1 /* drivers/misc/apanic.c
2 *
3 * Copyright (C) 2009 Google, Inc.
4 * Author: San Mehat <san@android.com>
5 *
6 * This software is licensed under the terms of the GNU General Public
7 * License version 2, as published by the Free Software Foundation, and
8 * may be copied, distributed, and modified under those terms.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 */
16
17 #include <linux/module.h>
18 #include <linux/kernel.h>
19 #include <linux/string.h>
20 #include <linux/errno.h>
21 #include <linux/init.h>
22 #include <linux/interrupt.h>
23 #include <linux/device.h>
24 #include <linux/types.h>
25 #include <linux/delay.h>
26 #include <linux/sched.h>
27 #include <linux/wait.h>
28 #include <linux/wakelock.h>
29 #include <linux/platform_device.h>
30 #include <linux/uaccess.h>
31 #include <linux/mtd/mtd.h>
32 #include <linux/notifier.h>
33 #include <linux/mtd/mtd.h>
34 #include <linux/debugfs.h>
35 #include <linux/fs.h>
36 #include <linux/proc_fs.h>
37 #include <linux/mutex.h>
38 #include <linux/workqueue.h>
39 #include <linux/preempt.h>
40
41 extern void ram_console_enable_console(int);
42
43 struct panic_header {
44 u32 magic;
45 #define PANIC_MAGIC 0xdeadf00d
46
47 u32 version;
48 #define PHDR_VERSION 0x01
49
50 u32 console_offset;
51 u32 console_length;
52
53 u32 threads_offset;
54 u32 threads_length;
55 };
56
57 struct apanic_data {
58 struct mtd_info *mtd;
59 struct panic_header curr;
60 void *bounce;
61 struct proc_dir_entry *apanic_console;
62 struct proc_dir_entry *apanic_threads;
63 };
64
65 static struct apanic_data drv_ctx;
66 static struct work_struct proc_removal_work;
67 static DEFINE_MUTEX(drv_mutex);
68
69 static unsigned int *apanic_bbt;
70 static unsigned int apanic_erase_blocks;
71 static unsigned int apanic_good_blocks;
72
set_bb(unsigned int block,unsigned int * bbt)73 static void set_bb(unsigned int block, unsigned int *bbt)
74 {
75 unsigned int flag = 1;
76
77 BUG_ON(block >= apanic_erase_blocks);
78
79 flag = flag << (block%32);
80 apanic_bbt[block/32] |= flag;
81 apanic_good_blocks--;
82 }
83
get_bb(unsigned int block,unsigned int * bbt)84 static unsigned int get_bb(unsigned int block, unsigned int *bbt)
85 {
86 unsigned int flag;
87
88 BUG_ON(block >= apanic_erase_blocks);
89
90 flag = 1 << (block%32);
91 return apanic_bbt[block/32] & flag;
92 }
93
alloc_bbt(struct mtd_info * mtd,unsigned int * bbt)94 static void alloc_bbt(struct mtd_info *mtd, unsigned int *bbt)
95 {
96 int bbt_size;
97 apanic_erase_blocks = (mtd->size)>>(mtd->erasesize_shift);
98 bbt_size = (apanic_erase_blocks+32)/32;
99
100 apanic_bbt = kmalloc(bbt_size*4, GFP_KERNEL);
101 memset(apanic_bbt, 0, bbt_size*4);
102 apanic_good_blocks = apanic_erase_blocks;
103 }
scan_bbt(struct mtd_info * mtd,unsigned int * bbt)104 static void scan_bbt(struct mtd_info *mtd, unsigned int *bbt)
105 {
106 int i;
107
108 for (i = 0; i < apanic_erase_blocks; i++) {
109 if (mtd->block_isbad(mtd, i*mtd->erasesize))
110 set_bb(i, apanic_bbt);
111 }
112 }
113
114 #define APANIC_INVALID_OFFSET 0xFFFFFFFF
115
phy_offset(struct mtd_info * mtd,unsigned int offset)116 static unsigned int phy_offset(struct mtd_info *mtd, unsigned int offset)
117 {
118 unsigned int logic_block = offset>>(mtd->erasesize_shift);
119 unsigned int phy_block;
120 unsigned good_block = 0;
121
122 for (phy_block = 0; phy_block < apanic_erase_blocks; phy_block++) {
123 if (!get_bb(phy_block, apanic_bbt))
124 good_block++;
125 if (good_block == (logic_block + 1))
126 break;
127 }
128
129 if (good_block != (logic_block + 1))
130 return APANIC_INVALID_OFFSET;
131
132 return offset + ((phy_block-logic_block)<<mtd->erasesize_shift);
133 }
134
apanic_erase_callback(struct erase_info * done)135 static void apanic_erase_callback(struct erase_info *done)
136 {
137 wait_queue_head_t *wait_q = (wait_queue_head_t *) done->priv;
138 wake_up(wait_q);
139 }
140
apanic_proc_read(char * buffer,char ** start,off_t offset,int count,int * peof,void * dat)141 static int apanic_proc_read(char *buffer, char **start, off_t offset,
142 int count, int *peof, void *dat)
143 {
144 struct apanic_data *ctx = &drv_ctx;
145 size_t file_length;
146 off_t file_offset;
147 unsigned int page_no;
148 off_t page_offset;
149 int rc;
150 size_t len;
151
152 if (!count)
153 return 0;
154
155 mutex_lock(&drv_mutex);
156
157 switch ((int) dat) {
158 case 1: /* apanic_console */
159 file_length = ctx->curr.console_length;
160 file_offset = ctx->curr.console_offset;
161 break;
162 case 2: /* apanic_threads */
163 file_length = ctx->curr.threads_length;
164 file_offset = ctx->curr.threads_offset;
165 break;
166 default:
167 pr_err("Bad dat (%d)\n", (int) dat);
168 mutex_unlock(&drv_mutex);
169 return -EINVAL;
170 }
171
172 if ((offset + count) > file_length) {
173 mutex_unlock(&drv_mutex);
174 return 0;
175 }
176
177 /* We only support reading a maximum of a flash page */
178 if (count > ctx->mtd->writesize)
179 count = ctx->mtd->writesize;
180
181 page_no = (file_offset + offset) / ctx->mtd->writesize;
182 page_offset = (file_offset + offset) % ctx->mtd->writesize;
183
184
185 if (phy_offset(ctx->mtd, (page_no * ctx->mtd->writesize))
186 == APANIC_INVALID_OFFSET) {
187 pr_err("apanic: reading an invalid address\n");
188 mutex_unlock(&drv_mutex);
189 return -EINVAL;
190 }
191 rc = ctx->mtd->read(ctx->mtd,
192 phy_offset(ctx->mtd, (page_no * ctx->mtd->writesize)),
193 ctx->mtd->writesize,
194 &len, ctx->bounce);
195
196 if (page_offset)
197 count -= page_offset;
198 memcpy(buffer, ctx->bounce + page_offset, count);
199
200 *start = count;
201
202 if ((offset + count) == file_length)
203 *peof = 1;
204
205 mutex_unlock(&drv_mutex);
206 return count;
207 }
208
mtd_panic_erase(void)209 static void mtd_panic_erase(void)
210 {
211 struct apanic_data *ctx = &drv_ctx;
212 struct erase_info erase;
213 DECLARE_WAITQUEUE(wait, current);
214 wait_queue_head_t wait_q;
215 int rc, i;
216
217 init_waitqueue_head(&wait_q);
218 erase.mtd = ctx->mtd;
219 erase.callback = apanic_erase_callback;
220 erase.len = ctx->mtd->erasesize;
221 erase.priv = (u_long)&wait_q;
222 for (i = 0; i < ctx->mtd->size; i += ctx->mtd->erasesize) {
223 erase.addr = i;
224 set_current_state(TASK_INTERRUPTIBLE);
225 add_wait_queue(&wait_q, &wait);
226
227 if (get_bb(erase.addr>>ctx->mtd->erasesize_shift, apanic_bbt)) {
228 printk(KERN_WARNING
229 "apanic: Skipping erase of bad "
230 "block @%llx\n", erase.addr);
231 set_current_state(TASK_RUNNING);
232 remove_wait_queue(&wait_q, &wait);
233 continue;
234 }
235
236 rc = ctx->mtd->erase(ctx->mtd, &erase);
237 if (rc) {
238 set_current_state(TASK_RUNNING);
239 remove_wait_queue(&wait_q, &wait);
240 printk(KERN_ERR
241 "apanic: Erase of 0x%llx, 0x%llx failed\n",
242 (unsigned long long) erase.addr,
243 (unsigned long long) erase.len);
244 if (rc == -EIO) {
245 if (ctx->mtd->block_markbad(ctx->mtd,
246 erase.addr)) {
247 printk(KERN_ERR
248 "apanic: Err marking blk bad\n");
249 goto out;
250 }
251 printk(KERN_INFO
252 "apanic: Marked a bad block"
253 " @%llx\n", erase.addr);
254 set_bb(erase.addr>>ctx->mtd->erasesize_shift,
255 apanic_bbt);
256 continue;
257 }
258 goto out;
259 }
260 schedule();
261 remove_wait_queue(&wait_q, &wait);
262 }
263 printk(KERN_DEBUG "apanic: %s partition erased\n",
264 CONFIG_APANIC_PLABEL);
265 out:
266 return;
267 }
268
apanic_remove_proc_work(struct work_struct * work)269 static void apanic_remove_proc_work(struct work_struct *work)
270 {
271 struct apanic_data *ctx = &drv_ctx;
272
273 mutex_lock(&drv_mutex);
274 mtd_panic_erase();
275 memset(&ctx->curr, 0, sizeof(struct panic_header));
276 if (ctx->apanic_console) {
277 remove_proc_entry("apanic_console", NULL);
278 ctx->apanic_console = NULL;
279 }
280 if (ctx->apanic_threads) {
281 remove_proc_entry("apanic_threads", NULL);
282 ctx->apanic_threads = NULL;
283 }
284 mutex_unlock(&drv_mutex);
285 }
286
apanic_proc_write(struct file * file,const char __user * buffer,unsigned long count,void * data)287 static int apanic_proc_write(struct file *file, const char __user *buffer,
288 unsigned long count, void *data)
289 {
290 schedule_work(&proc_removal_work);
291 return count;
292 }
293
mtd_panic_notify_add(struct mtd_info * mtd)294 static void mtd_panic_notify_add(struct mtd_info *mtd)
295 {
296 struct apanic_data *ctx = &drv_ctx;
297 struct panic_header *hdr = ctx->bounce;
298 size_t len;
299 int rc;
300 int proc_entry_created = 0;
301
302 if (strcmp(mtd->name, CONFIG_APANIC_PLABEL))
303 return;
304
305 ctx->mtd = mtd;
306
307 alloc_bbt(mtd, apanic_bbt);
308 scan_bbt(mtd, apanic_bbt);
309
310 if (apanic_good_blocks == 0) {
311 printk(KERN_ERR "apanic: no any good blocks?!\n");
312 goto out_err;
313 }
314
315 rc = mtd->read(mtd, phy_offset(mtd, 0), mtd->writesize,
316 &len, ctx->bounce);
317 if (rc && rc == -EBADMSG) {
318 printk(KERN_WARNING
319 "apanic: Bad ECC on block 0 (ignored)\n");
320 } else if (rc && rc != -EUCLEAN) {
321 printk(KERN_ERR "apanic: Error reading block 0 (%d)\n", rc);
322 goto out_err;
323 }
324
325 if (len != mtd->writesize) {
326 printk(KERN_ERR "apanic: Bad read size (%d)\n", rc);
327 goto out_err;
328 }
329
330 printk(KERN_INFO "apanic: Bound to mtd partition '%s'\n", mtd->name);
331
332 if (hdr->magic != PANIC_MAGIC) {
333 printk(KERN_INFO "apanic: No panic data available\n");
334 mtd_panic_erase();
335 return;
336 }
337
338 if (hdr->version != PHDR_VERSION) {
339 printk(KERN_INFO "apanic: Version mismatch (%d != %d)\n",
340 hdr->version, PHDR_VERSION);
341 mtd_panic_erase();
342 return;
343 }
344
345 memcpy(&ctx->curr, hdr, sizeof(struct panic_header));
346
347 printk(KERN_INFO "apanic: c(%u, %u) t(%u, %u)\n",
348 hdr->console_offset, hdr->console_length,
349 hdr->threads_offset, hdr->threads_length);
350
351 if (hdr->console_length) {
352 ctx->apanic_console = create_proc_entry("apanic_console",
353 S_IFREG | S_IRUGO, NULL);
354 if (!ctx->apanic_console)
355 printk(KERN_ERR "%s: failed creating procfile\n",
356 __func__);
357 else {
358 ctx->apanic_console->read_proc = apanic_proc_read;
359 ctx->apanic_console->write_proc = apanic_proc_write;
360 ctx->apanic_console->size = hdr->console_length;
361 ctx->apanic_console->data = (void *) 1;
362 proc_entry_created = 1;
363 }
364 }
365
366 if (hdr->threads_length) {
367 ctx->apanic_threads = create_proc_entry("apanic_threads",
368 S_IFREG | S_IRUGO, NULL);
369 if (!ctx->apanic_threads)
370 printk(KERN_ERR "%s: failed creating procfile\n",
371 __func__);
372 else {
373 ctx->apanic_threads->read_proc = apanic_proc_read;
374 ctx->apanic_threads->write_proc = apanic_proc_write;
375 ctx->apanic_threads->size = hdr->threads_length;
376 ctx->apanic_threads->data = (void *) 2;
377 proc_entry_created = 1;
378 }
379 }
380
381 if (!proc_entry_created)
382 mtd_panic_erase();
383
384 return;
385 out_err:
386 ctx->mtd = NULL;
387 }
388
mtd_panic_notify_remove(struct mtd_info * mtd)389 static void mtd_panic_notify_remove(struct mtd_info *mtd)
390 {
391 struct apanic_data *ctx = &drv_ctx;
392 if (mtd == ctx->mtd) {
393 ctx->mtd = NULL;
394 printk(KERN_INFO "apanic: Unbound from %s\n", mtd->name);
395 }
396 }
397
398 static struct mtd_notifier mtd_panic_notifier = {
399 .add = mtd_panic_notify_add,
400 .remove = mtd_panic_notify_remove,
401 };
402
403 static int in_panic = 0;
404
apanic_writeflashpage(struct mtd_info * mtd,loff_t to,const u_char * buf)405 static int apanic_writeflashpage(struct mtd_info *mtd, loff_t to,
406 const u_char *buf)
407 {
408 int rc;
409 size_t wlen;
410 int panic = in_interrupt() | in_atomic();
411
412 if (panic && !mtd->panic_write) {
413 printk(KERN_EMERG "%s: No panic_write available\n", __func__);
414 return 0;
415 } else if (!panic && !mtd->write) {
416 printk(KERN_EMERG "%s: No write available\n", __func__);
417 return 0;
418 }
419
420 to = phy_offset(mtd, to);
421 if (to == APANIC_INVALID_OFFSET) {
422 printk(KERN_EMERG "apanic: write to invalid address\n");
423 return 0;
424 }
425
426 if (panic)
427 rc = mtd->panic_write(mtd, to, mtd->writesize, &wlen, buf);
428 else
429 rc = mtd->write(mtd, to, mtd->writesize, &wlen, buf);
430
431 if (rc) {
432 printk(KERN_EMERG
433 "%s: Error writing data to flash (%d)\n",
434 __func__, rc);
435 return rc;
436 }
437
438 return wlen;
439 }
440
441 extern int log_buf_copy(char *dest, int idx, int len);
442 extern void log_buf_clear(void);
443
444 /*
445 * Writes the contents of the console to the specified offset in flash.
446 * Returns number of bytes written
447 */
apanic_write_console(struct mtd_info * mtd,unsigned int off)448 static int apanic_write_console(struct mtd_info *mtd, unsigned int off)
449 {
450 struct apanic_data *ctx = &drv_ctx;
451 int saved_oip;
452 int idx = 0;
453 int rc, rc2;
454 unsigned int last_chunk = 0;
455
456 while (!last_chunk) {
457 saved_oip = oops_in_progress;
458 oops_in_progress = 1;
459 rc = log_buf_copy(ctx->bounce, idx, mtd->writesize);
460 if (rc < 0)
461 break;
462
463 if (rc != mtd->writesize)
464 last_chunk = rc;
465
466 oops_in_progress = saved_oip;
467 if (rc <= 0)
468 break;
469 if (rc != mtd->writesize)
470 memset(ctx->bounce + rc, 0, mtd->writesize - rc);
471
472 rc2 = apanic_writeflashpage(mtd, off, ctx->bounce);
473 if (rc2 <= 0) {
474 printk(KERN_EMERG
475 "apanic: Flash write failed (%d)\n", rc2);
476 return idx;
477 }
478 if (!last_chunk)
479 idx += rc2;
480 else
481 idx += last_chunk;
482 off += rc2;
483 }
484 return idx;
485 }
486
apanic(struct notifier_block * this,unsigned long event,void * ptr)487 static int apanic(struct notifier_block *this, unsigned long event,
488 void *ptr)
489 {
490 struct apanic_data *ctx = &drv_ctx;
491 struct panic_header *hdr = (struct panic_header *) ctx->bounce;
492 int console_offset = 0;
493 int console_len = 0;
494 int threads_offset = 0;
495 int threads_len = 0;
496 int rc;
497
498 if (in_panic)
499 return NOTIFY_DONE;
500 in_panic = 1;
501 #ifdef CONFIG_PREEMPT
502 /* Ensure that cond_resched() won't try to preempt anybody */
503 add_preempt_count(PREEMPT_ACTIVE);
504 #endif
505 touch_softlockup_watchdog();
506
507 if (!ctx->mtd)
508 goto out;
509
510 if (ctx->curr.magic) {
511 printk(KERN_EMERG "Crash partition in use!\n");
512 goto out;
513 }
514 console_offset = ctx->mtd->writesize;
515
516 /*
517 * Write out the console
518 */
519 console_len = apanic_write_console(ctx->mtd, console_offset);
520 if (console_len < 0) {
521 printk(KERN_EMERG "Error writing console to panic log! (%d)\n",
522 console_len);
523 console_len = 0;
524 }
525
526 /*
527 * Write out all threads
528 */
529 threads_offset = ALIGN(console_offset + console_len,
530 ctx->mtd->writesize);
531 if (!threads_offset)
532 threads_offset = ctx->mtd->writesize;
533
534 ram_console_enable_console(0);
535
536 log_buf_clear();
537 show_state_filter(0);
538 threads_len = apanic_write_console(ctx->mtd, threads_offset);
539 if (threads_len < 0) {
540 printk(KERN_EMERG "Error writing threads to panic log! (%d)\n",
541 threads_len);
542 threads_len = 0;
543 }
544
545 /*
546 * Finally write the panic header
547 */
548 memset(ctx->bounce, 0, PAGE_SIZE);
549 hdr->magic = PANIC_MAGIC;
550 hdr->version = PHDR_VERSION;
551
552 hdr->console_offset = console_offset;
553 hdr->console_length = console_len;
554
555 hdr->threads_offset = threads_offset;
556 hdr->threads_length = threads_len;
557
558 rc = apanic_writeflashpage(ctx->mtd, 0, ctx->bounce);
559 if (rc <= 0) {
560 printk(KERN_EMERG "apanic: Header write failed (%d)\n",
561 rc);
562 goto out;
563 }
564
565 printk(KERN_EMERG "apanic: Panic dump sucessfully written to flash\n");
566
567 out:
568 #ifdef CONFIG_PREEMPT
569 sub_preempt_count(PREEMPT_ACTIVE);
570 #endif
571 in_panic = 0;
572 return NOTIFY_DONE;
573 }
574
575 static struct notifier_block panic_blk = {
576 .notifier_call = apanic,
577 };
578
panic_dbg_get(void * data,u64 * val)579 static int panic_dbg_get(void *data, u64 *val)
580 {
581 apanic(NULL, 0, NULL);
582 return 0;
583 }
584
panic_dbg_set(void * data,u64 val)585 static int panic_dbg_set(void *data, u64 val)
586 {
587 BUG();
588 return -1;
589 }
590
591 DEFINE_SIMPLE_ATTRIBUTE(panic_dbg_fops, panic_dbg_get, panic_dbg_set, "%llu\n");
592
apanic_init(void)593 int __init apanic_init(void)
594 {
595 register_mtd_user(&mtd_panic_notifier);
596 atomic_notifier_chain_register(&panic_notifier_list, &panic_blk);
597 debugfs_create_file("apanic", 0644, NULL, NULL, &panic_dbg_fops);
598 memset(&drv_ctx, 0, sizeof(drv_ctx));
599 drv_ctx.bounce = (void *) __get_free_page(GFP_KERNEL);
600 INIT_WORK(&proc_removal_work, apanic_remove_proc_work);
601 printk(KERN_INFO "Android kernel panic handler initialized (bind=%s)\n",
602 CONFIG_APANIC_PLABEL);
603 return 0;
604 }
605
606 module_init(apanic_init);
607