1 /* 2 * Copyright (c) International Business Machines Corp., 2006 3 * Copyright (c) Nokia Corporation, 2006, 2007 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 13 * the GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program; if not, write to the Free Software 17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 18 * 19 * Author: Artem Bityutskiy (Битюцкий Артём) 20 */ 21 22 /* 23 * UBI input/output unit. 24 * 25 * This unit provides a uniform way to work with all kinds of the underlying 26 * MTD devices. It also implements handy functions for reading and writing UBI 27 * headers. 28 * 29 * We are trying to have a paranoid mindset and not to trust to what we read 30 * from the flash media in order to be more secure and robust. So this unit 31 * validates every single header it reads from the flash media. 32 * 33 * Some words about how the eraseblock headers are stored. 34 * 35 * The erase counter header is always stored at offset zero. By default, the 36 * VID header is stored after the EC header at the closest aligned offset 37 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID 38 * header at the closest aligned offset. But this default layout may be 39 * changed. For example, for different reasons (e.g., optimization) UBI may be 40 * asked to put the VID header at further offset, and even at an unaligned 41 * offset. Of course, if the offset of the VID header is unaligned, UBI adds 42 * proper padding in front of it. Data offset may also be changed but it has to 43 * be aligned. 44 * 45 * About minimal I/O units. In general, UBI assumes flash device model where 46 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1, 47 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the 48 * @ubi->mtd->writesize field. But as an exception, UBI admits of using another 49 * (smaller) minimal I/O unit size for EC and VID headers to make it possible 50 * to do different optimizations. 51 * 52 * This is extremely useful in case of NAND flashes which admit of several 53 * write operations to one NAND page. In this case UBI can fit EC and VID 54 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal 55 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still 56 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI 57 * users. 58 * 59 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so 60 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID 61 * headers. 62 * 63 * Q: why not just to treat sub-page as a minimal I/O unit of this flash 64 * device, e.g., make @ubi->min_io_size = 512 in the example above? 65 * 66 * A: because when writing a sub-page, MTD still writes a full 2K page but the 67 * bytes which are no relevant to the sub-page are 0xFF. So, basically, writing 68 * 4x512 sub-pages is 4 times slower then writing one 2KiB NAND page. Thus, we 69 * prefer to use sub-pages only for EV and VID headers. 70 * 71 * As it was noted above, the VID header may start at a non-aligned offset. 72 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page, 73 * the VID header may reside at offset 1984 which is the last 64 bytes of the 74 * last sub-page (EC header is always at offset zero). This causes some 75 * difficulties when reading and writing VID headers. 76 * 77 * Suppose we have a 64-byte buffer and we read a VID header at it. We change 78 * the data and want to write this VID header out. As we can only write in 79 * 512-byte chunks, we have to allocate one more buffer and copy our VID header 80 * to offset 448 of this buffer. 81 * 82 * The I/O unit does the following trick in order to avoid this extra copy. 83 * It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID header 84 * and returns a pointer to offset @ubi->vid_hdr_shift of this buffer. When the 85 * VID header is being written out, it shifts the VID header pointer back and 86 * writes the whole sub-page. 87 */ 88 89 #include <linux/crc32.h> 90 #include <linux/err.h> 91 #include "ubi.h" 92 93 #ifdef CONFIG_MTD_UBI_DEBUG_PARANOID 94 static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum); 95 static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum); 96 static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum, 97 const struct ubi_ec_hdr *ec_hdr); 98 static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum); 99 static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum, 100 const struct ubi_vid_hdr *vid_hdr); 101 static int paranoid_check_all_ff(struct ubi_device *ubi, int pnum, int offset, 102 int len); 103 #else 104 #define paranoid_check_not_bad(ubi, pnum) 0 105 #define paranoid_check_peb_ec_hdr(ubi, pnum) 0 106 #define paranoid_check_ec_hdr(ubi, pnum, ec_hdr) 0 107 #define paranoid_check_peb_vid_hdr(ubi, pnum) 0 108 #define paranoid_check_vid_hdr(ubi, pnum, vid_hdr) 0 109 #define paranoid_check_all_ff(ubi, pnum, offset, len) 0 110 #endif 111 112 /** 113 * ubi_io_read - read data from a physical eraseblock. 114 * @ubi: UBI device description object 115 * @buf: buffer where to store the read data 116 * @pnum: physical eraseblock number to read from 117 * @offset: offset within the physical eraseblock from where to read 118 * @len: how many bytes to read 119 * 120 * This function reads data from offset @offset of physical eraseblock @pnum 121 * and stores the read data in the @buf buffer. The following return codes are 122 * possible: 123 * 124 * o %0 if all the requested data were successfully read; 125 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but 126 * correctable bit-flips were detected; this is harmless but may indicate 127 * that this eraseblock may become bad soon (but do not have to); 128 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for 129 * example it can be an ECC error in case of NAND; this most probably means 130 * that the data is corrupted; 131 * o %-EIO if some I/O error occurred; 132 * o other negative error codes in case of other errors. 133 */ 134 int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset, 135 int len) 136 { 137 int err, retries = 0; 138 size_t read; 139 loff_t addr; 140 141 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset); 142 143 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 144 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size); 145 ubi_assert(len > 0); 146 147 err = paranoid_check_not_bad(ubi, pnum); 148 if (err) 149 return err > 0 ? -EINVAL : err; 150 151 addr = (loff_t)pnum * ubi->peb_size + offset; 152 retry: 153 err = ubi->mtd->read(ubi->mtd, addr, len, &read, buf); 154 if (err) { 155 if (err == -EUCLEAN) { 156 /* 157 * -EUCLEAN is reported if there was a bit-flip which 158 * was corrected, so this is harmless. 159 */ 160 ubi_msg("fixable bit-flip detected at PEB %d", pnum); 161 ubi_assert(len == read); 162 return UBI_IO_BITFLIPS; 163 } 164 165 if (read != len && retries++ < UBI_IO_RETRIES) { 166 dbg_io("error %d while reading %d bytes from PEB %d:%d, " 167 "read only %zd bytes, retry", 168 err, len, pnum, offset, read); 169 yield(); 170 goto retry; 171 } 172 173 ubi_err("error %d while reading %d bytes from PEB %d:%d, " 174 "read %zd bytes", err, len, pnum, offset, read); 175 ubi_dbg_dump_stack(); 176 } else { 177 ubi_assert(len == read); 178 179 if (ubi_dbg_is_bitflip()) { 180 dbg_msg("bit-flip (emulated)"); 181 err = UBI_IO_BITFLIPS; 182 } 183 } 184 185 return err; 186 } 187 188 /** 189 * ubi_io_write - write data to a physical eraseblock. 190 * @ubi: UBI device description object 191 * @buf: buffer with the data to write 192 * @pnum: physical eraseblock number to write to 193 * @offset: offset within the physical eraseblock where to write 194 * @len: how many bytes to write 195 * 196 * This function writes @len bytes of data from buffer @buf to offset @offset 197 * of physical eraseblock @pnum. If all the data were successfully written, 198 * zero is returned. If an error occurred, this function returns a negative 199 * error code. If %-EIO is returned, the physical eraseblock most probably went 200 * bad. 201 * 202 * Note, in case of an error, it is possible that something was still written 203 * to the flash media, but may be some garbage. 204 */ 205 int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset, 206 int len) 207 { 208 int err; 209 size_t written; 210 loff_t addr; 211 212 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset); 213 214 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 215 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size); 216 ubi_assert(offset % ubi->hdrs_min_io_size == 0); 217 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0); 218 219 if (ubi->ro_mode) { 220 ubi_err("read-only mode"); 221 return -EROFS; 222 } 223 224 /* The below has to be compiled out if paranoid checks are disabled */ 225 226 err = paranoid_check_not_bad(ubi, pnum); 227 if (err) 228 return err > 0 ? -EINVAL : err; 229 230 /* The area we are writing to has to contain all 0xFF bytes */ 231 err = paranoid_check_all_ff(ubi, pnum, offset, len); 232 if (err) 233 return err > 0 ? -EINVAL : err; 234 235 if (offset >= ubi->leb_start) { 236 /* 237 * We write to the data area of the physical eraseblock. Make 238 * sure it has valid EC and VID headers. 239 */ 240 err = paranoid_check_peb_ec_hdr(ubi, pnum); 241 if (err) 242 return err > 0 ? -EINVAL : err; 243 err = paranoid_check_peb_vid_hdr(ubi, pnum); 244 if (err) 245 return err > 0 ? -EINVAL : err; 246 } 247 248 if (ubi_dbg_is_write_failure()) { 249 dbg_err("cannot write %d bytes to PEB %d:%d " 250 "(emulated)", len, pnum, offset); 251 ubi_dbg_dump_stack(); 252 return -EIO; 253 } 254 255 addr = (loff_t)pnum * ubi->peb_size + offset; 256 err = ubi->mtd->write(ubi->mtd, addr, len, &written, buf); 257 if (err) { 258 ubi_err("error %d while writing %d bytes to PEB %d:%d, written" 259 " %zd bytes", err, len, pnum, offset, written); 260 ubi_dbg_dump_stack(); 261 } else 262 ubi_assert(written == len); 263 264 return err; 265 } 266 267 /** 268 * erase_callback - MTD erasure call-back. 269 * @ei: MTD erase information object. 270 * 271 * Note, even though MTD erase interface is asynchronous, all the current 272 * implementations are synchronous anyway. 273 */ 274 static void erase_callback(struct erase_info *ei) 275 { 276 wake_up_interruptible((wait_queue_head_t *)ei->priv); 277 } 278 279 /** 280 * do_sync_erase - synchronously erase a physical eraseblock. 281 * @ubi: UBI device description object 282 * @pnum: the physical eraseblock number to erase 283 * 284 * This function synchronously erases physical eraseblock @pnum and returns 285 * zero in case of success and a negative error code in case of failure. If 286 * %-EIO is returned, the physical eraseblock most probably went bad. 287 */ 288 static int do_sync_erase(struct ubi_device *ubi, int pnum) 289 { 290 int err, retries = 0; 291 struct erase_info ei; 292 wait_queue_head_t wq; 293 294 dbg_io("erase PEB %d", pnum); 295 296 retry: 297 init_waitqueue_head(&wq); 298 memset(&ei, 0, sizeof(struct erase_info)); 299 300 ei.mtd = ubi->mtd; 301 ei.addr = (loff_t)pnum * ubi->peb_size; 302 ei.len = ubi->peb_size; 303 ei.callback = erase_callback; 304 ei.priv = (unsigned long)&wq; 305 306 err = ubi->mtd->erase(ubi->mtd, &ei); 307 if (err) { 308 if (retries++ < UBI_IO_RETRIES) { 309 dbg_io("error %d while erasing PEB %d, retry", 310 err, pnum); 311 yield(); 312 goto retry; 313 } 314 ubi_err("cannot erase PEB %d, error %d", pnum, err); 315 ubi_dbg_dump_stack(); 316 return err; 317 } 318 319 err = wait_event_interruptible(wq, ei.state == MTD_ERASE_DONE || 320 ei.state == MTD_ERASE_FAILED); 321 if (err) { 322 ubi_err("interrupted PEB %d erasure", pnum); 323 return -EINTR; 324 } 325 326 if (ei.state == MTD_ERASE_FAILED) { 327 if (retries++ < UBI_IO_RETRIES) { 328 dbg_io("error while erasing PEB %d, retry", pnum); 329 yield(); 330 goto retry; 331 } 332 ubi_err("cannot erase PEB %d", pnum); 333 ubi_dbg_dump_stack(); 334 return -EIO; 335 } 336 337 err = paranoid_check_all_ff(ubi, pnum, 0, ubi->peb_size); 338 if (err) 339 return err > 0 ? -EINVAL : err; 340 341 if (ubi_dbg_is_erase_failure() && !err) { 342 dbg_err("cannot erase PEB %d (emulated)", pnum); 343 return -EIO; 344 } 345 346 return 0; 347 } 348 349 /** 350 * check_pattern - check if buffer contains only a certain byte pattern. 351 * @buf: buffer to check 352 * @patt: the pattern to check 353 * @size: buffer size in bytes 354 * 355 * This function returns %1 in there are only @patt bytes in @buf, and %0 if 356 * something else was also found. 357 */ 358 static int check_pattern(const void *buf, uint8_t patt, int size) 359 { 360 int i; 361 362 for (i = 0; i < size; i++) 363 if (((const uint8_t *)buf)[i] != patt) 364 return 0; 365 return 1; 366 } 367 368 /* Patterns to write to a physical eraseblock when torturing it */ 369 static uint8_t patterns[] = {0xa5, 0x5a, 0x0}; 370 371 /** 372 * torture_peb - test a supposedly bad physical eraseblock. 373 * @ubi: UBI device description object 374 * @pnum: the physical eraseblock number to test 375 * 376 * This function returns %-EIO if the physical eraseblock did not pass the 377 * test, a positive number of erase operations done if the test was 378 * successfully passed, and other negative error codes in case of other errors. 379 */ 380 static int torture_peb(struct ubi_device *ubi, int pnum) 381 { 382 int err, i, patt_count; 383 384 patt_count = ARRAY_SIZE(patterns); 385 ubi_assert(patt_count > 0); 386 387 mutex_lock(&ubi->buf_mutex); 388 for (i = 0; i < patt_count; i++) { 389 err = do_sync_erase(ubi, pnum); 390 if (err) 391 goto out; 392 393 /* Make sure the PEB contains only 0xFF bytes */ 394 err = ubi_io_read(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size); 395 if (err) 396 goto out; 397 398 err = check_pattern(ubi->peb_buf1, 0xFF, ubi->peb_size); 399 if (err == 0) { 400 ubi_err("erased PEB %d, but a non-0xFF byte found", 401 pnum); 402 err = -EIO; 403 goto out; 404 } 405 406 /* Write a pattern and check it */ 407 memset(ubi->peb_buf1, patterns[i], ubi->peb_size); 408 err = ubi_io_write(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size); 409 if (err) 410 goto out; 411 412 memset(ubi->peb_buf1, ~patterns[i], ubi->peb_size); 413 err = ubi_io_read(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size); 414 if (err) 415 goto out; 416 417 err = check_pattern(ubi->peb_buf1, patterns[i], ubi->peb_size); 418 if (err == 0) { 419 ubi_err("pattern %x checking failed for PEB %d", 420 patterns[i], pnum); 421 err = -EIO; 422 goto out; 423 } 424 } 425 426 err = patt_count; 427 428 out: 429 mutex_unlock(&ubi->buf_mutex); 430 if (err == UBI_IO_BITFLIPS || err == -EBADMSG) { 431 /* 432 * If a bit-flip or data integrity error was detected, the test 433 * has not passed because it happened on a freshly erased 434 * physical eraseblock which means something is wrong with it. 435 */ 436 ubi_err("read problems on freshly erased PEB %d, must be bad", 437 pnum); 438 err = -EIO; 439 } 440 return err; 441 } 442 443 /** 444 * ubi_io_sync_erase - synchronously erase a physical eraseblock. 445 * @ubi: UBI device description object 446 * @pnum: physical eraseblock number to erase 447 * @torture: if this physical eraseblock has to be tortured 448 * 449 * This function synchronously erases physical eraseblock @pnum. If @torture 450 * flag is not zero, the physical eraseblock is checked by means of writing 451 * different patterns to it and reading them back. If the torturing is enabled, 452 * the physical eraseblock is erased more then once. 453 * 454 * This function returns the number of erasures made in case of success, %-EIO 455 * if the erasure failed or the torturing test failed, and other negative error 456 * codes in case of other errors. Note, %-EIO means that the physical 457 * eraseblock is bad. 458 */ 459 int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture) 460 { 461 int err, ret = 0; 462 463 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 464 465 err = paranoid_check_not_bad(ubi, pnum); 466 if (err != 0) 467 return err > 0 ? -EINVAL : err; 468 469 if (ubi->ro_mode) { 470 ubi_err("read-only mode"); 471 return -EROFS; 472 } 473 474 if (torture) { 475 ret = torture_peb(ubi, pnum); 476 if (ret < 0) 477 return ret; 478 } 479 480 err = do_sync_erase(ubi, pnum); 481 if (err) 482 return err; 483 484 return ret + 1; 485 } 486 487 /** 488 * ubi_io_is_bad - check if a physical eraseblock is bad. 489 * @ubi: UBI device description object 490 * @pnum: the physical eraseblock number to check 491 * 492 * This function returns a positive number if the physical eraseblock is bad, 493 * zero if not, and a negative error code if an error occurred. 494 */ 495 int ubi_io_is_bad(const struct ubi_device *ubi, int pnum) 496 { 497 struct mtd_info *mtd = ubi->mtd; 498 499 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 500 501 if (ubi->bad_allowed) { 502 int ret; 503 504 ret = mtd->block_isbad(mtd, (loff_t)pnum * ubi->peb_size); 505 if (ret < 0) 506 ubi_err("error %d while checking if PEB %d is bad", 507 ret, pnum); 508 else if (ret) 509 dbg_io("PEB %d is bad", pnum); 510 return ret; 511 } 512 513 return 0; 514 } 515 516 /** 517 * ubi_io_mark_bad - mark a physical eraseblock as bad. 518 * @ubi: UBI device description object 519 * @pnum: the physical eraseblock number to mark 520 * 521 * This function returns zero in case of success and a negative error code in 522 * case of failure. 523 */ 524 int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum) 525 { 526 int err; 527 struct mtd_info *mtd = ubi->mtd; 528 529 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 530 531 if (ubi->ro_mode) { 532 ubi_err("read-only mode"); 533 return -EROFS; 534 } 535 536 if (!ubi->bad_allowed) 537 return 0; 538 539 err = mtd->block_markbad(mtd, (loff_t)pnum * ubi->peb_size); 540 if (err) 541 ubi_err("cannot mark PEB %d bad, error %d", pnum, err); 542 return err; 543 } 544 545 /** 546 * validate_ec_hdr - validate an erase counter header. 547 * @ubi: UBI device description object 548 * @ec_hdr: the erase counter header to check 549 * 550 * This function returns zero if the erase counter header is OK, and %1 if 551 * not. 552 */ 553 static int validate_ec_hdr(const struct ubi_device *ubi, 554 const struct ubi_ec_hdr *ec_hdr) 555 { 556 long long ec; 557 int vid_hdr_offset, leb_start; 558 559 ec = be64_to_cpu(ec_hdr->ec); 560 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset); 561 leb_start = be32_to_cpu(ec_hdr->data_offset); 562 563 if (ec_hdr->version != UBI_VERSION) { 564 ubi_err("node with incompatible UBI version found: " 565 "this UBI version is %d, image version is %d", 566 UBI_VERSION, (int)ec_hdr->version); 567 goto bad; 568 } 569 570 if (vid_hdr_offset != ubi->vid_hdr_offset) { 571 ubi_err("bad VID header offset %d, expected %d", 572 vid_hdr_offset, ubi->vid_hdr_offset); 573 goto bad; 574 } 575 576 if (leb_start != ubi->leb_start) { 577 ubi_err("bad data offset %d, expected %d", 578 leb_start, ubi->leb_start); 579 goto bad; 580 } 581 582 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) { 583 ubi_err("bad erase counter %lld", ec); 584 goto bad; 585 } 586 587 return 0; 588 589 bad: 590 ubi_err("bad EC header"); 591 ubi_dbg_dump_ec_hdr(ec_hdr); 592 ubi_dbg_dump_stack(); 593 return 1; 594 } 595 596 /** 597 * ubi_io_read_ec_hdr - read and check an erase counter header. 598 * @ubi: UBI device description object 599 * @pnum: physical eraseblock to read from 600 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter 601 * header 602 * @verbose: be verbose if the header is corrupted or was not found 603 * 604 * This function reads erase counter header from physical eraseblock @pnum and 605 * stores it in @ec_hdr. This function also checks CRC checksum of the read 606 * erase counter header. The following codes may be returned: 607 * 608 * o %0 if the CRC checksum is correct and the header was successfully read; 609 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected 610 * and corrected by the flash driver; this is harmless but may indicate that 611 * this eraseblock may become bad soon (but may be not); 612 * o %UBI_IO_BAD_EC_HDR if the erase counter header is corrupted (a CRC error); 613 * o %UBI_IO_PEB_EMPTY if the physical eraseblock is empty; 614 * o a negative error code in case of failure. 615 */ 616 int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum, 617 struct ubi_ec_hdr *ec_hdr, int verbose) 618 { 619 int err, read_err = 0; 620 uint32_t crc, magic, hdr_crc; 621 622 dbg_io("read EC header from PEB %d", pnum); 623 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 624 625 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE); 626 if (err) { 627 if (err != UBI_IO_BITFLIPS && err != -EBADMSG) 628 return err; 629 630 /* 631 * We read all the data, but either a correctable bit-flip 632 * occurred, or MTD reported about some data integrity error, 633 * like an ECC error in case of NAND. The former is harmless, 634 * the later may mean that the read data is corrupted. But we 635 * have a CRC check-sum and we will detect this. If the EC 636 * header is still OK, we just report this as there was a 637 * bit-flip. 638 */ 639 read_err = err; 640 } 641 642 magic = be32_to_cpu(ec_hdr->magic); 643 if (magic != UBI_EC_HDR_MAGIC) { 644 /* 645 * The magic field is wrong. Let's check if we have read all 646 * 0xFF. If yes, this physical eraseblock is assumed to be 647 * empty. 648 * 649 * But if there was a read error, we do not test it for all 650 * 0xFFs. Even if it does contain all 0xFFs, this error 651 * indicates that something is still wrong with this physical 652 * eraseblock and we anyway cannot treat it as empty. 653 */ 654 if (read_err != -EBADMSG && 655 check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) { 656 /* The physical eraseblock is supposedly empty */ 657 658 /* 659 * The below is just a paranoid check, it has to be 660 * compiled out if paranoid checks are disabled. 661 */ 662 err = paranoid_check_all_ff(ubi, pnum, 0, 663 ubi->peb_size); 664 if (err) 665 return err > 0 ? UBI_IO_BAD_EC_HDR : err; 666 667 if (verbose) 668 ubi_warn("no EC header found at PEB %d, " 669 "only 0xFF bytes", pnum); 670 return UBI_IO_PEB_EMPTY; 671 } 672 673 /* 674 * This is not a valid erase counter header, and these are not 675 * 0xFF bytes. Report that the header is corrupted. 676 */ 677 if (verbose) { 678 ubi_warn("bad magic number at PEB %d: %08x instead of " 679 "%08x", pnum, magic, UBI_EC_HDR_MAGIC); 680 ubi_dbg_dump_ec_hdr(ec_hdr); 681 } 682 return UBI_IO_BAD_EC_HDR; 683 } 684 685 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC); 686 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc); 687 688 if (hdr_crc != crc) { 689 if (verbose) { 690 ubi_warn("bad EC header CRC at PEB %d, calculated %#08x," 691 " read %#08x", pnum, crc, hdr_crc); 692 ubi_dbg_dump_ec_hdr(ec_hdr); 693 } 694 return UBI_IO_BAD_EC_HDR; 695 } 696 697 /* And of course validate what has just been read from the media */ 698 err = validate_ec_hdr(ubi, ec_hdr); 699 if (err) { 700 ubi_err("validation failed for PEB %d", pnum); 701 return -EINVAL; 702 } 703 704 return read_err ? UBI_IO_BITFLIPS : 0; 705 } 706 707 /** 708 * ubi_io_write_ec_hdr - write an erase counter header. 709 * @ubi: UBI device description object 710 * @pnum: physical eraseblock to write to 711 * @ec_hdr: the erase counter header to write 712 * 713 * This function writes erase counter header described by @ec_hdr to physical 714 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so 715 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec 716 * field. 717 * 718 * This function returns zero in case of success and a negative error code in 719 * case of failure. If %-EIO is returned, the physical eraseblock most probably 720 * went bad. 721 */ 722 int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum, 723 struct ubi_ec_hdr *ec_hdr) 724 { 725 int err; 726 uint32_t crc; 727 728 dbg_io("write EC header to PEB %d", pnum); 729 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 730 731 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC); 732 ec_hdr->version = UBI_VERSION; 733 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset); 734 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start); 735 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC); 736 ec_hdr->hdr_crc = cpu_to_be32(crc); 737 738 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr); 739 if (err) 740 return -EINVAL; 741 742 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize); 743 return err; 744 } 745 746 /** 747 * validate_vid_hdr - validate a volume identifier header. 748 * @ubi: UBI device description object 749 * @vid_hdr: the volume identifier header to check 750 * 751 * This function checks that data stored in the volume identifier header 752 * @vid_hdr. Returns zero if the VID header is OK and %1 if not. 753 */ 754 static int validate_vid_hdr(const struct ubi_device *ubi, 755 const struct ubi_vid_hdr *vid_hdr) 756 { 757 int vol_type = vid_hdr->vol_type; 758 int copy_flag = vid_hdr->copy_flag; 759 int vol_id = be32_to_cpu(vid_hdr->vol_id); 760 int lnum = be32_to_cpu(vid_hdr->lnum); 761 int compat = vid_hdr->compat; 762 int data_size = be32_to_cpu(vid_hdr->data_size); 763 int used_ebs = be32_to_cpu(vid_hdr->used_ebs); 764 int data_pad = be32_to_cpu(vid_hdr->data_pad); 765 int data_crc = be32_to_cpu(vid_hdr->data_crc); 766 int usable_leb_size = ubi->leb_size - data_pad; 767 768 if (copy_flag != 0 && copy_flag != 1) { 769 dbg_err("bad copy_flag"); 770 goto bad; 771 } 772 773 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 || 774 data_pad < 0) { 775 dbg_err("negative values"); 776 goto bad; 777 } 778 779 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) { 780 dbg_err("bad vol_id"); 781 goto bad; 782 } 783 784 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) { 785 dbg_err("bad compat"); 786 goto bad; 787 } 788 789 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE && 790 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE && 791 compat != UBI_COMPAT_REJECT) { 792 dbg_err("bad compat"); 793 goto bad; 794 } 795 796 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) { 797 dbg_err("bad vol_type"); 798 goto bad; 799 } 800 801 if (data_pad >= ubi->leb_size / 2) { 802 dbg_err("bad data_pad"); 803 goto bad; 804 } 805 806 if (vol_type == UBI_VID_STATIC) { 807 /* 808 * Although from high-level point of view static volumes may 809 * contain zero bytes of data, but no VID headers can contain 810 * zero at these fields, because they empty volumes do not have 811 * mapped logical eraseblocks. 812 */ 813 if (used_ebs == 0) { 814 dbg_err("zero used_ebs"); 815 goto bad; 816 } 817 if (data_size == 0) { 818 dbg_err("zero data_size"); 819 goto bad; 820 } 821 if (lnum < used_ebs - 1) { 822 if (data_size != usable_leb_size) { 823 dbg_err("bad data_size"); 824 goto bad; 825 } 826 } else if (lnum == used_ebs - 1) { 827 if (data_size == 0) { 828 dbg_err("bad data_size at last LEB"); 829 goto bad; 830 } 831 } else { 832 dbg_err("too high lnum"); 833 goto bad; 834 } 835 } else { 836 if (copy_flag == 0) { 837 if (data_crc != 0) { 838 dbg_err("non-zero data CRC"); 839 goto bad; 840 } 841 if (data_size != 0) { 842 dbg_err("non-zero data_size"); 843 goto bad; 844 } 845 } else { 846 if (data_size == 0) { 847 dbg_err("zero data_size of copy"); 848 goto bad; 849 } 850 } 851 if (used_ebs != 0) { 852 dbg_err("bad used_ebs"); 853 goto bad; 854 } 855 } 856 857 return 0; 858 859 bad: 860 ubi_err("bad VID header"); 861 ubi_dbg_dump_vid_hdr(vid_hdr); 862 ubi_dbg_dump_stack(); 863 return 1; 864 } 865 866 /** 867 * ubi_io_read_vid_hdr - read and check a volume identifier header. 868 * @ubi: UBI device description object 869 * @pnum: physical eraseblock number to read from 870 * @vid_hdr: &struct ubi_vid_hdr object where to store the read volume 871 * identifier header 872 * @verbose: be verbose if the header is corrupted or wasn't found 873 * 874 * This function reads the volume identifier header from physical eraseblock 875 * @pnum and stores it in @vid_hdr. It also checks CRC checksum of the read 876 * volume identifier header. The following codes may be returned: 877 * 878 * o %0 if the CRC checksum is correct and the header was successfully read; 879 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected 880 * and corrected by the flash driver; this is harmless but may indicate that 881 * this eraseblock may become bad soon; 882 * o %UBI_IO_BAD_VID_HRD if the volume identifier header is corrupted (a CRC 883 * error detected); 884 * o %UBI_IO_PEB_FREE if the physical eraseblock is free (i.e., there is no VID 885 * header there); 886 * o a negative error code in case of failure. 887 */ 888 int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum, 889 struct ubi_vid_hdr *vid_hdr, int verbose) 890 { 891 int err, read_err = 0; 892 uint32_t crc, magic, hdr_crc; 893 void *p; 894 895 dbg_io("read VID header from PEB %d", pnum); 896 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 897 898 p = (char *)vid_hdr - ubi->vid_hdr_shift; 899 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset, 900 ubi->vid_hdr_alsize); 901 if (err) { 902 if (err != UBI_IO_BITFLIPS && err != -EBADMSG) 903 return err; 904 905 /* 906 * We read all the data, but either a correctable bit-flip 907 * occurred, or MTD reported about some data integrity error, 908 * like an ECC error in case of NAND. The former is harmless, 909 * the later may mean the read data is corrupted. But we have a 910 * CRC check-sum and we will identify this. If the VID header is 911 * still OK, we just report this as there was a bit-flip. 912 */ 913 read_err = err; 914 } 915 916 magic = be32_to_cpu(vid_hdr->magic); 917 if (magic != UBI_VID_HDR_MAGIC) { 918 /* 919 * If we have read all 0xFF bytes, the VID header probably does 920 * not exist and the physical eraseblock is assumed to be free. 921 * 922 * But if there was a read error, we do not test the data for 923 * 0xFFs. Even if it does contain all 0xFFs, this error 924 * indicates that something is still wrong with this physical 925 * eraseblock and it cannot be regarded as free. 926 */ 927 if (read_err != -EBADMSG && 928 check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) { 929 /* The physical eraseblock is supposedly free */ 930 931 /* 932 * The below is just a paranoid check, it has to be 933 * compiled out if paranoid checks are disabled. 934 */ 935 err = paranoid_check_all_ff(ubi, pnum, ubi->leb_start, 936 ubi->leb_size); 937 if (err) 938 return err > 0 ? UBI_IO_BAD_VID_HDR : err; 939 940 if (verbose) 941 ubi_warn("no VID header found at PEB %d, " 942 "only 0xFF bytes", pnum); 943 return UBI_IO_PEB_FREE; 944 } 945 946 /* 947 * This is not a valid VID header, and these are not 0xFF 948 * bytes. Report that the header is corrupted. 949 */ 950 if (verbose) { 951 ubi_warn("bad magic number at PEB %d: %08x instead of " 952 "%08x", pnum, magic, UBI_VID_HDR_MAGIC); 953 ubi_dbg_dump_vid_hdr(vid_hdr); 954 } 955 return UBI_IO_BAD_VID_HDR; 956 } 957 958 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC); 959 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc); 960 961 if (hdr_crc != crc) { 962 if (verbose) { 963 ubi_warn("bad CRC at PEB %d, calculated %#08x, " 964 "read %#08x", pnum, crc, hdr_crc); 965 ubi_dbg_dump_vid_hdr(vid_hdr); 966 } 967 return UBI_IO_BAD_VID_HDR; 968 } 969 970 /* Validate the VID header that we have just read */ 971 err = validate_vid_hdr(ubi, vid_hdr); 972 if (err) { 973 ubi_err("validation failed for PEB %d", pnum); 974 return -EINVAL; 975 } 976 977 return read_err ? UBI_IO_BITFLIPS : 0; 978 } 979 980 /** 981 * ubi_io_write_vid_hdr - write a volume identifier header. 982 * @ubi: UBI device description object 983 * @pnum: the physical eraseblock number to write to 984 * @vid_hdr: the volume identifier header to write 985 * 986 * This function writes the volume identifier header described by @vid_hdr to 987 * physical eraseblock @pnum. This function automatically fills the 988 * @vid_hdr->magic and the @vid_hdr->version fields, as well as calculates 989 * header CRC checksum and stores it at vid_hdr->hdr_crc. 990 * 991 * This function returns zero in case of success and a negative error code in 992 * case of failure. If %-EIO is returned, the physical eraseblock probably went 993 * bad. 994 */ 995 int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum, 996 struct ubi_vid_hdr *vid_hdr) 997 { 998 int err; 999 uint32_t crc; 1000 void *p; 1001 1002 dbg_io("write VID header to PEB %d", pnum); 1003 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 1004 1005 err = paranoid_check_peb_ec_hdr(ubi, pnum); 1006 if (err) 1007 return err > 0 ? -EINVAL: err; 1008 1009 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC); 1010 vid_hdr->version = UBI_VERSION; 1011 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC); 1012 vid_hdr->hdr_crc = cpu_to_be32(crc); 1013 1014 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr); 1015 if (err) 1016 return -EINVAL; 1017 1018 p = (char *)vid_hdr - ubi->vid_hdr_shift; 1019 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset, 1020 ubi->vid_hdr_alsize); 1021 return err; 1022 } 1023 1024 #ifdef CONFIG_MTD_UBI_DEBUG_PARANOID 1025 1026 /** 1027 * paranoid_check_not_bad - ensure that a physical eraseblock is not bad. 1028 * @ubi: UBI device description object 1029 * @pnum: physical eraseblock number to check 1030 * 1031 * This function returns zero if the physical eraseblock is good, a positive 1032 * number if it is bad and a negative error code if an error occurred. 1033 */ 1034 static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum) 1035 { 1036 int err; 1037 1038 err = ubi_io_is_bad(ubi, pnum); 1039 if (!err) 1040 return err; 1041 1042 ubi_err("paranoid check failed for PEB %d", pnum); 1043 ubi_dbg_dump_stack(); 1044 return err; 1045 } 1046 1047 /** 1048 * paranoid_check_ec_hdr - check if an erase counter header is all right. 1049 * @ubi: UBI device description object 1050 * @pnum: physical eraseblock number the erase counter header belongs to 1051 * @ec_hdr: the erase counter header to check 1052 * 1053 * This function returns zero if the erase counter header contains valid 1054 * values, and %1 if not. 1055 */ 1056 static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum, 1057 const struct ubi_ec_hdr *ec_hdr) 1058 { 1059 int err; 1060 uint32_t magic; 1061 1062 magic = be32_to_cpu(ec_hdr->magic); 1063 if (magic != UBI_EC_HDR_MAGIC) { 1064 ubi_err("bad magic %#08x, must be %#08x", 1065 magic, UBI_EC_HDR_MAGIC); 1066 goto fail; 1067 } 1068 1069 err = validate_ec_hdr(ubi, ec_hdr); 1070 if (err) { 1071 ubi_err("paranoid check failed for PEB %d", pnum); 1072 goto fail; 1073 } 1074 1075 return 0; 1076 1077 fail: 1078 ubi_dbg_dump_ec_hdr(ec_hdr); 1079 ubi_dbg_dump_stack(); 1080 return 1; 1081 } 1082 1083 /** 1084 * paranoid_check_peb_ec_hdr - check that the erase counter header of a 1085 * physical eraseblock is in-place and is all right. 1086 * @ubi: UBI device description object 1087 * @pnum: the physical eraseblock number to check 1088 * 1089 * This function returns zero if the erase counter header is all right, %1 if 1090 * not, and a negative error code if an error occurred. 1091 */ 1092 static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum) 1093 { 1094 int err; 1095 uint32_t crc, hdr_crc; 1096 struct ubi_ec_hdr *ec_hdr; 1097 1098 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS); 1099 if (!ec_hdr) 1100 return -ENOMEM; 1101 1102 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE); 1103 if (err && err != UBI_IO_BITFLIPS && err != -EBADMSG) 1104 goto exit; 1105 1106 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC); 1107 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc); 1108 if (hdr_crc != crc) { 1109 ubi_err("bad CRC, calculated %#08x, read %#08x", crc, hdr_crc); 1110 ubi_err("paranoid check failed for PEB %d", pnum); 1111 ubi_dbg_dump_ec_hdr(ec_hdr); 1112 ubi_dbg_dump_stack(); 1113 err = 1; 1114 goto exit; 1115 } 1116 1117 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr); 1118 1119 exit: 1120 kfree(ec_hdr); 1121 return err; 1122 } 1123 1124 /** 1125 * paranoid_check_vid_hdr - check that a volume identifier header is all right. 1126 * @ubi: UBI device description object 1127 * @pnum: physical eraseblock number the volume identifier header belongs to 1128 * @vid_hdr: the volume identifier header to check 1129 * 1130 * This function returns zero if the volume identifier header is all right, and 1131 * %1 if not. 1132 */ 1133 static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum, 1134 const struct ubi_vid_hdr *vid_hdr) 1135 { 1136 int err; 1137 uint32_t magic; 1138 1139 magic = be32_to_cpu(vid_hdr->magic); 1140 if (magic != UBI_VID_HDR_MAGIC) { 1141 ubi_err("bad VID header magic %#08x at PEB %d, must be %#08x", 1142 magic, pnum, UBI_VID_HDR_MAGIC); 1143 goto fail; 1144 } 1145 1146 err = validate_vid_hdr(ubi, vid_hdr); 1147 if (err) { 1148 ubi_err("paranoid check failed for PEB %d", pnum); 1149 goto fail; 1150 } 1151 1152 return err; 1153 1154 fail: 1155 ubi_err("paranoid check failed for PEB %d", pnum); 1156 ubi_dbg_dump_vid_hdr(vid_hdr); 1157 ubi_dbg_dump_stack(); 1158 return 1; 1159 1160 } 1161 1162 /** 1163 * paranoid_check_peb_vid_hdr - check that the volume identifier header of a 1164 * physical eraseblock is in-place and is all right. 1165 * @ubi: UBI device description object 1166 * @pnum: the physical eraseblock number to check 1167 * 1168 * This function returns zero if the volume identifier header is all right, 1169 * %1 if not, and a negative error code if an error occurred. 1170 */ 1171 static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum) 1172 { 1173 int err; 1174 uint32_t crc, hdr_crc; 1175 struct ubi_vid_hdr *vid_hdr; 1176 void *p; 1177 1178 vid_hdr = ubi_zalloc_vid_hdr(ubi, GFP_NOFS); 1179 if (!vid_hdr) 1180 return -ENOMEM; 1181 1182 p = (char *)vid_hdr - ubi->vid_hdr_shift; 1183 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset, 1184 ubi->vid_hdr_alsize); 1185 if (err && err != UBI_IO_BITFLIPS && err != -EBADMSG) 1186 goto exit; 1187 1188 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_EC_HDR_SIZE_CRC); 1189 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc); 1190 if (hdr_crc != crc) { 1191 ubi_err("bad VID header CRC at PEB %d, calculated %#08x, " 1192 "read %#08x", pnum, crc, hdr_crc); 1193 ubi_err("paranoid check failed for PEB %d", pnum); 1194 ubi_dbg_dump_vid_hdr(vid_hdr); 1195 ubi_dbg_dump_stack(); 1196 err = 1; 1197 goto exit; 1198 } 1199 1200 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr); 1201 1202 exit: 1203 ubi_free_vid_hdr(ubi, vid_hdr); 1204 return err; 1205 } 1206 1207 /** 1208 * paranoid_check_all_ff - check that a region of flash is empty. 1209 * @ubi: UBI device description object 1210 * @pnum: the physical eraseblock number to check 1211 * @offset: the starting offset within the physical eraseblock to check 1212 * @len: the length of the region to check 1213 * 1214 * This function returns zero if only 0xFF bytes are present at offset 1215 * @offset of the physical eraseblock @pnum, %1 if not, and a negative error 1216 * code if an error occurred. 1217 */ 1218 static int paranoid_check_all_ff(struct ubi_device *ubi, int pnum, int offset, 1219 int len) 1220 { 1221 size_t read; 1222 int err; 1223 loff_t addr = (loff_t)pnum * ubi->peb_size + offset; 1224 1225 mutex_lock(&ubi->dbg_buf_mutex); 1226 err = ubi->mtd->read(ubi->mtd, addr, len, &read, ubi->dbg_peb_buf); 1227 if (err && err != -EUCLEAN) { 1228 ubi_err("error %d while reading %d bytes from PEB %d:%d, " 1229 "read %zd bytes", err, len, pnum, offset, read); 1230 goto error; 1231 } 1232 1233 err = check_pattern(ubi->dbg_peb_buf, 0xFF, len); 1234 if (err == 0) { 1235 ubi_err("flash region at PEB %d:%d, length %d does not " 1236 "contain all 0xFF bytes", pnum, offset, len); 1237 goto fail; 1238 } 1239 mutex_unlock(&ubi->dbg_buf_mutex); 1240 1241 return 0; 1242 1243 fail: 1244 ubi_err("paranoid check failed for PEB %d", pnum); 1245 dbg_msg("hex dump of the %d-%d region", offset, offset + len); 1246 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1, 1247 ubi->dbg_peb_buf, len, 1); 1248 err = 1; 1249 error: 1250 ubi_dbg_dump_stack(); 1251 mutex_unlock(&ubi->dbg_buf_mutex); 1252 return err; 1253 } 1254 1255 #endif /* CONFIG_MTD_UBI_DEBUG_PARANOID */ 1256