1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Copyright (c) International Business Machines Corp., 2006
4 * Copyright (c) Nokia Corporation, 2006, 2007
5 *
6 * Author: Artem Bityutskiy (Битюцкий Артём)
7 */
8
9 /*
10 * UBI input/output sub-system.
11 *
12 * This sub-system provides a uniform way to work with all kinds of the
13 * underlying MTD devices. It also implements handy functions for reading and
14 * writing UBI headers.
15 *
16 * We are trying to have a paranoid mindset and not to trust to what we read
17 * from the flash media in order to be more secure and robust. So this
18 * sub-system validates every single header it reads from the flash media.
19 *
20 * Some words about how the eraseblock headers are stored.
21 *
22 * The erase counter header is always stored at offset zero. By default, the
23 * VID header is stored after the EC header at the closest aligned offset
24 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID
25 * header at the closest aligned offset. But this default layout may be
26 * changed. For example, for different reasons (e.g., optimization) UBI may be
27 * asked to put the VID header at further offset, and even at an unaligned
28 * offset. Of course, if the offset of the VID header is unaligned, UBI adds
29 * proper padding in front of it. Data offset may also be changed but it has to
30 * be aligned.
31 *
32 * About minimal I/O units. In general, UBI assumes flash device model where
33 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1,
34 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the
35 * @ubi->mtd->writesize field. But as an exception, UBI admits of using another
36 * (smaller) minimal I/O unit size for EC and VID headers to make it possible
37 * to do different optimizations.
38 *
39 * This is extremely useful in case of NAND flashes which admit of several
40 * write operations to one NAND page. In this case UBI can fit EC and VID
41 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal
42 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still
43 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI
44 * users.
45 *
46 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so
47 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID
48 * headers.
49 *
50 * Q: why not just to treat sub-page as a minimal I/O unit of this flash
51 * device, e.g., make @ubi->min_io_size = 512 in the example above?
52 *
53 * A: because when writing a sub-page, MTD still writes a full 2K page but the
54 * bytes which are not relevant to the sub-page are 0xFF. So, basically,
55 * writing 4x512 sub-pages is 4 times slower than writing one 2KiB NAND page.
56 * Thus, we prefer to use sub-pages only for EC and VID headers.
57 *
58 * As it was noted above, the VID header may start at a non-aligned offset.
59 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page,
60 * the VID header may reside at offset 1984 which is the last 64 bytes of the
61 * last sub-page (EC header is always at offset zero). This causes some
62 * difficulties when reading and writing VID headers.
63 *
64 * Suppose we have a 64-byte buffer and we read a VID header at it. We change
65 * the data and want to write this VID header out. As we can only write in
66 * 512-byte chunks, we have to allocate one more buffer and copy our VID header
67 * to offset 448 of this buffer.
68 *
69 * The I/O sub-system does the following trick in order to avoid this extra
70 * copy. It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID
71 * header and returns a pointer to offset @ubi->vid_hdr_shift of this buffer.
72 * When the VID header is being written out, it shifts the VID header pointer
73 * back and writes the whole sub-page.
74 */
75
76 #ifndef __UBOOT__
77 #include <linux/crc32.h>
78 #include <linux/err.h>
79 #include <linux/slab.h>
80 #include <u-boot/crc.h>
81 #else
82 #include <hexdump.h>
83 #include <ubi_uboot.h>
84 #endif
85
86 #include "ubi.h"
87
88 static int self_check_not_bad(const struct ubi_device *ubi, int pnum);
89 static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum);
90 static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
91 const struct ubi_ec_hdr *ec_hdr);
92 static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum);
93 static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
94 const struct ubi_vid_hdr *vid_hdr);
95 static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
96 int offset, int len);
97
98 /**
99 * ubi_io_read - read data from a physical eraseblock.
100 * @ubi: UBI device description object
101 * @buf: buffer where to store the read data
102 * @pnum: physical eraseblock number to read from
103 * @offset: offset within the physical eraseblock from where to read
104 * @len: how many bytes to read
105 *
106 * This function reads data from offset @offset of physical eraseblock @pnum
107 * and stores the read data in the @buf buffer. The following return codes are
108 * possible:
109 *
110 * o %0 if all the requested data were successfully read;
111 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but
112 * correctable bit-flips were detected; this is harmless but may indicate
113 * that this eraseblock may become bad soon (but do not have to);
114 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for
115 * example it can be an ECC error in case of NAND; this most probably means
116 * that the data is corrupted;
117 * o %-EIO if some I/O error occurred;
118 * o other negative error codes in case of other errors.
119 */
ubi_io_read(const struct ubi_device * ubi,void * buf,int pnum,int offset,int len)120 int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset,
121 int len)
122 {
123 int err, retries = 0;
124 size_t read;
125 loff_t addr;
126
127 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset);
128
129 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
130 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
131 ubi_assert(len > 0);
132
133 err = self_check_not_bad(ubi, pnum);
134 if (err)
135 return err;
136
137 /*
138 * Deliberately corrupt the buffer to improve robustness. Indeed, if we
139 * do not do this, the following may happen:
140 * 1. The buffer contains data from previous operation, e.g., read from
141 * another PEB previously. The data looks like expected, e.g., if we
142 * just do not read anything and return - the caller would not
143 * notice this. E.g., if we are reading a VID header, the buffer may
144 * contain a valid VID header from another PEB.
145 * 2. The driver is buggy and returns us success or -EBADMSG or
146 * -EUCLEAN, but it does not actually put any data to the buffer.
147 *
148 * This may confuse UBI or upper layers - they may think the buffer
149 * contains valid data while in fact it is just old data. This is
150 * especially possible because UBI (and UBIFS) relies on CRC, and
151 * treats data as correct even in case of ECC errors if the CRC is
152 * correct.
153 *
154 * Try to prevent this situation by changing the first byte of the
155 * buffer.
156 */
157 *((uint8_t *)buf) ^= 0xFF;
158
159 addr = (loff_t)pnum * ubi->peb_size + offset;
160 retry:
161 err = mtd_read(ubi->mtd, addr, len, &read, buf);
162 if (err) {
163 const char *errstr = mtd_is_eccerr(err) ? " (ECC error)" : "";
164
165 if (mtd_is_bitflip(err)) {
166 /*
167 * -EUCLEAN is reported if there was a bit-flip which
168 * was corrected, so this is harmless.
169 *
170 * We do not report about it here unless debugging is
171 * enabled. A corresponding message will be printed
172 * later, when it is has been scrubbed.
173 */
174 ubi_msg(ubi, "fixable bit-flip detected at PEB %d",
175 pnum);
176 ubi_assert(len == read);
177 return UBI_IO_BITFLIPS;
178 }
179
180 if (retries++ < UBI_IO_RETRIES) {
181 ubi_warn(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read only %zd bytes, retry",
182 err, errstr, len, pnum, offset, read);
183 yield();
184 goto retry;
185 }
186
187 ubi_err(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read %zd bytes",
188 err, errstr, len, pnum, offset, read);
189 dump_stack();
190
191 /*
192 * The driver should never return -EBADMSG if it failed to read
193 * all the requested data. But some buggy drivers might do
194 * this, so we change it to -EIO.
195 */
196 if (read != len && mtd_is_eccerr(err)) {
197 ubi_assert(0);
198 err = -EIO;
199 }
200 } else {
201 ubi_assert(len == read);
202
203 if (ubi_dbg_is_bitflip(ubi)) {
204 dbg_gen("bit-flip (emulated)");
205 err = UBI_IO_BITFLIPS;
206 }
207 }
208
209 return err;
210 }
211
212 /**
213 * ubi_io_write - write data to a physical eraseblock.
214 * @ubi: UBI device description object
215 * @buf: buffer with the data to write
216 * @pnum: physical eraseblock number to write to
217 * @offset: offset within the physical eraseblock where to write
218 * @len: how many bytes to write
219 *
220 * This function writes @len bytes of data from buffer @buf to offset @offset
221 * of physical eraseblock @pnum. If all the data were successfully written,
222 * zero is returned. If an error occurred, this function returns a negative
223 * error code. If %-EIO is returned, the physical eraseblock most probably went
224 * bad.
225 *
226 * Note, in case of an error, it is possible that something was still written
227 * to the flash media, but may be some garbage.
228 */
ubi_io_write(struct ubi_device * ubi,const void * buf,int pnum,int offset,int len)229 int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset,
230 int len)
231 {
232 int err;
233 size_t written;
234 loff_t addr;
235
236 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset);
237
238 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
239 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
240 ubi_assert(offset % ubi->hdrs_min_io_size == 0);
241 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0);
242
243 if (ubi->ro_mode) {
244 ubi_err(ubi, "read-only mode");
245 return -EROFS;
246 }
247
248 err = self_check_not_bad(ubi, pnum);
249 if (err)
250 return err;
251
252 /* The area we are writing to has to contain all 0xFF bytes */
253 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
254 if (err)
255 return err;
256
257 if (offset >= ubi->leb_start) {
258 /*
259 * We write to the data area of the physical eraseblock. Make
260 * sure it has valid EC and VID headers.
261 */
262 err = self_check_peb_ec_hdr(ubi, pnum);
263 if (err)
264 return err;
265 err = self_check_peb_vid_hdr(ubi, pnum);
266 if (err)
267 return err;
268 }
269
270 if (ubi_dbg_is_write_failure(ubi)) {
271 ubi_err(ubi, "cannot write %d bytes to PEB %d:%d (emulated)",
272 len, pnum, offset);
273 dump_stack();
274 return -EIO;
275 }
276
277 addr = (loff_t)pnum * ubi->peb_size + offset;
278 err = mtd_write(ubi->mtd, addr, len, &written, buf);
279 if (err) {
280 ubi_err(ubi, "error %d while writing %d bytes to PEB %d:%d, written %zd bytes",
281 err, len, pnum, offset, written);
282 dump_stack();
283 ubi_dump_flash(ubi, pnum, offset, len);
284 } else
285 ubi_assert(written == len);
286
287 if (!err) {
288 err = self_check_write(ubi, buf, pnum, offset, len);
289 if (err)
290 return err;
291
292 /*
293 * Since we always write sequentially, the rest of the PEB has
294 * to contain only 0xFF bytes.
295 */
296 offset += len;
297 len = ubi->peb_size - offset;
298 if (len)
299 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
300 }
301
302 return err;
303 }
304
305 /**
306 * erase_callback - MTD erasure call-back.
307 * @ei: MTD erase information object.
308 *
309 * Note, even though MTD erase interface is asynchronous, all the current
310 * implementations are synchronous anyway.
311 */
erase_callback(struct erase_info * ei)312 static void erase_callback(struct erase_info *ei)
313 {
314 wake_up_interruptible((wait_queue_head_t *)ei->priv);
315 }
316
317 /**
318 * do_sync_erase - synchronously erase a physical eraseblock.
319 * @ubi: UBI device description object
320 * @pnum: the physical eraseblock number to erase
321 *
322 * This function synchronously erases physical eraseblock @pnum and returns
323 * zero in case of success and a negative error code in case of failure. If
324 * %-EIO is returned, the physical eraseblock most probably went bad.
325 */
do_sync_erase(struct ubi_device * ubi,int pnum)326 static int do_sync_erase(struct ubi_device *ubi, int pnum)
327 {
328 int err, retries = 0;
329 struct erase_info ei;
330 wait_queue_head_t wq;
331
332 dbg_io("erase PEB %d", pnum);
333 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
334
335 if (ubi->ro_mode) {
336 ubi_err(ubi, "read-only mode");
337 return -EROFS;
338 }
339
340 retry:
341 init_waitqueue_head(&wq);
342 memset(&ei, 0, sizeof(struct erase_info));
343
344 ei.mtd = ubi->mtd;
345 ei.addr = (loff_t)pnum * ubi->peb_size;
346 ei.len = ubi->peb_size;
347 ei.callback = erase_callback;
348 ei.priv = (unsigned long)&wq;
349
350 err = mtd_erase(ubi->mtd, &ei);
351 if (err) {
352 if (retries++ < UBI_IO_RETRIES) {
353 ubi_warn(ubi, "error %d while erasing PEB %d, retry",
354 err, pnum);
355 yield();
356 goto retry;
357 }
358 ubi_err(ubi, "cannot erase PEB %d, error %d", pnum, err);
359 dump_stack();
360 return err;
361 }
362
363 err = wait_event_interruptible(wq, ei.state == MTD_ERASE_DONE ||
364 ei.state == MTD_ERASE_FAILED);
365 if (err) {
366 ubi_err(ubi, "interrupted PEB %d erasure", pnum);
367 return -EINTR;
368 }
369
370 if (ei.state == MTD_ERASE_FAILED) {
371 if (retries++ < UBI_IO_RETRIES) {
372 ubi_warn(ubi, "error while erasing PEB %d, retry",
373 pnum);
374 yield();
375 goto retry;
376 }
377 ubi_err(ubi, "cannot erase PEB %d", pnum);
378 dump_stack();
379 return -EIO;
380 }
381
382 err = ubi_self_check_all_ff(ubi, pnum, 0, ubi->peb_size);
383 if (err)
384 return err;
385
386 if (ubi_dbg_is_erase_failure(ubi)) {
387 ubi_err(ubi, "cannot erase PEB %d (emulated)", pnum);
388 return -EIO;
389 }
390
391 return 0;
392 }
393
394 /* Patterns to write to a physical eraseblock when torturing it */
395 static uint8_t patterns[] = {0xa5, 0x5a, 0x0};
396
397 /**
398 * torture_peb - test a supposedly bad physical eraseblock.
399 * @ubi: UBI device description object
400 * @pnum: the physical eraseblock number to test
401 *
402 * This function returns %-EIO if the physical eraseblock did not pass the
403 * test, a positive number of erase operations done if the test was
404 * successfully passed, and other negative error codes in case of other errors.
405 */
torture_peb(struct ubi_device * ubi,int pnum)406 static int torture_peb(struct ubi_device *ubi, int pnum)
407 {
408 int err, i, patt_count;
409
410 ubi_msg(ubi, "run torture test for PEB %d", pnum);
411 patt_count = ARRAY_SIZE(patterns);
412 ubi_assert(patt_count > 0);
413
414 mutex_lock(&ubi->buf_mutex);
415 for (i = 0; i < patt_count; i++) {
416 err = do_sync_erase(ubi, pnum);
417 if (err)
418 goto out;
419
420 /* Make sure the PEB contains only 0xFF bytes */
421 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
422 if (err)
423 goto out;
424
425 err = ubi_check_pattern(ubi->peb_buf, 0xFF, ubi->peb_size);
426 if (err == 0) {
427 ubi_err(ubi, "erased PEB %d, but a non-0xFF byte found",
428 pnum);
429 err = -EIO;
430 goto out;
431 }
432
433 /* Write a pattern and check it */
434 memset(ubi->peb_buf, patterns[i], ubi->peb_size);
435 err = ubi_io_write(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
436 if (err)
437 goto out;
438
439 memset(ubi->peb_buf, ~patterns[i], ubi->peb_size);
440 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
441 if (err)
442 goto out;
443
444 err = ubi_check_pattern(ubi->peb_buf, patterns[i],
445 ubi->peb_size);
446 if (err == 0) {
447 ubi_err(ubi, "pattern %x checking failed for PEB %d",
448 patterns[i], pnum);
449 err = -EIO;
450 goto out;
451 }
452 }
453
454 err = patt_count;
455 ubi_msg(ubi, "PEB %d passed torture test, do not mark it as bad", pnum);
456
457 out:
458 mutex_unlock(&ubi->buf_mutex);
459 if (err == UBI_IO_BITFLIPS || mtd_is_eccerr(err)) {
460 /*
461 * If a bit-flip or data integrity error was detected, the test
462 * has not passed because it happened on a freshly erased
463 * physical eraseblock which means something is wrong with it.
464 */
465 ubi_err(ubi, "read problems on freshly erased PEB %d, must be bad",
466 pnum);
467 err = -EIO;
468 }
469 return err;
470 }
471
472 /**
473 * nor_erase_prepare - prepare a NOR flash PEB for erasure.
474 * @ubi: UBI device description object
475 * @pnum: physical eraseblock number to prepare
476 *
477 * NOR flash, or at least some of them, have peculiar embedded PEB erasure
478 * algorithm: the PEB is first filled with zeroes, then it is erased. And
479 * filling with zeroes starts from the end of the PEB. This was observed with
480 * Spansion S29GL512N NOR flash.
481 *
482 * This means that in case of a power cut we may end up with intact data at the
483 * beginning of the PEB, and all zeroes at the end of PEB. In other words, the
484 * EC and VID headers are OK, but a large chunk of data at the end of PEB is
485 * zeroed. This makes UBI mistakenly treat this PEB as used and associate it
486 * with an LEB, which leads to subsequent failures (e.g., UBIFS fails).
487 *
488 * This function is called before erasing NOR PEBs and it zeroes out EC and VID
489 * magic numbers in order to invalidate them and prevent the failures. Returns
490 * zero in case of success and a negative error code in case of failure.
491 */
nor_erase_prepare(struct ubi_device * ubi,int pnum)492 static int nor_erase_prepare(struct ubi_device *ubi, int pnum)
493 {
494 int err;
495 size_t written;
496 loff_t addr;
497 uint32_t data = 0;
498 struct ubi_ec_hdr ec_hdr;
499
500 /*
501 * Note, we cannot generally define VID header buffers on stack,
502 * because of the way we deal with these buffers (see the header
503 * comment in this file). But we know this is a NOR-specific piece of
504 * code, so we can do this. But yes, this is error-prone and we should
505 * (pre-)allocate VID header buffer instead.
506 */
507 struct ubi_vid_hdr vid_hdr;
508
509 /*
510 * If VID or EC is valid, we have to corrupt them before erasing.
511 * It is important to first invalidate the EC header, and then the VID
512 * header. Otherwise a power cut may lead to valid EC header and
513 * invalid VID header, in which case UBI will treat this PEB as
514 * corrupted and will try to preserve it, and print scary warnings.
515 */
516 addr = (loff_t)pnum * ubi->peb_size;
517 err = ubi_io_read_ec_hdr(ubi, pnum, &ec_hdr, 0);
518 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
519 err != UBI_IO_FF){
520 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
521 if(err)
522 goto error;
523 }
524
525 err = ubi_io_read_vid_hdr(ubi, pnum, &vid_hdr, 0);
526 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
527 err != UBI_IO_FF){
528 addr += ubi->vid_hdr_aloffset;
529 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
530 if (err)
531 goto error;
532 }
533 return 0;
534
535 error:
536 /*
537 * The PEB contains a valid VID or EC header, but we cannot invalidate
538 * it. Supposedly the flash media or the driver is screwed up, so
539 * return an error.
540 */
541 ubi_err(ubi, "cannot invalidate PEB %d, write returned %d", pnum, err);
542 ubi_dump_flash(ubi, pnum, 0, ubi->peb_size);
543 return -EIO;
544 }
545
546 /**
547 * ubi_io_sync_erase - synchronously erase a physical eraseblock.
548 * @ubi: UBI device description object
549 * @pnum: physical eraseblock number to erase
550 * @torture: if this physical eraseblock has to be tortured
551 *
552 * This function synchronously erases physical eraseblock @pnum. If @torture
553 * flag is not zero, the physical eraseblock is checked by means of writing
554 * different patterns to it and reading them back. If the torturing is enabled,
555 * the physical eraseblock is erased more than once.
556 *
557 * This function returns the number of erasures made in case of success, %-EIO
558 * if the erasure failed or the torturing test failed, and other negative error
559 * codes in case of other errors. Note, %-EIO means that the physical
560 * eraseblock is bad.
561 */
ubi_io_sync_erase(struct ubi_device * ubi,int pnum,int torture)562 int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture)
563 {
564 int err, ret = 0;
565
566 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
567
568 err = self_check_not_bad(ubi, pnum);
569 if (err != 0)
570 return err;
571
572 if (ubi->ro_mode) {
573 ubi_err(ubi, "read-only mode");
574 return -EROFS;
575 }
576
577 if (ubi->nor_flash) {
578 err = nor_erase_prepare(ubi, pnum);
579 if (err)
580 return err;
581 }
582
583 if (torture) {
584 ret = torture_peb(ubi, pnum);
585 if (ret < 0)
586 return ret;
587 }
588
589 err = do_sync_erase(ubi, pnum);
590 if (err)
591 return err;
592
593 return ret + 1;
594 }
595
596 /**
597 * ubi_io_is_bad - check if a physical eraseblock is bad.
598 * @ubi: UBI device description object
599 * @pnum: the physical eraseblock number to check
600 *
601 * This function returns a positive number if the physical eraseblock is bad,
602 * zero if not, and a negative error code if an error occurred.
603 */
ubi_io_is_bad(const struct ubi_device * ubi,int pnum)604 int ubi_io_is_bad(const struct ubi_device *ubi, int pnum)
605 {
606 struct mtd_info *mtd = ubi->mtd;
607
608 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
609
610 if (ubi->bad_allowed) {
611 int ret;
612
613 ret = mtd_block_isbad(mtd, (loff_t)pnum * ubi->peb_size);
614 if (ret < 0)
615 ubi_err(ubi, "error %d while checking if PEB %d is bad",
616 ret, pnum);
617 else if (ret)
618 dbg_io("PEB %d is bad", pnum);
619 return ret;
620 }
621
622 return 0;
623 }
624
625 /**
626 * ubi_io_mark_bad - mark a physical eraseblock as bad.
627 * @ubi: UBI device description object
628 * @pnum: the physical eraseblock number to mark
629 *
630 * This function returns zero in case of success and a negative error code in
631 * case of failure.
632 */
ubi_io_mark_bad(const struct ubi_device * ubi,int pnum)633 int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum)
634 {
635 int err;
636 struct mtd_info *mtd = ubi->mtd;
637
638 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
639
640 if (ubi->ro_mode) {
641 ubi_err(ubi, "read-only mode");
642 return -EROFS;
643 }
644
645 if (!ubi->bad_allowed)
646 return 0;
647
648 err = mtd_block_markbad(mtd, (loff_t)pnum * ubi->peb_size);
649 if (err)
650 ubi_err(ubi, "cannot mark PEB %d bad, error %d", pnum, err);
651 return err;
652 }
653
654 /**
655 * validate_ec_hdr - validate an erase counter header.
656 * @ubi: UBI device description object
657 * @ec_hdr: the erase counter header to check
658 *
659 * This function returns zero if the erase counter header is OK, and %1 if
660 * not.
661 */
validate_ec_hdr(const struct ubi_device * ubi,const struct ubi_ec_hdr * ec_hdr)662 static int validate_ec_hdr(const struct ubi_device *ubi,
663 const struct ubi_ec_hdr *ec_hdr)
664 {
665 long long ec;
666 int vid_hdr_offset, leb_start;
667
668 ec = be64_to_cpu(ec_hdr->ec);
669 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset);
670 leb_start = be32_to_cpu(ec_hdr->data_offset);
671
672 if (ec_hdr->version != UBI_VERSION) {
673 ubi_err(ubi, "node with incompatible UBI version found: this UBI version is %d, image version is %d",
674 UBI_VERSION, (int)ec_hdr->version);
675 goto bad;
676 }
677
678 if (vid_hdr_offset != ubi->vid_hdr_offset) {
679 ubi_err(ubi, "bad VID header offset %d, expected %d",
680 vid_hdr_offset, ubi->vid_hdr_offset);
681 goto bad;
682 }
683
684 if (leb_start != ubi->leb_start) {
685 ubi_err(ubi, "bad data offset %d, expected %d",
686 leb_start, ubi->leb_start);
687 goto bad;
688 }
689
690 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) {
691 ubi_err(ubi, "bad erase counter %lld", ec);
692 goto bad;
693 }
694
695 return 0;
696
697 bad:
698 ubi_err(ubi, "bad EC header");
699 ubi_dump_ec_hdr(ec_hdr);
700 dump_stack();
701 return 1;
702 }
703
704 /**
705 * ubi_io_read_ec_hdr - read and check an erase counter header.
706 * @ubi: UBI device description object
707 * @pnum: physical eraseblock to read from
708 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter
709 * header
710 * @verbose: be verbose if the header is corrupted or was not found
711 *
712 * This function reads erase counter header from physical eraseblock @pnum and
713 * stores it in @ec_hdr. This function also checks CRC checksum of the read
714 * erase counter header. The following codes may be returned:
715 *
716 * o %0 if the CRC checksum is correct and the header was successfully read;
717 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected
718 * and corrected by the flash driver; this is harmless but may indicate that
719 * this eraseblock may become bad soon (but may be not);
720 * o %UBI_IO_BAD_HDR if the erase counter header is corrupted (a CRC error);
721 * o %UBI_IO_BAD_HDR_EBADMSG is the same as %UBI_IO_BAD_HDR, but there also was
722 * a data integrity error (uncorrectable ECC error in case of NAND);
723 * o %UBI_IO_FF if only 0xFF bytes were read (the PEB is supposedly empty)
724 * o a negative error code in case of failure.
725 */
ubi_io_read_ec_hdr(struct ubi_device * ubi,int pnum,struct ubi_ec_hdr * ec_hdr,int verbose)726 int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum,
727 struct ubi_ec_hdr *ec_hdr, int verbose)
728 {
729 int err, read_err;
730 uint32_t crc, magic, hdr_crc;
731
732 dbg_io("read EC header from PEB %d", pnum);
733 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
734
735 read_err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
736 if (read_err) {
737 if (read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
738 return read_err;
739
740 /*
741 * We read all the data, but either a correctable bit-flip
742 * occurred, or MTD reported a data integrity error
743 * (uncorrectable ECC error in case of NAND). The former is
744 * harmless, the later may mean that the read data is
745 * corrupted. But we have a CRC check-sum and we will detect
746 * this. If the EC header is still OK, we just report this as
747 * there was a bit-flip, to force scrubbing.
748 */
749 }
750
751 magic = be32_to_cpu(ec_hdr->magic);
752 if (magic != UBI_EC_HDR_MAGIC) {
753 if (mtd_is_eccerr(read_err))
754 return UBI_IO_BAD_HDR_EBADMSG;
755
756 /*
757 * The magic field is wrong. Let's check if we have read all
758 * 0xFF. If yes, this physical eraseblock is assumed to be
759 * empty.
760 */
761 if (ubi_check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) {
762 /* The physical eraseblock is supposedly empty */
763 if (verbose)
764 ubi_warn(ubi, "no EC header found at PEB %d, only 0xFF bytes",
765 pnum);
766 dbg_bld("no EC header found at PEB %d, only 0xFF bytes",
767 pnum);
768 if (!read_err)
769 return UBI_IO_FF;
770 else
771 return UBI_IO_FF_BITFLIPS;
772 }
773
774 /*
775 * This is not a valid erase counter header, and these are not
776 * 0xFF bytes. Report that the header is corrupted.
777 */
778 if (verbose) {
779 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
780 pnum, magic, UBI_EC_HDR_MAGIC);
781 ubi_dump_ec_hdr(ec_hdr);
782 }
783 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
784 pnum, magic, UBI_EC_HDR_MAGIC);
785 return UBI_IO_BAD_HDR;
786 }
787
788 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
789 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
790
791 if (hdr_crc != crc) {
792 if (verbose) {
793 ubi_warn(ubi, "bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
794 pnum, crc, hdr_crc);
795 ubi_dump_ec_hdr(ec_hdr);
796 }
797 dbg_bld("bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
798 pnum, crc, hdr_crc);
799
800 if (!read_err)
801 return UBI_IO_BAD_HDR;
802 else
803 return UBI_IO_BAD_HDR_EBADMSG;
804 }
805
806 /* And of course validate what has just been read from the media */
807 err = validate_ec_hdr(ubi, ec_hdr);
808 if (err) {
809 ubi_err(ubi, "validation failed for PEB %d", pnum);
810 return -EINVAL;
811 }
812
813 /*
814 * If there was %-EBADMSG, but the header CRC is still OK, report about
815 * a bit-flip to force scrubbing on this PEB.
816 */
817 return read_err ? UBI_IO_BITFLIPS : 0;
818 }
819
820 /**
821 * ubi_io_write_ec_hdr - write an erase counter header.
822 * @ubi: UBI device description object
823 * @pnum: physical eraseblock to write to
824 * @ec_hdr: the erase counter header to write
825 *
826 * This function writes erase counter header described by @ec_hdr to physical
827 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so
828 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec
829 * field.
830 *
831 * This function returns zero in case of success and a negative error code in
832 * case of failure. If %-EIO is returned, the physical eraseblock most probably
833 * went bad.
834 */
ubi_io_write_ec_hdr(struct ubi_device * ubi,int pnum,struct ubi_ec_hdr * ec_hdr)835 int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum,
836 struct ubi_ec_hdr *ec_hdr)
837 {
838 int err;
839 uint32_t crc;
840
841 dbg_io("write EC header to PEB %d", pnum);
842 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
843
844 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC);
845 ec_hdr->version = UBI_VERSION;
846 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset);
847 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start);
848 ec_hdr->image_seq = cpu_to_be32(ubi->image_seq);
849 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
850 ec_hdr->hdr_crc = cpu_to_be32(crc);
851
852 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
853 if (err)
854 return err;
855
856 if (ubi_dbg_power_cut(ubi, POWER_CUT_EC_WRITE))
857 return -EROFS;
858
859 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize);
860 return err;
861 }
862
863 /**
864 * validate_vid_hdr - validate a volume identifier header.
865 * @ubi: UBI device description object
866 * @vid_hdr: the volume identifier header to check
867 *
868 * This function checks that data stored in the volume identifier header
869 * @vid_hdr. Returns zero if the VID header is OK and %1 if not.
870 */
validate_vid_hdr(const struct ubi_device * ubi,const struct ubi_vid_hdr * vid_hdr)871 static int validate_vid_hdr(const struct ubi_device *ubi,
872 const struct ubi_vid_hdr *vid_hdr)
873 {
874 int vol_type = vid_hdr->vol_type;
875 int copy_flag = vid_hdr->copy_flag;
876 int vol_id = be32_to_cpu(vid_hdr->vol_id);
877 int lnum = be32_to_cpu(vid_hdr->lnum);
878 int compat = vid_hdr->compat;
879 int data_size = be32_to_cpu(vid_hdr->data_size);
880 int used_ebs = be32_to_cpu(vid_hdr->used_ebs);
881 int data_pad = be32_to_cpu(vid_hdr->data_pad);
882 int data_crc = be32_to_cpu(vid_hdr->data_crc);
883 int usable_leb_size = ubi->leb_size - data_pad;
884
885 if (copy_flag != 0 && copy_flag != 1) {
886 ubi_err(ubi, "bad copy_flag");
887 goto bad;
888 }
889
890 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 ||
891 data_pad < 0) {
892 ubi_err(ubi, "negative values");
893 goto bad;
894 }
895
896 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) {
897 ubi_err(ubi, "bad vol_id");
898 goto bad;
899 }
900
901 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) {
902 ubi_err(ubi, "bad compat");
903 goto bad;
904 }
905
906 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE &&
907 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE &&
908 compat != UBI_COMPAT_REJECT) {
909 ubi_err(ubi, "bad compat");
910 goto bad;
911 }
912
913 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) {
914 ubi_err(ubi, "bad vol_type");
915 goto bad;
916 }
917
918 if (data_pad >= ubi->leb_size / 2) {
919 ubi_err(ubi, "bad data_pad");
920 goto bad;
921 }
922
923 if (vol_type == UBI_VID_STATIC) {
924 /*
925 * Although from high-level point of view static volumes may
926 * contain zero bytes of data, but no VID headers can contain
927 * zero at these fields, because they empty volumes do not have
928 * mapped logical eraseblocks.
929 */
930 if (used_ebs == 0) {
931 ubi_err(ubi, "zero used_ebs");
932 goto bad;
933 }
934 if (data_size == 0) {
935 ubi_err(ubi, "zero data_size");
936 goto bad;
937 }
938 if (lnum < used_ebs - 1) {
939 if (data_size != usable_leb_size) {
940 ubi_err(ubi, "bad data_size");
941 goto bad;
942 }
943 } else if (lnum == used_ebs - 1) {
944 if (data_size == 0) {
945 ubi_err(ubi, "bad data_size at last LEB");
946 goto bad;
947 }
948 } else {
949 ubi_err(ubi, "too high lnum");
950 goto bad;
951 }
952 } else {
953 if (copy_flag == 0) {
954 if (data_crc != 0) {
955 ubi_err(ubi, "non-zero data CRC");
956 goto bad;
957 }
958 if (data_size != 0) {
959 ubi_err(ubi, "non-zero data_size");
960 goto bad;
961 }
962 } else {
963 if (data_size == 0) {
964 ubi_err(ubi, "zero data_size of copy");
965 goto bad;
966 }
967 }
968 if (used_ebs != 0) {
969 ubi_err(ubi, "bad used_ebs");
970 goto bad;
971 }
972 }
973
974 return 0;
975
976 bad:
977 ubi_err(ubi, "bad VID header");
978 ubi_dump_vid_hdr(vid_hdr);
979 dump_stack();
980 return 1;
981 }
982
983 /**
984 * ubi_io_read_vid_hdr - read and check a volume identifier header.
985 * @ubi: UBI device description object
986 * @pnum: physical eraseblock number to read from
987 * @vid_hdr: &struct ubi_vid_hdr object where to store the read volume
988 * identifier header
989 * @verbose: be verbose if the header is corrupted or wasn't found
990 *
991 * This function reads the volume identifier header from physical eraseblock
992 * @pnum and stores it in @vid_hdr. It also checks CRC checksum of the read
993 * volume identifier header. The error codes are the same as in
994 * 'ubi_io_read_ec_hdr()'.
995 *
996 * Note, the implementation of this function is also very similar to
997 * 'ubi_io_read_ec_hdr()', so refer commentaries in 'ubi_io_read_ec_hdr()'.
998 */
ubi_io_read_vid_hdr(struct ubi_device * ubi,int pnum,struct ubi_vid_hdr * vid_hdr,int verbose)999 int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum,
1000 struct ubi_vid_hdr *vid_hdr, int verbose)
1001 {
1002 int err, read_err;
1003 uint32_t crc, magic, hdr_crc;
1004 void *p;
1005
1006 dbg_io("read VID header from PEB %d", pnum);
1007 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1008
1009 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1010 read_err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1011 ubi->vid_hdr_alsize);
1012 if (read_err && read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
1013 return read_err;
1014
1015 magic = be32_to_cpu(vid_hdr->magic);
1016 if (magic != UBI_VID_HDR_MAGIC) {
1017 if (mtd_is_eccerr(read_err))
1018 return UBI_IO_BAD_HDR_EBADMSG;
1019
1020 if (ubi_check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) {
1021 if (verbose)
1022 ubi_warn(ubi, "no VID header found at PEB %d, only 0xFF bytes",
1023 pnum);
1024 dbg_bld("no VID header found at PEB %d, only 0xFF bytes",
1025 pnum);
1026 if (!read_err)
1027 return UBI_IO_FF;
1028 else
1029 return UBI_IO_FF_BITFLIPS;
1030 }
1031
1032 if (verbose) {
1033 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
1034 pnum, magic, UBI_VID_HDR_MAGIC);
1035 ubi_dump_vid_hdr(vid_hdr);
1036 }
1037 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
1038 pnum, magic, UBI_VID_HDR_MAGIC);
1039 return UBI_IO_BAD_HDR;
1040 }
1041
1042 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1043 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1044
1045 if (hdr_crc != crc) {
1046 if (verbose) {
1047 ubi_warn(ubi, "bad CRC at PEB %d, calculated %#08x, read %#08x",
1048 pnum, crc, hdr_crc);
1049 ubi_dump_vid_hdr(vid_hdr);
1050 }
1051 dbg_bld("bad CRC at PEB %d, calculated %#08x, read %#08x",
1052 pnum, crc, hdr_crc);
1053 if (!read_err)
1054 return UBI_IO_BAD_HDR;
1055 else
1056 return UBI_IO_BAD_HDR_EBADMSG;
1057 }
1058
1059 err = validate_vid_hdr(ubi, vid_hdr);
1060 if (err) {
1061 ubi_err(ubi, "validation failed for PEB %d", pnum);
1062 return -EINVAL;
1063 }
1064
1065 return read_err ? UBI_IO_BITFLIPS : 0;
1066 }
1067
1068 /**
1069 * ubi_io_write_vid_hdr - write a volume identifier header.
1070 * @ubi: UBI device description object
1071 * @pnum: the physical eraseblock number to write to
1072 * @vid_hdr: the volume identifier header to write
1073 *
1074 * This function writes the volume identifier header described by @vid_hdr to
1075 * physical eraseblock @pnum. This function automatically fills the
1076 * @vid_hdr->magic and the @vid_hdr->version fields, as well as calculates
1077 * header CRC checksum and stores it at vid_hdr->hdr_crc.
1078 *
1079 * This function returns zero in case of success and a negative error code in
1080 * case of failure. If %-EIO is returned, the physical eraseblock probably went
1081 * bad.
1082 */
ubi_io_write_vid_hdr(struct ubi_device * ubi,int pnum,struct ubi_vid_hdr * vid_hdr)1083 int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum,
1084 struct ubi_vid_hdr *vid_hdr)
1085 {
1086 int err;
1087 uint32_t crc;
1088 void *p;
1089
1090 dbg_io("write VID header to PEB %d", pnum);
1091 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1092
1093 err = self_check_peb_ec_hdr(ubi, pnum);
1094 if (err)
1095 return err;
1096
1097 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC);
1098 vid_hdr->version = UBI_VERSION;
1099 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1100 vid_hdr->hdr_crc = cpu_to_be32(crc);
1101
1102 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1103 if (err)
1104 return err;
1105
1106 if (ubi_dbg_power_cut(ubi, POWER_CUT_VID_WRITE))
1107 return -EROFS;
1108
1109 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1110 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset,
1111 ubi->vid_hdr_alsize);
1112 return err;
1113 }
1114
1115 /**
1116 * self_check_not_bad - ensure that a physical eraseblock is not bad.
1117 * @ubi: UBI device description object
1118 * @pnum: physical eraseblock number to check
1119 *
1120 * This function returns zero if the physical eraseblock is good, %-EINVAL if
1121 * it is bad and a negative error code if an error occurred.
1122 */
self_check_not_bad(const struct ubi_device * ubi,int pnum)1123 static int self_check_not_bad(const struct ubi_device *ubi, int pnum)
1124 {
1125 int err;
1126
1127 if (!ubi_dbg_chk_io(ubi))
1128 return 0;
1129
1130 err = ubi_io_is_bad(ubi, pnum);
1131 if (!err)
1132 return err;
1133
1134 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1135 dump_stack();
1136 return err > 0 ? -EINVAL : err;
1137 }
1138
1139 /**
1140 * self_check_ec_hdr - check if an erase counter header is all right.
1141 * @ubi: UBI device description object
1142 * @pnum: physical eraseblock number the erase counter header belongs to
1143 * @ec_hdr: the erase counter header to check
1144 *
1145 * This function returns zero if the erase counter header contains valid
1146 * values, and %-EINVAL if not.
1147 */
self_check_ec_hdr(const struct ubi_device * ubi,int pnum,const struct ubi_ec_hdr * ec_hdr)1148 static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
1149 const struct ubi_ec_hdr *ec_hdr)
1150 {
1151 int err;
1152 uint32_t magic;
1153
1154 if (!ubi_dbg_chk_io(ubi))
1155 return 0;
1156
1157 magic = be32_to_cpu(ec_hdr->magic);
1158 if (magic != UBI_EC_HDR_MAGIC) {
1159 ubi_err(ubi, "bad magic %#08x, must be %#08x",
1160 magic, UBI_EC_HDR_MAGIC);
1161 goto fail;
1162 }
1163
1164 err = validate_ec_hdr(ubi, ec_hdr);
1165 if (err) {
1166 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1167 goto fail;
1168 }
1169
1170 return 0;
1171
1172 fail:
1173 ubi_dump_ec_hdr(ec_hdr);
1174 dump_stack();
1175 return -EINVAL;
1176 }
1177
1178 /**
1179 * self_check_peb_ec_hdr - check erase counter header.
1180 * @ubi: UBI device description object
1181 * @pnum: the physical eraseblock number to check
1182 *
1183 * This function returns zero if the erase counter header is all right and and
1184 * a negative error code if not or if an error occurred.
1185 */
self_check_peb_ec_hdr(const struct ubi_device * ubi,int pnum)1186 static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum)
1187 {
1188 int err;
1189 uint32_t crc, hdr_crc;
1190 struct ubi_ec_hdr *ec_hdr;
1191
1192 if (!ubi_dbg_chk_io(ubi))
1193 return 0;
1194
1195 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS);
1196 if (!ec_hdr)
1197 return -ENOMEM;
1198
1199 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
1200 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1201 goto exit;
1202
1203 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
1204 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
1205 if (hdr_crc != crc) {
1206 ubi_err(ubi, "bad CRC, calculated %#08x, read %#08x",
1207 crc, hdr_crc);
1208 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1209 ubi_dump_ec_hdr(ec_hdr);
1210 dump_stack();
1211 err = -EINVAL;
1212 goto exit;
1213 }
1214
1215 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
1216
1217 exit:
1218 kfree(ec_hdr);
1219 return err;
1220 }
1221
1222 /**
1223 * self_check_vid_hdr - check that a volume identifier header is all right.
1224 * @ubi: UBI device description object
1225 * @pnum: physical eraseblock number the volume identifier header belongs to
1226 * @vid_hdr: the volume identifier header to check
1227 *
1228 * This function returns zero if the volume identifier header is all right, and
1229 * %-EINVAL if not.
1230 */
self_check_vid_hdr(const struct ubi_device * ubi,int pnum,const struct ubi_vid_hdr * vid_hdr)1231 static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
1232 const struct ubi_vid_hdr *vid_hdr)
1233 {
1234 int err;
1235 uint32_t magic;
1236
1237 if (!ubi_dbg_chk_io(ubi))
1238 return 0;
1239
1240 magic = be32_to_cpu(vid_hdr->magic);
1241 if (magic != UBI_VID_HDR_MAGIC) {
1242 ubi_err(ubi, "bad VID header magic %#08x at PEB %d, must be %#08x",
1243 magic, pnum, UBI_VID_HDR_MAGIC);
1244 goto fail;
1245 }
1246
1247 err = validate_vid_hdr(ubi, vid_hdr);
1248 if (err) {
1249 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1250 goto fail;
1251 }
1252
1253 return err;
1254
1255 fail:
1256 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1257 ubi_dump_vid_hdr(vid_hdr);
1258 dump_stack();
1259 return -EINVAL;
1260
1261 }
1262
1263 /**
1264 * self_check_peb_vid_hdr - check volume identifier header.
1265 * @ubi: UBI device description object
1266 * @pnum: the physical eraseblock number to check
1267 *
1268 * This function returns zero if the volume identifier header is all right,
1269 * and a negative error code if not or if an error occurred.
1270 */
self_check_peb_vid_hdr(const struct ubi_device * ubi,int pnum)1271 static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum)
1272 {
1273 int err;
1274 uint32_t crc, hdr_crc;
1275 struct ubi_vid_hdr *vid_hdr;
1276 void *p;
1277
1278 if (!ubi_dbg_chk_io(ubi))
1279 return 0;
1280
1281 vid_hdr = ubi_zalloc_vid_hdr(ubi, GFP_NOFS);
1282 if (!vid_hdr)
1283 return -ENOMEM;
1284
1285 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1286 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1287 ubi->vid_hdr_alsize);
1288 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1289 goto exit;
1290
1291 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_EC_HDR_SIZE_CRC);
1292 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1293 if (hdr_crc != crc) {
1294 ubi_err(ubi, "bad VID header CRC at PEB %d, calculated %#08x, read %#08x",
1295 pnum, crc, hdr_crc);
1296 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1297 ubi_dump_vid_hdr(vid_hdr);
1298 dump_stack();
1299 err = -EINVAL;
1300 goto exit;
1301 }
1302
1303 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1304
1305 exit:
1306 ubi_free_vid_hdr(ubi, vid_hdr);
1307 return err;
1308 }
1309
1310 /**
1311 * self_check_write - make sure write succeeded.
1312 * @ubi: UBI device description object
1313 * @buf: buffer with data which were written
1314 * @pnum: physical eraseblock number the data were written to
1315 * @offset: offset within the physical eraseblock the data were written to
1316 * @len: how many bytes were written
1317 *
1318 * This functions reads data which were recently written and compares it with
1319 * the original data buffer - the data have to match. Returns zero if the data
1320 * match and a negative error code if not or in case of failure.
1321 */
self_check_write(struct ubi_device * ubi,const void * buf,int pnum,int offset,int len)1322 static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
1323 int offset, int len)
1324 {
1325 int err, i;
1326 size_t read;
1327 void *buf1;
1328 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1329
1330 if (!ubi_dbg_chk_io(ubi))
1331 return 0;
1332
1333 buf1 = __vmalloc(len, GFP_NOFS, PAGE_KERNEL);
1334 if (!buf1) {
1335 ubi_err(ubi, "cannot allocate memory to check writes");
1336 return 0;
1337 }
1338
1339 err = mtd_read(ubi->mtd, addr, len, &read, buf1);
1340 if (err && !mtd_is_bitflip(err))
1341 goto out_free;
1342
1343 for (i = 0; i < len; i++) {
1344 uint8_t c = ((uint8_t *)buf)[i];
1345 uint8_t c1 = ((uint8_t *)buf1)[i];
1346 #if !defined(CONFIG_UBI_SILENCE_MSG)
1347 int dump_len = max_t(int, 128, len - i);
1348 #endif
1349
1350 if (c == c1)
1351 continue;
1352
1353 ubi_err(ubi, "self-check failed for PEB %d:%d, len %d",
1354 pnum, offset, len);
1355 #if !defined(CONFIG_UBI_SILENCE_MSG)
1356 ubi_msg(ubi, "data differ at position %d", i);
1357 ubi_msg(ubi, "hex dump of the original buffer from %d to %d",
1358 i, i + dump_len);
1359 print_hex_dump("", DUMP_PREFIX_OFFSET, 32, 1,
1360 buf + i, dump_len, 1);
1361 ubi_msg(ubi, "hex dump of the read buffer from %d to %d",
1362 i, i + dump_len);
1363 print_hex_dump("", DUMP_PREFIX_OFFSET, 32, 1,
1364 buf1 + i, dump_len, 1);
1365 #endif
1366 dump_stack();
1367 err = -EINVAL;
1368 goto out_free;
1369 }
1370
1371 vfree(buf1);
1372 return 0;
1373
1374 out_free:
1375 vfree(buf1);
1376 return err;
1377 }
1378
1379 /**
1380 * ubi_self_check_all_ff - check that a region of flash is empty.
1381 * @ubi: UBI device description object
1382 * @pnum: the physical eraseblock number to check
1383 * @offset: the starting offset within the physical eraseblock to check
1384 * @len: the length of the region to check
1385 *
1386 * This function returns zero if only 0xFF bytes are present at offset
1387 * @offset of the physical eraseblock @pnum, and a negative error code if not
1388 * or if an error occurred.
1389 */
ubi_self_check_all_ff(struct ubi_device * ubi,int pnum,int offset,int len)1390 int ubi_self_check_all_ff(struct ubi_device *ubi, int pnum, int offset, int len)
1391 {
1392 size_t read;
1393 int err;
1394 void *buf;
1395 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1396
1397 if (!ubi_dbg_chk_io(ubi))
1398 return 0;
1399
1400 buf = __vmalloc(len, GFP_NOFS, PAGE_KERNEL);
1401 if (!buf) {
1402 ubi_err(ubi, "cannot allocate memory to check for 0xFFs");
1403 return 0;
1404 }
1405
1406 err = mtd_read(ubi->mtd, addr, len, &read, buf);
1407 if (err && !mtd_is_bitflip(err)) {
1408 ubi_err(ubi, "err %d while reading %d bytes from PEB %d:%d, read %zd bytes",
1409 err, len, pnum, offset, read);
1410 goto error;
1411 }
1412
1413 err = ubi_check_pattern(buf, 0xFF, len);
1414 if (err == 0) {
1415 ubi_err(ubi, "flash region at PEB %d:%d, length %d does not contain all 0xFF bytes",
1416 pnum, offset, len);
1417 goto fail;
1418 }
1419
1420 vfree(buf);
1421 return 0;
1422
1423 fail:
1424 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1425 ubi_msg(ubi, "hex dump of the %d-%d region", offset, offset + len);
1426 print_hex_dump("", DUMP_PREFIX_OFFSET, 32, 1, buf, len, 1);
1427 err = -EINVAL;
1428 error:
1429 dump_stack();
1430 vfree(buf);
1431 return err;
1432 }
1433