1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (c) International Business Machines Corp., 2006
4 * Copyright (c) Nokia Corporation, 2006, 2007
5 *
6 * Author: Artem Bityutskiy (Битюцкий Артём)
7 */
8
9 /*
10 * UBI input/output sub-system.
11 *
12 * This sub-system provides a uniform way to work with all kinds of the
13 * underlying MTD devices. It also implements handy functions for reading and
14 * writing UBI headers.
15 *
16 * We are trying to have a paranoid mindset and not to trust to what we read
17 * from the flash media in order to be more secure and robust. So this
18 * sub-system validates every single header it reads from the flash media.
19 *
20 * Some words about how the eraseblock headers are stored.
21 *
22 * The erase counter header is always stored at offset zero. By default, the
23 * VID header is stored after the EC header at the closest aligned offset
24 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID
25 * header at the closest aligned offset. But this default layout may be
26 * changed. For example, for different reasons (e.g., optimization) UBI may be
27 * asked to put the VID header at further offset, and even at an unaligned
28 * offset. Of course, if the offset of the VID header is unaligned, UBI adds
29 * proper padding in front of it. Data offset may also be changed but it has to
30 * be aligned.
31 *
32 * About minimal I/O units. In general, UBI assumes flash device model where
33 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1,
34 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the
35 * @ubi->mtd->writesize field. But as an exception, UBI admits use of another
36 * (smaller) minimal I/O unit size for EC and VID headers to make it possible
37 * to do different optimizations.
38 *
39 * This is extremely useful in case of NAND flashes which admit of several
40 * write operations to one NAND page. In this case UBI can fit EC and VID
41 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal
42 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still
43 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI
44 * users.
45 *
46 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so
47 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID
48 * headers.
49 *
50 * Q: why not just to treat sub-page as a minimal I/O unit of this flash
51 * device, e.g., make @ubi->min_io_size = 512 in the example above?
52 *
53 * A: because when writing a sub-page, MTD still writes a full 2K page but the
54 * bytes which are not relevant to the sub-page are 0xFF. So, basically,
55 * writing 4x512 sub-pages is 4 times slower than writing one 2KiB NAND page.
56 * Thus, we prefer to use sub-pages only for EC and VID headers.
57 *
58 * As it was noted above, the VID header may start at a non-aligned offset.
59 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page,
60 * the VID header may reside at offset 1984 which is the last 64 bytes of the
61 * last sub-page (EC header is always at offset zero). This causes some
62 * difficulties when reading and writing VID headers.
63 *
64 * Suppose we have a 64-byte buffer and we read a VID header at it. We change
65 * the data and want to write this VID header out. As we can only write in
66 * 512-byte chunks, we have to allocate one more buffer and copy our VID header
67 * to offset 448 of this buffer.
68 *
69 * The I/O sub-system does the following trick in order to avoid this extra
70 * copy. It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID
71 * header and returns a pointer to offset @ubi->vid_hdr_shift of this buffer.
72 * When the VID header is being written out, it shifts the VID header pointer
73 * back and writes the whole sub-page.
74 */
75
76 #include <linux/crc32.h>
77 #include <linux/err.h>
78 #include <linux/slab.h>
79 #include "ubi.h"
80
81 static int self_check_not_bad(const struct ubi_device *ubi, int pnum);
82 static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum);
83 static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
84 const struct ubi_ec_hdr *ec_hdr);
85 static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum);
86 static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
87 const struct ubi_vid_hdr *vid_hdr);
88 static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
89 int offset, int len);
90
91 /**
92 * ubi_io_read - read data from a physical eraseblock.
93 * @ubi: UBI device description object
94 * @buf: buffer where to store the read data
95 * @pnum: physical eraseblock number to read from
96 * @offset: offset within the physical eraseblock from where to read
97 * @len: how many bytes to read
98 *
99 * This function reads data from offset @offset of physical eraseblock @pnum
100 * and stores the read data in the @buf buffer. The following return codes are
101 * possible:
102 *
103 * o %0 if all the requested data were successfully read;
104 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but
105 * correctable bit-flips were detected; this is harmless but may indicate
106 * that this eraseblock may become bad soon (but do not have to);
107 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for
108 * example it can be an ECC error in case of NAND; this most probably means
109 * that the data is corrupted;
110 * o %-EIO if some I/O error occurred;
111 * o other negative error codes in case of other errors.
112 */
ubi_io_read(const struct ubi_device * ubi,void * buf,int pnum,int offset,int len)113 int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset,
114 int len)
115 {
116 int err, retries = 0;
117 size_t read;
118 loff_t addr;
119
120 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset);
121
122 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
123 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
124 ubi_assert(len > 0);
125
126 err = self_check_not_bad(ubi, pnum);
127 if (err)
128 return err;
129
130 /*
131 * Deliberately corrupt the buffer to improve robustness. Indeed, if we
132 * do not do this, the following may happen:
133 * 1. The buffer contains data from previous operation, e.g., read from
134 * another PEB previously. The data looks like expected, e.g., if we
135 * just do not read anything and return - the caller would not
136 * notice this. E.g., if we are reading a VID header, the buffer may
137 * contain a valid VID header from another PEB.
138 * 2. The driver is buggy and returns us success or -EBADMSG or
139 * -EUCLEAN, but it does not actually put any data to the buffer.
140 *
141 * This may confuse UBI or upper layers - they may think the buffer
142 * contains valid data while in fact it is just old data. This is
143 * especially possible because UBI (and UBIFS) relies on CRC, and
144 * treats data as correct even in case of ECC errors if the CRC is
145 * correct.
146 *
147 * Try to prevent this situation by changing the first byte of the
148 * buffer.
149 */
150 *((uint8_t *)buf) ^= 0xFF;
151
152 addr = (loff_t)pnum * ubi->peb_size + offset;
153 retry:
154 err = mtd_read(ubi->mtd, addr, len, &read, buf);
155 if (err) {
156 const char *errstr = mtd_is_eccerr(err) ? " (ECC error)" : "";
157
158 if (mtd_is_bitflip(err)) {
159 /*
160 * -EUCLEAN is reported if there was a bit-flip which
161 * was corrected, so this is harmless.
162 *
163 * We do not report about it here unless debugging is
164 * enabled. A corresponding message will be printed
165 * later, when it is has been scrubbed.
166 */
167 ubi_msg(ubi, "fixable bit-flip detected at PEB %d",
168 pnum);
169 ubi_assert(len == read);
170 return UBI_IO_BITFLIPS;
171 }
172
173 if (retries++ < UBI_IO_RETRIES) {
174 ubi_warn(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read only %zd bytes, retry",
175 err, errstr, len, pnum, offset, read);
176 yield();
177 goto retry;
178 }
179
180 ubi_err(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read %zd bytes",
181 err, errstr, len, pnum, offset, read);
182 dump_stack();
183
184 /*
185 * The driver should never return -EBADMSG if it failed to read
186 * all the requested data. But some buggy drivers might do
187 * this, so we change it to -EIO.
188 */
189 if (read != len && mtd_is_eccerr(err)) {
190 ubi_assert(0);
191 err = -EIO;
192 }
193 } else {
194 ubi_assert(len == read);
195
196 if (ubi_dbg_is_bitflip(ubi)) {
197 dbg_gen("bit-flip (emulated)");
198 return UBI_IO_BITFLIPS;
199 }
200
201 if (ubi_dbg_is_read_failure(ubi, MASK_READ_FAILURE)) {
202 ubi_warn(ubi, "cannot read %d bytes from PEB %d:%d (emulated)",
203 len, pnum, offset);
204 return -EIO;
205 }
206
207 if (ubi_dbg_is_eccerr(ubi)) {
208 ubi_warn(ubi, "ECC error (emulated) while reading %d bytes from PEB %d:%d, read %zd bytes",
209 len, pnum, offset, read);
210 return -EBADMSG;
211 }
212 }
213
214 return err;
215 }
216
217 /**
218 * ubi_io_write - write data to a physical eraseblock.
219 * @ubi: UBI device description object
220 * @buf: buffer with the data to write
221 * @pnum: physical eraseblock number to write to
222 * @offset: offset within the physical eraseblock where to write
223 * @len: how many bytes to write
224 *
225 * This function writes @len bytes of data from buffer @buf to offset @offset
226 * of physical eraseblock @pnum. If all the data were successfully written,
227 * zero is returned. If an error occurred, this function returns a negative
228 * error code. If %-EIO is returned, the physical eraseblock most probably went
229 * bad.
230 *
231 * Note, in case of an error, it is possible that something was still written
232 * to the flash media, but may be some garbage.
233 */
ubi_io_write(struct ubi_device * ubi,const void * buf,int pnum,int offset,int len)234 int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset,
235 int len)
236 {
237 int err;
238 size_t written;
239 loff_t addr;
240
241 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset);
242
243 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
244 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
245 ubi_assert(offset % ubi->hdrs_min_io_size == 0);
246 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0);
247
248 if (ubi->ro_mode) {
249 ubi_err(ubi, "read-only mode");
250 return -EROFS;
251 }
252
253 err = self_check_not_bad(ubi, pnum);
254 if (err)
255 return err;
256
257 /* The area we are writing to has to contain all 0xFF bytes */
258 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
259 if (err)
260 return err;
261
262 if (offset >= ubi->leb_start) {
263 /*
264 * We write to the data area of the physical eraseblock. Make
265 * sure it has valid EC and VID headers.
266 */
267 err = self_check_peb_ec_hdr(ubi, pnum);
268 if (err)
269 return err;
270 err = self_check_peb_vid_hdr(ubi, pnum);
271 if (err)
272 return err;
273 }
274
275 if (ubi_dbg_is_write_failure(ubi)) {
276 ubi_err(ubi, "cannot write %d bytes to PEB %d:%d (emulated)",
277 len, pnum, offset);
278 dump_stack();
279 return -EIO;
280 }
281
282 addr = (loff_t)pnum * ubi->peb_size + offset;
283 err = mtd_write(ubi->mtd, addr, len, &written, buf);
284 if (err) {
285 ubi_err(ubi, "error %d while writing %d bytes to PEB %d:%d, written %zd bytes",
286 err, len, pnum, offset, written);
287 dump_stack();
288 ubi_dump_flash(ubi, pnum, offset, len);
289 } else
290 ubi_assert(written == len);
291
292 if (!err) {
293 err = self_check_write(ubi, buf, pnum, offset, len);
294 if (err)
295 return err;
296
297 /*
298 * Since we always write sequentially, the rest of the PEB has
299 * to contain only 0xFF bytes.
300 */
301 offset += len;
302 len = ubi->peb_size - offset;
303 if (len)
304 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
305 }
306
307 return err;
308 }
309
310 /**
311 * do_sync_erase - synchronously erase a physical eraseblock.
312 * @ubi: UBI device description object
313 * @pnum: the physical eraseblock number to erase
314 *
315 * This function synchronously erases physical eraseblock @pnum and returns
316 * zero in case of success and a negative error code in case of failure. If
317 * %-EIO is returned, the physical eraseblock most probably went bad.
318 */
do_sync_erase(struct ubi_device * ubi,int pnum)319 static int do_sync_erase(struct ubi_device *ubi, int pnum)
320 {
321 int err, retries = 0;
322 struct erase_info ei;
323
324 dbg_io("erase PEB %d", pnum);
325 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
326
327 if (ubi->ro_mode) {
328 ubi_err(ubi, "read-only mode");
329 return -EROFS;
330 }
331
332 retry:
333 memset(&ei, 0, sizeof(struct erase_info));
334
335 ei.addr = (loff_t)pnum * ubi->peb_size;
336 ei.len = ubi->peb_size;
337
338 err = mtd_erase(ubi->mtd, &ei);
339 if (err) {
340 if (retries++ < UBI_IO_RETRIES) {
341 ubi_warn(ubi, "error %d while erasing PEB %d, retry",
342 err, pnum);
343 yield();
344 goto retry;
345 }
346 ubi_err(ubi, "cannot erase PEB %d, error %d", pnum, err);
347 dump_stack();
348 return err;
349 }
350
351 err = ubi_self_check_all_ff(ubi, pnum, 0, ubi->peb_size);
352 if (err)
353 return err;
354
355 if (ubi_dbg_is_erase_failure(ubi)) {
356 ubi_err(ubi, "cannot erase PEB %d (emulated)", pnum);
357 return -EIO;
358 }
359
360 return 0;
361 }
362
363 /* Patterns to write to a physical eraseblock when torturing it */
364 static uint8_t patterns[] = {0xa5, 0x5a, 0x0};
365
366 /**
367 * torture_peb - test a supposedly bad physical eraseblock.
368 * @ubi: UBI device description object
369 * @pnum: the physical eraseblock number to test
370 *
371 * This function returns %-EIO if the physical eraseblock did not pass the
372 * test, a positive number of erase operations done if the test was
373 * successfully passed, and other negative error codes in case of other errors.
374 */
torture_peb(struct ubi_device * ubi,int pnum)375 static int torture_peb(struct ubi_device *ubi, int pnum)
376 {
377 int err, i, patt_count;
378
379 ubi_msg(ubi, "run torture test for PEB %d", pnum);
380 patt_count = ARRAY_SIZE(patterns);
381 ubi_assert(patt_count > 0);
382
383 mutex_lock(&ubi->buf_mutex);
384 for (i = 0; i < patt_count; i++) {
385 err = do_sync_erase(ubi, pnum);
386 if (err)
387 goto out;
388
389 /* Make sure the PEB contains only 0xFF bytes */
390 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
391 if (err)
392 goto out;
393
394 err = ubi_check_pattern(ubi->peb_buf, 0xFF, ubi->peb_size);
395 if (err == 0) {
396 ubi_err(ubi, "erased PEB %d, but a non-0xFF byte found",
397 pnum);
398 err = -EIO;
399 goto out;
400 }
401
402 /* Write a pattern and check it */
403 memset(ubi->peb_buf, patterns[i], ubi->peb_size);
404 err = ubi_io_write(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
405 if (err)
406 goto out;
407
408 memset(ubi->peb_buf, ~patterns[i], ubi->peb_size);
409 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
410 if (err)
411 goto out;
412
413 err = ubi_check_pattern(ubi->peb_buf, patterns[i],
414 ubi->peb_size);
415 if (err == 0) {
416 ubi_err(ubi, "pattern %x checking failed for PEB %d",
417 patterns[i], pnum);
418 err = -EIO;
419 goto out;
420 }
421 }
422
423 err = patt_count;
424 ubi_msg(ubi, "PEB %d passed torture test, do not mark it as bad", pnum);
425
426 out:
427 mutex_unlock(&ubi->buf_mutex);
428 if (err == UBI_IO_BITFLIPS || mtd_is_eccerr(err)) {
429 /*
430 * If a bit-flip or data integrity error was detected, the test
431 * has not passed because it happened on a freshly erased
432 * physical eraseblock which means something is wrong with it.
433 */
434 ubi_err(ubi, "read problems on freshly erased PEB %d, must be bad",
435 pnum);
436 err = -EIO;
437 }
438 return err;
439 }
440
441 /**
442 * nor_erase_prepare - prepare a NOR flash PEB for erasure.
443 * @ubi: UBI device description object
444 * @pnum: physical eraseblock number to prepare
445 *
446 * NOR flash, or at least some of them, have peculiar embedded PEB erasure
447 * algorithm: the PEB is first filled with zeroes, then it is erased. And
448 * filling with zeroes starts from the end of the PEB. This was observed with
449 * Spansion S29GL512N NOR flash.
450 *
451 * This means that in case of a power cut we may end up with intact data at the
452 * beginning of the PEB, and all zeroes at the end of PEB. In other words, the
453 * EC and VID headers are OK, but a large chunk of data at the end of PEB is
454 * zeroed. This makes UBI mistakenly treat this PEB as used and associate it
455 * with an LEB, which leads to subsequent failures (e.g., UBIFS fails).
456 *
457 * This function is called before erasing NOR PEBs and it zeroes out EC and VID
458 * magic numbers in order to invalidate them and prevent the failures. Returns
459 * zero in case of success and a negative error code in case of failure.
460 */
nor_erase_prepare(struct ubi_device * ubi,int pnum)461 static int nor_erase_prepare(struct ubi_device *ubi, int pnum)
462 {
463 int err;
464 size_t written;
465 loff_t addr;
466 uint32_t data = 0;
467 struct ubi_ec_hdr ec_hdr;
468 struct ubi_vid_io_buf vidb;
469
470 /*
471 * Note, we cannot generally define VID header buffers on stack,
472 * because of the way we deal with these buffers (see the header
473 * comment in this file). But we know this is a NOR-specific piece of
474 * code, so we can do this. But yes, this is error-prone and we should
475 * (pre-)allocate VID header buffer instead.
476 */
477 struct ubi_vid_hdr vid_hdr;
478
479 /*
480 * If VID or EC is valid, we have to corrupt them before erasing.
481 * It is important to first invalidate the EC header, and then the VID
482 * header. Otherwise a power cut may lead to valid EC header and
483 * invalid VID header, in which case UBI will treat this PEB as
484 * corrupted and will try to preserve it, and print scary warnings.
485 */
486 addr = (loff_t)pnum * ubi->peb_size;
487 err = ubi_io_read_ec_hdr(ubi, pnum, &ec_hdr, 0);
488 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
489 err != UBI_IO_FF){
490 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
491 if(err)
492 goto error;
493 }
494
495 ubi_init_vid_buf(ubi, &vidb, &vid_hdr);
496 ubi_assert(&vid_hdr == ubi_get_vid_hdr(&vidb));
497
498 err = ubi_io_read_vid_hdr(ubi, pnum, &vidb, 0);
499 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
500 err != UBI_IO_FF){
501 addr += ubi->vid_hdr_aloffset;
502 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
503 if (err)
504 goto error;
505 }
506 return 0;
507
508 error:
509 /*
510 * The PEB contains a valid VID or EC header, but we cannot invalidate
511 * it. Supposedly the flash media or the driver is screwed up, so
512 * return an error.
513 */
514 ubi_err(ubi, "cannot invalidate PEB %d, write returned %d", pnum, err);
515 ubi_dump_flash(ubi, pnum, 0, ubi->peb_size);
516 return -EIO;
517 }
518
519 /**
520 * ubi_io_sync_erase - synchronously erase a physical eraseblock.
521 * @ubi: UBI device description object
522 * @pnum: physical eraseblock number to erase
523 * @torture: if this physical eraseblock has to be tortured
524 *
525 * This function synchronously erases physical eraseblock @pnum. If @torture
526 * flag is not zero, the physical eraseblock is checked by means of writing
527 * different patterns to it and reading them back. If the torturing is enabled,
528 * the physical eraseblock is erased more than once.
529 *
530 * This function returns the number of erasures made in case of success, %-EIO
531 * if the erasure failed or the torturing test failed, and other negative error
532 * codes in case of other errors. Note, %-EIO means that the physical
533 * eraseblock is bad.
534 */
ubi_io_sync_erase(struct ubi_device * ubi,int pnum,int torture)535 int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture)
536 {
537 int err, ret = 0;
538
539 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
540
541 err = self_check_not_bad(ubi, pnum);
542 if (err != 0)
543 return err;
544
545 if (ubi->ro_mode) {
546 ubi_err(ubi, "read-only mode");
547 return -EROFS;
548 }
549
550 /*
551 * If the flash is ECC-ed then we have to erase the ECC block before we
552 * can write to it. But the write is in preparation to an erase in the
553 * first place. This means we cannot zero out EC and VID before the
554 * erase and we just have to hope the flash starts erasing from the
555 * start of the page.
556 */
557 if (ubi->nor_flash && ubi->mtd->writesize == 1) {
558 err = nor_erase_prepare(ubi, pnum);
559 if (err)
560 return err;
561 }
562
563 if (torture) {
564 ret = torture_peb(ubi, pnum);
565 if (ret < 0)
566 return ret;
567 }
568
569 err = do_sync_erase(ubi, pnum);
570 if (err)
571 return err;
572
573 return ret + 1;
574 }
575
576 /**
577 * ubi_io_is_bad - check if a physical eraseblock is bad.
578 * @ubi: UBI device description object
579 * @pnum: the physical eraseblock number to check
580 *
581 * This function returns a positive number if the physical eraseblock is bad,
582 * zero if not, and a negative error code if an error occurred.
583 */
ubi_io_is_bad(const struct ubi_device * ubi,int pnum)584 int ubi_io_is_bad(const struct ubi_device *ubi, int pnum)
585 {
586 struct mtd_info *mtd = ubi->mtd;
587
588 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
589
590 if (ubi->bad_allowed) {
591 int ret;
592
593 ret = mtd_block_isbad(mtd, (loff_t)pnum * ubi->peb_size);
594 if (ret < 0)
595 ubi_err(ubi, "error %d while checking if PEB %d is bad",
596 ret, pnum);
597 else if (ret)
598 dbg_io("PEB %d is bad", pnum);
599 return ret;
600 }
601
602 return 0;
603 }
604
605 /**
606 * ubi_io_mark_bad - mark a physical eraseblock as bad.
607 * @ubi: UBI device description object
608 * @pnum: the physical eraseblock number to mark
609 *
610 * This function returns zero in case of success and a negative error code in
611 * case of failure.
612 */
ubi_io_mark_bad(const struct ubi_device * ubi,int pnum)613 int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum)
614 {
615 int err;
616 struct mtd_info *mtd = ubi->mtd;
617
618 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
619
620 if (ubi->ro_mode) {
621 ubi_err(ubi, "read-only mode");
622 return -EROFS;
623 }
624
625 if (!ubi->bad_allowed)
626 return 0;
627
628 err = mtd_block_markbad(mtd, (loff_t)pnum * ubi->peb_size);
629 if (err)
630 ubi_err(ubi, "cannot mark PEB %d bad, error %d", pnum, err);
631 return err;
632 }
633
634 /**
635 * validate_ec_hdr - validate an erase counter header.
636 * @ubi: UBI device description object
637 * @ec_hdr: the erase counter header to check
638 *
639 * This function returns zero if the erase counter header is OK, and %1 if
640 * not.
641 */
validate_ec_hdr(const struct ubi_device * ubi,const struct ubi_ec_hdr * ec_hdr)642 static int validate_ec_hdr(const struct ubi_device *ubi,
643 const struct ubi_ec_hdr *ec_hdr)
644 {
645 long long ec;
646 int vid_hdr_offset, leb_start;
647
648 ec = be64_to_cpu(ec_hdr->ec);
649 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset);
650 leb_start = be32_to_cpu(ec_hdr->data_offset);
651
652 if (ec_hdr->version != UBI_VERSION) {
653 ubi_err(ubi, "node with incompatible UBI version found: this UBI version is %d, image version is %d",
654 UBI_VERSION, (int)ec_hdr->version);
655 goto bad;
656 }
657
658 if (vid_hdr_offset != ubi->vid_hdr_offset) {
659 ubi_err(ubi, "bad VID header offset %d, expected %d",
660 vid_hdr_offset, ubi->vid_hdr_offset);
661 goto bad;
662 }
663
664 if (leb_start != ubi->leb_start) {
665 ubi_err(ubi, "bad data offset %d, expected %d",
666 leb_start, ubi->leb_start);
667 goto bad;
668 }
669
670 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) {
671 ubi_err(ubi, "bad erase counter %lld", ec);
672 goto bad;
673 }
674
675 return 0;
676
677 bad:
678 ubi_err(ubi, "bad EC header");
679 ubi_dump_ec_hdr(ec_hdr);
680 dump_stack();
681 return 1;
682 }
683
684 /**
685 * ubi_io_read_ec_hdr - read and check an erase counter header.
686 * @ubi: UBI device description object
687 * @pnum: physical eraseblock to read from
688 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter
689 * header
690 * @verbose: be verbose if the header is corrupted or was not found
691 *
692 * This function reads erase counter header from physical eraseblock @pnum and
693 * stores it in @ec_hdr. This function also checks CRC checksum of the read
694 * erase counter header. The following codes may be returned:
695 *
696 * o %0 if the CRC checksum is correct and the header was successfully read;
697 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected
698 * and corrected by the flash driver; this is harmless but may indicate that
699 * this eraseblock may become bad soon (but may be not);
700 * o %UBI_IO_BAD_HDR if the erase counter header is corrupted (a CRC error);
701 * o %UBI_IO_BAD_HDR_EBADMSG is the same as %UBI_IO_BAD_HDR, but there also was
702 * a data integrity error (uncorrectable ECC error in case of NAND);
703 * o %UBI_IO_FF if only 0xFF bytes were read (the PEB is supposedly empty)
704 * o a negative error code in case of failure.
705 */
ubi_io_read_ec_hdr(struct ubi_device * ubi,int pnum,struct ubi_ec_hdr * ec_hdr,int verbose)706 int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum,
707 struct ubi_ec_hdr *ec_hdr, int verbose)
708 {
709 int err, read_err;
710 uint32_t crc, magic, hdr_crc;
711
712 dbg_io("read EC header from PEB %d", pnum);
713 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
714
715 read_err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
716 if (read_err) {
717 if (read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
718 return read_err;
719
720 /*
721 * We read all the data, but either a correctable bit-flip
722 * occurred, or MTD reported a data integrity error
723 * (uncorrectable ECC error in case of NAND). The former is
724 * harmless, the later may mean that the read data is
725 * corrupted. But we have a CRC check-sum and we will detect
726 * this. If the EC header is still OK, we just report this as
727 * there was a bit-flip, to force scrubbing.
728 */
729 }
730
731 magic = be32_to_cpu(ec_hdr->magic);
732 if (magic != UBI_EC_HDR_MAGIC) {
733 if (mtd_is_eccerr(read_err))
734 return UBI_IO_BAD_HDR_EBADMSG;
735
736 /*
737 * The magic field is wrong. Let's check if we have read all
738 * 0xFF. If yes, this physical eraseblock is assumed to be
739 * empty.
740 */
741 if (ubi_check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) {
742 /* The physical eraseblock is supposedly empty */
743 if (verbose)
744 ubi_warn(ubi, "no EC header found at PEB %d, only 0xFF bytes",
745 pnum);
746 dbg_bld("no EC header found at PEB %d, only 0xFF bytes",
747 pnum);
748 if (!read_err)
749 return UBI_IO_FF;
750 else
751 return UBI_IO_FF_BITFLIPS;
752 }
753
754 /*
755 * This is not a valid erase counter header, and these are not
756 * 0xFF bytes. Report that the header is corrupted.
757 */
758 if (verbose) {
759 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
760 pnum, magic, UBI_EC_HDR_MAGIC);
761 ubi_dump_ec_hdr(ec_hdr);
762 }
763 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
764 pnum, magic, UBI_EC_HDR_MAGIC);
765 return UBI_IO_BAD_HDR;
766 }
767
768 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
769 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
770
771 if (hdr_crc != crc) {
772 if (verbose) {
773 ubi_warn(ubi, "bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
774 pnum, crc, hdr_crc);
775 ubi_dump_ec_hdr(ec_hdr);
776 }
777 dbg_bld("bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
778 pnum, crc, hdr_crc);
779
780 if (!read_err)
781 return UBI_IO_BAD_HDR;
782 else
783 return UBI_IO_BAD_HDR_EBADMSG;
784 }
785
786 /* And of course validate what has just been read from the media */
787 err = validate_ec_hdr(ubi, ec_hdr);
788 if (err) {
789 ubi_err(ubi, "validation failed for PEB %d", pnum);
790 return -EINVAL;
791 }
792
793 /*
794 * If there was %-EBADMSG, but the header CRC is still OK, report about
795 * a bit-flip to force scrubbing on this PEB.
796 */
797 if (read_err)
798 return UBI_IO_BITFLIPS;
799
800 if (ubi_dbg_is_read_failure(ubi, MASK_READ_FAILURE_EC)) {
801 ubi_warn(ubi, "cannot read EC header from PEB %d (emulated)",
802 pnum);
803 return -EIO;
804 }
805
806 if (ubi_dbg_is_ff(ubi, MASK_IO_FF_EC)) {
807 ubi_warn(ubi, "bit-all-ff (emulated)");
808 return UBI_IO_FF;
809 }
810
811 if (ubi_dbg_is_ff_bitflips(ubi, MASK_IO_FF_BITFLIPS_EC)) {
812 ubi_warn(ubi, "bit-all-ff with error reported by MTD driver (emulated)");
813 return UBI_IO_FF_BITFLIPS;
814 }
815
816 if (ubi_dbg_is_bad_hdr(ubi, MASK_BAD_HDR_EC)) {
817 ubi_warn(ubi, "bad_hdr (emulated)");
818 return UBI_IO_BAD_HDR;
819 }
820
821 if (ubi_dbg_is_bad_hdr_ebadmsg(ubi, MASK_BAD_HDR_EBADMSG_EC)) {
822 ubi_warn(ubi, "bad_hdr with ECC error (emulated)");
823 return UBI_IO_BAD_HDR_EBADMSG;
824 }
825
826 return 0;
827 }
828
829 /**
830 * ubi_io_write_ec_hdr - write an erase counter header.
831 * @ubi: UBI device description object
832 * @pnum: physical eraseblock to write to
833 * @ec_hdr: the erase counter header to write
834 *
835 * This function writes erase counter header described by @ec_hdr to physical
836 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so
837 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec
838 * field.
839 *
840 * This function returns zero in case of success and a negative error code in
841 * case of failure. If %-EIO is returned, the physical eraseblock most probably
842 * went bad.
843 */
ubi_io_write_ec_hdr(struct ubi_device * ubi,int pnum,struct ubi_ec_hdr * ec_hdr)844 int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum,
845 struct ubi_ec_hdr *ec_hdr)
846 {
847 int err;
848 uint32_t crc;
849
850 dbg_io("write EC header to PEB %d", pnum);
851 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
852
853 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC);
854 ec_hdr->version = UBI_VERSION;
855 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset);
856 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start);
857 ec_hdr->image_seq = cpu_to_be32(ubi->image_seq);
858 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
859 ec_hdr->hdr_crc = cpu_to_be32(crc);
860
861 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
862 if (err)
863 return err;
864
865 if (ubi_dbg_is_power_cut(ubi, MASK_POWER_CUT_EC)) {
866 ubi_warn(ubi, "emulating a power cut when writing EC header");
867 ubi_ro_mode(ubi);
868 return -EROFS;
869 }
870
871 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize);
872 return err;
873 }
874
875 /**
876 * validate_vid_hdr - validate a volume identifier header.
877 * @ubi: UBI device description object
878 * @vid_hdr: the volume identifier header to check
879 *
880 * This function checks that data stored in the volume identifier header
881 * @vid_hdr. Returns zero if the VID header is OK and %1 if not.
882 */
validate_vid_hdr(const struct ubi_device * ubi,const struct ubi_vid_hdr * vid_hdr)883 static int validate_vid_hdr(const struct ubi_device *ubi,
884 const struct ubi_vid_hdr *vid_hdr)
885 {
886 int vol_type = vid_hdr->vol_type;
887 int copy_flag = vid_hdr->copy_flag;
888 int vol_id = be32_to_cpu(vid_hdr->vol_id);
889 int lnum = be32_to_cpu(vid_hdr->lnum);
890 int compat = vid_hdr->compat;
891 int data_size = be32_to_cpu(vid_hdr->data_size);
892 int used_ebs = be32_to_cpu(vid_hdr->used_ebs);
893 int data_pad = be32_to_cpu(vid_hdr->data_pad);
894 int data_crc = be32_to_cpu(vid_hdr->data_crc);
895 int usable_leb_size = ubi->leb_size - data_pad;
896
897 if (copy_flag != 0 && copy_flag != 1) {
898 ubi_err(ubi, "bad copy_flag");
899 goto bad;
900 }
901
902 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 ||
903 data_pad < 0) {
904 ubi_err(ubi, "negative values");
905 goto bad;
906 }
907
908 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) {
909 ubi_err(ubi, "bad vol_id");
910 goto bad;
911 }
912
913 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) {
914 ubi_err(ubi, "bad compat");
915 goto bad;
916 }
917
918 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE &&
919 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE &&
920 compat != UBI_COMPAT_REJECT) {
921 ubi_err(ubi, "bad compat");
922 goto bad;
923 }
924
925 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) {
926 ubi_err(ubi, "bad vol_type");
927 goto bad;
928 }
929
930 if (data_pad >= ubi->leb_size / 2) {
931 ubi_err(ubi, "bad data_pad");
932 goto bad;
933 }
934
935 if (data_size > ubi->leb_size) {
936 ubi_err(ubi, "bad data_size");
937 goto bad;
938 }
939
940 if (vol_type == UBI_VID_STATIC) {
941 /*
942 * Although from high-level point of view static volumes may
943 * contain zero bytes of data, but no VID headers can contain
944 * zero at these fields, because they empty volumes do not have
945 * mapped logical eraseblocks.
946 */
947 if (used_ebs == 0) {
948 ubi_err(ubi, "zero used_ebs");
949 goto bad;
950 }
951 if (data_size == 0) {
952 ubi_err(ubi, "zero data_size");
953 goto bad;
954 }
955 if (lnum < used_ebs - 1) {
956 if (data_size != usable_leb_size) {
957 ubi_err(ubi, "bad data_size");
958 goto bad;
959 }
960 } else if (lnum > used_ebs - 1) {
961 ubi_err(ubi, "too high lnum");
962 goto bad;
963 }
964 } else {
965 if (copy_flag == 0) {
966 if (data_crc != 0) {
967 ubi_err(ubi, "non-zero data CRC");
968 goto bad;
969 }
970 if (data_size != 0) {
971 ubi_err(ubi, "non-zero data_size");
972 goto bad;
973 }
974 } else {
975 if (data_size == 0) {
976 ubi_err(ubi, "zero data_size of copy");
977 goto bad;
978 }
979 }
980 if (used_ebs != 0) {
981 ubi_err(ubi, "bad used_ebs");
982 goto bad;
983 }
984 }
985
986 return 0;
987
988 bad:
989 ubi_err(ubi, "bad VID header");
990 ubi_dump_vid_hdr(vid_hdr);
991 dump_stack();
992 return 1;
993 }
994
995 /**
996 * ubi_io_read_vid_hdr - read and check a volume identifier header.
997 * @ubi: UBI device description object
998 * @pnum: physical eraseblock number to read from
999 * @vidb: the volume identifier buffer to store data in
1000 * @verbose: be verbose if the header is corrupted or wasn't found
1001 *
1002 * This function reads the volume identifier header from physical eraseblock
1003 * @pnum and stores it in @vidb. It also checks CRC checksum of the read
1004 * volume identifier header. The error codes are the same as in
1005 * 'ubi_io_read_ec_hdr()'.
1006 *
1007 * Note, the implementation of this function is also very similar to
1008 * 'ubi_io_read_ec_hdr()', so refer commentaries in 'ubi_io_read_ec_hdr()'.
1009 */
ubi_io_read_vid_hdr(struct ubi_device * ubi,int pnum,struct ubi_vid_io_buf * vidb,int verbose)1010 int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum,
1011 struct ubi_vid_io_buf *vidb, int verbose)
1012 {
1013 int err, read_err;
1014 uint32_t crc, magic, hdr_crc;
1015 struct ubi_vid_hdr *vid_hdr = ubi_get_vid_hdr(vidb);
1016 void *p = vidb->buffer;
1017
1018 dbg_io("read VID header from PEB %d", pnum);
1019 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1020
1021 read_err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1022 ubi->vid_hdr_shift + UBI_VID_HDR_SIZE);
1023 if (read_err && read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
1024 return read_err;
1025
1026 magic = be32_to_cpu(vid_hdr->magic);
1027 if (magic != UBI_VID_HDR_MAGIC) {
1028 if (mtd_is_eccerr(read_err))
1029 return UBI_IO_BAD_HDR_EBADMSG;
1030
1031 if (ubi_check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) {
1032 if (verbose)
1033 ubi_warn(ubi, "no VID header found at PEB %d, only 0xFF bytes",
1034 pnum);
1035 dbg_bld("no VID header found at PEB %d, only 0xFF bytes",
1036 pnum);
1037 if (!read_err)
1038 return UBI_IO_FF;
1039 else
1040 return UBI_IO_FF_BITFLIPS;
1041 }
1042
1043 if (verbose) {
1044 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
1045 pnum, magic, UBI_VID_HDR_MAGIC);
1046 ubi_dump_vid_hdr(vid_hdr);
1047 }
1048 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
1049 pnum, magic, UBI_VID_HDR_MAGIC);
1050 return UBI_IO_BAD_HDR;
1051 }
1052
1053 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1054 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1055
1056 if (hdr_crc != crc) {
1057 if (verbose) {
1058 ubi_warn(ubi, "bad CRC at PEB %d, calculated %#08x, read %#08x",
1059 pnum, crc, hdr_crc);
1060 ubi_dump_vid_hdr(vid_hdr);
1061 }
1062 dbg_bld("bad CRC at PEB %d, calculated %#08x, read %#08x",
1063 pnum, crc, hdr_crc);
1064 if (!read_err)
1065 return UBI_IO_BAD_HDR;
1066 else
1067 return UBI_IO_BAD_HDR_EBADMSG;
1068 }
1069
1070 err = validate_vid_hdr(ubi, vid_hdr);
1071 if (err) {
1072 ubi_err(ubi, "validation failed for PEB %d", pnum);
1073 return -EINVAL;
1074 }
1075
1076 if (read_err)
1077 return UBI_IO_BITFLIPS;
1078
1079 if (ubi_dbg_is_read_failure(ubi, MASK_READ_FAILURE_VID)) {
1080 ubi_warn(ubi, "cannot read VID header from PEB %d (emulated)",
1081 pnum);
1082 return -EIO;
1083 }
1084
1085 if (ubi_dbg_is_ff(ubi, MASK_IO_FF_VID)) {
1086 ubi_warn(ubi, "bit-all-ff (emulated)");
1087 return UBI_IO_FF;
1088 }
1089
1090 if (ubi_dbg_is_ff_bitflips(ubi, MASK_IO_FF_BITFLIPS_VID)) {
1091 ubi_warn(ubi, "bit-all-ff with error reported by MTD driver (emulated)");
1092 return UBI_IO_FF_BITFLIPS;
1093 }
1094
1095 if (ubi_dbg_is_bad_hdr(ubi, MASK_BAD_HDR_VID)) {
1096 ubi_warn(ubi, "bad_hdr (emulated)");
1097 return UBI_IO_BAD_HDR;
1098 }
1099
1100 if (ubi_dbg_is_bad_hdr_ebadmsg(ubi, MASK_BAD_HDR_EBADMSG_VID)) {
1101 ubi_warn(ubi, "bad_hdr with ECC error (emulated)");
1102 return UBI_IO_BAD_HDR_EBADMSG;
1103 }
1104
1105 return 0;
1106 }
1107
1108 /**
1109 * ubi_io_write_vid_hdr - write a volume identifier header.
1110 * @ubi: UBI device description object
1111 * @pnum: the physical eraseblock number to write to
1112 * @vidb: the volume identifier buffer to write
1113 *
1114 * This function writes the volume identifier header described by @vid_hdr to
1115 * physical eraseblock @pnum. This function automatically fills the
1116 * @vidb->hdr->magic and the @vidb->hdr->version fields, as well as calculates
1117 * header CRC checksum and stores it at vidb->hdr->hdr_crc.
1118 *
1119 * This function returns zero in case of success and a negative error code in
1120 * case of failure. If %-EIO is returned, the physical eraseblock probably went
1121 * bad.
1122 */
ubi_io_write_vid_hdr(struct ubi_device * ubi,int pnum,struct ubi_vid_io_buf * vidb)1123 int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum,
1124 struct ubi_vid_io_buf *vidb)
1125 {
1126 struct ubi_vid_hdr *vid_hdr = ubi_get_vid_hdr(vidb);
1127 int err;
1128 uint32_t crc;
1129 void *p = vidb->buffer;
1130
1131 dbg_io("write VID header to PEB %d", pnum);
1132 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1133
1134 err = self_check_peb_ec_hdr(ubi, pnum);
1135 if (err)
1136 return err;
1137
1138 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC);
1139 vid_hdr->version = UBI_VERSION;
1140 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1141 vid_hdr->hdr_crc = cpu_to_be32(crc);
1142
1143 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1144 if (err)
1145 return err;
1146
1147 if (ubi_dbg_is_power_cut(ubi, MASK_POWER_CUT_VID)) {
1148 ubi_warn(ubi, "emulating a power cut when writing VID header");
1149 ubi_ro_mode(ubi);
1150 return -EROFS;
1151 }
1152
1153 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset,
1154 ubi->vid_hdr_alsize);
1155 return err;
1156 }
1157
1158 /**
1159 * self_check_not_bad - ensure that a physical eraseblock is not bad.
1160 * @ubi: UBI device description object
1161 * @pnum: physical eraseblock number to check
1162 *
1163 * This function returns zero if the physical eraseblock is good, %-EINVAL if
1164 * it is bad and a negative error code if an error occurred.
1165 */
self_check_not_bad(const struct ubi_device * ubi,int pnum)1166 static int self_check_not_bad(const struct ubi_device *ubi, int pnum)
1167 {
1168 int err;
1169
1170 if (!ubi_dbg_chk_io(ubi))
1171 return 0;
1172
1173 err = ubi_io_is_bad(ubi, pnum);
1174 if (!err)
1175 return err;
1176
1177 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1178 dump_stack();
1179 return err > 0 ? -EINVAL : err;
1180 }
1181
1182 /**
1183 * self_check_ec_hdr - check if an erase counter header is all right.
1184 * @ubi: UBI device description object
1185 * @pnum: physical eraseblock number the erase counter header belongs to
1186 * @ec_hdr: the erase counter header to check
1187 *
1188 * This function returns zero if the erase counter header contains valid
1189 * values, and %-EINVAL if not.
1190 */
self_check_ec_hdr(const struct ubi_device * ubi,int pnum,const struct ubi_ec_hdr * ec_hdr)1191 static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
1192 const struct ubi_ec_hdr *ec_hdr)
1193 {
1194 int err;
1195 uint32_t magic;
1196
1197 if (!ubi_dbg_chk_io(ubi))
1198 return 0;
1199
1200 magic = be32_to_cpu(ec_hdr->magic);
1201 if (magic != UBI_EC_HDR_MAGIC) {
1202 ubi_err(ubi, "bad magic %#08x, must be %#08x",
1203 magic, UBI_EC_HDR_MAGIC);
1204 goto fail;
1205 }
1206
1207 err = validate_ec_hdr(ubi, ec_hdr);
1208 if (err) {
1209 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1210 goto fail;
1211 }
1212
1213 return 0;
1214
1215 fail:
1216 ubi_dump_ec_hdr(ec_hdr);
1217 dump_stack();
1218 return -EINVAL;
1219 }
1220
1221 /**
1222 * self_check_peb_ec_hdr - check erase counter header.
1223 * @ubi: UBI device description object
1224 * @pnum: the physical eraseblock number to check
1225 *
1226 * This function returns zero if the erase counter header is all right and
1227 * a negative error code if not or if an error occurred.
1228 */
self_check_peb_ec_hdr(const struct ubi_device * ubi,int pnum)1229 static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum)
1230 {
1231 int err;
1232 uint32_t crc, hdr_crc;
1233 struct ubi_ec_hdr *ec_hdr;
1234
1235 if (!ubi_dbg_chk_io(ubi))
1236 return 0;
1237
1238 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS);
1239 if (!ec_hdr)
1240 return -ENOMEM;
1241
1242 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
1243 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1244 goto exit;
1245
1246 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
1247 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
1248 if (hdr_crc != crc) {
1249 ubi_err(ubi, "bad CRC, calculated %#08x, read %#08x",
1250 crc, hdr_crc);
1251 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1252 ubi_dump_ec_hdr(ec_hdr);
1253 dump_stack();
1254 err = -EINVAL;
1255 goto exit;
1256 }
1257
1258 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
1259
1260 exit:
1261 kfree(ec_hdr);
1262 return err;
1263 }
1264
1265 /**
1266 * self_check_vid_hdr - check that a volume identifier header is all right.
1267 * @ubi: UBI device description object
1268 * @pnum: physical eraseblock number the volume identifier header belongs to
1269 * @vid_hdr: the volume identifier header to check
1270 *
1271 * This function returns zero if the volume identifier header is all right, and
1272 * %-EINVAL if not.
1273 */
self_check_vid_hdr(const struct ubi_device * ubi,int pnum,const struct ubi_vid_hdr * vid_hdr)1274 static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
1275 const struct ubi_vid_hdr *vid_hdr)
1276 {
1277 int err;
1278 uint32_t magic;
1279
1280 if (!ubi_dbg_chk_io(ubi))
1281 return 0;
1282
1283 magic = be32_to_cpu(vid_hdr->magic);
1284 if (magic != UBI_VID_HDR_MAGIC) {
1285 ubi_err(ubi, "bad VID header magic %#08x at PEB %d, must be %#08x",
1286 magic, pnum, UBI_VID_HDR_MAGIC);
1287 goto fail;
1288 }
1289
1290 err = validate_vid_hdr(ubi, vid_hdr);
1291 if (err) {
1292 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1293 goto fail;
1294 }
1295
1296 return err;
1297
1298 fail:
1299 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1300 ubi_dump_vid_hdr(vid_hdr);
1301 dump_stack();
1302 return -EINVAL;
1303
1304 }
1305
1306 /**
1307 * self_check_peb_vid_hdr - check volume identifier header.
1308 * @ubi: UBI device description object
1309 * @pnum: the physical eraseblock number to check
1310 *
1311 * This function returns zero if the volume identifier header is all right,
1312 * and a negative error code if not or if an error occurred.
1313 */
self_check_peb_vid_hdr(const struct ubi_device * ubi,int pnum)1314 static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum)
1315 {
1316 int err;
1317 uint32_t crc, hdr_crc;
1318 struct ubi_vid_io_buf *vidb;
1319 struct ubi_vid_hdr *vid_hdr;
1320 void *p;
1321
1322 if (!ubi_dbg_chk_io(ubi))
1323 return 0;
1324
1325 vidb = ubi_alloc_vid_buf(ubi, GFP_NOFS);
1326 if (!vidb)
1327 return -ENOMEM;
1328
1329 vid_hdr = ubi_get_vid_hdr(vidb);
1330 p = vidb->buffer;
1331 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1332 ubi->vid_hdr_alsize);
1333 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1334 goto exit;
1335
1336 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1337 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1338 if (hdr_crc != crc) {
1339 ubi_err(ubi, "bad VID header CRC at PEB %d, calculated %#08x, read %#08x",
1340 pnum, crc, hdr_crc);
1341 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1342 ubi_dump_vid_hdr(vid_hdr);
1343 dump_stack();
1344 err = -EINVAL;
1345 goto exit;
1346 }
1347
1348 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1349
1350 exit:
1351 ubi_free_vid_buf(vidb);
1352 return err;
1353 }
1354
1355 /**
1356 * self_check_write - make sure write succeeded.
1357 * @ubi: UBI device description object
1358 * @buf: buffer with data which were written
1359 * @pnum: physical eraseblock number the data were written to
1360 * @offset: offset within the physical eraseblock the data were written to
1361 * @len: how many bytes were written
1362 *
1363 * This functions reads data which were recently written and compares it with
1364 * the original data buffer - the data have to match. Returns zero if the data
1365 * match and a negative error code if not or in case of failure.
1366 */
self_check_write(struct ubi_device * ubi,const void * buf,int pnum,int offset,int len)1367 static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
1368 int offset, int len)
1369 {
1370 int err, i;
1371 size_t read;
1372 void *buf1;
1373 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1374
1375 if (!ubi_dbg_chk_io(ubi))
1376 return 0;
1377
1378 buf1 = __vmalloc(len, GFP_NOFS);
1379 if (!buf1) {
1380 ubi_err(ubi, "cannot allocate memory to check writes");
1381 return 0;
1382 }
1383
1384 err = mtd_read(ubi->mtd, addr, len, &read, buf1);
1385 if (err && !mtd_is_bitflip(err))
1386 goto out_free;
1387
1388 for (i = 0; i < len; i++) {
1389 uint8_t c = ((uint8_t *)buf)[i];
1390 uint8_t c1 = ((uint8_t *)buf1)[i];
1391 int dump_len;
1392
1393 if (c == c1)
1394 continue;
1395
1396 ubi_err(ubi, "self-check failed for PEB %d:%d, len %d",
1397 pnum, offset, len);
1398 ubi_msg(ubi, "data differ at position %d", i);
1399 dump_len = max_t(int, 128, len - i);
1400 ubi_msg(ubi, "hex dump of the original buffer from %d to %d",
1401 i, i + dump_len);
1402 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1403 buf + i, dump_len, 1);
1404 ubi_msg(ubi, "hex dump of the read buffer from %d to %d",
1405 i, i + dump_len);
1406 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1407 buf1 + i, dump_len, 1);
1408 dump_stack();
1409 err = -EINVAL;
1410 goto out_free;
1411 }
1412
1413 vfree(buf1);
1414 return 0;
1415
1416 out_free:
1417 vfree(buf1);
1418 return err;
1419 }
1420
1421 /**
1422 * ubi_self_check_all_ff - check that a region of flash is empty.
1423 * @ubi: UBI device description object
1424 * @pnum: the physical eraseblock number to check
1425 * @offset: the starting offset within the physical eraseblock to check
1426 * @len: the length of the region to check
1427 *
1428 * This function returns zero if only 0xFF bytes are present at offset
1429 * @offset of the physical eraseblock @pnum, and a negative error code if not
1430 * or if an error occurred.
1431 */
ubi_self_check_all_ff(struct ubi_device * ubi,int pnum,int offset,int len)1432 int ubi_self_check_all_ff(struct ubi_device *ubi, int pnum, int offset, int len)
1433 {
1434 size_t read;
1435 int err;
1436 void *buf;
1437 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1438
1439 if (!ubi_dbg_chk_io(ubi))
1440 return 0;
1441
1442 buf = __vmalloc(len, GFP_NOFS);
1443 if (!buf) {
1444 ubi_err(ubi, "cannot allocate memory to check for 0xFFs");
1445 return 0;
1446 }
1447
1448 err = mtd_read(ubi->mtd, addr, len, &read, buf);
1449 if (err && !mtd_is_bitflip(err)) {
1450 ubi_err(ubi, "err %d while reading %d bytes from PEB %d:%d, read %zd bytes",
1451 err, len, pnum, offset, read);
1452 goto error;
1453 }
1454
1455 err = ubi_check_pattern(buf, 0xFF, len);
1456 if (err == 0) {
1457 ubi_err(ubi, "flash region at PEB %d:%d, length %d does not contain all 0xFF bytes",
1458 pnum, offset, len);
1459 goto fail;
1460 }
1461
1462 vfree(buf);
1463 return 0;
1464
1465 fail:
1466 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1467 ubi_msg(ubi, "hex dump of the %d-%d region", offset, offset + len);
1468 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1, buf, len, 1);
1469 err = -EINVAL;
1470 error:
1471 dump_stack();
1472 vfree(buf);
1473 return err;
1474 }
1475