1 /* 2 * Copyright (c) International Business Machines Corp., 2006 3 * Copyright (c) Nokia Corporation, 2006, 2007 4 * 5 * SPDX-License-Identifier: GPL-2.0+ 6 * 7 * Author: Artem Bityutskiy (Битюцкий Артём) 8 */ 9 10 /* 11 * UBI input/output unit. 12 * 13 * This unit provides a uniform way to work with all kinds of the underlying 14 * MTD devices. It also implements handy functions for reading and writing UBI 15 * headers. 16 * 17 * We are trying to have a paranoid mindset and not to trust to what we read 18 * from the flash media in order to be more secure and robust. So this unit 19 * validates every single header it reads from the flash media. 20 * 21 * Some words about how the eraseblock headers are stored. 22 * 23 * The erase counter header is always stored at offset zero. By default, the 24 * VID header is stored after the EC header at the closest aligned offset 25 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID 26 * header at the closest aligned offset. But this default layout may be 27 * changed. For example, for different reasons (e.g., optimization) UBI may be 28 * asked to put the VID header at further offset, and even at an unaligned 29 * offset. Of course, if the offset of the VID header is unaligned, UBI adds 30 * proper padding in front of it. Data offset may also be changed but it has to 31 * be aligned. 32 * 33 * About minimal I/O units. In general, UBI assumes flash device model where 34 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1, 35 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the 36 * @ubi->mtd->writesize field. But as an exception, UBI admits of using another 37 * (smaller) minimal I/O unit size for EC and VID headers to make it possible 38 * to do different optimizations. 39 * 40 * This is extremely useful in case of NAND flashes which admit of several 41 * write operations to one NAND page. In this case UBI can fit EC and VID 42 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal 43 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still 44 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI 45 * users. 46 * 47 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so 48 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID 49 * headers. 50 * 51 * Q: why not just to treat sub-page as a minimal I/O unit of this flash 52 * device, e.g., make @ubi->min_io_size = 512 in the example above? 53 * 54 * A: because when writing a sub-page, MTD still writes a full 2K page but the 55 * bytes which are no relevant to the sub-page are 0xFF. So, basically, writing 56 * 4x512 sub-pages is 4 times slower then writing one 2KiB NAND page. Thus, we 57 * prefer to use sub-pages only for EV and VID headers. 58 * 59 * As it was noted above, the VID header may start at a non-aligned offset. 60 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page, 61 * the VID header may reside at offset 1984 which is the last 64 bytes of the 62 * last sub-page (EC header is always at offset zero). This causes some 63 * difficulties when reading and writing VID headers. 64 * 65 * Suppose we have a 64-byte buffer and we read a VID header at it. We change 66 * the data and want to write this VID header out. As we can only write in 67 * 512-byte chunks, we have to allocate one more buffer and copy our VID header 68 * to offset 448 of this buffer. 69 * 70 * The I/O unit does the following trick in order to avoid this extra copy. 71 * It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID header 72 * and returns a pointer to offset @ubi->vid_hdr_shift of this buffer. When the 73 * VID header is being written out, it shifts the VID header pointer back and 74 * writes the whole sub-page. 75 */ 76 77 #ifdef UBI_LINUX 78 #include <linux/crc32.h> 79 #include <linux/err.h> 80 #endif 81 82 #include <ubi_uboot.h> 83 #include "ubi.h" 84 85 #ifdef CONFIG_MTD_UBI_DEBUG_PARANOID 86 static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum); 87 static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum); 88 static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum, 89 const struct ubi_ec_hdr *ec_hdr); 90 static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum); 91 static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum, 92 const struct ubi_vid_hdr *vid_hdr); 93 static int paranoid_check_all_ff(struct ubi_device *ubi, int pnum, int offset, 94 int len); 95 #else 96 #define paranoid_check_not_bad(ubi, pnum) 0 97 #define paranoid_check_peb_ec_hdr(ubi, pnum) 0 98 #define paranoid_check_ec_hdr(ubi, pnum, ec_hdr) 0 99 #define paranoid_check_peb_vid_hdr(ubi, pnum) 0 100 #define paranoid_check_vid_hdr(ubi, pnum, vid_hdr) 0 101 #define paranoid_check_all_ff(ubi, pnum, offset, len) 0 102 #endif 103 104 /** 105 * ubi_io_read - read data from a physical eraseblock. 106 * @ubi: UBI device description object 107 * @buf: buffer where to store the read data 108 * @pnum: physical eraseblock number to read from 109 * @offset: offset within the physical eraseblock from where to read 110 * @len: how many bytes to read 111 * 112 * This function reads data from offset @offset of physical eraseblock @pnum 113 * and stores the read data in the @buf buffer. The following return codes are 114 * possible: 115 * 116 * o %0 if all the requested data were successfully read; 117 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but 118 * correctable bit-flips were detected; this is harmless but may indicate 119 * that this eraseblock may become bad soon (but do not have to); 120 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for 121 * example it can be an ECC error in case of NAND; this most probably means 122 * that the data is corrupted; 123 * o %-EIO if some I/O error occurred; 124 * o other negative error codes in case of other errors. 125 */ 126 int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset, 127 int len) 128 { 129 int err, retries = 0; 130 size_t read; 131 loff_t addr; 132 133 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset); 134 135 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 136 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size); 137 ubi_assert(len > 0); 138 139 err = paranoid_check_not_bad(ubi, pnum); 140 if (err) 141 return err > 0 ? -EINVAL : err; 142 143 addr = (loff_t)pnum * ubi->peb_size + offset; 144 retry: 145 err = mtd_read(ubi->mtd, addr, len, &read, buf); 146 if (err) { 147 if (err == -EUCLEAN) { 148 /* 149 * -EUCLEAN is reported if there was a bit-flip which 150 * was corrected, so this is harmless. 151 */ 152 ubi_msg("fixable bit-flip detected at PEB %d", pnum); 153 ubi_assert(len == read); 154 return UBI_IO_BITFLIPS; 155 } 156 157 if (read != len && retries++ < UBI_IO_RETRIES) { 158 dbg_io("error %d while reading %d bytes from PEB %d:%d, " 159 "read only %zd bytes, retry", 160 err, len, pnum, offset, read); 161 yield(); 162 goto retry; 163 } 164 165 ubi_err("error %d while reading %d bytes from PEB %d:%d, " 166 "read %zd bytes", err, len, pnum, offset, read); 167 ubi_dbg_dump_stack(); 168 169 /* 170 * The driver should never return -EBADMSG if it failed to read 171 * all the requested data. But some buggy drivers might do 172 * this, so we change it to -EIO. 173 */ 174 if (read != len && err == -EBADMSG) { 175 ubi_assert(0); 176 printk("%s[%d] not here\n", __func__, __LINE__); 177 /* err = -EIO; */ 178 } 179 } else { 180 ubi_assert(len == read); 181 182 if (ubi_dbg_is_bitflip()) { 183 dbg_msg("bit-flip (emulated)"); 184 err = UBI_IO_BITFLIPS; 185 } 186 } 187 188 return err; 189 } 190 191 /** 192 * ubi_io_write - write data to a physical eraseblock. 193 * @ubi: UBI device description object 194 * @buf: buffer with the data to write 195 * @pnum: physical eraseblock number to write to 196 * @offset: offset within the physical eraseblock where to write 197 * @len: how many bytes to write 198 * 199 * This function writes @len bytes of data from buffer @buf to offset @offset 200 * of physical eraseblock @pnum. If all the data were successfully written, 201 * zero is returned. If an error occurred, this function returns a negative 202 * error code. If %-EIO is returned, the physical eraseblock most probably went 203 * bad. 204 * 205 * Note, in case of an error, it is possible that something was still written 206 * to the flash media, but may be some garbage. 207 */ 208 int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset, 209 int len) 210 { 211 int err; 212 size_t written; 213 loff_t addr; 214 215 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset); 216 217 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 218 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size); 219 ubi_assert(offset % ubi->hdrs_min_io_size == 0); 220 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0); 221 222 if (ubi->ro_mode) { 223 ubi_err("read-only mode"); 224 return -EROFS; 225 } 226 227 /* The below has to be compiled out if paranoid checks are disabled */ 228 229 err = paranoid_check_not_bad(ubi, pnum); 230 if (err) 231 return err > 0 ? -EINVAL : err; 232 233 /* The area we are writing to has to contain all 0xFF bytes */ 234 err = paranoid_check_all_ff(ubi, pnum, offset, len); 235 if (err) 236 return err > 0 ? -EINVAL : err; 237 238 if (offset >= ubi->leb_start) { 239 /* 240 * We write to the data area of the physical eraseblock. Make 241 * sure it has valid EC and VID headers. 242 */ 243 err = paranoid_check_peb_ec_hdr(ubi, pnum); 244 if (err) 245 return err > 0 ? -EINVAL : err; 246 err = paranoid_check_peb_vid_hdr(ubi, pnum); 247 if (err) 248 return err > 0 ? -EINVAL : err; 249 } 250 251 if (ubi_dbg_is_write_failure()) { 252 dbg_err("cannot write %d bytes to PEB %d:%d " 253 "(emulated)", len, pnum, offset); 254 ubi_dbg_dump_stack(); 255 return -EIO; 256 } 257 258 addr = (loff_t)pnum * ubi->peb_size + offset; 259 err = mtd_write(ubi->mtd, addr, len, &written, buf); 260 if (err) { 261 ubi_err("error %d while writing %d bytes to PEB %d:%d, written" 262 " %zd bytes", err, len, pnum, offset, written); 263 ubi_dbg_dump_stack(); 264 } else 265 ubi_assert(written == len); 266 267 return err; 268 } 269 270 /** 271 * erase_callback - MTD erasure call-back. 272 * @ei: MTD erase information object. 273 * 274 * Note, even though MTD erase interface is asynchronous, all the current 275 * implementations are synchronous anyway. 276 */ 277 static void erase_callback(struct erase_info *ei) 278 { 279 wake_up_interruptible((wait_queue_head_t *)ei->priv); 280 } 281 282 /** 283 * do_sync_erase - synchronously erase a physical eraseblock. 284 * @ubi: UBI device description object 285 * @pnum: the physical eraseblock number to erase 286 * 287 * This function synchronously erases physical eraseblock @pnum and returns 288 * zero in case of success and a negative error code in case of failure. If 289 * %-EIO is returned, the physical eraseblock most probably went bad. 290 */ 291 static int do_sync_erase(struct ubi_device *ubi, int pnum) 292 { 293 int err, retries = 0; 294 struct erase_info ei; 295 wait_queue_head_t wq; 296 297 dbg_io("erase PEB %d", pnum); 298 299 retry: 300 init_waitqueue_head(&wq); 301 memset(&ei, 0, sizeof(struct erase_info)); 302 303 ei.mtd = ubi->mtd; 304 ei.addr = (loff_t)pnum * ubi->peb_size; 305 ei.len = ubi->peb_size; 306 ei.callback = erase_callback; 307 ei.priv = (unsigned long)&wq; 308 309 err = mtd_erase(ubi->mtd, &ei); 310 if (err) { 311 if (retries++ < UBI_IO_RETRIES) { 312 dbg_io("error %d while erasing PEB %d, retry", 313 err, pnum); 314 yield(); 315 goto retry; 316 } 317 ubi_err("cannot erase PEB %d, error %d", pnum, err); 318 ubi_dbg_dump_stack(); 319 return err; 320 } 321 322 err = wait_event_interruptible(wq, ei.state == MTD_ERASE_DONE || 323 ei.state == MTD_ERASE_FAILED); 324 if (err) { 325 ubi_err("interrupted PEB %d erasure", pnum); 326 return -EINTR; 327 } 328 329 if (ei.state == MTD_ERASE_FAILED) { 330 if (retries++ < UBI_IO_RETRIES) { 331 dbg_io("error while erasing PEB %d, retry", pnum); 332 yield(); 333 goto retry; 334 } 335 ubi_err("cannot erase PEB %d", pnum); 336 ubi_dbg_dump_stack(); 337 return -EIO; 338 } 339 340 err = paranoid_check_all_ff(ubi, pnum, 0, ubi->peb_size); 341 if (err) 342 return err > 0 ? -EINVAL : err; 343 344 if (ubi_dbg_is_erase_failure() && !err) { 345 dbg_err("cannot erase PEB %d (emulated)", pnum); 346 return -EIO; 347 } 348 349 return 0; 350 } 351 352 /** 353 * check_pattern - check if buffer contains only a certain byte pattern. 354 * @buf: buffer to check 355 * @patt: the pattern to check 356 * @size: buffer size in bytes 357 * 358 * This function returns %1 in there are only @patt bytes in @buf, and %0 if 359 * something else was also found. 360 */ 361 static int check_pattern(const void *buf, uint8_t patt, int size) 362 { 363 int i; 364 365 for (i = 0; i < size; i++) 366 if (((const uint8_t *)buf)[i] != patt) 367 return 0; 368 return 1; 369 } 370 371 /* Patterns to write to a physical eraseblock when torturing it */ 372 static uint8_t patterns[] = {0xa5, 0x5a, 0x0}; 373 374 /** 375 * torture_peb - test a supposedly bad physical eraseblock. 376 * @ubi: UBI device description object 377 * @pnum: the physical eraseblock number to test 378 * 379 * This function returns %-EIO if the physical eraseblock did not pass the 380 * test, a positive number of erase operations done if the test was 381 * successfully passed, and other negative error codes in case of other errors. 382 */ 383 static int torture_peb(struct ubi_device *ubi, int pnum) 384 { 385 int err, i, patt_count; 386 387 patt_count = ARRAY_SIZE(patterns); 388 ubi_assert(patt_count > 0); 389 390 mutex_lock(&ubi->buf_mutex); 391 for (i = 0; i < patt_count; i++) { 392 err = do_sync_erase(ubi, pnum); 393 if (err) 394 goto out; 395 396 /* Make sure the PEB contains only 0xFF bytes */ 397 err = ubi_io_read(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size); 398 if (err) 399 goto out; 400 401 err = check_pattern(ubi->peb_buf1, 0xFF, ubi->peb_size); 402 if (err == 0) { 403 ubi_err("erased PEB %d, but a non-0xFF byte found", 404 pnum); 405 err = -EIO; 406 goto out; 407 } 408 409 /* Write a pattern and check it */ 410 memset(ubi->peb_buf1, patterns[i], ubi->peb_size); 411 err = ubi_io_write(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size); 412 if (err) 413 goto out; 414 415 memset(ubi->peb_buf1, ~patterns[i], ubi->peb_size); 416 err = ubi_io_read(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size); 417 if (err) 418 goto out; 419 420 err = check_pattern(ubi->peb_buf1, patterns[i], ubi->peb_size); 421 if (err == 0) { 422 ubi_err("pattern %x checking failed for PEB %d", 423 patterns[i], pnum); 424 err = -EIO; 425 goto out; 426 } 427 } 428 429 err = patt_count; 430 431 out: 432 mutex_unlock(&ubi->buf_mutex); 433 if (err == UBI_IO_BITFLIPS || err == -EBADMSG) { 434 /* 435 * If a bit-flip or data integrity error was detected, the test 436 * has not passed because it happened on a freshly erased 437 * physical eraseblock which means something is wrong with it. 438 */ 439 ubi_err("read problems on freshly erased PEB %d, must be bad", 440 pnum); 441 err = -EIO; 442 } 443 return err; 444 } 445 446 /** 447 * ubi_io_sync_erase - synchronously erase a physical eraseblock. 448 * @ubi: UBI device description object 449 * @pnum: physical eraseblock number to erase 450 * @torture: if this physical eraseblock has to be tortured 451 * 452 * This function synchronously erases physical eraseblock @pnum. If @torture 453 * flag is not zero, the physical eraseblock is checked by means of writing 454 * different patterns to it and reading them back. If the torturing is enabled, 455 * the physical eraseblock is erased more then once. 456 * 457 * This function returns the number of erasures made in case of success, %-EIO 458 * if the erasure failed or the torturing test failed, and other negative error 459 * codes in case of other errors. Note, %-EIO means that the physical 460 * eraseblock is bad. 461 */ 462 int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture) 463 { 464 int err, ret = 0; 465 466 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 467 468 err = paranoid_check_not_bad(ubi, pnum); 469 if (err != 0) 470 return err > 0 ? -EINVAL : err; 471 472 if (ubi->ro_mode) { 473 ubi_err("read-only mode"); 474 return -EROFS; 475 } 476 477 if (torture) { 478 ret = torture_peb(ubi, pnum); 479 if (ret < 0) 480 return ret; 481 } 482 483 err = do_sync_erase(ubi, pnum); 484 if (err) 485 return err; 486 487 return ret + 1; 488 } 489 490 /** 491 * ubi_io_is_bad - check if a physical eraseblock is bad. 492 * @ubi: UBI device description object 493 * @pnum: the physical eraseblock number to check 494 * 495 * This function returns a positive number if the physical eraseblock is bad, 496 * zero if not, and a negative error code if an error occurred. 497 */ 498 int ubi_io_is_bad(const struct ubi_device *ubi, int pnum) 499 { 500 struct mtd_info *mtd = ubi->mtd; 501 502 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 503 504 if (ubi->bad_allowed) { 505 int ret; 506 507 ret = mtd_block_isbad(mtd, (loff_t)pnum * ubi->peb_size); 508 if (ret < 0) 509 ubi_err("error %d while checking if PEB %d is bad", 510 ret, pnum); 511 else if (ret) 512 dbg_io("PEB %d is bad", pnum); 513 return ret; 514 } 515 516 return 0; 517 } 518 519 /** 520 * ubi_io_mark_bad - mark a physical eraseblock as bad. 521 * @ubi: UBI device description object 522 * @pnum: the physical eraseblock number to mark 523 * 524 * This function returns zero in case of success and a negative error code in 525 * case of failure. 526 */ 527 int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum) 528 { 529 int err; 530 struct mtd_info *mtd = ubi->mtd; 531 532 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 533 534 if (ubi->ro_mode) { 535 ubi_err("read-only mode"); 536 return -EROFS; 537 } 538 539 if (!ubi->bad_allowed) 540 return 0; 541 542 err = mtd_block_markbad(mtd, (loff_t)pnum * ubi->peb_size); 543 if (err) 544 ubi_err("cannot mark PEB %d bad, error %d", pnum, err); 545 return err; 546 } 547 548 /** 549 * validate_ec_hdr - validate an erase counter header. 550 * @ubi: UBI device description object 551 * @ec_hdr: the erase counter header to check 552 * 553 * This function returns zero if the erase counter header is OK, and %1 if 554 * not. 555 */ 556 static int validate_ec_hdr(const struct ubi_device *ubi, 557 const struct ubi_ec_hdr *ec_hdr) 558 { 559 long long ec; 560 int vid_hdr_offset, leb_start; 561 562 ec = be64_to_cpu(ec_hdr->ec); 563 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset); 564 leb_start = be32_to_cpu(ec_hdr->data_offset); 565 566 if (ec_hdr->version != UBI_VERSION) { 567 ubi_err("node with incompatible UBI version found: " 568 "this UBI version is %d, image version is %d", 569 UBI_VERSION, (int)ec_hdr->version); 570 goto bad; 571 } 572 573 if (vid_hdr_offset != ubi->vid_hdr_offset) { 574 ubi_err("bad VID header offset %d, expected %d", 575 vid_hdr_offset, ubi->vid_hdr_offset); 576 goto bad; 577 } 578 579 if (leb_start != ubi->leb_start) { 580 ubi_err("bad data offset %d, expected %d", 581 leb_start, ubi->leb_start); 582 goto bad; 583 } 584 585 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) { 586 ubi_err("bad erase counter %lld", ec); 587 goto bad; 588 } 589 590 return 0; 591 592 bad: 593 ubi_err("bad EC header"); 594 ubi_dbg_dump_ec_hdr(ec_hdr); 595 ubi_dbg_dump_stack(); 596 return 1; 597 } 598 599 /** 600 * ubi_io_read_ec_hdr - read and check an erase counter header. 601 * @ubi: UBI device description object 602 * @pnum: physical eraseblock to read from 603 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter 604 * header 605 * @verbose: be verbose if the header is corrupted or was not found 606 * 607 * This function reads erase counter header from physical eraseblock @pnum and 608 * stores it in @ec_hdr. This function also checks CRC checksum of the read 609 * erase counter header. The following codes may be returned: 610 * 611 * o %0 if the CRC checksum is correct and the header was successfully read; 612 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected 613 * and corrected by the flash driver; this is harmless but may indicate that 614 * this eraseblock may become bad soon (but may be not); 615 * o %UBI_IO_BAD_EC_HDR if the erase counter header is corrupted (a CRC error); 616 * o %UBI_IO_PEB_EMPTY if the physical eraseblock is empty; 617 * o a negative error code in case of failure. 618 */ 619 int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum, 620 struct ubi_ec_hdr *ec_hdr, int verbose) 621 { 622 int err, read_err = 0; 623 uint32_t crc, magic, hdr_crc; 624 625 dbg_io("read EC header from PEB %d", pnum); 626 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 627 if (UBI_IO_DEBUG) 628 verbose = 1; 629 630 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE); 631 if (err) { 632 if (err != UBI_IO_BITFLIPS && err != -EBADMSG) 633 return err; 634 635 /* 636 * We read all the data, but either a correctable bit-flip 637 * occurred, or MTD reported about some data integrity error, 638 * like an ECC error in case of NAND. The former is harmless, 639 * the later may mean that the read data is corrupted. But we 640 * have a CRC check-sum and we will detect this. If the EC 641 * header is still OK, we just report this as there was a 642 * bit-flip. 643 */ 644 read_err = err; 645 } 646 647 magic = be32_to_cpu(ec_hdr->magic); 648 if (magic != UBI_EC_HDR_MAGIC) { 649 /* 650 * The magic field is wrong. Let's check if we have read all 651 * 0xFF. If yes, this physical eraseblock is assumed to be 652 * empty. 653 * 654 * But if there was a read error, we do not test it for all 655 * 0xFFs. Even if it does contain all 0xFFs, this error 656 * indicates that something is still wrong with this physical 657 * eraseblock and we anyway cannot treat it as empty. 658 */ 659 if (read_err != -EBADMSG && 660 check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) { 661 /* The physical eraseblock is supposedly empty */ 662 663 /* 664 * The below is just a paranoid check, it has to be 665 * compiled out if paranoid checks are disabled. 666 */ 667 err = paranoid_check_all_ff(ubi, pnum, 0, 668 ubi->peb_size); 669 if (err) 670 return err > 0 ? UBI_IO_BAD_EC_HDR : err; 671 672 if (verbose) 673 ubi_warn("no EC header found at PEB %d, " 674 "only 0xFF bytes", pnum); 675 return UBI_IO_PEB_EMPTY; 676 } 677 678 /* 679 * This is not a valid erase counter header, and these are not 680 * 0xFF bytes. Report that the header is corrupted. 681 */ 682 if (verbose) { 683 ubi_warn("bad magic number at PEB %d: %08x instead of " 684 "%08x", pnum, magic, UBI_EC_HDR_MAGIC); 685 ubi_dbg_dump_ec_hdr(ec_hdr); 686 } 687 return UBI_IO_BAD_EC_HDR; 688 } 689 690 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC); 691 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc); 692 693 if (hdr_crc != crc) { 694 if (verbose) { 695 ubi_warn("bad EC header CRC at PEB %d, calculated %#08x," 696 " read %#08x", pnum, crc, hdr_crc); 697 ubi_dbg_dump_ec_hdr(ec_hdr); 698 } 699 return UBI_IO_BAD_EC_HDR; 700 } 701 702 /* And of course validate what has just been read from the media */ 703 err = validate_ec_hdr(ubi, ec_hdr); 704 if (err) { 705 ubi_err("validation failed for PEB %d", pnum); 706 return -EINVAL; 707 } 708 709 return read_err ? UBI_IO_BITFLIPS : 0; 710 } 711 712 /** 713 * ubi_io_write_ec_hdr - write an erase counter header. 714 * @ubi: UBI device description object 715 * @pnum: physical eraseblock to write to 716 * @ec_hdr: the erase counter header to write 717 * 718 * This function writes erase counter header described by @ec_hdr to physical 719 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so 720 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec 721 * field. 722 * 723 * This function returns zero in case of success and a negative error code in 724 * case of failure. If %-EIO is returned, the physical eraseblock most probably 725 * went bad. 726 */ 727 int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum, 728 struct ubi_ec_hdr *ec_hdr) 729 { 730 int err; 731 uint32_t crc; 732 733 dbg_io("write EC header to PEB %d", pnum); 734 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 735 736 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC); 737 ec_hdr->version = UBI_VERSION; 738 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset); 739 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start); 740 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC); 741 ec_hdr->hdr_crc = cpu_to_be32(crc); 742 743 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr); 744 if (err) 745 return -EINVAL; 746 747 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize); 748 return err; 749 } 750 751 /** 752 * validate_vid_hdr - validate a volume identifier header. 753 * @ubi: UBI device description object 754 * @vid_hdr: the volume identifier header to check 755 * 756 * This function checks that data stored in the volume identifier header 757 * @vid_hdr. Returns zero if the VID header is OK and %1 if not. 758 */ 759 static int validate_vid_hdr(const struct ubi_device *ubi, 760 const struct ubi_vid_hdr *vid_hdr) 761 { 762 int vol_type = vid_hdr->vol_type; 763 int copy_flag = vid_hdr->copy_flag; 764 int vol_id = be32_to_cpu(vid_hdr->vol_id); 765 int lnum = be32_to_cpu(vid_hdr->lnum); 766 int compat = vid_hdr->compat; 767 int data_size = be32_to_cpu(vid_hdr->data_size); 768 int used_ebs = be32_to_cpu(vid_hdr->used_ebs); 769 int data_pad = be32_to_cpu(vid_hdr->data_pad); 770 int data_crc = be32_to_cpu(vid_hdr->data_crc); 771 int usable_leb_size = ubi->leb_size - data_pad; 772 773 if (copy_flag != 0 && copy_flag != 1) { 774 dbg_err("bad copy_flag"); 775 goto bad; 776 } 777 778 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 || 779 data_pad < 0) { 780 dbg_err("negative values"); 781 goto bad; 782 } 783 784 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) { 785 dbg_err("bad vol_id"); 786 goto bad; 787 } 788 789 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) { 790 dbg_err("bad compat"); 791 goto bad; 792 } 793 794 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE && 795 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE && 796 compat != UBI_COMPAT_REJECT) { 797 dbg_err("bad compat"); 798 goto bad; 799 } 800 801 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) { 802 dbg_err("bad vol_type"); 803 goto bad; 804 } 805 806 if (data_pad >= ubi->leb_size / 2) { 807 dbg_err("bad data_pad"); 808 goto bad; 809 } 810 811 if (vol_type == UBI_VID_STATIC) { 812 /* 813 * Although from high-level point of view static volumes may 814 * contain zero bytes of data, but no VID headers can contain 815 * zero at these fields, because they empty volumes do not have 816 * mapped logical eraseblocks. 817 */ 818 if (used_ebs == 0) { 819 dbg_err("zero used_ebs"); 820 goto bad; 821 } 822 if (data_size == 0) { 823 dbg_err("zero data_size"); 824 goto bad; 825 } 826 if (lnum < used_ebs - 1) { 827 if (data_size != usable_leb_size) { 828 dbg_err("bad data_size"); 829 goto bad; 830 } 831 } else if (lnum == used_ebs - 1) { 832 if (data_size == 0) { 833 dbg_err("bad data_size at last LEB"); 834 goto bad; 835 } 836 } else { 837 dbg_err("too high lnum"); 838 goto bad; 839 } 840 } else { 841 if (copy_flag == 0) { 842 if (data_crc != 0) { 843 dbg_err("non-zero data CRC"); 844 goto bad; 845 } 846 if (data_size != 0) { 847 dbg_err("non-zero data_size"); 848 goto bad; 849 } 850 } else { 851 if (data_size == 0) { 852 dbg_err("zero data_size of copy"); 853 goto bad; 854 } 855 } 856 if (used_ebs != 0) { 857 dbg_err("bad used_ebs"); 858 goto bad; 859 } 860 } 861 862 return 0; 863 864 bad: 865 ubi_err("bad VID header"); 866 ubi_dbg_dump_vid_hdr(vid_hdr); 867 ubi_dbg_dump_stack(); 868 return 1; 869 } 870 871 /** 872 * ubi_io_read_vid_hdr - read and check a volume identifier header. 873 * @ubi: UBI device description object 874 * @pnum: physical eraseblock number to read from 875 * @vid_hdr: &struct ubi_vid_hdr object where to store the read volume 876 * identifier header 877 * @verbose: be verbose if the header is corrupted or wasn't found 878 * 879 * This function reads the volume identifier header from physical eraseblock 880 * @pnum and stores it in @vid_hdr. It also checks CRC checksum of the read 881 * volume identifier header. The following codes may be returned: 882 * 883 * o %0 if the CRC checksum is correct and the header was successfully read; 884 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected 885 * and corrected by the flash driver; this is harmless but may indicate that 886 * this eraseblock may become bad soon; 887 * o %UBI_IO_BAD_VID_HRD if the volume identifier header is corrupted (a CRC 888 * error detected); 889 * o %UBI_IO_PEB_FREE if the physical eraseblock is free (i.e., there is no VID 890 * header there); 891 * o a negative error code in case of failure. 892 */ 893 int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum, 894 struct ubi_vid_hdr *vid_hdr, int verbose) 895 { 896 int err, read_err = 0; 897 uint32_t crc, magic, hdr_crc; 898 void *p; 899 900 dbg_io("read VID header from PEB %d", pnum); 901 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 902 if (UBI_IO_DEBUG) 903 verbose = 1; 904 905 p = (char *)vid_hdr - ubi->vid_hdr_shift; 906 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset, 907 ubi->vid_hdr_alsize); 908 if (err) { 909 if (err != UBI_IO_BITFLIPS && err != -EBADMSG) 910 return err; 911 912 /* 913 * We read all the data, but either a correctable bit-flip 914 * occurred, or MTD reported about some data integrity error, 915 * like an ECC error in case of NAND. The former is harmless, 916 * the later may mean the read data is corrupted. But we have a 917 * CRC check-sum and we will identify this. If the VID header is 918 * still OK, we just report this as there was a bit-flip. 919 */ 920 read_err = err; 921 } 922 923 magic = be32_to_cpu(vid_hdr->magic); 924 if (magic != UBI_VID_HDR_MAGIC) { 925 /* 926 * If we have read all 0xFF bytes, the VID header probably does 927 * not exist and the physical eraseblock is assumed to be free. 928 * 929 * But if there was a read error, we do not test the data for 930 * 0xFFs. Even if it does contain all 0xFFs, this error 931 * indicates that something is still wrong with this physical 932 * eraseblock and it cannot be regarded as free. 933 */ 934 if (read_err != -EBADMSG && 935 check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) { 936 /* The physical eraseblock is supposedly free */ 937 938 /* 939 * The below is just a paranoid check, it has to be 940 * compiled out if paranoid checks are disabled. 941 */ 942 err = paranoid_check_all_ff(ubi, pnum, ubi->leb_start, 943 ubi->leb_size); 944 if (err) 945 return err > 0 ? UBI_IO_BAD_VID_HDR : err; 946 947 if (verbose) 948 ubi_warn("no VID header found at PEB %d, " 949 "only 0xFF bytes", pnum); 950 return UBI_IO_PEB_FREE; 951 } 952 953 /* 954 * This is not a valid VID header, and these are not 0xFF 955 * bytes. Report that the header is corrupted. 956 */ 957 if (verbose) { 958 ubi_warn("bad magic number at PEB %d: %08x instead of " 959 "%08x", pnum, magic, UBI_VID_HDR_MAGIC); 960 ubi_dbg_dump_vid_hdr(vid_hdr); 961 } 962 return UBI_IO_BAD_VID_HDR; 963 } 964 965 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC); 966 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc); 967 968 if (hdr_crc != crc) { 969 if (verbose) { 970 ubi_warn("bad CRC at PEB %d, calculated %#08x, " 971 "read %#08x", pnum, crc, hdr_crc); 972 ubi_dbg_dump_vid_hdr(vid_hdr); 973 } 974 return UBI_IO_BAD_VID_HDR; 975 } 976 977 /* Validate the VID header that we have just read */ 978 err = validate_vid_hdr(ubi, vid_hdr); 979 if (err) { 980 ubi_err("validation failed for PEB %d", pnum); 981 return -EINVAL; 982 } 983 984 return read_err ? UBI_IO_BITFLIPS : 0; 985 } 986 987 /** 988 * ubi_io_write_vid_hdr - write a volume identifier header. 989 * @ubi: UBI device description object 990 * @pnum: the physical eraseblock number to write to 991 * @vid_hdr: the volume identifier header to write 992 * 993 * This function writes the volume identifier header described by @vid_hdr to 994 * physical eraseblock @pnum. This function automatically fills the 995 * @vid_hdr->magic and the @vid_hdr->version fields, as well as calculates 996 * header CRC checksum and stores it at vid_hdr->hdr_crc. 997 * 998 * This function returns zero in case of success and a negative error code in 999 * case of failure. If %-EIO is returned, the physical eraseblock probably went 1000 * bad. 1001 */ 1002 int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum, 1003 struct ubi_vid_hdr *vid_hdr) 1004 { 1005 int err; 1006 uint32_t crc; 1007 void *p; 1008 1009 dbg_io("write VID header to PEB %d", pnum); 1010 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 1011 1012 err = paranoid_check_peb_ec_hdr(ubi, pnum); 1013 if (err) 1014 return err > 0 ? -EINVAL: err; 1015 1016 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC); 1017 vid_hdr->version = UBI_VERSION; 1018 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC); 1019 vid_hdr->hdr_crc = cpu_to_be32(crc); 1020 1021 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr); 1022 if (err) 1023 return -EINVAL; 1024 1025 p = (char *)vid_hdr - ubi->vid_hdr_shift; 1026 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset, 1027 ubi->vid_hdr_alsize); 1028 return err; 1029 } 1030 1031 #ifdef CONFIG_MTD_UBI_DEBUG_PARANOID 1032 1033 /** 1034 * paranoid_check_not_bad - ensure that a physical eraseblock is not bad. 1035 * @ubi: UBI device description object 1036 * @pnum: physical eraseblock number to check 1037 * 1038 * This function returns zero if the physical eraseblock is good, a positive 1039 * number if it is bad and a negative error code if an error occurred. 1040 */ 1041 static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum) 1042 { 1043 int err; 1044 1045 err = ubi_io_is_bad(ubi, pnum); 1046 if (!err) 1047 return err; 1048 1049 ubi_err("paranoid check failed for PEB %d", pnum); 1050 ubi_dbg_dump_stack(); 1051 return err; 1052 } 1053 1054 /** 1055 * paranoid_check_ec_hdr - check if an erase counter header is all right. 1056 * @ubi: UBI device description object 1057 * @pnum: physical eraseblock number the erase counter header belongs to 1058 * @ec_hdr: the erase counter header to check 1059 * 1060 * This function returns zero if the erase counter header contains valid 1061 * values, and %1 if not. 1062 */ 1063 static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum, 1064 const struct ubi_ec_hdr *ec_hdr) 1065 { 1066 int err; 1067 uint32_t magic; 1068 1069 magic = be32_to_cpu(ec_hdr->magic); 1070 if (magic != UBI_EC_HDR_MAGIC) { 1071 ubi_err("bad magic %#08x, must be %#08x", 1072 magic, UBI_EC_HDR_MAGIC); 1073 goto fail; 1074 } 1075 1076 err = validate_ec_hdr(ubi, ec_hdr); 1077 if (err) { 1078 ubi_err("paranoid check failed for PEB %d", pnum); 1079 goto fail; 1080 } 1081 1082 return 0; 1083 1084 fail: 1085 ubi_dbg_dump_ec_hdr(ec_hdr); 1086 ubi_dbg_dump_stack(); 1087 return 1; 1088 } 1089 1090 /** 1091 * paranoid_check_peb_ec_hdr - check that the erase counter header of a 1092 * physical eraseblock is in-place and is all right. 1093 * @ubi: UBI device description object 1094 * @pnum: the physical eraseblock number to check 1095 * 1096 * This function returns zero if the erase counter header is all right, %1 if 1097 * not, and a negative error code if an error occurred. 1098 */ 1099 static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum) 1100 { 1101 int err; 1102 uint32_t crc, hdr_crc; 1103 struct ubi_ec_hdr *ec_hdr; 1104 1105 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS); 1106 if (!ec_hdr) 1107 return -ENOMEM; 1108 1109 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE); 1110 if (err && err != UBI_IO_BITFLIPS && err != -EBADMSG) 1111 goto exit; 1112 1113 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC); 1114 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc); 1115 if (hdr_crc != crc) { 1116 ubi_err("bad CRC, calculated %#08x, read %#08x", crc, hdr_crc); 1117 ubi_err("paranoid check failed for PEB %d", pnum); 1118 ubi_dbg_dump_ec_hdr(ec_hdr); 1119 ubi_dbg_dump_stack(); 1120 err = 1; 1121 goto exit; 1122 } 1123 1124 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr); 1125 1126 exit: 1127 kfree(ec_hdr); 1128 return err; 1129 } 1130 1131 /** 1132 * paranoid_check_vid_hdr - check that a volume identifier header is all right. 1133 * @ubi: UBI device description object 1134 * @pnum: physical eraseblock number the volume identifier header belongs to 1135 * @vid_hdr: the volume identifier header to check 1136 * 1137 * This function returns zero if the volume identifier header is all right, and 1138 * %1 if not. 1139 */ 1140 static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum, 1141 const struct ubi_vid_hdr *vid_hdr) 1142 { 1143 int err; 1144 uint32_t magic; 1145 1146 magic = be32_to_cpu(vid_hdr->magic); 1147 if (magic != UBI_VID_HDR_MAGIC) { 1148 ubi_err("bad VID header magic %#08x at PEB %d, must be %#08x", 1149 magic, pnum, UBI_VID_HDR_MAGIC); 1150 goto fail; 1151 } 1152 1153 err = validate_vid_hdr(ubi, vid_hdr); 1154 if (err) { 1155 ubi_err("paranoid check failed for PEB %d", pnum); 1156 goto fail; 1157 } 1158 1159 return err; 1160 1161 fail: 1162 ubi_err("paranoid check failed for PEB %d", pnum); 1163 ubi_dbg_dump_vid_hdr(vid_hdr); 1164 ubi_dbg_dump_stack(); 1165 return 1; 1166 1167 } 1168 1169 /** 1170 * paranoid_check_peb_vid_hdr - check that the volume identifier header of a 1171 * physical eraseblock is in-place and is all right. 1172 * @ubi: UBI device description object 1173 * @pnum: the physical eraseblock number to check 1174 * 1175 * This function returns zero if the volume identifier header is all right, 1176 * %1 if not, and a negative error code if an error occurred. 1177 */ 1178 static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum) 1179 { 1180 int err; 1181 uint32_t crc, hdr_crc; 1182 struct ubi_vid_hdr *vid_hdr; 1183 void *p; 1184 1185 vid_hdr = ubi_zalloc_vid_hdr(ubi, GFP_NOFS); 1186 if (!vid_hdr) 1187 return -ENOMEM; 1188 1189 p = (char *)vid_hdr - ubi->vid_hdr_shift; 1190 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset, 1191 ubi->vid_hdr_alsize); 1192 if (err && err != UBI_IO_BITFLIPS && err != -EBADMSG) 1193 goto exit; 1194 1195 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_EC_HDR_SIZE_CRC); 1196 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc); 1197 if (hdr_crc != crc) { 1198 ubi_err("bad VID header CRC at PEB %d, calculated %#08x, " 1199 "read %#08x", pnum, crc, hdr_crc); 1200 ubi_err("paranoid check failed for PEB %d", pnum); 1201 ubi_dbg_dump_vid_hdr(vid_hdr); 1202 ubi_dbg_dump_stack(); 1203 err = 1; 1204 goto exit; 1205 } 1206 1207 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr); 1208 1209 exit: 1210 ubi_free_vid_hdr(ubi, vid_hdr); 1211 return err; 1212 } 1213 1214 /** 1215 * paranoid_check_all_ff - check that a region of flash is empty. 1216 * @ubi: UBI device description object 1217 * @pnum: the physical eraseblock number to check 1218 * @offset: the starting offset within the physical eraseblock to check 1219 * @len: the length of the region to check 1220 * 1221 * This function returns zero if only 0xFF bytes are present at offset 1222 * @offset of the physical eraseblock @pnum, %1 if not, and a negative error 1223 * code if an error occurred. 1224 */ 1225 static int paranoid_check_all_ff(struct ubi_device *ubi, int pnum, int offset, 1226 int len) 1227 { 1228 size_t read; 1229 int err; 1230 loff_t addr = (loff_t)pnum * ubi->peb_size + offset; 1231 1232 mutex_lock(&ubi->dbg_buf_mutex); 1233 err = mtd_read(ubi->mtd, addr, len, &read, ubi->dbg_peb_buf); 1234 if (err && err != -EUCLEAN) { 1235 ubi_err("error %d while reading %d bytes from PEB %d:%d, " 1236 "read %zd bytes", err, len, pnum, offset, read); 1237 goto error; 1238 } 1239 1240 err = check_pattern(ubi->dbg_peb_buf, 0xFF, len); 1241 if (err == 0) { 1242 ubi_err("flash region at PEB %d:%d, length %d does not " 1243 "contain all 0xFF bytes", pnum, offset, len); 1244 goto fail; 1245 } 1246 mutex_unlock(&ubi->dbg_buf_mutex); 1247 1248 return 0; 1249 1250 fail: 1251 ubi_err("paranoid check failed for PEB %d", pnum); 1252 dbg_msg("hex dump of the %d-%d region", offset, offset + len); 1253 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1, 1254 ubi->dbg_peb_buf, len, 1); 1255 err = 1; 1256 error: 1257 ubi_dbg_dump_stack(); 1258 mutex_unlock(&ubi->dbg_buf_mutex); 1259 return err; 1260 } 1261 1262 #endif /* CONFIG_MTD_UBI_DEBUG_PARANOID */ 1263