blob: 8423894000bcc41597c47c80992bbe7134164fec [file] [log] [blame]
Kyungmin Park2d262c42008-11-19 16:26:54 +01001/*
2 * Copyright (c) International Business Machines Corp., 2006
3 * Copyright (c) Nokia Corporation, 2006, 2007
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
13 * the GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 *
19 * Author: Artem Bityutskiy (Битюцкий Артём)
20 */
21
22/*
23 * UBI input/output unit.
24 *
25 * This unit provides a uniform way to work with all kinds of the underlying
26 * MTD devices. It also implements handy functions for reading and writing UBI
27 * headers.
28 *
29 * We are trying to have a paranoid mindset and not to trust to what we read
30 * from the flash media in order to be more secure and robust. So this unit
31 * validates every single header it reads from the flash media.
32 *
33 * Some words about how the eraseblock headers are stored.
34 *
35 * The erase counter header is always stored at offset zero. By default, the
36 * VID header is stored after the EC header at the closest aligned offset
37 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID
38 * header at the closest aligned offset. But this default layout may be
39 * changed. For example, for different reasons (e.g., optimization) UBI may be
40 * asked to put the VID header at further offset, and even at an unaligned
41 * offset. Of course, if the offset of the VID header is unaligned, UBI adds
42 * proper padding in front of it. Data offset may also be changed but it has to
43 * be aligned.
44 *
45 * About minimal I/O units. In general, UBI assumes flash device model where
46 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1,
47 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the
48 * @ubi->mtd->writesize field. But as an exception, UBI admits of using another
49 * (smaller) minimal I/O unit size for EC and VID headers to make it possible
50 * to do different optimizations.
51 *
52 * This is extremely useful in case of NAND flashes which admit of several
53 * write operations to one NAND page. In this case UBI can fit EC and VID
54 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal
55 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still
56 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI
57 * users.
58 *
59 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so
60 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID
61 * headers.
62 *
63 * Q: why not just to treat sub-page as a minimal I/O unit of this flash
64 * device, e.g., make @ubi->min_io_size = 512 in the example above?
65 *
66 * A: because when writing a sub-page, MTD still writes a full 2K page but the
67 * bytes which are no relevant to the sub-page are 0xFF. So, basically, writing
68 * 4x512 sub-pages is 4 times slower then writing one 2KiB NAND page. Thus, we
69 * prefer to use sub-pages only for EV and VID headers.
70 *
71 * As it was noted above, the VID header may start at a non-aligned offset.
72 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page,
73 * the VID header may reside at offset 1984 which is the last 64 bytes of the
74 * last sub-page (EC header is always at offset zero). This causes some
75 * difficulties when reading and writing VID headers.
76 *
77 * Suppose we have a 64-byte buffer and we read a VID header at it. We change
78 * the data and want to write this VID header out. As we can only write in
79 * 512-byte chunks, we have to allocate one more buffer and copy our VID header
80 * to offset 448 of this buffer.
81 *
82 * The I/O unit does the following trick in order to avoid this extra copy.
83 * It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID header
84 * and returns a pointer to offset @ubi->vid_hdr_shift of this buffer. When the
85 * VID header is being written out, it shifts the VID header pointer back and
86 * writes the whole sub-page.
87 */
88
89#ifdef UBI_LINUX
90#include <linux/crc32.h>
91#include <linux/err.h>
92#endif
93
94#include <ubi_uboot.h>
95#include "ubi.h"
96
97#ifdef CONFIG_MTD_UBI_DEBUG_PARANOID
98static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum);
99static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum);
100static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum,
101 const struct ubi_ec_hdr *ec_hdr);
102static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum);
103static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum,
104 const struct ubi_vid_hdr *vid_hdr);
105static int paranoid_check_all_ff(struct ubi_device *ubi, int pnum, int offset,
106 int len);
107#else
108#define paranoid_check_not_bad(ubi, pnum) 0
109#define paranoid_check_peb_ec_hdr(ubi, pnum) 0
110#define paranoid_check_ec_hdr(ubi, pnum, ec_hdr) 0
111#define paranoid_check_peb_vid_hdr(ubi, pnum) 0
112#define paranoid_check_vid_hdr(ubi, pnum, vid_hdr) 0
113#define paranoid_check_all_ff(ubi, pnum, offset, len) 0
114#endif
115
116/**
117 * ubi_io_read - read data from a physical eraseblock.
118 * @ubi: UBI device description object
119 * @buf: buffer where to store the read data
120 * @pnum: physical eraseblock number to read from
121 * @offset: offset within the physical eraseblock from where to read
122 * @len: how many bytes to read
123 *
124 * This function reads data from offset @offset of physical eraseblock @pnum
125 * and stores the read data in the @buf buffer. The following return codes are
126 * possible:
127 *
128 * o %0 if all the requested data were successfully read;
129 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but
130 * correctable bit-flips were detected; this is harmless but may indicate
131 * that this eraseblock may become bad soon (but do not have to);
132 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for
133 * example it can be an ECC error in case of NAND; this most probably means
134 * that the data is corrupted;
135 * o %-EIO if some I/O error occurred;
136 * o other negative error codes in case of other errors.
137 */
138int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset,
139 int len)
140{
141 int err, retries = 0;
142 size_t read;
143 loff_t addr;
144
145 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset);
146
147 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
148 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
149 ubi_assert(len > 0);
150
151 err = paranoid_check_not_bad(ubi, pnum);
152 if (err)
153 return err > 0 ? -EINVAL : err;
154
155 addr = (loff_t)pnum * ubi->peb_size + offset;
156retry:
157 err = ubi->mtd->read(ubi->mtd, addr, len, &read, buf);
158 if (err) {
159 if (err == -EUCLEAN) {
160 /*
161 * -EUCLEAN is reported if there was a bit-flip which
162 * was corrected, so this is harmless.
163 */
164 ubi_msg("fixable bit-flip detected at PEB %d", pnum);
165 ubi_assert(len == read);
166 return UBI_IO_BITFLIPS;
167 }
168
169 if (read != len && retries++ < UBI_IO_RETRIES) {
170 dbg_io("error %d while reading %d bytes from PEB %d:%d, "
171 "read only %zd bytes, retry",
172 err, len, pnum, offset, read);
173 yield();
174 goto retry;
175 }
176
177 ubi_err("error %d while reading %d bytes from PEB %d:%d, "
178 "read %zd bytes", err, len, pnum, offset, read);
179 ubi_dbg_dump_stack();
180
181 /*
182 * The driver should never return -EBADMSG if it failed to read
183 * all the requested data. But some buggy drivers might do
184 * this, so we change it to -EIO.
185 */
186 if (read != len && err == -EBADMSG) {
187 ubi_assert(0);
188 printk("%s[%d] not here\n", __func__, __LINE__);
Wolfgang Denk455ae7e2008-12-16 01:02:17 +0100189/* err = -EIO; */
Kyungmin Park2d262c42008-11-19 16:26:54 +0100190 }
191 } else {
192 ubi_assert(len == read);
193
194 if (ubi_dbg_is_bitflip()) {
195 dbg_msg("bit-flip (emulated)");
196 err = UBI_IO_BITFLIPS;
197 }
198 }
199
200 return err;
201}
202
203/**
204 * ubi_io_write - write data to a physical eraseblock.
205 * @ubi: UBI device description object
206 * @buf: buffer with the data to write
207 * @pnum: physical eraseblock number to write to
208 * @offset: offset within the physical eraseblock where to write
209 * @len: how many bytes to write
210 *
211 * This function writes @len bytes of data from buffer @buf to offset @offset
212 * of physical eraseblock @pnum. If all the data were successfully written,
213 * zero is returned. If an error occurred, this function returns a negative
214 * error code. If %-EIO is returned, the physical eraseblock most probably went
215 * bad.
216 *
217 * Note, in case of an error, it is possible that something was still written
218 * to the flash media, but may be some garbage.
219 */
220int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset,
221 int len)
222{
223 int err;
224 size_t written;
225 loff_t addr;
226
227 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset);
228
229 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
230 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
231 ubi_assert(offset % ubi->hdrs_min_io_size == 0);
232 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0);
233
234 if (ubi->ro_mode) {
235 ubi_err("read-only mode");
236 return -EROFS;
237 }
238
239 /* The below has to be compiled out if paranoid checks are disabled */
240
241 err = paranoid_check_not_bad(ubi, pnum);
242 if (err)
243 return err > 0 ? -EINVAL : err;
244
245 /* The area we are writing to has to contain all 0xFF bytes */
246 err = paranoid_check_all_ff(ubi, pnum, offset, len);
247 if (err)
248 return err > 0 ? -EINVAL : err;
249
250 if (offset >= ubi->leb_start) {
251 /*
252 * We write to the data area of the physical eraseblock. Make
253 * sure it has valid EC and VID headers.
254 */
255 err = paranoid_check_peb_ec_hdr(ubi, pnum);
256 if (err)
257 return err > 0 ? -EINVAL : err;
258 err = paranoid_check_peb_vid_hdr(ubi, pnum);
259 if (err)
260 return err > 0 ? -EINVAL : err;
261 }
262
263 if (ubi_dbg_is_write_failure()) {
264 dbg_err("cannot write %d bytes to PEB %d:%d "
265 "(emulated)", len, pnum, offset);
266 ubi_dbg_dump_stack();
267 return -EIO;
268 }
269
270 addr = (loff_t)pnum * ubi->peb_size + offset;
271 err = ubi->mtd->write(ubi->mtd, addr, len, &written, buf);
272 if (err) {
273 ubi_err("error %d while writing %d bytes to PEB %d:%d, written"
274 " %zd bytes", err, len, pnum, offset, written);
275 ubi_dbg_dump_stack();
276 } else
277 ubi_assert(written == len);
278
279 return err;
280}
281
282/**
283 * erase_callback - MTD erasure call-back.
284 * @ei: MTD erase information object.
285 *
286 * Note, even though MTD erase interface is asynchronous, all the current
287 * implementations are synchronous anyway.
288 */
289static void erase_callback(struct erase_info *ei)
290{
291 wake_up_interruptible((wait_queue_head_t *)ei->priv);
292}
293
294/**
295 * do_sync_erase - synchronously erase a physical eraseblock.
296 * @ubi: UBI device description object
297 * @pnum: the physical eraseblock number to erase
298 *
299 * This function synchronously erases physical eraseblock @pnum and returns
300 * zero in case of success and a negative error code in case of failure. If
301 * %-EIO is returned, the physical eraseblock most probably went bad.
302 */
303static int do_sync_erase(struct ubi_device *ubi, int pnum)
304{
305 int err, retries = 0;
306 struct erase_info ei;
307 wait_queue_head_t wq;
308
309 dbg_io("erase PEB %d", pnum);
310
311retry:
312 init_waitqueue_head(&wq);
313 memset(&ei, 0, sizeof(struct erase_info));
314
315 ei.mtd = ubi->mtd;
316 ei.addr = (loff_t)pnum * ubi->peb_size;
317 ei.len = ubi->peb_size;
318 ei.callback = erase_callback;
319 ei.priv = (unsigned long)&wq;
320
321 err = ubi->mtd->erase(ubi->mtd, &ei);
322 if (err) {
323 if (retries++ < UBI_IO_RETRIES) {
324 dbg_io("error %d while erasing PEB %d, retry",
325 err, pnum);
326 yield();
327 goto retry;
328 }
329 ubi_err("cannot erase PEB %d, error %d", pnum, err);
330 ubi_dbg_dump_stack();
331 return err;
332 }
333
334 err = wait_event_interruptible(wq, ei.state == MTD_ERASE_DONE ||
335 ei.state == MTD_ERASE_FAILED);
336 if (err) {
337 ubi_err("interrupted PEB %d erasure", pnum);
338 return -EINTR;
339 }
340
341 if (ei.state == MTD_ERASE_FAILED) {
342 if (retries++ < UBI_IO_RETRIES) {
343 dbg_io("error while erasing PEB %d, retry", pnum);
344 yield();
345 goto retry;
346 }
347 ubi_err("cannot erase PEB %d", pnum);
348 ubi_dbg_dump_stack();
349 return -EIO;
350 }
351
352 err = paranoid_check_all_ff(ubi, pnum, 0, ubi->peb_size);
353 if (err)
354 return err > 0 ? -EINVAL : err;
355
356 if (ubi_dbg_is_erase_failure() && !err) {
357 dbg_err("cannot erase PEB %d (emulated)", pnum);
358 return -EIO;
359 }
360
361 return 0;
362}
363
364/**
365 * check_pattern - check if buffer contains only a certain byte pattern.
366 * @buf: buffer to check
367 * @patt: the pattern to check
368 * @size: buffer size in bytes
369 *
370 * This function returns %1 in there are only @patt bytes in @buf, and %0 if
371 * something else was also found.
372 */
373static int check_pattern(const void *buf, uint8_t patt, int size)
374{
375 int i;
376
377 for (i = 0; i < size; i++)
378 if (((const uint8_t *)buf)[i] != patt)
379 return 0;
380 return 1;
381}
382
383/* Patterns to write to a physical eraseblock when torturing it */
384static uint8_t patterns[] = {0xa5, 0x5a, 0x0};
385
386/**
387 * torture_peb - test a supposedly bad physical eraseblock.
388 * @ubi: UBI device description object
389 * @pnum: the physical eraseblock number to test
390 *
391 * This function returns %-EIO if the physical eraseblock did not pass the
392 * test, a positive number of erase operations done if the test was
393 * successfully passed, and other negative error codes in case of other errors.
394 */
395static int torture_peb(struct ubi_device *ubi, int pnum)
396{
397 int err, i, patt_count;
398
399 patt_count = ARRAY_SIZE(patterns);
400 ubi_assert(patt_count > 0);
401
402 mutex_lock(&ubi->buf_mutex);
403 for (i = 0; i < patt_count; i++) {
404 err = do_sync_erase(ubi, pnum);
405 if (err)
406 goto out;
407
408 /* Make sure the PEB contains only 0xFF bytes */
409 err = ubi_io_read(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size);
410 if (err)
411 goto out;
412
413 err = check_pattern(ubi->peb_buf1, 0xFF, ubi->peb_size);
414 if (err == 0) {
415 ubi_err("erased PEB %d, but a non-0xFF byte found",
416 pnum);
417 err = -EIO;
418 goto out;
419 }
420
421 /* Write a pattern and check it */
422 memset(ubi->peb_buf1, patterns[i], ubi->peb_size);
423 err = ubi_io_write(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size);
424 if (err)
425 goto out;
426
427 memset(ubi->peb_buf1, ~patterns[i], ubi->peb_size);
428 err = ubi_io_read(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size);
429 if (err)
430 goto out;
431
432 err = check_pattern(ubi->peb_buf1, patterns[i], ubi->peb_size);
433 if (err == 0) {
434 ubi_err("pattern %x checking failed for PEB %d",
435 patterns[i], pnum);
436 err = -EIO;
437 goto out;
438 }
439 }
440
441 err = patt_count;
442
443out:
444 mutex_unlock(&ubi->buf_mutex);
445 if (err == UBI_IO_BITFLIPS || err == -EBADMSG) {
446 /*
447 * If a bit-flip or data integrity error was detected, the test
448 * has not passed because it happened on a freshly erased
449 * physical eraseblock which means something is wrong with it.
450 */
451 ubi_err("read problems on freshly erased PEB %d, must be bad",
452 pnum);
453 err = -EIO;
454 }
455 return err;
456}
457
458/**
459 * ubi_io_sync_erase - synchronously erase a physical eraseblock.
460 * @ubi: UBI device description object
461 * @pnum: physical eraseblock number to erase
462 * @torture: if this physical eraseblock has to be tortured
463 *
464 * This function synchronously erases physical eraseblock @pnum. If @torture
465 * flag is not zero, the physical eraseblock is checked by means of writing
466 * different patterns to it and reading them back. If the torturing is enabled,
467 * the physical eraseblock is erased more then once.
468 *
469 * This function returns the number of erasures made in case of success, %-EIO
470 * if the erasure failed or the torturing test failed, and other negative error
471 * codes in case of other errors. Note, %-EIO means that the physical
472 * eraseblock is bad.
473 */
474int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture)
475{
476 int err, ret = 0;
477
478 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
479
480 err = paranoid_check_not_bad(ubi, pnum);
481 if (err != 0)
482 return err > 0 ? -EINVAL : err;
483
484 if (ubi->ro_mode) {
485 ubi_err("read-only mode");
486 return -EROFS;
487 }
488
489 if (torture) {
490 ret = torture_peb(ubi, pnum);
491 if (ret < 0)
492 return ret;
493 }
494
495 err = do_sync_erase(ubi, pnum);
496 if (err)
497 return err;
498
499 return ret + 1;
500}
501
502/**
503 * ubi_io_is_bad - check if a physical eraseblock is bad.
504 * @ubi: UBI device description object
505 * @pnum: the physical eraseblock number to check
506 *
507 * This function returns a positive number if the physical eraseblock is bad,
508 * zero if not, and a negative error code if an error occurred.
509 */
510int ubi_io_is_bad(const struct ubi_device *ubi, int pnum)
511{
512 struct mtd_info *mtd = ubi->mtd;
513
514 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
515
516 if (ubi->bad_allowed) {
517 int ret;
518
519 ret = mtd->block_isbad(mtd, (loff_t)pnum * ubi->peb_size);
520 if (ret < 0)
521 ubi_err("error %d while checking if PEB %d is bad",
522 ret, pnum);
523 else if (ret)
524 dbg_io("PEB %d is bad", pnum);
525 return ret;
526 }
527
528 return 0;
529}
530
531/**
532 * ubi_io_mark_bad - mark a physical eraseblock as bad.
533 * @ubi: UBI device description object
534 * @pnum: the physical eraseblock number to mark
535 *
536 * This function returns zero in case of success and a negative error code in
537 * case of failure.
538 */
539int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum)
540{
541 int err;
542 struct mtd_info *mtd = ubi->mtd;
543
544 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
545
546 if (ubi->ro_mode) {
547 ubi_err("read-only mode");
548 return -EROFS;
549 }
550
551 if (!ubi->bad_allowed)
552 return 0;
553
554 err = mtd->block_markbad(mtd, (loff_t)pnum * ubi->peb_size);
555 if (err)
556 ubi_err("cannot mark PEB %d bad, error %d", pnum, err);
557 return err;
558}
559
560/**
561 * validate_ec_hdr - validate an erase counter header.
562 * @ubi: UBI device description object
563 * @ec_hdr: the erase counter header to check
564 *
565 * This function returns zero if the erase counter header is OK, and %1 if
566 * not.
567 */
568static int validate_ec_hdr(const struct ubi_device *ubi,
569 const struct ubi_ec_hdr *ec_hdr)
570{
571 long long ec;
572 int vid_hdr_offset, leb_start;
573
574 ec = be64_to_cpu(ec_hdr->ec);
575 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset);
576 leb_start = be32_to_cpu(ec_hdr->data_offset);
577
578 if (ec_hdr->version != UBI_VERSION) {
579 ubi_err("node with incompatible UBI version found: "
580 "this UBI version is %d, image version is %d",
581 UBI_VERSION, (int)ec_hdr->version);
582 goto bad;
583 }
584
585 if (vid_hdr_offset != ubi->vid_hdr_offset) {
586 ubi_err("bad VID header offset %d, expected %d",
587 vid_hdr_offset, ubi->vid_hdr_offset);
588 goto bad;
589 }
590
591 if (leb_start != ubi->leb_start) {
592 ubi_err("bad data offset %d, expected %d",
593 leb_start, ubi->leb_start);
594 goto bad;
595 }
596
597 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) {
598 ubi_err("bad erase counter %lld", ec);
599 goto bad;
600 }
601
602 return 0;
603
604bad:
605 ubi_err("bad EC header");
606 ubi_dbg_dump_ec_hdr(ec_hdr);
607 ubi_dbg_dump_stack();
608 return 1;
609}
610
611/**
612 * ubi_io_read_ec_hdr - read and check an erase counter header.
613 * @ubi: UBI device description object
614 * @pnum: physical eraseblock to read from
615 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter
616 * header
617 * @verbose: be verbose if the header is corrupted or was not found
618 *
619 * This function reads erase counter header from physical eraseblock @pnum and
620 * stores it in @ec_hdr. This function also checks CRC checksum of the read
621 * erase counter header. The following codes may be returned:
622 *
623 * o %0 if the CRC checksum is correct and the header was successfully read;
624 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected
625 * and corrected by the flash driver; this is harmless but may indicate that
626 * this eraseblock may become bad soon (but may be not);
627 * o %UBI_IO_BAD_EC_HDR if the erase counter header is corrupted (a CRC error);
628 * o %UBI_IO_PEB_EMPTY if the physical eraseblock is empty;
629 * o a negative error code in case of failure.
630 */
631int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum,
632 struct ubi_ec_hdr *ec_hdr, int verbose)
633{
634 int err, read_err = 0;
635 uint32_t crc, magic, hdr_crc;
636
637 dbg_io("read EC header from PEB %d", pnum);
638 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
639 if (UBI_IO_DEBUG)
640 verbose = 1;
641
642 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
643 if (err) {
644 if (err != UBI_IO_BITFLIPS && err != -EBADMSG)
645 return err;
646
647 /*
648 * We read all the data, but either a correctable bit-flip
649 * occurred, or MTD reported about some data integrity error,
650 * like an ECC error in case of NAND. The former is harmless,
651 * the later may mean that the read data is corrupted. But we
652 * have a CRC check-sum and we will detect this. If the EC
653 * header is still OK, we just report this as there was a
654 * bit-flip.
655 */
656 read_err = err;
657 }
658
659 magic = be32_to_cpu(ec_hdr->magic);
660 if (magic != UBI_EC_HDR_MAGIC) {
661 /*
662 * The magic field is wrong. Let's check if we have read all
663 * 0xFF. If yes, this physical eraseblock is assumed to be
664 * empty.
665 *
666 * But if there was a read error, we do not test it for all
667 * 0xFFs. Even if it does contain all 0xFFs, this error
668 * indicates that something is still wrong with this physical
669 * eraseblock and we anyway cannot treat it as empty.
670 */
671 if (read_err != -EBADMSG &&
672 check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) {
673 /* The physical eraseblock is supposedly empty */
674
675 /*
676 * The below is just a paranoid check, it has to be
677 * compiled out if paranoid checks are disabled.
678 */
679 err = paranoid_check_all_ff(ubi, pnum, 0,
680 ubi->peb_size);
681 if (err)
682 return err > 0 ? UBI_IO_BAD_EC_HDR : err;
683
684 if (verbose)
685 ubi_warn("no EC header found at PEB %d, "
686 "only 0xFF bytes", pnum);
687 return UBI_IO_PEB_EMPTY;
688 }
689
690 /*
691 * This is not a valid erase counter header, and these are not
692 * 0xFF bytes. Report that the header is corrupted.
693 */
694 if (verbose) {
695 ubi_warn("bad magic number at PEB %d: %08x instead of "
696 "%08x", pnum, magic, UBI_EC_HDR_MAGIC);
697 ubi_dbg_dump_ec_hdr(ec_hdr);
698 }
699 return UBI_IO_BAD_EC_HDR;
700 }
701
702 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
703 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
704
705 if (hdr_crc != crc) {
706 if (verbose) {
707 ubi_warn("bad EC header CRC at PEB %d, calculated %#08x,"
708 " read %#08x", pnum, crc, hdr_crc);
709 ubi_dbg_dump_ec_hdr(ec_hdr);
710 }
711 return UBI_IO_BAD_EC_HDR;
712 }
713
714 /* And of course validate what has just been read from the media */
715 err = validate_ec_hdr(ubi, ec_hdr);
716 if (err) {
717 ubi_err("validation failed for PEB %d", pnum);
718 return -EINVAL;
719 }
720
721 return read_err ? UBI_IO_BITFLIPS : 0;
722}
723
724/**
725 * ubi_io_write_ec_hdr - write an erase counter header.
726 * @ubi: UBI device description object
727 * @pnum: physical eraseblock to write to
728 * @ec_hdr: the erase counter header to write
729 *
730 * This function writes erase counter header described by @ec_hdr to physical
731 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so
732 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec
733 * field.
734 *
735 * This function returns zero in case of success and a negative error code in
736 * case of failure. If %-EIO is returned, the physical eraseblock most probably
737 * went bad.
738 */
739int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum,
740 struct ubi_ec_hdr *ec_hdr)
741{
742 int err;
743 uint32_t crc;
744
745 dbg_io("write EC header to PEB %d", pnum);
746 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
747
748 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC);
749 ec_hdr->version = UBI_VERSION;
750 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset);
751 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start);
752 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
753 ec_hdr->hdr_crc = cpu_to_be32(crc);
754
755 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr);
756 if (err)
757 return -EINVAL;
758
759 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize);
760 return err;
761}
762
763/**
764 * validate_vid_hdr - validate a volume identifier header.
765 * @ubi: UBI device description object
766 * @vid_hdr: the volume identifier header to check
767 *
768 * This function checks that data stored in the volume identifier header
769 * @vid_hdr. Returns zero if the VID header is OK and %1 if not.
770 */
771static int validate_vid_hdr(const struct ubi_device *ubi,
772 const struct ubi_vid_hdr *vid_hdr)
773{
774 int vol_type = vid_hdr->vol_type;
775 int copy_flag = vid_hdr->copy_flag;
776 int vol_id = be32_to_cpu(vid_hdr->vol_id);
777 int lnum = be32_to_cpu(vid_hdr->lnum);
778 int compat = vid_hdr->compat;
779 int data_size = be32_to_cpu(vid_hdr->data_size);
780 int used_ebs = be32_to_cpu(vid_hdr->used_ebs);
781 int data_pad = be32_to_cpu(vid_hdr->data_pad);
782 int data_crc = be32_to_cpu(vid_hdr->data_crc);
783 int usable_leb_size = ubi->leb_size - data_pad;
784
785 if (copy_flag != 0 && copy_flag != 1) {
786 dbg_err("bad copy_flag");
787 goto bad;
788 }
789
790 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 ||
791 data_pad < 0) {
792 dbg_err("negative values");
793 goto bad;
794 }
795
796 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) {
797 dbg_err("bad vol_id");
798 goto bad;
799 }
800
801 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) {
802 dbg_err("bad compat");
803 goto bad;
804 }
805
806 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE &&
807 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE &&
808 compat != UBI_COMPAT_REJECT) {
809 dbg_err("bad compat");
810 goto bad;
811 }
812
813 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) {
814 dbg_err("bad vol_type");
815 goto bad;
816 }
817
818 if (data_pad >= ubi->leb_size / 2) {
819 dbg_err("bad data_pad");
820 goto bad;
821 }
822
823 if (vol_type == UBI_VID_STATIC) {
824 /*
825 * Although from high-level point of view static volumes may
826 * contain zero bytes of data, but no VID headers can contain
827 * zero at these fields, because they empty volumes do not have
828 * mapped logical eraseblocks.
829 */
830 if (used_ebs == 0) {
831 dbg_err("zero used_ebs");
832 goto bad;
833 }
834 if (data_size == 0) {
835 dbg_err("zero data_size");
836 goto bad;
837 }
838 if (lnum < used_ebs - 1) {
839 if (data_size != usable_leb_size) {
840 dbg_err("bad data_size");
841 goto bad;
842 }
843 } else if (lnum == used_ebs - 1) {
844 if (data_size == 0) {
845 dbg_err("bad data_size at last LEB");
846 goto bad;
847 }
848 } else {
849 dbg_err("too high lnum");
850 goto bad;
851 }
852 } else {
853 if (copy_flag == 0) {
854 if (data_crc != 0) {
855 dbg_err("non-zero data CRC");
856 goto bad;
857 }
858 if (data_size != 0) {
859 dbg_err("non-zero data_size");
860 goto bad;
861 }
862 } else {
863 if (data_size == 0) {
864 dbg_err("zero data_size of copy");
865 goto bad;
866 }
867 }
868 if (used_ebs != 0) {
869 dbg_err("bad used_ebs");
870 goto bad;
871 }
872 }
873
874 return 0;
875
876bad:
877 ubi_err("bad VID header");
878 ubi_dbg_dump_vid_hdr(vid_hdr);
879 ubi_dbg_dump_stack();
880 return 1;
881}
882
883/**
884 * ubi_io_read_vid_hdr - read and check a volume identifier header.
885 * @ubi: UBI device description object
886 * @pnum: physical eraseblock number to read from
887 * @vid_hdr: &struct ubi_vid_hdr object where to store the read volume
888 * identifier header
889 * @verbose: be verbose if the header is corrupted or wasn't found
890 *
891 * This function reads the volume identifier header from physical eraseblock
892 * @pnum and stores it in @vid_hdr. It also checks CRC checksum of the read
893 * volume identifier header. The following codes may be returned:
894 *
895 * o %0 if the CRC checksum is correct and the header was successfully read;
896 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected
897 * and corrected by the flash driver; this is harmless but may indicate that
898 * this eraseblock may become bad soon;
899 * o %UBI_IO_BAD_VID_HRD if the volume identifier header is corrupted (a CRC
900 * error detected);
901 * o %UBI_IO_PEB_FREE if the physical eraseblock is free (i.e., there is no VID
902 * header there);
903 * o a negative error code in case of failure.
904 */
905int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum,
906 struct ubi_vid_hdr *vid_hdr, int verbose)
907{
908 int err, read_err = 0;
909 uint32_t crc, magic, hdr_crc;
910 void *p;
911
912 dbg_io("read VID header from PEB %d", pnum);
913 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
914 if (UBI_IO_DEBUG)
915 verbose = 1;
916
917 p = (char *)vid_hdr - ubi->vid_hdr_shift;
918 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
919 ubi->vid_hdr_alsize);
920 if (err) {
921 if (err != UBI_IO_BITFLIPS && err != -EBADMSG)
922 return err;
923
924 /*
925 * We read all the data, but either a correctable bit-flip
926 * occurred, or MTD reported about some data integrity error,
927 * like an ECC error in case of NAND. The former is harmless,
928 * the later may mean the read data is corrupted. But we have a
929 * CRC check-sum and we will identify this. If the VID header is
930 * still OK, we just report this as there was a bit-flip.
931 */
932 read_err = err;
933 }
934
935 magic = be32_to_cpu(vid_hdr->magic);
936 if (magic != UBI_VID_HDR_MAGIC) {
937 /*
938 * If we have read all 0xFF bytes, the VID header probably does
939 * not exist and the physical eraseblock is assumed to be free.
940 *
941 * But if there was a read error, we do not test the data for
942 * 0xFFs. Even if it does contain all 0xFFs, this error
943 * indicates that something is still wrong with this physical
944 * eraseblock and it cannot be regarded as free.
945 */
946 if (read_err != -EBADMSG &&
947 check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) {
948 /* The physical eraseblock is supposedly free */
949
950 /*
951 * The below is just a paranoid check, it has to be
952 * compiled out if paranoid checks are disabled.
953 */
954 err = paranoid_check_all_ff(ubi, pnum, ubi->leb_start,
955 ubi->leb_size);
956 if (err)
957 return err > 0 ? UBI_IO_BAD_VID_HDR : err;
958
959 if (verbose)
960 ubi_warn("no VID header found at PEB %d, "
961 "only 0xFF bytes", pnum);
962 return UBI_IO_PEB_FREE;
963 }
964
965 /*
966 * This is not a valid VID header, and these are not 0xFF
967 * bytes. Report that the header is corrupted.
968 */
969 if (verbose) {
970 ubi_warn("bad magic number at PEB %d: %08x instead of "
971 "%08x", pnum, magic, UBI_VID_HDR_MAGIC);
972 ubi_dbg_dump_vid_hdr(vid_hdr);
973 }
974 return UBI_IO_BAD_VID_HDR;
975 }
976
977 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
978 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
979
980 if (hdr_crc != crc) {
981 if (verbose) {
982 ubi_warn("bad CRC at PEB %d, calculated %#08x, "
983 "read %#08x", pnum, crc, hdr_crc);
984 ubi_dbg_dump_vid_hdr(vid_hdr);
985 }
986 return UBI_IO_BAD_VID_HDR;
987 }
988
989 /* Validate the VID header that we have just read */
990 err = validate_vid_hdr(ubi, vid_hdr);
991 if (err) {
992 ubi_err("validation failed for PEB %d", pnum);
993 return -EINVAL;
994 }
995
996 return read_err ? UBI_IO_BITFLIPS : 0;
997}
998
999/**
1000 * ubi_io_write_vid_hdr - write a volume identifier header.
1001 * @ubi: UBI device description object
1002 * @pnum: the physical eraseblock number to write to
1003 * @vid_hdr: the volume identifier header to write
1004 *
1005 * This function writes the volume identifier header described by @vid_hdr to
1006 * physical eraseblock @pnum. This function automatically fills the
1007 * @vid_hdr->magic and the @vid_hdr->version fields, as well as calculates
1008 * header CRC checksum and stores it at vid_hdr->hdr_crc.
1009 *
1010 * This function returns zero in case of success and a negative error code in
1011 * case of failure. If %-EIO is returned, the physical eraseblock probably went
1012 * bad.
1013 */
1014int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum,
1015 struct ubi_vid_hdr *vid_hdr)
1016{
1017 int err;
1018 uint32_t crc;
1019 void *p;
1020
1021 dbg_io("write VID header to PEB %d", pnum);
1022 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1023
1024 err = paranoid_check_peb_ec_hdr(ubi, pnum);
1025 if (err)
1026 return err > 0 ? -EINVAL: err;
1027
1028 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC);
1029 vid_hdr->version = UBI_VERSION;
1030 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1031 vid_hdr->hdr_crc = cpu_to_be32(crc);
1032
1033 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr);
1034 if (err)
1035 return -EINVAL;
1036
1037 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1038 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset,
1039 ubi->vid_hdr_alsize);
1040 return err;
1041}
1042
1043#ifdef CONFIG_MTD_UBI_DEBUG_PARANOID
1044
1045/**
1046 * paranoid_check_not_bad - ensure that a physical eraseblock is not bad.
1047 * @ubi: UBI device description object
1048 * @pnum: physical eraseblock number to check
1049 *
1050 * This function returns zero if the physical eraseblock is good, a positive
1051 * number if it is bad and a negative error code if an error occurred.
1052 */
1053static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum)
1054{
1055 int err;
1056
1057 err = ubi_io_is_bad(ubi, pnum);
1058 if (!err)
1059 return err;
1060
1061 ubi_err("paranoid check failed for PEB %d", pnum);
1062 ubi_dbg_dump_stack();
1063 return err;
1064}
1065
1066/**
1067 * paranoid_check_ec_hdr - check if an erase counter header is all right.
1068 * @ubi: UBI device description object
1069 * @pnum: physical eraseblock number the erase counter header belongs to
1070 * @ec_hdr: the erase counter header to check
1071 *
1072 * This function returns zero if the erase counter header contains valid
1073 * values, and %1 if not.
1074 */
1075static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum,
1076 const struct ubi_ec_hdr *ec_hdr)
1077{
1078 int err;
1079 uint32_t magic;
1080
1081 magic = be32_to_cpu(ec_hdr->magic);
1082 if (magic != UBI_EC_HDR_MAGIC) {
1083 ubi_err("bad magic %#08x, must be %#08x",
1084 magic, UBI_EC_HDR_MAGIC);
1085 goto fail;
1086 }
1087
1088 err = validate_ec_hdr(ubi, ec_hdr);
1089 if (err) {
1090 ubi_err("paranoid check failed for PEB %d", pnum);
1091 goto fail;
1092 }
1093
1094 return 0;
1095
1096fail:
1097 ubi_dbg_dump_ec_hdr(ec_hdr);
1098 ubi_dbg_dump_stack();
1099 return 1;
1100}
1101
1102/**
1103 * paranoid_check_peb_ec_hdr - check that the erase counter header of a
1104 * physical eraseblock is in-place and is all right.
1105 * @ubi: UBI device description object
1106 * @pnum: the physical eraseblock number to check
1107 *
1108 * This function returns zero if the erase counter header is all right, %1 if
1109 * not, and a negative error code if an error occurred.
1110 */
1111static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum)
1112{
1113 int err;
1114 uint32_t crc, hdr_crc;
1115 struct ubi_ec_hdr *ec_hdr;
1116
1117 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS);
1118 if (!ec_hdr)
1119 return -ENOMEM;
1120
1121 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
1122 if (err && err != UBI_IO_BITFLIPS && err != -EBADMSG)
1123 goto exit;
1124
1125 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
1126 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
1127 if (hdr_crc != crc) {
1128 ubi_err("bad CRC, calculated %#08x, read %#08x", crc, hdr_crc);
1129 ubi_err("paranoid check failed for PEB %d", pnum);
1130 ubi_dbg_dump_ec_hdr(ec_hdr);
1131 ubi_dbg_dump_stack();
1132 err = 1;
1133 goto exit;
1134 }
1135
1136 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr);
1137
1138exit:
1139 kfree(ec_hdr);
1140 return err;
1141}
1142
1143/**
1144 * paranoid_check_vid_hdr - check that a volume identifier header is all right.
1145 * @ubi: UBI device description object
1146 * @pnum: physical eraseblock number the volume identifier header belongs to
1147 * @vid_hdr: the volume identifier header to check
1148 *
1149 * This function returns zero if the volume identifier header is all right, and
1150 * %1 if not.
1151 */
1152static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum,
1153 const struct ubi_vid_hdr *vid_hdr)
1154{
1155 int err;
1156 uint32_t magic;
1157
1158 magic = be32_to_cpu(vid_hdr->magic);
1159 if (magic != UBI_VID_HDR_MAGIC) {
1160 ubi_err("bad VID header magic %#08x at PEB %d, must be %#08x",
1161 magic, pnum, UBI_VID_HDR_MAGIC);
1162 goto fail;
1163 }
1164
1165 err = validate_vid_hdr(ubi, vid_hdr);
1166 if (err) {
1167 ubi_err("paranoid check failed for PEB %d", pnum);
1168 goto fail;
1169 }
1170
1171 return err;
1172
1173fail:
1174 ubi_err("paranoid check failed for PEB %d", pnum);
1175 ubi_dbg_dump_vid_hdr(vid_hdr);
1176 ubi_dbg_dump_stack();
1177 return 1;
1178
1179}
1180
1181/**
1182 * paranoid_check_peb_vid_hdr - check that the volume identifier header of a
1183 * physical eraseblock is in-place and is all right.
1184 * @ubi: UBI device description object
1185 * @pnum: the physical eraseblock number to check
1186 *
1187 * This function returns zero if the volume identifier header is all right,
1188 * %1 if not, and a negative error code if an error occurred.
1189 */
1190static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum)
1191{
1192 int err;
1193 uint32_t crc, hdr_crc;
1194 struct ubi_vid_hdr *vid_hdr;
1195 void *p;
1196
1197 vid_hdr = ubi_zalloc_vid_hdr(ubi, GFP_NOFS);
1198 if (!vid_hdr)
1199 return -ENOMEM;
1200
1201 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1202 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1203 ubi->vid_hdr_alsize);
1204 if (err && err != UBI_IO_BITFLIPS && err != -EBADMSG)
1205 goto exit;
1206
1207 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_EC_HDR_SIZE_CRC);
1208 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1209 if (hdr_crc != crc) {
1210 ubi_err("bad VID header CRC at PEB %d, calculated %#08x, "
1211 "read %#08x", pnum, crc, hdr_crc);
1212 ubi_err("paranoid check failed for PEB %d", pnum);
1213 ubi_dbg_dump_vid_hdr(vid_hdr);
1214 ubi_dbg_dump_stack();
1215 err = 1;
1216 goto exit;
1217 }
1218
1219 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr);
1220
1221exit:
1222 ubi_free_vid_hdr(ubi, vid_hdr);
1223 return err;
1224}
1225
1226/**
1227 * paranoid_check_all_ff - check that a region of flash is empty.
1228 * @ubi: UBI device description object
1229 * @pnum: the physical eraseblock number to check
1230 * @offset: the starting offset within the physical eraseblock to check
1231 * @len: the length of the region to check
1232 *
1233 * This function returns zero if only 0xFF bytes are present at offset
1234 * @offset of the physical eraseblock @pnum, %1 if not, and a negative error
1235 * code if an error occurred.
1236 */
1237static int paranoid_check_all_ff(struct ubi_device *ubi, int pnum, int offset,
1238 int len)
1239{
1240 size_t read;
1241 int err;
1242 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1243
1244 mutex_lock(&ubi->dbg_buf_mutex);
1245 err = ubi->mtd->read(ubi->mtd, addr, len, &read, ubi->dbg_peb_buf);
1246 if (err && err != -EUCLEAN) {
1247 ubi_err("error %d while reading %d bytes from PEB %d:%d, "
1248 "read %zd bytes", err, len, pnum, offset, read);
1249 goto error;
1250 }
1251
1252 err = check_pattern(ubi->dbg_peb_buf, 0xFF, len);
1253 if (err == 0) {
1254 ubi_err("flash region at PEB %d:%d, length %d does not "
1255 "contain all 0xFF bytes", pnum, offset, len);
1256 goto fail;
1257 }
1258 mutex_unlock(&ubi->dbg_buf_mutex);
1259
1260 return 0;
1261
1262fail:
1263 ubi_err("paranoid check failed for PEB %d", pnum);
1264 dbg_msg("hex dump of the %d-%d region", offset, offset + len);
1265 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1266 ubi->dbg_peb_buf, len, 1);
1267 err = 1;
1268error:
1269 ubi_dbg_dump_stack();
1270 mutex_unlock(&ubi->dbg_buf_mutex);
1271 return err;
1272}
1273
1274#endif /* CONFIG_MTD_UBI_DEBUG_PARANOID */