1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * Copyright (c) International Business Machines Corp., 2006
4 * Copyright (c) Nokia Corporation, 2006, 2007
5 *
6 * Author: Artem Bityutskiy (Битюцкий Артём)
7 */
8
9 /*
10 * UBI input/output sub-system.
11 *
12 * This sub-system provides a uniform way to work with all kinds of the
13 * underlying MTD devices. It also implements handy functions for reading and
14 * writing UBI headers.
15 *
16 * We are trying to have a paranoid mindset and not to trust to what we read
17 * from the flash media in order to be more secure and robust. So this
18 * sub-system validates every single header it reads from the flash media.
19 *
20 * Some words about how the eraseblock headers are stored.
21 *
22 * The erase counter header is always stored at offset zero. By default, the
23 * VID header is stored after the EC header at the closest aligned offset
24 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID
25 * header at the closest aligned offset. But this default layout may be
26 * changed. For example, for different reasons (e.g., optimization) UBI may be
27 * asked to put the VID header at further offset, and even at an unaligned
28 * offset. Of course, if the offset of the VID header is unaligned, UBI adds
29 * proper padding in front of it. Data offset may also be changed but it has to
30 * be aligned.
31 *
32 * About minimal I/O units. In general, UBI assumes flash device model where
33 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1,
34 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the
35 * @ubi->mtd->writesize field. But as an exception, UBI admits of using another
36 * (smaller) minimal I/O unit size for EC and VID headers to make it possible
37 * to do different optimizations.
38 *
39 * This is extremely useful in case of NAND flashes which admit of several
40 * write operations to one NAND page. In this case UBI can fit EC and VID
41 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal
42 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still
43 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI
44 * users.
45 *
46 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so
47 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID
48 * headers.
49 *
50 * Q: why not just to treat sub-page as a minimal I/O unit of this flash
51 * device, e.g., make @ubi->min_io_size = 512 in the example above?
52 *
53 * A: because when writing a sub-page, MTD still writes a full 2K page but the
54 * bytes which are not relevant to the sub-page are 0xFF. So, basically,
55 * writing 4x512 sub-pages is 4 times slower than writing one 2KiB NAND page.
56 * Thus, we prefer to use sub-pages only for EC and VID headers.
57 *
58 * As it was noted above, the VID header may start at a non-aligned offset.
59 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page,
60 * the VID header may reside at offset 1984 which is the last 64 bytes of the
61 * last sub-page (EC header is always at offset zero). This causes some
62 * difficulties when reading and writing VID headers.
63 *
64 * Suppose we have a 64-byte buffer and we read a VID header at it. We change
65 * the data and want to write this VID header out. As we can only write in
66 * 512-byte chunks, we have to allocate one more buffer and copy our VID header
67 * to offset 448 of this buffer.
68 *
69 * The I/O sub-system does the following trick in order to avoid this extra
70 * copy. It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID
71 * header and returns a pointer to offset @ubi->vid_hdr_shift of this buffer.
72 * When the VID header is being written out, it shifts the VID header pointer
73 * back and writes the whole sub-page.
74 */
75
76 #ifndef __UBOOT__
77 #include <log.h>
78 #include <dm/devres.h>
79 #include <linux/crc32.h>
80 #include <linux/err.h>
81 #include <linux/slab.h>
82 #include <u-boot/crc.h>
83 #else
84 #include <hexdump.h>
85 #include <ubi_uboot.h>
86 #endif
87
88 #include "ubi.h"
89
90 static int self_check_not_bad(const struct ubi_device *ubi, int pnum);
91 static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum);
92 static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
93 const struct ubi_ec_hdr *ec_hdr);
94 static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum);
95 static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
96 const struct ubi_vid_hdr *vid_hdr);
97 static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
98 int offset, int len);
99
100 /**
101 * ubi_io_read - read data from a physical eraseblock.
102 * @ubi: UBI device description object
103 * @buf: buffer where to store the read data
104 * @pnum: physical eraseblock number to read from
105 * @offset: offset within the physical eraseblock from where to read
106 * @len: how many bytes to read
107 *
108 * This function reads data from offset @offset of physical eraseblock @pnum
109 * and stores the read data in the @buf buffer. The following return codes are
110 * possible:
111 *
112 * o %0 if all the requested data were successfully read;
113 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but
114 * correctable bit-flips were detected; this is harmless but may indicate
115 * that this eraseblock may become bad soon (but do not have to);
116 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for
117 * example it can be an ECC error in case of NAND; this most probably means
118 * that the data is corrupted;
119 * o %-EIO if some I/O error occurred;
120 * o other negative error codes in case of other errors.
121 */
ubi_io_read(const struct ubi_device * ubi,void * buf,int pnum,int offset,int len)122 int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset,
123 int len)
124 {
125 int err, retries = 0;
126 size_t read;
127 loff_t addr;
128
129 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset);
130
131 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
132 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
133 ubi_assert(len > 0);
134
135 err = self_check_not_bad(ubi, pnum);
136 if (err)
137 return err;
138
139 /*
140 * Deliberately corrupt the buffer to improve robustness. Indeed, if we
141 * do not do this, the following may happen:
142 * 1. The buffer contains data from previous operation, e.g., read from
143 * another PEB previously. The data looks like expected, e.g., if we
144 * just do not read anything and return - the caller would not
145 * notice this. E.g., if we are reading a VID header, the buffer may
146 * contain a valid VID header from another PEB.
147 * 2. The driver is buggy and returns us success or -EBADMSG or
148 * -EUCLEAN, but it does not actually put any data to the buffer.
149 *
150 * This may confuse UBI or upper layers - they may think the buffer
151 * contains valid data while in fact it is just old data. This is
152 * especially possible because UBI (and UBIFS) relies on CRC, and
153 * treats data as correct even in case of ECC errors if the CRC is
154 * correct.
155 *
156 * Try to prevent this situation by changing the first byte of the
157 * buffer.
158 */
159 *((uint8_t *)buf) ^= 0xFF;
160
161 addr = (loff_t)pnum * ubi->peb_size + offset;
162 retry:
163 err = mtd_read(ubi->mtd, addr, len, &read, buf);
164 if (err) {
165 const char *errstr = mtd_is_eccerr(err) ? " (ECC error)" : "";
166
167 if (mtd_is_bitflip(err)) {
168 /*
169 * -EUCLEAN is reported if there was a bit-flip which
170 * was corrected, so this is harmless.
171 *
172 * We do not report about it here unless debugging is
173 * enabled. A corresponding message will be printed
174 * later, when it is has been scrubbed.
175 */
176 ubi_msg(ubi, "fixable bit-flip detected at PEB %d",
177 pnum);
178 ubi_assert(len == read);
179 return UBI_IO_BITFLIPS;
180 }
181
182 if (retries++ < UBI_IO_RETRIES) {
183 ubi_warn(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read only %zd bytes, retry",
184 err, errstr, len, pnum, offset, read);
185 yield();
186 goto retry;
187 }
188
189 ubi_err(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read %zd bytes",
190 err, errstr, len, pnum, offset, read);
191 dump_stack();
192
193 /*
194 * The driver should never return -EBADMSG if it failed to read
195 * all the requested data. But some buggy drivers might do
196 * this, so we change it to -EIO.
197 */
198 if (read != len && mtd_is_eccerr(err)) {
199 ubi_assert(0);
200 err = -EIO;
201 }
202 } else {
203 ubi_assert(len == read);
204
205 if (ubi_dbg_is_bitflip(ubi)) {
206 dbg_gen("bit-flip (emulated)");
207 err = UBI_IO_BITFLIPS;
208 }
209 }
210
211 return err;
212 }
213
214 /**
215 * ubi_io_write - write data to a physical eraseblock.
216 * @ubi: UBI device description object
217 * @buf: buffer with the data to write
218 * @pnum: physical eraseblock number to write to
219 * @offset: offset within the physical eraseblock where to write
220 * @len: how many bytes to write
221 *
222 * This function writes @len bytes of data from buffer @buf to offset @offset
223 * of physical eraseblock @pnum. If all the data were successfully written,
224 * zero is returned. If an error occurred, this function returns a negative
225 * error code. If %-EIO is returned, the physical eraseblock most probably went
226 * bad.
227 *
228 * Note, in case of an error, it is possible that something was still written
229 * to the flash media, but may be some garbage.
230 */
ubi_io_write(struct ubi_device * ubi,const void * buf,int pnum,int offset,int len)231 int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset,
232 int len)
233 {
234 int err;
235 size_t written;
236 loff_t addr;
237
238 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset);
239
240 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
241 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
242 ubi_assert(offset % ubi->hdrs_min_io_size == 0);
243 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0);
244
245 if (ubi->ro_mode) {
246 ubi_err(ubi, "read-only mode");
247 return -EROFS;
248 }
249
250 err = self_check_not_bad(ubi, pnum);
251 if (err)
252 return err;
253
254 /* The area we are writing to has to contain all 0xFF bytes */
255 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
256 if (err)
257 return err;
258
259 if (offset >= ubi->leb_start) {
260 /*
261 * We write to the data area of the physical eraseblock. Make
262 * sure it has valid EC and VID headers.
263 */
264 err = self_check_peb_ec_hdr(ubi, pnum);
265 if (err)
266 return err;
267 err = self_check_peb_vid_hdr(ubi, pnum);
268 if (err)
269 return err;
270 }
271
272 if (ubi_dbg_is_write_failure(ubi)) {
273 ubi_err(ubi, "cannot write %d bytes to PEB %d:%d (emulated)",
274 len, pnum, offset);
275 dump_stack();
276 return -EIO;
277 }
278
279 addr = (loff_t)pnum * ubi->peb_size + offset;
280 err = mtd_write(ubi->mtd, addr, len, &written, buf);
281 if (err) {
282 ubi_err(ubi, "error %d while writing %d bytes to PEB %d:%d, written %zd bytes",
283 err, len, pnum, offset, written);
284 dump_stack();
285 ubi_dump_flash(ubi, pnum, offset, len);
286 } else
287 ubi_assert(written == len);
288
289 if (!err) {
290 err = self_check_write(ubi, buf, pnum, offset, len);
291 if (err)
292 return err;
293
294 /*
295 * Since we always write sequentially, the rest of the PEB has
296 * to contain only 0xFF bytes.
297 */
298 offset += len;
299 len = ubi->peb_size - offset;
300 if (len)
301 err = ubi_self_check_all_ff(ubi, pnum, offset, len);
302 }
303
304 return err;
305 }
306
307 /**
308 * do_sync_erase - synchronously erase a physical eraseblock.
309 * @ubi: UBI device description object
310 * @pnum: the physical eraseblock number to erase
311 *
312 * This function synchronously erases physical eraseblock @pnum and returns
313 * zero in case of success and a negative error code in case of failure. If
314 * %-EIO is returned, the physical eraseblock most probably went bad.
315 */
do_sync_erase(struct ubi_device * ubi,int pnum)316 static int do_sync_erase(struct ubi_device *ubi, int pnum)
317 {
318 int err, retries = 0;
319 struct erase_info ei;
320 wait_queue_head_t wq;
321
322 dbg_io("erase PEB %d", pnum);
323 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
324
325 if (ubi->ro_mode) {
326 ubi_err(ubi, "read-only mode");
327 return -EROFS;
328 }
329
330 retry:
331 init_waitqueue_head(&wq);
332 memset(&ei, 0, sizeof(struct erase_info));
333
334 ei.mtd = ubi->mtd;
335 ei.addr = (loff_t)pnum * ubi->peb_size;
336 ei.len = ubi->peb_size;
337 ei.priv = (unsigned long)&wq;
338
339 err = mtd_erase(ubi->mtd, &ei);
340 if (err) {
341 if (retries++ < UBI_IO_RETRIES) {
342 ubi_warn(ubi, "error %d while erasing PEB %d, retry",
343 err, pnum);
344 yield();
345 goto retry;
346 }
347 ubi_err(ubi, "cannot erase PEB %d, error %d", pnum, err);
348 dump_stack();
349 return err;
350 }
351
352 err = wait_event_interruptible(wq, ei.state == MTD_ERASE_DONE ||
353 ei.state == MTD_ERASE_FAILED);
354 if (err) {
355 ubi_err(ubi, "interrupted PEB %d erasure", pnum);
356 return -EINTR;
357 }
358
359 if (ei.state == MTD_ERASE_FAILED) {
360 if (retries++ < UBI_IO_RETRIES) {
361 ubi_warn(ubi, "error while erasing PEB %d, retry",
362 pnum);
363 yield();
364 goto retry;
365 }
366 ubi_err(ubi, "cannot erase PEB %d", pnum);
367 dump_stack();
368 return -EIO;
369 }
370
371 err = ubi_self_check_all_ff(ubi, pnum, 0, ubi->peb_size);
372 if (err)
373 return err;
374
375 if (ubi_dbg_is_erase_failure(ubi)) {
376 ubi_err(ubi, "cannot erase PEB %d (emulated)", pnum);
377 return -EIO;
378 }
379
380 return 0;
381 }
382
383 /* Patterns to write to a physical eraseblock when torturing it */
384 static uint8_t patterns[] = {0xa5, 0x5a, 0x0};
385
386 /**
387 * torture_peb - test a supposedly bad physical eraseblock.
388 * @ubi: UBI device description object
389 * @pnum: the physical eraseblock number to test
390 *
391 * This function returns %-EIO if the physical eraseblock did not pass the
392 * test, a positive number of erase operations done if the test was
393 * successfully passed, and other negative error codes in case of other errors.
394 */
torture_peb(struct ubi_device * ubi,int pnum)395 static int torture_peb(struct ubi_device *ubi, int pnum)
396 {
397 int err, i, patt_count;
398
399 ubi_msg(ubi, "run torture test for PEB %d", pnum);
400 patt_count = ARRAY_SIZE(patterns);
401 ubi_assert(patt_count > 0);
402
403 mutex_lock(&ubi->buf_mutex);
404 for (i = 0; i < patt_count; i++) {
405 err = do_sync_erase(ubi, pnum);
406 if (err)
407 goto out;
408
409 /* Make sure the PEB contains only 0xFF bytes */
410 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
411 if (err)
412 goto out;
413
414 err = ubi_check_pattern(ubi->peb_buf, 0xFF, ubi->peb_size);
415 if (err == 0) {
416 ubi_err(ubi, "erased PEB %d, but a non-0xFF byte found",
417 pnum);
418 err = -EIO;
419 goto out;
420 }
421
422 /* Write a pattern and check it */
423 memset(ubi->peb_buf, patterns[i], ubi->peb_size);
424 err = ubi_io_write(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
425 if (err)
426 goto out;
427
428 memset(ubi->peb_buf, ~patterns[i], ubi->peb_size);
429 err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
430 if (err)
431 goto out;
432
433 err = ubi_check_pattern(ubi->peb_buf, patterns[i],
434 ubi->peb_size);
435 if (err == 0) {
436 ubi_err(ubi, "pattern %x checking failed for PEB %d",
437 patterns[i], pnum);
438 err = -EIO;
439 goto out;
440 }
441 }
442
443 err = patt_count;
444 ubi_msg(ubi, "PEB %d passed torture test, do not mark it as bad", pnum);
445
446 out:
447 mutex_unlock(&ubi->buf_mutex);
448 if (err == UBI_IO_BITFLIPS || mtd_is_eccerr(err)) {
449 /*
450 * If a bit-flip or data integrity error was detected, the test
451 * has not passed because it happened on a freshly erased
452 * physical eraseblock which means something is wrong with it.
453 */
454 ubi_err(ubi, "read problems on freshly erased PEB %d, must be bad",
455 pnum);
456 err = -EIO;
457 }
458 return err;
459 }
460
461 /**
462 * nor_erase_prepare - prepare a NOR flash PEB for erasure.
463 * @ubi: UBI device description object
464 * @pnum: physical eraseblock number to prepare
465 *
466 * NOR flash, or at least some of them, have peculiar embedded PEB erasure
467 * algorithm: the PEB is first filled with zeroes, then it is erased. And
468 * filling with zeroes starts from the end of the PEB. This was observed with
469 * Spansion S29GL512N NOR flash.
470 *
471 * This means that in case of a power cut we may end up with intact data at the
472 * beginning of the PEB, and all zeroes at the end of PEB. In other words, the
473 * EC and VID headers are OK, but a large chunk of data at the end of PEB is
474 * zeroed. This makes UBI mistakenly treat this PEB as used and associate it
475 * with an LEB, which leads to subsequent failures (e.g., UBIFS fails).
476 *
477 * This function is called before erasing NOR PEBs and it zeroes out EC and VID
478 * magic numbers in order to invalidate them and prevent the failures. Returns
479 * zero in case of success and a negative error code in case of failure.
480 */
nor_erase_prepare(struct ubi_device * ubi,int pnum)481 static int nor_erase_prepare(struct ubi_device *ubi, int pnum)
482 {
483 int err;
484 size_t written;
485 loff_t addr;
486 uint32_t data = 0;
487 struct ubi_ec_hdr ec_hdr;
488
489 /*
490 * Note, we cannot generally define VID header buffers on stack,
491 * because of the way we deal with these buffers (see the header
492 * comment in this file). But we know this is a NOR-specific piece of
493 * code, so we can do this. But yes, this is error-prone and we should
494 * (pre-)allocate VID header buffer instead.
495 */
496 struct ubi_vid_hdr vid_hdr;
497
498 /*
499 * If VID or EC is valid, we have to corrupt them before erasing.
500 * It is important to first invalidate the EC header, and then the VID
501 * header. Otherwise a power cut may lead to valid EC header and
502 * invalid VID header, in which case UBI will treat this PEB as
503 * corrupted and will try to preserve it, and print scary warnings.
504 */
505 addr = (loff_t)pnum * ubi->peb_size;
506 err = ubi_io_read_ec_hdr(ubi, pnum, &ec_hdr, 0);
507 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
508 err != UBI_IO_FF){
509 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
510 if(err)
511 goto error;
512 }
513
514 err = ubi_io_read_vid_hdr(ubi, pnum, &vid_hdr, 0);
515 if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
516 err != UBI_IO_FF){
517 addr += ubi->vid_hdr_aloffset;
518 err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
519 if (err)
520 goto error;
521 }
522 return 0;
523
524 error:
525 /*
526 * The PEB contains a valid VID or EC header, but we cannot invalidate
527 * it. Supposedly the flash media or the driver is screwed up, so
528 * return an error.
529 */
530 ubi_err(ubi, "cannot invalidate PEB %d, write returned %d", pnum, err);
531 ubi_dump_flash(ubi, pnum, 0, ubi->peb_size);
532 return -EIO;
533 }
534
535 /**
536 * ubi_io_sync_erase - synchronously erase a physical eraseblock.
537 * @ubi: UBI device description object
538 * @pnum: physical eraseblock number to erase
539 * @torture: if this physical eraseblock has to be tortured
540 *
541 * This function synchronously erases physical eraseblock @pnum. If @torture
542 * flag is not zero, the physical eraseblock is checked by means of writing
543 * different patterns to it and reading them back. If the torturing is enabled,
544 * the physical eraseblock is erased more than once.
545 *
546 * This function returns the number of erasures made in case of success, %-EIO
547 * if the erasure failed or the torturing test failed, and other negative error
548 * codes in case of other errors. Note, %-EIO means that the physical
549 * eraseblock is bad.
550 */
ubi_io_sync_erase(struct ubi_device * ubi,int pnum,int torture)551 int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture)
552 {
553 int err, ret = 0;
554
555 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
556
557 err = self_check_not_bad(ubi, pnum);
558 if (err != 0)
559 return err;
560
561 if (ubi->ro_mode) {
562 ubi_err(ubi, "read-only mode");
563 return -EROFS;
564 }
565
566 /*
567 * If the flash is ECC-ed then we have to erase the ECC block before we
568 * can write to it. But the write is in preparation to an erase in the
569 * first place. This means we cannot zero out EC and VID before the
570 * erase and we just have to hope the flash starts erasing from the
571 * start of the page.
572 */
573 if (ubi->nor_flash && ubi->mtd->writesize == 1) {
574 err = nor_erase_prepare(ubi, pnum);
575 if (err)
576 return err;
577 }
578
579 if (torture) {
580 ret = torture_peb(ubi, pnum);
581 if (ret < 0)
582 return ret;
583 }
584
585 err = do_sync_erase(ubi, pnum);
586 if (err)
587 return err;
588
589 return ret + 1;
590 }
591
592 /**
593 * ubi_io_is_bad - check if a physical eraseblock is bad.
594 * @ubi: UBI device description object
595 * @pnum: the physical eraseblock number to check
596 *
597 * This function returns a positive number if the physical eraseblock is bad,
598 * zero if not, and a negative error code if an error occurred.
599 */
ubi_io_is_bad(const struct ubi_device * ubi,int pnum)600 int ubi_io_is_bad(const struct ubi_device *ubi, int pnum)
601 {
602 struct mtd_info *mtd = ubi->mtd;
603
604 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
605
606 if (ubi->bad_allowed) {
607 int ret;
608
609 ret = mtd_block_isbad(mtd, (loff_t)pnum * ubi->peb_size);
610 if (ret < 0)
611 ubi_err(ubi, "error %d while checking if PEB %d is bad",
612 ret, pnum);
613 else if (ret)
614 dbg_io("PEB %d is bad", pnum);
615 return ret;
616 }
617
618 return 0;
619 }
620
621 /**
622 * ubi_io_mark_bad - mark a physical eraseblock as bad.
623 * @ubi: UBI device description object
624 * @pnum: the physical eraseblock number to mark
625 *
626 * This function returns zero in case of success and a negative error code in
627 * case of failure.
628 */
ubi_io_mark_bad(const struct ubi_device * ubi,int pnum)629 int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum)
630 {
631 int err;
632 struct mtd_info *mtd = ubi->mtd;
633
634 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
635
636 if (ubi->ro_mode) {
637 ubi_err(ubi, "read-only mode");
638 return -EROFS;
639 }
640
641 if (!ubi->bad_allowed)
642 return 0;
643
644 err = mtd_block_markbad(mtd, (loff_t)pnum * ubi->peb_size);
645 if (err)
646 ubi_err(ubi, "cannot mark PEB %d bad, error %d", pnum, err);
647 return err;
648 }
649
650 /**
651 * validate_ec_hdr - validate an erase counter header.
652 * @ubi: UBI device description object
653 * @ec_hdr: the erase counter header to check
654 *
655 * This function returns zero if the erase counter header is OK, and %1 if
656 * not.
657 */
validate_ec_hdr(const struct ubi_device * ubi,const struct ubi_ec_hdr * ec_hdr)658 static int validate_ec_hdr(const struct ubi_device *ubi,
659 const struct ubi_ec_hdr *ec_hdr)
660 {
661 long long ec;
662 int vid_hdr_offset, leb_start;
663
664 ec = be64_to_cpu(ec_hdr->ec);
665 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset);
666 leb_start = be32_to_cpu(ec_hdr->data_offset);
667
668 if (ec_hdr->version != UBI_VERSION) {
669 ubi_err(ubi, "node with incompatible UBI version found: this UBI version is %d, image version is %d",
670 UBI_VERSION, (int)ec_hdr->version);
671 goto bad;
672 }
673
674 if (vid_hdr_offset != ubi->vid_hdr_offset) {
675 ubi_err(ubi, "bad VID header offset %d, expected %d",
676 vid_hdr_offset, ubi->vid_hdr_offset);
677 goto bad;
678 }
679
680 if (leb_start != ubi->leb_start) {
681 ubi_err(ubi, "bad data offset %d, expected %d",
682 leb_start, ubi->leb_start);
683 goto bad;
684 }
685
686 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) {
687 ubi_err(ubi, "bad erase counter %lld", ec);
688 goto bad;
689 }
690
691 return 0;
692
693 bad:
694 ubi_err(ubi, "bad EC header");
695 ubi_dump_ec_hdr(ec_hdr);
696 dump_stack();
697 return 1;
698 }
699
700 /**
701 * ubi_io_read_ec_hdr - read and check an erase counter header.
702 * @ubi: UBI device description object
703 * @pnum: physical eraseblock to read from
704 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter
705 * header
706 * @verbose: be verbose if the header is corrupted or was not found
707 *
708 * This function reads erase counter header from physical eraseblock @pnum and
709 * stores it in @ec_hdr. This function also checks CRC checksum of the read
710 * erase counter header. The following codes may be returned:
711 *
712 * o %0 if the CRC checksum is correct and the header was successfully read;
713 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected
714 * and corrected by the flash driver; this is harmless but may indicate that
715 * this eraseblock may become bad soon (but may be not);
716 * o %UBI_IO_BAD_HDR if the erase counter header is corrupted (a CRC error);
717 * o %UBI_IO_BAD_HDR_EBADMSG is the same as %UBI_IO_BAD_HDR, but there also was
718 * a data integrity error (uncorrectable ECC error in case of NAND);
719 * o %UBI_IO_FF if only 0xFF bytes were read (the PEB is supposedly empty)
720 * o a negative error code in case of failure.
721 */
ubi_io_read_ec_hdr(struct ubi_device * ubi,int pnum,struct ubi_ec_hdr * ec_hdr,int verbose)722 int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum,
723 struct ubi_ec_hdr *ec_hdr, int verbose)
724 {
725 int err, read_err;
726 uint32_t crc, magic, hdr_crc;
727
728 dbg_io("read EC header from PEB %d", pnum);
729 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
730
731 read_err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
732 if (read_err) {
733 if (read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
734 return read_err;
735
736 /*
737 * We read all the data, but either a correctable bit-flip
738 * occurred, or MTD reported a data integrity error
739 * (uncorrectable ECC error in case of NAND). The former is
740 * harmless, the later may mean that the read data is
741 * corrupted. But we have a CRC check-sum and we will detect
742 * this. If the EC header is still OK, we just report this as
743 * there was a bit-flip, to force scrubbing.
744 */
745 }
746
747 magic = be32_to_cpu(ec_hdr->magic);
748 if (magic != UBI_EC_HDR_MAGIC) {
749 if (mtd_is_eccerr(read_err))
750 return UBI_IO_BAD_HDR_EBADMSG;
751
752 /*
753 * The magic field is wrong. Let's check if we have read all
754 * 0xFF. If yes, this physical eraseblock is assumed to be
755 * empty.
756 */
757 if (ubi_check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) {
758 /* The physical eraseblock is supposedly empty */
759 if (verbose)
760 ubi_warn(ubi, "no EC header found at PEB %d, only 0xFF bytes",
761 pnum);
762 dbg_bld("no EC header found at PEB %d, only 0xFF bytes",
763 pnum);
764 if (!read_err)
765 return UBI_IO_FF;
766 else
767 return UBI_IO_FF_BITFLIPS;
768 }
769
770 /*
771 * This is not a valid erase counter header, and these are not
772 * 0xFF bytes. Report that the header is corrupted.
773 */
774 if (verbose) {
775 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
776 pnum, magic, UBI_EC_HDR_MAGIC);
777 ubi_dump_ec_hdr(ec_hdr);
778 }
779 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
780 pnum, magic, UBI_EC_HDR_MAGIC);
781 return UBI_IO_BAD_HDR;
782 }
783
784 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
785 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
786
787 if (hdr_crc != crc) {
788 if (verbose) {
789 ubi_warn(ubi, "bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
790 pnum, crc, hdr_crc);
791 ubi_dump_ec_hdr(ec_hdr);
792 }
793 dbg_bld("bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
794 pnum, crc, hdr_crc);
795
796 if (!read_err)
797 return UBI_IO_BAD_HDR;
798 else
799 return UBI_IO_BAD_HDR_EBADMSG;
800 }
801
802 /* And of course validate what has just been read from the media */
803 err = validate_ec_hdr(ubi, ec_hdr);
804 if (err) {
805 ubi_err(ubi, "validation failed for PEB %d", pnum);
806 return -EINVAL;
807 }
808
809 /*
810 * If there was %-EBADMSG, but the header CRC is still OK, report about
811 * a bit-flip to force scrubbing on this PEB.
812 */
813 return read_err ? UBI_IO_BITFLIPS : 0;
814 }
815
816 /**
817 * ubi_io_write_ec_hdr - write an erase counter header.
818 * @ubi: UBI device description object
819 * @pnum: physical eraseblock to write to
820 * @ec_hdr: the erase counter header to write
821 *
822 * This function writes erase counter header described by @ec_hdr to physical
823 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so
824 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec
825 * field.
826 *
827 * This function returns zero in case of success and a negative error code in
828 * case of failure. If %-EIO is returned, the physical eraseblock most probably
829 * went bad.
830 */
ubi_io_write_ec_hdr(struct ubi_device * ubi,int pnum,struct ubi_ec_hdr * ec_hdr)831 int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum,
832 struct ubi_ec_hdr *ec_hdr)
833 {
834 int err;
835 uint32_t crc;
836
837 dbg_io("write EC header to PEB %d", pnum);
838 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
839
840 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC);
841 ec_hdr->version = UBI_VERSION;
842 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset);
843 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start);
844 ec_hdr->image_seq = cpu_to_be32(ubi->image_seq);
845 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
846 ec_hdr->hdr_crc = cpu_to_be32(crc);
847
848 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
849 if (err)
850 return err;
851
852 if (ubi_dbg_power_cut(ubi, POWER_CUT_EC_WRITE))
853 return -EROFS;
854
855 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize);
856 return err;
857 }
858
859 /**
860 * validate_vid_hdr - validate a volume identifier header.
861 * @ubi: UBI device description object
862 * @vid_hdr: the volume identifier header to check
863 *
864 * This function checks that data stored in the volume identifier header
865 * @vid_hdr. Returns zero if the VID header is OK and %1 if not.
866 */
validate_vid_hdr(const struct ubi_device * ubi,const struct ubi_vid_hdr * vid_hdr)867 static int validate_vid_hdr(const struct ubi_device *ubi,
868 const struct ubi_vid_hdr *vid_hdr)
869 {
870 int vol_type = vid_hdr->vol_type;
871 int copy_flag = vid_hdr->copy_flag;
872 int vol_id = be32_to_cpu(vid_hdr->vol_id);
873 int lnum = be32_to_cpu(vid_hdr->lnum);
874 int compat = vid_hdr->compat;
875 int data_size = be32_to_cpu(vid_hdr->data_size);
876 int used_ebs = be32_to_cpu(vid_hdr->used_ebs);
877 int data_pad = be32_to_cpu(vid_hdr->data_pad);
878 int data_crc = be32_to_cpu(vid_hdr->data_crc);
879 int usable_leb_size = ubi->leb_size - data_pad;
880
881 if (copy_flag != 0 && copy_flag != 1) {
882 ubi_err(ubi, "bad copy_flag");
883 goto bad;
884 }
885
886 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 ||
887 data_pad < 0) {
888 ubi_err(ubi, "negative values");
889 goto bad;
890 }
891
892 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) {
893 ubi_err(ubi, "bad vol_id");
894 goto bad;
895 }
896
897 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) {
898 ubi_err(ubi, "bad compat");
899 goto bad;
900 }
901
902 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE &&
903 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE &&
904 compat != UBI_COMPAT_REJECT) {
905 ubi_err(ubi, "bad compat");
906 goto bad;
907 }
908
909 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) {
910 ubi_err(ubi, "bad vol_type");
911 goto bad;
912 }
913
914 if (data_pad >= ubi->leb_size / 2) {
915 ubi_err(ubi, "bad data_pad");
916 goto bad;
917 }
918
919 if (vol_type == UBI_VID_STATIC) {
920 /*
921 * Although from high-level point of view static volumes may
922 * contain zero bytes of data, but no VID headers can contain
923 * zero at these fields, because they empty volumes do not have
924 * mapped logical eraseblocks.
925 */
926 if (used_ebs == 0) {
927 ubi_err(ubi, "zero used_ebs");
928 goto bad;
929 }
930 if (data_size == 0) {
931 ubi_err(ubi, "zero data_size");
932 goto bad;
933 }
934 if (lnum < used_ebs - 1) {
935 if (data_size != usable_leb_size) {
936 ubi_err(ubi, "bad data_size");
937 goto bad;
938 }
939 } else if (lnum == used_ebs - 1) {
940 if (data_size == 0) {
941 ubi_err(ubi, "bad data_size at last LEB");
942 goto bad;
943 }
944 } else {
945 ubi_err(ubi, "too high lnum");
946 goto bad;
947 }
948 } else {
949 if (copy_flag == 0) {
950 if (data_crc != 0) {
951 ubi_err(ubi, "non-zero data CRC");
952 goto bad;
953 }
954 if (data_size != 0) {
955 ubi_err(ubi, "non-zero data_size");
956 goto bad;
957 }
958 } else {
959 if (data_size == 0) {
960 ubi_err(ubi, "zero data_size of copy");
961 goto bad;
962 }
963 }
964 if (used_ebs != 0) {
965 ubi_err(ubi, "bad used_ebs");
966 goto bad;
967 }
968 }
969
970 return 0;
971
972 bad:
973 ubi_err(ubi, "bad VID header");
974 ubi_dump_vid_hdr(vid_hdr);
975 dump_stack();
976 return 1;
977 }
978
979 /**
980 * ubi_io_read_vid_hdr - read and check a volume identifier header.
981 * @ubi: UBI device description object
982 * @pnum: physical eraseblock number to read from
983 * @vid_hdr: &struct ubi_vid_hdr object where to store the read volume
984 * identifier header
985 * @verbose: be verbose if the header is corrupted or wasn't found
986 *
987 * This function reads the volume identifier header from physical eraseblock
988 * @pnum and stores it in @vid_hdr. It also checks CRC checksum of the read
989 * volume identifier header. The error codes are the same as in
990 * 'ubi_io_read_ec_hdr()'.
991 *
992 * Note, the implementation of this function is also very similar to
993 * 'ubi_io_read_ec_hdr()', so refer commentaries in 'ubi_io_read_ec_hdr()'.
994 */
ubi_io_read_vid_hdr(struct ubi_device * ubi,int pnum,struct ubi_vid_hdr * vid_hdr,int verbose)995 int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum,
996 struct ubi_vid_hdr *vid_hdr, int verbose)
997 {
998 int err, read_err;
999 uint32_t crc, magic, hdr_crc;
1000 void *p;
1001
1002 dbg_io("read VID header from PEB %d", pnum);
1003 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1004
1005 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1006 read_err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1007 ubi->vid_hdr_alsize);
1008 if (read_err && read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
1009 return read_err;
1010
1011 magic = be32_to_cpu(vid_hdr->magic);
1012 if (magic != UBI_VID_HDR_MAGIC) {
1013 if (mtd_is_eccerr(read_err))
1014 return UBI_IO_BAD_HDR_EBADMSG;
1015
1016 if (ubi_check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) {
1017 if (verbose)
1018 ubi_warn(ubi, "no VID header found at PEB %d, only 0xFF bytes",
1019 pnum);
1020 dbg_bld("no VID header found at PEB %d, only 0xFF bytes",
1021 pnum);
1022 if (!read_err)
1023 return UBI_IO_FF;
1024 else
1025 return UBI_IO_FF_BITFLIPS;
1026 }
1027
1028 if (verbose) {
1029 ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
1030 pnum, magic, UBI_VID_HDR_MAGIC);
1031 ubi_dump_vid_hdr(vid_hdr);
1032 }
1033 dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
1034 pnum, magic, UBI_VID_HDR_MAGIC);
1035 return UBI_IO_BAD_HDR;
1036 }
1037
1038 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1039 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1040
1041 if (hdr_crc != crc) {
1042 if (verbose) {
1043 ubi_warn(ubi, "bad CRC at PEB %d, calculated %#08x, read %#08x",
1044 pnum, crc, hdr_crc);
1045 ubi_dump_vid_hdr(vid_hdr);
1046 }
1047 dbg_bld("bad CRC at PEB %d, calculated %#08x, read %#08x",
1048 pnum, crc, hdr_crc);
1049 if (!read_err)
1050 return UBI_IO_BAD_HDR;
1051 else
1052 return UBI_IO_BAD_HDR_EBADMSG;
1053 }
1054
1055 err = validate_vid_hdr(ubi, vid_hdr);
1056 if (err) {
1057 ubi_err(ubi, "validation failed for PEB %d", pnum);
1058 return -EINVAL;
1059 }
1060
1061 return read_err ? UBI_IO_BITFLIPS : 0;
1062 }
1063
1064 /**
1065 * ubi_io_write_vid_hdr - write a volume identifier header.
1066 * @ubi: UBI device description object
1067 * @pnum: the physical eraseblock number to write to
1068 * @vid_hdr: the volume identifier header to write
1069 *
1070 * This function writes the volume identifier header described by @vid_hdr to
1071 * physical eraseblock @pnum. This function automatically fills the
1072 * @vid_hdr->magic and the @vid_hdr->version fields, as well as calculates
1073 * header CRC checksum and stores it at vid_hdr->hdr_crc.
1074 *
1075 * This function returns zero in case of success and a negative error code in
1076 * case of failure. If %-EIO is returned, the physical eraseblock probably went
1077 * bad.
1078 */
ubi_io_write_vid_hdr(struct ubi_device * ubi,int pnum,struct ubi_vid_hdr * vid_hdr)1079 int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum,
1080 struct ubi_vid_hdr *vid_hdr)
1081 {
1082 int err;
1083 uint32_t crc;
1084 void *p;
1085
1086 dbg_io("write VID header to PEB %d", pnum);
1087 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1088
1089 err = self_check_peb_ec_hdr(ubi, pnum);
1090 if (err)
1091 return err;
1092
1093 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC);
1094 vid_hdr->version = UBI_VERSION;
1095 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1096 vid_hdr->hdr_crc = cpu_to_be32(crc);
1097
1098 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1099 if (err)
1100 return err;
1101
1102 if (ubi_dbg_power_cut(ubi, POWER_CUT_VID_WRITE))
1103 return -EROFS;
1104
1105 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1106 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset,
1107 ubi->vid_hdr_alsize);
1108 return err;
1109 }
1110
1111 /**
1112 * self_check_not_bad - ensure that a physical eraseblock is not bad.
1113 * @ubi: UBI device description object
1114 * @pnum: physical eraseblock number to check
1115 *
1116 * This function returns zero if the physical eraseblock is good, %-EINVAL if
1117 * it is bad and a negative error code if an error occurred.
1118 */
self_check_not_bad(const struct ubi_device * ubi,int pnum)1119 static int self_check_not_bad(const struct ubi_device *ubi, int pnum)
1120 {
1121 int err;
1122
1123 if (!ubi_dbg_chk_io(ubi))
1124 return 0;
1125
1126 err = ubi_io_is_bad(ubi, pnum);
1127 if (!err)
1128 return err;
1129
1130 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1131 dump_stack();
1132 return err > 0 ? -EINVAL : err;
1133 }
1134
1135 /**
1136 * self_check_ec_hdr - check if an erase counter header is all right.
1137 * @ubi: UBI device description object
1138 * @pnum: physical eraseblock number the erase counter header belongs to
1139 * @ec_hdr: the erase counter header to check
1140 *
1141 * This function returns zero if the erase counter header contains valid
1142 * values, and %-EINVAL if not.
1143 */
self_check_ec_hdr(const struct ubi_device * ubi,int pnum,const struct ubi_ec_hdr * ec_hdr)1144 static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
1145 const struct ubi_ec_hdr *ec_hdr)
1146 {
1147 int err;
1148 uint32_t magic;
1149
1150 if (!ubi_dbg_chk_io(ubi))
1151 return 0;
1152
1153 magic = be32_to_cpu(ec_hdr->magic);
1154 if (magic != UBI_EC_HDR_MAGIC) {
1155 ubi_err(ubi, "bad magic %#08x, must be %#08x",
1156 magic, UBI_EC_HDR_MAGIC);
1157 goto fail;
1158 }
1159
1160 err = validate_ec_hdr(ubi, ec_hdr);
1161 if (err) {
1162 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1163 goto fail;
1164 }
1165
1166 return 0;
1167
1168 fail:
1169 ubi_dump_ec_hdr(ec_hdr);
1170 dump_stack();
1171 return -EINVAL;
1172 }
1173
1174 /**
1175 * self_check_peb_ec_hdr - check erase counter header.
1176 * @ubi: UBI device description object
1177 * @pnum: the physical eraseblock number to check
1178 *
1179 * This function returns zero if the erase counter header is all right and and
1180 * a negative error code if not or if an error occurred.
1181 */
self_check_peb_ec_hdr(const struct ubi_device * ubi,int pnum)1182 static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum)
1183 {
1184 int err;
1185 uint32_t crc, hdr_crc;
1186 struct ubi_ec_hdr *ec_hdr;
1187
1188 if (!ubi_dbg_chk_io(ubi))
1189 return 0;
1190
1191 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS);
1192 if (!ec_hdr)
1193 return -ENOMEM;
1194
1195 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
1196 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1197 goto exit;
1198
1199 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
1200 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
1201 if (hdr_crc != crc) {
1202 ubi_err(ubi, "bad CRC, calculated %#08x, read %#08x",
1203 crc, hdr_crc);
1204 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1205 ubi_dump_ec_hdr(ec_hdr);
1206 dump_stack();
1207 err = -EINVAL;
1208 goto exit;
1209 }
1210
1211 err = self_check_ec_hdr(ubi, pnum, ec_hdr);
1212
1213 exit:
1214 kfree(ec_hdr);
1215 return err;
1216 }
1217
1218 /**
1219 * self_check_vid_hdr - check that a volume identifier header is all right.
1220 * @ubi: UBI device description object
1221 * @pnum: physical eraseblock number the volume identifier header belongs to
1222 * @vid_hdr: the volume identifier header to check
1223 *
1224 * This function returns zero if the volume identifier header is all right, and
1225 * %-EINVAL if not.
1226 */
self_check_vid_hdr(const struct ubi_device * ubi,int pnum,const struct ubi_vid_hdr * vid_hdr)1227 static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
1228 const struct ubi_vid_hdr *vid_hdr)
1229 {
1230 int err;
1231 uint32_t magic;
1232
1233 if (!ubi_dbg_chk_io(ubi))
1234 return 0;
1235
1236 magic = be32_to_cpu(vid_hdr->magic);
1237 if (magic != UBI_VID_HDR_MAGIC) {
1238 ubi_err(ubi, "bad VID header magic %#08x at PEB %d, must be %#08x",
1239 magic, pnum, UBI_VID_HDR_MAGIC);
1240 goto fail;
1241 }
1242
1243 err = validate_vid_hdr(ubi, vid_hdr);
1244 if (err) {
1245 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1246 goto fail;
1247 }
1248
1249 return err;
1250
1251 fail:
1252 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1253 ubi_dump_vid_hdr(vid_hdr);
1254 dump_stack();
1255 return -EINVAL;
1256
1257 }
1258
1259 /**
1260 * self_check_peb_vid_hdr - check volume identifier header.
1261 * @ubi: UBI device description object
1262 * @pnum: the physical eraseblock number to check
1263 *
1264 * This function returns zero if the volume identifier header is all right,
1265 * and a negative error code if not or if an error occurred.
1266 */
self_check_peb_vid_hdr(const struct ubi_device * ubi,int pnum)1267 static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum)
1268 {
1269 int err;
1270 uint32_t crc, hdr_crc;
1271 struct ubi_vid_hdr *vid_hdr;
1272 void *p;
1273
1274 if (!ubi_dbg_chk_io(ubi))
1275 return 0;
1276
1277 vid_hdr = ubi_zalloc_vid_hdr(ubi, GFP_NOFS);
1278 if (!vid_hdr)
1279 return -ENOMEM;
1280
1281 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1282 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1283 ubi->vid_hdr_alsize);
1284 if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1285 goto exit;
1286
1287 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_EC_HDR_SIZE_CRC);
1288 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1289 if (hdr_crc != crc) {
1290 ubi_err(ubi, "bad VID header CRC at PEB %d, calculated %#08x, read %#08x",
1291 pnum, crc, hdr_crc);
1292 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1293 ubi_dump_vid_hdr(vid_hdr);
1294 dump_stack();
1295 err = -EINVAL;
1296 goto exit;
1297 }
1298
1299 err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1300
1301 exit:
1302 ubi_free_vid_hdr(ubi, vid_hdr);
1303 return err;
1304 }
1305
1306 /**
1307 * self_check_write - make sure write succeeded.
1308 * @ubi: UBI device description object
1309 * @buf: buffer with data which were written
1310 * @pnum: physical eraseblock number the data were written to
1311 * @offset: offset within the physical eraseblock the data were written to
1312 * @len: how many bytes were written
1313 *
1314 * This functions reads data which were recently written and compares it with
1315 * the original data buffer - the data have to match. Returns zero if the data
1316 * match and a negative error code if not or in case of failure.
1317 */
self_check_write(struct ubi_device * ubi,const void * buf,int pnum,int offset,int len)1318 static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
1319 int offset, int len)
1320 {
1321 int err, i;
1322 size_t read;
1323 void *buf1;
1324 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1325
1326 if (!ubi_dbg_chk_io(ubi))
1327 return 0;
1328
1329 buf1 = __vmalloc(len, GFP_NOFS, PAGE_KERNEL);
1330 if (!buf1) {
1331 ubi_err(ubi, "cannot allocate memory to check writes");
1332 return 0;
1333 }
1334
1335 err = mtd_read(ubi->mtd, addr, len, &read, buf1);
1336 if (err && !mtd_is_bitflip(err))
1337 goto out_free;
1338
1339 for (i = 0; i < len; i++) {
1340 uint8_t c = ((uint8_t *)buf)[i];
1341 uint8_t c1 = ((uint8_t *)buf1)[i];
1342 #if !defined(CONFIG_UBI_SILENCE_MSG)
1343 int dump_len = max_t(int, 128, len - i);
1344 #endif
1345
1346 if (c == c1)
1347 continue;
1348
1349 ubi_err(ubi, "self-check failed for PEB %d:%d, len %d",
1350 pnum, offset, len);
1351 #if !defined(CONFIG_UBI_SILENCE_MSG)
1352 ubi_msg(ubi, "data differ at position %d", i);
1353 ubi_msg(ubi, "hex dump of the original buffer from %d to %d",
1354 i, i + dump_len);
1355 print_hex_dump("", DUMP_PREFIX_OFFSET, 32, 1,
1356 buf + i, dump_len, 1);
1357 ubi_msg(ubi, "hex dump of the read buffer from %d to %d",
1358 i, i + dump_len);
1359 print_hex_dump("", DUMP_PREFIX_OFFSET, 32, 1,
1360 buf1 + i, dump_len, 1);
1361 #endif
1362 dump_stack();
1363 err = -EINVAL;
1364 goto out_free;
1365 }
1366
1367 vfree(buf1);
1368 return 0;
1369
1370 out_free:
1371 vfree(buf1);
1372 return err;
1373 }
1374
1375 /**
1376 * ubi_self_check_all_ff - check that a region of flash is empty.
1377 * @ubi: UBI device description object
1378 * @pnum: the physical eraseblock number to check
1379 * @offset: the starting offset within the physical eraseblock to check
1380 * @len: the length of the region to check
1381 *
1382 * This function returns zero if only 0xFF bytes are present at offset
1383 * @offset of the physical eraseblock @pnum, and a negative error code if not
1384 * or if an error occurred.
1385 */
ubi_self_check_all_ff(struct ubi_device * ubi,int pnum,int offset,int len)1386 int ubi_self_check_all_ff(struct ubi_device *ubi, int pnum, int offset, int len)
1387 {
1388 size_t read;
1389 int err;
1390 void *buf;
1391 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1392
1393 if (!ubi_dbg_chk_io(ubi))
1394 return 0;
1395
1396 buf = __vmalloc(len, GFP_NOFS, PAGE_KERNEL);
1397 if (!buf) {
1398 ubi_err(ubi, "cannot allocate memory to check for 0xFFs");
1399 return 0;
1400 }
1401
1402 err = mtd_read(ubi->mtd, addr, len, &read, buf);
1403 if (err && !mtd_is_bitflip(err)) {
1404 ubi_err(ubi, "err %d while reading %d bytes from PEB %d:%d, read %zd bytes",
1405 err, len, pnum, offset, read);
1406 goto error;
1407 }
1408
1409 err = ubi_check_pattern(buf, 0xFF, len);
1410 if (err == 0) {
1411 ubi_err(ubi, "flash region at PEB %d:%d, length %d does not contain all 0xFF bytes",
1412 pnum, offset, len);
1413 goto fail;
1414 }
1415
1416 vfree(buf);
1417 return 0;
1418
1419 fail:
1420 ubi_err(ubi, "self-check failed for PEB %d", pnum);
1421 ubi_msg(ubi, "hex dump of the %d-%d region", offset, offset + len);
1422 print_hex_dump("", DUMP_PREFIX_OFFSET, 32, 1, buf, len, 1);
1423 err = -EINVAL;
1424 error:
1425 dump_stack();
1426 vfree(buf);
1427 return err;
1428 }
1429