xref: /linux/drivers/mtd/inftlmount.c (revision bd628c1bed7902ec1f24ba0fe70758949146abbe)
1 /*
2  * inftlmount.c -- INFTL mount code with extensive checks.
3  *
4  * Author: Greg Ungerer (gerg@snapgear.com)
5  * Copyright © 2002-2003, Greg Ungerer (gerg@snapgear.com)
6  *
7  * Based heavily on the nftlmount.c code which is:
8  * Author: Fabrice Bellard (fabrice.bellard@netgem.com)
9  * Copyright © 2000 Netgem S.A.
10  *
11  * This program is free software; you can redistribute it and/or modify
12  * it under the terms of the GNU General Public License as published by
13  * the Free Software Foundation; either version 2 of the License, or
14  * (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, write to the Free Software
23  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
24  */
25 
26 #include <linux/kernel.h>
27 #include <linux/module.h>
28 #include <asm/errno.h>
29 #include <asm/io.h>
30 #include <linux/uaccess.h>
31 #include <linux/delay.h>
32 #include <linux/slab.h>
33 #include <linux/mtd/mtd.h>
34 #include <linux/mtd/nftl.h>
35 #include <linux/mtd/inftl.h>
36 
37 /*
38  * find_boot_record: Find the INFTL Media Header and its Spare copy which
39  *	contains the various device information of the INFTL partition and
40  *	Bad Unit Table. Update the PUtable[] table according to the Bad
41  *	Unit Table. PUtable[] is used for management of Erase Unit in
42  *	other routines in inftlcore.c and inftlmount.c.
43  */
44 static int find_boot_record(struct INFTLrecord *inftl)
45 {
46 	struct inftl_unittail h1;
47 	//struct inftl_oob oob;
48 	unsigned int i, block;
49 	u8 buf[SECTORSIZE];
50 	struct INFTLMediaHeader *mh = &inftl->MediaHdr;
51 	struct mtd_info *mtd = inftl->mbd.mtd;
52 	struct INFTLPartition *ip;
53 	size_t retlen;
54 
55 	pr_debug("INFTL: find_boot_record(inftl=%p)\n", inftl);
56 
57         /*
58 	 * Assume logical EraseSize == physical erasesize for starting the
59 	 * scan. We'll sort it out later if we find a MediaHeader which says
60 	 * otherwise.
61 	 */
62 	inftl->EraseSize = inftl->mbd.mtd->erasesize;
63         inftl->nb_blocks = (u32)inftl->mbd.mtd->size / inftl->EraseSize;
64 
65 	inftl->MediaUnit = BLOCK_NIL;
66 
67 	/* Search for a valid boot record */
68 	for (block = 0; block < inftl->nb_blocks; block++) {
69 		int ret;
70 
71 		/*
72 		 * Check for BNAND header first. Then whinge if it's found
73 		 * but later checks fail.
74 		 */
75 		ret = mtd_read(mtd, block * inftl->EraseSize, SECTORSIZE,
76 			       &retlen, buf);
77 		/* We ignore ret in case the ECC of the MediaHeader is invalid
78 		   (which is apparently acceptable) */
79 		if (retlen != SECTORSIZE) {
80 			static int warncount = 5;
81 
82 			if (warncount) {
83 				printk(KERN_WARNING "INFTL: block read at 0x%x "
84 					"of mtd%d failed: %d\n",
85 					block * inftl->EraseSize,
86 					inftl->mbd.mtd->index, ret);
87 				if (!--warncount)
88 					printk(KERN_WARNING "INFTL: further "
89 						"failures for this block will "
90 						"not be printed\n");
91 			}
92 			continue;
93 		}
94 
95 		if (retlen < 6 || memcmp(buf, "BNAND", 6)) {
96 			/* BNAND\0 not found. Continue */
97 			continue;
98 		}
99 
100 		/* To be safer with BIOS, also use erase mark as discriminant */
101 		ret = inftl_read_oob(mtd,
102 				     block * inftl->EraseSize + SECTORSIZE + 8,
103 				     8, &retlen,(char *)&h1);
104 		if (ret < 0) {
105 			printk(KERN_WARNING "INFTL: ANAND header found at "
106 				"0x%x in mtd%d, but OOB data read failed "
107 				"(err %d)\n", block * inftl->EraseSize,
108 				inftl->mbd.mtd->index, ret);
109 			continue;
110 		}
111 
112 
113 		/*
114 		 * This is the first we've seen.
115 		 * Copy the media header structure into place.
116 		 */
117 		memcpy(mh, buf, sizeof(struct INFTLMediaHeader));
118 
119 		/* Read the spare media header at offset 4096 */
120 		mtd_read(mtd, block * inftl->EraseSize + 4096, SECTORSIZE,
121 			 &retlen, buf);
122 		if (retlen != SECTORSIZE) {
123 			printk(KERN_WARNING "INFTL: Unable to read spare "
124 			       "Media Header\n");
125 			return -1;
126 		}
127 		/* Check if this one is the same as the first one we found. */
128 		if (memcmp(mh, buf, sizeof(struct INFTLMediaHeader))) {
129 			printk(KERN_WARNING "INFTL: Primary and spare Media "
130 			       "Headers disagree.\n");
131 			return -1;
132 		}
133 
134 		mh->NoOfBootImageBlocks = le32_to_cpu(mh->NoOfBootImageBlocks);
135 		mh->NoOfBinaryPartitions = le32_to_cpu(mh->NoOfBinaryPartitions);
136 		mh->NoOfBDTLPartitions = le32_to_cpu(mh->NoOfBDTLPartitions);
137 		mh->BlockMultiplierBits = le32_to_cpu(mh->BlockMultiplierBits);
138 		mh->FormatFlags = le32_to_cpu(mh->FormatFlags);
139 		mh->PercentUsed = le32_to_cpu(mh->PercentUsed);
140 
141 		pr_debug("INFTL: Media Header ->\n"
142 			 "    bootRecordID          = %s\n"
143 			 "    NoOfBootImageBlocks   = %d\n"
144 			 "    NoOfBinaryPartitions  = %d\n"
145 			 "    NoOfBDTLPartitions    = %d\n"
146 			 "    BlockMultiplerBits    = %d\n"
147 			 "    FormatFlgs            = %d\n"
148 			 "    OsakVersion           = 0x%x\n"
149 			 "    PercentUsed           = %d\n",
150 			 mh->bootRecordID, mh->NoOfBootImageBlocks,
151 			 mh->NoOfBinaryPartitions,
152 			 mh->NoOfBDTLPartitions,
153 			 mh->BlockMultiplierBits, mh->FormatFlags,
154 			 mh->OsakVersion, mh->PercentUsed);
155 
156 		if (mh->NoOfBDTLPartitions == 0) {
157 			printk(KERN_WARNING "INFTL: Media Header sanity check "
158 				"failed: NoOfBDTLPartitions (%d) == 0, "
159 				"must be at least 1\n", mh->NoOfBDTLPartitions);
160 			return -1;
161 		}
162 
163 		if ((mh->NoOfBDTLPartitions + mh->NoOfBinaryPartitions) > 4) {
164 			printk(KERN_WARNING "INFTL: Media Header sanity check "
165 				"failed: Total Partitions (%d) > 4, "
166 				"BDTL=%d Binary=%d\n", mh->NoOfBDTLPartitions +
167 				mh->NoOfBinaryPartitions,
168 				mh->NoOfBDTLPartitions,
169 				mh->NoOfBinaryPartitions);
170 			return -1;
171 		}
172 
173 		if (mh->BlockMultiplierBits > 1) {
174 			printk(KERN_WARNING "INFTL: sorry, we don't support "
175 				"UnitSizeFactor 0x%02x\n",
176 				mh->BlockMultiplierBits);
177 			return -1;
178 		} else if (mh->BlockMultiplierBits == 1) {
179 			printk(KERN_WARNING "INFTL: support for INFTL with "
180 				"UnitSizeFactor 0x%02x is experimental\n",
181 				mh->BlockMultiplierBits);
182 			inftl->EraseSize = inftl->mbd.mtd->erasesize <<
183 				mh->BlockMultiplierBits;
184 			inftl->nb_blocks = (u32)inftl->mbd.mtd->size / inftl->EraseSize;
185 			block >>= mh->BlockMultiplierBits;
186 		}
187 
188 		/* Scan the partitions */
189 		for (i = 0; (i < 4); i++) {
190 			ip = &mh->Partitions[i];
191 			ip->virtualUnits = le32_to_cpu(ip->virtualUnits);
192 			ip->firstUnit = le32_to_cpu(ip->firstUnit);
193 			ip->lastUnit = le32_to_cpu(ip->lastUnit);
194 			ip->flags = le32_to_cpu(ip->flags);
195 			ip->spareUnits = le32_to_cpu(ip->spareUnits);
196 			ip->Reserved0 = le32_to_cpu(ip->Reserved0);
197 
198 			pr_debug("    PARTITION[%d] ->\n"
199 				 "        virtualUnits    = %d\n"
200 				 "        firstUnit       = %d\n"
201 				 "        lastUnit        = %d\n"
202 				 "        flags           = 0x%x\n"
203 				 "        spareUnits      = %d\n",
204 				 i, ip->virtualUnits, ip->firstUnit,
205 				 ip->lastUnit, ip->flags,
206 				 ip->spareUnits);
207 
208 			if (ip->Reserved0 != ip->firstUnit) {
209 				struct erase_info *instr = &inftl->instr;
210 
211 				/*
212 				 * 	Most likely this is using the
213 				 * 	undocumented qiuck mount feature.
214 				 * 	We don't support that, we will need
215 				 * 	to erase the hidden block for full
216 				 * 	compatibility.
217 				 */
218 				instr->addr = ip->Reserved0 * inftl->EraseSize;
219 				instr->len = inftl->EraseSize;
220 				mtd_erase(mtd, instr);
221 			}
222 			if ((ip->lastUnit - ip->firstUnit + 1) < ip->virtualUnits) {
223 				printk(KERN_WARNING "INFTL: Media Header "
224 					"Partition %d sanity check failed\n"
225 					"    firstUnit %d : lastUnit %d  >  "
226 					"virtualUnits %d\n", i, ip->lastUnit,
227 					ip->firstUnit, ip->Reserved0);
228 				return -1;
229 			}
230 			if (ip->Reserved1 != 0) {
231 				printk(KERN_WARNING "INFTL: Media Header "
232 					"Partition %d sanity check failed: "
233 					"Reserved1 %d != 0\n",
234 					i, ip->Reserved1);
235 				return -1;
236 			}
237 
238 			if (ip->flags & INFTL_BDTL)
239 				break;
240 		}
241 
242 		if (i >= 4) {
243 			printk(KERN_WARNING "INFTL: Media Header Partition "
244 				"sanity check failed:\n       No partition "
245 				"marked as Disk Partition\n");
246 			return -1;
247 		}
248 
249 		inftl->nb_boot_blocks = ip->firstUnit;
250 		inftl->numvunits = ip->virtualUnits;
251 		if (inftl->numvunits > (inftl->nb_blocks -
252 		    inftl->nb_boot_blocks - 2)) {
253 			printk(KERN_WARNING "INFTL: Media Header sanity check "
254 				"failed:\n        numvunits (%d) > nb_blocks "
255 				"(%d) - nb_boot_blocks(%d) - 2\n",
256 				inftl->numvunits, inftl->nb_blocks,
257 				inftl->nb_boot_blocks);
258 			return -1;
259 		}
260 
261 		inftl->mbd.size  = inftl->numvunits *
262 			(inftl->EraseSize / SECTORSIZE);
263 
264 		/*
265 		 * Block count is set to last used EUN (we won't need to keep
266 		 * any meta-data past that point).
267 		 */
268 		inftl->firstEUN = ip->firstUnit;
269 		inftl->lastEUN = ip->lastUnit;
270 		inftl->nb_blocks = ip->lastUnit + 1;
271 
272 		/* Memory alloc */
273 		inftl->PUtable = kmalloc_array(inftl->nb_blocks, sizeof(u16),
274 					       GFP_KERNEL);
275 		if (!inftl->PUtable) {
276 			printk(KERN_WARNING "INFTL: allocation of PUtable "
277 				"failed (%zd bytes)\n",
278 				inftl->nb_blocks * sizeof(u16));
279 			return -ENOMEM;
280 		}
281 
282 		inftl->VUtable = kmalloc_array(inftl->nb_blocks, sizeof(u16),
283 					       GFP_KERNEL);
284 		if (!inftl->VUtable) {
285 			kfree(inftl->PUtable);
286 			printk(KERN_WARNING "INFTL: allocation of VUtable "
287 				"failed (%zd bytes)\n",
288 				inftl->nb_blocks * sizeof(u16));
289 			return -ENOMEM;
290 		}
291 
292 		/* Mark the blocks before INFTL MediaHeader as reserved */
293 		for (i = 0; i < inftl->nb_boot_blocks; i++)
294 			inftl->PUtable[i] = BLOCK_RESERVED;
295 		/* Mark all remaining blocks as potentially containing data */
296 		for (; i < inftl->nb_blocks; i++)
297 			inftl->PUtable[i] = BLOCK_NOTEXPLORED;
298 
299 		/* Mark this boot record (NFTL MediaHeader) block as reserved */
300 		inftl->PUtable[block] = BLOCK_RESERVED;
301 
302 		/* Read Bad Erase Unit Table and modify PUtable[] accordingly */
303 		for (i = 0; i < inftl->nb_blocks; i++) {
304 			int physblock;
305 			/* If any of the physical eraseblocks are bad, don't
306 			   use the unit. */
307 			for (physblock = 0; physblock < inftl->EraseSize; physblock += inftl->mbd.mtd->erasesize) {
308 				if (mtd_block_isbad(inftl->mbd.mtd,
309 						    i * inftl->EraseSize + physblock))
310 					inftl->PUtable[i] = BLOCK_RESERVED;
311 			}
312 		}
313 
314 		inftl->MediaUnit = block;
315 		return 0;
316 	}
317 
318 	/* Not found. */
319 	return -1;
320 }
321 
322 static int memcmpb(void *a, int c, int n)
323 {
324 	int i;
325 	for (i = 0; i < n; i++) {
326 		if (c != ((unsigned char *)a)[i])
327 			return 1;
328 	}
329 	return 0;
330 }
331 
332 /*
333  * check_free_sector: check if a free sector is actually FREE,
334  *	i.e. All 0xff in data and oob area.
335  */
336 static int check_free_sectors(struct INFTLrecord *inftl, unsigned int address,
337 	int len, int check_oob)
338 {
339 	struct mtd_info *mtd = inftl->mbd.mtd;
340 	size_t retlen;
341 	int i, ret;
342 	u8 *buf;
343 
344 	buf = kmalloc(SECTORSIZE + mtd->oobsize, GFP_KERNEL);
345 	if (!buf)
346 		return -1;
347 
348 	ret = -1;
349 	for (i = 0; i < len; i += SECTORSIZE) {
350 		if (mtd_read(mtd, address, SECTORSIZE, &retlen, buf))
351 			goto out;
352 		if (memcmpb(buf, 0xff, SECTORSIZE) != 0)
353 			goto out;
354 
355 		if (check_oob) {
356 			if(inftl_read_oob(mtd, address, mtd->oobsize,
357 					  &retlen, &buf[SECTORSIZE]) < 0)
358 				goto out;
359 			if (memcmpb(buf + SECTORSIZE, 0xff, mtd->oobsize) != 0)
360 				goto out;
361 		}
362 		address += SECTORSIZE;
363 	}
364 
365 	ret = 0;
366 
367 out:
368 	kfree(buf);
369 	return ret;
370 }
371 
372 /*
373  * INFTL_format: format a Erase Unit by erasing ALL Erase Zones in the Erase
374  *		 Unit and Update INFTL metadata. Each erase operation is
375  *		 checked with check_free_sectors.
376  *
377  * Return: 0 when succeed, -1 on error.
378  *
379  * ToDo: 1. Is it necessary to check_free_sector after erasing ??
380  */
381 int INFTL_formatblock(struct INFTLrecord *inftl, int block)
382 {
383 	size_t retlen;
384 	struct inftl_unittail uci;
385 	struct erase_info *instr = &inftl->instr;
386 	struct mtd_info *mtd = inftl->mbd.mtd;
387 	int physblock;
388 
389 	pr_debug("INFTL: INFTL_formatblock(inftl=%p,block=%d)\n", inftl, block);
390 
391 	memset(instr, 0, sizeof(struct erase_info));
392 
393 	/* FIXME: Shouldn't we be setting the 'discarded' flag to zero
394 	   _first_? */
395 
396 	/* Use async erase interface, test return code */
397 	instr->addr = block * inftl->EraseSize;
398 	instr->len = inftl->mbd.mtd->erasesize;
399 	/* Erase one physical eraseblock at a time, even though the NAND api
400 	   allows us to group them.  This way we if we have a failure, we can
401 	   mark only the failed block in the bbt. */
402 	for (physblock = 0; physblock < inftl->EraseSize;
403 	     physblock += instr->len, instr->addr += instr->len) {
404 		int ret;
405 
406 		ret = mtd_erase(inftl->mbd.mtd, instr);
407 		if (ret) {
408 			printk(KERN_WARNING "INFTL: error while formatting block %d\n",
409 				block);
410 			goto fail;
411 		}
412 
413 		/*
414 		 * Check the "freeness" of Erase Unit before updating metadata.
415 		 * FixMe: is this check really necessary? Since we have check
416 		 * the return code after the erase operation.
417 		 */
418 		if (check_free_sectors(inftl, instr->addr, instr->len, 1) != 0)
419 			goto fail;
420 	}
421 
422 	uci.EraseMark = cpu_to_le16(ERASE_MARK);
423 	uci.EraseMark1 = cpu_to_le16(ERASE_MARK);
424 	uci.Reserved[0] = 0;
425 	uci.Reserved[1] = 0;
426 	uci.Reserved[2] = 0;
427 	uci.Reserved[3] = 0;
428 	instr->addr = block * inftl->EraseSize + SECTORSIZE * 2;
429 	if (inftl_write_oob(mtd, instr->addr + 8, 8, &retlen, (char *)&uci) < 0)
430 		goto fail;
431 	return 0;
432 fail:
433 	/* could not format, update the bad block table (caller is responsible
434 	   for setting the PUtable to BLOCK_RESERVED on failure) */
435 	mtd_block_markbad(inftl->mbd.mtd, instr->addr);
436 	return -1;
437 }
438 
439 /*
440  * format_chain: Format an invalid Virtual Unit chain. It frees all the Erase
441  *	Units in a Virtual Unit Chain, i.e. all the units are disconnected.
442  *
443  *	Since the chain is invalid then we will have to erase it from its
444  *	head (normally for INFTL we go from the oldest). But if it has a
445  *	loop then there is no oldest...
446  */
447 static void format_chain(struct INFTLrecord *inftl, unsigned int first_block)
448 {
449 	unsigned int block = first_block, block1;
450 
451 	printk(KERN_WARNING "INFTL: formatting chain at block %d\n",
452 		first_block);
453 
454 	for (;;) {
455 		block1 = inftl->PUtable[block];
456 
457 		printk(KERN_WARNING "INFTL: formatting block %d\n", block);
458 		if (INFTL_formatblock(inftl, block) < 0) {
459 			/*
460 			 * Cannot format !!!! Mark it as Bad Unit,
461 			 */
462 			inftl->PUtable[block] = BLOCK_RESERVED;
463 		} else {
464 			inftl->PUtable[block] = BLOCK_FREE;
465 		}
466 
467 		/* Goto next block on the chain */
468 		block = block1;
469 
470 		if (block == BLOCK_NIL || block >= inftl->lastEUN)
471 			break;
472 	}
473 }
474 
475 void INFTL_dumptables(struct INFTLrecord *s)
476 {
477 	int i;
478 
479 	pr_debug("-------------------------------------------"
480 		"----------------------------------\n");
481 
482 	pr_debug("VUtable[%d] ->", s->nb_blocks);
483 	for (i = 0; i < s->nb_blocks; i++) {
484 		if ((i % 8) == 0)
485 			pr_debug("\n%04x: ", i);
486 		pr_debug("%04x ", s->VUtable[i]);
487 	}
488 
489 	pr_debug("\n-------------------------------------------"
490 		"----------------------------------\n");
491 
492 	pr_debug("PUtable[%d-%d=%d] ->", s->firstEUN, s->lastEUN, s->nb_blocks);
493 	for (i = 0; i <= s->lastEUN; i++) {
494 		if ((i % 8) == 0)
495 			pr_debug("\n%04x: ", i);
496 		pr_debug("%04x ", s->PUtable[i]);
497 	}
498 
499 	pr_debug("\n-------------------------------------------"
500 		"----------------------------------\n");
501 
502 	pr_debug("INFTL ->\n"
503 		"  EraseSize       = %d\n"
504 		"  h/s/c           = %d/%d/%d\n"
505 		"  numvunits       = %d\n"
506 		"  firstEUN        = %d\n"
507 		"  lastEUN         = %d\n"
508 		"  numfreeEUNs     = %d\n"
509 		"  LastFreeEUN     = %d\n"
510 		"  nb_blocks       = %d\n"
511 		"  nb_boot_blocks  = %d",
512 		s->EraseSize, s->heads, s->sectors, s->cylinders,
513 		s->numvunits, s->firstEUN, s->lastEUN, s->numfreeEUNs,
514 		s->LastFreeEUN, s->nb_blocks, s->nb_boot_blocks);
515 
516 	pr_debug("\n-------------------------------------------"
517 		"----------------------------------\n");
518 }
519 
520 void INFTL_dumpVUchains(struct INFTLrecord *s)
521 {
522 	int logical, block, i;
523 
524 	pr_debug("-------------------------------------------"
525 		"----------------------------------\n");
526 
527 	pr_debug("INFTL Virtual Unit Chains:\n");
528 	for (logical = 0; logical < s->nb_blocks; logical++) {
529 		block = s->VUtable[logical];
530 		if (block >= s->nb_blocks)
531 			continue;
532 		pr_debug("  LOGICAL %d --> %d ", logical, block);
533 		for (i = 0; i < s->nb_blocks; i++) {
534 			if (s->PUtable[block] == BLOCK_NIL)
535 				break;
536 			block = s->PUtable[block];
537 			pr_debug("%d ", block);
538 		}
539 		pr_debug("\n");
540 	}
541 
542 	pr_debug("-------------------------------------------"
543 		"----------------------------------\n");
544 }
545 
546 int INFTL_mount(struct INFTLrecord *s)
547 {
548 	struct mtd_info *mtd = s->mbd.mtd;
549 	unsigned int block, first_block, prev_block, last_block;
550 	unsigned int first_logical_block, logical_block, erase_mark;
551 	int chain_length, do_format_chain;
552 	struct inftl_unithead1 h0;
553 	struct inftl_unittail h1;
554 	size_t retlen;
555 	int i;
556 	u8 *ANACtable, ANAC;
557 
558 	pr_debug("INFTL: INFTL_mount(inftl=%p)\n", s);
559 
560 	/* Search for INFTL MediaHeader and Spare INFTL Media Header */
561 	if (find_boot_record(s) < 0) {
562 		printk(KERN_WARNING "INFTL: could not find valid boot record?\n");
563 		return -ENXIO;
564 	}
565 
566 	/* Init the logical to physical table */
567 	for (i = 0; i < s->nb_blocks; i++)
568 		s->VUtable[i] = BLOCK_NIL;
569 
570 	logical_block = block = BLOCK_NIL;
571 
572 	/* Temporary buffer to store ANAC numbers. */
573 	ANACtable = kcalloc(s->nb_blocks, sizeof(u8), GFP_KERNEL);
574 	if (!ANACtable) {
575 		printk(KERN_WARNING "INFTL: allocation of ANACtable "
576 				"failed (%zd bytes)\n",
577 				s->nb_blocks * sizeof(u8));
578 		return -ENOMEM;
579 	}
580 
581 	/*
582 	 * First pass is to explore each physical unit, and construct the
583 	 * virtual chains that exist (newest physical unit goes into VUtable).
584 	 * Any block that is in any way invalid will be left in the
585 	 * NOTEXPLORED state. Then at the end we will try to format it and
586 	 * mark it as free.
587 	 */
588 	pr_debug("INFTL: pass 1, explore each unit\n");
589 	for (first_block = s->firstEUN; first_block <= s->lastEUN; first_block++) {
590 		if (s->PUtable[first_block] != BLOCK_NOTEXPLORED)
591 			continue;
592 
593 		do_format_chain = 0;
594 		first_logical_block = BLOCK_NIL;
595 		last_block = BLOCK_NIL;
596 		block = first_block;
597 
598 		for (chain_length = 0; ; chain_length++) {
599 
600 			if ((chain_length == 0) &&
601 			    (s->PUtable[block] != BLOCK_NOTEXPLORED)) {
602 				/* Nothing to do here, onto next block */
603 				break;
604 			}
605 
606 			if (inftl_read_oob(mtd, block * s->EraseSize + 8,
607 					   8, &retlen, (char *)&h0) < 0 ||
608 			    inftl_read_oob(mtd, block * s->EraseSize +
609 					   2 * SECTORSIZE + 8, 8, &retlen,
610 					   (char *)&h1) < 0) {
611 				/* Should never happen? */
612 				do_format_chain++;
613 				break;
614 			}
615 
616 			logical_block = le16_to_cpu(h0.virtualUnitNo);
617 			prev_block = le16_to_cpu(h0.prevUnitNo);
618 			erase_mark = le16_to_cpu((h1.EraseMark | h1.EraseMark1));
619 			ANACtable[block] = h0.ANAC;
620 
621 			/* Previous block is relative to start of Partition */
622 			if (prev_block < s->nb_blocks)
623 				prev_block += s->firstEUN;
624 
625 			/* Already explored partial chain? */
626 			if (s->PUtable[block] != BLOCK_NOTEXPLORED) {
627 				/* Check if chain for this logical */
628 				if (logical_block == first_logical_block) {
629 					if (last_block != BLOCK_NIL)
630 						s->PUtable[last_block] = block;
631 				}
632 				break;
633 			}
634 
635 			/* Check for invalid block */
636 			if (erase_mark != ERASE_MARK) {
637 				printk(KERN_WARNING "INFTL: corrupt block %d "
638 					"in chain %d, chain length %d, erase "
639 					"mark 0x%x?\n", block, first_block,
640 					chain_length, erase_mark);
641 				/*
642 				 * Assume end of chain, probably incomplete
643 				 * fold/erase...
644 				 */
645 				if (chain_length == 0)
646 					do_format_chain++;
647 				break;
648 			}
649 
650 			/* Check for it being free already then... */
651 			if ((logical_block == BLOCK_FREE) ||
652 			    (logical_block == BLOCK_NIL)) {
653 				s->PUtable[block] = BLOCK_FREE;
654 				break;
655 			}
656 
657 			/* Sanity checks on block numbers */
658 			if ((logical_block >= s->nb_blocks) ||
659 			    ((prev_block >= s->nb_blocks) &&
660 			     (prev_block != BLOCK_NIL))) {
661 				if (chain_length > 0) {
662 					printk(KERN_WARNING "INFTL: corrupt "
663 						"block %d in chain %d?\n",
664 						block, first_block);
665 					do_format_chain++;
666 				}
667 				break;
668 			}
669 
670 			if (first_logical_block == BLOCK_NIL) {
671 				first_logical_block = logical_block;
672 			} else {
673 				if (first_logical_block != logical_block) {
674 					/* Normal for folded chain... */
675 					break;
676 				}
677 			}
678 
679 			/*
680 			 * Current block is valid, so if we followed a virtual
681 			 * chain to get here then we can set the previous
682 			 * block pointer in our PUtable now. Then move onto
683 			 * the previous block in the chain.
684 			 */
685 			s->PUtable[block] = BLOCK_NIL;
686 			if (last_block != BLOCK_NIL)
687 				s->PUtable[last_block] = block;
688 			last_block = block;
689 			block = prev_block;
690 
691 			/* Check for end of chain */
692 			if (block == BLOCK_NIL)
693 				break;
694 
695 			/* Validate next block before following it... */
696 			if (block > s->lastEUN) {
697 				printk(KERN_WARNING "INFTL: invalid previous "
698 					"block %d in chain %d?\n", block,
699 					first_block);
700 				do_format_chain++;
701 				break;
702 			}
703 		}
704 
705 		if (do_format_chain) {
706 			format_chain(s, first_block);
707 			continue;
708 		}
709 
710 		/*
711 		 * Looks like a valid chain then. It may not really be the
712 		 * newest block in the chain, but it is the newest we have
713 		 * found so far. We might update it in later iterations of
714 		 * this loop if we find something newer.
715 		 */
716 		s->VUtable[first_logical_block] = first_block;
717 		logical_block = BLOCK_NIL;
718 	}
719 
720 	INFTL_dumptables(s);
721 
722 	/*
723 	 * Second pass, check for infinite loops in chains. These are
724 	 * possible because we don't update the previous pointers when
725 	 * we fold chains. No big deal, just fix them up in PUtable.
726 	 */
727 	pr_debug("INFTL: pass 2, validate virtual chains\n");
728 	for (logical_block = 0; logical_block < s->numvunits; logical_block++) {
729 		block = s->VUtable[logical_block];
730 		last_block = BLOCK_NIL;
731 
732 		/* Check for free/reserved/nil */
733 		if (block >= BLOCK_RESERVED)
734 			continue;
735 
736 		ANAC = ANACtable[block];
737 		for (i = 0; i < s->numvunits; i++) {
738 			if (s->PUtable[block] == BLOCK_NIL)
739 				break;
740 			if (s->PUtable[block] > s->lastEUN) {
741 				printk(KERN_WARNING "INFTL: invalid prev %d, "
742 					"in virtual chain %d\n",
743 					s->PUtable[block], logical_block);
744 				s->PUtable[block] = BLOCK_NIL;
745 
746 			}
747 			if (ANACtable[block] != ANAC) {
748 				/*
749 				 * Chain must point back to itself. This is ok,
750 				 * but we will need adjust the tables with this
751 				 * newest block and oldest block.
752 				 */
753 				s->VUtable[logical_block] = block;
754 				s->PUtable[last_block] = BLOCK_NIL;
755 				break;
756 			}
757 
758 			ANAC--;
759 			last_block = block;
760 			block = s->PUtable[block];
761 		}
762 
763 		if (i >= s->nb_blocks) {
764 			/*
765 			 * Uhoo, infinite chain with valid ANACS!
766 			 * Format whole chain...
767 			 */
768 			format_chain(s, first_block);
769 		}
770 	}
771 
772 	INFTL_dumptables(s);
773 	INFTL_dumpVUchains(s);
774 
775 	/*
776 	 * Third pass, format unreferenced blocks and init free block count.
777 	 */
778 	s->numfreeEUNs = 0;
779 	s->LastFreeEUN = BLOCK_NIL;
780 
781 	pr_debug("INFTL: pass 3, format unused blocks\n");
782 	for (block = s->firstEUN; block <= s->lastEUN; block++) {
783 		if (s->PUtable[block] == BLOCK_NOTEXPLORED) {
784 			printk("INFTL: unreferenced block %d, formatting it\n",
785 				block);
786 			if (INFTL_formatblock(s, block) < 0)
787 				s->PUtable[block] = BLOCK_RESERVED;
788 			else
789 				s->PUtable[block] = BLOCK_FREE;
790 		}
791 		if (s->PUtable[block] == BLOCK_FREE) {
792 			s->numfreeEUNs++;
793 			if (s->LastFreeEUN == BLOCK_NIL)
794 				s->LastFreeEUN = block;
795 		}
796 	}
797 
798 	kfree(ANACtable);
799 	return 0;
800 }
801