1 /* 2 * Copyright (c) International Business Machines Corp., 2006 3 * Copyright (c) Nokia Corporation, 2006, 2007 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See 13 * the GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program; if not, write to the Free Software 17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 18 * 19 * Author: Artem Bityutskiy (Битюцкий Артём) 20 */ 21 22 /* 23 * UBI input/output unit. 24 * 25 * This unit provides a uniform way to work with all kinds of the underlying 26 * MTD devices. It also implements handy functions for reading and writing UBI 27 * headers. 28 * 29 * We are trying to have a paranoid mindset and not to trust to what we read 30 * from the flash media in order to be more secure and robust. So this unit 31 * validates every single header it reads from the flash media. 32 * 33 * Some words about how the eraseblock headers are stored. 34 * 35 * The erase counter header is always stored at offset zero. By default, the 36 * VID header is stored after the EC header at the closest aligned offset 37 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID 38 * header at the closest aligned offset. But this default layout may be 39 * changed. For example, for different reasons (e.g., optimization) UBI may be 40 * asked to put the VID header at further offset, and even at an unaligned 41 * offset. Of course, if the offset of the VID header is unaligned, UBI adds 42 * proper padding in front of it. Data offset may also be changed but it has to 43 * be aligned. 44 * 45 * About minimal I/O units. In general, UBI assumes flash device model where 46 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1, 47 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the 48 * @ubi->mtd->writesize field. But as an exception, UBI admits of using another 49 * (smaller) minimal I/O unit size for EC and VID headers to make it possible 50 * to do different optimizations. 51 * 52 * This is extremely useful in case of NAND flashes which admit of several 53 * write operations to one NAND page. In this case UBI can fit EC and VID 54 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal 55 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still 56 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI 57 * users. 58 * 59 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so 60 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID 61 * headers. 62 * 63 * Q: why not just to treat sub-page as a minimal I/O unit of this flash 64 * device, e.g., make @ubi->min_io_size = 512 in the example above? 65 * 66 * A: because when writing a sub-page, MTD still writes a full 2K page but the 67 * bytes which are no relevant to the sub-page are 0xFF. So, basically, writing 68 * 4x512 sub-pages is 4 times slower then writing one 2KiB NAND page. Thus, we 69 * prefer to use sub-pages only for EV and VID headers. 70 * 71 * As it was noted above, the VID header may start at a non-aligned offset. 72 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page, 73 * the VID header may reside at offset 1984 which is the last 64 bytes of the 74 * last sub-page (EC header is always at offset zero). This causes some 75 * difficulties when reading and writing VID headers. 76 * 77 * Suppose we have a 64-byte buffer and we read a VID header at it. We change 78 * the data and want to write this VID header out. As we can only write in 79 * 512-byte chunks, we have to allocate one more buffer and copy our VID header 80 * to offset 448 of this buffer. 81 * 82 * The I/O unit does the following trick in order to avoid this extra copy. 83 * It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID header 84 * and returns a pointer to offset @ubi->vid_hdr_shift of this buffer. When the 85 * VID header is being written out, it shifts the VID header pointer back and 86 * writes the whole sub-page. 87 */ 88 89 #include <linux/crc32.h> 90 #include <linux/err.h> 91 #include "ubi.h" 92 93 #ifdef CONFIG_MTD_UBI_DEBUG_PARANOID 94 static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum); 95 static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum); 96 static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum, 97 const struct ubi_ec_hdr *ec_hdr); 98 static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum); 99 static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum, 100 const struct ubi_vid_hdr *vid_hdr); 101 static int paranoid_check_all_ff(struct ubi_device *ubi, int pnum, int offset, 102 int len); 103 #else 104 #define paranoid_check_not_bad(ubi, pnum) 0 105 #define paranoid_check_peb_ec_hdr(ubi, pnum) 0 106 #define paranoid_check_ec_hdr(ubi, pnum, ec_hdr) 0 107 #define paranoid_check_peb_vid_hdr(ubi, pnum) 0 108 #define paranoid_check_vid_hdr(ubi, pnum, vid_hdr) 0 109 #define paranoid_check_all_ff(ubi, pnum, offset, len) 0 110 #endif 111 112 /** 113 * ubi_io_read - read data from a physical eraseblock. 114 * @ubi: UBI device description object 115 * @buf: buffer where to store the read data 116 * @pnum: physical eraseblock number to read from 117 * @offset: offset within the physical eraseblock from where to read 118 * @len: how many bytes to read 119 * 120 * This function reads data from offset @offset of physical eraseblock @pnum 121 * and stores the read data in the @buf buffer. The following return codes are 122 * possible: 123 * 124 * o %0 if all the requested data were successfully read; 125 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but 126 * correctable bit-flips were detected; this is harmless but may indicate 127 * that this eraseblock may become bad soon (but do not have to); 128 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for 129 * example it can be an ECC error in case of NAND; this most probably means 130 * that the data is corrupted; 131 * o %-EIO if some I/O error occurred; 132 * o other negative error codes in case of other errors. 133 */ 134 int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset, 135 int len) 136 { 137 int err, retries = 0; 138 size_t read; 139 loff_t addr; 140 141 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset); 142 143 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 144 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size); 145 ubi_assert(len > 0); 146 147 err = paranoid_check_not_bad(ubi, pnum); 148 if (err) 149 return err > 0 ? -EINVAL : err; 150 151 addr = (loff_t)pnum * ubi->peb_size + offset; 152 retry: 153 err = ubi->mtd->read(ubi->mtd, addr, len, &read, buf); 154 if (err) { 155 if (err == -EUCLEAN) { 156 /* 157 * -EUCLEAN is reported if there was a bit-flip which 158 * was corrected, so this is harmless. 159 */ 160 ubi_msg("fixable bit-flip detected at PEB %d", pnum); 161 ubi_assert(len == read); 162 return UBI_IO_BITFLIPS; 163 } 164 165 if (read != len && retries++ < UBI_IO_RETRIES) { 166 dbg_io("error %d while reading %d bytes from PEB %d:%d, " 167 "read only %zd bytes, retry", 168 err, len, pnum, offset, read); 169 yield(); 170 goto retry; 171 } 172 173 ubi_err("error %d while reading %d bytes from PEB %d:%d, " 174 "read %zd bytes", err, len, pnum, offset, read); 175 ubi_dbg_dump_stack(); 176 177 /* 178 * The driver should never return -EBADMSG if it failed to read 179 * all the requested data. But some buggy drivers might do 180 * this, so we change it to -EIO. 181 */ 182 if (read != len && err == -EBADMSG) { 183 ubi_assert(0); 184 err = -EIO; 185 } 186 } else { 187 ubi_assert(len == read); 188 189 if (ubi_dbg_is_bitflip()) { 190 dbg_msg("bit-flip (emulated)"); 191 err = UBI_IO_BITFLIPS; 192 } 193 } 194 195 return err; 196 } 197 198 /** 199 * ubi_io_write - write data to a physical eraseblock. 200 * @ubi: UBI device description object 201 * @buf: buffer with the data to write 202 * @pnum: physical eraseblock number to write to 203 * @offset: offset within the physical eraseblock where to write 204 * @len: how many bytes to write 205 * 206 * This function writes @len bytes of data from buffer @buf to offset @offset 207 * of physical eraseblock @pnum. If all the data were successfully written, 208 * zero is returned. If an error occurred, this function returns a negative 209 * error code. If %-EIO is returned, the physical eraseblock most probably went 210 * bad. 211 * 212 * Note, in case of an error, it is possible that something was still written 213 * to the flash media, but may be some garbage. 214 */ 215 int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset, 216 int len) 217 { 218 int err; 219 size_t written; 220 loff_t addr; 221 222 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset); 223 224 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 225 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size); 226 ubi_assert(offset % ubi->hdrs_min_io_size == 0); 227 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0); 228 229 if (ubi->ro_mode) { 230 ubi_err("read-only mode"); 231 return -EROFS; 232 } 233 234 /* The below has to be compiled out if paranoid checks are disabled */ 235 236 err = paranoid_check_not_bad(ubi, pnum); 237 if (err) 238 return err > 0 ? -EINVAL : err; 239 240 /* The area we are writing to has to contain all 0xFF bytes */ 241 err = paranoid_check_all_ff(ubi, pnum, offset, len); 242 if (err) 243 return err > 0 ? -EINVAL : err; 244 245 if (offset >= ubi->leb_start) { 246 /* 247 * We write to the data area of the physical eraseblock. Make 248 * sure it has valid EC and VID headers. 249 */ 250 err = paranoid_check_peb_ec_hdr(ubi, pnum); 251 if (err) 252 return err > 0 ? -EINVAL : err; 253 err = paranoid_check_peb_vid_hdr(ubi, pnum); 254 if (err) 255 return err > 0 ? -EINVAL : err; 256 } 257 258 if (ubi_dbg_is_write_failure()) { 259 dbg_err("cannot write %d bytes to PEB %d:%d " 260 "(emulated)", len, pnum, offset); 261 ubi_dbg_dump_stack(); 262 return -EIO; 263 } 264 265 addr = (loff_t)pnum * ubi->peb_size + offset; 266 err = ubi->mtd->write(ubi->mtd, addr, len, &written, buf); 267 if (err) { 268 ubi_err("error %d while writing %d bytes to PEB %d:%d, written" 269 " %zd bytes", err, len, pnum, offset, written); 270 ubi_dbg_dump_stack(); 271 } else 272 ubi_assert(written == len); 273 274 return err; 275 } 276 277 /** 278 * erase_callback - MTD erasure call-back. 279 * @ei: MTD erase information object. 280 * 281 * Note, even though MTD erase interface is asynchronous, all the current 282 * implementations are synchronous anyway. 283 */ 284 static void erase_callback(struct erase_info *ei) 285 { 286 wake_up_interruptible((wait_queue_head_t *)ei->priv); 287 } 288 289 /** 290 * do_sync_erase - synchronously erase a physical eraseblock. 291 * @ubi: UBI device description object 292 * @pnum: the physical eraseblock number to erase 293 * 294 * This function synchronously erases physical eraseblock @pnum and returns 295 * zero in case of success and a negative error code in case of failure. If 296 * %-EIO is returned, the physical eraseblock most probably went bad. 297 */ 298 static int do_sync_erase(struct ubi_device *ubi, int pnum) 299 { 300 int err, retries = 0; 301 struct erase_info ei; 302 wait_queue_head_t wq; 303 304 dbg_io("erase PEB %d", pnum); 305 306 retry: 307 init_waitqueue_head(&wq); 308 memset(&ei, 0, sizeof(struct erase_info)); 309 310 ei.mtd = ubi->mtd; 311 ei.addr = (loff_t)pnum * ubi->peb_size; 312 ei.len = ubi->peb_size; 313 ei.callback = erase_callback; 314 ei.priv = (unsigned long)&wq; 315 316 err = ubi->mtd->erase(ubi->mtd, &ei); 317 if (err) { 318 if (retries++ < UBI_IO_RETRIES) { 319 dbg_io("error %d while erasing PEB %d, retry", 320 err, pnum); 321 yield(); 322 goto retry; 323 } 324 ubi_err("cannot erase PEB %d, error %d", pnum, err); 325 ubi_dbg_dump_stack(); 326 return err; 327 } 328 329 err = wait_event_interruptible(wq, ei.state == MTD_ERASE_DONE || 330 ei.state == MTD_ERASE_FAILED); 331 if (err) { 332 ubi_err("interrupted PEB %d erasure", pnum); 333 return -EINTR; 334 } 335 336 if (ei.state == MTD_ERASE_FAILED) { 337 if (retries++ < UBI_IO_RETRIES) { 338 dbg_io("error while erasing PEB %d, retry", pnum); 339 yield(); 340 goto retry; 341 } 342 ubi_err("cannot erase PEB %d", pnum); 343 ubi_dbg_dump_stack(); 344 return -EIO; 345 } 346 347 err = paranoid_check_all_ff(ubi, pnum, 0, ubi->peb_size); 348 if (err) 349 return err > 0 ? -EINVAL : err; 350 351 if (ubi_dbg_is_erase_failure() && !err) { 352 dbg_err("cannot erase PEB %d (emulated)", pnum); 353 return -EIO; 354 } 355 356 return 0; 357 } 358 359 /** 360 * check_pattern - check if buffer contains only a certain byte pattern. 361 * @buf: buffer to check 362 * @patt: the pattern to check 363 * @size: buffer size in bytes 364 * 365 * This function returns %1 in there are only @patt bytes in @buf, and %0 if 366 * something else was also found. 367 */ 368 static int check_pattern(const void *buf, uint8_t patt, int size) 369 { 370 int i; 371 372 for (i = 0; i < size; i++) 373 if (((const uint8_t *)buf)[i] != patt) 374 return 0; 375 return 1; 376 } 377 378 /* Patterns to write to a physical eraseblock when torturing it */ 379 static uint8_t patterns[] = {0xa5, 0x5a, 0x0}; 380 381 /** 382 * torture_peb - test a supposedly bad physical eraseblock. 383 * @ubi: UBI device description object 384 * @pnum: the physical eraseblock number to test 385 * 386 * This function returns %-EIO if the physical eraseblock did not pass the 387 * test, a positive number of erase operations done if the test was 388 * successfully passed, and other negative error codes in case of other errors. 389 */ 390 static int torture_peb(struct ubi_device *ubi, int pnum) 391 { 392 int err, i, patt_count; 393 394 patt_count = ARRAY_SIZE(patterns); 395 ubi_assert(patt_count > 0); 396 397 mutex_lock(&ubi->buf_mutex); 398 for (i = 0; i < patt_count; i++) { 399 err = do_sync_erase(ubi, pnum); 400 if (err) 401 goto out; 402 403 /* Make sure the PEB contains only 0xFF bytes */ 404 err = ubi_io_read(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size); 405 if (err) 406 goto out; 407 408 err = check_pattern(ubi->peb_buf1, 0xFF, ubi->peb_size); 409 if (err == 0) { 410 ubi_err("erased PEB %d, but a non-0xFF byte found", 411 pnum); 412 err = -EIO; 413 goto out; 414 } 415 416 /* Write a pattern and check it */ 417 memset(ubi->peb_buf1, patterns[i], ubi->peb_size); 418 err = ubi_io_write(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size); 419 if (err) 420 goto out; 421 422 memset(ubi->peb_buf1, ~patterns[i], ubi->peb_size); 423 err = ubi_io_read(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size); 424 if (err) 425 goto out; 426 427 err = check_pattern(ubi->peb_buf1, patterns[i], ubi->peb_size); 428 if (err == 0) { 429 ubi_err("pattern %x checking failed for PEB %d", 430 patterns[i], pnum); 431 err = -EIO; 432 goto out; 433 } 434 } 435 436 err = patt_count; 437 438 out: 439 mutex_unlock(&ubi->buf_mutex); 440 if (err == UBI_IO_BITFLIPS || err == -EBADMSG) { 441 /* 442 * If a bit-flip or data integrity error was detected, the test 443 * has not passed because it happened on a freshly erased 444 * physical eraseblock which means something is wrong with it. 445 */ 446 ubi_err("read problems on freshly erased PEB %d, must be bad", 447 pnum); 448 err = -EIO; 449 } 450 return err; 451 } 452 453 /** 454 * ubi_io_sync_erase - synchronously erase a physical eraseblock. 455 * @ubi: UBI device description object 456 * @pnum: physical eraseblock number to erase 457 * @torture: if this physical eraseblock has to be tortured 458 * 459 * This function synchronously erases physical eraseblock @pnum. If @torture 460 * flag is not zero, the physical eraseblock is checked by means of writing 461 * different patterns to it and reading them back. If the torturing is enabled, 462 * the physical eraseblock is erased more then once. 463 * 464 * This function returns the number of erasures made in case of success, %-EIO 465 * if the erasure failed or the torturing test failed, and other negative error 466 * codes in case of other errors. Note, %-EIO means that the physical 467 * eraseblock is bad. 468 */ 469 int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture) 470 { 471 int err, ret = 0; 472 473 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 474 475 err = paranoid_check_not_bad(ubi, pnum); 476 if (err != 0) 477 return err > 0 ? -EINVAL : err; 478 479 if (ubi->ro_mode) { 480 ubi_err("read-only mode"); 481 return -EROFS; 482 } 483 484 if (torture) { 485 ret = torture_peb(ubi, pnum); 486 if (ret < 0) 487 return ret; 488 } 489 490 err = do_sync_erase(ubi, pnum); 491 if (err) 492 return err; 493 494 return ret + 1; 495 } 496 497 /** 498 * ubi_io_is_bad - check if a physical eraseblock is bad. 499 * @ubi: UBI device description object 500 * @pnum: the physical eraseblock number to check 501 * 502 * This function returns a positive number if the physical eraseblock is bad, 503 * zero if not, and a negative error code if an error occurred. 504 */ 505 int ubi_io_is_bad(const struct ubi_device *ubi, int pnum) 506 { 507 struct mtd_info *mtd = ubi->mtd; 508 509 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 510 511 if (ubi->bad_allowed) { 512 int ret; 513 514 ret = mtd->block_isbad(mtd, (loff_t)pnum * ubi->peb_size); 515 if (ret < 0) 516 ubi_err("error %d while checking if PEB %d is bad", 517 ret, pnum); 518 else if (ret) 519 dbg_io("PEB %d is bad", pnum); 520 return ret; 521 } 522 523 return 0; 524 } 525 526 /** 527 * ubi_io_mark_bad - mark a physical eraseblock as bad. 528 * @ubi: UBI device description object 529 * @pnum: the physical eraseblock number to mark 530 * 531 * This function returns zero in case of success and a negative error code in 532 * case of failure. 533 */ 534 int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum) 535 { 536 int err; 537 struct mtd_info *mtd = ubi->mtd; 538 539 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 540 541 if (ubi->ro_mode) { 542 ubi_err("read-only mode"); 543 return -EROFS; 544 } 545 546 if (!ubi->bad_allowed) 547 return 0; 548 549 err = mtd->block_markbad(mtd, (loff_t)pnum * ubi->peb_size); 550 if (err) 551 ubi_err("cannot mark PEB %d bad, error %d", pnum, err); 552 return err; 553 } 554 555 /** 556 * validate_ec_hdr - validate an erase counter header. 557 * @ubi: UBI device description object 558 * @ec_hdr: the erase counter header to check 559 * 560 * This function returns zero if the erase counter header is OK, and %1 if 561 * not. 562 */ 563 static int validate_ec_hdr(const struct ubi_device *ubi, 564 const struct ubi_ec_hdr *ec_hdr) 565 { 566 long long ec; 567 int vid_hdr_offset, leb_start; 568 569 ec = be64_to_cpu(ec_hdr->ec); 570 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset); 571 leb_start = be32_to_cpu(ec_hdr->data_offset); 572 573 if (ec_hdr->version != UBI_VERSION) { 574 ubi_err("node with incompatible UBI version found: " 575 "this UBI version is %d, image version is %d", 576 UBI_VERSION, (int)ec_hdr->version); 577 goto bad; 578 } 579 580 if (vid_hdr_offset != ubi->vid_hdr_offset) { 581 ubi_err("bad VID header offset %d, expected %d", 582 vid_hdr_offset, ubi->vid_hdr_offset); 583 goto bad; 584 } 585 586 if (leb_start != ubi->leb_start) { 587 ubi_err("bad data offset %d, expected %d", 588 leb_start, ubi->leb_start); 589 goto bad; 590 } 591 592 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) { 593 ubi_err("bad erase counter %lld", ec); 594 goto bad; 595 } 596 597 return 0; 598 599 bad: 600 ubi_err("bad EC header"); 601 ubi_dbg_dump_ec_hdr(ec_hdr); 602 ubi_dbg_dump_stack(); 603 return 1; 604 } 605 606 /** 607 * ubi_io_read_ec_hdr - read and check an erase counter header. 608 * @ubi: UBI device description object 609 * @pnum: physical eraseblock to read from 610 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter 611 * header 612 * @verbose: be verbose if the header is corrupted or was not found 613 * 614 * This function reads erase counter header from physical eraseblock @pnum and 615 * stores it in @ec_hdr. This function also checks CRC checksum of the read 616 * erase counter header. The following codes may be returned: 617 * 618 * o %0 if the CRC checksum is correct and the header was successfully read; 619 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected 620 * and corrected by the flash driver; this is harmless but may indicate that 621 * this eraseblock may become bad soon (but may be not); 622 * o %UBI_IO_BAD_EC_HDR if the erase counter header is corrupted (a CRC error); 623 * o %UBI_IO_PEB_EMPTY if the physical eraseblock is empty; 624 * o a negative error code in case of failure. 625 */ 626 int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum, 627 struct ubi_ec_hdr *ec_hdr, int verbose) 628 { 629 int err, read_err = 0; 630 uint32_t crc, magic, hdr_crc; 631 632 dbg_io("read EC header from PEB %d", pnum); 633 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 634 635 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE); 636 if (err) { 637 if (err != UBI_IO_BITFLIPS && err != -EBADMSG) 638 return err; 639 640 /* 641 * We read all the data, but either a correctable bit-flip 642 * occurred, or MTD reported about some data integrity error, 643 * like an ECC error in case of NAND. The former is harmless, 644 * the later may mean that the read data is corrupted. But we 645 * have a CRC check-sum and we will detect this. If the EC 646 * header is still OK, we just report this as there was a 647 * bit-flip. 648 */ 649 read_err = err; 650 } 651 652 magic = be32_to_cpu(ec_hdr->magic); 653 if (magic != UBI_EC_HDR_MAGIC) { 654 /* 655 * The magic field is wrong. Let's check if we have read all 656 * 0xFF. If yes, this physical eraseblock is assumed to be 657 * empty. 658 * 659 * But if there was a read error, we do not test it for all 660 * 0xFFs. Even if it does contain all 0xFFs, this error 661 * indicates that something is still wrong with this physical 662 * eraseblock and we anyway cannot treat it as empty. 663 */ 664 if (read_err != -EBADMSG && 665 check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) { 666 /* The physical eraseblock is supposedly empty */ 667 668 /* 669 * The below is just a paranoid check, it has to be 670 * compiled out if paranoid checks are disabled. 671 */ 672 err = paranoid_check_all_ff(ubi, pnum, 0, 673 ubi->peb_size); 674 if (err) 675 return err > 0 ? UBI_IO_BAD_EC_HDR : err; 676 677 if (verbose) 678 ubi_warn("no EC header found at PEB %d, " 679 "only 0xFF bytes", pnum); 680 return UBI_IO_PEB_EMPTY; 681 } 682 683 /* 684 * This is not a valid erase counter header, and these are not 685 * 0xFF bytes. Report that the header is corrupted. 686 */ 687 if (verbose) { 688 ubi_warn("bad magic number at PEB %d: %08x instead of " 689 "%08x", pnum, magic, UBI_EC_HDR_MAGIC); 690 ubi_dbg_dump_ec_hdr(ec_hdr); 691 } 692 return UBI_IO_BAD_EC_HDR; 693 } 694 695 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC); 696 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc); 697 698 if (hdr_crc != crc) { 699 if (verbose) { 700 ubi_warn("bad EC header CRC at PEB %d, calculated %#08x," 701 " read %#08x", pnum, crc, hdr_crc); 702 ubi_dbg_dump_ec_hdr(ec_hdr); 703 } 704 return UBI_IO_BAD_EC_HDR; 705 } 706 707 /* And of course validate what has just been read from the media */ 708 err = validate_ec_hdr(ubi, ec_hdr); 709 if (err) { 710 ubi_err("validation failed for PEB %d", pnum); 711 return -EINVAL; 712 } 713 714 return read_err ? UBI_IO_BITFLIPS : 0; 715 } 716 717 /** 718 * ubi_io_write_ec_hdr - write an erase counter header. 719 * @ubi: UBI device description object 720 * @pnum: physical eraseblock to write to 721 * @ec_hdr: the erase counter header to write 722 * 723 * This function writes erase counter header described by @ec_hdr to physical 724 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so 725 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec 726 * field. 727 * 728 * This function returns zero in case of success and a negative error code in 729 * case of failure. If %-EIO is returned, the physical eraseblock most probably 730 * went bad. 731 */ 732 int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum, 733 struct ubi_ec_hdr *ec_hdr) 734 { 735 int err; 736 uint32_t crc; 737 738 dbg_io("write EC header to PEB %d", pnum); 739 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 740 741 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC); 742 ec_hdr->version = UBI_VERSION; 743 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset); 744 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start); 745 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC); 746 ec_hdr->hdr_crc = cpu_to_be32(crc); 747 748 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr); 749 if (err) 750 return -EINVAL; 751 752 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize); 753 return err; 754 } 755 756 /** 757 * validate_vid_hdr - validate a volume identifier header. 758 * @ubi: UBI device description object 759 * @vid_hdr: the volume identifier header to check 760 * 761 * This function checks that data stored in the volume identifier header 762 * @vid_hdr. Returns zero if the VID header is OK and %1 if not. 763 */ 764 static int validate_vid_hdr(const struct ubi_device *ubi, 765 const struct ubi_vid_hdr *vid_hdr) 766 { 767 int vol_type = vid_hdr->vol_type; 768 int copy_flag = vid_hdr->copy_flag; 769 int vol_id = be32_to_cpu(vid_hdr->vol_id); 770 int lnum = be32_to_cpu(vid_hdr->lnum); 771 int compat = vid_hdr->compat; 772 int data_size = be32_to_cpu(vid_hdr->data_size); 773 int used_ebs = be32_to_cpu(vid_hdr->used_ebs); 774 int data_pad = be32_to_cpu(vid_hdr->data_pad); 775 int data_crc = be32_to_cpu(vid_hdr->data_crc); 776 int usable_leb_size = ubi->leb_size - data_pad; 777 778 if (copy_flag != 0 && copy_flag != 1) { 779 dbg_err("bad copy_flag"); 780 goto bad; 781 } 782 783 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 || 784 data_pad < 0) { 785 dbg_err("negative values"); 786 goto bad; 787 } 788 789 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) { 790 dbg_err("bad vol_id"); 791 goto bad; 792 } 793 794 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) { 795 dbg_err("bad compat"); 796 goto bad; 797 } 798 799 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE && 800 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE && 801 compat != UBI_COMPAT_REJECT) { 802 dbg_err("bad compat"); 803 goto bad; 804 } 805 806 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) { 807 dbg_err("bad vol_type"); 808 goto bad; 809 } 810 811 if (data_pad >= ubi->leb_size / 2) { 812 dbg_err("bad data_pad"); 813 goto bad; 814 } 815 816 if (vol_type == UBI_VID_STATIC) { 817 /* 818 * Although from high-level point of view static volumes may 819 * contain zero bytes of data, but no VID headers can contain 820 * zero at these fields, because they empty volumes do not have 821 * mapped logical eraseblocks. 822 */ 823 if (used_ebs == 0) { 824 dbg_err("zero used_ebs"); 825 goto bad; 826 } 827 if (data_size == 0) { 828 dbg_err("zero data_size"); 829 goto bad; 830 } 831 if (lnum < used_ebs - 1) { 832 if (data_size != usable_leb_size) { 833 dbg_err("bad data_size"); 834 goto bad; 835 } 836 } else if (lnum == used_ebs - 1) { 837 if (data_size == 0) { 838 dbg_err("bad data_size at last LEB"); 839 goto bad; 840 } 841 } else { 842 dbg_err("too high lnum"); 843 goto bad; 844 } 845 } else { 846 if (copy_flag == 0) { 847 if (data_crc != 0) { 848 dbg_err("non-zero data CRC"); 849 goto bad; 850 } 851 if (data_size != 0) { 852 dbg_err("non-zero data_size"); 853 goto bad; 854 } 855 } else { 856 if (data_size == 0) { 857 dbg_err("zero data_size of copy"); 858 goto bad; 859 } 860 } 861 if (used_ebs != 0) { 862 dbg_err("bad used_ebs"); 863 goto bad; 864 } 865 } 866 867 return 0; 868 869 bad: 870 ubi_err("bad VID header"); 871 ubi_dbg_dump_vid_hdr(vid_hdr); 872 ubi_dbg_dump_stack(); 873 return 1; 874 } 875 876 /** 877 * ubi_io_read_vid_hdr - read and check a volume identifier header. 878 * @ubi: UBI device description object 879 * @pnum: physical eraseblock number to read from 880 * @vid_hdr: &struct ubi_vid_hdr object where to store the read volume 881 * identifier header 882 * @verbose: be verbose if the header is corrupted or wasn't found 883 * 884 * This function reads the volume identifier header from physical eraseblock 885 * @pnum and stores it in @vid_hdr. It also checks CRC checksum of the read 886 * volume identifier header. The following codes may be returned: 887 * 888 * o %0 if the CRC checksum is correct and the header was successfully read; 889 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected 890 * and corrected by the flash driver; this is harmless but may indicate that 891 * this eraseblock may become bad soon; 892 * o %UBI_IO_BAD_VID_HRD if the volume identifier header is corrupted (a CRC 893 * error detected); 894 * o %UBI_IO_PEB_FREE if the physical eraseblock is free (i.e., there is no VID 895 * header there); 896 * o a negative error code in case of failure. 897 */ 898 int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum, 899 struct ubi_vid_hdr *vid_hdr, int verbose) 900 { 901 int err, read_err = 0; 902 uint32_t crc, magic, hdr_crc; 903 void *p; 904 905 dbg_io("read VID header from PEB %d", pnum); 906 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 907 908 p = (char *)vid_hdr - ubi->vid_hdr_shift; 909 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset, 910 ubi->vid_hdr_alsize); 911 if (err) { 912 if (err != UBI_IO_BITFLIPS && err != -EBADMSG) 913 return err; 914 915 /* 916 * We read all the data, but either a correctable bit-flip 917 * occurred, or MTD reported about some data integrity error, 918 * like an ECC error in case of NAND. The former is harmless, 919 * the later may mean the read data is corrupted. But we have a 920 * CRC check-sum and we will identify this. If the VID header is 921 * still OK, we just report this as there was a bit-flip. 922 */ 923 read_err = err; 924 } 925 926 magic = be32_to_cpu(vid_hdr->magic); 927 if (magic != UBI_VID_HDR_MAGIC) { 928 /* 929 * If we have read all 0xFF bytes, the VID header probably does 930 * not exist and the physical eraseblock is assumed to be free. 931 * 932 * But if there was a read error, we do not test the data for 933 * 0xFFs. Even if it does contain all 0xFFs, this error 934 * indicates that something is still wrong with this physical 935 * eraseblock and it cannot be regarded as free. 936 */ 937 if (read_err != -EBADMSG && 938 check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) { 939 /* The physical eraseblock is supposedly free */ 940 941 /* 942 * The below is just a paranoid check, it has to be 943 * compiled out if paranoid checks are disabled. 944 */ 945 err = paranoid_check_all_ff(ubi, pnum, ubi->leb_start, 946 ubi->leb_size); 947 if (err) 948 return err > 0 ? UBI_IO_BAD_VID_HDR : err; 949 950 if (verbose) 951 ubi_warn("no VID header found at PEB %d, " 952 "only 0xFF bytes", pnum); 953 return UBI_IO_PEB_FREE; 954 } 955 956 /* 957 * This is not a valid VID header, and these are not 0xFF 958 * bytes. Report that the header is corrupted. 959 */ 960 if (verbose) { 961 ubi_warn("bad magic number at PEB %d: %08x instead of " 962 "%08x", pnum, magic, UBI_VID_HDR_MAGIC); 963 ubi_dbg_dump_vid_hdr(vid_hdr); 964 } 965 return UBI_IO_BAD_VID_HDR; 966 } 967 968 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC); 969 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc); 970 971 if (hdr_crc != crc) { 972 if (verbose) { 973 ubi_warn("bad CRC at PEB %d, calculated %#08x, " 974 "read %#08x", pnum, crc, hdr_crc); 975 ubi_dbg_dump_vid_hdr(vid_hdr); 976 } 977 return UBI_IO_BAD_VID_HDR; 978 } 979 980 /* Validate the VID header that we have just read */ 981 err = validate_vid_hdr(ubi, vid_hdr); 982 if (err) { 983 ubi_err("validation failed for PEB %d", pnum); 984 return -EINVAL; 985 } 986 987 return read_err ? UBI_IO_BITFLIPS : 0; 988 } 989 990 /** 991 * ubi_io_write_vid_hdr - write a volume identifier header. 992 * @ubi: UBI device description object 993 * @pnum: the physical eraseblock number to write to 994 * @vid_hdr: the volume identifier header to write 995 * 996 * This function writes the volume identifier header described by @vid_hdr to 997 * physical eraseblock @pnum. This function automatically fills the 998 * @vid_hdr->magic and the @vid_hdr->version fields, as well as calculates 999 * header CRC checksum and stores it at vid_hdr->hdr_crc. 1000 * 1001 * This function returns zero in case of success and a negative error code in 1002 * case of failure. If %-EIO is returned, the physical eraseblock probably went 1003 * bad. 1004 */ 1005 int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum, 1006 struct ubi_vid_hdr *vid_hdr) 1007 { 1008 int err; 1009 uint32_t crc; 1010 void *p; 1011 1012 dbg_io("write VID header to PEB %d", pnum); 1013 ubi_assert(pnum >= 0 && pnum < ubi->peb_count); 1014 1015 err = paranoid_check_peb_ec_hdr(ubi, pnum); 1016 if (err) 1017 return err > 0 ? -EINVAL: err; 1018 1019 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC); 1020 vid_hdr->version = UBI_VERSION; 1021 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC); 1022 vid_hdr->hdr_crc = cpu_to_be32(crc); 1023 1024 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr); 1025 if (err) 1026 return -EINVAL; 1027 1028 p = (char *)vid_hdr - ubi->vid_hdr_shift; 1029 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset, 1030 ubi->vid_hdr_alsize); 1031 return err; 1032 } 1033 1034 #ifdef CONFIG_MTD_UBI_DEBUG_PARANOID 1035 1036 /** 1037 * paranoid_check_not_bad - ensure that a physical eraseblock is not bad. 1038 * @ubi: UBI device description object 1039 * @pnum: physical eraseblock number to check 1040 * 1041 * This function returns zero if the physical eraseblock is good, a positive 1042 * number if it is bad and a negative error code if an error occurred. 1043 */ 1044 static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum) 1045 { 1046 int err; 1047 1048 err = ubi_io_is_bad(ubi, pnum); 1049 if (!err) 1050 return err; 1051 1052 ubi_err("paranoid check failed for PEB %d", pnum); 1053 ubi_dbg_dump_stack(); 1054 return err; 1055 } 1056 1057 /** 1058 * paranoid_check_ec_hdr - check if an erase counter header is all right. 1059 * @ubi: UBI device description object 1060 * @pnum: physical eraseblock number the erase counter header belongs to 1061 * @ec_hdr: the erase counter header to check 1062 * 1063 * This function returns zero if the erase counter header contains valid 1064 * values, and %1 if not. 1065 */ 1066 static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum, 1067 const struct ubi_ec_hdr *ec_hdr) 1068 { 1069 int err; 1070 uint32_t magic; 1071 1072 magic = be32_to_cpu(ec_hdr->magic); 1073 if (magic != UBI_EC_HDR_MAGIC) { 1074 ubi_err("bad magic %#08x, must be %#08x", 1075 magic, UBI_EC_HDR_MAGIC); 1076 goto fail; 1077 } 1078 1079 err = validate_ec_hdr(ubi, ec_hdr); 1080 if (err) { 1081 ubi_err("paranoid check failed for PEB %d", pnum); 1082 goto fail; 1083 } 1084 1085 return 0; 1086 1087 fail: 1088 ubi_dbg_dump_ec_hdr(ec_hdr); 1089 ubi_dbg_dump_stack(); 1090 return 1; 1091 } 1092 1093 /** 1094 * paranoid_check_peb_ec_hdr - check that the erase counter header of a 1095 * physical eraseblock is in-place and is all right. 1096 * @ubi: UBI device description object 1097 * @pnum: the physical eraseblock number to check 1098 * 1099 * This function returns zero if the erase counter header is all right, %1 if 1100 * not, and a negative error code if an error occurred. 1101 */ 1102 static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum) 1103 { 1104 int err; 1105 uint32_t crc, hdr_crc; 1106 struct ubi_ec_hdr *ec_hdr; 1107 1108 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS); 1109 if (!ec_hdr) 1110 return -ENOMEM; 1111 1112 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE); 1113 if (err && err != UBI_IO_BITFLIPS && err != -EBADMSG) 1114 goto exit; 1115 1116 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC); 1117 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc); 1118 if (hdr_crc != crc) { 1119 ubi_err("bad CRC, calculated %#08x, read %#08x", crc, hdr_crc); 1120 ubi_err("paranoid check failed for PEB %d", pnum); 1121 ubi_dbg_dump_ec_hdr(ec_hdr); 1122 ubi_dbg_dump_stack(); 1123 err = 1; 1124 goto exit; 1125 } 1126 1127 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr); 1128 1129 exit: 1130 kfree(ec_hdr); 1131 return err; 1132 } 1133 1134 /** 1135 * paranoid_check_vid_hdr - check that a volume identifier header is all right. 1136 * @ubi: UBI device description object 1137 * @pnum: physical eraseblock number the volume identifier header belongs to 1138 * @vid_hdr: the volume identifier header to check 1139 * 1140 * This function returns zero if the volume identifier header is all right, and 1141 * %1 if not. 1142 */ 1143 static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum, 1144 const struct ubi_vid_hdr *vid_hdr) 1145 { 1146 int err; 1147 uint32_t magic; 1148 1149 magic = be32_to_cpu(vid_hdr->magic); 1150 if (magic != UBI_VID_HDR_MAGIC) { 1151 ubi_err("bad VID header magic %#08x at PEB %d, must be %#08x", 1152 magic, pnum, UBI_VID_HDR_MAGIC); 1153 goto fail; 1154 } 1155 1156 err = validate_vid_hdr(ubi, vid_hdr); 1157 if (err) { 1158 ubi_err("paranoid check failed for PEB %d", pnum); 1159 goto fail; 1160 } 1161 1162 return err; 1163 1164 fail: 1165 ubi_err("paranoid check failed for PEB %d", pnum); 1166 ubi_dbg_dump_vid_hdr(vid_hdr); 1167 ubi_dbg_dump_stack(); 1168 return 1; 1169 1170 } 1171 1172 /** 1173 * paranoid_check_peb_vid_hdr - check that the volume identifier header of a 1174 * physical eraseblock is in-place and is all right. 1175 * @ubi: UBI device description object 1176 * @pnum: the physical eraseblock number to check 1177 * 1178 * This function returns zero if the volume identifier header is all right, 1179 * %1 if not, and a negative error code if an error occurred. 1180 */ 1181 static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum) 1182 { 1183 int err; 1184 uint32_t crc, hdr_crc; 1185 struct ubi_vid_hdr *vid_hdr; 1186 void *p; 1187 1188 vid_hdr = ubi_zalloc_vid_hdr(ubi, GFP_NOFS); 1189 if (!vid_hdr) 1190 return -ENOMEM; 1191 1192 p = (char *)vid_hdr - ubi->vid_hdr_shift; 1193 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset, 1194 ubi->vid_hdr_alsize); 1195 if (err && err != UBI_IO_BITFLIPS && err != -EBADMSG) 1196 goto exit; 1197 1198 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_EC_HDR_SIZE_CRC); 1199 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc); 1200 if (hdr_crc != crc) { 1201 ubi_err("bad VID header CRC at PEB %d, calculated %#08x, " 1202 "read %#08x", pnum, crc, hdr_crc); 1203 ubi_err("paranoid check failed for PEB %d", pnum); 1204 ubi_dbg_dump_vid_hdr(vid_hdr); 1205 ubi_dbg_dump_stack(); 1206 err = 1; 1207 goto exit; 1208 } 1209 1210 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr); 1211 1212 exit: 1213 ubi_free_vid_hdr(ubi, vid_hdr); 1214 return err; 1215 } 1216 1217 /** 1218 * paranoid_check_all_ff - check that a region of flash is empty. 1219 * @ubi: UBI device description object 1220 * @pnum: the physical eraseblock number to check 1221 * @offset: the starting offset within the physical eraseblock to check 1222 * @len: the length of the region to check 1223 * 1224 * This function returns zero if only 0xFF bytes are present at offset 1225 * @offset of the physical eraseblock @pnum, %1 if not, and a negative error 1226 * code if an error occurred. 1227 */ 1228 static int paranoid_check_all_ff(struct ubi_device *ubi, int pnum, int offset, 1229 int len) 1230 { 1231 size_t read; 1232 int err; 1233 loff_t addr = (loff_t)pnum * ubi->peb_size + offset; 1234 1235 mutex_lock(&ubi->dbg_buf_mutex); 1236 err = ubi->mtd->read(ubi->mtd, addr, len, &read, ubi->dbg_peb_buf); 1237 if (err && err != -EUCLEAN) { 1238 ubi_err("error %d while reading %d bytes from PEB %d:%d, " 1239 "read %zd bytes", err, len, pnum, offset, read); 1240 goto error; 1241 } 1242 1243 err = check_pattern(ubi->dbg_peb_buf, 0xFF, len); 1244 if (err == 0) { 1245 ubi_err("flash region at PEB %d:%d, length %d does not " 1246 "contain all 0xFF bytes", pnum, offset, len); 1247 goto fail; 1248 } 1249 mutex_unlock(&ubi->dbg_buf_mutex); 1250 1251 return 0; 1252 1253 fail: 1254 ubi_err("paranoid check failed for PEB %d", pnum); 1255 dbg_msg("hex dump of the %d-%d region", offset, offset + len); 1256 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1, 1257 ubi->dbg_peb_buf, len, 1); 1258 err = 1; 1259 error: 1260 ubi_dbg_dump_stack(); 1261 mutex_unlock(&ubi->dbg_buf_mutex); 1262 return err; 1263 } 1264 1265 #endif /* CONFIG_MTD_UBI_DEBUG_PARANOID */ 1266