• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * inftlmount.c -- INFTL mount code with extensive checks.
4  *
5  * Author: Greg Ungerer (gerg@snapgear.com)
6  * Copyright © 2002-2003, Greg Ungerer (gerg@snapgear.com)
7  *
8  * Based heavily on the nftlmount.c code which is:
9  * Author: Fabrice Bellard (fabrice.bellard@netgem.com)
10  * Copyright © 2000 Netgem S.A.
11  */
12 
13 #include <linux/kernel.h>
14 #include <linux/module.h>
15 #include <asm/errno.h>
16 #include <asm/io.h>
17 #include <linux/uaccess.h>
18 #include <linux/delay.h>
19 #include <linux/slab.h>
20 #include <linux/mtd/mtd.h>
21 #include <linux/mtd/nftl.h>
22 #include <linux/mtd/inftl.h>
23 
24 /*
25  * find_boot_record: Find the INFTL Media Header and its Spare copy which
26  *	contains the various device information of the INFTL partition and
27  *	Bad Unit Table. Update the PUtable[] table according to the Bad
28  *	Unit Table. PUtable[] is used for management of Erase Unit in
29  *	other routines in inftlcore.c and inftlmount.c.
30  */
find_boot_record(struct INFTLrecord * inftl)31 static int find_boot_record(struct INFTLrecord *inftl)
32 {
33 	struct inftl_unittail h1;
34 	//struct inftl_oob oob;
35 	unsigned int i, block;
36 	u8 buf[SECTORSIZE];
37 	struct INFTLMediaHeader *mh = &inftl->MediaHdr;
38 	struct mtd_info *mtd = inftl->mbd.mtd;
39 	struct INFTLPartition *ip;
40 	size_t retlen;
41 
42 	pr_debug("INFTL: find_boot_record(inftl=%p)\n", inftl);
43 
44         /*
45 	 * Assume logical EraseSize == physical erasesize for starting the
46 	 * scan. We'll sort it out later if we find a MediaHeader which says
47 	 * otherwise.
48 	 */
49 	inftl->EraseSize = inftl->mbd.mtd->erasesize;
50         inftl->nb_blocks = (u32)inftl->mbd.mtd->size / inftl->EraseSize;
51 
52 	inftl->MediaUnit = BLOCK_NIL;
53 
54 	/* Search for a valid boot record */
55 	for (block = 0; block < inftl->nb_blocks; block++) {
56 		int ret;
57 
58 		/*
59 		 * Check for BNAND header first. Then whinge if it's found
60 		 * but later checks fail.
61 		 */
62 		ret = mtd_read(mtd, block * inftl->EraseSize, SECTORSIZE,
63 			       &retlen, buf);
64 		/* We ignore ret in case the ECC of the MediaHeader is invalid
65 		   (which is apparently acceptable) */
66 		if (retlen != SECTORSIZE) {
67 			static int warncount = 5;
68 
69 			if (warncount) {
70 				printk(KERN_WARNING "INFTL: block read at 0x%x "
71 					"of mtd%d failed: %d\n",
72 					block * inftl->EraseSize,
73 					inftl->mbd.mtd->index, ret);
74 				if (!--warncount)
75 					printk(KERN_WARNING "INFTL: further "
76 						"failures for this block will "
77 						"not be printed\n");
78 			}
79 			continue;
80 		}
81 
82 		if (retlen < 6 || memcmp(buf, "BNAND", 6)) {
83 			/* BNAND\0 not found. Continue */
84 			continue;
85 		}
86 
87 		/* To be safer with BIOS, also use erase mark as discriminant */
88 		ret = inftl_read_oob(mtd,
89 				     block * inftl->EraseSize + SECTORSIZE + 8,
90 				     8, &retlen,(char *)&h1);
91 		if (ret < 0) {
92 			printk(KERN_WARNING "INFTL: ANAND header found at "
93 				"0x%x in mtd%d, but OOB data read failed "
94 				"(err %d)\n", block * inftl->EraseSize,
95 				inftl->mbd.mtd->index, ret);
96 			continue;
97 		}
98 
99 
100 		/*
101 		 * This is the first we've seen.
102 		 * Copy the media header structure into place.
103 		 */
104 		memcpy(mh, buf, sizeof(struct INFTLMediaHeader));
105 
106 		/* Read the spare media header at offset 4096 */
107 		mtd_read(mtd, block * inftl->EraseSize + 4096, SECTORSIZE,
108 			 &retlen, buf);
109 		if (retlen != SECTORSIZE) {
110 			printk(KERN_WARNING "INFTL: Unable to read spare "
111 			       "Media Header\n");
112 			return -1;
113 		}
114 		/* Check if this one is the same as the first one we found. */
115 		if (memcmp(mh, buf, sizeof(struct INFTLMediaHeader))) {
116 			printk(KERN_WARNING "INFTL: Primary and spare Media "
117 			       "Headers disagree.\n");
118 			return -1;
119 		}
120 
121 		mh->NoOfBootImageBlocks = le32_to_cpu(mh->NoOfBootImageBlocks);
122 		mh->NoOfBinaryPartitions = le32_to_cpu(mh->NoOfBinaryPartitions);
123 		mh->NoOfBDTLPartitions = le32_to_cpu(mh->NoOfBDTLPartitions);
124 		mh->BlockMultiplierBits = le32_to_cpu(mh->BlockMultiplierBits);
125 		mh->FormatFlags = le32_to_cpu(mh->FormatFlags);
126 		mh->PercentUsed = le32_to_cpu(mh->PercentUsed);
127 
128 		pr_debug("INFTL: Media Header ->\n"
129 			 "    bootRecordID          = %s\n"
130 			 "    NoOfBootImageBlocks   = %d\n"
131 			 "    NoOfBinaryPartitions  = %d\n"
132 			 "    NoOfBDTLPartitions    = %d\n"
133 			 "    BlockMultiplerBits    = %d\n"
134 			 "    FormatFlgs            = %d\n"
135 			 "    OsakVersion           = 0x%x\n"
136 			 "    PercentUsed           = %d\n",
137 			 mh->bootRecordID, mh->NoOfBootImageBlocks,
138 			 mh->NoOfBinaryPartitions,
139 			 mh->NoOfBDTLPartitions,
140 			 mh->BlockMultiplierBits, mh->FormatFlags,
141 			 mh->OsakVersion, mh->PercentUsed);
142 
143 		if (mh->NoOfBDTLPartitions == 0) {
144 			printk(KERN_WARNING "INFTL: Media Header sanity check "
145 				"failed: NoOfBDTLPartitions (%d) == 0, "
146 				"must be at least 1\n", mh->NoOfBDTLPartitions);
147 			return -1;
148 		}
149 
150 		if ((mh->NoOfBDTLPartitions + mh->NoOfBinaryPartitions) > 4) {
151 			printk(KERN_WARNING "INFTL: Media Header sanity check "
152 				"failed: Total Partitions (%d) > 4, "
153 				"BDTL=%d Binary=%d\n", mh->NoOfBDTLPartitions +
154 				mh->NoOfBinaryPartitions,
155 				mh->NoOfBDTLPartitions,
156 				mh->NoOfBinaryPartitions);
157 			return -1;
158 		}
159 
160 		if (mh->BlockMultiplierBits > 1) {
161 			printk(KERN_WARNING "INFTL: sorry, we don't support "
162 				"UnitSizeFactor 0x%02x\n",
163 				mh->BlockMultiplierBits);
164 			return -1;
165 		} else if (mh->BlockMultiplierBits == 1) {
166 			printk(KERN_WARNING "INFTL: support for INFTL with "
167 				"UnitSizeFactor 0x%02x is experimental\n",
168 				mh->BlockMultiplierBits);
169 			inftl->EraseSize = inftl->mbd.mtd->erasesize <<
170 				mh->BlockMultiplierBits;
171 			inftl->nb_blocks = (u32)inftl->mbd.mtd->size / inftl->EraseSize;
172 			block >>= mh->BlockMultiplierBits;
173 		}
174 
175 		/* Scan the partitions */
176 		for (i = 0; (i < 4); i++) {
177 			ip = &mh->Partitions[i];
178 			ip->virtualUnits = le32_to_cpu(ip->virtualUnits);
179 			ip->firstUnit = le32_to_cpu(ip->firstUnit);
180 			ip->lastUnit = le32_to_cpu(ip->lastUnit);
181 			ip->flags = le32_to_cpu(ip->flags);
182 			ip->spareUnits = le32_to_cpu(ip->spareUnits);
183 			ip->Reserved0 = le32_to_cpu(ip->Reserved0);
184 
185 			pr_debug("    PARTITION[%d] ->\n"
186 				 "        virtualUnits    = %d\n"
187 				 "        firstUnit       = %d\n"
188 				 "        lastUnit        = %d\n"
189 				 "        flags           = 0x%x\n"
190 				 "        spareUnits      = %d\n",
191 				 i, ip->virtualUnits, ip->firstUnit,
192 				 ip->lastUnit, ip->flags,
193 				 ip->spareUnits);
194 
195 			if (ip->Reserved0 != ip->firstUnit) {
196 				struct erase_info *instr = &inftl->instr;
197 
198 				/*
199 				 * 	Most likely this is using the
200 				 * 	undocumented qiuck mount feature.
201 				 * 	We don't support that, we will need
202 				 * 	to erase the hidden block for full
203 				 * 	compatibility.
204 				 */
205 				instr->addr = ip->Reserved0 * inftl->EraseSize;
206 				instr->len = inftl->EraseSize;
207 				mtd_erase(mtd, instr);
208 			}
209 			if ((ip->lastUnit - ip->firstUnit + 1) < ip->virtualUnits) {
210 				printk(KERN_WARNING "INFTL: Media Header "
211 					"Partition %d sanity check failed\n"
212 					"    firstUnit %d : lastUnit %d  >  "
213 					"virtualUnits %d\n", i, ip->lastUnit,
214 					ip->firstUnit, ip->Reserved0);
215 				return -1;
216 			}
217 			if (ip->Reserved1 != 0) {
218 				printk(KERN_WARNING "INFTL: Media Header "
219 					"Partition %d sanity check failed: "
220 					"Reserved1 %d != 0\n",
221 					i, ip->Reserved1);
222 				return -1;
223 			}
224 
225 			if (ip->flags & INFTL_BDTL)
226 				break;
227 		}
228 
229 		if (i >= 4) {
230 			printk(KERN_WARNING "INFTL: Media Header Partition "
231 				"sanity check failed:\n       No partition "
232 				"marked as Disk Partition\n");
233 			return -1;
234 		}
235 
236 		inftl->nb_boot_blocks = ip->firstUnit;
237 		inftl->numvunits = ip->virtualUnits;
238 		if (inftl->numvunits > (inftl->nb_blocks -
239 		    inftl->nb_boot_blocks - 2)) {
240 			printk(KERN_WARNING "INFTL: Media Header sanity check "
241 				"failed:\n        numvunits (%d) > nb_blocks "
242 				"(%d) - nb_boot_blocks(%d) - 2\n",
243 				inftl->numvunits, inftl->nb_blocks,
244 				inftl->nb_boot_blocks);
245 			return -1;
246 		}
247 
248 		inftl->mbd.size  = inftl->numvunits *
249 			(inftl->EraseSize / SECTORSIZE);
250 
251 		/*
252 		 * Block count is set to last used EUN (we won't need to keep
253 		 * any meta-data past that point).
254 		 */
255 		inftl->firstEUN = ip->firstUnit;
256 		inftl->lastEUN = ip->lastUnit;
257 		inftl->nb_blocks = ip->lastUnit + 1;
258 
259 		/* Memory alloc */
260 		inftl->PUtable = kmalloc_array(inftl->nb_blocks, sizeof(u16),
261 					       GFP_KERNEL);
262 		if (!inftl->PUtable) {
263 			printk(KERN_WARNING "INFTL: allocation of PUtable "
264 				"failed (%zd bytes)\n",
265 				inftl->nb_blocks * sizeof(u16));
266 			return -ENOMEM;
267 		}
268 
269 		inftl->VUtable = kmalloc_array(inftl->nb_blocks, sizeof(u16),
270 					       GFP_KERNEL);
271 		if (!inftl->VUtable) {
272 			kfree(inftl->PUtable);
273 			printk(KERN_WARNING "INFTL: allocation of VUtable "
274 				"failed (%zd bytes)\n",
275 				inftl->nb_blocks * sizeof(u16));
276 			return -ENOMEM;
277 		}
278 
279 		/* Mark the blocks before INFTL MediaHeader as reserved */
280 		for (i = 0; i < inftl->nb_boot_blocks; i++)
281 			inftl->PUtable[i] = BLOCK_RESERVED;
282 		/* Mark all remaining blocks as potentially containing data */
283 		for (; i < inftl->nb_blocks; i++)
284 			inftl->PUtable[i] = BLOCK_NOTEXPLORED;
285 
286 		/* Mark this boot record (NFTL MediaHeader) block as reserved */
287 		inftl->PUtable[block] = BLOCK_RESERVED;
288 
289 		/* Read Bad Erase Unit Table and modify PUtable[] accordingly */
290 		for (i = 0; i < inftl->nb_blocks; i++) {
291 			int physblock;
292 			/* If any of the physical eraseblocks are bad, don't
293 			   use the unit. */
294 			for (physblock = 0; physblock < inftl->EraseSize; physblock += inftl->mbd.mtd->erasesize) {
295 				if (mtd_block_isbad(inftl->mbd.mtd,
296 						    i * inftl->EraseSize + physblock))
297 					inftl->PUtable[i] = BLOCK_RESERVED;
298 			}
299 		}
300 
301 		inftl->MediaUnit = block;
302 		return 0;
303 	}
304 
305 	/* Not found. */
306 	return -1;
307 }
308 
memcmpb(void * a,int c,int n)309 static int memcmpb(void *a, int c, int n)
310 {
311 	int i;
312 	for (i = 0; i < n; i++) {
313 		if (c != ((unsigned char *)a)[i])
314 			return 1;
315 	}
316 	return 0;
317 }
318 
319 /*
320  * check_free_sector: check if a free sector is actually FREE,
321  *	i.e. All 0xff in data and oob area.
322  */
check_free_sectors(struct INFTLrecord * inftl,unsigned int address,int len,int check_oob)323 static int check_free_sectors(struct INFTLrecord *inftl, unsigned int address,
324 	int len, int check_oob)
325 {
326 	struct mtd_info *mtd = inftl->mbd.mtd;
327 	size_t retlen;
328 	int i, ret;
329 	u8 *buf;
330 
331 	buf = kmalloc(SECTORSIZE + mtd->oobsize, GFP_KERNEL);
332 	if (!buf)
333 		return -1;
334 
335 	ret = -1;
336 	for (i = 0; i < len; i += SECTORSIZE) {
337 		if (mtd_read(mtd, address, SECTORSIZE, &retlen, buf))
338 			goto out;
339 		if (memcmpb(buf, 0xff, SECTORSIZE) != 0)
340 			goto out;
341 
342 		if (check_oob) {
343 			if(inftl_read_oob(mtd, address, mtd->oobsize,
344 					  &retlen, &buf[SECTORSIZE]) < 0)
345 				goto out;
346 			if (memcmpb(buf + SECTORSIZE, 0xff, mtd->oobsize) != 0)
347 				goto out;
348 		}
349 		address += SECTORSIZE;
350 	}
351 
352 	ret = 0;
353 
354 out:
355 	kfree(buf);
356 	return ret;
357 }
358 
359 /*
360  * INFTL_format: format a Erase Unit by erasing ALL Erase Zones in the Erase
361  *		 Unit and Update INFTL metadata. Each erase operation is
362  *		 checked with check_free_sectors.
363  *
364  * Return: 0 when succeed, -1 on error.
365  *
366  * ToDo: 1. Is it necessary to check_free_sector after erasing ??
367  */
INFTL_formatblock(struct INFTLrecord * inftl,int block)368 int INFTL_formatblock(struct INFTLrecord *inftl, int block)
369 {
370 	size_t retlen;
371 	struct inftl_unittail uci;
372 	struct erase_info *instr = &inftl->instr;
373 	struct mtd_info *mtd = inftl->mbd.mtd;
374 	int physblock;
375 
376 	pr_debug("INFTL: INFTL_formatblock(inftl=%p,block=%d)\n", inftl, block);
377 
378 	memset(instr, 0, sizeof(struct erase_info));
379 
380 	/* FIXME: Shouldn't we be setting the 'discarded' flag to zero
381 	   _first_? */
382 
383 	/* Use async erase interface, test return code */
384 	instr->addr = block * inftl->EraseSize;
385 	instr->len = inftl->mbd.mtd->erasesize;
386 	/* Erase one physical eraseblock at a time, even though the NAND api
387 	   allows us to group them.  This way we if we have a failure, we can
388 	   mark only the failed block in the bbt. */
389 	for (physblock = 0; physblock < inftl->EraseSize;
390 	     physblock += instr->len, instr->addr += instr->len) {
391 		int ret;
392 
393 		ret = mtd_erase(inftl->mbd.mtd, instr);
394 		if (ret) {
395 			printk(KERN_WARNING "INFTL: error while formatting block %d\n",
396 				block);
397 			goto fail;
398 		}
399 
400 		/*
401 		 * Check the "freeness" of Erase Unit before updating metadata.
402 		 * FixMe: is this check really necessary? Since we have check
403 		 * the return code after the erase operation.
404 		 */
405 		if (check_free_sectors(inftl, instr->addr, instr->len, 1) != 0)
406 			goto fail;
407 	}
408 
409 	uci.EraseMark = cpu_to_le16(ERASE_MARK);
410 	uci.EraseMark1 = cpu_to_le16(ERASE_MARK);
411 	uci.Reserved[0] = 0;
412 	uci.Reserved[1] = 0;
413 	uci.Reserved[2] = 0;
414 	uci.Reserved[3] = 0;
415 	instr->addr = block * inftl->EraseSize + SECTORSIZE * 2;
416 	if (inftl_write_oob(mtd, instr->addr + 8, 8, &retlen, (char *)&uci) < 0)
417 		goto fail;
418 	return 0;
419 fail:
420 	/* could not format, update the bad block table (caller is responsible
421 	   for setting the PUtable to BLOCK_RESERVED on failure) */
422 	mtd_block_markbad(inftl->mbd.mtd, instr->addr);
423 	return -1;
424 }
425 
426 /*
427  * format_chain: Format an invalid Virtual Unit chain. It frees all the Erase
428  *	Units in a Virtual Unit Chain, i.e. all the units are disconnected.
429  *
430  *	Since the chain is invalid then we will have to erase it from its
431  *	head (normally for INFTL we go from the oldest). But if it has a
432  *	loop then there is no oldest...
433  */
format_chain(struct INFTLrecord * inftl,unsigned int first_block)434 static void format_chain(struct INFTLrecord *inftl, unsigned int first_block)
435 {
436 	unsigned int block = first_block, block1;
437 
438 	printk(KERN_WARNING "INFTL: formatting chain at block %d\n",
439 		first_block);
440 
441 	for (;;) {
442 		block1 = inftl->PUtable[block];
443 
444 		printk(KERN_WARNING "INFTL: formatting block %d\n", block);
445 		if (INFTL_formatblock(inftl, block) < 0) {
446 			/*
447 			 * Cannot format !!!! Mark it as Bad Unit,
448 			 */
449 			inftl->PUtable[block] = BLOCK_RESERVED;
450 		} else {
451 			inftl->PUtable[block] = BLOCK_FREE;
452 		}
453 
454 		/* Goto next block on the chain */
455 		block = block1;
456 
457 		if (block == BLOCK_NIL || block >= inftl->lastEUN)
458 			break;
459 	}
460 }
461 
INFTL_dumptables(struct INFTLrecord * s)462 void INFTL_dumptables(struct INFTLrecord *s)
463 {
464 	int i;
465 
466 	pr_debug("-------------------------------------------"
467 		"----------------------------------\n");
468 
469 	pr_debug("VUtable[%d] ->", s->nb_blocks);
470 	for (i = 0; i < s->nb_blocks; i++) {
471 		if ((i % 8) == 0)
472 			pr_debug("\n%04x: ", i);
473 		pr_debug("%04x ", s->VUtable[i]);
474 	}
475 
476 	pr_debug("\n-------------------------------------------"
477 		"----------------------------------\n");
478 
479 	pr_debug("PUtable[%d-%d=%d] ->", s->firstEUN, s->lastEUN, s->nb_blocks);
480 	for (i = 0; i <= s->lastEUN; i++) {
481 		if ((i % 8) == 0)
482 			pr_debug("\n%04x: ", i);
483 		pr_debug("%04x ", s->PUtable[i]);
484 	}
485 
486 	pr_debug("\n-------------------------------------------"
487 		"----------------------------------\n");
488 
489 	pr_debug("INFTL ->\n"
490 		"  EraseSize       = %d\n"
491 		"  h/s/c           = %d/%d/%d\n"
492 		"  numvunits       = %d\n"
493 		"  firstEUN        = %d\n"
494 		"  lastEUN         = %d\n"
495 		"  numfreeEUNs     = %d\n"
496 		"  LastFreeEUN     = %d\n"
497 		"  nb_blocks       = %d\n"
498 		"  nb_boot_blocks  = %d",
499 		s->EraseSize, s->heads, s->sectors, s->cylinders,
500 		s->numvunits, s->firstEUN, s->lastEUN, s->numfreeEUNs,
501 		s->LastFreeEUN, s->nb_blocks, s->nb_boot_blocks);
502 
503 	pr_debug("\n-------------------------------------------"
504 		"----------------------------------\n");
505 }
506 
INFTL_dumpVUchains(struct INFTLrecord * s)507 void INFTL_dumpVUchains(struct INFTLrecord *s)
508 {
509 	int logical, block, i;
510 
511 	pr_debug("-------------------------------------------"
512 		"----------------------------------\n");
513 
514 	pr_debug("INFTL Virtual Unit Chains:\n");
515 	for (logical = 0; logical < s->nb_blocks; logical++) {
516 		block = s->VUtable[logical];
517 		if (block >= s->nb_blocks)
518 			continue;
519 		pr_debug("  LOGICAL %d --> %d ", logical, block);
520 		for (i = 0; i < s->nb_blocks; i++) {
521 			if (s->PUtable[block] == BLOCK_NIL)
522 				break;
523 			block = s->PUtable[block];
524 			pr_debug("%d ", block);
525 		}
526 		pr_debug("\n");
527 	}
528 
529 	pr_debug("-------------------------------------------"
530 		"----------------------------------\n");
531 }
532 
INFTL_mount(struct INFTLrecord * s)533 int INFTL_mount(struct INFTLrecord *s)
534 {
535 	struct mtd_info *mtd = s->mbd.mtd;
536 	unsigned int block, first_block, prev_block, last_block;
537 	unsigned int first_logical_block, logical_block, erase_mark;
538 	int chain_length, do_format_chain;
539 	struct inftl_unithead1 h0;
540 	struct inftl_unittail h1;
541 	size_t retlen;
542 	int i;
543 	u8 *ANACtable, ANAC;
544 
545 	pr_debug("INFTL: INFTL_mount(inftl=%p)\n", s);
546 
547 	/* Search for INFTL MediaHeader and Spare INFTL Media Header */
548 	if (find_boot_record(s) < 0) {
549 		printk(KERN_WARNING "INFTL: could not find valid boot record?\n");
550 		return -ENXIO;
551 	}
552 
553 	/* Init the logical to physical table */
554 	for (i = 0; i < s->nb_blocks; i++)
555 		s->VUtable[i] = BLOCK_NIL;
556 
557 	logical_block = block = BLOCK_NIL;
558 
559 	/* Temporary buffer to store ANAC numbers. */
560 	ANACtable = kcalloc(s->nb_blocks, sizeof(u8), GFP_KERNEL);
561 	if (!ANACtable) {
562 		printk(KERN_WARNING "INFTL: allocation of ANACtable "
563 				"failed (%zd bytes)\n",
564 				s->nb_blocks * sizeof(u8));
565 		return -ENOMEM;
566 	}
567 
568 	/*
569 	 * First pass is to explore each physical unit, and construct the
570 	 * virtual chains that exist (newest physical unit goes into VUtable).
571 	 * Any block that is in any way invalid will be left in the
572 	 * NOTEXPLORED state. Then at the end we will try to format it and
573 	 * mark it as free.
574 	 */
575 	pr_debug("INFTL: pass 1, explore each unit\n");
576 	for (first_block = s->firstEUN; first_block <= s->lastEUN; first_block++) {
577 		if (s->PUtable[first_block] != BLOCK_NOTEXPLORED)
578 			continue;
579 
580 		do_format_chain = 0;
581 		first_logical_block = BLOCK_NIL;
582 		last_block = BLOCK_NIL;
583 		block = first_block;
584 
585 		for (chain_length = 0; ; chain_length++) {
586 
587 			if ((chain_length == 0) &&
588 			    (s->PUtable[block] != BLOCK_NOTEXPLORED)) {
589 				/* Nothing to do here, onto next block */
590 				break;
591 			}
592 
593 			if (inftl_read_oob(mtd, block * s->EraseSize + 8,
594 					   8, &retlen, (char *)&h0) < 0 ||
595 			    inftl_read_oob(mtd, block * s->EraseSize +
596 					   2 * SECTORSIZE + 8, 8, &retlen,
597 					   (char *)&h1) < 0) {
598 				/* Should never happen? */
599 				do_format_chain++;
600 				break;
601 			}
602 
603 			logical_block = le16_to_cpu(h0.virtualUnitNo);
604 			prev_block = le16_to_cpu(h0.prevUnitNo);
605 			erase_mark = le16_to_cpu((h1.EraseMark | h1.EraseMark1));
606 			ANACtable[block] = h0.ANAC;
607 
608 			/* Previous block is relative to start of Partition */
609 			if (prev_block < s->nb_blocks)
610 				prev_block += s->firstEUN;
611 
612 			/* Already explored partial chain? */
613 			if (s->PUtable[block] != BLOCK_NOTEXPLORED) {
614 				/* Check if chain for this logical */
615 				if (logical_block == first_logical_block) {
616 					if (last_block != BLOCK_NIL)
617 						s->PUtable[last_block] = block;
618 				}
619 				break;
620 			}
621 
622 			/* Check for invalid block */
623 			if (erase_mark != ERASE_MARK) {
624 				printk(KERN_WARNING "INFTL: corrupt block %d "
625 					"in chain %d, chain length %d, erase "
626 					"mark 0x%x?\n", block, first_block,
627 					chain_length, erase_mark);
628 				/*
629 				 * Assume end of chain, probably incomplete
630 				 * fold/erase...
631 				 */
632 				if (chain_length == 0)
633 					do_format_chain++;
634 				break;
635 			}
636 
637 			/* Check for it being free already then... */
638 			if ((logical_block == BLOCK_FREE) ||
639 			    (logical_block == BLOCK_NIL)) {
640 				s->PUtable[block] = BLOCK_FREE;
641 				break;
642 			}
643 
644 			/* Sanity checks on block numbers */
645 			if ((logical_block >= s->nb_blocks) ||
646 			    ((prev_block >= s->nb_blocks) &&
647 			     (prev_block != BLOCK_NIL))) {
648 				if (chain_length > 0) {
649 					printk(KERN_WARNING "INFTL: corrupt "
650 						"block %d in chain %d?\n",
651 						block, first_block);
652 					do_format_chain++;
653 				}
654 				break;
655 			}
656 
657 			if (first_logical_block == BLOCK_NIL) {
658 				first_logical_block = logical_block;
659 			} else {
660 				if (first_logical_block != logical_block) {
661 					/* Normal for folded chain... */
662 					break;
663 				}
664 			}
665 
666 			/*
667 			 * Current block is valid, so if we followed a virtual
668 			 * chain to get here then we can set the previous
669 			 * block pointer in our PUtable now. Then move onto
670 			 * the previous block in the chain.
671 			 */
672 			s->PUtable[block] = BLOCK_NIL;
673 			if (last_block != BLOCK_NIL)
674 				s->PUtable[last_block] = block;
675 			last_block = block;
676 			block = prev_block;
677 
678 			/* Check for end of chain */
679 			if (block == BLOCK_NIL)
680 				break;
681 
682 			/* Validate next block before following it... */
683 			if (block > s->lastEUN) {
684 				printk(KERN_WARNING "INFTL: invalid previous "
685 					"block %d in chain %d?\n", block,
686 					first_block);
687 				do_format_chain++;
688 				break;
689 			}
690 		}
691 
692 		if (do_format_chain) {
693 			format_chain(s, first_block);
694 			continue;
695 		}
696 
697 		/*
698 		 * Looks like a valid chain then. It may not really be the
699 		 * newest block in the chain, but it is the newest we have
700 		 * found so far. We might update it in later iterations of
701 		 * this loop if we find something newer.
702 		 */
703 		s->VUtable[first_logical_block] = first_block;
704 		logical_block = BLOCK_NIL;
705 	}
706 
707 	INFTL_dumptables(s);
708 
709 	/*
710 	 * Second pass, check for infinite loops in chains. These are
711 	 * possible because we don't update the previous pointers when
712 	 * we fold chains. No big deal, just fix them up in PUtable.
713 	 */
714 	pr_debug("INFTL: pass 2, validate virtual chains\n");
715 	for (logical_block = 0; logical_block < s->numvunits; logical_block++) {
716 		block = s->VUtable[logical_block];
717 		last_block = BLOCK_NIL;
718 
719 		/* Check for free/reserved/nil */
720 		if (block >= BLOCK_RESERVED)
721 			continue;
722 
723 		ANAC = ANACtable[block];
724 		for (i = 0; i < s->numvunits; i++) {
725 			if (s->PUtable[block] == BLOCK_NIL)
726 				break;
727 			if (s->PUtable[block] > s->lastEUN) {
728 				printk(KERN_WARNING "INFTL: invalid prev %d, "
729 					"in virtual chain %d\n",
730 					s->PUtable[block], logical_block);
731 				s->PUtable[block] = BLOCK_NIL;
732 
733 			}
734 			if (ANACtable[block] != ANAC) {
735 				/*
736 				 * Chain must point back to itself. This is ok,
737 				 * but we will need adjust the tables with this
738 				 * newest block and oldest block.
739 				 */
740 				s->VUtable[logical_block] = block;
741 				s->PUtable[last_block] = BLOCK_NIL;
742 				break;
743 			}
744 
745 			ANAC--;
746 			last_block = block;
747 			block = s->PUtable[block];
748 		}
749 
750 		if (i >= s->nb_blocks) {
751 			/*
752 			 * Uhoo, infinite chain with valid ANACS!
753 			 * Format whole chain...
754 			 */
755 			format_chain(s, first_block);
756 		}
757 	}
758 
759 	INFTL_dumptables(s);
760 	INFTL_dumpVUchains(s);
761 
762 	/*
763 	 * Third pass, format unreferenced blocks and init free block count.
764 	 */
765 	s->numfreeEUNs = 0;
766 	s->LastFreeEUN = BLOCK_NIL;
767 
768 	pr_debug("INFTL: pass 3, format unused blocks\n");
769 	for (block = s->firstEUN; block <= s->lastEUN; block++) {
770 		if (s->PUtable[block] == BLOCK_NOTEXPLORED) {
771 			printk("INFTL: unreferenced block %d, formatting it\n",
772 				block);
773 			if (INFTL_formatblock(s, block) < 0)
774 				s->PUtable[block] = BLOCK_RESERVED;
775 			else
776 				s->PUtable[block] = BLOCK_FREE;
777 		}
778 		if (s->PUtable[block] == BLOCK_FREE) {
779 			s->numfreeEUNs++;
780 			if (s->LastFreeEUN == BLOCK_NIL)
781 				s->LastFreeEUN = block;
782 		}
783 	}
784 
785 	kfree(ANACtable);
786 	return 0;
787 }
788