1 /* 2 * Copyright (c) International Business Machines Corp., 2006 3 * Copyright (c) Nokia Corporation, 2006, 2007 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 13 * the GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program; if not, write to the Free Software 17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 18 * 19 * Author: Artem Bityutskiy (Битюцкий Артём) 20 */ 21 22 /* 23 * UBI input/output sub-system. 24 * 25 * This sub-system provides a uniform way to work with all kinds of the 26 * underlying MTD devices. It also implements handy functions for reading and 27 * writing UBI headers. 28 * 29 * We are trying to have a paranoid mindset and not to trust to what we read 30 * from the flash media in order to be more secure and robust. So this 31 * sub-system validates every single header it reads from the flash media. 32 * 33 * Some words about how the eraseblock headers are stored. 34 * 35 * The erase counter header is always stored at offset zero. By default, the 36 * VID header is stored after the EC header at the closest aligned offset 37 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID 38 * header at the closest aligned offset. But this default layout may be 39 * changed. For example, for different reasons (e.g., optimization) UBI may be 40 * asked to put the VID header at further offset, and even at an unaligned 41 * offset. Of course, if the offset of the VID header is unaligned, UBI adds 42 * proper padding in front of it. Data offset may also be changed but it has to 43 * be aligned. 44 * 45 * About minimal I/O units. In general, UBI assumes flash device model where 46 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1, 47 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the 48 * @ubi->mtd->writesize field. But as an exception, UBI admits of using another 49 * (smaller) minimal I/O unit size for EC and VID headers to make it possible 50 * to do different optimizations. 51 * 52 * This is extremely useful in case of NAND flashes which admit of several 53 * write operations to one NAND page. In this case UBI can fit EC and VID 54 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal 55 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still 56 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI 57 * users. 58 * 59 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so 60 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID 61 * headers. 62 * 63 * Q: why not just to treat sub-page as a minimal I/O unit of this flash 64 * device, e.g., make @ubi->min_io_size = 512 in the example above? 65 * 66 * A: because when writing a sub-page, MTD still writes a full 2K page but the 67 * bytes which are no relevant to the sub-page are 0xFF. So, basically, writing 68 * 4x512 sub-pages is 4 times slower then writing one 2KiB NAND page. Thus, we 69 * prefer to use sub-pages only for EV and VID headers. 70 * 71 * As it was noted above, the VID header may start at a non-aligned offset. 72 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page, 73 * the VID header may reside at offset 1984 which is the last 64 bytes of the 74 * last sub-page (EC header is always at offset zero). This causes some 75 * difficulties when reading and writing VID headers. 76 * 77 * Suppose we have a 64-byte buffer and we read a VID header at it. We change 78 * the data and want to write this VID header out. As we can only write in 79 * 512-byte chunks, we have to allocate one more buffer and copy our VID header 80 * to offset 448 of this buffer. 81 * 82 * The I/O sub-system does the following trick in order to avoid this extra 83 * copy. It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID 84 * header and returns a pointer to offset @ubi->vid_hdr_shift of this buffer. 85 * When the VID header is being written out, it shifts the VID header pointer 86 * back and writes the whole sub-page. 87 */ 88 89 #include <linux/crc32.h> 90 #include <linux/err.h> 91 #include "ubi.h" 92 93 #ifdef CONFIG_MTD_UBI_DEBUG_PARANOID 94 static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum); 95 static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum); 96 static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum, 97 const struct ubi_ec_hdr *ec_hdr); 98 static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum); 99 static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum, 100 const struct ubi_vid_hdr *vid_hdr); 101 static int paranoid_check_all_ff(struct ubi_device *ubi, int pnum, int offset, 102 int len); 103 #else 104 #define paranoid_check_not_bad(ubi, pnum) 0 105 #define paranoid_check_peb_ec_hdr(ubi, pnum) 0 106 #define paranoid_check_ec_hdr(ubi, pnum, ec_hdr) 0 107 #define paranoid_check_peb_vid_hdr(ubi, pnum) 0 108 #define paranoid_check_vid_hdr(ubi, pnum, vid_hdr) 0 109 #define paranoid_check_all_ff(ubi, pnum, offset, len) 0 110 #endif 111 112 /** 113 * ubi_io_read - read data from a physical eraseblock. 114 * @ubi: UBI device description object 115 * @buf: buffer where to store the read data 116 * @pnum: physical eraseblock number to read from 117 * @offset: offset within the physical eraseblock from where to read 118 * @len: how many bytes to read 119 * 120 * This function reads data from offset @offset of physical eraseblock @pnum 121 * and stores the read data in the @buf buffer. The following return codes are 122 * possible: 123 * 124 * o %0 if all the requested data were successfully read; 125 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but 126 * correctable bit-flips were detected; this is harmless but may indicate 127 * that this eraseblock may become bad soon (but do not have to); 128 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for 129 * example it can be an ECC error in case of NAND; this most probably means 130 * that the data is corrupted; 131 * o %-EIO if some I/O error occurred; 132 * o other negative error codes in case of other errors. 133 */ 134 int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset, 135 int len) 136 { 137 int err, retries = 0; 138 size_t read; 139 loff_t addr; 140 141 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset); 142 143 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 144 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size); 145 ubi_assert(len > 0); 146 147 err = paranoid_check_not_bad(ubi, pnum); 148 if (err) 149 return err > 0 ? -EINVAL : err; 150 151 addr = (loff_t)pnum * ubi->peb_size + offset; 152 retry: 153 err = ubi->mtd->read(ubi->mtd, addr, len, &read, buf); 154 if (err) { 155 if (err == -EUCLEAN) { 156 /* 157 * -EUCLEAN is reported if there was a bit-flip which 158 * was corrected, so this is harmless. 159 * 160 * We do not report about it here unless debugging is 161 * enabled. A corresponding message will be printed 162 * later, when it is has been scrubbed. 163 */ 164 dbg_msg("fixable bit-flip detected at PEB %d", pnum); 165 ubi_assert(len == read); 166 return UBI_IO_BITFLIPS; 167 } 168 169 if (read != len && retries++ < UBI_IO_RETRIES) { 170 dbg_io("error %d while reading %d bytes from PEB %d:%d," 171 " read only %zd bytes, retry", 172 err, len, pnum, offset, read); 173 yield(); 174 goto retry; 175 } 176 177 ubi_err("error %d while reading %d bytes from PEB %d:%d, " 178 "read %zd bytes", err, len, pnum, offset, read); 179 ubi_dbg_dump_stack(); 180 181 /* 182 * The driver should never return -EBADMSG if it failed to read 183 * all the requested data. But some buggy drivers might do 184 * this, so we change it to -EIO. 185 */ 186 if (read != len && err == -EBADMSG) { 187 ubi_assert(0); 188 err = -EIO; 189 } 190 } else { 191 ubi_assert(len == read); 192 193 if (ubi_dbg_is_bitflip()) { 194 dbg_gen("bit-flip (emulated)"); 195 err = UBI_IO_BITFLIPS; 196 } 197 } 198 199 return err; 200 } 201 202 /** 203 * ubi_io_write - write data to a physical eraseblock. 204 * @ubi: UBI device description object 205 * @buf: buffer with the data to write 206 * @pnum: physical eraseblock number to write to 207 * @offset: offset within the physical eraseblock where to write 208 * @len: how many bytes to write 209 * 210 * This function writes @len bytes of data from buffer @buf to offset @offset 211 * of physical eraseblock @pnum. If all the data were successfully written, 212 * zero is returned. If an error occurred, this function returns a negative 213 * error code. If %-EIO is returned, the physical eraseblock most probably went 214 * bad. 215 * 216 * Note, in case of an error, it is possible that something was still written 217 * to the flash media, but may be some garbage. 218 */ 219 int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset, 220 int len) 221 { 222 int err; 223 size_t written; 224 loff_t addr; 225 226 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset); 227 228 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 229 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size); 230 ubi_assert(offset % ubi->hdrs_min_io_size == 0); 231 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0); 232 233 if (ubi->ro_mode) { 234 ubi_err("read-only mode"); 235 return -EROFS; 236 } 237 238 /* The below has to be compiled out if paranoid checks are disabled */ 239 240 err = paranoid_check_not_bad(ubi, pnum); 241 if (err) 242 return err > 0 ? -EINVAL : err; 243 244 /* The area we are writing to has to contain all 0xFF bytes */ 245 err = paranoid_check_all_ff(ubi, pnum, offset, len); 246 if (err) 247 return err > 0 ? -EINVAL : err; 248 249 if (offset >= ubi->leb_start) { 250 /* 251 * We write to the data area of the physical eraseblock. Make 252 * sure it has valid EC and VID headers. 253 */ 254 err = paranoid_check_peb_ec_hdr(ubi, pnum); 255 if (err) 256 return err > 0 ? -EINVAL : err; 257 err = paranoid_check_peb_vid_hdr(ubi, pnum); 258 if (err) 259 return err > 0 ? -EINVAL : err; 260 } 261 262 if (ubi_dbg_is_write_failure()) { 263 dbg_err("cannot write %d bytes to PEB %d:%d " 264 "(emulated)", len, pnum, offset); 265 ubi_dbg_dump_stack(); 266 return -EIO; 267 } 268 269 addr = (loff_t)pnum * ubi->peb_size + offset; 270 err = ubi->mtd->write(ubi->mtd, addr, len, &written, buf); 271 if (err) { 272 ubi_err("error %d while writing %d bytes to PEB %d:%d, written" 273 " %zd bytes", err, len, pnum, offset, written); 274 ubi_dbg_dump_stack(); 275 } else 276 ubi_assert(written == len); 277 278 return err; 279 } 280 281 /** 282 * erase_callback - MTD erasure call-back. 283 * @ei: MTD erase information object. 284 * 285 * Note, even though MTD erase interface is asynchronous, all the current 286 * implementations are synchronous anyway. 287 */ 288 static void erase_callback(struct erase_info *ei) 289 { 290 wake_up_interruptible((wait_queue_head_t *)ei->priv); 291 } 292 293 /** 294 * do_sync_erase - synchronously erase a physical eraseblock. 295 * @ubi: UBI device description object 296 * @pnum: the physical eraseblock number to erase 297 * 298 * This function synchronously erases physical eraseblock @pnum and returns 299 * zero in case of success and a negative error code in case of failure. If 300 * %-EIO is returned, the physical eraseblock most probably went bad. 301 */ 302 static int do_sync_erase(struct ubi_device *ubi, int pnum) 303 { 304 int err, retries = 0; 305 struct erase_info ei; 306 wait_queue_head_t wq; 307 308 dbg_io("erase PEB %d", pnum); 309 310 retry: 311 init_waitqueue_head(&wq); 312 memset(&ei, 0, sizeof(struct erase_info)); 313 314 ei.mtd = ubi->mtd; 315 ei.addr = (loff_t)pnum * ubi->peb_size; 316 ei.len = ubi->peb_size; 317 ei.callback = erase_callback; 318 ei.priv = (unsigned long)&wq; 319 320 err = ubi->mtd->erase(ubi->mtd, &ei); 321 if (err) { 322 if (retries++ < UBI_IO_RETRIES) { 323 dbg_io("error %d while erasing PEB %d, retry", 324 err, pnum); 325 yield(); 326 goto retry; 327 } 328 ubi_err("cannot erase PEB %d, error %d", pnum, err); 329 ubi_dbg_dump_stack(); 330 return err; 331 } 332 333 err = wait_event_interruptible(wq, ei.state == MTD_ERASE_DONE || 334 ei.state == MTD_ERASE_FAILED); 335 if (err) { 336 ubi_err("interrupted PEB %d erasure", pnum); 337 return -EINTR; 338 } 339 340 if (ei.state == MTD_ERASE_FAILED) { 341 if (retries++ < UBI_IO_RETRIES) { 342 dbg_io("error while erasing PEB %d, retry", pnum); 343 yield(); 344 goto retry; 345 } 346 ubi_err("cannot erase PEB %d", pnum); 347 ubi_dbg_dump_stack(); 348 return -EIO; 349 } 350 351 err = paranoid_check_all_ff(ubi, pnum, 0, ubi->peb_size); 352 if (err) 353 return err > 0 ? -EINVAL : err; 354 355 if (ubi_dbg_is_erase_failure() && !err) { 356 dbg_err("cannot erase PEB %d (emulated)", pnum); 357 return -EIO; 358 } 359 360 return 0; 361 } 362 363 /** 364 * check_pattern - check if buffer contains only a certain byte pattern. 365 * @buf: buffer to check 366 * @patt: the pattern to check 367 * @size: buffer size in bytes 368 * 369 * This function returns %1 in there are only @patt bytes in @buf, and %0 if 370 * something else was also found. 371 */ 372 static int check_pattern(const void *buf, uint8_t patt, int size) 373 { 374 int i; 375 376 for (i = 0; i < size; i++) 377 if (((const uint8_t *)buf)[i] != patt) 378 return 0; 379 return 1; 380 } 381 382 /* Patterns to write to a physical eraseblock when torturing it */ 383 static uint8_t patterns[] = {0xa5, 0x5a, 0x0}; 384 385 /** 386 * torture_peb - test a supposedly bad physical eraseblock. 387 * @ubi: UBI device description object 388 * @pnum: the physical eraseblock number to test 389 * 390 * This function returns %-EIO if the physical eraseblock did not pass the 391 * test, a positive number of erase operations done if the test was 392 * successfully passed, and other negative error codes in case of other errors. 393 */ 394 static int torture_peb(struct ubi_device *ubi, int pnum) 395 { 396 int err, i, patt_count; 397 398 ubi_msg("run torture test for PEB %d", pnum); 399 patt_count = ARRAY_SIZE(patterns); 400 ubi_assert(patt_count > 0); 401 402 mutex_lock(&ubi->buf_mutex); 403 for (i = 0; i < patt_count; i++) { 404 err = do_sync_erase(ubi, pnum); 405 if (err) 406 goto out; 407 408 /* Make sure the PEB contains only 0xFF bytes */ 409 err = ubi_io_read(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size); 410 if (err) 411 goto out; 412 413 err = check_pattern(ubi->peb_buf1, 0xFF, ubi->peb_size); 414 if (err == 0) { 415 ubi_err("erased PEB %d, but a non-0xFF byte found", 416 pnum); 417 err = -EIO; 418 goto out; 419 } 420 421 /* Write a pattern and check it */ 422 memset(ubi->peb_buf1, patterns[i], ubi->peb_size); 423 err = ubi_io_write(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size); 424 if (err) 425 goto out; 426 427 memset(ubi->peb_buf1, ~patterns[i], ubi->peb_size); 428 err = ubi_io_read(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size); 429 if (err) 430 goto out; 431 432 err = check_pattern(ubi->peb_buf1, patterns[i], ubi->peb_size); 433 if (err == 0) { 434 ubi_err("pattern %x checking failed for PEB %d", 435 patterns[i], pnum); 436 err = -EIO; 437 goto out; 438 } 439 } 440 441 err = patt_count; 442 ubi_msg("PEB %d passed torture test, do not mark it a bad", pnum); 443 444 out: 445 mutex_unlock(&ubi->buf_mutex); 446 if (err == UBI_IO_BITFLIPS || err == -EBADMSG) { 447 /* 448 * If a bit-flip or data integrity error was detected, the test 449 * has not passed because it happened on a freshly erased 450 * physical eraseblock which means something is wrong with it. 451 */ 452 ubi_err("read problems on freshly erased PEB %d, must be bad", 453 pnum); 454 err = -EIO; 455 } 456 return err; 457 } 458 459 /** 460 * ubi_io_sync_erase - synchronously erase a physical eraseblock. 461 * @ubi: UBI device description object 462 * @pnum: physical eraseblock number to erase 463 * @torture: if this physical eraseblock has to be tortured 464 * 465 * This function synchronously erases physical eraseblock @pnum. If @torture 466 * flag is not zero, the physical eraseblock is checked by means of writing 467 * different patterns to it and reading them back. If the torturing is enabled, 468 * the physical eraseblock is erased more then once. 469 * 470 * This function returns the number of erasures made in case of success, %-EIO 471 * if the erasure failed or the torturing test failed, and other negative error 472 * codes in case of other errors. Note, %-EIO means that the physical 473 * eraseblock is bad. 474 */ 475 int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture) 476 { 477 int err, ret = 0; 478 479 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 480 481 err = paranoid_check_not_bad(ubi, pnum); 482 if (err != 0) 483 return err > 0 ? -EINVAL : err; 484 485 if (ubi->ro_mode) { 486 ubi_err("read-only mode"); 487 return -EROFS; 488 } 489 490 if (torture) { 491 ret = torture_peb(ubi, pnum); 492 if (ret < 0) 493 return ret; 494 } 495 496 err = do_sync_erase(ubi, pnum); 497 if (err) 498 return err; 499 500 return ret + 1; 501 } 502 503 /** 504 * ubi_io_is_bad - check if a physical eraseblock is bad. 505 * @ubi: UBI device description object 506 * @pnum: the physical eraseblock number to check 507 * 508 * This function returns a positive number if the physical eraseblock is bad, 509 * zero if not, and a negative error code if an error occurred. 510 */ 511 int ubi_io_is_bad(const struct ubi_device *ubi, int pnum) 512 { 513 struct mtd_info *mtd = ubi->mtd; 514 515 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 516 517 if (ubi->bad_allowed) { 518 int ret; 519 520 ret = mtd->block_isbad(mtd, (loff_t)pnum * ubi->peb_size); 521 if (ret < 0) 522 ubi_err("error %d while checking if PEB %d is bad", 523 ret, pnum); 524 else if (ret) 525 dbg_io("PEB %d is bad", pnum); 526 return ret; 527 } 528 529 return 0; 530 } 531 532 /** 533 * ubi_io_mark_bad - mark a physical eraseblock as bad. 534 * @ubi: UBI device description object 535 * @pnum: the physical eraseblock number to mark 536 * 537 * This function returns zero in case of success and a negative error code in 538 * case of failure. 539 */ 540 int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum) 541 { 542 int err; 543 struct mtd_info *mtd = ubi->mtd; 544 545 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 546 547 if (ubi->ro_mode) { 548 ubi_err("read-only mode"); 549 return -EROFS; 550 } 551 552 if (!ubi->bad_allowed) 553 return 0; 554 555 err = mtd->block_markbad(mtd, (loff_t)pnum * ubi->peb_size); 556 if (err) 557 ubi_err("cannot mark PEB %d bad, error %d", pnum, err); 558 return err; 559 } 560 561 /** 562 * validate_ec_hdr - validate an erase counter header. 563 * @ubi: UBI device description object 564 * @ec_hdr: the erase counter header to check 565 * 566 * This function returns zero if the erase counter header is OK, and %1 if 567 * not. 568 */ 569 static int validate_ec_hdr(const struct ubi_device *ubi, 570 const struct ubi_ec_hdr *ec_hdr) 571 { 572 long long ec; 573 int vid_hdr_offset, leb_start; 574 575 ec = be64_to_cpu(ec_hdr->ec); 576 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset); 577 leb_start = be32_to_cpu(ec_hdr->data_offset); 578 579 if (ec_hdr->version != UBI_VERSION) { 580 ubi_err("node with incompatible UBI version found: " 581 "this UBI version is %d, image version is %d", 582 UBI_VERSION, (int)ec_hdr->version); 583 goto bad; 584 } 585 586 if (vid_hdr_offset != ubi->vid_hdr_offset) { 587 ubi_err("bad VID header offset %d, expected %d", 588 vid_hdr_offset, ubi->vid_hdr_offset); 589 goto bad; 590 } 591 592 if (leb_start != ubi->leb_start) { 593 ubi_err("bad data offset %d, expected %d", 594 leb_start, ubi->leb_start); 595 goto bad; 596 } 597 598 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) { 599 ubi_err("bad erase counter %lld", ec); 600 goto bad; 601 } 602 603 return 0; 604 605 bad: 606 ubi_err("bad EC header"); 607 ubi_dbg_dump_ec_hdr(ec_hdr); 608 ubi_dbg_dump_stack(); 609 return 1; 610 } 611 612 /** 613 * ubi_io_read_ec_hdr - read and check an erase counter header. 614 * @ubi: UBI device description object 615 * @pnum: physical eraseblock to read from 616 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter 617 * header 618 * @verbose: be verbose if the header is corrupted or was not found 619 * 620 * This function reads erase counter header from physical eraseblock @pnum and 621 * stores it in @ec_hdr. This function also checks CRC checksum of the read 622 * erase counter header. The following codes may be returned: 623 * 624 * o %0 if the CRC checksum is correct and the header was successfully read; 625 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected 626 * and corrected by the flash driver; this is harmless but may indicate that 627 * this eraseblock may become bad soon (but may be not); 628 * o %UBI_IO_BAD_EC_HDR if the erase counter header is corrupted (a CRC error); 629 * o %UBI_IO_PEB_EMPTY if the physical eraseblock is empty; 630 * o a negative error code in case of failure. 631 */ 632 int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum, 633 struct ubi_ec_hdr *ec_hdr, int verbose) 634 { 635 int err, read_err = 0; 636 uint32_t crc, magic, hdr_crc; 637 638 dbg_io("read EC header from PEB %d", pnum); 639 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 640 if (UBI_IO_DEBUG) 641 verbose = 1; 642 643 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE); 644 if (err) { 645 if (err != UBI_IO_BITFLIPS && err != -EBADMSG) 646 return err; 647 648 /* 649 * We read all the data, but either a correctable bit-flip 650 * occurred, or MTD reported about some data integrity error, 651 * like an ECC error in case of NAND. The former is harmless, 652 * the later may mean that the read data is corrupted. But we 653 * have a CRC check-sum and we will detect this. If the EC 654 * header is still OK, we just report this as there was a 655 * bit-flip. 656 */ 657 read_err = err; 658 } 659 660 magic = be32_to_cpu(ec_hdr->magic); 661 if (magic != UBI_EC_HDR_MAGIC) { 662 /* 663 * The magic field is wrong. Let's check if we have read all 664 * 0xFF. If yes, this physical eraseblock is assumed to be 665 * empty. 666 * 667 * But if there was a read error, we do not test it for all 668 * 0xFFs. Even if it does contain all 0xFFs, this error 669 * indicates that something is still wrong with this physical 670 * eraseblock and we anyway cannot treat it as empty. 671 */ 672 if (read_err != -EBADMSG && 673 check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) { 674 /* The physical eraseblock is supposedly empty */ 675 676 /* 677 * The below is just a paranoid check, it has to be 678 * compiled out if paranoid checks are disabled. 679 */ 680 err = paranoid_check_all_ff(ubi, pnum, 0, 681 ubi->peb_size); 682 if (err) 683 return err > 0 ? UBI_IO_BAD_EC_HDR : err; 684 685 if (verbose) 686 ubi_warn("no EC header found at PEB %d, " 687 "only 0xFF bytes", pnum); 688 return UBI_IO_PEB_EMPTY; 689 } 690 691 /* 692 * This is not a valid erase counter header, and these are not 693 * 0xFF bytes. Report that the header is corrupted. 694 */ 695 if (verbose) { 696 ubi_warn("bad magic number at PEB %d: %08x instead of " 697 "%08x", pnum, magic, UBI_EC_HDR_MAGIC); 698 ubi_dbg_dump_ec_hdr(ec_hdr); 699 } 700 return UBI_IO_BAD_EC_HDR; 701 } 702 703 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC); 704 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc); 705 706 if (hdr_crc != crc) { 707 if (verbose) { 708 ubi_warn("bad EC header CRC at PEB %d, calculated " 709 "%#08x, read %#08x", pnum, crc, hdr_crc); 710 ubi_dbg_dump_ec_hdr(ec_hdr); 711 } 712 return UBI_IO_BAD_EC_HDR; 713 } 714 715 /* And of course validate what has just been read from the media */ 716 err = validate_ec_hdr(ubi, ec_hdr); 717 if (err) { 718 ubi_err("validation failed for PEB %d", pnum); 719 return -EINVAL; 720 } 721 722 return read_err ? UBI_IO_BITFLIPS : 0; 723 } 724 725 /** 726 * ubi_io_write_ec_hdr - write an erase counter header. 727 * @ubi: UBI device description object 728 * @pnum: physical eraseblock to write to 729 * @ec_hdr: the erase counter header to write 730 * 731 * This function writes erase counter header described by @ec_hdr to physical 732 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so 733 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec 734 * field. 735 * 736 * This function returns zero in case of success and a negative error code in 737 * case of failure. If %-EIO is returned, the physical eraseblock most probably 738 * went bad. 739 */ 740 int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum, 741 struct ubi_ec_hdr *ec_hdr) 742 { 743 int err; 744 uint32_t crc; 745 746 dbg_io("write EC header to PEB %d", pnum); 747 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 748 749 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC); 750 ec_hdr->version = UBI_VERSION; 751 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset); 752 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start); 753 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC); 754 ec_hdr->hdr_crc = cpu_to_be32(crc); 755 756 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr); 757 if (err) 758 return -EINVAL; 759 760 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize); 761 return err; 762 } 763 764 /** 765 * validate_vid_hdr - validate a volume identifier header. 766 * @ubi: UBI device description object 767 * @vid_hdr: the volume identifier header to check 768 * 769 * This function checks that data stored in the volume identifier header 770 * @vid_hdr. Returns zero if the VID header is OK and %1 if not. 771 */ 772 static int validate_vid_hdr(const struct ubi_device *ubi, 773 const struct ubi_vid_hdr *vid_hdr) 774 { 775 int vol_type = vid_hdr->vol_type; 776 int copy_flag = vid_hdr->copy_flag; 777 int vol_id = be32_to_cpu(vid_hdr->vol_id); 778 int lnum = be32_to_cpu(vid_hdr->lnum); 779 int compat = vid_hdr->compat; 780 int data_size = be32_to_cpu(vid_hdr->data_size); 781 int used_ebs = be32_to_cpu(vid_hdr->used_ebs); 782 int data_pad = be32_to_cpu(vid_hdr->data_pad); 783 int data_crc = be32_to_cpu(vid_hdr->data_crc); 784 int usable_leb_size = ubi->leb_size - data_pad; 785 786 if (copy_flag != 0 && copy_flag != 1) { 787 dbg_err("bad copy_flag"); 788 goto bad; 789 } 790 791 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 || 792 data_pad < 0) { 793 dbg_err("negative values"); 794 goto bad; 795 } 796 797 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) { 798 dbg_err("bad vol_id"); 799 goto bad; 800 } 801 802 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) { 803 dbg_err("bad compat"); 804 goto bad; 805 } 806 807 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE && 808 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE && 809 compat != UBI_COMPAT_REJECT) { 810 dbg_err("bad compat"); 811 goto bad; 812 } 813 814 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) { 815 dbg_err("bad vol_type"); 816 goto bad; 817 } 818 819 if (data_pad >= ubi->leb_size / 2) { 820 dbg_err("bad data_pad"); 821 goto bad; 822 } 823 824 if (vol_type == UBI_VID_STATIC) { 825 /* 826 * Although from high-level point of view static volumes may 827 * contain zero bytes of data, but no VID headers can contain 828 * zero at these fields, because they empty volumes do not have 829 * mapped logical eraseblocks. 830 */ 831 if (used_ebs == 0) { 832 dbg_err("zero used_ebs"); 833 goto bad; 834 } 835 if (data_size == 0) { 836 dbg_err("zero data_size"); 837 goto bad; 838 } 839 if (lnum < used_ebs - 1) { 840 if (data_size != usable_leb_size) { 841 dbg_err("bad data_size"); 842 goto bad; 843 } 844 } else if (lnum == used_ebs - 1) { 845 if (data_size == 0) { 846 dbg_err("bad data_size at last LEB"); 847 goto bad; 848 } 849 } else { 850 dbg_err("too high lnum"); 851 goto bad; 852 } 853 } else { 854 if (copy_flag == 0) { 855 if (data_crc != 0) { 856 dbg_err("non-zero data CRC"); 857 goto bad; 858 } 859 if (data_size != 0) { 860 dbg_err("non-zero data_size"); 861 goto bad; 862 } 863 } else { 864 if (data_size == 0) { 865 dbg_err("zero data_size of copy"); 866 goto bad; 867 } 868 } 869 if (used_ebs != 0) { 870 dbg_err("bad used_ebs"); 871 goto bad; 872 } 873 } 874 875 return 0; 876 877 bad: 878 ubi_err("bad VID header"); 879 ubi_dbg_dump_vid_hdr(vid_hdr); 880 ubi_dbg_dump_stack(); 881 return 1; 882 } 883 884 /** 885 * ubi_io_read_vid_hdr - read and check a volume identifier header. 886 * @ubi: UBI device description object 887 * @pnum: physical eraseblock number to read from 888 * @vid_hdr: &struct ubi_vid_hdr object where to store the read volume 889 * identifier header 890 * @verbose: be verbose if the header is corrupted or wasn't found 891 * 892 * This function reads the volume identifier header from physical eraseblock 893 * @pnum and stores it in @vid_hdr. It also checks CRC checksum of the read 894 * volume identifier header. The following codes may be returned: 895 * 896 * o %0 if the CRC checksum is correct and the header was successfully read; 897 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected 898 * and corrected by the flash driver; this is harmless but may indicate that 899 * this eraseblock may become bad soon; 900 * o %UBI_IO_BAD_VID_HRD if the volume identifier header is corrupted (a CRC 901 * error detected); 902 * o %UBI_IO_PEB_FREE if the physical eraseblock is free (i.e., there is no VID 903 * header there); 904 * o a negative error code in case of failure. 905 */ 906 int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum, 907 struct ubi_vid_hdr *vid_hdr, int verbose) 908 { 909 int err, read_err = 0; 910 uint32_t crc, magic, hdr_crc; 911 void *p; 912 913 dbg_io("read VID header from PEB %d", pnum); 914 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 915 if (UBI_IO_DEBUG) 916 verbose = 1; 917 918 p = (char *)vid_hdr - ubi->vid_hdr_shift; 919 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset, 920 ubi->vid_hdr_alsize); 921 if (err) { 922 if (err != UBI_IO_BITFLIPS && err != -EBADMSG) 923 return err; 924 925 /* 926 * We read all the data, but either a correctable bit-flip 927 * occurred, or MTD reported about some data integrity error, 928 * like an ECC error in case of NAND. The former is harmless, 929 * the later may mean the read data is corrupted. But we have a 930 * CRC check-sum and we will identify this. If the VID header is 931 * still OK, we just report this as there was a bit-flip. 932 */ 933 read_err = err; 934 } 935 936 magic = be32_to_cpu(vid_hdr->magic); 937 if (magic != UBI_VID_HDR_MAGIC) { 938 /* 939 * If we have read all 0xFF bytes, the VID header probably does 940 * not exist and the physical eraseblock is assumed to be free. 941 * 942 * But if there was a read error, we do not test the data for 943 * 0xFFs. Even if it does contain all 0xFFs, this error 944 * indicates that something is still wrong with this physical 945 * eraseblock and it cannot be regarded as free. 946 */ 947 if (read_err != -EBADMSG && 948 check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) { 949 /* The physical eraseblock is supposedly free */ 950 951 /* 952 * The below is just a paranoid check, it has to be 953 * compiled out if paranoid checks are disabled. 954 */ 955 err = paranoid_check_all_ff(ubi, pnum, ubi->leb_start, 956 ubi->leb_size); 957 if (err) 958 return err > 0 ? UBI_IO_BAD_VID_HDR : err; 959 960 if (verbose) 961 ubi_warn("no VID header found at PEB %d, " 962 "only 0xFF bytes", pnum); 963 return UBI_IO_PEB_FREE; 964 } 965 966 /* 967 * This is not a valid VID header, and these are not 0xFF 968 * bytes. Report that the header is corrupted. 969 */ 970 if (verbose) { 971 ubi_warn("bad magic number at PEB %d: %08x instead of " 972 "%08x", pnum, magic, UBI_VID_HDR_MAGIC); 973 ubi_dbg_dump_vid_hdr(vid_hdr); 974 } 975 return UBI_IO_BAD_VID_HDR; 976 } 977 978 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC); 979 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc); 980 981 if (hdr_crc != crc) { 982 if (verbose) { 983 ubi_warn("bad CRC at PEB %d, calculated %#08x, " 984 "read %#08x", pnum, crc, hdr_crc); 985 ubi_dbg_dump_vid_hdr(vid_hdr); 986 } 987 return UBI_IO_BAD_VID_HDR; 988 } 989 990 /* Validate the VID header that we have just read */ 991 err = validate_vid_hdr(ubi, vid_hdr); 992 if (err) { 993 ubi_err("validation failed for PEB %d", pnum); 994 return -EINVAL; 995 } 996 997 return read_err ? UBI_IO_BITFLIPS : 0; 998 } 999 1000 /** 1001 * ubi_io_write_vid_hdr - write a volume identifier header. 1002 * @ubi: UBI device description object 1003 * @pnum: the physical eraseblock number to write to 1004 * @vid_hdr: the volume identifier header to write 1005 * 1006 * This function writes the volume identifier header described by @vid_hdr to 1007 * physical eraseblock @pnum. This function automatically fills the 1008 * @vid_hdr->magic and the @vid_hdr->version fields, as well as calculates 1009 * header CRC checksum and stores it at vid_hdr->hdr_crc. 1010 * 1011 * This function returns zero in case of success and a negative error code in 1012 * case of failure. If %-EIO is returned, the physical eraseblock probably went 1013 * bad. 1014 */ 1015 int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum, 1016 struct ubi_vid_hdr *vid_hdr) 1017 { 1018 int err; 1019 uint32_t crc; 1020 void *p; 1021 1022 dbg_io("write VID header to PEB %d", pnum); 1023 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 1024 1025 err = paranoid_check_peb_ec_hdr(ubi, pnum); 1026 if (err) 1027 return err > 0 ? -EINVAL: err; 1028 1029 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC); 1030 vid_hdr->version = UBI_VERSION; 1031 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC); 1032 vid_hdr->hdr_crc = cpu_to_be32(crc); 1033 1034 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr); 1035 if (err) 1036 return -EINVAL; 1037 1038 p = (char *)vid_hdr - ubi->vid_hdr_shift; 1039 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset, 1040 ubi->vid_hdr_alsize); 1041 return err; 1042 } 1043 1044 #ifdef CONFIG_MTD_UBI_DEBUG_PARANOID 1045 1046 /** 1047 * paranoid_check_not_bad - ensure that a physical eraseblock is not bad. 1048 * @ubi: UBI device description object 1049 * @pnum: physical eraseblock number to check 1050 * 1051 * This function returns zero if the physical eraseblock is good, a positive 1052 * number if it is bad and a negative error code if an error occurred. 1053 */ 1054 static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum) 1055 { 1056 int err; 1057 1058 err = ubi_io_is_bad(ubi, pnum); 1059 if (!err) 1060 return err; 1061 1062 ubi_err("paranoid check failed for PEB %d", pnum); 1063 ubi_dbg_dump_stack(); 1064 return err; 1065 } 1066 1067 /** 1068 * paranoid_check_ec_hdr - check if an erase counter header is all right. 1069 * @ubi: UBI device description object 1070 * @pnum: physical eraseblock number the erase counter header belongs to 1071 * @ec_hdr: the erase counter header to check 1072 * 1073 * This function returns zero if the erase counter header contains valid 1074 * values, and %1 if not. 1075 */ 1076 static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum, 1077 const struct ubi_ec_hdr *ec_hdr) 1078 { 1079 int err; 1080 uint32_t magic; 1081 1082 magic = be32_to_cpu(ec_hdr->magic); 1083 if (magic != UBI_EC_HDR_MAGIC) { 1084 ubi_err("bad magic %#08x, must be %#08x", 1085 magic, UBI_EC_HDR_MAGIC); 1086 goto fail; 1087 } 1088 1089 err = validate_ec_hdr(ubi, ec_hdr); 1090 if (err) { 1091 ubi_err("paranoid check failed for PEB %d", pnum); 1092 goto fail; 1093 } 1094 1095 return 0; 1096 1097 fail: 1098 ubi_dbg_dump_ec_hdr(ec_hdr); 1099 ubi_dbg_dump_stack(); 1100 return 1; 1101 } 1102 1103 /** 1104 * paranoid_check_peb_ec_hdr - check erase counter header. 1105 * @ubi: UBI device description object 1106 * @pnum: the physical eraseblock number to check 1107 * 1108 * This function returns zero if the erase counter header is all right, %1 if 1109 * not, and a negative error code if an error occurred. 1110 */ 1111 static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum) 1112 { 1113 int err; 1114 uint32_t crc, hdr_crc; 1115 struct ubi_ec_hdr *ec_hdr; 1116 1117 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS); 1118 if (!ec_hdr) 1119 return -ENOMEM; 1120 1121 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE); 1122 if (err && err != UBI_IO_BITFLIPS && err != -EBADMSG) 1123 goto exit; 1124 1125 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC); 1126 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc); 1127 if (hdr_crc != crc) { 1128 ubi_err("bad CRC, calculated %#08x, read %#08x", crc, hdr_crc); 1129 ubi_err("paranoid check failed for PEB %d", pnum); 1130 ubi_dbg_dump_ec_hdr(ec_hdr); 1131 ubi_dbg_dump_stack(); 1132 err = 1; 1133 goto exit; 1134 } 1135 1136 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr); 1137 1138 exit: 1139 kfree(ec_hdr); 1140 return err; 1141 } 1142 1143 /** 1144 * paranoid_check_vid_hdr - check that a volume identifier header is all right. 1145 * @ubi: UBI device description object 1146 * @pnum: physical eraseblock number the volume identifier header belongs to 1147 * @vid_hdr: the volume identifier header to check 1148 * 1149 * This function returns zero if the volume identifier header is all right, and 1150 * %1 if not. 1151 */ 1152 static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum, 1153 const struct ubi_vid_hdr *vid_hdr) 1154 { 1155 int err; 1156 uint32_t magic; 1157 1158 magic = be32_to_cpu(vid_hdr->magic); 1159 if (magic != UBI_VID_HDR_MAGIC) { 1160 ubi_err("bad VID header magic %#08x at PEB %d, must be %#08x", 1161 magic, pnum, UBI_VID_HDR_MAGIC); 1162 goto fail; 1163 } 1164 1165 err = validate_vid_hdr(ubi, vid_hdr); 1166 if (err) { 1167 ubi_err("paranoid check failed for PEB %d", pnum); 1168 goto fail; 1169 } 1170 1171 return err; 1172 1173 fail: 1174 ubi_err("paranoid check failed for PEB %d", pnum); 1175 ubi_dbg_dump_vid_hdr(vid_hdr); 1176 ubi_dbg_dump_stack(); 1177 return 1; 1178 1179 } 1180 1181 /** 1182 * paranoid_check_peb_vid_hdr - check volume identifier header. 1183 * @ubi: UBI device description object 1184 * @pnum: the physical eraseblock number to check 1185 * 1186 * This function returns zero if the volume identifier header is all right, 1187 * %1 if not, and a negative error code if an error occurred. 1188 */ 1189 static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum) 1190 { 1191 int err; 1192 uint32_t crc, hdr_crc; 1193 struct ubi_vid_hdr *vid_hdr; 1194 void *p; 1195 1196 vid_hdr = ubi_zalloc_vid_hdr(ubi, GFP_NOFS); 1197 if (!vid_hdr) 1198 return -ENOMEM; 1199 1200 p = (char *)vid_hdr - ubi->vid_hdr_shift; 1201 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset, 1202 ubi->vid_hdr_alsize); 1203 if (err && err != UBI_IO_BITFLIPS && err != -EBADMSG) 1204 goto exit; 1205 1206 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_EC_HDR_SIZE_CRC); 1207 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc); 1208 if (hdr_crc != crc) { 1209 ubi_err("bad VID header CRC at PEB %d, calculated %#08x, " 1210 "read %#08x", pnum, crc, hdr_crc); 1211 ubi_err("paranoid check failed for PEB %d", pnum); 1212 ubi_dbg_dump_vid_hdr(vid_hdr); 1213 ubi_dbg_dump_stack(); 1214 err = 1; 1215 goto exit; 1216 } 1217 1218 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr); 1219 1220 exit: 1221 ubi_free_vid_hdr(ubi, vid_hdr); 1222 return err; 1223 } 1224 1225 /** 1226 * paranoid_check_all_ff - check that a region of flash is empty. 1227 * @ubi: UBI device description object 1228 * @pnum: the physical eraseblock number to check 1229 * @offset: the starting offset within the physical eraseblock to check 1230 * @len: the length of the region to check 1231 * 1232 * This function returns zero if only 0xFF bytes are present at offset 1233 * @offset of the physical eraseblock @pnum, %1 if not, and a negative error 1234 * code if an error occurred. 1235 */ 1236 static int paranoid_check_all_ff(struct ubi_device *ubi, int pnum, int offset, 1237 int len) 1238 { 1239 size_t read; 1240 int err; 1241 loff_t addr = (loff_t)pnum * ubi->peb_size + offset; 1242 1243 mutex_lock(&ubi->dbg_buf_mutex); 1244 err = ubi->mtd->read(ubi->mtd, addr, len, &read, ubi->dbg_peb_buf); 1245 if (err && err != -EUCLEAN) { 1246 ubi_err("error %d while reading %d bytes from PEB %d:%d, " 1247 "read %zd bytes", err, len, pnum, offset, read); 1248 goto error; 1249 } 1250 1251 err = check_pattern(ubi->dbg_peb_buf, 0xFF, len); 1252 if (err == 0) { 1253 ubi_err("flash region at PEB %d:%d, length %d does not " 1254 "contain all 0xFF bytes", pnum, offset, len); 1255 goto fail; 1256 } 1257 mutex_unlock(&ubi->dbg_buf_mutex); 1258 1259 return 0; 1260 1261 fail: 1262 ubi_err("paranoid check failed for PEB %d", pnum); 1263 ubi_msg("hex dump of the %d-%d region", offset, offset + len); 1264 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1, 1265 ubi->dbg_peb_buf, len, 1); 1266 err = 1; 1267 error: 1268 ubi_dbg_dump_stack(); 1269 mutex_unlock(&ubi->dbg_buf_mutex); 1270 return err; 1271 } 1272 1273 #endif /* CONFIG_MTD_UBI_DEBUG_PARANOID */ 1274