1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Copyright (c) International Business Machines Corp., 2006
4 * Copyright (c) Nokia Corporation, 2006, 2007
5 *
6 * Author: Artem Bityutskiy (Битюцкий Артём)
7 */
8
9 /*
10 * UBI input/output sub-system.
11 *
12 * This sub-system provides a uniform way to work with all kinds of the
13 * underlying MTD devices. It also implements handy functions for reading and
14 * writing UBI headers.
15 *
16 * We are trying to have a paranoid mindset and not to trust to what we read
17 * from the flash media in order to be more secure and robust. So this
18 * sub-system validates every single header it reads from the flash media.
19 *
20 * Some words about how the eraseblock headers are stored.
21 *
22 * The erase counter header is always stored at offset zero. By default, the
23 * VID header is stored after the EC header at the closest aligned offset
24 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID
25 * header at the closest aligned offset. But this default layout may be
26 * changed. For example, for different reasons (e.g., optimization) UBI may be
27 * asked to put the VID header at further offset, and even at an unaligned
28 * offset. Of course, if the offset of the VID header is unaligned, UBI adds
29 * proper padding in front of it. Data offset may also be changed but it has to
30 * be aligned.
31 *
32 * About minimal I/O units. In general, UBI assumes flash device model where
33 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1,
34 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the
35 * @ubi->mtd->writesize field. But as an exception, UBI admits of using another
36 * (smaller) minimal I/O unit size for EC and VID headers to make it possible
37 * to do different optimizations.
38 *
39 * This is extremely useful in case of NAND flashes which admit of several
40 * write operations to one NAND page. In this case UBI can fit EC and VID
41 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal
42 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still
43 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI
44 * users.
45 *
46 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so
47 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID
48 * headers.
49 *
50 * Q: why not just to treat sub-page as a minimal I/O unit of this flash
51 * device, e.g., make @ubi->min_io_size = 512 in the example above?
52 *
53 * A: because when writing a sub-page, MTD still writes a full 2K page but the
54 * bytes which are not relevant to the sub-page are 0xFF. So, basically,
55 * writing 4x512 sub-pages is 4 times slower than writing one 2KiB NAND page.
56 * Thus, we prefer to use sub-pages only for EC and VID headers.
57 *
58 * As it was noted above, the VID header may start at a non-aligned offset.
59 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page,
60 * the VID header may reside at offset 1984 which is the last 64 bytes of the
61 * last sub-page (EC header is always at offset zero). This causes some
62 * difficulties when reading and writing VID headers.
63 *
64 * Suppose we have a 64-byte buffer and we read a VID header at it. We change
65 * the data and want to write this VID header out. As we can only write in
66 * 512-byte chunks, we have to allocate one more buffer and copy our VID header
67 * to offset 448 of this buffer.
68 *
69 * The I/O sub-system does the following trick in order to avoid this extra
70 * copy. It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID
71 * header and returns a pointer to offset @ubi->vid_hdr_shift of this buffer.
72 * When the VID header is being written out, it shifts the VID header pointer
73 * back and writes the whole sub-page.
74 */
75
76 #ifndef __UBOOT__
77 #include <linux/crc32.h>
78 #include <linux/err.h>
79 #include <linux/slab.h>
80 #else
81 #include <hexdump.h>
82 #include <ubi_uboot.h>
83 #endif
84
85 #include "ubi.h"
86
87 static int self_check_not_bad(const struct ubi_device *ubi, int pnum);
88 static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum);
89 static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
90 const struct ubi_ec_hdr *ec_hdr);
91 static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum);
92 static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
93 const struct ubi_vid_hdr *vid_hdr);
94 static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
95 int offset, int len);
96
97 /**
98 * ubi_io_read - read data from a physical eraseblock.
99 * @ubi: UBI device description object
100 * @buf: buffer where to store the read data
101 * @pnum: physical eraseblock number to read from
102 * @offset: offset within the physical eraseblock from where to read
103 * @len: how many bytes to read
104 *
105 * This function reads data from offset @offset of physical eraseblock @pnum
106 * and stores the read data in the @buf buffer. The following return codes are
107 * possible:
108 *
109 * o %0 if all the requested data were successfully read;
110 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but
111 * correctable bit-flips were detected; this is harmless but may indicate
112 * that this eraseblock may become bad soon (but do not have to);
113 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for
114 * example it can be an ECC error in case of NAND; this most probably means
115 * that the data is corrupted;
116 * o %-EIO if some I/O error occurred;
117 * o other negative error codes in case of other errors.
118 */
ubi_io_read(const struct ubi_device * ubi,void * buf,int pnum,int offset,int len)119 int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset,
120 int len)
121 {
122 int err, retries = 0;
123 size_t read;
124 loff_t addr;
125
126 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset);
127
128 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
129 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
130 ubi_assert(len > 0);
131
132 err = self_check_not_bad(ubi, pnum);
133 if (err)
134 return err;
135
136 /*
137 * Deliberately corrupt the buffer to improve robustness. Indeed, if we
138 * do not do this, the following may happen:
139 * 1. The buffer contains data from previous operation, e.g., read from
140 * another PEB previously. The data looks like expected, e.g., if we
141 * just do not read anything and return - the caller would not
142 * notice this. E.g., if we are reading a VID header, the buffer may
143 * contain a valid VID header from another PEB.
144 * 2. The driver is buggy and returns us success or -EBADMSG or
145 * -EUCLEAN, but it does not actually put any data to the buffer.
146 *
147 * This may confuse UBI or upper layers - they may think the buffer
148 * contains valid data while in fact it is just old data. This is
149 * especially possible because UBI (and UBIFS) relies on CRC, and
150 * treats data as correct even in case of ECC errors if the CRC is
151 * correct.
152 *
153 * Try to prevent this situation by changing the first byte of the
154 * buffer.
155 */
156 *((uint8_t *)buf) ^= 0xFF;
157
158 addr = (loff_t)pnum * ubi->peb_size + offset;
159 retry:
160 err = mtd_read(ubi->mtd, addr, len, &read, buf);
161 if (err) {
162 const char *errstr = mtd_is_eccerr(err) ? " (ECC error)" : "";
163
164 if (mtd_is_bitflip(err)) {
165 /*
166 * -EUCLEAN is reported if there was a bit-flip which
167 * was corrected, so this is harmless.
168 *
169 * We do not report about it here unless debugging is
170 * enabled. A corresponding message will be printed
171 * later, when it is has been scrubbed.
172 */
173 ubi_msg(ubi, "fixable bit-flip detected at PEB %d",
174 pnum);
175 ubi_assert(len == read);
176 return UBI_IO_BITFLIPS;
177 }
178
179 if (retries++ < UBI_IO_RETRIES) {
180 ubi_warn(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read only %zd bytes, retry",
181 err, errstr, len, pnum, offset, read);
182 yield();
183 goto retry;
184 }
185
186 ubi_err(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read %zd bytes",
187 err, errstr, len, pnum, offset, read);
188 dump_stack();
189
190 /*
191 * The driver should never return -EBADMSG if it failed to read
192 * all the requested data. But some buggy drivers might do
193 * this, so we change it to -EIO.
194 */
195 if (read != len && mtd_is_eccerr(err)) {
196 ubi_assert(0);
197 err = -EIO;
198 }
199 } else {
200 ubi_assert(len == read);
201
202 if (ubi_dbg_is_bitflip(ubi)) {
203 dbg_gen("bit-flip (emulated)");
204 err = UBI_IO_BITFLIPS;
205 }
206 }
207
208 return err;
209 }
210
211 /**
212 * ubi_io_write - write data to a physical eraseblock.
213 * @ubi: UBI device description object
214 * @buf: buffer with the data to write
215 * @pnum: physical eraseblock number to write to
216 * @offset: offset within the physical eraseblock where to write
217 * @len: how many bytes to write
218 *
219 * This function writes @len bytes of data from buffer @buf to offset @offset
220 * of physical eraseblock @pnum. If all the data were successfully written,
221 * zero is returned. If an error occurred, this function returns a negative
222 * error code. If %-EIO is returned, the physical eraseblock most probably went
223 * bad.
224 *
225 * Note, in case of an error, it is possible that something was still written
226 * to the flash media, but may be some garbage.
227 */
ubi_io_write(struct ubi_device * ubi,const void * buf,int pnum,int offset,int len)228 int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset,
229 int len)
230 {
231 int err;
232 size_t written;
233 loff_t addr;
234
235 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset);
236
237 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
238 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
239 ubi_assert(offset % ubi->hdrs_min_io_size == 0);
240 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0);
241
242 if (ubi->ro_mode) {
243 ubi_err(ubi, "read-only mode");
244 return -EROFS;
245 }
246
247 err = self_check_not_bad(ubi, pnum);
248 if (err)
249 return err;
250
251 /* The area we are writing to has to contain all 0xFF bytes */
252 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
253 if (err)
254 return err;
255
256 if (offset >= ubi->leb_start) {
257 /*
258 * We write to the data area of the physical eraseblock. Make
259 * sure it has valid EC and VID headers.
260 */
261 err = self_check_peb_ec_hdr(ubi, pnum);
262 if (err)
263 return err;
264 err = self_check_peb_vid_hdr(ubi, pnum);
265 if (err)
266 return err;
267 }
268
269 if (ubi_dbg_is_write_failure(ubi)) {
270 ubi_err(ubi, "cannot write %d bytes to PEB %d:%d (emulated)",
271 len, pnum, offset);
272 dump_stack();
273 return -EIO;
274 }
275
276 addr = (loff_t)pnum * ubi->peb_size + offset;
277 err = mtd_write(ubi->mtd, addr, len, &written, buf);
278 if (err) {
279 ubi_err(ubi, "error %d while writing %d bytes to PEB %d:%d, written %zd bytes",
280 err, len, pnum, offset, written);
281 dump_stack();
282 ubi_dump_flash(ubi, pnum, offset, len);
283 } else
284 ubi_assert(written == len);
285
286 if (!err) {
287 err = self_check_write(ubi, buf, pnum, offset, len);
288 if (err)
289 return err;
290
291 /*
292 * Since we always write sequentially, the rest of the PEB has
293 * to contain only 0xFF bytes.
294 */
295 offset += len;
296 len = ubi->peb_size - offset;
297 if (len)
298 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
299 }
300
301 return err;
302 }
303
304 /**
305 * erase_callback - MTD erasure call-back.
306 * @ei: MTD erase information object.
307 *
308 * Note, even though MTD erase interface is asynchronous, all the current
309 * implementations are synchronous anyway.
310 */
erase_callback(struct erase_info * ei)311 static void erase_callback(struct erase_info *ei)
312 {
313 wake_up_interruptible((wait_queue_head_t *)ei->priv);
314 }
315
316 /**
317 * do_sync_erase - synchronously erase a physical eraseblock.
318 * @ubi: UBI device description object
319 * @pnum: the physical eraseblock number to erase
320 *
321 * This function synchronously erases physical eraseblock @pnum and returns
322 * zero in case of success and a negative error code in case of failure. If
323 * %-EIO is returned, the physical eraseblock most probably went bad.
324 */
do_sync_erase(struct ubi_device * ubi,int pnum)325 static int do_sync_erase(struct ubi_device *ubi, int pnum)
326 {
327 int err, retries = 0;
328 struct erase_info ei;
329 wait_queue_head_t wq;
330
331 dbg_io("erase PEB %d", pnum);
332 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
333
334 if (ubi->ro_mode) {
335 ubi_err(ubi, "read-only mode");
336 return -EROFS;
337 }
338
339 retry:
340 init_waitqueue_head(&wq);
341 memset(&ei, 0, sizeof(struct erase_info));
342
343 ei.mtd = ubi->mtd;
344 ei.addr = (loff_t)pnum * ubi->peb_size;
345 ei.len = ubi->peb_size;
346 ei.callback = erase_callback;
347 ei.priv = (unsigned long)&wq;
348
349 err = mtd_erase(ubi->mtd, &ei);
350 if (err) {
351 if (retries++ < UBI_IO_RETRIES) {
352 ubi_warn(ubi, "error %d while erasing PEB %d, retry",
353 err, pnum);
354 yield();
355 goto retry;
356 }
357 ubi_err(ubi, "cannot erase PEB %d, error %d", pnum, err);
358 dump_stack();
359 return err;
360 }
361
362 err = wait_event_interruptible(wq, ei.state == MTD_ERASE_DONE ||
363 ei.state == MTD_ERASE_FAILED);
364 if (err) {
365 ubi_err(ubi, "interrupted PEB %d erasure", pnum);
366 return -EINTR;
367 }
368
369 if (ei.state == MTD_ERASE_FAILED) {
370 if (retries++ < UBI_IO_RETRIES) {
371 ubi_warn(ubi, "error while erasing PEB %d, retry",
372 pnum);
373 yield();
374 goto retry;
375 }
376 ubi_err(ubi, "cannot erase PEB %d", pnum);
377 dump_stack();
378 return -EIO;
379 }
380
381 err = ubi_self_check_all_ff(ubi, pnum, 0, ubi->peb_size);
382 if (err)
383 return err;
384
385 if (ubi_dbg_is_erase_failure(ubi)) {
386 ubi_err(ubi, "cannot erase PEB %d (emulated)", pnum);
387 return -EIO;
388 }
389
390 return 0;
391 }
392
393 /* Patterns to write to a physical eraseblock when torturing it */
394 static uint8_t patterns[] = {0xa5, 0x5a, 0x0};
395
396 /**
397 * torture_peb - test a supposedly bad physical eraseblock.
398 * @ubi: UBI device description object
399 * @pnum: the physical eraseblock number to test
400 *
401 * This function returns %-EIO if the physical eraseblock did not pass the
402 * test, a positive number of erase operations done if the test was
403 * successfully passed, and other negative error codes in case of other errors.
404 */
torture_peb(struct ubi_device * ubi,int pnum)405 static int torture_peb(struct ubi_device *ubi, int pnum)
406 {
407 int err, i, patt_count;
408
409 ubi_msg(ubi, "run torture test for PEB %d", pnum);
410 patt_count = ARRAY_SIZE(patterns);
411 ubi_assert(patt_count > 0);
412
413 mutex_lock(&ubi->buf_mutex);
414 for (i = 0; i < patt_count; i++) {
415 err = do_sync_erase(ubi, pnum);
416 if (err)
417 goto out;
418
419 /* Make sure the PEB contains only 0xFF bytes */
420 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
421 if (err)
422 goto out;
423
424 err = ubi_check_pattern(ubi->peb_buf, 0xFF, ubi->peb_size);
425 if (err == 0) {
426 ubi_err(ubi, "erased PEB %d, but a non-0xFF byte found",
427 pnum);
428 err = -EIO;
429 goto out;
430 }
431
432 /* Write a pattern and check it */
433 memset(ubi->peb_buf, patterns[i], ubi->peb_size);
434 err = ubi_io_write(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
435 if (err)
436 goto out;
437
438 memset(ubi->peb_buf, ~patterns[i], ubi->peb_size);
439 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
440 if (err)
441 goto out;
442
443 err = ubi_check_pattern(ubi->peb_buf, patterns[i],
444 ubi->peb_size);
445 if (err == 0) {
446 ubi_err(ubi, "pattern %x checking failed for PEB %d",
447 patterns[i], pnum);
448 err = -EIO;
449 goto out;
450 }
451 }
452
453 err = patt_count;
454 ubi_msg(ubi, "PEB %d passed torture test, do not mark it as bad", pnum);
455
456 out:
457 mutex_unlock(&ubi->buf_mutex);
458 if (err == UBI_IO_BITFLIPS || mtd_is_eccerr(err)) {
459 /*
460 * If a bit-flip or data integrity error was detected, the test
461 * has not passed because it happened on a freshly erased
462 * physical eraseblock which means something is wrong with it.
463 */
464 ubi_err(ubi, "read problems on freshly erased PEB %d, must be bad",
465 pnum);
466 err = -EIO;
467 }
468 return err;
469 }
470
471 /**
472 * nor_erase_prepare - prepare a NOR flash PEB for erasure.
473 * @ubi: UBI device description object
474 * @pnum: physical eraseblock number to prepare
475 *
476 * NOR flash, or at least some of them, have peculiar embedded PEB erasure
477 * algorithm: the PEB is first filled with zeroes, then it is erased. And
478 * filling with zeroes starts from the end of the PEB. This was observed with
479 * Spansion S29GL512N NOR flash.
480 *
481 * This means that in case of a power cut we may end up with intact data at the
482 * beginning of the PEB, and all zeroes at the end of PEB. In other words, the
483 * EC and VID headers are OK, but a large chunk of data at the end of PEB is
484 * zeroed. This makes UBI mistakenly treat this PEB as used and associate it
485 * with an LEB, which leads to subsequent failures (e.g., UBIFS fails).
486 *
487 * This function is called before erasing NOR PEBs and it zeroes out EC and VID
488 * magic numbers in order to invalidate them and prevent the failures. Returns
489 * zero in case of success and a negative error code in case of failure.
490 */
nor_erase_prepare(struct ubi_device * ubi,int pnum)491 static int nor_erase_prepare(struct ubi_device *ubi, int pnum)
492 {
493 int err;
494 size_t written;
495 loff_t addr;
496 uint32_t data = 0;
497 struct ubi_ec_hdr ec_hdr;
498
499 /*
500 * Note, we cannot generally define VID header buffers on stack,
501 * because of the way we deal with these buffers (see the header
502 * comment in this file). But we know this is a NOR-specific piece of
503 * code, so we can do this. But yes, this is error-prone and we should
504 * (pre-)allocate VID header buffer instead.
505 */
506 struct ubi_vid_hdr vid_hdr;
507
508 /*
509 * If VID or EC is valid, we have to corrupt them before erasing.
510 * It is important to first invalidate the EC header, and then the VID
511 * header. Otherwise a power cut may lead to valid EC header and
512 * invalid VID header, in which case UBI will treat this PEB as
513 * corrupted and will try to preserve it, and print scary warnings.
514 */
515 addr = (loff_t)pnum * ubi->peb_size;
516 err = ubi_io_read_ec_hdr(ubi, pnum, &ec_hdr, 0);
517 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
518 err != UBI_IO_FF){
519 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
520 if(err)
521 goto error;
522 }
523
524 err = ubi_io_read_vid_hdr(ubi, pnum, &vid_hdr, 0);
525 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
526 err != UBI_IO_FF){
527 addr += ubi->vid_hdr_aloffset;
528 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
529 if (err)
530 goto error;
531 }
532 return 0;
533
534 error:
535 /*
536 * The PEB contains a valid VID or EC header, but we cannot invalidate
537 * it. Supposedly the flash media or the driver is screwed up, so
538 * return an error.
539 */
540 ubi_err(ubi, "cannot invalidate PEB %d, write returned %d", pnum, err);
541 ubi_dump_flash(ubi, pnum, 0, ubi->peb_size);
542 return -EIO;
543 }
544
545 /**
546 * ubi_io_sync_erase - synchronously erase a physical eraseblock.
547 * @ubi: UBI device description object
548 * @pnum: physical eraseblock number to erase
549 * @torture: if this physical eraseblock has to be tortured
550 *
551 * This function synchronously erases physical eraseblock @pnum. If @torture
552 * flag is not zero, the physical eraseblock is checked by means of writing
553 * different patterns to it and reading them back. If the torturing is enabled,
554 * the physical eraseblock is erased more than once.
555 *
556 * This function returns the number of erasures made in case of success, %-EIO
557 * if the erasure failed or the torturing test failed, and other negative error
558 * codes in case of other errors. Note, %-EIO means that the physical
559 * eraseblock is bad.
560 */
ubi_io_sync_erase(struct ubi_device * ubi,int pnum,int torture)561 int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture)
562 {
563 int err, ret = 0;
564
565 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
566
567 err = self_check_not_bad(ubi, pnum);
568 if (err != 0)
569 return err;
570
571 if (ubi->ro_mode) {
572 ubi_err(ubi, "read-only mode");
573 return -EROFS;
574 }
575
576 if (ubi->nor_flash) {
577 err = nor_erase_prepare(ubi, pnum);
578 if (err)
579 return err;
580 }
581
582 if (torture) {
583 ret = torture_peb(ubi, pnum);
584 if (ret < 0)
585 return ret;
586 }
587
588 err = do_sync_erase(ubi, pnum);
589 if (err)
590 return err;
591
592 return ret + 1;
593 }
594
595 /**
596 * ubi_io_is_bad - check if a physical eraseblock is bad.
597 * @ubi: UBI device description object
598 * @pnum: the physical eraseblock number to check
599 *
600 * This function returns a positive number if the physical eraseblock is bad,
601 * zero if not, and a negative error code if an error occurred.
602 */
ubi_io_is_bad(const struct ubi_device * ubi,int pnum)603 int ubi_io_is_bad(const struct ubi_device *ubi, int pnum)
604 {
605 struct mtd_info *mtd = ubi->mtd;
606
607 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
608
609 if (ubi->bad_allowed) {
610 int ret;
611
612 ret = mtd_block_isbad(mtd, (loff_t)pnum * ubi->peb_size);
613 if (ret < 0)
614 ubi_err(ubi, "error %d while checking if PEB %d is bad",
615 ret, pnum);
616 else if (ret)
617 dbg_io("PEB %d is bad", pnum);
618 return ret;
619 }
620
621 return 0;
622 }
623
624 /**
625 * ubi_io_mark_bad - mark a physical eraseblock as bad.
626 * @ubi: UBI device description object
627 * @pnum: the physical eraseblock number to mark
628 *
629 * This function returns zero in case of success and a negative error code in
630 * case of failure.
631 */
ubi_io_mark_bad(const struct ubi_device * ubi,int pnum)632 int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum)
633 {
634 int err;
635 struct mtd_info *mtd = ubi->mtd;
636
637 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
638
639 if (ubi->ro_mode) {
640 ubi_err(ubi, "read-only mode");
641 return -EROFS;
642 }
643
644 if (!ubi->bad_allowed)
645 return 0;
646
647 err = mtd_block_markbad(mtd, (loff_t)pnum * ubi->peb_size);
648 if (err)
649 ubi_err(ubi, "cannot mark PEB %d bad, error %d", pnum, err);
650 return err;
651 }
652
653 /**
654 * validate_ec_hdr - validate an erase counter header.
655 * @ubi: UBI device description object
656 * @ec_hdr: the erase counter header to check
657 *
658 * This function returns zero if the erase counter header is OK, and %1 if
659 * not.
660 */
validate_ec_hdr(const struct ubi_device * ubi,const struct ubi_ec_hdr * ec_hdr)661 static int validate_ec_hdr(const struct ubi_device *ubi,
662 const struct ubi_ec_hdr *ec_hdr)
663 {
664 long long ec;
665 int vid_hdr_offset, leb_start;
666
667 ec = be64_to_cpu(ec_hdr->ec);
668 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset);
669 leb_start = be32_to_cpu(ec_hdr->data_offset);
670
671 if (ec_hdr->version != UBI_VERSION) {
672 ubi_err(ubi, "node with incompatible UBI version found: this UBI version is %d, image version is %d",
673 UBI_VERSION, (int)ec_hdr->version);
674 goto bad;
675 }
676
677 if (vid_hdr_offset != ubi->vid_hdr_offset) {
678 ubi_err(ubi, "bad VID header offset %d, expected %d",
679 vid_hdr_offset, ubi->vid_hdr_offset);
680 goto bad;
681 }
682
683 if (leb_start != ubi->leb_start) {
684 ubi_err(ubi, "bad data offset %d, expected %d",
685 leb_start, ubi->leb_start);
686 goto bad;
687 }
688
689 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) {
690 ubi_err(ubi, "bad erase counter %lld", ec);
691 goto bad;
692 }
693
694 return 0;
695
696 bad:
697 ubi_err(ubi, "bad EC header");
698 ubi_dump_ec_hdr(ec_hdr);
699 dump_stack();
700 return 1;
701 }
702
703 /**
704 * ubi_io_read_ec_hdr - read and check an erase counter header.
705 * @ubi: UBI device description object
706 * @pnum: physical eraseblock to read from
707 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter
708 * header
709 * @verbose: be verbose if the header is corrupted or was not found
710 *
711 * This function reads erase counter header from physical eraseblock @pnum and
712 * stores it in @ec_hdr. This function also checks CRC checksum of the read
713 * erase counter header. The following codes may be returned:
714 *
715 * o %0 if the CRC checksum is correct and the header was successfully read;
716 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected
717 * and corrected by the flash driver; this is harmless but may indicate that
718 * this eraseblock may become bad soon (but may be not);
719 * o %UBI_IO_BAD_HDR if the erase counter header is corrupted (a CRC error);
720 * o %UBI_IO_BAD_HDR_EBADMSG is the same as %UBI_IO_BAD_HDR, but there also was
721 * a data integrity error (uncorrectable ECC error in case of NAND);
722 * o %UBI_IO_FF if only 0xFF bytes were read (the PEB is supposedly empty)
723 * o a negative error code in case of failure.
724 */
ubi_io_read_ec_hdr(struct ubi_device * ubi,int pnum,struct ubi_ec_hdr * ec_hdr,int verbose)725 int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum,
726 struct ubi_ec_hdr *ec_hdr, int verbose)
727 {
728 int err, read_err;
729 uint32_t crc, magic, hdr_crc;
730
731 dbg_io("read EC header from PEB %d", pnum);
732 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
733
734 read_err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
735 if (read_err) {
736 if (read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
737 return read_err;
738
739 /*
740 * We read all the data, but either a correctable bit-flip
741 * occurred, or MTD reported a data integrity error
742 * (uncorrectable ECC error in case of NAND). The former is
743 * harmless, the later may mean that the read data is
744 * corrupted. But we have a CRC check-sum and we will detect
745 * this. If the EC header is still OK, we just report this as
746 * there was a bit-flip, to force scrubbing.
747 */
748 }
749
750 magic = be32_to_cpu(ec_hdr->magic);
751 if (magic != UBI_EC_HDR_MAGIC) {
752 if (mtd_is_eccerr(read_err))
753 return UBI_IO_BAD_HDR_EBADMSG;
754
755 /*
756 * The magic field is wrong. Let's check if we have read all
757 * 0xFF. If yes, this physical eraseblock is assumed to be
758 * empty.
759 */
760 if (ubi_check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) {
761 /* The physical eraseblock is supposedly empty */
762 if (verbose)
763 ubi_warn(ubi, "no EC header found at PEB %d, only 0xFF bytes",
764 pnum);
765 dbg_bld("no EC header found at PEB %d, only 0xFF bytes",
766 pnum);
767 if (!read_err)
768 return UBI_IO_FF;
769 else
770 return UBI_IO_FF_BITFLIPS;
771 }
772
773 /*
774 * This is not a valid erase counter header, and these are not
775 * 0xFF bytes. Report that the header is corrupted.
776 */
777 if (verbose) {
778 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
779 pnum, magic, UBI_EC_HDR_MAGIC);
780 ubi_dump_ec_hdr(ec_hdr);
781 }
782 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
783 pnum, magic, UBI_EC_HDR_MAGIC);
784 return UBI_IO_BAD_HDR;
785 }
786
787 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
788 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
789
790 if (hdr_crc != crc) {
791 if (verbose) {
792 ubi_warn(ubi, "bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
793 pnum, crc, hdr_crc);
794 ubi_dump_ec_hdr(ec_hdr);
795 }
796 dbg_bld("bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
797 pnum, crc, hdr_crc);
798
799 if (!read_err)
800 return UBI_IO_BAD_HDR;
801 else
802 return UBI_IO_BAD_HDR_EBADMSG;
803 }
804
805 /* And of course validate what has just been read from the media */
806 err = validate_ec_hdr(ubi, ec_hdr);
807 if (err) {
808 ubi_err(ubi, "validation failed for PEB %d", pnum);
809 return -EINVAL;
810 }
811
812 /*
813 * If there was %-EBADMSG, but the header CRC is still OK, report about
814 * a bit-flip to force scrubbing on this PEB.
815 */
816 return read_err ? UBI_IO_BITFLIPS : 0;
817 }
818
819 /**
820 * ubi_io_write_ec_hdr - write an erase counter header.
821 * @ubi: UBI device description object
822 * @pnum: physical eraseblock to write to
823 * @ec_hdr: the erase counter header to write
824 *
825 * This function writes erase counter header described by @ec_hdr to physical
826 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so
827 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec
828 * field.
829 *
830 * This function returns zero in case of success and a negative error code in
831 * case of failure. If %-EIO is returned, the physical eraseblock most probably
832 * went bad.
833 */
ubi_io_write_ec_hdr(struct ubi_device * ubi,int pnum,struct ubi_ec_hdr * ec_hdr)834 int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum,
835 struct ubi_ec_hdr *ec_hdr)
836 {
837 int err;
838 uint32_t crc;
839
840 dbg_io("write EC header to PEB %d", pnum);
841 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
842
843 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC);
844 ec_hdr->version = UBI_VERSION;
845 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset);
846 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start);
847 ec_hdr->image_seq = cpu_to_be32(ubi->image_seq);
848 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
849 ec_hdr->hdr_crc = cpu_to_be32(crc);
850
851 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
852 if (err)
853 return err;
854
855 if (ubi_dbg_power_cut(ubi, POWER_CUT_EC_WRITE))
856 return -EROFS;
857
858 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize);
859 return err;
860 }
861
862 /**
863 * validate_vid_hdr - validate a volume identifier header.
864 * @ubi: UBI device description object
865 * @vid_hdr: the volume identifier header to check
866 *
867 * This function checks that data stored in the volume identifier header
868 * @vid_hdr. Returns zero if the VID header is OK and %1 if not.
869 */
validate_vid_hdr(const struct ubi_device * ubi,const struct ubi_vid_hdr * vid_hdr)870 static int validate_vid_hdr(const struct ubi_device *ubi,
871 const struct ubi_vid_hdr *vid_hdr)
872 {
873 int vol_type = vid_hdr->vol_type;
874 int copy_flag = vid_hdr->copy_flag;
875 int vol_id = be32_to_cpu(vid_hdr->vol_id);
876 int lnum = be32_to_cpu(vid_hdr->lnum);
877 int compat = vid_hdr->compat;
878 int data_size = be32_to_cpu(vid_hdr->data_size);
879 int used_ebs = be32_to_cpu(vid_hdr->used_ebs);
880 int data_pad = be32_to_cpu(vid_hdr->data_pad);
881 int data_crc = be32_to_cpu(vid_hdr->data_crc);
882 int usable_leb_size = ubi->leb_size - data_pad;
883
884 if (copy_flag != 0 && copy_flag != 1) {
885 ubi_err(ubi, "bad copy_flag");
886 goto bad;
887 }
888
889 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 ||
890 data_pad < 0) {
891 ubi_err(ubi, "negative values");
892 goto bad;
893 }
894
895 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) {
896 ubi_err(ubi, "bad vol_id");
897 goto bad;
898 }
899
900 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) {
901 ubi_err(ubi, "bad compat");
902 goto bad;
903 }
904
905 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE &&
906 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE &&
907 compat != UBI_COMPAT_REJECT) {
908 ubi_err(ubi, "bad compat");
909 goto bad;
910 }
911
912 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) {
913 ubi_err(ubi, "bad vol_type");
914 goto bad;
915 }
916
917 if (data_pad >= ubi->leb_size / 2) {
918 ubi_err(ubi, "bad data_pad");
919 goto bad;
920 }
921
922 if (vol_type == UBI_VID_STATIC) {
923 /*
924 * Although from high-level point of view static volumes may
925 * contain zero bytes of data, but no VID headers can contain
926 * zero at these fields, because they empty volumes do not have
927 * mapped logical eraseblocks.
928 */
929 if (used_ebs == 0) {
930 ubi_err(ubi, "zero used_ebs");
931 goto bad;
932 }
933 if (data_size == 0) {
934 ubi_err(ubi, "zero data_size");
935 goto bad;
936 }
937 if (lnum < used_ebs - 1) {
938 if (data_size != usable_leb_size) {
939 ubi_err(ubi, "bad data_size");
940 goto bad;
941 }
942 } else if (lnum == used_ebs - 1) {
943 if (data_size == 0) {
944 ubi_err(ubi, "bad data_size at last LEB");
945 goto bad;
946 }
947 } else {
948 ubi_err(ubi, "too high lnum");
949 goto bad;
950 }
951 } else {
952 if (copy_flag == 0) {
953 if (data_crc != 0) {
954 ubi_err(ubi, "non-zero data CRC");
955 goto bad;
956 }
957 if (data_size != 0) {
958 ubi_err(ubi, "non-zero data_size");
959 goto bad;
960 }
961 } else {
962 if (data_size == 0) {
963 ubi_err(ubi, "zero data_size of copy");
964 goto bad;
965 }
966 }
967 if (used_ebs != 0) {
968 ubi_err(ubi, "bad used_ebs");
969 goto bad;
970 }
971 }
972
973 return 0;
974
975 bad:
976 ubi_err(ubi, "bad VID header");
977 ubi_dump_vid_hdr(vid_hdr);
978 dump_stack();
979 return 1;
980 }
981
982 /**
983 * ubi_io_read_vid_hdr - read and check a volume identifier header.
984 * @ubi: UBI device description object
985 * @pnum: physical eraseblock number to read from
986 * @vid_hdr: &struct ubi_vid_hdr object where to store the read volume
987 * identifier header
988 * @verbose: be verbose if the header is corrupted or wasn't found
989 *
990 * This function reads the volume identifier header from physical eraseblock
991 * @pnum and stores it in @vid_hdr. It also checks CRC checksum of the read
992 * volume identifier header. The error codes are the same as in
993 * 'ubi_io_read_ec_hdr()'.
994 *
995 * Note, the implementation of this function is also very similar to
996 * 'ubi_io_read_ec_hdr()', so refer commentaries in 'ubi_io_read_ec_hdr()'.
997 */
ubi_io_read_vid_hdr(struct ubi_device * ubi,int pnum,struct ubi_vid_hdr * vid_hdr,int verbose)998 int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum,
999 struct ubi_vid_hdr *vid_hdr, int verbose)
1000 {
1001 int err, read_err;
1002 uint32_t crc, magic, hdr_crc;
1003 void *p;
1004
1005 dbg_io("read VID header from PEB %d", pnum);
1006 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1007
1008 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1009 read_err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1010 ubi->vid_hdr_alsize);
1011 if (read_err && read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
1012 return read_err;
1013
1014 magic = be32_to_cpu(vid_hdr->magic);
1015 if (magic != UBI_VID_HDR_MAGIC) {
1016 if (mtd_is_eccerr(read_err))
1017 return UBI_IO_BAD_HDR_EBADMSG;
1018
1019 if (ubi_check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) {
1020 if (verbose)
1021 ubi_warn(ubi, "no VID header found at PEB %d, only 0xFF bytes",
1022 pnum);
1023 dbg_bld("no VID header found at PEB %d, only 0xFF bytes",
1024 pnum);
1025 if (!read_err)
1026 return UBI_IO_FF;
1027 else
1028 return UBI_IO_FF_BITFLIPS;
1029 }
1030
1031 if (verbose) {
1032 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
1033 pnum, magic, UBI_VID_HDR_MAGIC);
1034 ubi_dump_vid_hdr(vid_hdr);
1035 }
1036 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
1037 pnum, magic, UBI_VID_HDR_MAGIC);
1038 return UBI_IO_BAD_HDR;
1039 }
1040
1041 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1042 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1043
1044 if (hdr_crc != crc) {
1045 if (verbose) {
1046 ubi_warn(ubi, "bad CRC at PEB %d, calculated %#08x, read %#08x",
1047 pnum, crc, hdr_crc);
1048 ubi_dump_vid_hdr(vid_hdr);
1049 }
1050 dbg_bld("bad CRC at PEB %d, calculated %#08x, read %#08x",
1051 pnum, crc, hdr_crc);
1052 if (!read_err)
1053 return UBI_IO_BAD_HDR;
1054 else
1055 return UBI_IO_BAD_HDR_EBADMSG;
1056 }
1057
1058 err = validate_vid_hdr(ubi, vid_hdr);
1059 if (err) {
1060 ubi_err(ubi, "validation failed for PEB %d", pnum);
1061 return -EINVAL;
1062 }
1063
1064 return read_err ? UBI_IO_BITFLIPS : 0;
1065 }
1066
1067 /**
1068 * ubi_io_write_vid_hdr - write a volume identifier header.
1069 * @ubi: UBI device description object
1070 * @pnum: the physical eraseblock number to write to
1071 * @vid_hdr: the volume identifier header to write
1072 *
1073 * This function writes the volume identifier header described by @vid_hdr to
1074 * physical eraseblock @pnum. This function automatically fills the
1075 * @vid_hdr->magic and the @vid_hdr->version fields, as well as calculates
1076 * header CRC checksum and stores it at vid_hdr->hdr_crc.
1077 *
1078 * This function returns zero in case of success and a negative error code in
1079 * case of failure. If %-EIO is returned, the physical eraseblock probably went
1080 * bad.
1081 */
ubi_io_write_vid_hdr(struct ubi_device * ubi,int pnum,struct ubi_vid_hdr * vid_hdr)1082 int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum,
1083 struct ubi_vid_hdr *vid_hdr)
1084 {
1085 int err;
1086 uint32_t crc;
1087 void *p;
1088
1089 dbg_io("write VID header to PEB %d", pnum);
1090 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1091
1092 err = self_check_peb_ec_hdr(ubi, pnum);
1093 if (err)
1094 return err;
1095
1096 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC);
1097 vid_hdr->version = UBI_VERSION;
1098 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1099 vid_hdr->hdr_crc = cpu_to_be32(crc);
1100
1101 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1102 if (err)
1103 return err;
1104
1105 if (ubi_dbg_power_cut(ubi, POWER_CUT_VID_WRITE))
1106 return -EROFS;
1107
1108 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1109 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset,
1110 ubi->vid_hdr_alsize);
1111 return err;
1112 }
1113
1114 /**
1115 * self_check_not_bad - ensure that a physical eraseblock is not bad.
1116 * @ubi: UBI device description object
1117 * @pnum: physical eraseblock number to check
1118 *
1119 * This function returns zero if the physical eraseblock is good, %-EINVAL if
1120 * it is bad and a negative error code if an error occurred.
1121 */
self_check_not_bad(const struct ubi_device * ubi,int pnum)1122 static int self_check_not_bad(const struct ubi_device *ubi, int pnum)
1123 {
1124 int err;
1125
1126 if (!ubi_dbg_chk_io(ubi))
1127 return 0;
1128
1129 err = ubi_io_is_bad(ubi, pnum);
1130 if (!err)
1131 return err;
1132
1133 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1134 dump_stack();
1135 return err > 0 ? -EINVAL : err;
1136 }
1137
1138 /**
1139 * self_check_ec_hdr - check if an erase counter header is all right.
1140 * @ubi: UBI device description object
1141 * @pnum: physical eraseblock number the erase counter header belongs to
1142 * @ec_hdr: the erase counter header to check
1143 *
1144 * This function returns zero if the erase counter header contains valid
1145 * values, and %-EINVAL if not.
1146 */
self_check_ec_hdr(const struct ubi_device * ubi,int pnum,const struct ubi_ec_hdr * ec_hdr)1147 static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
1148 const struct ubi_ec_hdr *ec_hdr)
1149 {
1150 int err;
1151 uint32_t magic;
1152
1153 if (!ubi_dbg_chk_io(ubi))
1154 return 0;
1155
1156 magic = be32_to_cpu(ec_hdr->magic);
1157 if (magic != UBI_EC_HDR_MAGIC) {
1158 ubi_err(ubi, "bad magic %#08x, must be %#08x",
1159 magic, UBI_EC_HDR_MAGIC);
1160 goto fail;
1161 }
1162
1163 err = validate_ec_hdr(ubi, ec_hdr);
1164 if (err) {
1165 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1166 goto fail;
1167 }
1168
1169 return 0;
1170
1171 fail:
1172 ubi_dump_ec_hdr(ec_hdr);
1173 dump_stack();
1174 return -EINVAL;
1175 }
1176
1177 /**
1178 * self_check_peb_ec_hdr - check erase counter header.
1179 * @ubi: UBI device description object
1180 * @pnum: the physical eraseblock number to check
1181 *
1182 * This function returns zero if the erase counter header is all right and and
1183 * a negative error code if not or if an error occurred.
1184 */
self_check_peb_ec_hdr(const struct ubi_device * ubi,int pnum)1185 static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum)
1186 {
1187 int err;
1188 uint32_t crc, hdr_crc;
1189 struct ubi_ec_hdr *ec_hdr;
1190
1191 if (!ubi_dbg_chk_io(ubi))
1192 return 0;
1193
1194 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS);
1195 if (!ec_hdr)
1196 return -ENOMEM;
1197
1198 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
1199 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1200 goto exit;
1201
1202 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
1203 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
1204 if (hdr_crc != crc) {
1205 ubi_err(ubi, "bad CRC, calculated %#08x, read %#08x",
1206 crc, hdr_crc);
1207 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1208 ubi_dump_ec_hdr(ec_hdr);
1209 dump_stack();
1210 err = -EINVAL;
1211 goto exit;
1212 }
1213
1214 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
1215
1216 exit:
1217 kfree(ec_hdr);
1218 return err;
1219 }
1220
1221 /**
1222 * self_check_vid_hdr - check that a volume identifier header is all right.
1223 * @ubi: UBI device description object
1224 * @pnum: physical eraseblock number the volume identifier header belongs to
1225 * @vid_hdr: the volume identifier header to check
1226 *
1227 * This function returns zero if the volume identifier header is all right, and
1228 * %-EINVAL if not.
1229 */
self_check_vid_hdr(const struct ubi_device * ubi,int pnum,const struct ubi_vid_hdr * vid_hdr)1230 static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
1231 const struct ubi_vid_hdr *vid_hdr)
1232 {
1233 int err;
1234 uint32_t magic;
1235
1236 if (!ubi_dbg_chk_io(ubi))
1237 return 0;
1238
1239 magic = be32_to_cpu(vid_hdr->magic);
1240 if (magic != UBI_VID_HDR_MAGIC) {
1241 ubi_err(ubi, "bad VID header magic %#08x at PEB %d, must be %#08x",
1242 magic, pnum, UBI_VID_HDR_MAGIC);
1243 goto fail;
1244 }
1245
1246 err = validate_vid_hdr(ubi, vid_hdr);
1247 if (err) {
1248 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1249 goto fail;
1250 }
1251
1252 return err;
1253
1254 fail:
1255 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1256 ubi_dump_vid_hdr(vid_hdr);
1257 dump_stack();
1258 return -EINVAL;
1259
1260 }
1261
1262 /**
1263 * self_check_peb_vid_hdr - check volume identifier header.
1264 * @ubi: UBI device description object
1265 * @pnum: the physical eraseblock number to check
1266 *
1267 * This function returns zero if the volume identifier header is all right,
1268 * and a negative error code if not or if an error occurred.
1269 */
self_check_peb_vid_hdr(const struct ubi_device * ubi,int pnum)1270 static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum)
1271 {
1272 int err;
1273 uint32_t crc, hdr_crc;
1274 struct ubi_vid_hdr *vid_hdr;
1275 void *p;
1276
1277 if (!ubi_dbg_chk_io(ubi))
1278 return 0;
1279
1280 vid_hdr = ubi_zalloc_vid_hdr(ubi, GFP_NOFS);
1281 if (!vid_hdr)
1282 return -ENOMEM;
1283
1284 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1285 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1286 ubi->vid_hdr_alsize);
1287 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1288 goto exit;
1289
1290 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_EC_HDR_SIZE_CRC);
1291 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1292 if (hdr_crc != crc) {
1293 ubi_err(ubi, "bad VID header CRC at PEB %d, calculated %#08x, read %#08x",
1294 pnum, crc, hdr_crc);
1295 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1296 ubi_dump_vid_hdr(vid_hdr);
1297 dump_stack();
1298 err = -EINVAL;
1299 goto exit;
1300 }
1301
1302 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1303
1304 exit:
1305 ubi_free_vid_hdr(ubi, vid_hdr);
1306 return err;
1307 }
1308
1309 /**
1310 * self_check_write - make sure write succeeded.
1311 * @ubi: UBI device description object
1312 * @buf: buffer with data which were written
1313 * @pnum: physical eraseblock number the data were written to
1314 * @offset: offset within the physical eraseblock the data were written to
1315 * @len: how many bytes were written
1316 *
1317 * This functions reads data which were recently written and compares it with
1318 * the original data buffer - the data have to match. Returns zero if the data
1319 * match and a negative error code if not or in case of failure.
1320 */
self_check_write(struct ubi_device * ubi,const void * buf,int pnum,int offset,int len)1321 static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
1322 int offset, int len)
1323 {
1324 int err, i;
1325 size_t read;
1326 void *buf1;
1327 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1328
1329 if (!ubi_dbg_chk_io(ubi))
1330 return 0;
1331
1332 buf1 = __vmalloc(len, GFP_NOFS, PAGE_KERNEL);
1333 if (!buf1) {
1334 ubi_err(ubi, "cannot allocate memory to check writes");
1335 return 0;
1336 }
1337
1338 err = mtd_read(ubi->mtd, addr, len, &read, buf1);
1339 if (err && !mtd_is_bitflip(err))
1340 goto out_free;
1341
1342 for (i = 0; i < len; i++) {
1343 uint8_t c = ((uint8_t *)buf)[i];
1344 uint8_t c1 = ((uint8_t *)buf1)[i];
1345 #if !defined(CONFIG_UBI_SILENCE_MSG)
1346 int dump_len = max_t(int, 128, len - i);
1347 #endif
1348
1349 if (c == c1)
1350 continue;
1351
1352 ubi_err(ubi, "self-check failed for PEB %d:%d, len %d",
1353 pnum, offset, len);
1354 ubi_msg(ubi, "data differ at position %d", i);
1355 ubi_msg(ubi, "hex dump of the original buffer from %d to %d",
1356 i, i + dump_len);
1357 print_hex_dump("", DUMP_PREFIX_OFFSET, 32, 1,
1358 buf + i, dump_len, 1);
1359 ubi_msg(ubi, "hex dump of the read buffer from %d to %d",
1360 i, i + dump_len);
1361 print_hex_dump("", DUMP_PREFIX_OFFSET, 32, 1,
1362 buf1 + i, dump_len, 1);
1363 dump_stack();
1364 err = -EINVAL;
1365 goto out_free;
1366 }
1367
1368 vfree(buf1);
1369 return 0;
1370
1371 out_free:
1372 vfree(buf1);
1373 return err;
1374 }
1375
1376 /**
1377 * ubi_self_check_all_ff - check that a region of flash is empty.
1378 * @ubi: UBI device description object
1379 * @pnum: the physical eraseblock number to check
1380 * @offset: the starting offset within the physical eraseblock to check
1381 * @len: the length of the region to check
1382 *
1383 * This function returns zero if only 0xFF bytes are present at offset
1384 * @offset of the physical eraseblock @pnum, and a negative error code if not
1385 * or if an error occurred.
1386 */
ubi_self_check_all_ff(struct ubi_device * ubi,int pnum,int offset,int len)1387 int ubi_self_check_all_ff(struct ubi_device *ubi, int pnum, int offset, int len)
1388 {
1389 size_t read;
1390 int err;
1391 void *buf;
1392 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1393
1394 if (!ubi_dbg_chk_io(ubi))
1395 return 0;
1396
1397 buf = __vmalloc(len, GFP_NOFS, PAGE_KERNEL);
1398 if (!buf) {
1399 ubi_err(ubi, "cannot allocate memory to check for 0xFFs");
1400 return 0;
1401 }
1402
1403 err = mtd_read(ubi->mtd, addr, len, &read, buf);
1404 if (err && !mtd_is_bitflip(err)) {
1405 ubi_err(ubi, "err %d while reading %d bytes from PEB %d:%d, read %zd bytes",
1406 err, len, pnum, offset, read);
1407 goto error;
1408 }
1409
1410 err = ubi_check_pattern(buf, 0xFF, len);
1411 if (err == 0) {
1412 ubi_err(ubi, "flash region at PEB %d:%d, length %d does not contain all 0xFF bytes",
1413 pnum, offset, len);
1414 goto fail;
1415 }
1416
1417 vfree(buf);
1418 return 0;
1419
1420 fail:
1421 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1422 ubi_msg(ubi, "hex dump of the %d-%d region", offset, offset + len);
1423 print_hex_dump("", DUMP_PREFIX_OFFSET, 32, 1, buf, len, 1);
1424 err = -EINVAL;
1425 error:
1426 dump_stack();
1427 vfree(buf);
1428 return err;
1429 }
1430