1 /* 2 * Copyright (c) International Business Machines Corp., 2006 3 * Copyright (c) Nokia Corporation, 2006, 2007 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 13 * the GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program; if not, write to the Free Software 17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 18 * 19 * Author: Artem Bityutskiy (Битюцкий Артём) 20 */ 21 22 /* 23 * UBI input/output unit. 24 * 25 * This unit provides a uniform way to work with all kinds of the underlying 26 * MTD devices. It also implements handy functions for reading and writing UBI 27 * headers. 28 * 29 * We are trying to have a paranoid mindset and not to trust to what we read 30 * from the flash media in order to be more secure and robust. So this unit 31 * validates every single header it reads from the flash media. 32 * 33 * Some words about how the eraseblock headers are stored. 34 * 35 * The erase counter header is always stored at offset zero. By default, the 36 * VID header is stored after the EC header at the closest aligned offset 37 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID 38 * header at the closest aligned offset. But this default layout may be 39 * changed. For example, for different reasons (e.g., optimization) UBI may be 40 * asked to put the VID header at further offset, and even at an unaligned 41 * offset. Of course, if the offset of the VID header is unaligned, UBI adds 42 * proper padding in front of it. Data offset may also be changed but it has to 43 * be aligned. 44 * 45 * About minimal I/O units. In general, UBI assumes flash device model where 46 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1, 47 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the 48 * @ubi->mtd->writesize field. But as an exception, UBI admits of using another 49 * (smaller) minimal I/O unit size for EC and VID headers to make it possible 50 * to do different optimizations. 51 * 52 * This is extremely useful in case of NAND flashes which admit of several 53 * write operations to one NAND page. In this case UBI can fit EC and VID 54 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal 55 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still 56 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI 57 * users. 58 * 59 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so 60 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID 61 * headers. 62 * 63 * Q: why not just to treat sub-page as a minimal I/O unit of this flash 64 * device, e.g., make @ubi->min_io_size = 512 in the example above? 65 * 66 * A: because when writing a sub-page, MTD still writes a full 2K page but the 67 * bytes which are no relevant to the sub-page are 0xFF. So, basically, writing 68 * 4x512 sub-pages is 4 times slower then writing one 2KiB NAND page. Thus, we 69 * prefer to use sub-pages only for EV and VID headers. 70 * 71 * As it was noted above, the VID header may start at a non-aligned offset. 72 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page, 73 * the VID header may reside at offset 1984 which is the last 64 bytes of the 74 * last sub-page (EC header is always at offset zero). This causes some 75 * difficulties when reading and writing VID headers. 76 * 77 * Suppose we have a 64-byte buffer and we read a VID header at it. We change 78 * the data and want to write this VID header out. As we can only write in 79 * 512-byte chunks, we have to allocate one more buffer and copy our VID header 80 * to offset 448 of this buffer. 81 * 82 * The I/O unit does the following trick in order to avoid this extra copy. 83 * It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID header 84 * and returns a pointer to offset @ubi->vid_hdr_shift of this buffer. When the 85 * VID header is being written out, it shifts the VID header pointer back and 86 * writes the whole sub-page. 87 */ 88 89 #ifdef UBI_LINUX 90 #include <linux/crc32.h> 91 #include <linux/err.h> 92 #endif 93 94 #include <ubi_uboot.h> 95 #include "ubi.h" 96 97 #ifdef CONFIG_MTD_UBI_DEBUG_PARANOID 98 static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum); 99 static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum); 100 static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum, 101 const struct ubi_ec_hdr *ec_hdr); 102 static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum); 103 static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum, 104 const struct ubi_vid_hdr *vid_hdr); 105 static int paranoid_check_all_ff(struct ubi_device *ubi, int pnum, int offset, 106 int len); 107 #else 108 #define paranoid_check_not_bad(ubi, pnum) 0 109 #define paranoid_check_peb_ec_hdr(ubi, pnum) 0 110 #define paranoid_check_ec_hdr(ubi, pnum, ec_hdr) 0 111 #define paranoid_check_peb_vid_hdr(ubi, pnum) 0 112 #define paranoid_check_vid_hdr(ubi, pnum, vid_hdr) 0 113 #define paranoid_check_all_ff(ubi, pnum, offset, len) 0 114 #endif 115 116 /** 117 * ubi_io_read - read data from a physical eraseblock. 118 * @ubi: UBI device description object 119 * @buf: buffer where to store the read data 120 * @pnum: physical eraseblock number to read from 121 * @offset: offset within the physical eraseblock from where to read 122 * @len: how many bytes to read 123 * 124 * This function reads data from offset @offset of physical eraseblock @pnum 125 * and stores the read data in the @buf buffer. The following return codes are 126 * possible: 127 * 128 * o %0 if all the requested data were successfully read; 129 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but 130 * correctable bit-flips were detected; this is harmless but may indicate 131 * that this eraseblock may become bad soon (but do not have to); 132 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for 133 * example it can be an ECC error in case of NAND; this most probably means 134 * that the data is corrupted; 135 * o %-EIO if some I/O error occurred; 136 * o other negative error codes in case of other errors. 137 */ 138 int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset, 139 int len) 140 { 141 int err, retries = 0; 142 size_t read; 143 loff_t addr; 144 145 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset); 146 147 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 148 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size); 149 ubi_assert(len > 0); 150 151 err = paranoid_check_not_bad(ubi, pnum); 152 if (err) 153 return err > 0 ? -EINVAL : err; 154 155 addr = (loff_t)pnum * ubi->peb_size + offset; 156 retry: 157 err = ubi->mtd->read(ubi->mtd, addr, len, &read, buf); 158 if (err) { 159 if (err == -EUCLEAN) { 160 /* 161 * -EUCLEAN is reported if there was a bit-flip which 162 * was corrected, so this is harmless. 163 */ 164 ubi_msg("fixable bit-flip detected at PEB %d", pnum); 165 ubi_assert(len == read); 166 return UBI_IO_BITFLIPS; 167 } 168 169 if (read != len && retries++ < UBI_IO_RETRIES) { 170 dbg_io("error %d while reading %d bytes from PEB %d:%d, " 171 "read only %zd bytes, retry", 172 err, len, pnum, offset, read); 173 yield(); 174 goto retry; 175 } 176 177 ubi_err("error %d while reading %d bytes from PEB %d:%d, " 178 "read %zd bytes", err, len, pnum, offset, read); 179 ubi_dbg_dump_stack(); 180 181 /* 182 * The driver should never return -EBADMSG if it failed to read 183 * all the requested data. But some buggy drivers might do 184 * this, so we change it to -EIO. 185 */ 186 if (read != len && err == -EBADMSG) { 187 ubi_assert(0); 188 printk("%s[%d] not here\n", __func__, __LINE__); 189 /* err = -EIO; */ 190 } 191 } else { 192 ubi_assert(len == read); 193 194 if (ubi_dbg_is_bitflip()) { 195 dbg_msg("bit-flip (emulated)"); 196 err = UBI_IO_BITFLIPS; 197 } 198 } 199 200 return err; 201 } 202 203 /** 204 * ubi_io_write - write data to a physical eraseblock. 205 * @ubi: UBI device description object 206 * @buf: buffer with the data to write 207 * @pnum: physical eraseblock number to write to 208 * @offset: offset within the physical eraseblock where to write 209 * @len: how many bytes to write 210 * 211 * This function writes @len bytes of data from buffer @buf to offset @offset 212 * of physical eraseblock @pnum. If all the data were successfully written, 213 * zero is returned. If an error occurred, this function returns a negative 214 * error code. If %-EIO is returned, the physical eraseblock most probably went 215 * bad. 216 * 217 * Note, in case of an error, it is possible that something was still written 218 * to the flash media, but may be some garbage. 219 */ 220 int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset, 221 int len) 222 { 223 int err; 224 size_t written; 225 loff_t addr; 226 227 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset); 228 229 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 230 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size); 231 ubi_assert(offset % ubi->hdrs_min_io_size == 0); 232 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0); 233 234 if (ubi->ro_mode) { 235 ubi_err("read-only mode"); 236 return -EROFS; 237 } 238 239 /* The below has to be compiled out if paranoid checks are disabled */ 240 241 err = paranoid_check_not_bad(ubi, pnum); 242 if (err) 243 return err > 0 ? -EINVAL : err; 244 245 /* The area we are writing to has to contain all 0xFF bytes */ 246 err = paranoid_check_all_ff(ubi, pnum, offset, len); 247 if (err) 248 return err > 0 ? -EINVAL : err; 249 250 if (offset >= ubi->leb_start) { 251 /* 252 * We write to the data area of the physical eraseblock. Make 253 * sure it has valid EC and VID headers. 254 */ 255 err = paranoid_check_peb_ec_hdr(ubi, pnum); 256 if (err) 257 return err > 0 ? -EINVAL : err; 258 err = paranoid_check_peb_vid_hdr(ubi, pnum); 259 if (err) 260 return err > 0 ? -EINVAL : err; 261 } 262 263 if (ubi_dbg_is_write_failure()) { 264 dbg_err("cannot write %d bytes to PEB %d:%d " 265 "(emulated)", len, pnum, offset); 266 ubi_dbg_dump_stack(); 267 return -EIO; 268 } 269 270 addr = (loff_t)pnum * ubi->peb_size + offset; 271 err = ubi->mtd->write(ubi->mtd, addr, len, &written, buf); 272 if (err) { 273 ubi_err("error %d while writing %d bytes to PEB %d:%d, written" 274 " %zd bytes", err, len, pnum, offset, written); 275 ubi_dbg_dump_stack(); 276 } else 277 ubi_assert(written == len); 278 279 return err; 280 } 281 282 /** 283 * erase_callback - MTD erasure call-back. 284 * @ei: MTD erase information object. 285 * 286 * Note, even though MTD erase interface is asynchronous, all the current 287 * implementations are synchronous anyway. 288 */ 289 static void erase_callback(struct erase_info *ei) 290 { 291 wake_up_interruptible((wait_queue_head_t *)ei->priv); 292 } 293 294 /** 295 * do_sync_erase - synchronously erase a physical eraseblock. 296 * @ubi: UBI device description object 297 * @pnum: the physical eraseblock number to erase 298 * 299 * This function synchronously erases physical eraseblock @pnum and returns 300 * zero in case of success and a negative error code in case of failure. If 301 * %-EIO is returned, the physical eraseblock most probably went bad. 302 */ 303 static int do_sync_erase(struct ubi_device *ubi, int pnum) 304 { 305 int err, retries = 0; 306 struct erase_info ei; 307 wait_queue_head_t wq; 308 309 dbg_io("erase PEB %d", pnum); 310 311 retry: 312 init_waitqueue_head(&wq); 313 memset(&ei, 0, sizeof(struct erase_info)); 314 315 ei.mtd = ubi->mtd; 316 ei.addr = (loff_t)pnum * ubi->peb_size; 317 ei.len = ubi->peb_size; 318 ei.callback = erase_callback; 319 ei.priv = (unsigned long)&wq; 320 321 err = ubi->mtd->erase(ubi->mtd, &ei); 322 if (err) { 323 if (retries++ < UBI_IO_RETRIES) { 324 dbg_io("error %d while erasing PEB %d, retry", 325 err, pnum); 326 yield(); 327 goto retry; 328 } 329 ubi_err("cannot erase PEB %d, error %d", pnum, err); 330 ubi_dbg_dump_stack(); 331 return err; 332 } 333 334 err = wait_event_interruptible(wq, ei.state == MTD_ERASE_DONE || 335 ei.state == MTD_ERASE_FAILED); 336 if (err) { 337 ubi_err("interrupted PEB %d erasure", pnum); 338 return -EINTR; 339 } 340 341 if (ei.state == MTD_ERASE_FAILED) { 342 if (retries++ < UBI_IO_RETRIES) { 343 dbg_io("error while erasing PEB %d, retry", pnum); 344 yield(); 345 goto retry; 346 } 347 ubi_err("cannot erase PEB %d", pnum); 348 ubi_dbg_dump_stack(); 349 return -EIO; 350 } 351 352 err = paranoid_check_all_ff(ubi, pnum, 0, ubi->peb_size); 353 if (err) 354 return err > 0 ? -EINVAL : err; 355 356 if (ubi_dbg_is_erase_failure() && !err) { 357 dbg_err("cannot erase PEB %d (emulated)", pnum); 358 return -EIO; 359 } 360 361 return 0; 362 } 363 364 /** 365 * check_pattern - check if buffer contains only a certain byte pattern. 366 * @buf: buffer to check 367 * @patt: the pattern to check 368 * @size: buffer size in bytes 369 * 370 * This function returns %1 in there are only @patt bytes in @buf, and %0 if 371 * something else was also found. 372 */ 373 static int check_pattern(const void *buf, uint8_t patt, int size) 374 { 375 int i; 376 377 for (i = 0; i < size; i++) 378 if (((const uint8_t *)buf)[i] != patt) 379 return 0; 380 return 1; 381 } 382 383 /* Patterns to write to a physical eraseblock when torturing it */ 384 static uint8_t patterns[] = {0xa5, 0x5a, 0x0}; 385 386 /** 387 * torture_peb - test a supposedly bad physical eraseblock. 388 * @ubi: UBI device description object 389 * @pnum: the physical eraseblock number to test 390 * 391 * This function returns %-EIO if the physical eraseblock did not pass the 392 * test, a positive number of erase operations done if the test was 393 * successfully passed, and other negative error codes in case of other errors. 394 */ 395 static int torture_peb(struct ubi_device *ubi, int pnum) 396 { 397 int err, i, patt_count; 398 399 patt_count = ARRAY_SIZE(patterns); 400 ubi_assert(patt_count > 0); 401 402 mutex_lock(&ubi->buf_mutex); 403 for (i = 0; i < patt_count; i++) { 404 err = do_sync_erase(ubi, pnum); 405 if (err) 406 goto out; 407 408 /* Make sure the PEB contains only 0xFF bytes */ 409 err = ubi_io_read(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size); 410 if (err) 411 goto out; 412 413 err = check_pattern(ubi->peb_buf1, 0xFF, ubi->peb_size); 414 if (err == 0) { 415 ubi_err("erased PEB %d, but a non-0xFF byte found", 416 pnum); 417 err = -EIO; 418 goto out; 419 } 420 421 /* Write a pattern and check it */ 422 memset(ubi->peb_buf1, patterns[i], ubi->peb_size); 423 err = ubi_io_write(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size); 424 if (err) 425 goto out; 426 427 memset(ubi->peb_buf1, ~patterns[i], ubi->peb_size); 428 err = ubi_io_read(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size); 429 if (err) 430 goto out; 431 432 err = check_pattern(ubi->peb_buf1, patterns[i], ubi->peb_size); 433 if (err == 0) { 434 ubi_err("pattern %x checking failed for PEB %d", 435 patterns[i], pnum); 436 err = -EIO; 437 goto out; 438 } 439 } 440 441 err = patt_count; 442 443 out: 444 mutex_unlock(&ubi->buf_mutex); 445 if (err == UBI_IO_BITFLIPS || err == -EBADMSG) { 446 /* 447 * If a bit-flip or data integrity error was detected, the test 448 * has not passed because it happened on a freshly erased 449 * physical eraseblock which means something is wrong with it. 450 */ 451 ubi_err("read problems on freshly erased PEB %d, must be bad", 452 pnum); 453 err = -EIO; 454 } 455 return err; 456 } 457 458 /** 459 * ubi_io_sync_erase - synchronously erase a physical eraseblock. 460 * @ubi: UBI device description object 461 * @pnum: physical eraseblock number to erase 462 * @torture: if this physical eraseblock has to be tortured 463 * 464 * This function synchronously erases physical eraseblock @pnum. If @torture 465 * flag is not zero, the physical eraseblock is checked by means of writing 466 * different patterns to it and reading them back. If the torturing is enabled, 467 * the physical eraseblock is erased more then once. 468 * 469 * This function returns the number of erasures made in case of success, %-EIO 470 * if the erasure failed or the torturing test failed, and other negative error 471 * codes in case of other errors. Note, %-EIO means that the physical 472 * eraseblock is bad. 473 */ 474 int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture) 475 { 476 int err, ret = 0; 477 478 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 479 480 err = paranoid_check_not_bad(ubi, pnum); 481 if (err != 0) 482 return err > 0 ? -EINVAL : err; 483 484 if (ubi->ro_mode) { 485 ubi_err("read-only mode"); 486 return -EROFS; 487 } 488 489 if (torture) { 490 ret = torture_peb(ubi, pnum); 491 if (ret < 0) 492 return ret; 493 } 494 495 err = do_sync_erase(ubi, pnum); 496 if (err) 497 return err; 498 499 return ret + 1; 500 } 501 502 /** 503 * ubi_io_is_bad - check if a physical eraseblock is bad. 504 * @ubi: UBI device description object 505 * @pnum: the physical eraseblock number to check 506 * 507 * This function returns a positive number if the physical eraseblock is bad, 508 * zero if not, and a negative error code if an error occurred. 509 */ 510 int ubi_io_is_bad(const struct ubi_device *ubi, int pnum) 511 { 512 struct mtd_info *mtd = ubi->mtd; 513 514 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 515 516 if (ubi->bad_allowed) { 517 int ret; 518 519 ret = mtd->block_isbad(mtd, (loff_t)pnum * ubi->peb_size); 520 if (ret < 0) 521 ubi_err("error %d while checking if PEB %d is bad", 522 ret, pnum); 523 else if (ret) 524 dbg_io("PEB %d is bad", pnum); 525 return ret; 526 } 527 528 return 0; 529 } 530 531 /** 532 * ubi_io_mark_bad - mark a physical eraseblock as bad. 533 * @ubi: UBI device description object 534 * @pnum: the physical eraseblock number to mark 535 * 536 * This function returns zero in case of success and a negative error code in 537 * case of failure. 538 */ 539 int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum) 540 { 541 int err; 542 struct mtd_info *mtd = ubi->mtd; 543 544 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 545 546 if (ubi->ro_mode) { 547 ubi_err("read-only mode"); 548 return -EROFS; 549 } 550 551 if (!ubi->bad_allowed) 552 return 0; 553 554 err = mtd->block_markbad(mtd, (loff_t)pnum * ubi->peb_size); 555 if (err) 556 ubi_err("cannot mark PEB %d bad, error %d", pnum, err); 557 return err; 558 } 559 560 /** 561 * validate_ec_hdr - validate an erase counter header. 562 * @ubi: UBI device description object 563 * @ec_hdr: the erase counter header to check 564 * 565 * This function returns zero if the erase counter header is OK, and %1 if 566 * not. 567 */ 568 static int validate_ec_hdr(const struct ubi_device *ubi, 569 const struct ubi_ec_hdr *ec_hdr) 570 { 571 long long ec; 572 int vid_hdr_offset, leb_start; 573 574 ec = be64_to_cpu(ec_hdr->ec); 575 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset); 576 leb_start = be32_to_cpu(ec_hdr->data_offset); 577 578 if (ec_hdr->version != UBI_VERSION) { 579 ubi_err("node with incompatible UBI version found: " 580 "this UBI version is %d, image version is %d", 581 UBI_VERSION, (int)ec_hdr->version); 582 goto bad; 583 } 584 585 if (vid_hdr_offset != ubi->vid_hdr_offset) { 586 ubi_err("bad VID header offset %d, expected %d", 587 vid_hdr_offset, ubi->vid_hdr_offset); 588 goto bad; 589 } 590 591 if (leb_start != ubi->leb_start) { 592 ubi_err("bad data offset %d, expected %d", 593 leb_start, ubi->leb_start); 594 goto bad; 595 } 596 597 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) { 598 ubi_err("bad erase counter %lld", ec); 599 goto bad; 600 } 601 602 return 0; 603 604 bad: 605 ubi_err("bad EC header"); 606 ubi_dbg_dump_ec_hdr(ec_hdr); 607 ubi_dbg_dump_stack(); 608 return 1; 609 } 610 611 /** 612 * ubi_io_read_ec_hdr - read and check an erase counter header. 613 * @ubi: UBI device description object 614 * @pnum: physical eraseblock to read from 615 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter 616 * header 617 * @verbose: be verbose if the header is corrupted or was not found 618 * 619 * This function reads erase counter header from physical eraseblock @pnum and 620 * stores it in @ec_hdr. This function also checks CRC checksum of the read 621 * erase counter header. The following codes may be returned: 622 * 623 * o %0 if the CRC checksum is correct and the header was successfully read; 624 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected 625 * and corrected by the flash driver; this is harmless but may indicate that 626 * this eraseblock may become bad soon (but may be not); 627 * o %UBI_IO_BAD_EC_HDR if the erase counter header is corrupted (a CRC error); 628 * o %UBI_IO_PEB_EMPTY if the physical eraseblock is empty; 629 * o a negative error code in case of failure. 630 */ 631 int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum, 632 struct ubi_ec_hdr *ec_hdr, int verbose) 633 { 634 int err, read_err = 0; 635 uint32_t crc, magic, hdr_crc; 636 637 dbg_io("read EC header from PEB %d", pnum); 638 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 639 if (UBI_IO_DEBUG) 640 verbose = 1; 641 642 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE); 643 if (err) { 644 if (err != UBI_IO_BITFLIPS && err != -EBADMSG) 645 return err; 646 647 /* 648 * We read all the data, but either a correctable bit-flip 649 * occurred, or MTD reported about some data integrity error, 650 * like an ECC error in case of NAND. The former is harmless, 651 * the later may mean that the read data is corrupted. But we 652 * have a CRC check-sum and we will detect this. If the EC 653 * header is still OK, we just report this as there was a 654 * bit-flip. 655 */ 656 read_err = err; 657 } 658 659 magic = be32_to_cpu(ec_hdr->magic); 660 if (magic != UBI_EC_HDR_MAGIC) { 661 /* 662 * The magic field is wrong. Let's check if we have read all 663 * 0xFF. If yes, this physical eraseblock is assumed to be 664 * empty. 665 * 666 * But if there was a read error, we do not test it for all 667 * 0xFFs. Even if it does contain all 0xFFs, this error 668 * indicates that something is still wrong with this physical 669 * eraseblock and we anyway cannot treat it as empty. 670 */ 671 if (read_err != -EBADMSG && 672 check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) { 673 /* The physical eraseblock is supposedly empty */ 674 675 /* 676 * The below is just a paranoid check, it has to be 677 * compiled out if paranoid checks are disabled. 678 */ 679 err = paranoid_check_all_ff(ubi, pnum, 0, 680 ubi->peb_size); 681 if (err) 682 return err > 0 ? UBI_IO_BAD_EC_HDR : err; 683 684 if (verbose) 685 ubi_warn("no EC header found at PEB %d, " 686 "only 0xFF bytes", pnum); 687 return UBI_IO_PEB_EMPTY; 688 } 689 690 /* 691 * This is not a valid erase counter header, and these are not 692 * 0xFF bytes. Report that the header is corrupted. 693 */ 694 if (verbose) { 695 ubi_warn("bad magic number at PEB %d: %08x instead of " 696 "%08x", pnum, magic, UBI_EC_HDR_MAGIC); 697 ubi_dbg_dump_ec_hdr(ec_hdr); 698 } 699 return UBI_IO_BAD_EC_HDR; 700 } 701 702 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC); 703 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc); 704 705 if (hdr_crc != crc) { 706 if (verbose) { 707 ubi_warn("bad EC header CRC at PEB %d, calculated %#08x," 708 " read %#08x", pnum, crc, hdr_crc); 709 ubi_dbg_dump_ec_hdr(ec_hdr); 710 } 711 return UBI_IO_BAD_EC_HDR; 712 } 713 714 /* And of course validate what has just been read from the media */ 715 err = validate_ec_hdr(ubi, ec_hdr); 716 if (err) { 717 ubi_err("validation failed for PEB %d", pnum); 718 return -EINVAL; 719 } 720 721 return read_err ? UBI_IO_BITFLIPS : 0; 722 } 723 724 /** 725 * ubi_io_write_ec_hdr - write an erase counter header. 726 * @ubi: UBI device description object 727 * @pnum: physical eraseblock to write to 728 * @ec_hdr: the erase counter header to write 729 * 730 * This function writes erase counter header described by @ec_hdr to physical 731 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so 732 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec 733 * field. 734 * 735 * This function returns zero in case of success and a negative error code in 736 * case of failure. If %-EIO is returned, the physical eraseblock most probably 737 * went bad. 738 */ 739 int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum, 740 struct ubi_ec_hdr *ec_hdr) 741 { 742 int err; 743 uint32_t crc; 744 745 dbg_io("write EC header to PEB %d", pnum); 746 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 747 748 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC); 749 ec_hdr->version = UBI_VERSION; 750 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset); 751 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start); 752 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC); 753 ec_hdr->hdr_crc = cpu_to_be32(crc); 754 755 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr); 756 if (err) 757 return -EINVAL; 758 759 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize); 760 return err; 761 } 762 763 /** 764 * validate_vid_hdr - validate a volume identifier header. 765 * @ubi: UBI device description object 766 * @vid_hdr: the volume identifier header to check 767 * 768 * This function checks that data stored in the volume identifier header 769 * @vid_hdr. Returns zero if the VID header is OK and %1 if not. 770 */ 771 static int validate_vid_hdr(const struct ubi_device *ubi, 772 const struct ubi_vid_hdr *vid_hdr) 773 { 774 int vol_type = vid_hdr->vol_type; 775 int copy_flag = vid_hdr->copy_flag; 776 int vol_id = be32_to_cpu(vid_hdr->vol_id); 777 int lnum = be32_to_cpu(vid_hdr->lnum); 778 int compat = vid_hdr->compat; 779 int data_size = be32_to_cpu(vid_hdr->data_size); 780 int used_ebs = be32_to_cpu(vid_hdr->used_ebs); 781 int data_pad = be32_to_cpu(vid_hdr->data_pad); 782 int data_crc = be32_to_cpu(vid_hdr->data_crc); 783 int usable_leb_size = ubi->leb_size - data_pad; 784 785 if (copy_flag != 0 && copy_flag != 1) { 786 dbg_err("bad copy_flag"); 787 goto bad; 788 } 789 790 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 || 791 data_pad < 0) { 792 dbg_err("negative values"); 793 goto bad; 794 } 795 796 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) { 797 dbg_err("bad vol_id"); 798 goto bad; 799 } 800 801 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) { 802 dbg_err("bad compat"); 803 goto bad; 804 } 805 806 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE && 807 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE && 808 compat != UBI_COMPAT_REJECT) { 809 dbg_err("bad compat"); 810 goto bad; 811 } 812 813 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) { 814 dbg_err("bad vol_type"); 815 goto bad; 816 } 817 818 if (data_pad >= ubi->leb_size / 2) { 819 dbg_err("bad data_pad"); 820 goto bad; 821 } 822 823 if (vol_type == UBI_VID_STATIC) { 824 /* 825 * Although from high-level point of view static volumes may 826 * contain zero bytes of data, but no VID headers can contain 827 * zero at these fields, because they empty volumes do not have 828 * mapped logical eraseblocks. 829 */ 830 if (used_ebs == 0) { 831 dbg_err("zero used_ebs"); 832 goto bad; 833 } 834 if (data_size == 0) { 835 dbg_err("zero data_size"); 836 goto bad; 837 } 838 if (lnum < used_ebs - 1) { 839 if (data_size != usable_leb_size) { 840 dbg_err("bad data_size"); 841 goto bad; 842 } 843 } else if (lnum == used_ebs - 1) { 844 if (data_size == 0) { 845 dbg_err("bad data_size at last LEB"); 846 goto bad; 847 } 848 } else { 849 dbg_err("too high lnum"); 850 goto bad; 851 } 852 } else { 853 if (copy_flag == 0) { 854 if (data_crc != 0) { 855 dbg_err("non-zero data CRC"); 856 goto bad; 857 } 858 if (data_size != 0) { 859 dbg_err("non-zero data_size"); 860 goto bad; 861 } 862 } else { 863 if (data_size == 0) { 864 dbg_err("zero data_size of copy"); 865 goto bad; 866 } 867 } 868 if (used_ebs != 0) { 869 dbg_err("bad used_ebs"); 870 goto bad; 871 } 872 } 873 874 return 0; 875 876 bad: 877 ubi_err("bad VID header"); 878 ubi_dbg_dump_vid_hdr(vid_hdr); 879 ubi_dbg_dump_stack(); 880 return 1; 881 } 882 883 /** 884 * ubi_io_read_vid_hdr - read and check a volume identifier header. 885 * @ubi: UBI device description object 886 * @pnum: physical eraseblock number to read from 887 * @vid_hdr: &struct ubi_vid_hdr object where to store the read volume 888 * identifier header 889 * @verbose: be verbose if the header is corrupted or wasn't found 890 * 891 * This function reads the volume identifier header from physical eraseblock 892 * @pnum and stores it in @vid_hdr. It also checks CRC checksum of the read 893 * volume identifier header. The following codes may be returned: 894 * 895 * o %0 if the CRC checksum is correct and the header was successfully read; 896 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected 897 * and corrected by the flash driver; this is harmless but may indicate that 898 * this eraseblock may become bad soon; 899 * o %UBI_IO_BAD_VID_HRD if the volume identifier header is corrupted (a CRC 900 * error detected); 901 * o %UBI_IO_PEB_FREE if the physical eraseblock is free (i.e., there is no VID 902 * header there); 903 * o a negative error code in case of failure. 904 */ 905 int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum, 906 struct ubi_vid_hdr *vid_hdr, int verbose) 907 { 908 int err, read_err = 0; 909 uint32_t crc, magic, hdr_crc; 910 void *p; 911 912 dbg_io("read VID header from PEB %d", pnum); 913 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 914 if (UBI_IO_DEBUG) 915 verbose = 1; 916 917 p = (char *)vid_hdr - ubi->vid_hdr_shift; 918 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset, 919 ubi->vid_hdr_alsize); 920 if (err) { 921 if (err != UBI_IO_BITFLIPS && err != -EBADMSG) 922 return err; 923 924 /* 925 * We read all the data, but either a correctable bit-flip 926 * occurred, or MTD reported about some data integrity error, 927 * like an ECC error in case of NAND. The former is harmless, 928 * the later may mean the read data is corrupted. But we have a 929 * CRC check-sum and we will identify this. If the VID header is 930 * still OK, we just report this as there was a bit-flip. 931 */ 932 read_err = err; 933 } 934 935 magic = be32_to_cpu(vid_hdr->magic); 936 if (magic != UBI_VID_HDR_MAGIC) { 937 /* 938 * If we have read all 0xFF bytes, the VID header probably does 939 * not exist and the physical eraseblock is assumed to be free. 940 * 941 * But if there was a read error, we do not test the data for 942 * 0xFFs. Even if it does contain all 0xFFs, this error 943 * indicates that something is still wrong with this physical 944 * eraseblock and it cannot be regarded as free. 945 */ 946 if (read_err != -EBADMSG && 947 check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) { 948 /* The physical eraseblock is supposedly free */ 949 950 /* 951 * The below is just a paranoid check, it has to be 952 * compiled out if paranoid checks are disabled. 953 */ 954 err = paranoid_check_all_ff(ubi, pnum, ubi->leb_start, 955 ubi->leb_size); 956 if (err) 957 return err > 0 ? UBI_IO_BAD_VID_HDR : err; 958 959 if (verbose) 960 ubi_warn("no VID header found at PEB %d, " 961 "only 0xFF bytes", pnum); 962 return UBI_IO_PEB_FREE; 963 } 964 965 /* 966 * This is not a valid VID header, and these are not 0xFF 967 * bytes. Report that the header is corrupted. 968 */ 969 if (verbose) { 970 ubi_warn("bad magic number at PEB %d: %08x instead of " 971 "%08x", pnum, magic, UBI_VID_HDR_MAGIC); 972 ubi_dbg_dump_vid_hdr(vid_hdr); 973 } 974 return UBI_IO_BAD_VID_HDR; 975 } 976 977 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC); 978 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc); 979 980 if (hdr_crc != crc) { 981 if (verbose) { 982 ubi_warn("bad CRC at PEB %d, calculated %#08x, " 983 "read %#08x", pnum, crc, hdr_crc); 984 ubi_dbg_dump_vid_hdr(vid_hdr); 985 } 986 return UBI_IO_BAD_VID_HDR; 987 } 988 989 /* Validate the VID header that we have just read */ 990 err = validate_vid_hdr(ubi, vid_hdr); 991 if (err) { 992 ubi_err("validation failed for PEB %d", pnum); 993 return -EINVAL; 994 } 995 996 return read_err ? UBI_IO_BITFLIPS : 0; 997 } 998 999 /** 1000 * ubi_io_write_vid_hdr - write a volume identifier header. 1001 * @ubi: UBI device description object 1002 * @pnum: the physical eraseblock number to write to 1003 * @vid_hdr: the volume identifier header to write 1004 * 1005 * This function writes the volume identifier header described by @vid_hdr to 1006 * physical eraseblock @pnum. This function automatically fills the 1007 * @vid_hdr->magic and the @vid_hdr->version fields, as well as calculates 1008 * header CRC checksum and stores it at vid_hdr->hdr_crc. 1009 * 1010 * This function returns zero in case of success and a negative error code in 1011 * case of failure. If %-EIO is returned, the physical eraseblock probably went 1012 * bad. 1013 */ 1014 int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum, 1015 struct ubi_vid_hdr *vid_hdr) 1016 { 1017 int err; 1018 uint32_t crc; 1019 void *p; 1020 1021 dbg_io("write VID header to PEB %d", pnum); 1022 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 1023 1024 err = paranoid_check_peb_ec_hdr(ubi, pnum); 1025 if (err) 1026 return err > 0 ? -EINVAL: err; 1027 1028 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC); 1029 vid_hdr->version = UBI_VERSION; 1030 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC); 1031 vid_hdr->hdr_crc = cpu_to_be32(crc); 1032 1033 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr); 1034 if (err) 1035 return -EINVAL; 1036 1037 p = (char *)vid_hdr - ubi->vid_hdr_shift; 1038 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset, 1039 ubi->vid_hdr_alsize); 1040 return err; 1041 } 1042 1043 #ifdef CONFIG_MTD_UBI_DEBUG_PARANOID 1044 1045 /** 1046 * paranoid_check_not_bad - ensure that a physical eraseblock is not bad. 1047 * @ubi: UBI device description object 1048 * @pnum: physical eraseblock number to check 1049 * 1050 * This function returns zero if the physical eraseblock is good, a positive 1051 * number if it is bad and a negative error code if an error occurred. 1052 */ 1053 static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum) 1054 { 1055 int err; 1056 1057 err = ubi_io_is_bad(ubi, pnum); 1058 if (!err) 1059 return err; 1060 1061 ubi_err("paranoid check failed for PEB %d", pnum); 1062 ubi_dbg_dump_stack(); 1063 return err; 1064 } 1065 1066 /** 1067 * paranoid_check_ec_hdr - check if an erase counter header is all right. 1068 * @ubi: UBI device description object 1069 * @pnum: physical eraseblock number the erase counter header belongs to 1070 * @ec_hdr: the erase counter header to check 1071 * 1072 * This function returns zero if the erase counter header contains valid 1073 * values, and %1 if not. 1074 */ 1075 static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum, 1076 const struct ubi_ec_hdr *ec_hdr) 1077 { 1078 int err; 1079 uint32_t magic; 1080 1081 magic = be32_to_cpu(ec_hdr->magic); 1082 if (magic != UBI_EC_HDR_MAGIC) { 1083 ubi_err("bad magic %#08x, must be %#08x", 1084 magic, UBI_EC_HDR_MAGIC); 1085 goto fail; 1086 } 1087 1088 err = validate_ec_hdr(ubi, ec_hdr); 1089 if (err) { 1090 ubi_err("paranoid check failed for PEB %d", pnum); 1091 goto fail; 1092 } 1093 1094 return 0; 1095 1096 fail: 1097 ubi_dbg_dump_ec_hdr(ec_hdr); 1098 ubi_dbg_dump_stack(); 1099 return 1; 1100 } 1101 1102 /** 1103 * paranoid_check_peb_ec_hdr - check that the erase counter header of a 1104 * physical eraseblock is in-place and is all right. 1105 * @ubi: UBI device description object 1106 * @pnum: the physical eraseblock number to check 1107 * 1108 * This function returns zero if the erase counter header is all right, %1 if 1109 * not, and a negative error code if an error occurred. 1110 */ 1111 static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum) 1112 { 1113 int err; 1114 uint32_t crc, hdr_crc; 1115 struct ubi_ec_hdr *ec_hdr; 1116 1117 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS); 1118 if (!ec_hdr) 1119 return -ENOMEM; 1120 1121 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE); 1122 if (err && err != UBI_IO_BITFLIPS && err != -EBADMSG) 1123 goto exit; 1124 1125 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC); 1126 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc); 1127 if (hdr_crc != crc) { 1128 ubi_err("bad CRC, calculated %#08x, read %#08x", crc, hdr_crc); 1129 ubi_err("paranoid check failed for PEB %d", pnum); 1130 ubi_dbg_dump_ec_hdr(ec_hdr); 1131 ubi_dbg_dump_stack(); 1132 err = 1; 1133 goto exit; 1134 } 1135 1136 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr); 1137 1138 exit: 1139 kfree(ec_hdr); 1140 return err; 1141 } 1142 1143 /** 1144 * paranoid_check_vid_hdr - check that a volume identifier header is all right. 1145 * @ubi: UBI device description object 1146 * @pnum: physical eraseblock number the volume identifier header belongs to 1147 * @vid_hdr: the volume identifier header to check 1148 * 1149 * This function returns zero if the volume identifier header is all right, and 1150 * %1 if not. 1151 */ 1152 static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum, 1153 const struct ubi_vid_hdr *vid_hdr) 1154 { 1155 int err; 1156 uint32_t magic; 1157 1158 magic = be32_to_cpu(vid_hdr->magic); 1159 if (magic != UBI_VID_HDR_MAGIC) { 1160 ubi_err("bad VID header magic %#08x at PEB %d, must be %#08x", 1161 magic, pnum, UBI_VID_HDR_MAGIC); 1162 goto fail; 1163 } 1164 1165 err = validate_vid_hdr(ubi, vid_hdr); 1166 if (err) { 1167 ubi_err("paranoid check failed for PEB %d", pnum); 1168 goto fail; 1169 } 1170 1171 return err; 1172 1173 fail: 1174 ubi_err("paranoid check failed for PEB %d", pnum); 1175 ubi_dbg_dump_vid_hdr(vid_hdr); 1176 ubi_dbg_dump_stack(); 1177 return 1; 1178 1179 } 1180 1181 /** 1182 * paranoid_check_peb_vid_hdr - check that the volume identifier header of a 1183 * physical eraseblock is in-place and is all right. 1184 * @ubi: UBI device description object 1185 * @pnum: the physical eraseblock number to check 1186 * 1187 * This function returns zero if the volume identifier header is all right, 1188 * %1 if not, and a negative error code if an error occurred. 1189 */ 1190 static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum) 1191 { 1192 int err; 1193 uint32_t crc, hdr_crc; 1194 struct ubi_vid_hdr *vid_hdr; 1195 void *p; 1196 1197 vid_hdr = ubi_zalloc_vid_hdr(ubi, GFP_NOFS); 1198 if (!vid_hdr) 1199 return -ENOMEM; 1200 1201 p = (char *)vid_hdr - ubi->vid_hdr_shift; 1202 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset, 1203 ubi->vid_hdr_alsize); 1204 if (err && err != UBI_IO_BITFLIPS && err != -EBADMSG) 1205 goto exit; 1206 1207 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_EC_HDR_SIZE_CRC); 1208 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc); 1209 if (hdr_crc != crc) { 1210 ubi_err("bad VID header CRC at PEB %d, calculated %#08x, " 1211 "read %#08x", pnum, crc, hdr_crc); 1212 ubi_err("paranoid check failed for PEB %d", pnum); 1213 ubi_dbg_dump_vid_hdr(vid_hdr); 1214 ubi_dbg_dump_stack(); 1215 err = 1; 1216 goto exit; 1217 } 1218 1219 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr); 1220 1221 exit: 1222 ubi_free_vid_hdr(ubi, vid_hdr); 1223 return err; 1224 } 1225 1226 /** 1227 * paranoid_check_all_ff - check that a region of flash is empty. 1228 * @ubi: UBI device description object 1229 * @pnum: the physical eraseblock number to check 1230 * @offset: the starting offset within the physical eraseblock to check 1231 * @len: the length of the region to check 1232 * 1233 * This function returns zero if only 0xFF bytes are present at offset 1234 * @offset of the physical eraseblock @pnum, %1 if not, and a negative error 1235 * code if an error occurred. 1236 */ 1237 static int paranoid_check_all_ff(struct ubi_device *ubi, int pnum, int offset, 1238 int len) 1239 { 1240 size_t read; 1241 int err; 1242 loff_t addr = (loff_t)pnum * ubi->peb_size + offset; 1243 1244 mutex_lock(&ubi->dbg_buf_mutex); 1245 err = ubi->mtd->read(ubi->mtd, addr, len, &read, ubi->dbg_peb_buf); 1246 if (err && err != -EUCLEAN) { 1247 ubi_err("error %d while reading %d bytes from PEB %d:%d, " 1248 "read %zd bytes", err, len, pnum, offset, read); 1249 goto error; 1250 } 1251 1252 err = check_pattern(ubi->dbg_peb_buf, 0xFF, len); 1253 if (err == 0) { 1254 ubi_err("flash region at PEB %d:%d, length %d does not " 1255 "contain all 0xFF bytes", pnum, offset, len); 1256 goto fail; 1257 } 1258 mutex_unlock(&ubi->dbg_buf_mutex); 1259 1260 return 0; 1261 1262 fail: 1263 ubi_err("paranoid check failed for PEB %d", pnum); 1264 dbg_msg("hex dump of the %d-%d region", offset, offset + len); 1265 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1, 1266 ubi->dbg_peb_buf, len, 1); 1267 err = 1; 1268 error: 1269 ubi_dbg_dump_stack(); 1270 mutex_unlock(&ubi->dbg_buf_mutex); 1271 return err; 1272 } 1273 1274 #endif /* CONFIG_MTD_UBI_DEBUG_PARANOID */ 1275