1 /* 2 * Copyright (c) International Business Machines Corp., 2006 3 * Copyright (c) Nokia Corporation, 2006, 2007 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 13 * the GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program; if not, write to the Free Software 17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 18 * 19 * Author: Artem Bityutskiy (Битюцкий Артём) 20 */ 21 22 /* 23 * UBI input/output unit. 24 * 25 * This unit provides a uniform way to work with all kinds of the underlying 26 * MTD devices. It also implements handy functions for reading and writing UBI 27 * headers. 28 * 29 * We are trying to have a paranoid mindset and not to trust to what we read 30 * from the flash media in order to be more secure and robust. So this unit 31 * validates every single header it reads from the flash media. 32 * 33 * Some words about how the eraseblock headers are stored. 34 * 35 * The erase counter header is always stored at offset zero. By default, the 36 * VID header is stored after the EC header at the closest aligned offset 37 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID 38 * header at the closest aligned offset. But this default layout may be 39 * changed. For example, for different reasons (e.g., optimization) UBI may be 40 * asked to put the VID header at further offset, and even at an unaligned 41 * offset. Of course, if the offset of the VID header is unaligned, UBI adds 42 * proper padding in front of it. Data offset may also be changed but it has to 43 * be aligned. 44 * 45 * About minimal I/O units. In general, UBI assumes flash device model where 46 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1, 47 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the 48 * @ubi->mtd->writesize field. But as an exception, UBI admits of using another 49 * (smaller) minimal I/O unit size for EC and VID headers to make it possible 50 * to do different optimizations. 51 * 52 * This is extremely useful in case of NAND flashes which admit of several 53 * write operations to one NAND page. In this case UBI can fit EC and VID 54 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal 55 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still 56 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI 57 * users. 58 * 59 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so 60 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID 61 * headers. 62 * 63 * Q: why not just to treat sub-page as a minimal I/O unit of this flash 64 * device, e.g., make @ubi->min_io_size = 512 in the example above? 65 * 66 * A: because when writing a sub-page, MTD still writes a full 2K page but the 67 * bytes which are no relevant to the sub-page are 0xFF. So, basically, writing 68 * 4x512 sub-pages is 4 times slower then writing one 2KiB NAND page. Thus, we 69 * prefer to use sub-pages only for EV and VID headers. 70 * 71 * As it was noted above, the VID header may start at a non-aligned offset. 72 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page, 73 * the VID header may reside at offset 1984 which is the last 64 bytes of the 74 * last sub-page (EC header is always at offset zero). This causes some 75 * difficulties when reading and writing VID headers. 76 * 77 * Suppose we have a 64-byte buffer and we read a VID header at it. We change 78 * the data and want to write this VID header out. As we can only write in 79 * 512-byte chunks, we have to allocate one more buffer and copy our VID header 80 * to offset 448 of this buffer. 81 * 82 * The I/O unit does the following trick in order to avoid this extra copy. 83 * It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID header 84 * and returns a pointer to offset @ubi->vid_hdr_shift of this buffer. When the 85 * VID header is being written out, it shifts the VID header pointer back and 86 * writes the whole sub-page. 87 */ 88 89 #include <linux/crc32.h> 90 #include <linux/err.h> 91 #include "ubi.h" 92 93 #ifdef CONFIG_MTD_UBI_DEBUG_PARANOID 94 static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum); 95 static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum); 96 static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum, 97 const struct ubi_ec_hdr *ec_hdr); 98 static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum); 99 static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum, 100 const struct ubi_vid_hdr *vid_hdr); 101 static int paranoid_check_all_ff(struct ubi_device *ubi, int pnum, int offset, 102 int len); 103 #else 104 #define paranoid_check_not_bad(ubi, pnum) 0 105 #define paranoid_check_peb_ec_hdr(ubi, pnum) 0 106 #define paranoid_check_ec_hdr(ubi, pnum, ec_hdr) 0 107 #define paranoid_check_peb_vid_hdr(ubi, pnum) 0 108 #define paranoid_check_vid_hdr(ubi, pnum, vid_hdr) 0 109 #define paranoid_check_all_ff(ubi, pnum, offset, len) 0 110 #endif 111 112 /** 113 * ubi_io_read - read data from a physical eraseblock. 114 * @ubi: UBI device description object 115 * @buf: buffer where to store the read data 116 * @pnum: physical eraseblock number to read from 117 * @offset: offset within the physical eraseblock from where to read 118 * @len: how many bytes to read 119 * 120 * This function reads data from offset @offset of physical eraseblock @pnum 121 * and stores the read data in the @buf buffer. The following return codes are 122 * possible: 123 * 124 * o %0 if all the requested data were successfully read; 125 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but 126 * correctable bit-flips were detected; this is harmless but may indicate 127 * that this eraseblock may become bad soon (but do not have to); 128 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for 129 * example it can be an ECC error in case of NAND; this most probably means 130 * that the data is corrupted; 131 * o %-EIO if some I/O error occurred; 132 * o other negative error codes in case of other errors. 133 */ 134 int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset, 135 int len) 136 { 137 int err, retries = 0; 138 size_t read; 139 loff_t addr; 140 141 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset); 142 143 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 144 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size); 145 ubi_assert(len > 0); 146 147 err = paranoid_check_not_bad(ubi, pnum); 148 if (err) 149 return err > 0 ? -EINVAL : err; 150 151 addr = (loff_t)pnum * ubi->peb_size + offset; 152 retry: 153 err = ubi->mtd->read(ubi->mtd, addr, len, &read, buf); 154 if (err) { 155 if (err == -EUCLEAN) { 156 /* 157 * -EUCLEAN is reported if there was a bit-flip which 158 * was corrected, so this is harmless. 159 */ 160 ubi_msg("fixable bit-flip detected at PEB %d", pnum); 161 ubi_assert(len == read); 162 return UBI_IO_BITFLIPS; 163 } 164 165 if (read != len && retries++ < UBI_IO_RETRIES) { 166 dbg_io("error %d while reading %d bytes from PEB %d:%d, " 167 "read only %zd bytes, retry", 168 err, len, pnum, offset, read); 169 yield(); 170 goto retry; 171 } 172 173 ubi_err("error %d while reading %d bytes from PEB %d:%d, " 174 "read %zd bytes", err, len, pnum, offset, read); 175 ubi_dbg_dump_stack(); 176 177 /* 178 * The driver should never return -EBADMSG if it failed to read 179 * all the requested data. But some buggy drivers might do 180 * this, so we change it to -EIO. 181 */ 182 if (read != len && err == -EBADMSG) { 183 ubi_assert(0); 184 err = -EIO; 185 } 186 } else { 187 ubi_assert(len == read); 188 189 if (ubi_dbg_is_bitflip()) { 190 dbg_msg("bit-flip (emulated)"); 191 err = UBI_IO_BITFLIPS; 192 } 193 } 194 195 return err; 196 } 197 198 /** 199 * ubi_io_write - write data to a physical eraseblock. 200 * @ubi: UBI device description object 201 * @buf: buffer with the data to write 202 * @pnum: physical eraseblock number to write to 203 * @offset: offset within the physical eraseblock where to write 204 * @len: how many bytes to write 205 * 206 * This function writes @len bytes of data from buffer @buf to offset @offset 207 * of physical eraseblock @pnum. If all the data were successfully written, 208 * zero is returned. If an error occurred, this function returns a negative 209 * error code. If %-EIO is returned, the physical eraseblock most probably went 210 * bad. 211 * 212 * Note, in case of an error, it is possible that something was still written 213 * to the flash media, but may be some garbage. 214 */ 215 int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset, 216 int len) 217 { 218 int err; 219 size_t written; 220 loff_t addr; 221 222 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset); 223 224 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 225 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size); 226 ubi_assert(offset % ubi->hdrs_min_io_size == 0); 227 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0); 228 229 if (ubi->ro_mode) { 230 ubi_err("read-only mode"); 231 return -EROFS; 232 } 233 234 /* The below has to be compiled out if paranoid checks are disabled */ 235 236 err = paranoid_check_not_bad(ubi, pnum); 237 if (err) 238 return err > 0 ? -EINVAL : err; 239 240 /* The area we are writing to has to contain all 0xFF bytes */ 241 err = paranoid_check_all_ff(ubi, pnum, offset, len); 242 if (err) 243 return err > 0 ? -EINVAL : err; 244 245 if (offset >= ubi->leb_start) { 246 /* 247 * We write to the data area of the physical eraseblock. Make 248 * sure it has valid EC and VID headers. 249 */ 250 err = paranoid_check_peb_ec_hdr(ubi, pnum); 251 if (err) 252 return err > 0 ? -EINVAL : err; 253 err = paranoid_check_peb_vid_hdr(ubi, pnum); 254 if (err) 255 return err > 0 ? -EINVAL : err; 256 } 257 258 if (ubi_dbg_is_write_failure()) { 259 dbg_err("cannot write %d bytes to PEB %d:%d " 260 "(emulated)", len, pnum, offset); 261 ubi_dbg_dump_stack(); 262 return -EIO; 263 } 264 265 addr = (loff_t)pnum * ubi->peb_size + offset; 266 err = ubi->mtd->write(ubi->mtd, addr, len, &written, buf); 267 if (err) { 268 ubi_err("error %d while writing %d bytes to PEB %d:%d, written" 269 " %zd bytes", err, len, pnum, offset, written); 270 ubi_dbg_dump_stack(); 271 } else 272 ubi_assert(written == len); 273 274 return err; 275 } 276 277 /** 278 * erase_callback - MTD erasure call-back. 279 * @ei: MTD erase information object. 280 * 281 * Note, even though MTD erase interface is asynchronous, all the current 282 * implementations are synchronous anyway. 283 */ 284 static void erase_callback(struct erase_info *ei) 285 { 286 wake_up_interruptible((wait_queue_head_t *)ei->priv); 287 } 288 289 /** 290 * do_sync_erase - synchronously erase a physical eraseblock. 291 * @ubi: UBI device description object 292 * @pnum: the physical eraseblock number to erase 293 * 294 * This function synchronously erases physical eraseblock @pnum and returns 295 * zero in case of success and a negative error code in case of failure. If 296 * %-EIO is returned, the physical eraseblock most probably went bad. 297 */ 298 static int do_sync_erase(struct ubi_device *ubi, int pnum) 299 { 300 int err, retries = 0; 301 struct erase_info ei; 302 wait_queue_head_t wq; 303 304 dbg_io("erase PEB %d", pnum); 305 306 retry: 307 init_waitqueue_head(&wq); 308 memset(&ei, 0, sizeof(struct erase_info)); 309 310 ei.mtd = ubi->mtd; 311 ei.addr = (loff_t)pnum * ubi->peb_size; 312 ei.len = ubi->peb_size; 313 ei.callback = erase_callback; 314 ei.priv = (unsigned long)&wq; 315 316 err = ubi->mtd->erase(ubi->mtd, &ei); 317 if (err) { 318 if (retries++ < UBI_IO_RETRIES) { 319 dbg_io("error %d while erasing PEB %d, retry", 320 err, pnum); 321 yield(); 322 goto retry; 323 } 324 ubi_err("cannot erase PEB %d, error %d", pnum, err); 325 ubi_dbg_dump_stack(); 326 return err; 327 } 328 329 err = wait_event_interruptible(wq, ei.state == MTD_ERASE_DONE || 330 ei.state == MTD_ERASE_FAILED); 331 if (err) { 332 ubi_err("interrupted PEB %d erasure", pnum); 333 return -EINTR; 334 } 335 336 if (ei.state == MTD_ERASE_FAILED) { 337 if (retries++ < UBI_IO_RETRIES) { 338 dbg_io("error while erasing PEB %d, retry", pnum); 339 yield(); 340 goto retry; 341 } 342 ubi_err("cannot erase PEB %d", pnum); 343 ubi_dbg_dump_stack(); 344 return -EIO; 345 } 346 347 err = paranoid_check_all_ff(ubi, pnum, 0, ubi->peb_size); 348 if (err) 349 return err > 0 ? -EINVAL : err; 350 351 if (ubi_dbg_is_erase_failure() && !err) { 352 dbg_err("cannot erase PEB %d (emulated)", pnum); 353 return -EIO; 354 } 355 356 return 0; 357 } 358 359 /** 360 * check_pattern - check if buffer contains only a certain byte pattern. 361 * @buf: buffer to check 362 * @patt: the pattern to check 363 * @size: buffer size in bytes 364 * 365 * This function returns %1 in there are only @patt bytes in @buf, and %0 if 366 * something else was also found. 367 */ 368 static int check_pattern(const void *buf, uint8_t patt, int size) 369 { 370 int i; 371 372 for (i = 0; i < size; i++) 373 if (((const uint8_t *)buf)[i] != patt) 374 return 0; 375 return 1; 376 } 377 378 /* Patterns to write to a physical eraseblock when torturing it */ 379 static uint8_t patterns[] = {0xa5, 0x5a, 0x0}; 380 381 /** 382 * torture_peb - test a supposedly bad physical eraseblock. 383 * @ubi: UBI device description object 384 * @pnum: the physical eraseblock number to test 385 * 386 * This function returns %-EIO if the physical eraseblock did not pass the 387 * test, a positive number of erase operations done if the test was 388 * successfully passed, and other negative error codes in case of other errors. 389 */ 390 static int torture_peb(struct ubi_device *ubi, int pnum) 391 { 392 int err, i, patt_count; 393 394 patt_count = ARRAY_SIZE(patterns); 395 ubi_assert(patt_count > 0); 396 397 mutex_lock(&ubi->buf_mutex); 398 for (i = 0; i < patt_count; i++) { 399 err = do_sync_erase(ubi, pnum); 400 if (err) 401 goto out; 402 403 /* Make sure the PEB contains only 0xFF bytes */ 404 err = ubi_io_read(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size); 405 if (err) 406 goto out; 407 408 err = check_pattern(ubi->peb_buf1, 0xFF, ubi->peb_size); 409 if (err == 0) { 410 ubi_err("erased PEB %d, but a non-0xFF byte found", 411 pnum); 412 err = -EIO; 413 goto out; 414 } 415 416 /* Write a pattern and check it */ 417 memset(ubi->peb_buf1, patterns[i], ubi->peb_size); 418 err = ubi_io_write(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size); 419 if (err) 420 goto out; 421 422 memset(ubi->peb_buf1, ~patterns[i], ubi->peb_size); 423 err = ubi_io_read(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size); 424 if (err) 425 goto out; 426 427 err = check_pattern(ubi->peb_buf1, patterns[i], ubi->peb_size); 428 if (err == 0) { 429 ubi_err("pattern %x checking failed for PEB %d", 430 patterns[i], pnum); 431 err = -EIO; 432 goto out; 433 } 434 } 435 436 err = patt_count; 437 438 out: 439 mutex_unlock(&ubi->buf_mutex); 440 if (err == UBI_IO_BITFLIPS || err == -EBADMSG) { 441 /* 442 * If a bit-flip or data integrity error was detected, the test 443 * has not passed because it happened on a freshly erased 444 * physical eraseblock which means something is wrong with it. 445 */ 446 ubi_err("read problems on freshly erased PEB %d, must be bad", 447 pnum); 448 err = -EIO; 449 } 450 return err; 451 } 452 453 /** 454 * ubi_io_sync_erase - synchronously erase a physical eraseblock. 455 * @ubi: UBI device description object 456 * @pnum: physical eraseblock number to erase 457 * @torture: if this physical eraseblock has to be tortured 458 * 459 * This function synchronously erases physical eraseblock @pnum. If @torture 460 * flag is not zero, the physical eraseblock is checked by means of writing 461 * different patterns to it and reading them back. If the torturing is enabled, 462 * the physical eraseblock is erased more then once. 463 * 464 * This function returns the number of erasures made in case of success, %-EIO 465 * if the erasure failed or the torturing test failed, and other negative error 466 * codes in case of other errors. Note, %-EIO means that the physical 467 * eraseblock is bad. 468 */ 469 int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture) 470 { 471 int err, ret = 0; 472 473 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 474 475 err = paranoid_check_not_bad(ubi, pnum); 476 if (err != 0) 477 return err > 0 ? -EINVAL : err; 478 479 if (ubi->ro_mode) { 480 ubi_err("read-only mode"); 481 return -EROFS; 482 } 483 484 if (torture) { 485 ret = torture_peb(ubi, pnum); 486 if (ret < 0) 487 return ret; 488 } 489 490 err = do_sync_erase(ubi, pnum); 491 if (err) 492 return err; 493 494 return ret + 1; 495 } 496 497 /** 498 * ubi_io_is_bad - check if a physical eraseblock is bad. 499 * @ubi: UBI device description object 500 * @pnum: the physical eraseblock number to check 501 * 502 * This function returns a positive number if the physical eraseblock is bad, 503 * zero if not, and a negative error code if an error occurred. 504 */ 505 int ubi_io_is_bad(const struct ubi_device *ubi, int pnum) 506 { 507 struct mtd_info *mtd = ubi->mtd; 508 509 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 510 511 if (ubi->bad_allowed) { 512 int ret; 513 514 ret = mtd->block_isbad(mtd, (loff_t)pnum * ubi->peb_size); 515 if (ret < 0) 516 ubi_err("error %d while checking if PEB %d is bad", 517 ret, pnum); 518 else if (ret) 519 dbg_io("PEB %d is bad", pnum); 520 return ret; 521 } 522 523 return 0; 524 } 525 526 /** 527 * ubi_io_mark_bad - mark a physical eraseblock as bad. 528 * @ubi: UBI device description object 529 * @pnum: the physical eraseblock number to mark 530 * 531 * This function returns zero in case of success and a negative error code in 532 * case of failure. 533 */ 534 int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum) 535 { 536 int err; 537 struct mtd_info *mtd = ubi->mtd; 538 539 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 540 541 if (ubi->ro_mode) { 542 ubi_err("read-only mode"); 543 return -EROFS; 544 } 545 546 if (!ubi->bad_allowed) 547 return 0; 548 549 err = mtd->block_markbad(mtd, (loff_t)pnum * ubi->peb_size); 550 if (err) 551 ubi_err("cannot mark PEB %d bad, error %d", pnum, err); 552 return err; 553 } 554 555 /** 556 * validate_ec_hdr - validate an erase counter header. 557 * @ubi: UBI device description object 558 * @ec_hdr: the erase counter header to check 559 * 560 * This function returns zero if the erase counter header is OK, and %1 if 561 * not. 562 */ 563 static int validate_ec_hdr(const struct ubi_device *ubi, 564 const struct ubi_ec_hdr *ec_hdr) 565 { 566 long long ec; 567 int vid_hdr_offset, leb_start; 568 569 ec = be64_to_cpu(ec_hdr->ec); 570 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset); 571 leb_start = be32_to_cpu(ec_hdr->data_offset); 572 573 if (ec_hdr->version != UBI_VERSION) { 574 ubi_err("node with incompatible UBI version found: " 575 "this UBI version is %d, image version is %d", 576 UBI_VERSION, (int)ec_hdr->version); 577 goto bad; 578 } 579 580 if (vid_hdr_offset != ubi->vid_hdr_offset) { 581 ubi_err("bad VID header offset %d, expected %d", 582 vid_hdr_offset, ubi->vid_hdr_offset); 583 goto bad; 584 } 585 586 if (leb_start != ubi->leb_start) { 587 ubi_err("bad data offset %d, expected %d", 588 leb_start, ubi->leb_start); 589 goto bad; 590 } 591 592 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) { 593 ubi_err("bad erase counter %lld", ec); 594 goto bad; 595 } 596 597 return 0; 598 599 bad: 600 ubi_err("bad EC header"); 601 ubi_dbg_dump_ec_hdr(ec_hdr); 602 ubi_dbg_dump_stack(); 603 return 1; 604 } 605 606 /** 607 * ubi_io_read_ec_hdr - read and check an erase counter header. 608 * @ubi: UBI device description object 609 * @pnum: physical eraseblock to read from 610 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter 611 * header 612 * @verbose: be verbose if the header is corrupted or was not found 613 * 614 * This function reads erase counter header from physical eraseblock @pnum and 615 * stores it in @ec_hdr. This function also checks CRC checksum of the read 616 * erase counter header. The following codes may be returned: 617 * 618 * o %0 if the CRC checksum is correct and the header was successfully read; 619 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected 620 * and corrected by the flash driver; this is harmless but may indicate that 621 * this eraseblock may become bad soon (but may be not); 622 * o %UBI_IO_BAD_EC_HDR if the erase counter header is corrupted (a CRC error); 623 * o %UBI_IO_PEB_EMPTY if the physical eraseblock is empty; 624 * o a negative error code in case of failure. 625 */ 626 int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum, 627 struct ubi_ec_hdr *ec_hdr, int verbose) 628 { 629 int err, read_err = 0; 630 uint32_t crc, magic, hdr_crc; 631 632 dbg_io("read EC header from PEB %d", pnum); 633 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 634 if (UBI_IO_DEBUG) 635 verbose = 1; 636 637 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE); 638 if (err) { 639 if (err != UBI_IO_BITFLIPS && err != -EBADMSG) 640 return err; 641 642 /* 643 * We read all the data, but either a correctable bit-flip 644 * occurred, or MTD reported about some data integrity error, 645 * like an ECC error in case of NAND. The former is harmless, 646 * the later may mean that the read data is corrupted. But we 647 * have a CRC check-sum and we will detect this. If the EC 648 * header is still OK, we just report this as there was a 649 * bit-flip. 650 */ 651 read_err = err; 652 } 653 654 magic = be32_to_cpu(ec_hdr->magic); 655 if (magic != UBI_EC_HDR_MAGIC) { 656 /* 657 * The magic field is wrong. Let's check if we have read all 658 * 0xFF. If yes, this physical eraseblock is assumed to be 659 * empty. 660 * 661 * But if there was a read error, we do not test it for all 662 * 0xFFs. Even if it does contain all 0xFFs, this error 663 * indicates that something is still wrong with this physical 664 * eraseblock and we anyway cannot treat it as empty. 665 */ 666 if (read_err != -EBADMSG && 667 check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) { 668 /* The physical eraseblock is supposedly empty */ 669 670 /* 671 * The below is just a paranoid check, it has to be 672 * compiled out if paranoid checks are disabled. 673 */ 674 err = paranoid_check_all_ff(ubi, pnum, 0, 675 ubi->peb_size); 676 if (err) 677 return err > 0 ? UBI_IO_BAD_EC_HDR : err; 678 679 if (verbose) 680 ubi_warn("no EC header found at PEB %d, " 681 "only 0xFF bytes", pnum); 682 return UBI_IO_PEB_EMPTY; 683 } 684 685 /* 686 * This is not a valid erase counter header, and these are not 687 * 0xFF bytes. Report that the header is corrupted. 688 */ 689 if (verbose) { 690 ubi_warn("bad magic number at PEB %d: %08x instead of " 691 "%08x", pnum, magic, UBI_EC_HDR_MAGIC); 692 ubi_dbg_dump_ec_hdr(ec_hdr); 693 } 694 return UBI_IO_BAD_EC_HDR; 695 } 696 697 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC); 698 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc); 699 700 if (hdr_crc != crc) { 701 if (verbose) { 702 ubi_warn("bad EC header CRC at PEB %d, calculated %#08x," 703 " read %#08x", pnum, crc, hdr_crc); 704 ubi_dbg_dump_ec_hdr(ec_hdr); 705 } 706 return UBI_IO_BAD_EC_HDR; 707 } 708 709 /* And of course validate what has just been read from the media */ 710 err = validate_ec_hdr(ubi, ec_hdr); 711 if (err) { 712 ubi_err("validation failed for PEB %d", pnum); 713 return -EINVAL; 714 } 715 716 return read_err ? UBI_IO_BITFLIPS : 0; 717 } 718 719 /** 720 * ubi_io_write_ec_hdr - write an erase counter header. 721 * @ubi: UBI device description object 722 * @pnum: physical eraseblock to write to 723 * @ec_hdr: the erase counter header to write 724 * 725 * This function writes erase counter header described by @ec_hdr to physical 726 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so 727 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec 728 * field. 729 * 730 * This function returns zero in case of success and a negative error code in 731 * case of failure. If %-EIO is returned, the physical eraseblock most probably 732 * went bad. 733 */ 734 int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum, 735 struct ubi_ec_hdr *ec_hdr) 736 { 737 int err; 738 uint32_t crc; 739 740 dbg_io("write EC header to PEB %d", pnum); 741 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 742 743 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC); 744 ec_hdr->version = UBI_VERSION; 745 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset); 746 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start); 747 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC); 748 ec_hdr->hdr_crc = cpu_to_be32(crc); 749 750 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr); 751 if (err) 752 return -EINVAL; 753 754 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize); 755 return err; 756 } 757 758 /** 759 * validate_vid_hdr - validate a volume identifier header. 760 * @ubi: UBI device description object 761 * @vid_hdr: the volume identifier header to check 762 * 763 * This function checks that data stored in the volume identifier header 764 * @vid_hdr. Returns zero if the VID header is OK and %1 if not. 765 */ 766 static int validate_vid_hdr(const struct ubi_device *ubi, 767 const struct ubi_vid_hdr *vid_hdr) 768 { 769 int vol_type = vid_hdr->vol_type; 770 int copy_flag = vid_hdr->copy_flag; 771 int vol_id = be32_to_cpu(vid_hdr->vol_id); 772 int lnum = be32_to_cpu(vid_hdr->lnum); 773 int compat = vid_hdr->compat; 774 int data_size = be32_to_cpu(vid_hdr->data_size); 775 int used_ebs = be32_to_cpu(vid_hdr->used_ebs); 776 int data_pad = be32_to_cpu(vid_hdr->data_pad); 777 int data_crc = be32_to_cpu(vid_hdr->data_crc); 778 int usable_leb_size = ubi->leb_size - data_pad; 779 780 if (copy_flag != 0 && copy_flag != 1) { 781 dbg_err("bad copy_flag"); 782 goto bad; 783 } 784 785 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 || 786 data_pad < 0) { 787 dbg_err("negative values"); 788 goto bad; 789 } 790 791 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) { 792 dbg_err("bad vol_id"); 793 goto bad; 794 } 795 796 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) { 797 dbg_err("bad compat"); 798 goto bad; 799 } 800 801 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE && 802 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE && 803 compat != UBI_COMPAT_REJECT) { 804 dbg_err("bad compat"); 805 goto bad; 806 } 807 808 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) { 809 dbg_err("bad vol_type"); 810 goto bad; 811 } 812 813 if (data_pad >= ubi->leb_size / 2) { 814 dbg_err("bad data_pad"); 815 goto bad; 816 } 817 818 if (vol_type == UBI_VID_STATIC) { 819 /* 820 * Although from high-level point of view static volumes may 821 * contain zero bytes of data, but no VID headers can contain 822 * zero at these fields, because they empty volumes do not have 823 * mapped logical eraseblocks. 824 */ 825 if (used_ebs == 0) { 826 dbg_err("zero used_ebs"); 827 goto bad; 828 } 829 if (data_size == 0) { 830 dbg_err("zero data_size"); 831 goto bad; 832 } 833 if (lnum < used_ebs - 1) { 834 if (data_size != usable_leb_size) { 835 dbg_err("bad data_size"); 836 goto bad; 837 } 838 } else if (lnum == used_ebs - 1) { 839 if (data_size == 0) { 840 dbg_err("bad data_size at last LEB"); 841 goto bad; 842 } 843 } else { 844 dbg_err("too high lnum"); 845 goto bad; 846 } 847 } else { 848 if (copy_flag == 0) { 849 if (data_crc != 0) { 850 dbg_err("non-zero data CRC"); 851 goto bad; 852 } 853 if (data_size != 0) { 854 dbg_err("non-zero data_size"); 855 goto bad; 856 } 857 } else { 858 if (data_size == 0) { 859 dbg_err("zero data_size of copy"); 860 goto bad; 861 } 862 } 863 if (used_ebs != 0) { 864 dbg_err("bad used_ebs"); 865 goto bad; 866 } 867 } 868 869 return 0; 870 871 bad: 872 ubi_err("bad VID header"); 873 ubi_dbg_dump_vid_hdr(vid_hdr); 874 ubi_dbg_dump_stack(); 875 return 1; 876 } 877 878 /** 879 * ubi_io_read_vid_hdr - read and check a volume identifier header. 880 * @ubi: UBI device description object 881 * @pnum: physical eraseblock number to read from 882 * @vid_hdr: &struct ubi_vid_hdr object where to store the read volume 883 * identifier header 884 * @verbose: be verbose if the header is corrupted or wasn't found 885 * 886 * This function reads the volume identifier header from physical eraseblock 887 * @pnum and stores it in @vid_hdr. It also checks CRC checksum of the read 888 * volume identifier header. The following codes may be returned: 889 * 890 * o %0 if the CRC checksum is correct and the header was successfully read; 891 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected 892 * and corrected by the flash driver; this is harmless but may indicate that 893 * this eraseblock may become bad soon; 894 * o %UBI_IO_BAD_VID_HRD if the volume identifier header is corrupted (a CRC 895 * error detected); 896 * o %UBI_IO_PEB_FREE if the physical eraseblock is free (i.e., there is no VID 897 * header there); 898 * o a negative error code in case of failure. 899 */ 900 int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum, 901 struct ubi_vid_hdr *vid_hdr, int verbose) 902 { 903 int err, read_err = 0; 904 uint32_t crc, magic, hdr_crc; 905 void *p; 906 907 dbg_io("read VID header from PEB %d", pnum); 908 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 909 if (UBI_IO_DEBUG) 910 verbose = 1; 911 912 p = (char *)vid_hdr - ubi->vid_hdr_shift; 913 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset, 914 ubi->vid_hdr_alsize); 915 if (err) { 916 if (err != UBI_IO_BITFLIPS && err != -EBADMSG) 917 return err; 918 919 /* 920 * We read all the data, but either a correctable bit-flip 921 * occurred, or MTD reported about some data integrity error, 922 * like an ECC error in case of NAND. The former is harmless, 923 * the later may mean the read data is corrupted. But we have a 924 * CRC check-sum and we will identify this. If the VID header is 925 * still OK, we just report this as there was a bit-flip. 926 */ 927 read_err = err; 928 } 929 930 magic = be32_to_cpu(vid_hdr->magic); 931 if (magic != UBI_VID_HDR_MAGIC) { 932 /* 933 * If we have read all 0xFF bytes, the VID header probably does 934 * not exist and the physical eraseblock is assumed to be free. 935 * 936 * But if there was a read error, we do not test the data for 937 * 0xFFs. Even if it does contain all 0xFFs, this error 938 * indicates that something is still wrong with this physical 939 * eraseblock and it cannot be regarded as free. 940 */ 941 if (read_err != -EBADMSG && 942 check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) { 943 /* The physical eraseblock is supposedly free */ 944 945 /* 946 * The below is just a paranoid check, it has to be 947 * compiled out if paranoid checks are disabled. 948 */ 949 err = paranoid_check_all_ff(ubi, pnum, ubi->leb_start, 950 ubi->leb_size); 951 if (err) 952 return err > 0 ? UBI_IO_BAD_VID_HDR : err; 953 954 if (verbose) 955 ubi_warn("no VID header found at PEB %d, " 956 "only 0xFF bytes", pnum); 957 return UBI_IO_PEB_FREE; 958 } 959 960 /* 961 * This is not a valid VID header, and these are not 0xFF 962 * bytes. Report that the header is corrupted. 963 */ 964 if (verbose) { 965 ubi_warn("bad magic number at PEB %d: %08x instead of " 966 "%08x", pnum, magic, UBI_VID_HDR_MAGIC); 967 ubi_dbg_dump_vid_hdr(vid_hdr); 968 } 969 return UBI_IO_BAD_VID_HDR; 970 } 971 972 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC); 973 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc); 974 975 if (hdr_crc != crc) { 976 if (verbose) { 977 ubi_warn("bad CRC at PEB %d, calculated %#08x, " 978 "read %#08x", pnum, crc, hdr_crc); 979 ubi_dbg_dump_vid_hdr(vid_hdr); 980 } 981 return UBI_IO_BAD_VID_HDR; 982 } 983 984 /* Validate the VID header that we have just read */ 985 err = validate_vid_hdr(ubi, vid_hdr); 986 if (err) { 987 ubi_err("validation failed for PEB %d", pnum); 988 return -EINVAL; 989 } 990 991 return read_err ? UBI_IO_BITFLIPS : 0; 992 } 993 994 /** 995 * ubi_io_write_vid_hdr - write a volume identifier header. 996 * @ubi: UBI device description object 997 * @pnum: the physical eraseblock number to write to 998 * @vid_hdr: the volume identifier header to write 999 * 1000 * This function writes the volume identifier header described by @vid_hdr to 1001 * physical eraseblock @pnum. This function automatically fills the 1002 * @vid_hdr->magic and the @vid_hdr->version fields, as well as calculates 1003 * header CRC checksum and stores it at vid_hdr->hdr_crc. 1004 * 1005 * This function returns zero in case of success and a negative error code in 1006 * case of failure. If %-EIO is returned, the physical eraseblock probably went 1007 * bad. 1008 */ 1009 int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum, 1010 struct ubi_vid_hdr *vid_hdr) 1011 { 1012 int err; 1013 uint32_t crc; 1014 void *p; 1015 1016 dbg_io("write VID header to PEB %d", pnum); 1017 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 1018 1019 err = paranoid_check_peb_ec_hdr(ubi, pnum); 1020 if (err) 1021 return err > 0 ? -EINVAL: err; 1022 1023 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC); 1024 vid_hdr->version = UBI_VERSION; 1025 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC); 1026 vid_hdr->hdr_crc = cpu_to_be32(crc); 1027 1028 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr); 1029 if (err) 1030 return -EINVAL; 1031 1032 p = (char *)vid_hdr - ubi->vid_hdr_shift; 1033 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset, 1034 ubi->vid_hdr_alsize); 1035 return err; 1036 } 1037 1038 #ifdef CONFIG_MTD_UBI_DEBUG_PARANOID 1039 1040 /** 1041 * paranoid_check_not_bad - ensure that a physical eraseblock is not bad. 1042 * @ubi: UBI device description object 1043 * @pnum: physical eraseblock number to check 1044 * 1045 * This function returns zero if the physical eraseblock is good, a positive 1046 * number if it is bad and a negative error code if an error occurred. 1047 */ 1048 static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum) 1049 { 1050 int err; 1051 1052 err = ubi_io_is_bad(ubi, pnum); 1053 if (!err) 1054 return err; 1055 1056 ubi_err("paranoid check failed for PEB %d", pnum); 1057 ubi_dbg_dump_stack(); 1058 return err; 1059 } 1060 1061 /** 1062 * paranoid_check_ec_hdr - check if an erase counter header is all right. 1063 * @ubi: UBI device description object 1064 * @pnum: physical eraseblock number the erase counter header belongs to 1065 * @ec_hdr: the erase counter header to check 1066 * 1067 * This function returns zero if the erase counter header contains valid 1068 * values, and %1 if not. 1069 */ 1070 static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum, 1071 const struct ubi_ec_hdr *ec_hdr) 1072 { 1073 int err; 1074 uint32_t magic; 1075 1076 magic = be32_to_cpu(ec_hdr->magic); 1077 if (magic != UBI_EC_HDR_MAGIC) { 1078 ubi_err("bad magic %#08x, must be %#08x", 1079 magic, UBI_EC_HDR_MAGIC); 1080 goto fail; 1081 } 1082 1083 err = validate_ec_hdr(ubi, ec_hdr); 1084 if (err) { 1085 ubi_err("paranoid check failed for PEB %d", pnum); 1086 goto fail; 1087 } 1088 1089 return 0; 1090 1091 fail: 1092 ubi_dbg_dump_ec_hdr(ec_hdr); 1093 ubi_dbg_dump_stack(); 1094 return 1; 1095 } 1096 1097 /** 1098 * paranoid_check_peb_ec_hdr - check that the erase counter header of a 1099 * physical eraseblock is in-place and is all right. 1100 * @ubi: UBI device description object 1101 * @pnum: the physical eraseblock number to check 1102 * 1103 * This function returns zero if the erase counter header is all right, %1 if 1104 * not, and a negative error code if an error occurred. 1105 */ 1106 static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum) 1107 { 1108 int err; 1109 uint32_t crc, hdr_crc; 1110 struct ubi_ec_hdr *ec_hdr; 1111 1112 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS); 1113 if (!ec_hdr) 1114 return -ENOMEM; 1115 1116 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE); 1117 if (err && err != UBI_IO_BITFLIPS && err != -EBADMSG) 1118 goto exit; 1119 1120 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC); 1121 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc); 1122 if (hdr_crc != crc) { 1123 ubi_err("bad CRC, calculated %#08x, read %#08x", crc, hdr_crc); 1124 ubi_err("paranoid check failed for PEB %d", pnum); 1125 ubi_dbg_dump_ec_hdr(ec_hdr); 1126 ubi_dbg_dump_stack(); 1127 err = 1; 1128 goto exit; 1129 } 1130 1131 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr); 1132 1133 exit: 1134 kfree(ec_hdr); 1135 return err; 1136 } 1137 1138 /** 1139 * paranoid_check_vid_hdr - check that a volume identifier header is all right. 1140 * @ubi: UBI device description object 1141 * @pnum: physical eraseblock number the volume identifier header belongs to 1142 * @vid_hdr: the volume identifier header to check 1143 * 1144 * This function returns zero if the volume identifier header is all right, and 1145 * %1 if not. 1146 */ 1147 static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum, 1148 const struct ubi_vid_hdr *vid_hdr) 1149 { 1150 int err; 1151 uint32_t magic; 1152 1153 magic = be32_to_cpu(vid_hdr->magic); 1154 if (magic != UBI_VID_HDR_MAGIC) { 1155 ubi_err("bad VID header magic %#08x at PEB %d, must be %#08x", 1156 magic, pnum, UBI_VID_HDR_MAGIC); 1157 goto fail; 1158 } 1159 1160 err = validate_vid_hdr(ubi, vid_hdr); 1161 if (err) { 1162 ubi_err("paranoid check failed for PEB %d", pnum); 1163 goto fail; 1164 } 1165 1166 return err; 1167 1168 fail: 1169 ubi_err("paranoid check failed for PEB %d", pnum); 1170 ubi_dbg_dump_vid_hdr(vid_hdr); 1171 ubi_dbg_dump_stack(); 1172 return 1; 1173 1174 } 1175 1176 /** 1177 * paranoid_check_peb_vid_hdr - check that the volume identifier header of a 1178 * physical eraseblock is in-place and is all right. 1179 * @ubi: UBI device description object 1180 * @pnum: the physical eraseblock number to check 1181 * 1182 * This function returns zero if the volume identifier header is all right, 1183 * %1 if not, and a negative error code if an error occurred. 1184 */ 1185 static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum) 1186 { 1187 int err; 1188 uint32_t crc, hdr_crc; 1189 struct ubi_vid_hdr *vid_hdr; 1190 void *p; 1191 1192 vid_hdr = ubi_zalloc_vid_hdr(ubi, GFP_NOFS); 1193 if (!vid_hdr) 1194 return -ENOMEM; 1195 1196 p = (char *)vid_hdr - ubi->vid_hdr_shift; 1197 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset, 1198 ubi->vid_hdr_alsize); 1199 if (err && err != UBI_IO_BITFLIPS && err != -EBADMSG) 1200 goto exit; 1201 1202 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_EC_HDR_SIZE_CRC); 1203 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc); 1204 if (hdr_crc != crc) { 1205 ubi_err("bad VID header CRC at PEB %d, calculated %#08x, " 1206 "read %#08x", pnum, crc, hdr_crc); 1207 ubi_err("paranoid check failed for PEB %d", pnum); 1208 ubi_dbg_dump_vid_hdr(vid_hdr); 1209 ubi_dbg_dump_stack(); 1210 err = 1; 1211 goto exit; 1212 } 1213 1214 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr); 1215 1216 exit: 1217 ubi_free_vid_hdr(ubi, vid_hdr); 1218 return err; 1219 } 1220 1221 /** 1222 * paranoid_check_all_ff - check that a region of flash is empty. 1223 * @ubi: UBI device description object 1224 * @pnum: the physical eraseblock number to check 1225 * @offset: the starting offset within the physical eraseblock to check 1226 * @len: the length of the region to check 1227 * 1228 * This function returns zero if only 0xFF bytes are present at offset 1229 * @offset of the physical eraseblock @pnum, %1 if not, and a negative error 1230 * code if an error occurred. 1231 */ 1232 static int paranoid_check_all_ff(struct ubi_device *ubi, int pnum, int offset, 1233 int len) 1234 { 1235 size_t read; 1236 int err; 1237 loff_t addr = (loff_t)pnum * ubi->peb_size + offset; 1238 1239 mutex_lock(&ubi->dbg_buf_mutex); 1240 err = ubi->mtd->read(ubi->mtd, addr, len, &read, ubi->dbg_peb_buf); 1241 if (err && err != -EUCLEAN) { 1242 ubi_err("error %d while reading %d bytes from PEB %d:%d, " 1243 "read %zd bytes", err, len, pnum, offset, read); 1244 goto error; 1245 } 1246 1247 err = check_pattern(ubi->dbg_peb_buf, 0xFF, len); 1248 if (err == 0) { 1249 ubi_err("flash region at PEB %d:%d, length %d does not " 1250 "contain all 0xFF bytes", pnum, offset, len); 1251 goto fail; 1252 } 1253 mutex_unlock(&ubi->dbg_buf_mutex); 1254 1255 return 0; 1256 1257 fail: 1258 ubi_err("paranoid check failed for PEB %d", pnum); 1259 dbg_msg("hex dump of the %d-%d region", offset, offset + len); 1260 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1, 1261 ubi->dbg_peb_buf, len, 1); 1262 err = 1; 1263 error: 1264 ubi_dbg_dump_stack(); 1265 mutex_unlock(&ubi->dbg_buf_mutex); 1266 return err; 1267 } 1268 1269 #endif /* CONFIG_MTD_UBI_DEBUG_PARANOID */ 1270