_fm_size - calculates the fastmap size in bytes for an UBI device.
87  * @ubi: UBI device description object
88  */
89 size_t ubi_calc_fm_size(struct ubi_device *ubi)
90 {
91 	size_t size;
92 
93 	size = sizeof(struct ubi_fm_sb) +
94 		sizeof(struct ubi_fm_hdr) +
95 		sizeof(struct ubi_fm_scan_pool) +
96 		sizeof(struct ubi_fm_scan_pool) +
97 		(ubi->peb_count * sizeof(struct ubi_fm_ec)) +
98 		(sizeof(struct ubi_fm_eba) +
99 		(ubi->peb_count * sizeof(__be32))) +
100 		sizeof(struct ubi_fm_volhdr) * UBI_MAX_VOLUMES;
101 	return roundup(size, ubi->leb_size);
102 }
103 
104 
105 /**
106  * new_fm_vhdr - allocate a new volume header for fastmap usage.
107  * @ubi: UBI device description object
108  * @vol_id: the VID of the new header
109  *
110  * Returns a new struct ubi_vid_hdr on success.
111  * NULL indicates out of memory.
112  */
113 static struct ubi_vid_io_buf *new_fm_vbuf(struct ubi_device *ubi, int vol_id)
114 {
115 	struct ubi_vid_io_buf *new;
116 	struct ubi_vid_hdr *vh;
117 
118 	new = ubi_alloc_vid_buf(ubi, GFP_KERNEL);
119 	if (!new)
120 		goto out;
121 
122 	vh = ubi_get_vid_hdr(new);
123 	vh->vol_type = UBI_VID_DYNAMIC;
124 	vh->vol_id = cpu_to_be32(vol_id);
125 
126 	/* UBI implementations without fastmap support have to delete the
127 	 * fastmap.
128 	 */
129 	vh->compat = UBI_COMPAT_DELETE;
130 
131 out:
132 	return new;
133 }
134 
135 /**
136  * add_aeb - create and add a attach erase block to a given list.
137  * @ai: UBI attach info object
138  * @list: the target list
139  * @pnum: PEB number of the new attach erase block
140  * @ec: erease counter of the new LEB
141  * @scrub: scrub this PEB after attaching
142  *
143  * Returns 0 on success, < 0 indicates an internal error.
144  */
145 static int add_aeb(struct ubi_attach_info *ai, struct list_head *list,
146 		   int pnum, int ec, int scrub)
147 {
148 	struct ubi_ainf_peb *aeb;
149 
150 	aeb = ubi_alloc_aeb(ai, pnum, ec);
151 	if (!aeb)
152 		return -ENOMEM;
153 
154 	aeb->lnum = -1;
155 	aeb->scrub = scrub;
156 	aeb->copy_flag = aeb->sqnum = 0;
157 
158 	ai->ec_sum += aeb->ec;
159 	ai->ec_count++;
160 
161 	if (ai->max_ec < aeb->ec)
162 		ai->max_ec = aeb->ec;
163 
164 	if (ai->min_ec > aeb->ec)
165 		ai->min_ec = aeb->ec;
166 
167 	list_add_tail(&aeb->u.list, list);
168 
169 	return 0;
170 }
171 
172 /**
173  * add_vol - create and add a new volume to ubi_attach_info.
174  * @ai: ubi_attach_info object
175  * @vol_id: VID of the new volume
176  * @used_ebs: number of used EBS
177  * @data_pad: data padding value of the new volume
178  * @vol_type: volume type
179  * @last_eb_bytes: number of bytes in the last LEB
180  *
181  * Returns the new struct ubi_ainf_volume on success.
182  * NULL indicates an error.
183  */
184 static struct ubi_ainf_volume *add_vol(struct ubi_attach_info *ai, int vol_id,
185 				       int used_ebs, int data_pad, u8 vol_type,
186 				       int last_eb_bytes)
187 {
188 	struct ubi_ainf_volume *av;
189 
190 	av = ubi_add_av(ai, vol_id);
191 	if (IS_ERR(av))
192 		return av;
193 
194 	av->data_pad = data_pad;
195 	av->last_data_size = last_eb_bytes;
196 	av->compat = 0;
197 	av->vol_type = vol_type;
198 	if (av->vol_type == UBI_STATIC_VOLUME)
199 		av->used_ebs = used_ebs;
200 
201 	dbg_bld("found volume (ID %i)", vol_id);
202 	return av;
203 }
204 
205 /**
206  * assign_aeb_to_av - assigns a SEB to a given ainf_volume and removes it
207  * from it's original list.
208  * @ai: ubi_attach_info object
209  * @aeb: the to be assigned SEB
210  * @av: target scan volume
211  */
212 static void assign_aeb_to_av(struct ubi_attach_info *ai,
213 			     struct ubi_ainf_peb *aeb,
214 			     struct ubi_ainf_volume *av)
215 {
216 	struct ubi_ainf_peb *tmp_aeb;
217 	struct rb_node **p = &ai->volumes.rb_node, *parent = NULL;
218 
219 	p = &av->root.rb_node;
220 	while (*p) {
221 		parent = *p;
222 
223 		tmp_aeb = rb_entry(parent, struct ubi_ainf_peb, u.rb);
224 		if (aeb->lnum != tmp_aeb->lnum) {
225 			if (aeb->lnum < tmp_aeb->lnum)
226 				p = &(*p)->rb_left;
227 			else
228 				p = &(*p)->rb_right;
229 
230 			continue;
231 		} else
232 			break;
233 	}
234 
235 	list_del(&aeb->u.list);
236 	av->leb_count++;
237 
238 	rb_link_node(&aeb->u.rb, parent, p);
239 	rb_insert_color(&aeb->u.rb, &av->root);
240 }
241 
242 /**
243  * update_vol - inserts or updates a LEB which was found a pool.
244  * @ubi: the UBI device object
245  * @ai: attach info object
246  * @av: the volume this LEB belongs to
247  * @new_vh: the volume header derived from new_aeb
248  * @new_aeb: the AEB to be examined
249  *
250  * Returns 0 on success, < 0 indicates an internal error.
251  */
252 static int update_vol(struct ubi_device *ubi, struct ubi_attach_info *ai,
253 		      struct ubi_ainf_volume *av, struct ubi_vid_hdr *new_vh,
254 		      struct ubi_ainf_peb *new_aeb)
255 {
256 	struct rb_node **p = &av->root.rb_node, *parent = NULL;
257 	struct ubi_ainf_peb *aeb, *victim;
258 	int cmp_res;
259 
260 	while (*p) {
261 		parent = *p;
262 		aeb = rb_entry(parent, struct ubi_ainf_peb, u.rb);
263 
264 		if (be32_to_cpu(new_vh->lnum) != aeb->lnum) {
265 			if (be32_to_cpu(new_vh->lnum) < aeb->lnum)
266 				p = &(*p)->rb_left;
267 			else
268 				p = &(*p)->rb_right;
269 
270 			continue;
271 		}
272 
273 		/* This case can happen if the fastmap gets written
274 		 * because of a volume change (creation, deletion, ..).
275 		 * Then a PEB can be within the persistent EBA and the pool.
276 		 */
277 		if (aeb->pnum == new_aeb->pnum) {
278 			ubi_assert(aeb->lnum == new_aeb->lnum);
279 			ubi_free_aeb(ai, new_aeb);
280 
281 			return 0;
282 		}
283 
284 		cmp_res = ubi_compare_lebs(ubi, aeb, new_aeb->pnum, new_vh);
285 		if (cmp_res < 0)
286 			return cmp_res;
287 
288 		/* new_aeb is newer */
289 		if (cmp_res & 1) {
290 			victim = ubi_alloc_aeb(ai, aeb->pnum, aeb->ec);
291 			if (!victim)
292 				return -ENOMEM;
293 
294 			list_add_tail(&victim->u.list, &ai->erase);
295 
296 			if (av->highest_lnum == be32_to_cpu(new_vh->lnum))
297 				av->last_data_size =
298 					be32_to_cpu(new_vh->data_size);
299 
300 			dbg_bld("vol %i: AEB %i's PEB %i is the newer",
301 				av->vol_id, aeb->lnum, new_aeb->pnum);
302 
303 			aeb->ec = new_aeb->ec;
304 			aeb->pnum = new_aeb->pnum;
305 			aeb->copy_flag = new_vh->copy_flag;
306 			aeb->scrub = new_aeb->scrub;
307 			aeb->sqnum = new_aeb->sqnum;
308 			ubi_free_aeb(ai, new_aeb);
309 
310 		/* new_aeb is older */
311 		} else {
312 			dbg_bld("vol %i: AEB %i's PEB %i is old, dropping it",
313 				av->vol_id, aeb->lnum, new_aeb->pnum);
314 			list_add_tail(&new_aeb->u.list, &ai->erase);
315 		}
316 
317 		return 0;
318 	}
319 	/* This LEB is new, let's add it to the volume */
320 
321 	if (av->highest_lnum <= be32_to_cpu(new_vh->lnum)) {
322 		av->highest_lnum = be32_to_cpu(new_vh->lnum);
323 		av->last_data_size = be32_to_cpu(new_vh->data_size);
324 	}
325 
326 	if (av->vol_type == UBI_STATIC_VOLUME)
327 		av->used_ebs = be32_to_cpu(new_vh->used_ebs);
328 
329 	av->leb_count++;
330 
331 	rb_link_node(&new_aeb->u.rb, parent, p);
332 	rb_insert_color(&new_aeb->u.rb, &av->root);
333 
334 	return 0;
335 }
336 
337 /**
338  * process_pool_aeb - we found a non-empty PEB in a pool.
339  * @ubi: UBI device object
340  * @ai: attach info object
341  * @new_vh: the volume header derived from new_aeb
342  * @new_aeb: the AEB to be examined
343  *
344  * Returns 0 on success, < 0 indicates an internal error.
345  */
346 static int process_pool_aeb(struct ubi_device *ubi, struct ubi_attach_info *ai,
347 			    struct ubi_vid_hdr *new_vh,
348 			    struct ubi_ainf_peb *new_aeb)
349 {
350 	int vol_id = be32_to_cpu(new_vh->vol_id);
351 	struct ubi_ainf_volume *av;
352 
353 	if (vol_id == UBI_FM_SB_VOLUME_ID || vol_id == UBI_FM_DATA_VOLUME_ID) {
354 		ubi_free_aeb(ai, new_aeb);
355 
356 		return 0;
357 	}
358 
359 	/* Find the volume this SEB belongs to */
360 	av = ubi_find_av(ai, vol_id);
361 	if (!av) {
362 		ubi_err(ubi, "orphaned volume in fastmap pool!");
363 		ubi_free_aeb(ai, new_aeb);
364 		return UBI_BAD_FASTMAP;
365 	}
366 
367 	ubi_assert(vol_id == av->vol_id);
368 
369 	return update_vol(ubi, ai, av, new_vh, new_aeb);
370 }
371 
372 /**
373  * unmap_peb - unmap a PEB.
374  * If fastmap detects a free PEB in the pool it has to check whether
375  * this PEB has been unmapped after writing the fastmap.
376  *
377  * @ai: UBI attach info object
378  * @pnum: The PEB to be unmapped
379  */
380 static void unmap_peb(struct ubi_attach_info *ai, int pnum)
381 {
382 	struct ubi_ainf_volume *av;
383 	struct rb_node *node, *node2;
384 	struct ubi_ainf_peb *aeb;
385 
386 	ubi_rb_for_each_entry(node, av, &ai->volumes, rb) {
387 		ubi_rb_for_each_entry(node2, aeb, &av->root, u.rb) {
388 			if (aeb->pnum == pnum) {
389 				rb_erase(&aeb->u.rb, &av->root);
390 				av->leb_count--;
391 				ubi_free_aeb(ai, aeb);
392 				return;
393 			}
394 		}
395 	}
396 }
397 
398 /**
399  * scan_pool - scans a pool for changed (no longer empty PEBs).
400  * @ubi: UBI device object
401  * @ai: attach info object
402  * @pebs: an array of all PEB numbers in the to be scanned pool
403  * @pool_size: size of the pool (number of entries in @pebs)
404  * @max_sqnum: pointer to the maximal sequence number
405  * @free: list of PEBs which are most likely free (and go into @ai->free)
406  *
407  * Returns 0 on success, if the pool is unusable UBI_BAD_FASTMAP is returned.
408  * < 0 indicates an internal error.
409  */
410 static int scan_pool(struct ubi_device *ubi, struct ubi_attach_info *ai,
411 		     __be32 *pebs, int pool_size, unsigned long long *max_sqnum,
412 		     struct list_head *free)
413 {
414 	struct ubi_vid_io_buf *vb;
415 	struct ubi_vid_hdr *vh;
416 	struct ubi_ec_hdr *ech;
417 	struct ubi_ainf_peb *new_aeb;
418 	int i, pnum, err, ret = 0;
419 
420 	ech = kzalloc(ubi->ec_hdr_alsize, GFP_KERNEL);
421 	if (!ech)
422 		return -ENOMEM;
423 
424 	vb = ubi_alloc_vid_buf(ubi, GFP_KERNEL);
425 	if (!vb) {
426 		kfree(ech);
427 		return -ENOMEM;
428 	}
429 
430 	vh = ubi_get_vid_hdr(vb);
431 
432 	dbg_bld("scanning fastmap pool: size = %i", pool_size);
433 
434 	/*
435 	 * Now scan all PEBs in the pool to find changes which have been made
436 	 * after the creation of the fastmap
437 	 */
438 	for (i = 0; i < pool_size; i++) {
439 		int scrub = 0;
440 		int image_seq;
441 
442 		pnum = be32_to_cpu(pebs[i]);
443 
444 		if (ubi_io_is_bad(ubi, pnum)) {
445 			ubi_err(ubi, "bad PEB in fastmap pool!");
446 			ret = UBI_BAD_FASTMAP;
447 			goto out;
448 		}
449 
450 		err = ubi_io_read_ec_hdr(ubi, pnum, ech, 0);
451 		if (err && err != UBI_IO_BITFLIPS) {
452 			ubi_err(ubi, "unable to read EC header! PEB:%i err:%i",
453 				pnum, err);
454 			ret = err > 0 ? UBI_BAD_FASTMAP : err;
455 			goto out;
456 		} else if (err == UBI_IO_BITFLIPS)
457 			scrub = 1;
458 
459 		/*
460 		 * Older UBI implementations have image_seq set to zero, so
461 		 * we shouldn't fail if image_seq == 0.
462 		 */
463 		image_seq = be32_to_cpu(ech->image_seq);
464 
465 		if (image_seq && (image_seq != ubi->image_seq)) {
466 			ubi_err(ubi, "bad image seq: 0x%x, expected: 0x%x",
467 				be32_to_cpu(ech->image_seq), ubi->image_seq);
468 			ret = UBI_BAD_FASTMAP;
469 			goto out;
470 		}
471 
472 		err = ubi_io_read_vid_hdr(ubi, pnum, vb, 0);
473 		if (err == UBI_IO_FF || err == UBI_IO_FF_BITFLIPS) {
474 			unsigned long long ec = be64_to_cpu(ech->ec);
475 			unmap_peb(ai, pnum);
476 			dbg_bld("Adding PEB to free: %i", pnum);
477 
478 			if (err == UBI_IO_FF_BITFLIPS)
479 				scrub = 1;
480 
481 			add_aeb(ai, free, pnum, ec, scrub);
482 			continue;
483 		} else if (err == 0 || err == UBI_IO_BITFLIPS) {
484 			dbg_bld("Found non empty PEB:%i in pool", pnum);
485 
486 			if (err == UBI_IO_BITFLIPS)
487 				scrub = 1;
488 
489 			new_aeb = ubi_alloc_aeb(ai, pnum, be64_to_cpu(ech->ec));
490 			if (!new_aeb) {
491 				ret = -ENOMEM;
492 				goto out;
493 			}
494 
495 			new_aeb->lnum = be32_to_cpu(vh->lnum);
496 			new_aeb->sqnum = be64_to_cpu(vh->sqnum);
497 			new_aeb->copy_flag = vh->copy_flag;
498 			new_aeb->scrub = scrub;
499 
500 			if (*max_sqnum < new_aeb->sqnum)
501 				*max_sqnum = new_aeb->sqnum;
502 
503 			err = process_pool_aeb(ubi, ai, vh, new_aeb);
504 			if (err) {
505 				ret = err > 0 ? UBI_BAD_FASTMAP : err;
506 				goto out;
507 			}
508 		} else {
509 			/* We are paranoid and fall back to scanning mode */
510 			ubi_err(ubi, "fastmap pool PEBs contains damaged PEBs!");
511 			ret = err > 0 ? UBI_BAD_FASTMAP : err;
512 			goto out;
513 		}
514 
515 	}
516 
517 out:
518 	ubi_free_vid_buf(vb);
519 	kfree(ech);
520 	return ret;
521 }
522 
523 /**
524  * count_fastmap_pebs - Counts the PEBs found by fastmap.
525  * @ai: The UBI attach info object
526  */
527 static int count_fastmap_pebs(struct ubi_attach_info *ai)
528 {
529 	struct ubi_ainf_peb *aeb;
530 	struct ubi_ainf_volume *av;
531 	struct rb_node *rb1, *rb2;
532 	int n = 0;
533 
534 	list_for_each_entry(aeb, &ai->erase, u.list)
535 		n++;
536 
537 	list_for_each_entry(aeb, &ai->free, u.list)
538 		n++;
539 
540 	ubi_rb_for_each_entry(rb1, av, &ai->volumes, rb)
541 		ubi_rb_for_each_entry(rb2, aeb, &av->root, u.rb)
542 			n++;
543 
544 	return n;
545 }
546 
547 /**
548  * ubi_attach_fastmap - creates ubi_attach_info from a fastmap.
549  * @ubi: UBI device object
550  * @ai: UBI attach info object
551  * @fm: the fastmap to be attached
552  *
553  * Returns 0 on success, UBI_BAD_FASTMAP if the found fastmap was unusable.
554  * < 0 indicates an internal error.
555  */
556 static int ubi_attach_fastmap(struct ubi_device *ubi,
557 			      struct ubi_attach_info *ai,
558 			      struct ubi_fastmap_layout *fm)
559 {
560 	struct list_head used, free;
561 	struct ubi_ainf_volume *av;
562 	struct ubi_ainf_peb *aeb, *tmp_aeb, *_tmp_aeb;
563 	struct ubi_fm_sb *fmsb;
564 	struct ubi_fm_hdr *fmhdr;
565 	struct ubi_fm_scan_pool *fmpl, *fmpl_wl;
566 	struct ubi_fm_ec *fmec;
567 	struct ubi_fm_volhdr *fmvhdr;
568 	struct ubi_fm_eba *fm_eba;
569 	int ret, i, j, pool_size, wl_pool_size;
570 	size_t fm_pos = 0, fm_size = ubi->fm_size;
571 	unsigned long long max_sqnum = 0;
572 	void *fm_raw = ubi->fm_buf;
573 
574 	INIT_LIST_HEAD(&used);
575 	INIT_LIST_HEAD(&free);
576 	ai->min_ec = UBI_MAX_ERASECOUNTER;
577 
578 	fmsb = (struct ubi_fm_sb *)(fm_raw);
579 	ai->max_sqnum = fmsb->sqnum;
580 	fm_pos += sizeof(struct ubi_fm_sb);
581 	if (fm_pos >= fm_size)
582 		goto fail_bad;
583 
584 	fmhdr = (struct ubi_fm_hdr *)(fm_raw + fm_pos);
585 	fm_pos += sizeof(*fmhdr);
586 	if (fm_pos >= fm_size)
587 		goto fail_bad;
588 
589 	if (be32_to_cpu(fmhdr->magic) != UBI_FM_HDR_MAGIC) {
590 		ubi_err(ubi, "bad fastmap header magic: 0x%x, expected: 0x%x",
591 			be32_to_cpu(fmhdr->magic), UBI_FM_HDR_MAGIC);
592 		goto fail_bad;
593 	}
594 
595 	fmpl = (struct ubi_fm_scan_pool *)(fm_raw + fm_pos);
596 	fm_pos += sizeof(*fmpl);
597 	if (fm_pos >= fm_size)
598 		goto fail_bad;
599 	if (be32_to_cpu(fmpl->magic) != UBI_FM_POOL_MAGIC) {
600 		ubi_err(ubi, "bad fastmap pool magic: 0x%x, expected: 0x%x",
601 			be32_to_cpu(fmpl->magic), UBI_FM_POOL_MAGIC);
602 		goto fail_bad;
603 	}
604 
605 	fmpl_wl = (struct ubi_fm_scan_pool *)(fm_raw + fm_pos);
606 	fm_pos += sizeof(*fmpl_wl);
607 	if (fm_pos >= fm_size)
608 		goto fail_bad;
609 	if (be32_to_cpu(fmpl_wl->magic) != UBI_FM_POOL_MAGIC) {
610 		ubi_err(ubi, "bad fastmap WL pool magic: 0x%x, expected: 0x%x",
611 			be32_to_cpu(fmpl_wl->magic), UBI_FM_POOL_MAGIC);
612 		goto fail_bad;
613 	}
614 
615 	pool_size = be16_to_cpu(fmpl->size);
616 	wl_pool_size = be16_to_cpu(fmpl_wl->size);
617 	fm->max_pool_size = be16_to_cpu(fmpl->max_size);
618 	fm->max_wl_pool_size = be16_to_cpu(fmpl_wl->max_size);
619 
620 	if (pool_size > UBI_FM_MAX_POOL_SIZE || pool_size < 0) {
621 		ubi_err(ubi, "bad pool size: %i", pool_size);
622 		goto fail_bad;
623 	}
624 
625 	if (wl_pool_size > UBI_FM_MAX_POOL_SIZE || wl_pool_size < 0) {
626 		ubi_err(ubi, "bad WL pool size: %i", wl_pool_size);
627 		goto fail_bad;
628 	}
629 
630 
631 	if (fm->max_pool_size > UBI_FM_MAX_POOL_SIZE ||
632 	    fm->max_pool_size < 0) {
633 		ubi_err(ubi, "bad maximal pool size: %i", fm->max_pool_size);
634 		goto fail_bad;
635 	}
636 
637 	if (fm->max_wl_pool_size > UBI_FM_MAX_POOL_SIZE ||
638 	    fm->max_wl_pool_size < 0) {
639 		ubi_err(ubi, "bad maximal WL pool size: %i",
640 			fm->max_wl_pool_size);
641 		goto fail_bad;
642 	}
643 
644 	/* read EC values from free list */
645 	for (i = 0; i < be32_to_cpu(fmhdr->free_peb_count); i++) {
646 		fmec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
647 		fm_pos += sizeof(*fmec);
648 		if (fm_pos >= fm_size)
649 			goto fail_bad;
650 
651 		add_aeb(ai, &ai->free, be32_to_cpu(fmec->pnum),
652 			be32_to_cpu(fmec->ec), 0);
653 	}
654 
655 	/* read EC values from used list */
656 	for (i = 0; i < be32_to_cpu(fmhdr->used_peb_count); i++) {
657 		fmec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
658 		fm_pos += sizeof(*fmec);
659 		if (fm_pos >= fm_size)
660 			goto fail_bad;
661 
662 		add_aeb(ai, &used, be32_to_cpu(fmec->pnum),
663 			be32_to_cpu(fmec->ec), 0);
664 	}
665 
666 	/* read EC values from scrub list */
667 	for (i = 0; i < be32_to_cpu(fmhdr->scrub_peb_count); i++) {
668 		fmec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
669 		fm_pos += sizeof(*fmec);
670 		if (fm_pos >= fm_size)
671 			goto fail_bad;
672 
673 		add_aeb(ai, &used, be32_to_cpu(fmec->pnum),
674 			be32_to_cpu(fmec->ec), 1);
675 	}
676 
677 	/* read EC values from erase list */
678 	for (i = 0; i < be32_to_cpu(fmhdr->erase_peb_count); i++) {
679 		fmec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
680 		fm_pos += sizeof(*fmec);
681 		if (fm_pos >= fm_size)
682 			goto fail_bad;
683 
684 		add_aeb(ai, &ai->erase, be32_to_cpu(fmec->pnum),
685 			be32_to_cpu(fmec->ec), 1);
686 	}
687 
688 	ai->mean_ec = div_u64(ai->ec_sum, ai->ec_count);
689 	ai->bad_peb_count = be32_to_cpu(fmhdr->bad_peb_count);
690 
691 	/* Iterate over all volumes and read their EBA table */
692 	for (i = 0; i < be32_to_cpu(fmhdr->vol_count); i++) {
693 		fmvhdr = (struct ubi_fm_volhdr *)(fm_raw + fm_pos);
694 		fm_pos += sizeof(*fmvhdr);
695 		if (fm_pos >= fm_size)
696 			goto fail_bad;
697 
698 		if (be32_to_cpu(fmvhdr->magic) != UBI_FM_VHDR_MAGIC) {
699 			ubi_err(ubi, "bad fastmap vol header magic: 0x%x, expected: 0x%x",
700 				be32_to_cpu(fmvhdr->magic), UBI_FM_VHDR_MAGIC);
701 			goto fail_bad;
702 		}
703 
704 		av = add_vol(ai, be32_to_cpu(fmvhdr->vol_id),
705 			     be32_to_cpu(fmvhdr->used_ebs),
706 			     be32_to_cpu(fmvhdr->data_pad),
707 			     fmvhdr->vol_type,
708 			     be32_to_cpu(fmvhdr->last_eb_bytes));
709 
710 		if (IS_ERR(av)) {
711 			if (PTR_ERR(av) == -EEXIST)
712 				ubi_err(ubi, "volume (ID %i) already exists",
713 					fmvhdr->vol_id);
714 
715 			goto fail_bad;
716 		}
717 
718 		ai->vols_found++;
719 		if (ai->highest_vol_id < be32_to_cpu(fmvhdr->vol_id))
720 			ai->highest_vol_id = be32_to_cpu(fmvhdr->vol_id);
721 
722 		fm_eba = (struct ubi_fm_eba *)(fm_raw + fm_pos);
723 		fm_pos += sizeof(*fm_eba);
724 		fm_pos += (sizeof(__be32) * be32_to_cpu(fm_eba->reserved_pebs));
725 		if (fm_pos >= fm_size)
726 			goto fail_bad;
727 
728 		if (be32_to_cpu(fm_eba->magic) != UBI_FM_EBA_MAGIC) {
729 			ubi_err(ubi, "bad fastmap EBA header magic: 0x%x, expected: 0x%x",
730 				be32_to_cpu(fm_eba->magic), UBI_FM_EBA_MAGIC);
731 			goto fail_bad;
732 		}
733 
734 		for (j = 0; j < be32_to_cpu(fm_eba->reserved_pebs); j++) {
735 			int pnum = be32_to_cpu(fm_eba->pnum[j]);
736 
737 			if (pnum < 0)
738 				continue;
739 
740 			aeb = NULL;
741 			list_for_each_entry(tmp_aeb, &used, u.list) {
742 				if (tmp_aeb->pnum == pnum) {
743 					aeb = tmp_aeb;
744 					break;
745 				}
746 			}
747 
748 			if (!aeb) {
749 				ubi_err(ubi, "PEB %i is in EBA but not in used list", pnum);
750 				goto fail_bad;
751 			}
752 
753 			aeb->lnum = j;
754 
755 			if (av->highest_lnum <= aeb->lnum)
756 				av->highest_lnum = aeb->lnum;
757 
758 			assign_aeb_to_av(ai, aeb, av);
759 
760 			dbg_bld("inserting PEB:%i (LEB %i) to vol %i",
761 				aeb->pnum, aeb->lnum, av->vol_id);
762 		}
763 	}
764 
765 	ret = scan_pool(ubi, ai, fmpl->pebs, pool_size, &max_sqnum, &free);
766 	if (ret)
767 		goto fail;
768 
769 	ret = scan_pool(ubi, ai, fmpl_wl->pebs, wl_pool_size, &max_sqnum, &free);
770 	if (ret)
771 		goto fail;
772 
773 	if (max_sqnum > ai->max_sqnum)
774 		ai->max_sqnum = max_sqnum;
775 
776 	list_for_each_entry_safe(tmp_aeb, _tmp_aeb, &free, u.list)
777 		list_move_tail(&tmp_aeb->u.list, &ai->free);
778 
779 	list_for_each_entry_safe(tmp_aeb, _tmp_aeb, &used, u.list)
780 		list_move_tail(&tmp_aeb->u.list, &ai->erase);
781 
782 	ubi_assert(list_empty(&free));
783 
784 	/*
785 	 * If fastmap is leaking PEBs (must not happen), raise a
786 	 * fat warning and fall back to scanning mode.
787 	 * We do this here because in ubi_wl_init() it's too late
788 	 * and we cannot fall back to scanning.
789 	 */
790 	if (WARN_ON(count_fastmap_pebs(ai) != ubi->peb_count -
791 		    ai->bad_peb_count - fm->used_blocks))
792 		goto fail_bad;
793 
794 	return 0;
795 
796 fail_bad:
797 	ret = UBI_BAD_FASTMAP;
798 fail:
799 	list_for_each_entry_safe(tmp_aeb, _tmp_aeb, &used, u.list) {
800 		list_del(&tmp_aeb->u.list);
801 		ubi_free_aeb(ai, tmp_aeb);
802 	}
803 	list_for_each_entry_safe(tmp_aeb, _tmp_aeb, &free, u.list) {
804 		list_del(&tmp_aeb->u.list);
805 		ubi_free_aeb(ai, tmp_aeb);
806 	}
807 
808 	return ret;
809 }
810 
811 /**
812  * find_fm_anchor - find the most recent Fastmap superblock (anchor)
813  * @ai: UBI attach info to be filled
814  */
815 static int find_fm_anchor(struct ubi_attach_info *ai)
816 {
817 	int ret = -1;
818 	struct ubi_ainf_peb *aeb;
819 	unsigned long long max_sqnum = 0;
820 
821 	list_for_each_entry(aeb, &ai->fastmap, u.list) {
822 		if (aeb->vol_id == UBI_FM_SB_VOLUME_ID && aeb->sqnum > max_sqnum) {
823 			max_sqnum = aeb->sqnum;
824 			ret = aeb->pnum;
825 		}
826 	}
827 
828 	return ret;
829 }
830 
831 /**
832  * ubi_scan_fastmap - scan the fastmap.
833  * @ubi: UBI device object
834  * @ai: UBI attach info to be filled
835  * @scan_ai: UBI attach info from the first 64 PEBs,
836  *           used to find the most recent Fastmap data structure
837  *
838  * Returns 0 on success, UBI_NO_FASTMAP if no fastmap was found,
839  * UBI_BAD_FASTMAP if one was found but is not usable.
840  * < 0 indicates an internal error.
841  */
842 int ubi_scan_fastmap(struct ubi_device *ubi, struct ubi_attach_info *ai,
843 		     struct ubi_attach_info *scan_ai)
844 {
845 	struct ubi_fm_sb *fmsb, *fmsb2;
846 	struct ubi_vid_io_buf *vb;
847 	struct ubi_vid_hdr *vh;
848 	struct ubi_ec_hdr *ech;
849 	struct ubi_fastmap_layout *fm;
850 	struct ubi_ainf_peb *tmp_aeb, *aeb;
851 	int i, used_blocks, pnum, fm_anchor, ret = 0;
852 	size_t fm_size;
853 	__be32 crc, tmp_crc;
854 	unsigned long long sqnum = 0;
855 
856 	fm_anchor = find_fm_anchor(scan_ai);
857 	if (fm_anchor < 0)
858 		return UBI_NO_FASTMAP;
859 
860 	/* Move all (possible) fastmap blocks into our new attach structure. */
861 	list_for_each_entry_safe(aeb, tmp_aeb, &scan_ai->fastmap, u.list)
862 		list_move_tail(&aeb->u.list, &ai->fastmap);
863 
864 	down_write(&ubi->fm_protect);
865 	memset(ubi->fm_buf, 0, ubi->fm_size);
866 
867 	fmsb = kmalloc(sizeof(*fmsb), GFP_KERNEL);
868 	if (!fmsb) {
869 		ret = -ENOMEM;
870 		goto out;
871 	}
872 
873 	fm = kzalloc(sizeof(*fm), GFP_KERNEL);
874 	if (!fm) {
875 		ret = -ENOMEM;
876 		kfree(fmsb);
877 		goto out;
878 	}
879 
880 	ret = ubi_io_read_data(ubi, fmsb, fm_anchor, 0, sizeof(*fmsb));
881 	if (ret && ret != UBI_IO_BITFLIPS)
882 		goto free_fm_sb;
883 	else if (ret == UBI_IO_BITFLIPS)
884 		fm->to_be_tortured[0] = 1;
885 
886 	if (be32_to_cpu(fmsb->magic) != UBI_FM_SB_MAGIC) {
887 		ubi_err(ubi, "bad super block magic: 0x%x, expected: 0x%x",
888 			be32_to_cpu(fmsb->magic), UBI_FM_SB_MAGIC);
889 		ret = UBI_BAD_FASTMAP;
890 		goto free_fm_sb;
891 	}
892 
893 	if (fmsb->version != UBI_FM_FMT_VERSION) {
894 		ubi_err(ubi, "bad fastmap version: %i, expected: %i",
895 			fmsb->version, UBI_FM_FMT_VERSION);
896 		ret = UBI_BAD_FASTMAP;
897 		goto free_fm_sb;
898 	}
899 
900 	used_blocks = be32_to_cpu(fmsb->used_blocks);
901 	if (used_blocks > UBI_FM_MAX_BLOCKS || used_blocks < 1) {
902 		ubi_err(ubi, "number of fastmap blocks is invalid: %i",
903 			used_blocks);
904 		ret = UBI_BAD_FASTMAP;
905 		goto free_fm_sb;
906 	}
907 
908 	fm_size = ubi->leb_size * used_blocks;
909 	if (fm_size != ubi->fm_size) {
910 		ubi_err(ubi, "bad fastmap size: %zi, expected: %zi",
911 			fm_size, ubi->fm_size);
912 		ret = UBI_BAD_FASTMAP;
913 		goto free_fm_sb;
914 	}
915 
916 	ech = kzalloc(ubi->ec_hdr_alsize, GFP_KERNEL);
917 	if (!ech) {
918 		ret = -ENOMEM;
919 		goto free_fm_sb;
920 	}
921 
922 	vb = ubi_alloc_vid_buf(ubi, GFP_KERNEL);
923 	if (!vb) {
924 		ret = -ENOMEM;
925 		goto free_hdr;
926 	}
927 
928 	vh = ubi_get_vid_hdr(vb);
929 
930 	for (i = 0; i < used_blocks; i++) {
931 		int image_seq;
932 
933 		pnum = be32_to_cpu(fmsb->block_loc[i]);
934 
935 		if (ubi_io_is_bad(ubi, pnum)) {
936 			ret = UBI_BAD_FASTMAP;
937 			goto free_hdr;
938 		}
939 
940 		if (i == 0 && pnum != fm_anchor) {
941 			ubi_err(ubi, "Fastmap anchor PEB mismatch: PEB: %i vs. %i",
942 				pnum, fm_anchor);
943 			ret = UBI_BAD_FASTMAP;
944 			goto free_hdr;
945 		}
946 
947 		ret = ubi_io_read_ec_hdr(ubi, pnum, ech, 0);
948 		if (ret && ret != UBI_IO_BITFLIPS) {
949 			ubi_err(ubi, "unable to read fastmap block# %i EC (PEB: %i)",
950 				i, pnum);
951 			if (ret > 0)
952 				ret = UBI_BAD_FASTMAP;
953 			goto free_hdr;
954 		} else if (ret == UBI_IO_BITFLIPS)
955 			fm->to_be_tortured[i] = 1;
956 
957 		image_seq = be32_to_cpu(ech->image_seq);
958 		if (!ubi->image_seq)
959 			ubi->image_seq = image_seq;
960 
961 		/*
962 		 * Older UBI implementations have image_seq set to zero, so
963 		 * we shouldn't fail if image_seq == 0.
964 		 */
965 		if (image_seq && (image_seq != ubi->image_seq)) {
966 			ubi_err(ubi, "wrong image seq:%d instead of %d",
967 				be32_to_cpu(ech->image_seq), ubi->image_seq);
968 			ret = UBI_BAD_FASTMAP;
969 			goto free_hdr;
970 		}
971 
972 		ret = ubi_io_read_vid_hdr(ubi, pnum, vb, 0);
973 		if (ret && ret != UBI_IO_BITFLIPS) {
974 			ubi_err(ubi, "unable to read fastmap block# %i (PEB: %i)",
975 				i, pnum);
976 			goto free_hdr;
977 		}
978 
979 		if (i == 0) {
980 			if (be32_to_cpu(vh->vol_id) != UBI_FM_SB_VOLUME_ID) {
981 				ubi_err(ubi, "bad fastmap anchor vol_id: 0x%x, expected: 0x%x",
982 					be32_to_cpu(vh->vol_id),
983 					UBI_FM_SB_VOLUME_ID);
984 				ret = UBI_BAD_FASTMAP;
985 				goto free_hdr;
986 			}
987 		} else {
988 			if (be32_to_cpu(vh->vol_id) != UBI_FM_DATA_VOLUME_ID) {
989 				ubi_err(ubi, "bad fastmap data vol_id: 0x%x, expected: 0x%x",
990 					be32_to_cpu(vh->vol_id),
991 					UBI_FM_DATA_VOLUME_ID);
992 				ret = UBI_BAD_FASTMAP;
993 				goto free_hdr;
994 			}
995 		}
996 
997 		if (sqnum < be64_to_cpu(vh->sqnum))
998 			sqnum = be64_to_cpu(vh->sqnum);
999 
1000 		ret = ubi_io_read_data(ubi, ubi->fm_buf + (ubi->leb_size * i),
1001 				       pnum, 0, ubi->leb_size);
1002 		if (ret && ret != UBI_IO_BITFLIPS) {
1003 			ubi_err(ubi, "unable to read fastmap block# %i (PEB: %i, "
1004 				"err: %i)", i, pnum, ret);
1005 			goto free_hdr;
1006 		}
1007 	}
1008 
1009 	kfree(fmsb);
1010 	fmsb = NULL;
1011 
1012 	fmsb2 = (struct ubi_fm_sb *)(ubi->fm_buf);
1013 	tmp_crc = be32_to_cpu(fmsb2->data_crc);
1014 	fmsb2->data_crc = 0;
1015 	crc = crc32(UBI_CRC32_INIT, ubi->fm_buf, fm_size);
1016 	if (crc != tmp_crc) {
1017 		ubi_err(ubi, "fastmap data CRC is invalid");
1018 		ubi_err(ubi, "CRC should be: 0x%x, calc: 0x%x",
1019 			tmp_crc, crc);
1020 		ret = UBI_BAD_FASTMAP;
1021 		goto free_hdr;
1022 	}
1023 
1024 	fmsb2->sqnum = sqnum;
1025 
1026 	fm->used_blocks = used_blocks;
1027 
1028 	ret = ubi_attach_fastmap(ubi, ai, fm);
1029 	if (ret) {
1030 		if (ret > 0)
1031 			ret = UBI_BAD_FASTMAP;
1032 		goto free_hdr;
1033 	}
1034 
1035 	for (i = 0; i < used_blocks; i++) {
1036 		struct ubi_wl_entry *e;
1037 
1038 		e = kmem_cache_alloc(ubi_wl_entry_slab, GFP_KERNEL);
1039 		if (!e) {
1040 			while (i--)
1041 				kfree(fm->e[i]);
1042 
1043 			ret = -ENOMEM;
1044 			goto free_hdr;
1045 		}
1046 
1047 		e->pnum = be32_to_cpu(fmsb2->block_loc[i]);
1048 		e->ec = be32_to_cpu(fmsb2->block_ec[i]);
1049 		fm->e[i] = e;
1050 	}
1051 
1052 	ubi->fm = fm;
1053 	ubi->fm_pool.max_size = ubi->fm->max_pool_size;
1054 	ubi->fm_wl_pool.max_size = ubi->fm->max_wl_pool_size;
1055 	ubi_msg(ubi, "attached by fastmap");
1056 	ubi_msg(ubi, "fastmap pool size: %d", ubi->fm_pool.max_size);
1057 	ubi_msg(ubi, "fastmap WL pool size: %d",
1058 		ubi->fm_wl_pool.max_size);
1059 	ubi->fm_disabled = 0;
1060 	ubi->fast_attach = 1;
1061 
1062 	ubi_free_vid_buf(vb);
1063 	kfree(ech);
1064 out:
1065 	up_write(&ubi->fm_protect);
1066 	if (ret == UBI_BAD_FASTMAP)
1067 		ubi_err(ubi, "Attach by fastmap failed, doing a full scan!");
1068 	return ret;
1069 
1070 free_hdr:
1071 	ubi_free_vid_buf(vb);
1072 	kfree(ech);
1073 free_fm_sb:
1074 	kfree(fmsb);
1075 	kfree(fm);
1076 	goto out;
1077 }
1078 
1079 /**
1080  * ubi_write_fastmap - writes a fastmap.
1081  * @ubi: UBI device object
1082  * @new_fm: the to be written fastmap
1083  *
1084  * Returns 0 on success, < 0 indicates an internal error.
1085  */
1086 static int ubi_write_fastmap(struct ubi_device *ubi,
1087 			     struct ubi_fastmap_layout *new_fm)
1088 {
1089 	size_t fm_pos = 0;
1090 	void *fm_raw;
1091 	struct ubi_fm_sb *fmsb;
1092 	struct ubi_fm_hdr *fmh;
1093 	struct ubi_fm_scan_pool *fmpl, *fmpl_wl;
1094 	struct ubi_fm_ec *fec;
1095 	struct ubi_fm_volhdr *fvh;
1096 	struct ubi_fm_eba *feba;
1097 	struct ubi_wl_entry *wl_e;
1098 	struct ubi_volume *vol;
1099 	struct ubi_vid_io_buf *avbuf, *dvbuf;
1100 	struct ubi_vid_hdr *avhdr, *dvhdr;
1101 	struct ubi_work *ubi_wrk;
1102 	struct rb_node *tmp_rb;
1103 	int ret, i, j, free_peb_count, used_peb_count, vol_count;
1104 	int scrub_peb_count, erase_peb_count;
1105 	unsigned long *seen_pebs = NULL;
1106 
1107 	fm_raw = ubi->fm_buf;
1108 	memset(ubi->fm_buf, 0, ubi->fm_size);
1109 
1110 	avbuf = new_fm_vbuf(ubi, UBI_FM_SB_VOLUME_ID);
1111 	if (!avbuf) {
1112 		ret = -ENOMEM;
1113 		goto out;
1114 	}
1115 
1116 	dvbuf = new_fm_vbuf(ubi, UBI_FM_DATA_VOLUME_ID);
1117 	if (!dvbuf) {
1118 		ret = -ENOMEM;
1119 		goto out_kfree;
1120 	}
1121 
1122 	avhdr = ubi_get_vid_hdr(avbuf);
1123 	dvhdr = ubi_get_vid_hdr(dvbuf);
1124 
1125 	seen_pebs = init_seen(ubi);
1126 	if (IS_ERR(seen_pebs)) {
1127 		ret = PTR_ERR(seen_pebs);
1128 		goto out_kfree;
1129 	}
1130 
1131 	spin_lock(&ubi->volumes_lock);
1132 	spin_lock(&ubi->wl_lock);
1133 
1134 	fmsb = (struct ubi_fm_sb *)fm_raw;
1135 	fm_pos += sizeof(*fmsb);
1136 	ubi_assert(fm_pos <= ubi->fm_size);
1137 
1138 	fmh = (struct ubi_fm_hdr *)(fm_raw + fm_pos);
1139 	fm_pos += sizeof(*fmh);
1140 	ubi_assert(fm_pos <= ubi->fm_size);
1141 
1142 	fmsb->magic = cpu_to_be32(UBI_FM_SB_MAGIC);
1143 	fmsb->version = UBI_FM_FMT_VERSION;
1144 	fmsb->used_blocks = cpu_to_be32(new_fm->used_blocks);
1145 	/* the max sqnum will be filled in while *reading* the fastmap */
1146 	fmsb->sqnum = 0;
1147 
1148 	fmh->magic = cpu_to_be32(UBI_FM_HDR_MAGIC);
1149 	free_peb_count = 0;
1150 	used_peb_count = 0;
1151 	scrub_peb_count = 0;
1152 	erase_peb_count = 0;
1153 	vol_count = 0;
1154 
1155 	fmpl = (struct ubi_fm_scan_pool *)(fm_raw + fm_pos);
1156 	fm_pos += sizeof(*fmpl);
1157 	fmpl->magic = cpu_to_be32(UBI_FM_POOL_MAGIC);
1158 	fmpl->size = cpu_to_be16(ubi->fm_pool.size);
1159 	fmpl->max_size = cpu_to_be16(ubi->fm_pool.max_size);
1160 
1161 	for (i = 0; i < ubi->fm_pool.size; i++) {
1162 		fmpl->pebs[i] = cpu_to_be32(ubi->fm_pool.pebs[i]);
1163 		set_seen(ubi, ubi->fm_pool.pebs[i], seen_pebs);
1164 	}
1165 
1166 	fmpl_wl = (struct ubi_fm_scan_pool *)(fm_raw + fm_pos);
1167 	fm_pos += sizeof(*fmpl_wl);
1168 	fmpl_wl->magic = cpu_to_be32(UBI_FM_POOL_MAGIC);
1169 	fmpl_wl->size = cpu_to_be16(ubi->fm_wl_pool.size);
1170 	fmpl_wl->max_size = cpu_to_be16(ubi->fm_wl_pool.max_size);
1171 
1172 	for (i = 0; i < ubi->fm_wl_pool.size; i++) {
1173 		fmpl_wl->pebs[i] = cpu_to_be32(ubi->fm_wl_pool.pebs[i]);
1174 		set_seen(ubi, ubi->fm_wl_pool.pebs[i], seen_pebs);
1175 	}
1176 
1177 	ubi_for_each_free_peb(ubi, wl_e, tmp_rb) {
1178 		fec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
1179 
1180 		fec->pnum = cpu_to_be32(wl_e->pnum);
1181 		set_seen(ubi, wl_e->pnum, seen_pebs);
1182 		fec->ec = cpu_to_be32(wl_e->ec);
1183 
1184 		free_peb_count++;
1185 		fm_pos += sizeof(*fec);
1186 		ubi_assert(fm_pos <= ubi->fm_size);
1187 	}
1188 	fmh->free_peb_count = cpu_to_be32(free_peb_count);
1189 
1190 	ubi_for_each_used_peb(ubi, wl_e, tmp_rb) {
1191 		fec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
1192 
1193 		fec->pnum = cpu_to_be32(wl_e->pnum);
1194 		set_seen(ubi, wl_e->pnum, seen_pebs);
1195 		fec->ec = cpu_to_be32(wl_e->ec);
1196 
1197 		used_peb_count++;
1198 		fm_pos += sizeof(*fec);
1199 		ubi_assert(fm_pos <= ubi->fm_size);
1200 	}
1201 
1202 	ubi_for_each_protected_peb(ubi, i, wl_e) {
1203 		fec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
1204 
1205 		fec->pnum = cpu_to_be32(wl_e->pnum);
1206 		set_seen(ubi, wl_e->pnum, seen_pebs);
1207 		fec->ec = cpu_to_be32(wl_e->ec);
1208 
1209 		used_peb_count++;
1210 		fm_pos += sizeof(*fec);
1211 		ubi_assert(fm_pos <= ubi->fm_size);
1212 	}
1213 	fmh->used_peb_count = cpu_to_be32(used_peb_count);
1214 
1215 	ubi_for_each_scrub_peb(ubi, wl_e, tmp_rb) {
1216 		fec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
1217 
1218 		fec->pnum = cpu_to_be32(wl_e->pnum);
1219 		set_seen(ubi, wl_e->pnum, seen_pebs);
1220 		fec->ec = cpu_to_be32(wl_e->ec);
1221 
1222 		scrub_peb_count++;
1223 		fm_pos += sizeof(*fec);
1224 		ubi_assert(fm_pos <= ubi->fm_size);
1225 	}
1226 	fmh->scrub_peb_count = cpu_to_be32(scrub_peb_count);
1227 
1228 
1229 	list_for_each_entry(ubi_wrk, &ubi->works, list) {
1230 		if (ubi_is_erase_work(ubi_wrk)) {
1231 			wl_e = ubi_wrk->e;
1232 			ubi_assert(wl_e);
1233 
1234 			fec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
1235 
1236 			fec->pnum = cpu_to_be32(wl_e->pnum);
1237 			set_seen(ubi, wl_e->pnum, seen_pebs);
1238 			fec->ec = cpu_to_be32(wl_e->ec);
1239 
1240 			erase_peb_count++;
1241 			fm_pos += sizeof(*fec);
1242 			ubi_assert(fm_pos <= ubi->fm_size);
1243 		}
1244 	}
1245 	fmh->erase_peb_count = cpu_to_be32(erase_peb_count);
1246 
1247 	for (i = 0; i < UBI_MAX_VOLUMES + UBI_INT_VOL_COUNT; i++) {
1248 		vol = ubi->volumes[i];
1249 
1250 		if (!vol)
1251 			continue;
1252 
1253 		vol_count++;
1254 
1255 		fvh = (struct ubi_fm_volhdr *)(fm_raw + fm_pos);
1256 		fm_pos += sizeof(*fvh);
1257 		ubi_assert(fm_pos <= ubi->fm_size);
1258 
1259 		fvh->magic = cpu_to_be32(UBI_FM_VHDR_MAGIC);
1260 		fvh->vol_id = cpu_to_be32(vol->vol_id);
1261 		fvh->vol_type = vol->vol_type;
1262 		fvh->used_ebs = cpu_to_be32(vol->used_ebs);
1263 		fvh->data_pad = cpu_to_be32(vol->data_pad);
1264 		fvh->last_eb_bytes = cpu_to_be32(vol->last_eb_bytes);
1265 
1266 		ubi_assert(vol->vol_type == UBI_DYNAMIC_VOLUME ||
1267 			vol->vol_type == UBI_STATIC_VOLUME);
1268 
1269 		feba = (struct ubi_fm_eba *)(fm_raw + fm_pos);
1270 		fm_pos += sizeof(*feba) + (sizeof(__be32) * vol->reserved_pebs);
1271 		ubi_assert(fm_pos <= ubi->fm_size);
1272 
1273 		for (j = 0; j < vol->reserved_pebs; j++) {
1274 			struct ubi_eba_leb_desc ldesc;
1275 
1276 			ubi_eba_get_ldesc(vol, j, &ldesc);
1277 			feba->pnum[j] = cpu_to_be32(ldesc.pnum);
1278 		}
1279 
1280 		feba->reserved_pebs = cpu_to_be32(j);
1281 		feba->magic = cpu_to_be32(UBI_FM_EBA_MAGIC);
1282 	}
1283 	fmh->vol_count = cpu_to_be32(vol_count);
1284 	fmh->bad_peb_count = cpu_to_be32(ubi->bad_peb_count);
1285 
1286 	avhdr->sqnum = cpu_to_be64(ubi_next_sqnum(ubi));
1287 	avhdr->lnum = 0;
1288 
1289 	spin_unlock(&ubi->wl_lock);
1290 	spin_unlock(&ubi->volumes_lock);
1291 
1292 	dbg_bld("writing fastmap SB to PEB %i", new_fm->e[0]->pnum);
1293 	ret = ubi_io_write_vid_hdr(ubi, new_fm->e[0]->pnum, avbuf);
1294 	if (ret) {
1295 		ubi_err(ubi, "unable to write vid_hdr to fastmap SB!");
1296 		goto out_kfree;
1297 	}
1298 
1299 	for (i = 0; i < new_fm->used_blocks; i++) {
1300 		fmsb->block_loc[i] = cpu_to_be32(new_fm->e[i]->pnum);
1301 		set_seen(ubi, new_fm->e[i]->pnum, seen_pebs);
1302 		fmsb->block_ec[i] = cpu_to_be32(new_fm->e[i]->ec);
1303 	}
1304 
1305 	fmsb->data_crc = 0;
1306 	fmsb->data_crc = cpu_to_be32(crc32(UBI_CRC32_INIT, fm_raw,
1307 					   ubi->fm_size));
1308 
1309 	for (i = 1; i < new_fm->used_blocks; i++) {
1310 		dvhdr->sqnum = cpu_to_be64(ubi_next_sqnum(ubi));
1311 		dvhdr->lnum = cpu_to_be32(i);
1312 		dbg_bld("writing fastmap data to PEB %i sqnum %llu",
1313 			new_fm->e[i]->pnum, be64_to_cpu(dvhdr->sqnum));
1314 		ret = ubi_io_write_vid_hdr(ubi, new_fm->e[i]->pnum, dvbuf);
1315 		if (ret) {
1316 			ubi_err(ubi, "unable to write vid_hdr to PEB %i!",
1317 				new_fm->e[i]->pnum);
1318 			goto out_kfree;
1319 		}
1320 	}
1321 
1322 	for (i = 0; i < new_fm->used_blocks; i++) {
1323 		ret = ubi_io_write_data(ubi, fm_raw + (i * ubi->leb_size),
1324 					new_fm->e[i]->pnum, 0, ubi->leb_size);
1325 		if (ret) {
1326 			ubi_err(ubi, "unable to write fastmap to PEB %i!",
1327 				new_fm->e[i]->pnum);
1328 			goto out_kfree;
1329 		}
1330 	}
1331 
1332 	ubi_assert(new_fm);
1333 	ubi->fm = new_fm;
1334 
1335 	ret = self_check_seen(ubi, seen_pebs);
1336 	dbg_bld("fastmap written!");
1337 
1338 out_kfree:
1339 	ubi_free_vid_buf(avbuf);
1340 	ubi_free_vid_buf(dvbuf);
1341 	free_seen(seen_pebs);
1342 out:
1343 	return ret;
1344 }
1345 
1346 /**
1347  * erase_block - Manually erase a PEB.
1348  * @ubi: UBI device object
1349  * @pnum: PEB to be erased
1350  *
1351  * Returns the new EC value on success, < 0 indicates an internal error.
1352  */
1353 static int erase_block(struct ubi_device *ubi, int pnum)
1354 {
1355 	int ret;
1356 	struct ubi_ec_hdr *ec_hdr;
1357 	long long ec;
1358 
1359 	ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_KERNEL);
1360 	if (!ec_hdr)
1361 		return -ENOMEM;
1362 
1363 	ret = ubi_io_read_ec_hdr(ubi, pnum, ec_hdr, 0);
1364 	if (ret < 0)
1365 		goto out;
1366 	else if (ret && ret != UBI_IO_BITFLIPS) {
1367 		ret = -EINVAL;
1368 		goto out;
1369 	}
1370 
1371 	ret = ubi_io_sync_erase(ubi, pnum, 0);
1372 	if (ret < 0)
1373 		goto out;
1374 
1375 	ec = be64_to_cpu(ec_hdr->ec);
1376 	ec += ret;
1377 	if (ec > UBI_MAX_ERASECOUNTER) {
1378 		ret = -EINVAL;
1379 		goto out;
1380 	}
1381 
1382 	ec_hdr->ec = cpu_to_be64(ec);
1383 	ret = ubi_io_write_ec_hdr(ubi, pnum, ec_hdr);
1384 	if (ret < 0)
1385 		goto out;
1386 
1387 	ret = ec;
1388 out:
1389 	kfree(ec_hdr);
1390 	return ret;
1391 }
1392 
1393 /**
1394  * invalidate_fastmap - destroys a fastmap.
1395  * @ubi: UBI device object
1396  *
1397  * This function ensures that upon next UBI attach a full scan
1398  * is issued. We need this if UBI is about to write a new fastmap
1399  * but is unable to do so. In this case we have two options:
1400  * a) Make sure that the current fastmap will not be usued upon
1401  * attach time and contine or b) fall back to RO mode to have the
1402  * current fastmap in a valid state.
1403  * Returns 0 on success, < 0 indicates an internal error.
1404  */
1405 static int invalidate_fastmap(struct ubi_device *ubi)
1406 {
1407 	int ret;
1408 	struct ubi_fastmap_layout *fm;
1409 	struct ubi_wl_entry *e;
1410 	struct ubi_vid_io_buf *vb = NULL;
1411 	struct ubi_vid_hdr *vh;
1412 
1413 	if (!ubi->fm)
1414 		return 0;
1415 
1416 	ubi->fm = NULL;
1417 
1418 	ret = -ENOMEM;
1419 	fm = kzalloc(sizeof(*fm), GFP_KERNEL);
1420 	if (!fm)
1421 		goto out;
1422 
1423 	vb = new_fm_vbuf(ubi, UBI_FM_SB_VOLUME_ID);
1424 	if (!vb)
1425 		goto out_free_fm;
1426 
1427 	vh = ubi_get_vid_hdr(vb);
1428 
1429 	ret = -ENOSPC;
1430 	e = ubi_wl_get_fm_peb(ubi, 1);
1431 	if (!e)
1432 		goto out_free_fm;
1433 
1434 	/*
1435 	 * Create fake fastmap such that UBI will fall back
1436 	 * to scanning mode.
1437 	 */
1438 	vh->sqnum = cpu_to_be64(ubi_next_sqnum(ubi));
1439 	ret = ubi_io_write_vid_hdr(ubi, e->pnum, vb);
1440 	if (ret < 0) {
1441 		ubi_wl_put_fm_peb(ubi, e, 0, 0);
1442 		goto out_free_fm;
1443 	}
1444 
1445 	fm->used_blocks = 1;
1446 	fm->e[0] = e;
1447 
1448 	ubi->fm = fm;
1449 
1450 out:
1451 	ubi_free_vid_buf(vb);
1452 	return ret;
1453 
1454 out_free_fm:
1455 	kfree(fm);
1456 	goto out;
1457 }
1458 
1459 /**
1460  * return_fm_pebs - returns all PEBs used by a fastmap back to the
1461  * WL sub-system.
1462  * @ubi: UBI device object
1463  * @fm: fastmap layout object
1464  */
1465 static void return_fm_pebs(struct ubi_device *ubi,
1466 			   struct ubi_fastmap_layout *fm)
1467 {
1468 	int i;
1469 
1470 	if (!fm)
1471 		return;
1472 
1473 	for (i = 0; i < fm->used_blocks; i++) {
1474 		if (fm->e[i]) {
1475 			ubi_wl_put_fm_peb(ubi, fm->e[i], i,
1476 					  fm->to_be_tortured[i]);
1477 			fm->e[i] = NULL;
1478 		}
1479 	}
1480 }
1481 
1482 /**
1483  * ubi_update_fastmap - will be called by UBI if a volume changes or
1484  * a fastmap pool becomes full.
1485  * @ubi: UBI device object
1486  *
1487  * Returns 0 on success, < 0 indicates an internal error.
1488  */
1489 int ubi_update_fastmap(struct ubi_device *ubi)
1490 {
1491 	int ret, i, j;
1492 	struct ubi_fastmap_layout *new_fm, *old_fm;
1493 	struct ubi_wl_entry *tmp_e;
1494 
1495 	down_write(&ubi->fm_protect);
1496 	down_write(&ubi->work_sem);
1497 	down_write(&ubi->fm_eba_sem);
1498 
1499 	ubi_refill_pools(ubi);
1500 
1501 	if (ubi->ro_mode || ubi->fm_disabled) {
1502 		up_write(&ubi->fm_eba_sem);
1503 		up_write(&ubi->work_sem);
1504 		up_write(&ubi->fm_protect);
1505 		return 0;
1506 	}
1507 
1508 	ret = ubi_ensure_anchor_pebs(ubi);
1509 	if (ret) {
1510 		up_write(&ubi->fm_eba_sem);
1511 		up_write(&ubi->work_sem);
1512 		up_write(&ubi->fm_protect);
1513 		return ret;
1514 	}
1515 
1516 	new_fm = kzalloc(sizeof(*new_fm), GFP_KERNEL);
1517 	if (!new_fm) {
1518 		up_write(&ubi->fm_eba_sem);
1519 		up_write(&ubi->work_sem);
1520 		up_write(&ubi->fm_protect);
1521 		return -ENOMEM;
1522 	}
1523 
1524 	new_fm->used_blocks = ubi->fm_size / ubi->leb_size;
1525 	old_fm = ubi->fm;
1526 	ubi->fm = NULL;
1527 
1528 	if (new_fm->used_blocks > UBI_FM_MAX_BLOCKS) {
1529 		ubi_err(ubi, "fastmap too large");
1530 		ret = -ENOSPC;
1531 		goto err;
1532 	}
1533 
1534 	for (i = 1; i < new_fm->used_blocks; i++) {
1535 		spin_lock(&ubi->wl_lock);
1536 		tmp_e = ubi_wl_get_fm_peb(ubi, 0);
1537 		spin_unlock(&ubi->wl_lock);
1538 
1539 		if (!tmp_e) {
1540 			if (old_fm && old_fm->e[i]) {
1541 				ret = erase_block(ubi, old_fm->e[i]->pnum);
1542 				if (ret < 0) {
1543 					ubi_err(ubi, "could not erase old fastmap PEB");
1544 
1545 					for (j = 1; j < i; j++) {
1546 						ubi_wl_put_fm_peb(ubi, new_fm->e[j],
1547 								  j, 0);
1548 						new_fm->e[j] = NULL;
1549 					}
1550 					goto err;
1551 				}
1552 				new_fm->e[i] = old_fm->e[i];
1553 				old_fm->e[i] = NULL;
1554 			} else {
1555 				ubi_err(ubi, "could not get any free erase block");
1556 
1557 				for (j = 1; j < i; j++) {
1558 					ubi_wl_put_fm_peb(ubi, new_fm->e[j], j, 0);
1559 					new_fm->e[j] = NULL;
1560 				}
1561 
1562 				ret = -ENOSPC;
1563 				goto err;
1564 			}
1565 		} else {
1566 			new_fm->e[i] = tmp_e;
1567 
1568 			if (old_fm && old_fm->e[i]) {
1569 				ubi_wl_put_fm_peb(ubi, old_fm->e[i], i,
1570 						  old_fm->to_be_tortured[i]);
1571 				old_fm->e[i] = NULL;
1572 			}
1573 		}
1574 	}
1575 
1576 	/* Old fastmap is larger than the new one */
1577 	if (old_fm && new_fm->used_blocks < old_fm->used_blocks) {
1578 		for (i = new_fm->used_blocks; i < old_fm->used_blocks; i++) {
1579 			ubi_wl_put_fm_peb(ubi, old_fm->e[i], i,
1580 					  old_fm->to_be_tortured[i]);
1581 			old_fm->e[i] = NULL;
1582 		}
1583 	}
1584 
1585 	spin_lock(&ubi->wl_lock);
1586 	tmp_e = ubi_wl_get_fm_peb(ubi, 1);
1587 	spin_unlock(&ubi->wl_lock);
1588 
1589 	if (old_fm) {
1590 		/* no fresh anchor PEB was found, reuse the old one */
1591 		if (!tmp_e) {
1592 			ret = erase_block(ubi, old_fm->e[0]->pnum);
1593 			if (ret < 0) {
1594 				ubi_err(ubi, "could not erase old anchor PEB");
1595 
1596 				for (i = 1; i < new_fm->used_blocks; i++) {
1597 					ubi_wl_put_fm_peb(ubi, new_fm->e[i],
1598 							  i, 0);
1599 					new_fm->e[i] = NULL;
1600 				}
1601 				goto err;
1602 			}
1603 			new_fm->e[0] = old_fm->e[0];
1604 			new_fm->e[0]->ec = ret;
1605 			old_fm->e[0] = NULL;
1606 		} else {
1607 			/* we've got a new anchor PEB, return the old one */
1608 			ubi_wl_put_fm_peb(ubi, old_fm->e[0], 0,
1609 					  old_fm->to_be_tortured[0]);
1610 			new_fm->e[0] = tmp_e;
1611 			old_fm->e[0] = NULL;
1612 		}
1613 	} else {
1614 		if (!tmp_e) {
1615 			ubi_err(ubi, "could not find any anchor PEB");
1616 
1617 			for (i = 1; i < new_fm->used_blocks; i++) {
1618 				ubi_wl_put_fm_peb(ubi, new_fm->e[i], i, 0);
1619 				new_fm->e[i] = NULL;
1620 			}
1621 
1622 			ret = -ENOSPC;
1623 			goto err;
1624 		}
1625 		new_fm->e[0] = tmp_e;
1626 	}
1627 
1628 	ret = ubi_write_fastmap(ubi, new_fm);
1629 
1630 	if (ret)
1631 		goto err;
1632 
1633 out_unlock:
1634 	up_write(&ubi->fm_eba_sem);
1635 	up_write(&ubi->work_sem);
1636 	up_write(&ubi->fm_protect);
1637 	kfree(old_fm);
1638 	return ret;
1639 
1640 err:
1641 	ubi_warn(ubi, "Unable to write new fastmap, err=%i", ret);
1642 
1643 	ret = invalidate_fastmap(ubi);
1644 	if (ret < 0) {
1645 		ubi_err(ubi, "Unable to invalidiate current fastmap!");
1646 		ubi_ro_mode(ubi);
1647 	} else {
1648 		return_fm_pebs(ubi, old_fm);
1649 		return_fm_pebs(ubi, new_fm);
1650 		ret = 0;
1651 	}
1652 
1653 	kfree(new_fm);
1654 	goto out_unlock;
1655 }
1656