blob: 960befc6dda262b9ed22a76cdbc3fc855d3067f3 [file] [log] [blame]
Kyungmin Park2d262c42008-11-19 16:26:54 +01001/*
2 * Copyright (c) International Business Machines Corp., 2006
3 * Copyright (c) Nokia Corporation, 2006, 2007
4 *
Wolfgang Denk1a459662013-07-08 09:37:19 +02005 * SPDX-License-Identifier: GPL-2.0+
Kyungmin Park2d262c42008-11-19 16:26:54 +01006 *
7 * Author: Artem Bityutskiy (Битюцкий Артём)
8 */
9
10/*
11 * UBI input/output unit.
12 *
13 * This unit provides a uniform way to work with all kinds of the underlying
14 * MTD devices. It also implements handy functions for reading and writing UBI
15 * headers.
16 *
17 * We are trying to have a paranoid mindset and not to trust to what we read
18 * from the flash media in order to be more secure and robust. So this unit
19 * validates every single header it reads from the flash media.
20 *
21 * Some words about how the eraseblock headers are stored.
22 *
23 * The erase counter header is always stored at offset zero. By default, the
24 * VID header is stored after the EC header at the closest aligned offset
25 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID
26 * header at the closest aligned offset. But this default layout may be
27 * changed. For example, for different reasons (e.g., optimization) UBI may be
28 * asked to put the VID header at further offset, and even at an unaligned
29 * offset. Of course, if the offset of the VID header is unaligned, UBI adds
30 * proper padding in front of it. Data offset may also be changed but it has to
31 * be aligned.
32 *
33 * About minimal I/O units. In general, UBI assumes flash device model where
34 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1,
35 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the
36 * @ubi->mtd->writesize field. But as an exception, UBI admits of using another
37 * (smaller) minimal I/O unit size for EC and VID headers to make it possible
38 * to do different optimizations.
39 *
40 * This is extremely useful in case of NAND flashes which admit of several
41 * write operations to one NAND page. In this case UBI can fit EC and VID
42 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal
43 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still
44 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI
45 * users.
46 *
47 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so
48 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID
49 * headers.
50 *
51 * Q: why not just to treat sub-page as a minimal I/O unit of this flash
52 * device, e.g., make @ubi->min_io_size = 512 in the example above?
53 *
54 * A: because when writing a sub-page, MTD still writes a full 2K page but the
55 * bytes which are no relevant to the sub-page are 0xFF. So, basically, writing
56 * 4x512 sub-pages is 4 times slower then writing one 2KiB NAND page. Thus, we
57 * prefer to use sub-pages only for EV and VID headers.
58 *
59 * As it was noted above, the VID header may start at a non-aligned offset.
60 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page,
61 * the VID header may reside at offset 1984 which is the last 64 bytes of the
62 * last sub-page (EC header is always at offset zero). This causes some
63 * difficulties when reading and writing VID headers.
64 *
65 * Suppose we have a 64-byte buffer and we read a VID header at it. We change
66 * the data and want to write this VID header out. As we can only write in
67 * 512-byte chunks, we have to allocate one more buffer and copy our VID header
68 * to offset 448 of this buffer.
69 *
70 * The I/O unit does the following trick in order to avoid this extra copy.
71 * It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID header
72 * and returns a pointer to offset @ubi->vid_hdr_shift of this buffer. When the
73 * VID header is being written out, it shifts the VID header pointer back and
74 * writes the whole sub-page.
75 */
76
77#ifdef UBI_LINUX
78#include <linux/crc32.h>
79#include <linux/err.h>
80#endif
81
82#include <ubi_uboot.h>
83#include "ubi.h"
84
85#ifdef CONFIG_MTD_UBI_DEBUG_PARANOID
86static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum);
87static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum);
88static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum,
89 const struct ubi_ec_hdr *ec_hdr);
90static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum);
91static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum,
92 const struct ubi_vid_hdr *vid_hdr);
93static int paranoid_check_all_ff(struct ubi_device *ubi, int pnum, int offset,
94 int len);
95#else
96#define paranoid_check_not_bad(ubi, pnum) 0
97#define paranoid_check_peb_ec_hdr(ubi, pnum) 0
98#define paranoid_check_ec_hdr(ubi, pnum, ec_hdr) 0
99#define paranoid_check_peb_vid_hdr(ubi, pnum) 0
100#define paranoid_check_vid_hdr(ubi, pnum, vid_hdr) 0
101#define paranoid_check_all_ff(ubi, pnum, offset, len) 0
102#endif
103
104/**
105 * ubi_io_read - read data from a physical eraseblock.
106 * @ubi: UBI device description object
107 * @buf: buffer where to store the read data
108 * @pnum: physical eraseblock number to read from
109 * @offset: offset within the physical eraseblock from where to read
110 * @len: how many bytes to read
111 *
112 * This function reads data from offset @offset of physical eraseblock @pnum
113 * and stores the read data in the @buf buffer. The following return codes are
114 * possible:
115 *
116 * o %0 if all the requested data were successfully read;
117 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but
118 * correctable bit-flips were detected; this is harmless but may indicate
119 * that this eraseblock may become bad soon (but do not have to);
120 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for
121 * example it can be an ECC error in case of NAND; this most probably means
122 * that the data is corrupted;
123 * o %-EIO if some I/O error occurred;
124 * o other negative error codes in case of other errors.
125 */
126int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset,
127 int len)
128{
129 int err, retries = 0;
130 size_t read;
131 loff_t addr;
132
133 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset);
134
135 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
136 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
137 ubi_assert(len > 0);
138
139 err = paranoid_check_not_bad(ubi, pnum);
140 if (err)
141 return err > 0 ? -EINVAL : err;
142
143 addr = (loff_t)pnum * ubi->peb_size + offset;
144retry:
Sergey Lapindfe64e22013-01-14 03:46:50 +0000145 err = mtd_read(ubi->mtd, addr, len, &read, buf);
Kyungmin Park2d262c42008-11-19 16:26:54 +0100146 if (err) {
147 if (err == -EUCLEAN) {
148 /*
149 * -EUCLEAN is reported if there was a bit-flip which
150 * was corrected, so this is harmless.
151 */
152 ubi_msg("fixable bit-flip detected at PEB %d", pnum);
153 ubi_assert(len == read);
154 return UBI_IO_BITFLIPS;
155 }
156
157 if (read != len && retries++ < UBI_IO_RETRIES) {
158 dbg_io("error %d while reading %d bytes from PEB %d:%d, "
159 "read only %zd bytes, retry",
160 err, len, pnum, offset, read);
161 yield();
162 goto retry;
163 }
164
165 ubi_err("error %d while reading %d bytes from PEB %d:%d, "
166 "read %zd bytes", err, len, pnum, offset, read);
167 ubi_dbg_dump_stack();
168
169 /*
170 * The driver should never return -EBADMSG if it failed to read
171 * all the requested data. But some buggy drivers might do
172 * this, so we change it to -EIO.
173 */
174 if (read != len && err == -EBADMSG) {
175 ubi_assert(0);
176 printk("%s[%d] not here\n", __func__, __LINE__);
Wolfgang Denk455ae7e2008-12-16 01:02:17 +0100177/* err = -EIO; */
Kyungmin Park2d262c42008-11-19 16:26:54 +0100178 }
179 } else {
180 ubi_assert(len == read);
181
182 if (ubi_dbg_is_bitflip()) {
183 dbg_msg("bit-flip (emulated)");
184 err = UBI_IO_BITFLIPS;
185 }
186 }
187
188 return err;
189}
190
191/**
192 * ubi_io_write - write data to a physical eraseblock.
193 * @ubi: UBI device description object
194 * @buf: buffer with the data to write
195 * @pnum: physical eraseblock number to write to
196 * @offset: offset within the physical eraseblock where to write
197 * @len: how many bytes to write
198 *
199 * This function writes @len bytes of data from buffer @buf to offset @offset
200 * of physical eraseblock @pnum. If all the data were successfully written,
201 * zero is returned. If an error occurred, this function returns a negative
202 * error code. If %-EIO is returned, the physical eraseblock most probably went
203 * bad.
204 *
205 * Note, in case of an error, it is possible that something was still written
206 * to the flash media, but may be some garbage.
207 */
208int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset,
209 int len)
210{
211 int err;
212 size_t written;
213 loff_t addr;
214
215 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset);
216
217 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
218 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
219 ubi_assert(offset % ubi->hdrs_min_io_size == 0);
220 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0);
221
222 if (ubi->ro_mode) {
223 ubi_err("read-only mode");
224 return -EROFS;
225 }
226
227 /* The below has to be compiled out if paranoid checks are disabled */
228
229 err = paranoid_check_not_bad(ubi, pnum);
230 if (err)
231 return err > 0 ? -EINVAL : err;
232
233 /* The area we are writing to has to contain all 0xFF bytes */
234 err = paranoid_check_all_ff(ubi, pnum, offset, len);
235 if (err)
236 return err > 0 ? -EINVAL : err;
237
238 if (offset >= ubi->leb_start) {
239 /*
240 * We write to the data area of the physical eraseblock. Make
241 * sure it has valid EC and VID headers.
242 */
243 err = paranoid_check_peb_ec_hdr(ubi, pnum);
244 if (err)
245 return err > 0 ? -EINVAL : err;
246 err = paranoid_check_peb_vid_hdr(ubi, pnum);
247 if (err)
248 return err > 0 ? -EINVAL : err;
249 }
250
251 if (ubi_dbg_is_write_failure()) {
252 dbg_err("cannot write %d bytes to PEB %d:%d "
253 "(emulated)", len, pnum, offset);
254 ubi_dbg_dump_stack();
255 return -EIO;
256 }
257
258 addr = (loff_t)pnum * ubi->peb_size + offset;
Sergey Lapindfe64e22013-01-14 03:46:50 +0000259 err = mtd_write(ubi->mtd, addr, len, &written, buf);
Kyungmin Park2d262c42008-11-19 16:26:54 +0100260 if (err) {
261 ubi_err("error %d while writing %d bytes to PEB %d:%d, written"
262 " %zd bytes", err, len, pnum, offset, written);
263 ubi_dbg_dump_stack();
264 } else
265 ubi_assert(written == len);
266
267 return err;
268}
269
270/**
271 * erase_callback - MTD erasure call-back.
272 * @ei: MTD erase information object.
273 *
274 * Note, even though MTD erase interface is asynchronous, all the current
275 * implementations are synchronous anyway.
276 */
277static void erase_callback(struct erase_info *ei)
278{
279 wake_up_interruptible((wait_queue_head_t *)ei->priv);
280}
281
282/**
283 * do_sync_erase - synchronously erase a physical eraseblock.
284 * @ubi: UBI device description object
285 * @pnum: the physical eraseblock number to erase
286 *
287 * This function synchronously erases physical eraseblock @pnum and returns
288 * zero in case of success and a negative error code in case of failure. If
289 * %-EIO is returned, the physical eraseblock most probably went bad.
290 */
291static int do_sync_erase(struct ubi_device *ubi, int pnum)
292{
293 int err, retries = 0;
294 struct erase_info ei;
295 wait_queue_head_t wq;
296
297 dbg_io("erase PEB %d", pnum);
298
299retry:
300 init_waitqueue_head(&wq);
301 memset(&ei, 0, sizeof(struct erase_info));
302
303 ei.mtd = ubi->mtd;
304 ei.addr = (loff_t)pnum * ubi->peb_size;
305 ei.len = ubi->peb_size;
306 ei.callback = erase_callback;
307 ei.priv = (unsigned long)&wq;
308
Sergey Lapindfe64e22013-01-14 03:46:50 +0000309 err = mtd_erase(ubi->mtd, &ei);
Kyungmin Park2d262c42008-11-19 16:26:54 +0100310 if (err) {
311 if (retries++ < UBI_IO_RETRIES) {
312 dbg_io("error %d while erasing PEB %d, retry",
313 err, pnum);
314 yield();
315 goto retry;
316 }
317 ubi_err("cannot erase PEB %d, error %d", pnum, err);
318 ubi_dbg_dump_stack();
319 return err;
320 }
321
322 err = wait_event_interruptible(wq, ei.state == MTD_ERASE_DONE ||
323 ei.state == MTD_ERASE_FAILED);
324 if (err) {
325 ubi_err("interrupted PEB %d erasure", pnum);
326 return -EINTR;
327 }
328
329 if (ei.state == MTD_ERASE_FAILED) {
330 if (retries++ < UBI_IO_RETRIES) {
331 dbg_io("error while erasing PEB %d, retry", pnum);
332 yield();
333 goto retry;
334 }
335 ubi_err("cannot erase PEB %d", pnum);
336 ubi_dbg_dump_stack();
337 return -EIO;
338 }
339
340 err = paranoid_check_all_ff(ubi, pnum, 0, ubi->peb_size);
341 if (err)
342 return err > 0 ? -EINVAL : err;
343
344 if (ubi_dbg_is_erase_failure() && !err) {
345 dbg_err("cannot erase PEB %d (emulated)", pnum);
346 return -EIO;
347 }
348
349 return 0;
350}
351
352/**
353 * check_pattern - check if buffer contains only a certain byte pattern.
354 * @buf: buffer to check
355 * @patt: the pattern to check
356 * @size: buffer size in bytes
357 *
358 * This function returns %1 in there are only @patt bytes in @buf, and %0 if
359 * something else was also found.
360 */
361static int check_pattern(const void *buf, uint8_t patt, int size)
362{
363 int i;
364
365 for (i = 0; i < size; i++)
366 if (((const uint8_t *)buf)[i] != patt)
367 return 0;
368 return 1;
369}
370
371/* Patterns to write to a physical eraseblock when torturing it */
372static uint8_t patterns[] = {0xa5, 0x5a, 0x0};
373
374/**
375 * torture_peb - test a supposedly bad physical eraseblock.
376 * @ubi: UBI device description object
377 * @pnum: the physical eraseblock number to test
378 *
379 * This function returns %-EIO if the physical eraseblock did not pass the
380 * test, a positive number of erase operations done if the test was
381 * successfully passed, and other negative error codes in case of other errors.
382 */
383static int torture_peb(struct ubi_device *ubi, int pnum)
384{
385 int err, i, patt_count;
386
387 patt_count = ARRAY_SIZE(patterns);
388 ubi_assert(patt_count > 0);
389
390 mutex_lock(&ubi->buf_mutex);
391 for (i = 0; i < patt_count; i++) {
392 err = do_sync_erase(ubi, pnum);
393 if (err)
394 goto out;
395
396 /* Make sure the PEB contains only 0xFF bytes */
397 err = ubi_io_read(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size);
398 if (err)
399 goto out;
400
401 err = check_pattern(ubi->peb_buf1, 0xFF, ubi->peb_size);
402 if (err == 0) {
403 ubi_err("erased PEB %d, but a non-0xFF byte found",
404 pnum);
405 err = -EIO;
406 goto out;
407 }
408
409 /* Write a pattern and check it */
410 memset(ubi->peb_buf1, patterns[i], ubi->peb_size);
411 err = ubi_io_write(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size);
412 if (err)
413 goto out;
414
415 memset(ubi->peb_buf1, ~patterns[i], ubi->peb_size);
416 err = ubi_io_read(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size);
417 if (err)
418 goto out;
419
420 err = check_pattern(ubi->peb_buf1, patterns[i], ubi->peb_size);
421 if (err == 0) {
422 ubi_err("pattern %x checking failed for PEB %d",
423 patterns[i], pnum);
424 err = -EIO;
425 goto out;
426 }
427 }
428
429 err = patt_count;
430
431out:
432 mutex_unlock(&ubi->buf_mutex);
433 if (err == UBI_IO_BITFLIPS || err == -EBADMSG) {
434 /*
435 * If a bit-flip or data integrity error was detected, the test
436 * has not passed because it happened on a freshly erased
437 * physical eraseblock which means something is wrong with it.
438 */
439 ubi_err("read problems on freshly erased PEB %d, must be bad",
440 pnum);
441 err = -EIO;
442 }
443 return err;
444}
445
446/**
447 * ubi_io_sync_erase - synchronously erase a physical eraseblock.
448 * @ubi: UBI device description object
449 * @pnum: physical eraseblock number to erase
450 * @torture: if this physical eraseblock has to be tortured
451 *
452 * This function synchronously erases physical eraseblock @pnum. If @torture
453 * flag is not zero, the physical eraseblock is checked by means of writing
454 * different patterns to it and reading them back. If the torturing is enabled,
455 * the physical eraseblock is erased more then once.
456 *
457 * This function returns the number of erasures made in case of success, %-EIO
458 * if the erasure failed or the torturing test failed, and other negative error
459 * codes in case of other errors. Note, %-EIO means that the physical
460 * eraseblock is bad.
461 */
462int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture)
463{
464 int err, ret = 0;
465
466 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
467
468 err = paranoid_check_not_bad(ubi, pnum);
469 if (err != 0)
470 return err > 0 ? -EINVAL : err;
471
472 if (ubi->ro_mode) {
473 ubi_err("read-only mode");
474 return -EROFS;
475 }
476
477 if (torture) {
478 ret = torture_peb(ubi, pnum);
479 if (ret < 0)
480 return ret;
481 }
482
483 err = do_sync_erase(ubi, pnum);
484 if (err)
485 return err;
486
487 return ret + 1;
488}
489
490/**
491 * ubi_io_is_bad - check if a physical eraseblock is bad.
492 * @ubi: UBI device description object
493 * @pnum: the physical eraseblock number to check
494 *
495 * This function returns a positive number if the physical eraseblock is bad,
496 * zero if not, and a negative error code if an error occurred.
497 */
498int ubi_io_is_bad(const struct ubi_device *ubi, int pnum)
499{
500 struct mtd_info *mtd = ubi->mtd;
501
502 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
503
504 if (ubi->bad_allowed) {
505 int ret;
506
Sergey Lapindfe64e22013-01-14 03:46:50 +0000507 ret = mtd_block_isbad(mtd, (loff_t)pnum * ubi->peb_size);
Kyungmin Park2d262c42008-11-19 16:26:54 +0100508 if (ret < 0)
509 ubi_err("error %d while checking if PEB %d is bad",
510 ret, pnum);
511 else if (ret)
512 dbg_io("PEB %d is bad", pnum);
513 return ret;
514 }
515
516 return 0;
517}
518
519/**
520 * ubi_io_mark_bad - mark a physical eraseblock as bad.
521 * @ubi: UBI device description object
522 * @pnum: the physical eraseblock number to mark
523 *
524 * This function returns zero in case of success and a negative error code in
525 * case of failure.
526 */
527int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum)
528{
529 int err;
530 struct mtd_info *mtd = ubi->mtd;
531
532 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
533
534 if (ubi->ro_mode) {
535 ubi_err("read-only mode");
536 return -EROFS;
537 }
538
539 if (!ubi->bad_allowed)
540 return 0;
541
Sergey Lapindfe64e22013-01-14 03:46:50 +0000542 err = mtd_block_markbad(mtd, (loff_t)pnum * ubi->peb_size);
Kyungmin Park2d262c42008-11-19 16:26:54 +0100543 if (err)
544 ubi_err("cannot mark PEB %d bad, error %d", pnum, err);
545 return err;
546}
547
548/**
549 * validate_ec_hdr - validate an erase counter header.
550 * @ubi: UBI device description object
551 * @ec_hdr: the erase counter header to check
552 *
553 * This function returns zero if the erase counter header is OK, and %1 if
554 * not.
555 */
556static int validate_ec_hdr(const struct ubi_device *ubi,
557 const struct ubi_ec_hdr *ec_hdr)
558{
559 long long ec;
560 int vid_hdr_offset, leb_start;
561
562 ec = be64_to_cpu(ec_hdr->ec);
563 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset);
564 leb_start = be32_to_cpu(ec_hdr->data_offset);
565
566 if (ec_hdr->version != UBI_VERSION) {
567 ubi_err("node with incompatible UBI version found: "
568 "this UBI version is %d, image version is %d",
569 UBI_VERSION, (int)ec_hdr->version);
570 goto bad;
571 }
572
573 if (vid_hdr_offset != ubi->vid_hdr_offset) {
574 ubi_err("bad VID header offset %d, expected %d",
575 vid_hdr_offset, ubi->vid_hdr_offset);
576 goto bad;
577 }
578
579 if (leb_start != ubi->leb_start) {
580 ubi_err("bad data offset %d, expected %d",
581 leb_start, ubi->leb_start);
582 goto bad;
583 }
584
585 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) {
586 ubi_err("bad erase counter %lld", ec);
587 goto bad;
588 }
589
590 return 0;
591
592bad:
593 ubi_err("bad EC header");
594 ubi_dbg_dump_ec_hdr(ec_hdr);
595 ubi_dbg_dump_stack();
596 return 1;
597}
598
599/**
600 * ubi_io_read_ec_hdr - read and check an erase counter header.
601 * @ubi: UBI device description object
602 * @pnum: physical eraseblock to read from
603 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter
604 * header
605 * @verbose: be verbose if the header is corrupted or was not found
606 *
607 * This function reads erase counter header from physical eraseblock @pnum and
608 * stores it in @ec_hdr. This function also checks CRC checksum of the read
609 * erase counter header. The following codes may be returned:
610 *
611 * o %0 if the CRC checksum is correct and the header was successfully read;
612 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected
613 * and corrected by the flash driver; this is harmless but may indicate that
614 * this eraseblock may become bad soon (but may be not);
615 * o %UBI_IO_BAD_EC_HDR if the erase counter header is corrupted (a CRC error);
616 * o %UBI_IO_PEB_EMPTY if the physical eraseblock is empty;
617 * o a negative error code in case of failure.
618 */
619int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum,
620 struct ubi_ec_hdr *ec_hdr, int verbose)
621{
622 int err, read_err = 0;
623 uint32_t crc, magic, hdr_crc;
624
625 dbg_io("read EC header from PEB %d", pnum);
626 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
627 if (UBI_IO_DEBUG)
628 verbose = 1;
629
630 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
631 if (err) {
632 if (err != UBI_IO_BITFLIPS && err != -EBADMSG)
633 return err;
634
635 /*
636 * We read all the data, but either a correctable bit-flip
637 * occurred, or MTD reported about some data integrity error,
638 * like an ECC error in case of NAND. The former is harmless,
639 * the later may mean that the read data is corrupted. But we
640 * have a CRC check-sum and we will detect this. If the EC
641 * header is still OK, we just report this as there was a
642 * bit-flip.
643 */
644 read_err = err;
645 }
646
647 magic = be32_to_cpu(ec_hdr->magic);
648 if (magic != UBI_EC_HDR_MAGIC) {
649 /*
650 * The magic field is wrong. Let's check if we have read all
651 * 0xFF. If yes, this physical eraseblock is assumed to be
652 * empty.
653 *
654 * But if there was a read error, we do not test it for all
655 * 0xFFs. Even if it does contain all 0xFFs, this error
656 * indicates that something is still wrong with this physical
657 * eraseblock and we anyway cannot treat it as empty.
658 */
659 if (read_err != -EBADMSG &&
660 check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) {
661 /* The physical eraseblock is supposedly empty */
662
663 /*
664 * The below is just a paranoid check, it has to be
665 * compiled out if paranoid checks are disabled.
666 */
667 err = paranoid_check_all_ff(ubi, pnum, 0,
668 ubi->peb_size);
669 if (err)
670 return err > 0 ? UBI_IO_BAD_EC_HDR : err;
671
672 if (verbose)
673 ubi_warn("no EC header found at PEB %d, "
674 "only 0xFF bytes", pnum);
675 return UBI_IO_PEB_EMPTY;
676 }
677
678 /*
679 * This is not a valid erase counter header, and these are not
680 * 0xFF bytes. Report that the header is corrupted.
681 */
682 if (verbose) {
683 ubi_warn("bad magic number at PEB %d: %08x instead of "
684 "%08x", pnum, magic, UBI_EC_HDR_MAGIC);
685 ubi_dbg_dump_ec_hdr(ec_hdr);
686 }
687 return UBI_IO_BAD_EC_HDR;
688 }
689
690 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
691 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
692
693 if (hdr_crc != crc) {
694 if (verbose) {
695 ubi_warn("bad EC header CRC at PEB %d, calculated %#08x,"
696 " read %#08x", pnum, crc, hdr_crc);
697 ubi_dbg_dump_ec_hdr(ec_hdr);
698 }
699 return UBI_IO_BAD_EC_HDR;
700 }
701
702 /* And of course validate what has just been read from the media */
703 err = validate_ec_hdr(ubi, ec_hdr);
704 if (err) {
705 ubi_err("validation failed for PEB %d", pnum);
706 return -EINVAL;
707 }
708
709 return read_err ? UBI_IO_BITFLIPS : 0;
710}
711
712/**
713 * ubi_io_write_ec_hdr - write an erase counter header.
714 * @ubi: UBI device description object
715 * @pnum: physical eraseblock to write to
716 * @ec_hdr: the erase counter header to write
717 *
718 * This function writes erase counter header described by @ec_hdr to physical
719 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so
720 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec
721 * field.
722 *
723 * This function returns zero in case of success and a negative error code in
724 * case of failure. If %-EIO is returned, the physical eraseblock most probably
725 * went bad.
726 */
727int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum,
728 struct ubi_ec_hdr *ec_hdr)
729{
730 int err;
731 uint32_t crc;
732
733 dbg_io("write EC header to PEB %d", pnum);
734 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
735
736 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC);
737 ec_hdr->version = UBI_VERSION;
738 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset);
739 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start);
740 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
741 ec_hdr->hdr_crc = cpu_to_be32(crc);
742
743 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr);
744 if (err)
745 return -EINVAL;
746
747 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize);
748 return err;
749}
750
751/**
752 * validate_vid_hdr - validate a volume identifier header.
753 * @ubi: UBI device description object
754 * @vid_hdr: the volume identifier header to check
755 *
756 * This function checks that data stored in the volume identifier header
757 * @vid_hdr. Returns zero if the VID header is OK and %1 if not.
758 */
759static int validate_vid_hdr(const struct ubi_device *ubi,
760 const struct ubi_vid_hdr *vid_hdr)
761{
762 int vol_type = vid_hdr->vol_type;
763 int copy_flag = vid_hdr->copy_flag;
764 int vol_id = be32_to_cpu(vid_hdr->vol_id);
765 int lnum = be32_to_cpu(vid_hdr->lnum);
766 int compat = vid_hdr->compat;
767 int data_size = be32_to_cpu(vid_hdr->data_size);
768 int used_ebs = be32_to_cpu(vid_hdr->used_ebs);
769 int data_pad = be32_to_cpu(vid_hdr->data_pad);
770 int data_crc = be32_to_cpu(vid_hdr->data_crc);
771 int usable_leb_size = ubi->leb_size - data_pad;
772
773 if (copy_flag != 0 && copy_flag != 1) {
774 dbg_err("bad copy_flag");
775 goto bad;
776 }
777
778 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 ||
779 data_pad < 0) {
780 dbg_err("negative values");
781 goto bad;
782 }
783
784 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) {
785 dbg_err("bad vol_id");
786 goto bad;
787 }
788
789 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) {
790 dbg_err("bad compat");
791 goto bad;
792 }
793
794 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE &&
795 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE &&
796 compat != UBI_COMPAT_REJECT) {
797 dbg_err("bad compat");
798 goto bad;
799 }
800
801 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) {
802 dbg_err("bad vol_type");
803 goto bad;
804 }
805
806 if (data_pad >= ubi->leb_size / 2) {
807 dbg_err("bad data_pad");
808 goto bad;
809 }
810
811 if (vol_type == UBI_VID_STATIC) {
812 /*
813 * Although from high-level point of view static volumes may
814 * contain zero bytes of data, but no VID headers can contain
815 * zero at these fields, because they empty volumes do not have
816 * mapped logical eraseblocks.
817 */
818 if (used_ebs == 0) {
819 dbg_err("zero used_ebs");
820 goto bad;
821 }
822 if (data_size == 0) {
823 dbg_err("zero data_size");
824 goto bad;
825 }
826 if (lnum < used_ebs - 1) {
827 if (data_size != usable_leb_size) {
828 dbg_err("bad data_size");
829 goto bad;
830 }
831 } else if (lnum == used_ebs - 1) {
832 if (data_size == 0) {
833 dbg_err("bad data_size at last LEB");
834 goto bad;
835 }
836 } else {
837 dbg_err("too high lnum");
838 goto bad;
839 }
840 } else {
841 if (copy_flag == 0) {
842 if (data_crc != 0) {
843 dbg_err("non-zero data CRC");
844 goto bad;
845 }
846 if (data_size != 0) {
847 dbg_err("non-zero data_size");
848 goto bad;
849 }
850 } else {
851 if (data_size == 0) {
852 dbg_err("zero data_size of copy");
853 goto bad;
854 }
855 }
856 if (used_ebs != 0) {
857 dbg_err("bad used_ebs");
858 goto bad;
859 }
860 }
861
862 return 0;
863
864bad:
865 ubi_err("bad VID header");
866 ubi_dbg_dump_vid_hdr(vid_hdr);
867 ubi_dbg_dump_stack();
868 return 1;
869}
870
871/**
872 * ubi_io_read_vid_hdr - read and check a volume identifier header.
873 * @ubi: UBI device description object
874 * @pnum: physical eraseblock number to read from
875 * @vid_hdr: &struct ubi_vid_hdr object where to store the read volume
876 * identifier header
877 * @verbose: be verbose if the header is corrupted or wasn't found
878 *
879 * This function reads the volume identifier header from physical eraseblock
880 * @pnum and stores it in @vid_hdr. It also checks CRC checksum of the read
881 * volume identifier header. The following codes may be returned:
882 *
883 * o %0 if the CRC checksum is correct and the header was successfully read;
884 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected
885 * and corrected by the flash driver; this is harmless but may indicate that
886 * this eraseblock may become bad soon;
887 * o %UBI_IO_BAD_VID_HRD if the volume identifier header is corrupted (a CRC
888 * error detected);
889 * o %UBI_IO_PEB_FREE if the physical eraseblock is free (i.e., there is no VID
890 * header there);
891 * o a negative error code in case of failure.
892 */
893int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum,
894 struct ubi_vid_hdr *vid_hdr, int verbose)
895{
896 int err, read_err = 0;
897 uint32_t crc, magic, hdr_crc;
898 void *p;
899
900 dbg_io("read VID header from PEB %d", pnum);
901 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
902 if (UBI_IO_DEBUG)
903 verbose = 1;
904
905 p = (char *)vid_hdr - ubi->vid_hdr_shift;
906 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
907 ubi->vid_hdr_alsize);
908 if (err) {
909 if (err != UBI_IO_BITFLIPS && err != -EBADMSG)
910 return err;
911
912 /*
913 * We read all the data, but either a correctable bit-flip
914 * occurred, or MTD reported about some data integrity error,
915 * like an ECC error in case of NAND. The former is harmless,
916 * the later may mean the read data is corrupted. But we have a
917 * CRC check-sum and we will identify this. If the VID header is
918 * still OK, we just report this as there was a bit-flip.
919 */
920 read_err = err;
921 }
922
923 magic = be32_to_cpu(vid_hdr->magic);
924 if (magic != UBI_VID_HDR_MAGIC) {
925 /*
926 * If we have read all 0xFF bytes, the VID header probably does
927 * not exist and the physical eraseblock is assumed to be free.
928 *
929 * But if there was a read error, we do not test the data for
930 * 0xFFs. Even if it does contain all 0xFFs, this error
931 * indicates that something is still wrong with this physical
932 * eraseblock and it cannot be regarded as free.
933 */
934 if (read_err != -EBADMSG &&
935 check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) {
936 /* The physical eraseblock is supposedly free */
937
938 /*
939 * The below is just a paranoid check, it has to be
940 * compiled out if paranoid checks are disabled.
941 */
942 err = paranoid_check_all_ff(ubi, pnum, ubi->leb_start,
943 ubi->leb_size);
944 if (err)
945 return err > 0 ? UBI_IO_BAD_VID_HDR : err;
946
947 if (verbose)
948 ubi_warn("no VID header found at PEB %d, "
949 "only 0xFF bytes", pnum);
950 return UBI_IO_PEB_FREE;
951 }
952
953 /*
954 * This is not a valid VID header, and these are not 0xFF
955 * bytes. Report that the header is corrupted.
956 */
957 if (verbose) {
958 ubi_warn("bad magic number at PEB %d: %08x instead of "
959 "%08x", pnum, magic, UBI_VID_HDR_MAGIC);
960 ubi_dbg_dump_vid_hdr(vid_hdr);
961 }
962 return UBI_IO_BAD_VID_HDR;
963 }
964
965 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
966 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
967
968 if (hdr_crc != crc) {
969 if (verbose) {
970 ubi_warn("bad CRC at PEB %d, calculated %#08x, "
971 "read %#08x", pnum, crc, hdr_crc);
972 ubi_dbg_dump_vid_hdr(vid_hdr);
973 }
974 return UBI_IO_BAD_VID_HDR;
975 }
976
977 /* Validate the VID header that we have just read */
978 err = validate_vid_hdr(ubi, vid_hdr);
979 if (err) {
980 ubi_err("validation failed for PEB %d", pnum);
981 return -EINVAL;
982 }
983
984 return read_err ? UBI_IO_BITFLIPS : 0;
985}
986
987/**
988 * ubi_io_write_vid_hdr - write a volume identifier header.
989 * @ubi: UBI device description object
990 * @pnum: the physical eraseblock number to write to
991 * @vid_hdr: the volume identifier header to write
992 *
993 * This function writes the volume identifier header described by @vid_hdr to
994 * physical eraseblock @pnum. This function automatically fills the
995 * @vid_hdr->magic and the @vid_hdr->version fields, as well as calculates
996 * header CRC checksum and stores it at vid_hdr->hdr_crc.
997 *
998 * This function returns zero in case of success and a negative error code in
999 * case of failure. If %-EIO is returned, the physical eraseblock probably went
1000 * bad.
1001 */
1002int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum,
1003 struct ubi_vid_hdr *vid_hdr)
1004{
1005 int err;
1006 uint32_t crc;
1007 void *p;
1008
1009 dbg_io("write VID header to PEB %d", pnum);
1010 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1011
1012 err = paranoid_check_peb_ec_hdr(ubi, pnum);
1013 if (err)
1014 return err > 0 ? -EINVAL: err;
1015
1016 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC);
1017 vid_hdr->version = UBI_VERSION;
1018 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1019 vid_hdr->hdr_crc = cpu_to_be32(crc);
1020
1021 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr);
1022 if (err)
1023 return -EINVAL;
1024
1025 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1026 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset,
1027 ubi->vid_hdr_alsize);
1028 return err;
1029}
1030
1031#ifdef CONFIG_MTD_UBI_DEBUG_PARANOID
1032
1033/**
1034 * paranoid_check_not_bad - ensure that a physical eraseblock is not bad.
1035 * @ubi: UBI device description object
1036 * @pnum: physical eraseblock number to check
1037 *
1038 * This function returns zero if the physical eraseblock is good, a positive
1039 * number if it is bad and a negative error code if an error occurred.
1040 */
1041static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum)
1042{
1043 int err;
1044
1045 err = ubi_io_is_bad(ubi, pnum);
1046 if (!err)
1047 return err;
1048
1049 ubi_err("paranoid check failed for PEB %d", pnum);
1050 ubi_dbg_dump_stack();
1051 return err;
1052}
1053
1054/**
1055 * paranoid_check_ec_hdr - check if an erase counter header is all right.
1056 * @ubi: UBI device description object
1057 * @pnum: physical eraseblock number the erase counter header belongs to
1058 * @ec_hdr: the erase counter header to check
1059 *
1060 * This function returns zero if the erase counter header contains valid
1061 * values, and %1 if not.
1062 */
1063static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum,
1064 const struct ubi_ec_hdr *ec_hdr)
1065{
1066 int err;
1067 uint32_t magic;
1068
1069 magic = be32_to_cpu(ec_hdr->magic);
1070 if (magic != UBI_EC_HDR_MAGIC) {
1071 ubi_err("bad magic %#08x, must be %#08x",
1072 magic, UBI_EC_HDR_MAGIC);
1073 goto fail;
1074 }
1075
1076 err = validate_ec_hdr(ubi, ec_hdr);
1077 if (err) {
1078 ubi_err("paranoid check failed for PEB %d", pnum);
1079 goto fail;
1080 }
1081
1082 return 0;
1083
1084fail:
1085 ubi_dbg_dump_ec_hdr(ec_hdr);
1086 ubi_dbg_dump_stack();
1087 return 1;
1088}
1089
1090/**
1091 * paranoid_check_peb_ec_hdr - check that the erase counter header of a
1092 * physical eraseblock is in-place and is all right.
1093 * @ubi: UBI device description object
1094 * @pnum: the physical eraseblock number to check
1095 *
1096 * This function returns zero if the erase counter header is all right, %1 if
1097 * not, and a negative error code if an error occurred.
1098 */
1099static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum)
1100{
1101 int err;
1102 uint32_t crc, hdr_crc;
1103 struct ubi_ec_hdr *ec_hdr;
1104
1105 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS);
1106 if (!ec_hdr)
1107 return -ENOMEM;
1108
1109 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
1110 if (err && err != UBI_IO_BITFLIPS && err != -EBADMSG)
1111 goto exit;
1112
1113 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
1114 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
1115 if (hdr_crc != crc) {
1116 ubi_err("bad CRC, calculated %#08x, read %#08x", crc, hdr_crc);
1117 ubi_err("paranoid check failed for PEB %d", pnum);
1118 ubi_dbg_dump_ec_hdr(ec_hdr);
1119 ubi_dbg_dump_stack();
1120 err = 1;
1121 goto exit;
1122 }
1123
1124 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr);
1125
1126exit:
1127 kfree(ec_hdr);
1128 return err;
1129}
1130
1131/**
1132 * paranoid_check_vid_hdr - check that a volume identifier header is all right.
1133 * @ubi: UBI device description object
1134 * @pnum: physical eraseblock number the volume identifier header belongs to
1135 * @vid_hdr: the volume identifier header to check
1136 *
1137 * This function returns zero if the volume identifier header is all right, and
1138 * %1 if not.
1139 */
1140static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum,
1141 const struct ubi_vid_hdr *vid_hdr)
1142{
1143 int err;
1144 uint32_t magic;
1145
1146 magic = be32_to_cpu(vid_hdr->magic);
1147 if (magic != UBI_VID_HDR_MAGIC) {
1148 ubi_err("bad VID header magic %#08x at PEB %d, must be %#08x",
1149 magic, pnum, UBI_VID_HDR_MAGIC);
1150 goto fail;
1151 }
1152
1153 err = validate_vid_hdr(ubi, vid_hdr);
1154 if (err) {
1155 ubi_err("paranoid check failed for PEB %d", pnum);
1156 goto fail;
1157 }
1158
1159 return err;
1160
1161fail:
1162 ubi_err("paranoid check failed for PEB %d", pnum);
1163 ubi_dbg_dump_vid_hdr(vid_hdr);
1164 ubi_dbg_dump_stack();
1165 return 1;
1166
1167}
1168
1169/**
1170 * paranoid_check_peb_vid_hdr - check that the volume identifier header of a
1171 * physical eraseblock is in-place and is all right.
1172 * @ubi: UBI device description object
1173 * @pnum: the physical eraseblock number to check
1174 *
1175 * This function returns zero if the volume identifier header is all right,
1176 * %1 if not, and a negative error code if an error occurred.
1177 */
1178static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum)
1179{
1180 int err;
1181 uint32_t crc, hdr_crc;
1182 struct ubi_vid_hdr *vid_hdr;
1183 void *p;
1184
1185 vid_hdr = ubi_zalloc_vid_hdr(ubi, GFP_NOFS);
1186 if (!vid_hdr)
1187 return -ENOMEM;
1188
1189 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1190 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1191 ubi->vid_hdr_alsize);
1192 if (err && err != UBI_IO_BITFLIPS && err != -EBADMSG)
1193 goto exit;
1194
1195 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_EC_HDR_SIZE_CRC);
1196 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1197 if (hdr_crc != crc) {
1198 ubi_err("bad VID header CRC at PEB %d, calculated %#08x, "
1199 "read %#08x", pnum, crc, hdr_crc);
1200 ubi_err("paranoid check failed for PEB %d", pnum);
1201 ubi_dbg_dump_vid_hdr(vid_hdr);
1202 ubi_dbg_dump_stack();
1203 err = 1;
1204 goto exit;
1205 }
1206
1207 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr);
1208
1209exit:
1210 ubi_free_vid_hdr(ubi, vid_hdr);
1211 return err;
1212}
1213
1214/**
1215 * paranoid_check_all_ff - check that a region of flash is empty.
1216 * @ubi: UBI device description object
1217 * @pnum: the physical eraseblock number to check
1218 * @offset: the starting offset within the physical eraseblock to check
1219 * @len: the length of the region to check
1220 *
1221 * This function returns zero if only 0xFF bytes are present at offset
1222 * @offset of the physical eraseblock @pnum, %1 if not, and a negative error
1223 * code if an error occurred.
1224 */
1225static int paranoid_check_all_ff(struct ubi_device *ubi, int pnum, int offset,
1226 int len)
1227{
1228 size_t read;
1229 int err;
1230 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1231
1232 mutex_lock(&ubi->dbg_buf_mutex);
Sergey Lapindfe64e22013-01-14 03:46:50 +00001233 err = mtd_read(ubi->mtd, addr, len, &read, ubi->dbg_peb_buf);
Kyungmin Park2d262c42008-11-19 16:26:54 +01001234 if (err && err != -EUCLEAN) {
1235 ubi_err("error %d while reading %d bytes from PEB %d:%d, "
1236 "read %zd bytes", err, len, pnum, offset, read);
1237 goto error;
1238 }
1239
1240 err = check_pattern(ubi->dbg_peb_buf, 0xFF, len);
1241 if (err == 0) {
1242 ubi_err("flash region at PEB %d:%d, length %d does not "
1243 "contain all 0xFF bytes", pnum, offset, len);
1244 goto fail;
1245 }
1246 mutex_unlock(&ubi->dbg_buf_mutex);
1247
1248 return 0;
1249
1250fail:
1251 ubi_err("paranoid check failed for PEB %d", pnum);
1252 dbg_msg("hex dump of the %d-%d region", offset, offset + len);
1253 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1254 ubi->dbg_peb_buf, len, 1);
1255 err = 1;
1256error:
1257 ubi_dbg_dump_stack();
1258 mutex_unlock(&ubi->dbg_buf_mutex);
1259 return err;
1260}
1261
1262#endif /* CONFIG_MTD_UBI_DEBUG_PARANOID */