1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (c) International Business Machines Corp., 2006
4 * Copyright (c) Nokia Corporation, 2006, 2007
5 *
6 * Author: Artem Bityutskiy (Битюцкий Артём)
7 */
8
9 /*
10 * UBI input/output sub-system.
11 *
12 * This sub-system provides a uniform way to work with all kinds of the
13 * underlying MTD devices. It also implements handy functions for reading and
14 * writing UBI headers.
15 *
16 * We are trying to have a paranoid mindset and not to trust to what we read
17 * from the flash media in order to be more secure and robust. So this
18 * sub-system validates every single header it reads from the flash media.
19 *
20 * Some words about how the eraseblock headers are stored.
21 *
22 * The erase counter header is always stored at offset zero. By default, the
23 * VID header is stored after the EC header at the closest aligned offset
24 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID
25 * header at the closest aligned offset. But this default layout may be
26 * changed. For example, for different reasons (e.g., optimization) UBI may be
27 * asked to put the VID header at further offset, and even at an unaligned
28 * offset. Of course, if the offset of the VID header is unaligned, UBI adds
29 * proper padding in front of it. Data offset may also be changed but it has to
30 * be aligned.
31 *
32 * About minimal I/O units. In general, UBI assumes flash device model where
33 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1,
34 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the
35 * @ubi->mtd->writesize field. But as an exception, UBI admits use of another
36 * (smaller) minimal I/O unit size for EC and VID headers to make it possible
37 * to do different optimizations.
38 *
39 * This is extremely useful in case of NAND flashes which admit of several
40 * write operations to one NAND page. In this case UBI can fit EC and VID
41 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal
42 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still
43 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI
44 * users.
45 *
46 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so
47 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID
48 * headers.
49 *
50 * Q: why not just to treat sub-page as a minimal I/O unit of this flash
51 * device, e.g., make @ubi->min_io_size = 512 in the example above?
52 *
53 * A: because when writing a sub-page, MTD still writes a full 2K page but the
54 * bytes which are not relevant to the sub-page are 0xFF. So, basically,
55 * writing 4x512 sub-pages is 4 times slower than writing one 2KiB NAND page.
56 * Thus, we prefer to use sub-pages only for EC and VID headers.
57 *
58 * As it was noted above, the VID header may start at a non-aligned offset.
59 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page,
60 * the VID header may reside at offset 1984 which is the last 64 bytes of the
61 * last sub-page (EC header is always at offset zero). This causes some
62 * difficulties when reading and writing VID headers.
63 *
64 * Suppose we have a 64-byte buffer and we read a VID header at it. We change
65 * the data and want to write this VID header out. As we can only write in
66 * 512-byte chunks, we have to allocate one more buffer and copy our VID header
67 * to offset 448 of this buffer.
68 *
69 * The I/O sub-system does the following trick in order to avoid this extra
70 * copy. It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID
71 * header and returns a pointer to offset @ubi->vid_hdr_shift of this buffer.
72 * When the VID header is being written out, it shifts the VID header pointer
73 * back and writes the whole sub-page.
74 */
75
76 #include <linux/crc32.h>
77 #include <linux/err.h>
78 #include <linux/slab.h>
79 #include "ubi.h"
80
81 static int self_check_not_bad(const struct ubi_device *ubi, int pnum);
82 static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum);
83 static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
84 const struct ubi_ec_hdr *ec_hdr);
85 static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum);
86 static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
87 const struct ubi_vid_hdr *vid_hdr);
88 static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
89 int offset, int len);
90
91 /**
92 * ubi_io_read - read data from a physical eraseblock.
93 * @ubi: UBI device description object
94 * @buf: buffer where to store the read data
95 * @pnum: physical eraseblock number to read from
96 * @offset: offset within the physical eraseblock from where to read
97 * @len: how many bytes to read
98 *
99 * This function reads data from offset @offset of physical eraseblock @pnum
100 * and stores the read data in the @buf buffer. The following return codes are
101 * possible:
102 *
103 * o %0 if all the requested data were successfully read;
104 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but
105 * correctable bit-flips were detected; this is harmless but may indicate
106 * that this eraseblock may become bad soon (but do not have to);
107 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for
108 * example it can be an ECC error in case of NAND; this most probably means
109 * that the data is corrupted;
110 * o %-EIO if some I/O error occurred;
111 * o other negative error codes in case of other errors.
112 */
ubi_io_read(const struct ubi_device * ubi,void * buf,int pnum,int offset,int len)113 int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset,
114 int len)
115 {
116 int err, retries = 0;
117 size_t read;
118 loff_t addr;
119
120 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset);
121
122 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
123 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
124 ubi_assert(len > 0);
125
126 err = self_check_not_bad(ubi, pnum);
127 if (err)
128 return err;
129
130 /*
131 * Deliberately corrupt the buffer to improve robustness. Indeed, if we
132 * do not do this, the following may happen:
133 * 1. The buffer contains data from previous operation, e.g., read from
134 * another PEB previously. The data looks like expected, e.g., if we
135 * just do not read anything and return - the caller would not
136 * notice this. E.g., if we are reading a VID header, the buffer may
137 * contain a valid VID header from another PEB.
138 * 2. The driver is buggy and returns us success or -EBADMSG or
139 * -EUCLEAN, but it does not actually put any data to the buffer.
140 *
141 * This may confuse UBI or upper layers - they may think the buffer
142 * contains valid data while in fact it is just old data. This is
143 * especially possible because UBI (and UBIFS) relies on CRC, and
144 * treats data as correct even in case of ECC errors if the CRC is
145 * correct.
146 *
147 * Try to prevent this situation by changing the first byte of the
148 * buffer.
149 */
150 *((uint8_t *)buf) ^= 0xFF;
151
152 addr = (loff_t)pnum * ubi->peb_size + offset;
153 retry:
154 err = mtd_read(ubi->mtd, addr, len, &read, buf);
155 if (err) {
156 const char *errstr = mtd_is_eccerr(err) ? " (ECC error)" : "";
157
158 if (mtd_is_bitflip(err)) {
159 /*
160 * -EUCLEAN is reported if there was a bit-flip which
161 * was corrected, so this is harmless.
162 *
163 * We do not report about it here unless debugging is
164 * enabled. A corresponding message will be printed
165 * later, when it is has been scrubbed.
166 */
167 ubi_msg(ubi, "fixable bit-flip detected at PEB %d",
168 pnum);
169 ubi_assert(len == read);
170 return UBI_IO_BITFLIPS;
171 }
172
173 if (retries++ < UBI_IO_RETRIES) {
174 ubi_warn(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read only %zd bytes, retry",
175 err, errstr, len, pnum, offset, read);
176 yield();
177 goto retry;
178 }
179
180 ubi_err(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read %zd bytes",
181 err, errstr, len, pnum, offset, read);
182 dump_stack();
183
184 /*
185 * The driver should never return -EBADMSG if it failed to read
186 * all the requested data. But some buggy drivers might do
187 * this, so we change it to -EIO.
188 */
189 if (read != len && mtd_is_eccerr(err)) {
190 ubi_assert(0);
191 err = -EIO;
192 }
193 } else {
194 ubi_assert(len == read);
195
196 if (ubi_dbg_is_bitflip(ubi)) {
197 dbg_gen("bit-flip (emulated)");
198 return UBI_IO_BITFLIPS;
199 }
200
201 if (ubi_dbg_is_read_failure(ubi, MASK_READ_FAILURE)) {
202 ubi_warn(ubi, "cannot read %d bytes from PEB %d:%d (emulated)",
203 len, pnum, offset);
204 return -EIO;
205 }
206
207 if (ubi_dbg_is_eccerr(ubi)) {
208 ubi_warn(ubi, "ECC error (emulated) while reading %d bytes from PEB %d:%d, read %zd bytes",
209 len, pnum, offset, read);
210 return -EBADMSG;
211 }
212 }
213
214 return err;
215 }
216
217 /**
218 * ubi_io_write - write data to a physical eraseblock.
219 * @ubi: UBI device description object
220 * @buf: buffer with the data to write
221 * @pnum: physical eraseblock number to write to
222 * @offset: offset within the physical eraseblock where to write
223 * @len: how many bytes to write
224 *
225 * This function writes @len bytes of data from buffer @buf to offset @offset
226 * of physical eraseblock @pnum. If all the data were successfully written,
227 * zero is returned. If an error occurred, this function returns a negative
228 * error code. If %-EIO is returned, the physical eraseblock most probably went
229 * bad.
230 *
231 * Note, in case of an error, it is possible that something was still written
232 * to the flash media, but may be some garbage.
233 */
ubi_io_write(struct ubi_device * ubi,const void * buf,int pnum,int offset,int len)234 int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset,
235 int len)
236 {
237 int err;
238 size_t written;
239 loff_t addr;
240
241 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset);
242
243 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
244 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
245 ubi_assert(offset % ubi->hdrs_min_io_size == 0);
246 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0);
247
248 if (ubi->ro_mode) {
249 ubi_err(ubi, "read-only mode");
250 return -EROFS;
251 }
252
253 err = self_check_not_bad(ubi, pnum);
254 if (err)
255 return err;
256
257 /* The area we are writing to has to contain all 0xFF bytes */
258 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
259 if (err)
260 return err;
261
262 if (offset >= ubi->leb_start) {
263 /*
264 * We write to the data area of the physical eraseblock. Make
265 * sure it has valid EC and VID headers.
266 */
267 err = self_check_peb_ec_hdr(ubi, pnum);
268 if (err)
269 return err;
270 err = self_check_peb_vid_hdr(ubi, pnum);
271 if (err)
272 return err;
273 }
274
275 if (ubi_dbg_is_write_failure(ubi)) {
276 ubi_err(ubi, "cannot write %d bytes to PEB %d:%d (emulated)",
277 len, pnum, offset);
278 dump_stack();
279 return -EIO;
280 }
281
282 addr = (loff_t)pnum * ubi->peb_size + offset;
283 err = mtd_write(ubi->mtd, addr, len, &written, buf);
284 if (err) {
285 ubi_err(ubi, "error %d while writing %d bytes to PEB %d:%d, written %zd bytes",
286 err, len, pnum, offset, written);
287 dump_stack();
288 ubi_dump_flash(ubi, pnum, offset, len);
289 } else
290 ubi_assert(written == len);
291
292 if (!err) {
293 err = self_check_write(ubi, buf, pnum, offset, len);
294 if (err)
295 return err;
296
297 /*
298 * Since we always write sequentially, the rest of the PEB has
299 * to contain only 0xFF bytes.
300 */
301 offset += len;
302 len = ubi->peb_size - offset;
303 if (len)
304 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
305 }
306
307 return err;
308 }
309
310 /**
311 * do_sync_erase - synchronously erase a physical eraseblock.
312 * @ubi: UBI device description object
313 * @pnum: the physical eraseblock number to erase
314 *
315 * This function synchronously erases physical eraseblock @pnum and returns
316 * zero in case of success and a negative error code in case of failure. If
317 * %-EIO is returned, the physical eraseblock most probably went bad.
318 */
do_sync_erase(struct ubi_device * ubi,int pnum)319 static int do_sync_erase(struct ubi_device *ubi, int pnum)
320 {
321 int err, retries = 0;
322 struct erase_info ei;
323
324 dbg_io("erase PEB %d", pnum);
325 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
326
327 if (ubi->ro_mode) {
328 ubi_err(ubi, "read-only mode");
329 return -EROFS;
330 }
331
332 retry:
333 memset(&ei, 0, sizeof(struct erase_info));
334
335 ei.addr = (loff_t)pnum * ubi->peb_size;
336 ei.len = ubi->peb_size;
337
338 err = mtd_erase(ubi->mtd, &ei);
339 if (err) {
340 if (retries++ < UBI_IO_RETRIES) {
341 ubi_warn(ubi, "error %d while erasing PEB %d, retry",
342 err, pnum);
343 yield();
344 goto retry;
345 }
346 ubi_err(ubi, "cannot erase PEB %d, error %d", pnum, err);
347 dump_stack();
348 return err;
349 }
350
351 err = ubi_self_check_all_ff(ubi, pnum, 0, ubi->peb_size);
352 if (err)
353 return err;
354
355 if (ubi_dbg_is_erase_failure(ubi)) {
356 ubi_err(ubi, "cannot erase PEB %d (emulated)", pnum);
357 return -EIO;
358 }
359
360 return 0;
361 }
362
363 /* Patterns to write to a physical eraseblock when torturing it */
364 static uint8_t patterns[] = {0xa5, 0x5a, 0x0};
365
366 /**
367 * torture_peb - test a supposedly bad physical eraseblock.
368 * @ubi: UBI device description object
369 * @pnum: the physical eraseblock number to test
370 *
371 * This function returns %-EIO if the physical eraseblock did not pass the
372 * test, a positive number of erase operations done if the test was
373 * successfully passed, and other negative error codes in case of other errors.
374 */
torture_peb(struct ubi_device * ubi,int pnum)375 static int torture_peb(struct ubi_device *ubi, int pnum)
376 {
377 int err, i, patt_count;
378
379 ubi_msg(ubi, "run torture test for PEB %d", pnum);
380 patt_count = ARRAY_SIZE(patterns);
381 ubi_assert(patt_count > 0);
382
383 mutex_lock(&ubi->buf_mutex);
384 for (i = 0; i < patt_count; i++) {
385 err = do_sync_erase(ubi, pnum);
386 if (err)
387 goto out;
388
389 /* Make sure the PEB contains only 0xFF bytes */
390 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
391 if (err)
392 goto out;
393
394 err = ubi_check_pattern(ubi->peb_buf, 0xFF, ubi->peb_size);
395 if (err == 0) {
396 ubi_err(ubi, "erased PEB %d, but a non-0xFF byte found",
397 pnum);
398 err = -EIO;
399 goto out;
400 }
401
402 /* Write a pattern and check it */
403 memset(ubi->peb_buf, patterns[i], ubi->peb_size);
404 err = ubi_io_write(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
405 if (err)
406 goto out;
407
408 memset(ubi->peb_buf, ~patterns[i], ubi->peb_size);
409 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
410 if (err)
411 goto out;
412
413 err = ubi_check_pattern(ubi->peb_buf, patterns[i],
414 ubi->peb_size);
415 if (err == 0) {
416 ubi_err(ubi, "pattern %x checking failed for PEB %d",
417 patterns[i], pnum);
418 err = -EIO;
419 goto out;
420 }
421 }
422
423 err = patt_count;
424 ubi_msg(ubi, "PEB %d passed torture test, do not mark it as bad", pnum);
425
426 out:
427 mutex_unlock(&ubi->buf_mutex);
428 if (err == UBI_IO_BITFLIPS || mtd_is_eccerr(err)) {
429 /*
430 * If a bit-flip or data integrity error was detected, the test
431 * has not passed because it happened on a freshly erased
432 * physical eraseblock which means something is wrong with it.
433 */
434 ubi_err(ubi, "read problems on freshly erased PEB %d, must be bad",
435 pnum);
436 err = -EIO;
437 }
438 return err;
439 }
440
441 /**
442 * nor_erase_prepare - prepare a NOR flash PEB for erasure.
443 * @ubi: UBI device description object
444 * @pnum: physical eraseblock number to prepare
445 *
446 * NOR flash, or at least some of them, have peculiar embedded PEB erasure
447 * algorithm: the PEB is first filled with zeroes, then it is erased. And
448 * filling with zeroes starts from the end of the PEB. This was observed with
449 * Spansion S29GL512N NOR flash.
450 *
451 * This means that in case of a power cut we may end up with intact data at the
452 * beginning of the PEB, and all zeroes at the end of PEB. In other words, the
453 * EC and VID headers are OK, but a large chunk of data at the end of PEB is
454 * zeroed. This makes UBI mistakenly treat this PEB as used and associate it
455 * with an LEB, which leads to subsequent failures (e.g., UBIFS fails).
456 *
457 * This function is called before erasing NOR PEBs and it zeroes out EC and VID
458 * magic numbers in order to invalidate them and prevent the failures. Returns
459 * zero in case of success and a negative error code in case of failure.
460 */
nor_erase_prepare(struct ubi_device * ubi,int pnum)461 static int nor_erase_prepare(struct ubi_device *ubi, int pnum)
462 {
463 int err;
464 size_t written;
465 loff_t addr;
466 uint32_t data = 0;
467 struct ubi_ec_hdr ec_hdr;
468 struct ubi_vid_io_buf vidb;
469
470 /*
471 * Note, we cannot generally define VID header buffers on stack,
472 * because of the way we deal with these buffers (see the header
473 * comment in this file). But we know this is a NOR-specific piece of
474 * code, so we can do this. But yes, this is error-prone and we should
475 * (pre-)allocate VID header buffer instead.
476 */
477 struct ubi_vid_hdr vid_hdr;
478
479 /*
480 * If VID or EC is valid, we have to corrupt them before erasing.
481 * It is important to first invalidate the EC header, and then the VID
482 * header. Otherwise a power cut may lead to valid EC header and
483 * invalid VID header, in which case UBI will treat this PEB as
484 * corrupted and will try to preserve it, and print scary warnings.
485 */
486 addr = (loff_t)pnum * ubi->peb_size;
487 err = ubi_io_read_ec_hdr(ubi, pnum, &ec_hdr, 0);
488 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
489 err != UBI_IO_FF){
490 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
491 if(err)
492 goto error;
493 }
494
495 ubi_init_vid_buf(ubi, &vidb, &vid_hdr);
496 ubi_assert(&vid_hdr == ubi_get_vid_hdr(&vidb));
497
498 err = ubi_io_read_vid_hdr(ubi, pnum, &vidb, 0);
499 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
500 err != UBI_IO_FF){
501 addr += ubi->vid_hdr_aloffset;
502 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
503 if (err)
504 goto error;
505 }
506 return 0;
507
508 error:
509 /*
510 * The PEB contains a valid VID or EC header, but we cannot invalidate
511 * it. Supposedly the flash media or the driver is screwed up, so
512 * return an error.
513 */
514 ubi_err(ubi, "cannot invalidate PEB %d, write returned %d", pnum, err);
515 ubi_dump_flash(ubi, pnum, 0, ubi->peb_size);
516 return -EIO;
517 }
518
519 /**
520 * ubi_io_sync_erase - synchronously erase a physical eraseblock.
521 * @ubi: UBI device description object
522 * @pnum: physical eraseblock number to erase
523 * @torture: if this physical eraseblock has to be tortured
524 *
525 * This function synchronously erases physical eraseblock @pnum. If @torture
526 * flag is not zero, the physical eraseblock is checked by means of writing
527 * different patterns to it and reading them back. If the torturing is enabled,
528 * the physical eraseblock is erased more than once.
529 *
530 * This function returns the number of erasures made in case of success, %-EIO
531 * if the erasure failed or the torturing test failed, and other negative error
532 * codes in case of other errors. Note, %-EIO means that the physical
533 * eraseblock is bad.
534 */
ubi_io_sync_erase(struct ubi_device * ubi,int pnum,int torture)535 int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture)
536 {
537 int err, ret = 0;
538
539 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
540
541 err = self_check_not_bad(ubi, pnum);
542 if (err != 0)
543 return err;
544
545 if (ubi->ro_mode) {
546 ubi_err(ubi, "read-only mode");
547 return -EROFS;
548 }
549
550 /*
551 * If the flash is ECC-ed then we have to erase the ECC block before we
552 * can write to it. But the write is in preparation to an erase in the
553 * first place. This means we cannot zero out EC and VID before the
554 * erase and we just have to hope the flash starts erasing from the
555 * start of the page.
556 */
557 if (ubi->nor_flash && ubi->mtd->writesize == 1) {
558 err = nor_erase_prepare(ubi, pnum);
559 if (err)
560 return err;
561 }
562
563 if (torture) {
564 ret = torture_peb(ubi, pnum);
565 if (ret < 0)
566 return ret;
567 }
568
569 err = do_sync_erase(ubi, pnum);
570 if (err)
571 return err;
572
573 return ret + 1;
574 }
575
576 /**
577 * ubi_io_is_bad - check if a physical eraseblock is bad.
578 * @ubi: UBI device description object
579 * @pnum: the physical eraseblock number to check
580 *
581 * This function returns a positive number if the physical eraseblock is bad,
582 * zero if not, and a negative error code if an error occurred.
583 */
ubi_io_is_bad(const struct ubi_device * ubi,int pnum)584 int ubi_io_is_bad(const struct ubi_device *ubi, int pnum)
585 {
586 struct mtd_info *mtd = ubi->mtd;
587
588 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
589
590 if (ubi->bad_allowed) {
591 int ret;
592
593 ret = mtd_block_isbad(mtd, (loff_t)pnum * ubi->peb_size);
594 if (ret < 0)
595 ubi_err(ubi, "error %d while checking if PEB %d is bad",
596 ret, pnum);
597 else if (ret)
598 dbg_io("PEB %d is bad", pnum);
599 return ret;
600 }
601
602 return 0;
603 }
604
605 /**
606 * ubi_io_mark_bad - mark a physical eraseblock as bad.
607 * @ubi: UBI device description object
608 * @pnum: the physical eraseblock number to mark
609 *
610 * This function returns zero in case of success and a negative error code in
611 * case of failure.
612 */
ubi_io_mark_bad(const struct ubi_device * ubi,int pnum)613 int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum)
614 {
615 int err;
616 struct mtd_info *mtd = ubi->mtd;
617
618 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
619
620 if (ubi->ro_mode) {
621 ubi_err(ubi, "read-only mode");
622 return -EROFS;
623 }
624
625 if (!ubi->bad_allowed)
626 return 0;
627
628 err = mtd_block_markbad(mtd, (loff_t)pnum * ubi->peb_size);
629 if (err)
630 ubi_err(ubi, "cannot mark PEB %d bad, error %d", pnum, err);
631 return err;
632 }
633
634 /**
635 * validate_ec_hdr - validate an erase counter header.
636 * @ubi: UBI device description object
637 * @ec_hdr: the erase counter header to check
638 *
639 * This function returns zero if the erase counter header is OK, and %1 if
640 * not.
641 */
validate_ec_hdr(const struct ubi_device * ubi,const struct ubi_ec_hdr * ec_hdr)642 static int validate_ec_hdr(const struct ubi_device *ubi,
643 const struct ubi_ec_hdr *ec_hdr)
644 {
645 long long ec;
646 int vid_hdr_offset, leb_start;
647
648 ec = be64_to_cpu(ec_hdr->ec);
649 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset);
650 leb_start = be32_to_cpu(ec_hdr->data_offset);
651
652 if (ec_hdr->version != UBI_VERSION) {
653 ubi_err(ubi, "node with incompatible UBI version found: this UBI version is %d, image version is %d",
654 UBI_VERSION, (int)ec_hdr->version);
655 goto bad;
656 }
657
658 if (vid_hdr_offset != ubi->vid_hdr_offset) {
659 ubi_err(ubi, "bad VID header offset %d, expected %d",
660 vid_hdr_offset, ubi->vid_hdr_offset);
661 goto bad;
662 }
663
664 if (leb_start != ubi->leb_start) {
665 ubi_err(ubi, "bad data offset %d, expected %d",
666 leb_start, ubi->leb_start);
667 goto bad;
668 }
669
670 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) {
671 ubi_err(ubi, "bad erase counter %lld", ec);
672 goto bad;
673 }
674
675 return 0;
676
677 bad:
678 ubi_err(ubi, "bad EC header");
679 ubi_dump_ec_hdr(ec_hdr);
680 dump_stack();
681 return 1;
682 }
683
684 /**
685 * ubi_io_read_ec_hdr - read and check an erase counter header.
686 * @ubi: UBI device description object
687 * @pnum: physical eraseblock to read from
688 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter
689 * header
690 * @verbose: be verbose if the header is corrupted or was not found
691 *
692 * This function reads erase counter header from physical eraseblock @pnum and
693 * stores it in @ec_hdr. This function also checks CRC checksum of the read
694 * erase counter header. The following codes may be returned:
695 *
696 * o %0 if the CRC checksum is correct and the header was successfully read;
697 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected
698 * and corrected by the flash driver; this is harmless but may indicate that
699 * this eraseblock may become bad soon (but may be not);
700 * o %UBI_IO_BAD_HDR if the erase counter header is corrupted (a CRC error);
701 * o %UBI_IO_BAD_HDR_EBADMSG is the same as %UBI_IO_BAD_HDR, but there also was
702 * a data integrity error (uncorrectable ECC error in case of NAND);
703 * o %UBI_IO_FF if only 0xFF bytes were read (the PEB is supposedly empty)
704 * o a negative error code in case of failure.
705 */
ubi_io_read_ec_hdr(struct ubi_device * ubi,int pnum,struct ubi_ec_hdr * ec_hdr,int verbose)706 int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum,
707 struct ubi_ec_hdr *ec_hdr, int verbose)
708 {
709 int err, read_err;
710 uint32_t crc, magic, hdr_crc;
711
712 dbg_io("read EC header from PEB %d", pnum);
713 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
714
715 read_err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
716 if (read_err) {
717 if (read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
718 return read_err;
719
720 /*
721 * We read all the data, but either a correctable bit-flip
722 * occurred, or MTD reported a data integrity error
723 * (uncorrectable ECC error in case of NAND). The former is
724 * harmless, the later may mean that the read data is
725 * corrupted. But we have a CRC check-sum and we will detect
726 * this. If the EC header is still OK, we just report this as
727 * there was a bit-flip, to force scrubbing.
728 */
729 }
730
731 magic = be32_to_cpu(ec_hdr->magic);
732 if (magic != UBI_EC_HDR_MAGIC) {
733 if (mtd_is_eccerr(read_err))
734 return UBI_IO_BAD_HDR_EBADMSG;
735
736 /*
737 * The magic field is wrong. Let's check if we have read all
738 * 0xFF. If yes, this physical eraseblock is assumed to be
739 * empty.
740 */
741 if (ubi_check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) {
742 /* The physical eraseblock is supposedly empty */
743 if (verbose)
744 ubi_warn(ubi, "no EC header found at PEB %d, only 0xFF bytes",
745 pnum);
746 dbg_bld("no EC header found at PEB %d, only 0xFF bytes",
747 pnum);
748 if (!read_err)
749 return UBI_IO_FF;
750 else
751 return UBI_IO_FF_BITFLIPS;
752 }
753
754 /*
755 * This is not a valid erase counter header, and these are not
756 * 0xFF bytes. Report that the header is corrupted.
757 */
758 if (verbose) {
759 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
760 pnum, magic, UBI_EC_HDR_MAGIC);
761 ubi_dump_ec_hdr(ec_hdr);
762 }
763 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
764 pnum, magic, UBI_EC_HDR_MAGIC);
765 return UBI_IO_BAD_HDR;
766 }
767
768 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
769 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
770
771 if (hdr_crc != crc) {
772 if (verbose) {
773 ubi_warn(ubi, "bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
774 pnum, crc, hdr_crc);
775 ubi_dump_ec_hdr(ec_hdr);
776 }
777 dbg_bld("bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
778 pnum, crc, hdr_crc);
779
780 if (!read_err)
781 return UBI_IO_BAD_HDR;
782 else
783 return UBI_IO_BAD_HDR_EBADMSG;
784 }
785
786 /* And of course validate what has just been read from the media */
787 err = validate_ec_hdr(ubi, ec_hdr);
788 if (err) {
789 ubi_err(ubi, "validation failed for PEB %d", pnum);
790 return -EINVAL;
791 }
792
793 /*
794 * If there was %-EBADMSG, but the header CRC is still OK, report about
795 * a bit-flip to force scrubbing on this PEB.
796 */
797 if (read_err)
798 return UBI_IO_BITFLIPS;
799
800 if (ubi_dbg_is_read_failure(ubi, MASK_READ_FAILURE_EC)) {
801 ubi_warn(ubi, "cannot read EC header from PEB %d (emulated)",
802 pnum);
803 return -EIO;
804 }
805
806 if (ubi_dbg_is_ff(ubi, MASK_IO_FF_EC)) {
807 ubi_warn(ubi, "bit-all-ff (emulated)");
808 return UBI_IO_FF;
809 }
810
811 if (ubi_dbg_is_ff_bitflips(ubi, MASK_IO_FF_BITFLIPS_EC)) {
812 ubi_warn(ubi, "bit-all-ff with error reported by MTD driver (emulated)");
813 return UBI_IO_FF_BITFLIPS;
814 }
815
816 if (ubi_dbg_is_bad_hdr(ubi, MASK_BAD_HDR_EC)) {
817 ubi_warn(ubi, "bad_hdr (emulated)");
818 return UBI_IO_BAD_HDR;
819 }
820
821 if (ubi_dbg_is_bad_hdr_ebadmsg(ubi, MASK_BAD_HDR_EBADMSG_EC)) {
822 ubi_warn(ubi, "bad_hdr with ECC error (emulated)");
823 return UBI_IO_BAD_HDR_EBADMSG;
824 }
825
826 return 0;
827 }
828
829 /**
830 * ubi_io_write_ec_hdr - write an erase counter header.
831 * @ubi: UBI device description object
832 * @pnum: physical eraseblock to write to
833 * @ec_hdr: the erase counter header to write
834 *
835 * This function writes erase counter header described by @ec_hdr to physical
836 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so
837 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec
838 * field.
839 *
840 * This function returns zero in case of success and a negative error code in
841 * case of failure. If %-EIO is returned, the physical eraseblock most probably
842 * went bad.
843 */
ubi_io_write_ec_hdr(struct ubi_device * ubi,int pnum,struct ubi_ec_hdr * ec_hdr)844 int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum,
845 struct ubi_ec_hdr *ec_hdr)
846 {
847 int err;
848 uint32_t crc;
849
850 dbg_io("write EC header to PEB %d", pnum);
851 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
852
853 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC);
854 ec_hdr->version = UBI_VERSION;
855 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset);
856 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start);
857 ec_hdr->image_seq = cpu_to_be32(ubi->image_seq);
858 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
859 ec_hdr->hdr_crc = cpu_to_be32(crc);
860
861 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
862 if (err)
863 return err;
864
865 if (ubi_dbg_is_power_cut(ubi, MASK_POWER_CUT_EC)) {
866 ubi_warn(ubi, "emulating a power cut when writing EC header");
867 ubi_ro_mode(ubi);
868 return -EROFS;
869 }
870
871 memset((char *)ec_hdr + UBI_EC_HDR_SIZE, 0xFF, ubi->ec_hdr_alsize - UBI_EC_HDR_SIZE);
872
873 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize);
874 return err;
875 }
876
877 /**
878 * validate_vid_hdr - validate a volume identifier header.
879 * @ubi: UBI device description object
880 * @vid_hdr: the volume identifier header to check
881 *
882 * This function checks that data stored in the volume identifier header
883 * @vid_hdr. Returns zero if the VID header is OK and %1 if not.
884 */
validate_vid_hdr(const struct ubi_device * ubi,const struct ubi_vid_hdr * vid_hdr)885 static int validate_vid_hdr(const struct ubi_device *ubi,
886 const struct ubi_vid_hdr *vid_hdr)
887 {
888 int vol_type = vid_hdr->vol_type;
889 int copy_flag = vid_hdr->copy_flag;
890 int vol_id = be32_to_cpu(vid_hdr->vol_id);
891 int lnum = be32_to_cpu(vid_hdr->lnum);
892 int compat = vid_hdr->compat;
893 int data_size = be32_to_cpu(vid_hdr->data_size);
894 int used_ebs = be32_to_cpu(vid_hdr->used_ebs);
895 int data_pad = be32_to_cpu(vid_hdr->data_pad);
896 int data_crc = be32_to_cpu(vid_hdr->data_crc);
897 int usable_leb_size = ubi->leb_size - data_pad;
898
899 if (copy_flag != 0 && copy_flag != 1) {
900 ubi_err(ubi, "bad copy_flag");
901 goto bad;
902 }
903
904 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 ||
905 data_pad < 0) {
906 ubi_err(ubi, "negative values");
907 goto bad;
908 }
909
910 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) {
911 ubi_err(ubi, "bad vol_id");
912 goto bad;
913 }
914
915 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) {
916 ubi_err(ubi, "bad compat");
917 goto bad;
918 }
919
920 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE &&
921 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE &&
922 compat != UBI_COMPAT_REJECT) {
923 ubi_err(ubi, "bad compat");
924 goto bad;
925 }
926
927 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) {
928 ubi_err(ubi, "bad vol_type");
929 goto bad;
930 }
931
932 if (data_pad >= ubi->leb_size / 2) {
933 ubi_err(ubi, "bad data_pad");
934 goto bad;
935 }
936
937 if (data_size > ubi->leb_size) {
938 ubi_err(ubi, "bad data_size");
939 goto bad;
940 }
941
942 if (vol_type == UBI_VID_STATIC) {
943 /*
944 * Although from high-level point of view static volumes may
945 * contain zero bytes of data, but no VID headers can contain
946 * zero at these fields, because they empty volumes do not have
947 * mapped logical eraseblocks.
948 */
949 if (used_ebs == 0) {
950 ubi_err(ubi, "zero used_ebs");
951 goto bad;
952 }
953 if (data_size == 0) {
954 ubi_err(ubi, "zero data_size");
955 goto bad;
956 }
957 if (lnum < used_ebs - 1) {
958 if (data_size != usable_leb_size) {
959 ubi_err(ubi, "bad data_size");
960 goto bad;
961 }
962 } else if (lnum > used_ebs - 1) {
963 ubi_err(ubi, "too high lnum");
964 goto bad;
965 }
966 } else {
967 if (copy_flag == 0) {
968 if (data_crc != 0) {
969 ubi_err(ubi, "non-zero data CRC");
970 goto bad;
971 }
972 if (data_size != 0) {
973 ubi_err(ubi, "non-zero data_size");
974 goto bad;
975 }
976 } else {
977 if (data_size == 0) {
978 ubi_err(ubi, "zero data_size of copy");
979 goto bad;
980 }
981 }
982 if (used_ebs != 0) {
983 ubi_err(ubi, "bad used_ebs");
984 goto bad;
985 }
986 }
987
988 return 0;
989
990 bad:
991 ubi_err(ubi, "bad VID header");
992 ubi_dump_vid_hdr(vid_hdr);
993 dump_stack();
994 return 1;
995 }
996
997 /**
998 * ubi_io_read_vid_hdr - read and check a volume identifier header.
999 * @ubi: UBI device description object
1000 * @pnum: physical eraseblock number to read from
1001 * @vidb: the volume identifier buffer to store data in
1002 * @verbose: be verbose if the header is corrupted or wasn't found
1003 *
1004 * This function reads the volume identifier header from physical eraseblock
1005 * @pnum and stores it in @vidb. It also checks CRC checksum of the read
1006 * volume identifier header. The error codes are the same as in
1007 * 'ubi_io_read_ec_hdr()'.
1008 *
1009 * Note, the implementation of this function is also very similar to
1010 * 'ubi_io_read_ec_hdr()', so refer commentaries in 'ubi_io_read_ec_hdr()'.
1011 */
ubi_io_read_vid_hdr(struct ubi_device * ubi,int pnum,struct ubi_vid_io_buf * vidb,int verbose)1012 int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum,
1013 struct ubi_vid_io_buf *vidb, int verbose)
1014 {
1015 int err, read_err;
1016 uint32_t crc, magic, hdr_crc;
1017 struct ubi_vid_hdr *vid_hdr = ubi_get_vid_hdr(vidb);
1018 void *p = vidb->buffer;
1019
1020 dbg_io("read VID header from PEB %d", pnum);
1021 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1022
1023 read_err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1024 ubi->vid_hdr_shift + UBI_VID_HDR_SIZE);
1025 if (read_err && read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
1026 return read_err;
1027
1028 magic = be32_to_cpu(vid_hdr->magic);
1029 if (magic != UBI_VID_HDR_MAGIC) {
1030 if (mtd_is_eccerr(read_err))
1031 return UBI_IO_BAD_HDR_EBADMSG;
1032
1033 if (ubi_check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) {
1034 if (verbose)
1035 ubi_warn(ubi, "no VID header found at PEB %d, only 0xFF bytes",
1036 pnum);
1037 dbg_bld("no VID header found at PEB %d, only 0xFF bytes",
1038 pnum);
1039 if (!read_err)
1040 return UBI_IO_FF;
1041 else
1042 return UBI_IO_FF_BITFLIPS;
1043 }
1044
1045 if (verbose) {
1046 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
1047 pnum, magic, UBI_VID_HDR_MAGIC);
1048 ubi_dump_vid_hdr(vid_hdr);
1049 }
1050 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
1051 pnum, magic, UBI_VID_HDR_MAGIC);
1052 return UBI_IO_BAD_HDR;
1053 }
1054
1055 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1056 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1057
1058 if (hdr_crc != crc) {
1059 if (verbose) {
1060 ubi_warn(ubi, "bad CRC at PEB %d, calculated %#08x, read %#08x",
1061 pnum, crc, hdr_crc);
1062 ubi_dump_vid_hdr(vid_hdr);
1063 }
1064 dbg_bld("bad CRC at PEB %d, calculated %#08x, read %#08x",
1065 pnum, crc, hdr_crc);
1066 if (!read_err)
1067 return UBI_IO_BAD_HDR;
1068 else
1069 return UBI_IO_BAD_HDR_EBADMSG;
1070 }
1071
1072 err = validate_vid_hdr(ubi, vid_hdr);
1073 if (err) {
1074 ubi_err(ubi, "validation failed for PEB %d", pnum);
1075 return -EINVAL;
1076 }
1077
1078 if (read_err)
1079 return UBI_IO_BITFLIPS;
1080
1081 if (ubi_dbg_is_read_failure(ubi, MASK_READ_FAILURE_VID)) {
1082 ubi_warn(ubi, "cannot read VID header from PEB %d (emulated)",
1083 pnum);
1084 return -EIO;
1085 }
1086
1087 if (ubi_dbg_is_ff(ubi, MASK_IO_FF_VID)) {
1088 ubi_warn(ubi, "bit-all-ff (emulated)");
1089 return UBI_IO_FF;
1090 }
1091
1092 if (ubi_dbg_is_ff_bitflips(ubi, MASK_IO_FF_BITFLIPS_VID)) {
1093 ubi_warn(ubi, "bit-all-ff with error reported by MTD driver (emulated)");
1094 return UBI_IO_FF_BITFLIPS;
1095 }
1096
1097 if (ubi_dbg_is_bad_hdr(ubi, MASK_BAD_HDR_VID)) {
1098 ubi_warn(ubi, "bad_hdr (emulated)");
1099 return UBI_IO_BAD_HDR;
1100 }
1101
1102 if (ubi_dbg_is_bad_hdr_ebadmsg(ubi, MASK_BAD_HDR_EBADMSG_VID)) {
1103 ubi_warn(ubi, "bad_hdr with ECC error (emulated)");
1104 return UBI_IO_BAD_HDR_EBADMSG;
1105 }
1106
1107 return 0;
1108 }
1109
1110 /**
1111 * ubi_io_write_vid_hdr - write a volume identifier header.
1112 * @ubi: UBI device description object
1113 * @pnum: the physical eraseblock number to write to
1114 * @vidb: the volume identifier buffer to write
1115 *
1116 * This function writes the volume identifier header described by @vid_hdr to
1117 * physical eraseblock @pnum. This function automatically fills the
1118 * @vidb->hdr->magic and the @vidb->hdr->version fields, as well as calculates
1119 * header CRC checksum and stores it at vidb->hdr->hdr_crc.
1120 *
1121 * This function returns zero in case of success and a negative error code in
1122 * case of failure. If %-EIO is returned, the physical eraseblock probably went
1123 * bad.
1124 */
ubi_io_write_vid_hdr(struct ubi_device * ubi,int pnum,struct ubi_vid_io_buf * vidb)1125 int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum,
1126 struct ubi_vid_io_buf *vidb)
1127 {
1128 struct ubi_vid_hdr *vid_hdr = ubi_get_vid_hdr(vidb);
1129 int err;
1130 uint32_t crc;
1131 void *p = vidb->buffer;
1132
1133 dbg_io("write VID header to PEB %d", pnum);
1134 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1135
1136 err = self_check_peb_ec_hdr(ubi, pnum);
1137 if (err)
1138 return err;
1139
1140 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC);
1141 vid_hdr->version = UBI_VERSION;
1142 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1143 vid_hdr->hdr_crc = cpu_to_be32(crc);
1144
1145 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1146 if (err)
1147 return err;
1148
1149 if (ubi_dbg_is_power_cut(ubi, MASK_POWER_CUT_VID)) {
1150 ubi_warn(ubi, "emulating a power cut when writing VID header");
1151 ubi_ro_mode(ubi);
1152 return -EROFS;
1153 }
1154
1155 if (ubi->vid_hdr_shift) {
1156 memset((char *)p, 0xFF, ubi->vid_hdr_shift);
1157 memset((char *)p + ubi->vid_hdr_shift + UBI_VID_HDR_SIZE, 0xFF,
1158 ubi->vid_hdr_alsize - (ubi->vid_hdr_shift + UBI_VID_HDR_SIZE));
1159 } else {
1160 memset((char *)p + UBI_VID_HDR_SIZE, 0xFF, ubi->vid_hdr_alsize - UBI_VID_HDR_SIZE);
1161 }
1162
1163 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset,
1164 ubi->vid_hdr_alsize);
1165 return err;
1166 }
1167
1168 /**
1169 * self_check_not_bad - ensure that a physical eraseblock is not bad.
1170 * @ubi: UBI device description object
1171 * @pnum: physical eraseblock number to check
1172 *
1173 * This function returns zero if the physical eraseblock is good, %-EINVAL if
1174 * it is bad and a negative error code if an error occurred.
1175 */
self_check_not_bad(const struct ubi_device * ubi,int pnum)1176 static int self_check_not_bad(const struct ubi_device *ubi, int pnum)
1177 {
1178 int err;
1179
1180 if (!ubi_dbg_chk_io(ubi))
1181 return 0;
1182
1183 err = ubi_io_is_bad(ubi, pnum);
1184 if (!err)
1185 return err;
1186
1187 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1188 dump_stack();
1189 return err > 0 ? -EINVAL : err;
1190 }
1191
1192 /**
1193 * self_check_ec_hdr - check if an erase counter header is all right.
1194 * @ubi: UBI device description object
1195 * @pnum: physical eraseblock number the erase counter header belongs to
1196 * @ec_hdr: the erase counter header to check
1197 *
1198 * This function returns zero if the erase counter header contains valid
1199 * values, and %-EINVAL if not.
1200 */
self_check_ec_hdr(const struct ubi_device * ubi,int pnum,const struct ubi_ec_hdr * ec_hdr)1201 static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
1202 const struct ubi_ec_hdr *ec_hdr)
1203 {
1204 int err;
1205 uint32_t magic;
1206
1207 if (!ubi_dbg_chk_io(ubi))
1208 return 0;
1209
1210 magic = be32_to_cpu(ec_hdr->magic);
1211 if (magic != UBI_EC_HDR_MAGIC) {
1212 ubi_err(ubi, "bad magic %#08x, must be %#08x",
1213 magic, UBI_EC_HDR_MAGIC);
1214 goto fail;
1215 }
1216
1217 err = validate_ec_hdr(ubi, ec_hdr);
1218 if (err) {
1219 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1220 goto fail;
1221 }
1222
1223 return 0;
1224
1225 fail:
1226 ubi_dump_ec_hdr(ec_hdr);
1227 dump_stack();
1228 return -EINVAL;
1229 }
1230
1231 /**
1232 * self_check_peb_ec_hdr - check erase counter header.
1233 * @ubi: UBI device description object
1234 * @pnum: the physical eraseblock number to check
1235 *
1236 * This function returns zero if the erase counter header is all right and
1237 * a negative error code if not or if an error occurred.
1238 */
self_check_peb_ec_hdr(const struct ubi_device * ubi,int pnum)1239 static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum)
1240 {
1241 int err;
1242 uint32_t crc, hdr_crc;
1243 struct ubi_ec_hdr *ec_hdr;
1244
1245 if (!ubi_dbg_chk_io(ubi))
1246 return 0;
1247
1248 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS);
1249 if (!ec_hdr)
1250 return -ENOMEM;
1251
1252 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
1253 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1254 goto exit;
1255
1256 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
1257 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
1258 if (hdr_crc != crc) {
1259 ubi_err(ubi, "bad CRC, calculated %#08x, read %#08x",
1260 crc, hdr_crc);
1261 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1262 ubi_dump_ec_hdr(ec_hdr);
1263 dump_stack();
1264 err = -EINVAL;
1265 goto exit;
1266 }
1267
1268 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
1269
1270 exit:
1271 kfree(ec_hdr);
1272 return err;
1273 }
1274
1275 /**
1276 * self_check_vid_hdr - check that a volume identifier header is all right.
1277 * @ubi: UBI device description object
1278 * @pnum: physical eraseblock number the volume identifier header belongs to
1279 * @vid_hdr: the volume identifier header to check
1280 *
1281 * This function returns zero if the volume identifier header is all right, and
1282 * %-EINVAL if not.
1283 */
self_check_vid_hdr(const struct ubi_device * ubi,int pnum,const struct ubi_vid_hdr * vid_hdr)1284 static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
1285 const struct ubi_vid_hdr *vid_hdr)
1286 {
1287 int err;
1288 uint32_t magic;
1289
1290 if (!ubi_dbg_chk_io(ubi))
1291 return 0;
1292
1293 magic = be32_to_cpu(vid_hdr->magic);
1294 if (magic != UBI_VID_HDR_MAGIC) {
1295 ubi_err(ubi, "bad VID header magic %#08x at PEB %d, must be %#08x",
1296 magic, pnum, UBI_VID_HDR_MAGIC);
1297 goto fail;
1298 }
1299
1300 err = validate_vid_hdr(ubi, vid_hdr);
1301 if (err) {
1302 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1303 goto fail;
1304 }
1305
1306 return err;
1307
1308 fail:
1309 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1310 ubi_dump_vid_hdr(vid_hdr);
1311 dump_stack();
1312 return -EINVAL;
1313
1314 }
1315
1316 /**
1317 * self_check_peb_vid_hdr - check volume identifier header.
1318 * @ubi: UBI device description object
1319 * @pnum: the physical eraseblock number to check
1320 *
1321 * This function returns zero if the volume identifier header is all right,
1322 * and a negative error code if not or if an error occurred.
1323 */
self_check_peb_vid_hdr(const struct ubi_device * ubi,int pnum)1324 static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum)
1325 {
1326 int err;
1327 uint32_t crc, hdr_crc;
1328 struct ubi_vid_io_buf *vidb;
1329 struct ubi_vid_hdr *vid_hdr;
1330 void *p;
1331
1332 if (!ubi_dbg_chk_io(ubi))
1333 return 0;
1334
1335 vidb = ubi_alloc_vid_buf(ubi, GFP_NOFS);
1336 if (!vidb)
1337 return -ENOMEM;
1338
1339 vid_hdr = ubi_get_vid_hdr(vidb);
1340 p = vidb->buffer;
1341 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1342 ubi->vid_hdr_alsize);
1343 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1344 goto exit;
1345
1346 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1347 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1348 if (hdr_crc != crc) {
1349 ubi_err(ubi, "bad VID header CRC at PEB %d, calculated %#08x, read %#08x",
1350 pnum, crc, hdr_crc);
1351 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1352 ubi_dump_vid_hdr(vid_hdr);
1353 dump_stack();
1354 err = -EINVAL;
1355 goto exit;
1356 }
1357
1358 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1359
1360 exit:
1361 ubi_free_vid_buf(vidb);
1362 return err;
1363 }
1364
1365 /**
1366 * self_check_write - make sure write succeeded.
1367 * @ubi: UBI device description object
1368 * @buf: buffer with data which were written
1369 * @pnum: physical eraseblock number the data were written to
1370 * @offset: offset within the physical eraseblock the data were written to
1371 * @len: how many bytes were written
1372 *
1373 * This functions reads data which were recently written and compares it with
1374 * the original data buffer - the data have to match. Returns zero if the data
1375 * match and a negative error code if not or in case of failure.
1376 */
self_check_write(struct ubi_device * ubi,const void * buf,int pnum,int offset,int len)1377 static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
1378 int offset, int len)
1379 {
1380 int err, i;
1381 size_t read;
1382 void *buf1;
1383 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1384
1385 if (!ubi_dbg_chk_io(ubi))
1386 return 0;
1387
1388 buf1 = __vmalloc(len, GFP_NOFS);
1389 if (!buf1) {
1390 ubi_err(ubi, "cannot allocate memory to check writes");
1391 return 0;
1392 }
1393
1394 err = mtd_read(ubi->mtd, addr, len, &read, buf1);
1395 if (err && !mtd_is_bitflip(err))
1396 goto out_free;
1397
1398 for (i = 0; i < len; i++) {
1399 uint8_t c = ((uint8_t *)buf)[i];
1400 uint8_t c1 = ((uint8_t *)buf1)[i];
1401 int dump_len;
1402
1403 if (c == c1)
1404 continue;
1405
1406 ubi_err(ubi, "self-check failed for PEB %d:%d, len %d",
1407 pnum, offset, len);
1408 ubi_msg(ubi, "data differ at position %d", i);
1409 dump_len = max_t(int, 128, len - i);
1410 ubi_msg(ubi, "hex dump of the original buffer from %d to %d",
1411 i, i + dump_len);
1412 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1413 buf + i, dump_len, 1);
1414 ubi_msg(ubi, "hex dump of the read buffer from %d to %d",
1415 i, i + dump_len);
1416 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1417 buf1 + i, dump_len, 1);
1418 dump_stack();
1419 err = -EINVAL;
1420 goto out_free;
1421 }
1422
1423 vfree(buf1);
1424 return 0;
1425
1426 out_free:
1427 vfree(buf1);
1428 return err;
1429 }
1430
1431 /**
1432 * ubi_self_check_all_ff - check that a region of flash is empty.
1433 * @ubi: UBI device description object
1434 * @pnum: the physical eraseblock number to check
1435 * @offset: the starting offset within the physical eraseblock to check
1436 * @len: the length of the region to check
1437 *
1438 * This function returns zero if only 0xFF bytes are present at offset
1439 * @offset of the physical eraseblock @pnum, and a negative error code if not
1440 * or if an error occurred.
1441 */
ubi_self_check_all_ff(struct ubi_device * ubi,int pnum,int offset,int len)1442 int ubi_self_check_all_ff(struct ubi_device *ubi, int pnum, int offset, int len)
1443 {
1444 size_t read;
1445 int err;
1446 void *buf;
1447 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1448
1449 if (!ubi_dbg_chk_io(ubi))
1450 return 0;
1451
1452 buf = __vmalloc(len, GFP_NOFS);
1453 if (!buf) {
1454 ubi_err(ubi, "cannot allocate memory to check for 0xFFs");
1455 return 0;
1456 }
1457
1458 err = mtd_read(ubi->mtd, addr, len, &read, buf);
1459 if (err && !mtd_is_bitflip(err)) {
1460 ubi_err(ubi, "err %d while reading %d bytes from PEB %d:%d, read %zd bytes",
1461 err, len, pnum, offset, read);
1462 goto error;
1463 }
1464
1465 err = ubi_check_pattern(buf, 0xFF, len);
1466 if (err == 0) {
1467 ubi_err(ubi, "flash region at PEB %d:%d, length %d does not contain all 0xFF bytes",
1468 pnum, offset, len);
1469 goto fail;
1470 }
1471
1472 vfree(buf);
1473 return 0;
1474
1475 fail:
1476 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1477 ubi_msg(ubi, "hex dump of the %d-%d region", offset, offset + len);
1478 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1, buf, len, 1);
1479 err = -EINVAL;
1480 error:
1481 dump_stack();
1482 vfree(buf);
1483 return err;
1484 }
1485