xref: /openbmc/u-boot/drivers/mtd/ubi/io.c (revision d5cf32977f0068c046687e3ff944c5e637b4bfa0)
1 /*
2  * Copyright (c) International Business Machines Corp., 2006
3  * Copyright (c) Nokia Corporation, 2006, 2007
4  * SPDX-License-Identifier:	GPL-2.0+
5  *
6  * Author: Artem Bityutskiy (Битюцкий Артём)
7  */
8 
9 /*
10  * UBI input/output sub-system.
11  *
12  * This sub-system provides a uniform way to work with all kinds of the
13  * underlying MTD devices. It also implements handy functions for reading and
14  * writing UBI headers.
15  *
16  * We are trying to have a paranoid mindset and not to trust to what we read
17  * from the flash media in order to be more secure and robust. So this
18  * sub-system validates every single header it reads from the flash media.
19  *
20  * Some words about how the eraseblock headers are stored.
21  *
22  * The erase counter header is always stored at offset zero. By default, the
23  * VID header is stored after the EC header at the closest aligned offset
24  * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID
25  * header at the closest aligned offset. But this default layout may be
26  * changed. For example, for different reasons (e.g., optimization) UBI may be
27  * asked to put the VID header at further offset, and even at an unaligned
28  * offset. Of course, if the offset of the VID header is unaligned, UBI adds
29  * proper padding in front of it. Data offset may also be changed but it has to
30  * be aligned.
31  *
32  * About minimal I/O units. In general, UBI assumes flash device model where
33  * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1,
34  * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the
35  * @ubi->mtd->writesize field. But as an exception, UBI admits of using another
36  * (smaller) minimal I/O unit size for EC and VID headers to make it possible
37  * to do different optimizations.
38  *
39  * This is extremely useful in case of NAND flashes which admit of several
40  * write operations to one NAND page. In this case UBI can fit EC and VID
41  * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal
42  * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still
43  * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI
44  * users.
45  *
46  * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so
47  * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID
48  * headers.
49  *
50  * Q: why not just to treat sub-page as a minimal I/O unit of this flash
51  * device, e.g., make @ubi->min_io_size = 512 in the example above?
52  *
53  * A: because when writing a sub-page, MTD still writes a full 2K page but the
54  * bytes which are not relevant to the sub-page are 0xFF. So, basically,
55  * writing 4x512 sub-pages is 4 times slower than writing one 2KiB NAND page.
56  * Thus, we prefer to use sub-pages only for EC and VID headers.
57  *
58  * As it was noted above, the VID header may start at a non-aligned offset.
59  * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page,
60  * the VID header may reside at offset 1984 which is the last 64 bytes of the
61  * last sub-page (EC header is always at offset zero). This causes some
62  * difficulties when reading and writing VID headers.
63  *
64  * Suppose we have a 64-byte buffer and we read a VID header at it. We change
65  * the data and want to write this VID header out. As we can only write in
66  * 512-byte chunks, we have to allocate one more buffer and copy our VID header
67  * to offset 448 of this buffer.
68  *
69  * The I/O sub-system does the following trick in order to avoid this extra
70  * copy. It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID
71  * header and returns a pointer to offset @ubi->vid_hdr_shift of this buffer.
72  * When the VID header is being written out, it shifts the VID header pointer
73  * back and writes the whole sub-page.
74  */
75 
76 #ifndef __UBOOT__
77 #include <linux/crc32.h>
78 #include <linux/err.h>
79 #include <linux/slab.h>
80 #else
81 #include <ubi_uboot.h>
82 #endif
83 
84 #include "ubi.h"
85 
86 static int self_check_not_bad(const struct ubi_device *ubi, int pnum);
87 static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum);
88 static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
89 			     const struct ubi_ec_hdr *ec_hdr);
90 static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum);
91 static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
92 			      const struct ubi_vid_hdr *vid_hdr);
93 static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
94 			    int offset, int len);
95 
96 /**
97  * ubi_io_read - read data from a physical eraseblock.
98  * @ubi: UBI device description object
99  * @buf: buffer where to store the read data
100  * @pnum: physical eraseblock number to read from
101  * @offset: offset within the physical eraseblock from where to read
102  * @len: how many bytes to read
103  *
104  * This function reads data from offset @offset of physical eraseblock @pnum
105  * and stores the read data in the @buf buffer. The following return codes are
106  * possible:
107  *
108  * o %0 if all the requested data were successfully read;
109  * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but
110  *   correctable bit-flips were detected; this is harmless but may indicate
111  *   that this eraseblock may become bad soon (but do not have to);
112  * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for
113  *   example it can be an ECC error in case of NAND; this most probably means
114  *   that the data is corrupted;
115  * o %-EIO if some I/O error occurred;
116  * o other negative error codes in case of other errors.
117  */
118 int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset,
119 		int len)
120 {
121 	int err, retries = 0;
122 	size_t read;
123 	loff_t addr;
124 
125 	dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset);
126 
127 	ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
128 	ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
129 	ubi_assert(len > 0);
130 
131 	err = self_check_not_bad(ubi, pnum);
132 	if (err)
133 		return err;
134 
135 	/*
136 	 * Deliberately corrupt the buffer to improve robustness. Indeed, if we
137 	 * do not do this, the following may happen:
138 	 * 1. The buffer contains data from previous operation, e.g., read from
139 	 *    another PEB previously. The data looks like expected, e.g., if we
140 	 *    just do not read anything and return - the caller would not
141 	 *    notice this. E.g., if we are reading a VID header, the buffer may
142 	 *    contain a valid VID header from another PEB.
143 	 * 2. The driver is buggy and returns us success or -EBADMSG or
144 	 *    -EUCLEAN, but it does not actually put any data to the buffer.
145 	 *
146 	 * This may confuse UBI or upper layers - they may think the buffer
147 	 * contains valid data while in fact it is just old data. This is
148 	 * especially possible because UBI (and UBIFS) relies on CRC, and
149 	 * treats data as correct even in case of ECC errors if the CRC is
150 	 * correct.
151 	 *
152 	 * Try to prevent this situation by changing the first byte of the
153 	 * buffer.
154 	 */
155 	*((uint8_t *)buf) ^= 0xFF;
156 
157 	addr = (loff_t)pnum * ubi->peb_size + offset;
158 retry:
159 	err = mtd_read(ubi->mtd, addr, len, &read, buf);
160 	if (err) {
161 		const char *errstr = mtd_is_eccerr(err) ? " (ECC error)" : "";
162 
163 		if (mtd_is_bitflip(err)) {
164 			/*
165 			 * -EUCLEAN is reported if there was a bit-flip which
166 			 * was corrected, so this is harmless.
167 			 *
168 			 * We do not report about it here unless debugging is
169 			 * enabled. A corresponding message will be printed
170 			 * later, when it is has been scrubbed.
171 			 */
172 			ubi_msg(ubi, "fixable bit-flip detected at PEB %d",
173 				pnum);
174 			ubi_assert(len == read);
175 			return UBI_IO_BITFLIPS;
176 		}
177 
178 		if (retries++ < UBI_IO_RETRIES) {
179 			ubi_warn(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read only %zd bytes, retry",
180 				 err, errstr, len, pnum, offset, read);
181 			yield();
182 			goto retry;
183 		}
184 
185 		ubi_err(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read %zd bytes",
186 			err, errstr, len, pnum, offset, read);
187 		dump_stack();
188 
189 		/*
190 		 * The driver should never return -EBADMSG if it failed to read
191 		 * all the requested data. But some buggy drivers might do
192 		 * this, so we change it to -EIO.
193 		 */
194 		if (read != len && mtd_is_eccerr(err)) {
195 			ubi_assert(0);
196 			err = -EIO;
197 		}
198 	} else {
199 		ubi_assert(len == read);
200 
201 		if (ubi_dbg_is_bitflip(ubi)) {
202 			dbg_gen("bit-flip (emulated)");
203 			err = UBI_IO_BITFLIPS;
204 		}
205 	}
206 
207 	return err;
208 }
209 
210 /**
211  * ubi_io_write - write data to a physical eraseblock.
212  * @ubi: UBI device description object
213  * @buf: buffer with the data to write
214  * @pnum: physical eraseblock number to write to
215  * @offset: offset within the physical eraseblock where to write
216  * @len: how many bytes to write
217  *
218  * This function writes @len bytes of data from buffer @buf to offset @offset
219  * of physical eraseblock @pnum. If all the data were successfully written,
220  * zero is returned. If an error occurred, this function returns a negative
221  * error code. If %-EIO is returned, the physical eraseblock most probably went
222  * bad.
223  *
224  * Note, in case of an error, it is possible that something was still written
225  * to the flash media, but may be some garbage.
226  */
227 int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset,
228 		 int len)
229 {
230 	int err;
231 	size_t written;
232 	loff_t addr;
233 
234 	dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset);
235 
236 	ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
237 	ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
238 	ubi_assert(offset % ubi->hdrs_min_io_size == 0);
239 	ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0);
240 
241 	if (ubi->ro_mode) {
242 		ubi_err(ubi, "read-only mode");
243 		return -EROFS;
244 	}
245 
246 	err = self_check_not_bad(ubi, pnum);
247 	if (err)
248 		return err;
249 
250 	/* The area we are writing to has to contain all 0xFF bytes */
251 	err = ubi_self_check_all_ff(ubi, pnum, offset, len);
252 	if (err)
253 		return err;
254 
255 	if (offset >= ubi->leb_start) {
256 		/*
257 		 * We write to the data area of the physical eraseblock. Make
258 		 * sure it has valid EC and VID headers.
259 		 */
260 		err = self_check_peb_ec_hdr(ubi, pnum);
261 		if (err)
262 			return err;
263 		err = self_check_peb_vid_hdr(ubi, pnum);
264 		if (err)
265 			return err;
266 	}
267 
268 	if (ubi_dbg_is_write_failure(ubi)) {
269 		ubi_err(ubi, "cannot write %d bytes to PEB %d:%d (emulated)",
270 			len, pnum, offset);
271 		dump_stack();
272 		return -EIO;
273 	}
274 
275 	addr = (loff_t)pnum * ubi->peb_size + offset;
276 	err = mtd_write(ubi->mtd, addr, len, &written, buf);
277 	if (err) {
278 		ubi_err(ubi, "error %d while writing %d bytes to PEB %d:%d, written %zd bytes",
279 			err, len, pnum, offset, written);
280 		dump_stack();
281 		ubi_dump_flash(ubi, pnum, offset, len);
282 	} else
283 		ubi_assert(written == len);
284 
285 	if (!err) {
286 		err = self_check_write(ubi, buf, pnum, offset, len);
287 		if (err)
288 			return err;
289 
290 		/*
291 		 * Since we always write sequentially, the rest of the PEB has
292 		 * to contain only 0xFF bytes.
293 		 */
294 		offset += len;
295 		len = ubi->peb_size - offset;
296 		if (len)
297 			err = ubi_self_check_all_ff(ubi, pnum, offset, len);
298 	}
299 
300 	return err;
301 }
302 
303 /**
304  * erase_callback - MTD erasure call-back.
305  * @ei: MTD erase information object.
306  *
307  * Note, even though MTD erase interface is asynchronous, all the current
308  * implementations are synchronous anyway.
309  */
310 static void erase_callback(struct erase_info *ei)
311 {
312 	wake_up_interruptible((wait_queue_head_t *)ei->priv);
313 }
314 
315 /**
316  * do_sync_erase - synchronously erase a physical eraseblock.
317  * @ubi: UBI device description object
318  * @pnum: the physical eraseblock number to erase
319  *
320  * This function synchronously erases physical eraseblock @pnum and returns
321  * zero in case of success and a negative error code in case of failure. If
322  * %-EIO is returned, the physical eraseblock most probably went bad.
323  */
324 static int do_sync_erase(struct ubi_device *ubi, int pnum)
325 {
326 	int err, retries = 0;
327 	struct erase_info ei;
328 	wait_queue_head_t wq;
329 
330 	dbg_io("erase PEB %d", pnum);
331 	ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
332 
333 	if (ubi->ro_mode) {
334 		ubi_err(ubi, "read-only mode");
335 		return -EROFS;
336 	}
337 
338 retry:
339 	init_waitqueue_head(&wq);
340 	memset(&ei, 0, sizeof(struct erase_info));
341 
342 	ei.mtd      = ubi->mtd;
343 	ei.addr     = (loff_t)pnum * ubi->peb_size;
344 	ei.len      = ubi->peb_size;
345 	ei.callback = erase_callback;
346 	ei.priv     = (unsigned long)&wq;
347 
348 	err = mtd_erase(ubi->mtd, &ei);
349 	if (err) {
350 		if (retries++ < UBI_IO_RETRIES) {
351 			ubi_warn(ubi, "error %d while erasing PEB %d, retry",
352 				 err, pnum);
353 			yield();
354 			goto retry;
355 		}
356 		ubi_err(ubi, "cannot erase PEB %d, error %d", pnum, err);
357 		dump_stack();
358 		return err;
359 	}
360 
361 	err = wait_event_interruptible(wq, ei.state == MTD_ERASE_DONE ||
362 					   ei.state == MTD_ERASE_FAILED);
363 	if (err) {
364 		ubi_err(ubi, "interrupted PEB %d erasure", pnum);
365 		return -EINTR;
366 	}
367 
368 	if (ei.state == MTD_ERASE_FAILED) {
369 		if (retries++ < UBI_IO_RETRIES) {
370 			ubi_warn(ubi, "error while erasing PEB %d, retry",
371 				 pnum);
372 			yield();
373 			goto retry;
374 		}
375 		ubi_err(ubi, "cannot erase PEB %d", pnum);
376 		dump_stack();
377 		return -EIO;
378 	}
379 
380 	err = ubi_self_check_all_ff(ubi, pnum, 0, ubi->peb_size);
381 	if (err)
382 		return err;
383 
384 	if (ubi_dbg_is_erase_failure(ubi)) {
385 		ubi_err(ubi, "cannot erase PEB %d (emulated)", pnum);
386 		return -EIO;
387 	}
388 
389 	return 0;
390 }
391 
392 /* Patterns to write to a physical eraseblock when torturing it */
393 static uint8_t patterns[] = {0xa5, 0x5a, 0x0};
394 
395 /**
396  * torture_peb - test a supposedly bad physical eraseblock.
397  * @ubi: UBI device description object
398  * @pnum: the physical eraseblock number to test
399  *
400  * This function returns %-EIO if the physical eraseblock did not pass the
401  * test, a positive number of erase operations done if the test was
402  * successfully passed, and other negative error codes in case of other errors.
403  */
404 static int torture_peb(struct ubi_device *ubi, int pnum)
405 {
406 	int err, i, patt_count;
407 
408 	ubi_msg(ubi, "run torture test for PEB %d", pnum);
409 	patt_count = ARRAY_SIZE(patterns);
410 	ubi_assert(patt_count > 0);
411 
412 	mutex_lock(&ubi->buf_mutex);
413 	for (i = 0; i < patt_count; i++) {
414 		err = do_sync_erase(ubi, pnum);
415 		if (err)
416 			goto out;
417 
418 		/* Make sure the PEB contains only 0xFF bytes */
419 		err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
420 		if (err)
421 			goto out;
422 
423 		err = ubi_check_pattern(ubi->peb_buf, 0xFF, ubi->peb_size);
424 		if (err == 0) {
425 			ubi_err(ubi, "erased PEB %d, but a non-0xFF byte found",
426 				pnum);
427 			err = -EIO;
428 			goto out;
429 		}
430 
431 		/* Write a pattern and check it */
432 		memset(ubi->peb_buf, patterns[i], ubi->peb_size);
433 		err = ubi_io_write(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
434 		if (err)
435 			goto out;
436 
437 		memset(ubi->peb_buf, ~patterns[i], ubi->peb_size);
438 		err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
439 		if (err)
440 			goto out;
441 
442 		err = ubi_check_pattern(ubi->peb_buf, patterns[i],
443 					ubi->peb_size);
444 		if (err == 0) {
445 			ubi_err(ubi, "pattern %x checking failed for PEB %d",
446 				patterns[i], pnum);
447 			err = -EIO;
448 			goto out;
449 		}
450 	}
451 
452 	err = patt_count;
453 	ubi_msg(ubi, "PEB %d passed torture test, do not mark it as bad", pnum);
454 
455 out:
456 	mutex_unlock(&ubi->buf_mutex);
457 	if (err == UBI_IO_BITFLIPS || mtd_is_eccerr(err)) {
458 		/*
459 		 * If a bit-flip or data integrity error was detected, the test
460 		 * has not passed because it happened on a freshly erased
461 		 * physical eraseblock which means something is wrong with it.
462 		 */
463 		ubi_err(ubi, "read problems on freshly erased PEB %d, must be bad",
464 			pnum);
465 		err = -EIO;
466 	}
467 	return err;
468 }
469 
470 /**
471  * nor_erase_prepare - prepare a NOR flash PEB for erasure.
472  * @ubi: UBI device description object
473  * @pnum: physical eraseblock number to prepare
474  *
475  * NOR flash, or at least some of them, have peculiar embedded PEB erasure
476  * algorithm: the PEB is first filled with zeroes, then it is erased. And
477  * filling with zeroes starts from the end of the PEB. This was observed with
478  * Spansion S29GL512N NOR flash.
479  *
480  * This means that in case of a power cut we may end up with intact data at the
481  * beginning of the PEB, and all zeroes at the end of PEB. In other words, the
482  * EC and VID headers are OK, but a large chunk of data at the end of PEB is
483  * zeroed. This makes UBI mistakenly treat this PEB as used and associate it
484  * with an LEB, which leads to subsequent failures (e.g., UBIFS fails).
485  *
486  * This function is called before erasing NOR PEBs and it zeroes out EC and VID
487  * magic numbers in order to invalidate them and prevent the failures. Returns
488  * zero in case of success and a negative error code in case of failure.
489  */
490 static int nor_erase_prepare(struct ubi_device *ubi, int pnum)
491 {
492 	int err;
493 	size_t written;
494 	loff_t addr;
495 	uint32_t data = 0;
496 	struct ubi_ec_hdr ec_hdr;
497 
498 	/*
499 	 * Note, we cannot generally define VID header buffers on stack,
500 	 * because of the way we deal with these buffers (see the header
501 	 * comment in this file). But we know this is a NOR-specific piece of
502 	 * code, so we can do this. But yes, this is error-prone and we should
503 	 * (pre-)allocate VID header buffer instead.
504 	 */
505 	struct ubi_vid_hdr vid_hdr;
506 
507 	/*
508 	 * If VID or EC is valid, we have to corrupt them before erasing.
509 	 * It is important to first invalidate the EC header, and then the VID
510 	 * header. Otherwise a power cut may lead to valid EC header and
511 	 * invalid VID header, in which case UBI will treat this PEB as
512 	 * corrupted and will try to preserve it, and print scary warnings.
513 	 */
514 	addr = (loff_t)pnum * ubi->peb_size;
515 	err = ubi_io_read_ec_hdr(ubi, pnum, &ec_hdr, 0);
516 	if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
517 	    err != UBI_IO_FF){
518 		err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
519 		if(err)
520 			goto error;
521 	}
522 
523 	err = ubi_io_read_vid_hdr(ubi, pnum, &vid_hdr, 0);
524 	if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
525 	    err != UBI_IO_FF){
526 		addr += ubi->vid_hdr_aloffset;
527 		err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
528 		if (err)
529 			goto error;
530 	}
531 	return 0;
532 
533 error:
534 	/*
535 	 * The PEB contains a valid VID or EC header, but we cannot invalidate
536 	 * it. Supposedly the flash media or the driver is screwed up, so
537 	 * return an error.
538 	 */
539 	ubi_err(ubi, "cannot invalidate PEB %d, write returned %d", pnum, err);
540 	ubi_dump_flash(ubi, pnum, 0, ubi->peb_size);
541 	return -EIO;
542 }
543 
544 /**
545  * ubi_io_sync_erase - synchronously erase a physical eraseblock.
546  * @ubi: UBI device description object
547  * @pnum: physical eraseblock number to erase
548  * @torture: if this physical eraseblock has to be tortured
549  *
550  * This function synchronously erases physical eraseblock @pnum. If @torture
551  * flag is not zero, the physical eraseblock is checked by means of writing
552  * different patterns to it and reading them back. If the torturing is enabled,
553  * the physical eraseblock is erased more than once.
554  *
555  * This function returns the number of erasures made in case of success, %-EIO
556  * if the erasure failed or the torturing test failed, and other negative error
557  * codes in case of other errors. Note, %-EIO means that the physical
558  * eraseblock is bad.
559  */
560 int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture)
561 {
562 	int err, ret = 0;
563 
564 	ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
565 
566 	err = self_check_not_bad(ubi, pnum);
567 	if (err != 0)
568 		return err;
569 
570 	if (ubi->ro_mode) {
571 		ubi_err(ubi, "read-only mode");
572 		return -EROFS;
573 	}
574 
575 	if (ubi->nor_flash) {
576 		err = nor_erase_prepare(ubi, pnum);
577 		if (err)
578 			return err;
579 	}
580 
581 	if (torture) {
582 		ret = torture_peb(ubi, pnum);
583 		if (ret < 0)
584 			return ret;
585 	}
586 
587 	err = do_sync_erase(ubi, pnum);
588 	if (err)
589 		return err;
590 
591 	return ret + 1;
592 }
593 
594 /**
595  * ubi_io_is_bad - check if a physical eraseblock is bad.
596  * @ubi: UBI device description object
597  * @pnum: the physical eraseblock number to check
598  *
599  * This function returns a positive number if the physical eraseblock is bad,
600  * zero if not, and a negative error code if an error occurred.
601  */
602 int ubi_io_is_bad(const struct ubi_device *ubi, int pnum)
603 {
604 	struct mtd_info *mtd = ubi->mtd;
605 
606 	ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
607 
608 	if (ubi->bad_allowed) {
609 		int ret;
610 
611 		ret = mtd_block_isbad(mtd, (loff_t)pnum * ubi->peb_size);
612 		if (ret < 0)
613 			ubi_err(ubi, "error %d while checking if PEB %d is bad",
614 				ret, pnum);
615 		else if (ret)
616 			dbg_io("PEB %d is bad", pnum);
617 		return ret;
618 	}
619 
620 	return 0;
621 }
622 
623 /**
624  * ubi_io_mark_bad - mark a physical eraseblock as bad.
625  * @ubi: UBI device description object
626  * @pnum: the physical eraseblock number to mark
627  *
628  * This function returns zero in case of success and a negative error code in
629  * case of failure.
630  */
631 int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum)
632 {
633 	int err;
634 	struct mtd_info *mtd = ubi->mtd;
635 
636 	ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
637 
638 	if (ubi->ro_mode) {
639 		ubi_err(ubi, "read-only mode");
640 		return -EROFS;
641 	}
642 
643 	if (!ubi->bad_allowed)
644 		return 0;
645 
646 	err = mtd_block_markbad(mtd, (loff_t)pnum * ubi->peb_size);
647 	if (err)
648 		ubi_err(ubi, "cannot mark PEB %d bad, error %d", pnum, err);
649 	return err;
650 }
651 
652 /**
653  * validate_ec_hdr - validate an erase counter header.
654  * @ubi: UBI device description object
655  * @ec_hdr: the erase counter header to check
656  *
657  * This function returns zero if the erase counter header is OK, and %1 if
658  * not.
659  */
660 static int validate_ec_hdr(const struct ubi_device *ubi,
661 			   const struct ubi_ec_hdr *ec_hdr)
662 {
663 	long long ec;
664 	int vid_hdr_offset, leb_start;
665 
666 	ec = be64_to_cpu(ec_hdr->ec);
667 	vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset);
668 	leb_start = be32_to_cpu(ec_hdr->data_offset);
669 
670 	if (ec_hdr->version != UBI_VERSION) {
671 		ubi_err(ubi, "node with incompatible UBI version found: this UBI version is %d, image version is %d",
672 			UBI_VERSION, (int)ec_hdr->version);
673 		goto bad;
674 	}
675 
676 	if (vid_hdr_offset != ubi->vid_hdr_offset) {
677 		ubi_err(ubi, "bad VID header offset %d, expected %d",
678 			vid_hdr_offset, ubi->vid_hdr_offset);
679 		goto bad;
680 	}
681 
682 	if (leb_start != ubi->leb_start) {
683 		ubi_err(ubi, "bad data offset %d, expected %d",
684 			leb_start, ubi->leb_start);
685 		goto bad;
686 	}
687 
688 	if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) {
689 		ubi_err(ubi, "bad erase counter %lld", ec);
690 		goto bad;
691 	}
692 
693 	return 0;
694 
695 bad:
696 	ubi_err(ubi, "bad EC header");
697 	ubi_dump_ec_hdr(ec_hdr);
698 	dump_stack();
699 	return 1;
700 }
701 
702 /**
703  * ubi_io_read_ec_hdr - read and check an erase counter header.
704  * @ubi: UBI device description object
705  * @pnum: physical eraseblock to read from
706  * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter
707  * header
708  * @verbose: be verbose if the header is corrupted or was not found
709  *
710  * This function reads erase counter header from physical eraseblock @pnum and
711  * stores it in @ec_hdr. This function also checks CRC checksum of the read
712  * erase counter header. The following codes may be returned:
713  *
714  * o %0 if the CRC checksum is correct and the header was successfully read;
715  * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected
716  *   and corrected by the flash driver; this is harmless but may indicate that
717  *   this eraseblock may become bad soon (but may be not);
718  * o %UBI_IO_BAD_HDR if the erase counter header is corrupted (a CRC error);
719  * o %UBI_IO_BAD_HDR_EBADMSG is the same as %UBI_IO_BAD_HDR, but there also was
720  *   a data integrity error (uncorrectable ECC error in case of NAND);
721  * o %UBI_IO_FF if only 0xFF bytes were read (the PEB is supposedly empty)
722  * o a negative error code in case of failure.
723  */
724 int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum,
725 		       struct ubi_ec_hdr *ec_hdr, int verbose)
726 {
727 	int err, read_err;
728 	uint32_t crc, magic, hdr_crc;
729 
730 	dbg_io("read EC header from PEB %d", pnum);
731 	ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
732 
733 	read_err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
734 	if (read_err) {
735 		if (read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
736 			return read_err;
737 
738 		/*
739 		 * We read all the data, but either a correctable bit-flip
740 		 * occurred, or MTD reported a data integrity error
741 		 * (uncorrectable ECC error in case of NAND). The former is
742 		 * harmless, the later may mean that the read data is
743 		 * corrupted. But we have a CRC check-sum and we will detect
744 		 * this. If the EC header is still OK, we just report this as
745 		 * there was a bit-flip, to force scrubbing.
746 		 */
747 	}
748 
749 	magic = be32_to_cpu(ec_hdr->magic);
750 	if (magic != UBI_EC_HDR_MAGIC) {
751 		if (mtd_is_eccerr(read_err))
752 			return UBI_IO_BAD_HDR_EBADMSG;
753 
754 		/*
755 		 * The magic field is wrong. Let's check if we have read all
756 		 * 0xFF. If yes, this physical eraseblock is assumed to be
757 		 * empty.
758 		 */
759 		if (ubi_check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) {
760 			/* The physical eraseblock is supposedly empty */
761 			if (verbose)
762 				ubi_warn(ubi, "no EC header found at PEB %d, only 0xFF bytes",
763 					 pnum);
764 			dbg_bld("no EC header found at PEB %d, only 0xFF bytes",
765 				pnum);
766 			if (!read_err)
767 				return UBI_IO_FF;
768 			else
769 				return UBI_IO_FF_BITFLIPS;
770 		}
771 
772 		/*
773 		 * This is not a valid erase counter header, and these are not
774 		 * 0xFF bytes. Report that the header is corrupted.
775 		 */
776 		if (verbose) {
777 			ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
778 				 pnum, magic, UBI_EC_HDR_MAGIC);
779 			ubi_dump_ec_hdr(ec_hdr);
780 		}
781 		dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
782 			pnum, magic, UBI_EC_HDR_MAGIC);
783 		return UBI_IO_BAD_HDR;
784 	}
785 
786 	crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
787 	hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
788 
789 	if (hdr_crc != crc) {
790 		if (verbose) {
791 			ubi_warn(ubi, "bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
792 				 pnum, crc, hdr_crc);
793 			ubi_dump_ec_hdr(ec_hdr);
794 		}
795 		dbg_bld("bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
796 			pnum, crc, hdr_crc);
797 
798 		if (!read_err)
799 			return UBI_IO_BAD_HDR;
800 		else
801 			return UBI_IO_BAD_HDR_EBADMSG;
802 	}
803 
804 	/* And of course validate what has just been read from the media */
805 	err = validate_ec_hdr(ubi, ec_hdr);
806 	if (err) {
807 		ubi_err(ubi, "validation failed for PEB %d", pnum);
808 		return -EINVAL;
809 	}
810 
811 	/*
812 	 * If there was %-EBADMSG, but the header CRC is still OK, report about
813 	 * a bit-flip to force scrubbing on this PEB.
814 	 */
815 	return read_err ? UBI_IO_BITFLIPS : 0;
816 }
817 
818 /**
819  * ubi_io_write_ec_hdr - write an erase counter header.
820  * @ubi: UBI device description object
821  * @pnum: physical eraseblock to write to
822  * @ec_hdr: the erase counter header to write
823  *
824  * This function writes erase counter header described by @ec_hdr to physical
825  * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so
826  * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec
827  * field.
828  *
829  * This function returns zero in case of success and a negative error code in
830  * case of failure. If %-EIO is returned, the physical eraseblock most probably
831  * went bad.
832  */
833 int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum,
834 			struct ubi_ec_hdr *ec_hdr)
835 {
836 	int err;
837 	uint32_t crc;
838 
839 	dbg_io("write EC header to PEB %d", pnum);
840 	ubi_assert(pnum >= 0 &&  pnum < ubi->peb_count);
841 
842 	ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC);
843 	ec_hdr->version = UBI_VERSION;
844 	ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset);
845 	ec_hdr->data_offset = cpu_to_be32(ubi->leb_start);
846 	ec_hdr->image_seq = cpu_to_be32(ubi->image_seq);
847 	crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
848 	ec_hdr->hdr_crc = cpu_to_be32(crc);
849 
850 	err = self_check_ec_hdr(ubi, pnum, ec_hdr);
851 	if (err)
852 		return err;
853 
854 	if (ubi_dbg_power_cut(ubi, POWER_CUT_EC_WRITE))
855 		return -EROFS;
856 
857 	err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize);
858 	return err;
859 }
860 
861 /**
862  * validate_vid_hdr - validate a volume identifier header.
863  * @ubi: UBI device description object
864  * @vid_hdr: the volume identifier header to check
865  *
866  * This function checks that data stored in the volume identifier header
867  * @vid_hdr. Returns zero if the VID header is OK and %1 if not.
868  */
869 static int validate_vid_hdr(const struct ubi_device *ubi,
870 			    const struct ubi_vid_hdr *vid_hdr)
871 {
872 	int vol_type = vid_hdr->vol_type;
873 	int copy_flag = vid_hdr->copy_flag;
874 	int vol_id = be32_to_cpu(vid_hdr->vol_id);
875 	int lnum = be32_to_cpu(vid_hdr->lnum);
876 	int compat = vid_hdr->compat;
877 	int data_size = be32_to_cpu(vid_hdr->data_size);
878 	int used_ebs = be32_to_cpu(vid_hdr->used_ebs);
879 	int data_pad = be32_to_cpu(vid_hdr->data_pad);
880 	int data_crc = be32_to_cpu(vid_hdr->data_crc);
881 	int usable_leb_size = ubi->leb_size - data_pad;
882 
883 	if (copy_flag != 0 && copy_flag != 1) {
884 		ubi_err(ubi, "bad copy_flag");
885 		goto bad;
886 	}
887 
888 	if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 ||
889 	    data_pad < 0) {
890 		ubi_err(ubi, "negative values");
891 		goto bad;
892 	}
893 
894 	if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) {
895 		ubi_err(ubi, "bad vol_id");
896 		goto bad;
897 	}
898 
899 	if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) {
900 		ubi_err(ubi, "bad compat");
901 		goto bad;
902 	}
903 
904 	if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE &&
905 	    compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE &&
906 	    compat != UBI_COMPAT_REJECT) {
907 		ubi_err(ubi, "bad compat");
908 		goto bad;
909 	}
910 
911 	if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) {
912 		ubi_err(ubi, "bad vol_type");
913 		goto bad;
914 	}
915 
916 	if (data_pad >= ubi->leb_size / 2) {
917 		ubi_err(ubi, "bad data_pad");
918 		goto bad;
919 	}
920 
921 	if (vol_type == UBI_VID_STATIC) {
922 		/*
923 		 * Although from high-level point of view static volumes may
924 		 * contain zero bytes of data, but no VID headers can contain
925 		 * zero at these fields, because they empty volumes do not have
926 		 * mapped logical eraseblocks.
927 		 */
928 		if (used_ebs == 0) {
929 			ubi_err(ubi, "zero used_ebs");
930 			goto bad;
931 		}
932 		if (data_size == 0) {
933 			ubi_err(ubi, "zero data_size");
934 			goto bad;
935 		}
936 		if (lnum < used_ebs - 1) {
937 			if (data_size != usable_leb_size) {
938 				ubi_err(ubi, "bad data_size");
939 				goto bad;
940 			}
941 		} else if (lnum == used_ebs - 1) {
942 			if (data_size == 0) {
943 				ubi_err(ubi, "bad data_size at last LEB");
944 				goto bad;
945 			}
946 		} else {
947 			ubi_err(ubi, "too high lnum");
948 			goto bad;
949 		}
950 	} else {
951 		if (copy_flag == 0) {
952 			if (data_crc != 0) {
953 				ubi_err(ubi, "non-zero data CRC");
954 				goto bad;
955 			}
956 			if (data_size != 0) {
957 				ubi_err(ubi, "non-zero data_size");
958 				goto bad;
959 			}
960 		} else {
961 			if (data_size == 0) {
962 				ubi_err(ubi, "zero data_size of copy");
963 				goto bad;
964 			}
965 		}
966 		if (used_ebs != 0) {
967 			ubi_err(ubi, "bad used_ebs");
968 			goto bad;
969 		}
970 	}
971 
972 	return 0;
973 
974 bad:
975 	ubi_err(ubi, "bad VID header");
976 	ubi_dump_vid_hdr(vid_hdr);
977 	dump_stack();
978 	return 1;
979 }
980 
981 /**
982  * ubi_io_read_vid_hdr - read and check a volume identifier header.
983  * @ubi: UBI device description object
984  * @pnum: physical eraseblock number to read from
985  * @vid_hdr: &struct ubi_vid_hdr object where to store the read volume
986  * identifier header
987  * @verbose: be verbose if the header is corrupted or wasn't found
988  *
989  * This function reads the volume identifier header from physical eraseblock
990  * @pnum and stores it in @vid_hdr. It also checks CRC checksum of the read
991  * volume identifier header. The error codes are the same as in
992  * 'ubi_io_read_ec_hdr()'.
993  *
994  * Note, the implementation of this function is also very similar to
995  * 'ubi_io_read_ec_hdr()', so refer commentaries in 'ubi_io_read_ec_hdr()'.
996  */
997 int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum,
998 			struct ubi_vid_hdr *vid_hdr, int verbose)
999 {
1000 	int err, read_err;
1001 	uint32_t crc, magic, hdr_crc;
1002 	void *p;
1003 
1004 	dbg_io("read VID header from PEB %d", pnum);
1005 	ubi_assert(pnum >= 0 &&  pnum < ubi->peb_count);
1006 
1007 	p = (char *)vid_hdr - ubi->vid_hdr_shift;
1008 	read_err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1009 			  ubi->vid_hdr_alsize);
1010 	if (read_err && read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
1011 		return read_err;
1012 
1013 	magic = be32_to_cpu(vid_hdr->magic);
1014 	if (magic != UBI_VID_HDR_MAGIC) {
1015 		if (mtd_is_eccerr(read_err))
1016 			return UBI_IO_BAD_HDR_EBADMSG;
1017 
1018 		if (ubi_check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) {
1019 			if (verbose)
1020 				ubi_warn(ubi, "no VID header found at PEB %d, only 0xFF bytes",
1021 					 pnum);
1022 			dbg_bld("no VID header found at PEB %d, only 0xFF bytes",
1023 				pnum);
1024 			if (!read_err)
1025 				return UBI_IO_FF;
1026 			else
1027 				return UBI_IO_FF_BITFLIPS;
1028 		}
1029 
1030 		if (verbose) {
1031 			ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
1032 				 pnum, magic, UBI_VID_HDR_MAGIC);
1033 			ubi_dump_vid_hdr(vid_hdr);
1034 		}
1035 		dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
1036 			pnum, magic, UBI_VID_HDR_MAGIC);
1037 		return UBI_IO_BAD_HDR;
1038 	}
1039 
1040 	crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1041 	hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1042 
1043 	if (hdr_crc != crc) {
1044 		if (verbose) {
1045 			ubi_warn(ubi, "bad CRC at PEB %d, calculated %#08x, read %#08x",
1046 				 pnum, crc, hdr_crc);
1047 			ubi_dump_vid_hdr(vid_hdr);
1048 		}
1049 		dbg_bld("bad CRC at PEB %d, calculated %#08x, read %#08x",
1050 			pnum, crc, hdr_crc);
1051 		if (!read_err)
1052 			return UBI_IO_BAD_HDR;
1053 		else
1054 			return UBI_IO_BAD_HDR_EBADMSG;
1055 	}
1056 
1057 	err = validate_vid_hdr(ubi, vid_hdr);
1058 	if (err) {
1059 		ubi_err(ubi, "validation failed for PEB %d", pnum);
1060 		return -EINVAL;
1061 	}
1062 
1063 	return read_err ? UBI_IO_BITFLIPS : 0;
1064 }
1065 
1066 /**
1067  * ubi_io_write_vid_hdr - write a volume identifier header.
1068  * @ubi: UBI device description object
1069  * @pnum: the physical eraseblock number to write to
1070  * @vid_hdr: the volume identifier header to write
1071  *
1072  * This function writes the volume identifier header described by @vid_hdr to
1073  * physical eraseblock @pnum. This function automatically fills the
1074  * @vid_hdr->magic and the @vid_hdr->version fields, as well as calculates
1075  * header CRC checksum and stores it at vid_hdr->hdr_crc.
1076  *
1077  * This function returns zero in case of success and a negative error code in
1078  * case of failure. If %-EIO is returned, the physical eraseblock probably went
1079  * bad.
1080  */
1081 int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum,
1082 			 struct ubi_vid_hdr *vid_hdr)
1083 {
1084 	int err;
1085 	uint32_t crc;
1086 	void *p;
1087 
1088 	dbg_io("write VID header to PEB %d", pnum);
1089 	ubi_assert(pnum >= 0 &&  pnum < ubi->peb_count);
1090 
1091 	err = self_check_peb_ec_hdr(ubi, pnum);
1092 	if (err)
1093 		return err;
1094 
1095 	vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC);
1096 	vid_hdr->version = UBI_VERSION;
1097 	crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1098 	vid_hdr->hdr_crc = cpu_to_be32(crc);
1099 
1100 	err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1101 	if (err)
1102 		return err;
1103 
1104 	if (ubi_dbg_power_cut(ubi, POWER_CUT_VID_WRITE))
1105 		return -EROFS;
1106 
1107 	p = (char *)vid_hdr - ubi->vid_hdr_shift;
1108 	err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset,
1109 			   ubi->vid_hdr_alsize);
1110 	return err;
1111 }
1112 
1113 /**
1114  * self_check_not_bad - ensure that a physical eraseblock is not bad.
1115  * @ubi: UBI device description object
1116  * @pnum: physical eraseblock number to check
1117  *
1118  * This function returns zero if the physical eraseblock is good, %-EINVAL if
1119  * it is bad and a negative error code if an error occurred.
1120  */
1121 static int self_check_not_bad(const struct ubi_device *ubi, int pnum)
1122 {
1123 	int err;
1124 
1125 	if (!ubi_dbg_chk_io(ubi))
1126 		return 0;
1127 
1128 	err = ubi_io_is_bad(ubi, pnum);
1129 	if (!err)
1130 		return err;
1131 
1132 	ubi_err(ubi, "self-check failed for PEB %d", pnum);
1133 	dump_stack();
1134 	return err > 0 ? -EINVAL : err;
1135 }
1136 
1137 /**
1138  * self_check_ec_hdr - check if an erase counter header is all right.
1139  * @ubi: UBI device description object
1140  * @pnum: physical eraseblock number the erase counter header belongs to
1141  * @ec_hdr: the erase counter header to check
1142  *
1143  * This function returns zero if the erase counter header contains valid
1144  * values, and %-EINVAL if not.
1145  */
1146 static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
1147 			     const struct ubi_ec_hdr *ec_hdr)
1148 {
1149 	int err;
1150 	uint32_t magic;
1151 
1152 	if (!ubi_dbg_chk_io(ubi))
1153 		return 0;
1154 
1155 	magic = be32_to_cpu(ec_hdr->magic);
1156 	if (magic != UBI_EC_HDR_MAGIC) {
1157 		ubi_err(ubi, "bad magic %#08x, must be %#08x",
1158 			magic, UBI_EC_HDR_MAGIC);
1159 		goto fail;
1160 	}
1161 
1162 	err = validate_ec_hdr(ubi, ec_hdr);
1163 	if (err) {
1164 		ubi_err(ubi, "self-check failed for PEB %d", pnum);
1165 		goto fail;
1166 	}
1167 
1168 	return 0;
1169 
1170 fail:
1171 	ubi_dump_ec_hdr(ec_hdr);
1172 	dump_stack();
1173 	return -EINVAL;
1174 }
1175 
1176 /**
1177  * self_check_peb_ec_hdr - check erase counter header.
1178  * @ubi: UBI device description object
1179  * @pnum: the physical eraseblock number to check
1180  *
1181  * This function returns zero if the erase counter header is all right and and
1182  * a negative error code if not or if an error occurred.
1183  */
1184 static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum)
1185 {
1186 	int err;
1187 	uint32_t crc, hdr_crc;
1188 	struct ubi_ec_hdr *ec_hdr;
1189 
1190 	if (!ubi_dbg_chk_io(ubi))
1191 		return 0;
1192 
1193 	ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS);
1194 	if (!ec_hdr)
1195 		return -ENOMEM;
1196 
1197 	err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
1198 	if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1199 		goto exit;
1200 
1201 	crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
1202 	hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
1203 	if (hdr_crc != crc) {
1204 		ubi_err(ubi, "bad CRC, calculated %#08x, read %#08x",
1205 			crc, hdr_crc);
1206 		ubi_err(ubi, "self-check failed for PEB %d", pnum);
1207 		ubi_dump_ec_hdr(ec_hdr);
1208 		dump_stack();
1209 		err = -EINVAL;
1210 		goto exit;
1211 	}
1212 
1213 	err = self_check_ec_hdr(ubi, pnum, ec_hdr);
1214 
1215 exit:
1216 	kfree(ec_hdr);
1217 	return err;
1218 }
1219 
1220 /**
1221  * self_check_vid_hdr - check that a volume identifier header is all right.
1222  * @ubi: UBI device description object
1223  * @pnum: physical eraseblock number the volume identifier header belongs to
1224  * @vid_hdr: the volume identifier header to check
1225  *
1226  * This function returns zero if the volume identifier header is all right, and
1227  * %-EINVAL if not.
1228  */
1229 static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
1230 			      const struct ubi_vid_hdr *vid_hdr)
1231 {
1232 	int err;
1233 	uint32_t magic;
1234 
1235 	if (!ubi_dbg_chk_io(ubi))
1236 		return 0;
1237 
1238 	magic = be32_to_cpu(vid_hdr->magic);
1239 	if (magic != UBI_VID_HDR_MAGIC) {
1240 		ubi_err(ubi, "bad VID header magic %#08x at PEB %d, must be %#08x",
1241 			magic, pnum, UBI_VID_HDR_MAGIC);
1242 		goto fail;
1243 	}
1244 
1245 	err = validate_vid_hdr(ubi, vid_hdr);
1246 	if (err) {
1247 		ubi_err(ubi, "self-check failed for PEB %d", pnum);
1248 		goto fail;
1249 	}
1250 
1251 	return err;
1252 
1253 fail:
1254 	ubi_err(ubi, "self-check failed for PEB %d", pnum);
1255 	ubi_dump_vid_hdr(vid_hdr);
1256 	dump_stack();
1257 	return -EINVAL;
1258 
1259 }
1260 
1261 /**
1262  * self_check_peb_vid_hdr - check volume identifier header.
1263  * @ubi: UBI device description object
1264  * @pnum: the physical eraseblock number to check
1265  *
1266  * This function returns zero if the volume identifier header is all right,
1267  * and a negative error code if not or if an error occurred.
1268  */
1269 static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum)
1270 {
1271 	int err;
1272 	uint32_t crc, hdr_crc;
1273 	struct ubi_vid_hdr *vid_hdr;
1274 	void *p;
1275 
1276 	if (!ubi_dbg_chk_io(ubi))
1277 		return 0;
1278 
1279 	vid_hdr = ubi_zalloc_vid_hdr(ubi, GFP_NOFS);
1280 	if (!vid_hdr)
1281 		return -ENOMEM;
1282 
1283 	p = (char *)vid_hdr - ubi->vid_hdr_shift;
1284 	err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1285 			  ubi->vid_hdr_alsize);
1286 	if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1287 		goto exit;
1288 
1289 	crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_EC_HDR_SIZE_CRC);
1290 	hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1291 	if (hdr_crc != crc) {
1292 		ubi_err(ubi, "bad VID header CRC at PEB %d, calculated %#08x, read %#08x",
1293 			pnum, crc, hdr_crc);
1294 		ubi_err(ubi, "self-check failed for PEB %d", pnum);
1295 		ubi_dump_vid_hdr(vid_hdr);
1296 		dump_stack();
1297 		err = -EINVAL;
1298 		goto exit;
1299 	}
1300 
1301 	err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1302 
1303 exit:
1304 	ubi_free_vid_hdr(ubi, vid_hdr);
1305 	return err;
1306 }
1307 
1308 /**
1309  * self_check_write - make sure write succeeded.
1310  * @ubi: UBI device description object
1311  * @buf: buffer with data which were written
1312  * @pnum: physical eraseblock number the data were written to
1313  * @offset: offset within the physical eraseblock the data were written to
1314  * @len: how many bytes were written
1315  *
1316  * This functions reads data which were recently written and compares it with
1317  * the original data buffer - the data have to match. Returns zero if the data
1318  * match and a negative error code if not or in case of failure.
1319  */
1320 static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
1321 			    int offset, int len)
1322 {
1323 	int err, i;
1324 	size_t read;
1325 	void *buf1;
1326 	loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1327 
1328 	if (!ubi_dbg_chk_io(ubi))
1329 		return 0;
1330 
1331 	buf1 = __vmalloc(len, GFP_NOFS, PAGE_KERNEL);
1332 	if (!buf1) {
1333 		ubi_err(ubi, "cannot allocate memory to check writes");
1334 		return 0;
1335 	}
1336 
1337 	err = mtd_read(ubi->mtd, addr, len, &read, buf1);
1338 	if (err && !mtd_is_bitflip(err))
1339 		goto out_free;
1340 
1341 	for (i = 0; i < len; i++) {
1342 		uint8_t c = ((uint8_t *)buf)[i];
1343 		uint8_t c1 = ((uint8_t *)buf1)[i];
1344 #if !defined(CONFIG_UBI_SILENCE_MSG)
1345 		int dump_len = max_t(int, 128, len - i);
1346 #endif
1347 
1348 		if (c == c1)
1349 			continue;
1350 
1351 		ubi_err(ubi, "self-check failed for PEB %d:%d, len %d",
1352 			pnum, offset, len);
1353 		ubi_msg(ubi, "data differ at position %d", i);
1354 		ubi_msg(ubi, "hex dump of the original buffer from %d to %d",
1355 			i, i + dump_len);
1356 		print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1357 			       buf + i, dump_len, 1);
1358 		ubi_msg(ubi, "hex dump of the read buffer from %d to %d",
1359 			i, i + dump_len);
1360 		print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1361 			       buf1 + i, dump_len, 1);
1362 		dump_stack();
1363 		err = -EINVAL;
1364 		goto out_free;
1365 	}
1366 
1367 	vfree(buf1);
1368 	return 0;
1369 
1370 out_free:
1371 	vfree(buf1);
1372 	return err;
1373 }
1374 
1375 /**
1376  * ubi_self_check_all_ff - check that a region of flash is empty.
1377  * @ubi: UBI device description object
1378  * @pnum: the physical eraseblock number to check
1379  * @offset: the starting offset within the physical eraseblock to check
1380  * @len: the length of the region to check
1381  *
1382  * This function returns zero if only 0xFF bytes are present at offset
1383  * @offset of the physical eraseblock @pnum, and a negative error code if not
1384  * or if an error occurred.
1385  */
1386 int ubi_self_check_all_ff(struct ubi_device *ubi, int pnum, int offset, int len)
1387 {
1388 	size_t read;
1389 	int err;
1390 	void *buf;
1391 	loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1392 
1393 	if (!ubi_dbg_chk_io(ubi))
1394 		return 0;
1395 
1396 	buf = __vmalloc(len, GFP_NOFS, PAGE_KERNEL);
1397 	if (!buf) {
1398 		ubi_err(ubi, "cannot allocate memory to check for 0xFFs");
1399 		return 0;
1400 	}
1401 
1402 	err = mtd_read(ubi->mtd, addr, len, &read, buf);
1403 	if (err && !mtd_is_bitflip(err)) {
1404 		ubi_err(ubi, "err %d while reading %d bytes from PEB %d:%d, read %zd bytes",
1405 			err, len, pnum, offset, read);
1406 		goto error;
1407 	}
1408 
1409 	err = ubi_check_pattern(buf, 0xFF, len);
1410 	if (err == 0) {
1411 		ubi_err(ubi, "flash region at PEB %d:%d, length %d does not contain all 0xFF bytes",
1412 			pnum, offset, len);
1413 		goto fail;
1414 	}
1415 
1416 	vfree(buf);
1417 	return 0;
1418 
1419 fail:
1420 	ubi_err(ubi, "self-check failed for PEB %d", pnum);
1421 	ubi_msg(ubi, "hex dump of the %d-%d region", offset, offset + len);
1422 	print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1, buf, len, 1);
1423 	err = -EINVAL;
1424 error:
1425 	dump_stack();
1426 	vfree(buf);
1427 	return err;
1428 }
1429