1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * Copyright (c) International Business Machines Corp., 2006
4  * Copyright (c) Nokia Corporation, 2006, 2007
5  *
6  * Author: Artem Bityutskiy (Битюцкий Артём)
7  */
8 
9 /*
10  * UBI input/output sub-system.
11  *
12  * This sub-system provides a uniform way to work with all kinds of the
13  * underlying MTD devices. It also implements handy functions for reading and
14  * writing UBI headers.
15  *
16  * We are trying to have a paranoid mindset and not to trust to what we read
17  * from the flash media in order to be more secure and robust. So this
18  * sub-system validates every single header it reads from the flash media.
19  *
20  * Some words about how the eraseblock headers are stored.
21  *
22  * The erase counter header is always stored at offset zero. By default, the
23  * VID header is stored after the EC header at the closest aligned offset
24  * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID
25  * header at the closest aligned offset. But this default layout may be
26  * changed. For example, for different reasons (e.g., optimization) UBI may be
27  * asked to put the VID header at further offset, and even at an unaligned
28  * offset. Of course, if the offset of the VID header is unaligned, UBI adds
29  * proper padding in front of it. Data offset may also be changed but it has to
30  * be aligned.
31  *
32  * About minimal I/O units. In general, UBI assumes flash device model where
33  * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1,
34  * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the
35  * @ubi->mtd->writesize field. But as an exception, UBI admits use of another
36  * (smaller) minimal I/O unit size for EC and VID headers to make it possible
37  * to do different optimizations.
38  *
39  * This is extremely useful in case of NAND flashes which admit of several
40  * write operations to one NAND page. In this case UBI can fit EC and VID
41  * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal
42  * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still
43  * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI
44  * users.
45  *
46  * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so
47  * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID
48  * headers.
49  *
50  * Q: why not just to treat sub-page as a minimal I/O unit of this flash
51  * device, e.g., make @ubi->min_io_size = 512 in the example above?
52  *
53  * A: because when writing a sub-page, MTD still writes a full 2K page but the
54  * bytes which are not relevant to the sub-page are 0xFF. So, basically,
55  * writing 4x512 sub-pages is 4 times slower than writing one 2KiB NAND page.
56  * Thus, we prefer to use sub-pages only for EC and VID headers.
57  *
58  * As it was noted above, the VID header may start at a non-aligned offset.
59  * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page,
60  * the VID header may reside at offset 1984 which is the last 64 bytes of the
61  * last sub-page (EC header is always at offset zero). This causes some
62  * difficulties when reading and writing VID headers.
63  *
64  * Suppose we have a 64-byte buffer and we read a VID header at it. We change
65  * the data and want to write this VID header out. As we can only write in
66  * 512-byte chunks, we have to allocate one more buffer and copy our VID header
67  * to offset 448 of this buffer.
68  *
69  * The I/O sub-system does the following trick in order to avoid this extra
70  * copy. It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID
71  * header and returns a pointer to offset @ubi->vid_hdr_shift of this buffer.
72  * When the VID header is being written out, it shifts the VID header pointer
73  * back and writes the whole sub-page.
74  */
75 
76 #include <linux/crc32.h>
77 #include <linux/err.h>
78 #include <linux/slab.h>
79 #include "ubi.h"
80 
81 static int self_check_not_bad(const struct ubi_device *ubi, int pnum);
82 static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum);
83 static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
84 			     const struct ubi_ec_hdr *ec_hdr);
85 static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum);
86 static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
87 			      const struct ubi_vid_hdr *vid_hdr);
88 static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
89 			    int offset, int len);
90 
91 /**
92  * ubi_io_read - read data from a physical eraseblock.
93  * @ubi: UBI device description object
94  * @buf: buffer where to store the read data
95  * @pnum: physical eraseblock number to read from
96  * @offset: offset within the physical eraseblock from where to read
97  * @len: how many bytes to read
98  *
99  * This function reads data from offset @offset of physical eraseblock @pnum
100  * and stores the read data in the @buf buffer. The following return codes are
101  * possible:
102  *
103  * o %0 if all the requested data were successfully read;
104  * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but
105  *   correctable bit-flips were detected; this is harmless but may indicate
106  *   that this eraseblock may become bad soon (but do not have to);
107  * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for
108  *   example it can be an ECC error in case of NAND; this most probably means
109  *   that the data is corrupted;
110  * o %-EIO if some I/O error occurred;
111  * o other negative error codes in case of other errors.
112  */
ubi_io_read(const struct ubi_device * ubi,void * buf,int pnum,int offset,int len)113 int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset,
114 		int len)
115 {
116 	int err, retries = 0;
117 	size_t read;
118 	loff_t addr;
119 
120 	dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset);
121 
122 	ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
123 	ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
124 	ubi_assert(len > 0);
125 
126 	err = self_check_not_bad(ubi, pnum);
127 	if (err)
128 		return err;
129 
130 	/*
131 	 * Deliberately corrupt the buffer to improve robustness. Indeed, if we
132 	 * do not do this, the following may happen:
133 	 * 1. The buffer contains data from previous operation, e.g., read from
134 	 *    another PEB previously. The data looks like expected, e.g., if we
135 	 *    just do not read anything and return - the caller would not
136 	 *    notice this. E.g., if we are reading a VID header, the buffer may
137 	 *    contain a valid VID header from another PEB.
138 	 * 2. The driver is buggy and returns us success or -EBADMSG or
139 	 *    -EUCLEAN, but it does not actually put any data to the buffer.
140 	 *
141 	 * This may confuse UBI or upper layers - they may think the buffer
142 	 * contains valid data while in fact it is just old data. This is
143 	 * especially possible because UBI (and UBIFS) relies on CRC, and
144 	 * treats data as correct even in case of ECC errors if the CRC is
145 	 * correct.
146 	 *
147 	 * Try to prevent this situation by changing the first byte of the
148 	 * buffer.
149 	 */
150 	*((uint8_t *)buf) ^= 0xFF;
151 
152 	addr = (loff_t)pnum * ubi->peb_size + offset;
153 retry:
154 	err = mtd_read(ubi->mtd, addr, len, &read, buf);
155 	if (err) {
156 		const char *errstr = mtd_is_eccerr(err) ? " (ECC error)" : "";
157 
158 		if (mtd_is_bitflip(err)) {
159 			/*
160 			 * -EUCLEAN is reported if there was a bit-flip which
161 			 * was corrected, so this is harmless.
162 			 *
163 			 * We do not report about it here unless debugging is
164 			 * enabled. A corresponding message will be printed
165 			 * later, when it is has been scrubbed.
166 			 */
167 			ubi_msg(ubi, "fixable bit-flip detected at PEB %d",
168 				pnum);
169 			ubi_assert(len == read);
170 			return UBI_IO_BITFLIPS;
171 		}
172 
173 		if (retries++ < UBI_IO_RETRIES) {
174 			ubi_warn(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read only %zd bytes, retry",
175 				 err, errstr, len, pnum, offset, read);
176 			yield();
177 			goto retry;
178 		}
179 
180 		ubi_err(ubi, "error %d%s while reading %d bytes from PEB %d:%d, read %zd bytes",
181 			err, errstr, len, pnum, offset, read);
182 		dump_stack();
183 
184 		/*
185 		 * The driver should never return -EBADMSG if it failed to read
186 		 * all the requested data. But some buggy drivers might do
187 		 * this, so we change it to -EIO.
188 		 */
189 		if (read != len && mtd_is_eccerr(err)) {
190 			ubi_assert(0);
191 			err = -EIO;
192 		}
193 	} else {
194 		ubi_assert(len == read);
195 
196 		if (ubi_dbg_is_bitflip(ubi)) {
197 			dbg_gen("bit-flip (emulated)");
198 			return UBI_IO_BITFLIPS;
199 		}
200 
201 		if (ubi_dbg_is_read_failure(ubi, MASK_READ_FAILURE)) {
202 			ubi_warn(ubi, "cannot read %d bytes from PEB %d:%d (emulated)",
203 				 len, pnum, offset);
204 			return -EIO;
205 		}
206 
207 		if (ubi_dbg_is_eccerr(ubi)) {
208 			ubi_warn(ubi, "ECC error (emulated) while reading %d bytes from PEB %d:%d, read %zd bytes",
209 				 len, pnum, offset, read);
210 			return -EBADMSG;
211 		}
212 	}
213 
214 	return err;
215 }
216 
217 /**
218  * ubi_io_write - write data to a physical eraseblock.
219  * @ubi: UBI device description object
220  * @buf: buffer with the data to write
221  * @pnum: physical eraseblock number to write to
222  * @offset: offset within the physical eraseblock where to write
223  * @len: how many bytes to write
224  *
225  * This function writes @len bytes of data from buffer @buf to offset @offset
226  * of physical eraseblock @pnum. If all the data were successfully written,
227  * zero is returned. If an error occurred, this function returns a negative
228  * error code. If %-EIO is returned, the physical eraseblock most probably went
229  * bad.
230  *
231  * Note, in case of an error, it is possible that something was still written
232  * to the flash media, but may be some garbage.
233  */
ubi_io_write(struct ubi_device * ubi,const void * buf,int pnum,int offset,int len)234 int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset,
235 		 int len)
236 {
237 	int err;
238 	size_t written;
239 	loff_t addr;
240 
241 	dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset);
242 
243 	ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
244 	ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
245 	ubi_assert(offset % ubi->hdrs_min_io_size == 0);
246 	ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0);
247 
248 	if (ubi->ro_mode) {
249 		ubi_err(ubi, "read-only mode");
250 		return -EROFS;
251 	}
252 
253 	err = self_check_not_bad(ubi, pnum);
254 	if (err)
255 		return err;
256 
257 	/* The area we are writing to has to contain all 0xFF bytes */
258 	err = ubi_self_check_all_ff(ubi, pnum, offset, len);
259 	if (err)
260 		return err;
261 
262 	if (offset >= ubi->leb_start) {
263 		/*
264 		 * We write to the data area of the physical eraseblock. Make
265 		 * sure it has valid EC and VID headers.
266 		 */
267 		err = self_check_peb_ec_hdr(ubi, pnum);
268 		if (err)
269 			return err;
270 		err = self_check_peb_vid_hdr(ubi, pnum);
271 		if (err)
272 			return err;
273 	}
274 
275 	if (ubi_dbg_is_write_failure(ubi)) {
276 		ubi_err(ubi, "cannot write %d bytes to PEB %d:%d (emulated)",
277 			len, pnum, offset);
278 		dump_stack();
279 		return -EIO;
280 	}
281 
282 	addr = (loff_t)pnum * ubi->peb_size + offset;
283 	err = mtd_write(ubi->mtd, addr, len, &written, buf);
284 	if (err) {
285 		ubi_err(ubi, "error %d while writing %d bytes to PEB %d:%d, written %zd bytes",
286 			err, len, pnum, offset, written);
287 		dump_stack();
288 		ubi_dump_flash(ubi, pnum, offset, len);
289 	} else
290 		ubi_assert(written == len);
291 
292 	if (!err) {
293 		err = self_check_write(ubi, buf, pnum, offset, len);
294 		if (err)
295 			return err;
296 
297 		/*
298 		 * Since we always write sequentially, the rest of the PEB has
299 		 * to contain only 0xFF bytes.
300 		 */
301 		offset += len;
302 		len = ubi->peb_size - offset;
303 		if (len)
304 			err = ubi_self_check_all_ff(ubi, pnum, offset, len);
305 	}
306 
307 	return err;
308 }
309 
310 /**
311  * do_sync_erase - synchronously erase a physical eraseblock.
312  * @ubi: UBI device description object
313  * @pnum: the physical eraseblock number to erase
314  *
315  * This function synchronously erases physical eraseblock @pnum and returns
316  * zero in case of success and a negative error code in case of failure. If
317  * %-EIO is returned, the physical eraseblock most probably went bad.
318  */
do_sync_erase(struct ubi_device * ubi,int pnum)319 static int do_sync_erase(struct ubi_device *ubi, int pnum)
320 {
321 	int err, retries = 0;
322 	struct erase_info ei;
323 
324 	dbg_io("erase PEB %d", pnum);
325 	ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
326 
327 	if (ubi->ro_mode) {
328 		ubi_err(ubi, "read-only mode");
329 		return -EROFS;
330 	}
331 
332 retry:
333 	memset(&ei, 0, sizeof(struct erase_info));
334 
335 	ei.addr     = (loff_t)pnum * ubi->peb_size;
336 	ei.len      = ubi->peb_size;
337 
338 	err = mtd_erase(ubi->mtd, &ei);
339 	if (err) {
340 		if (retries++ < UBI_IO_RETRIES) {
341 			ubi_warn(ubi, "error %d while erasing PEB %d, retry",
342 				 err, pnum);
343 			yield();
344 			goto retry;
345 		}
346 		ubi_err(ubi, "cannot erase PEB %d, error %d", pnum, err);
347 		dump_stack();
348 		return err;
349 	}
350 
351 	err = ubi_self_check_all_ff(ubi, pnum, 0, ubi->peb_size);
352 	if (err)
353 		return err;
354 
355 	if (ubi_dbg_is_erase_failure(ubi)) {
356 		ubi_err(ubi, "cannot erase PEB %d (emulated)", pnum);
357 		return -EIO;
358 	}
359 
360 	return 0;
361 }
362 
363 /* Patterns to write to a physical eraseblock when torturing it */
364 static uint8_t patterns[] = {0xa5, 0x5a, 0x0};
365 
366 /**
367  * torture_peb - test a supposedly bad physical eraseblock.
368  * @ubi: UBI device description object
369  * @pnum: the physical eraseblock number to test
370  *
371  * This function returns %-EIO if the physical eraseblock did not pass the
372  * test, a positive number of erase operations done if the test was
373  * successfully passed, and other negative error codes in case of other errors.
374  */
torture_peb(struct ubi_device * ubi,int pnum)375 static int torture_peb(struct ubi_device *ubi, int pnum)
376 {
377 	int err, i, patt_count;
378 
379 	ubi_msg(ubi, "run torture test for PEB %d", pnum);
380 	patt_count = ARRAY_SIZE(patterns);
381 	ubi_assert(patt_count > 0);
382 
383 	mutex_lock(&ubi->buf_mutex);
384 	for (i = 0; i < patt_count; i++) {
385 		err = do_sync_erase(ubi, pnum);
386 		if (err)
387 			goto out;
388 
389 		/* Make sure the PEB contains only 0xFF bytes */
390 		err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
391 		if (err)
392 			goto out;
393 
394 		err = ubi_check_pattern(ubi->peb_buf, 0xFF, ubi->peb_size);
395 		if (err == 0) {
396 			ubi_err(ubi, "erased PEB %d, but a non-0xFF byte found",
397 				pnum);
398 			err = -EIO;
399 			goto out;
400 		}
401 
402 		/* Write a pattern and check it */
403 		memset(ubi->peb_buf, patterns[i], ubi->peb_size);
404 		err = ubi_io_write(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
405 		if (err)
406 			goto out;
407 
408 		memset(ubi->peb_buf, ~patterns[i], ubi->peb_size);
409 		err = ubi_io_read(ubi, ubi->peb_buf, pnum, 0, ubi->peb_size);
410 		if (err)
411 			goto out;
412 
413 		err = ubi_check_pattern(ubi->peb_buf, patterns[i],
414 					ubi->peb_size);
415 		if (err == 0) {
416 			ubi_err(ubi, "pattern %x checking failed for PEB %d",
417 				patterns[i], pnum);
418 			err = -EIO;
419 			goto out;
420 		}
421 	}
422 
423 	err = patt_count;
424 	ubi_msg(ubi, "PEB %d passed torture test, do not mark it as bad", pnum);
425 
426 out:
427 	mutex_unlock(&ubi->buf_mutex);
428 	if (err == UBI_IO_BITFLIPS || mtd_is_eccerr(err)) {
429 		/*
430 		 * If a bit-flip or data integrity error was detected, the test
431 		 * has not passed because it happened on a freshly erased
432 		 * physical eraseblock which means something is wrong with it.
433 		 */
434 		ubi_err(ubi, "read problems on freshly erased PEB %d, must be bad",
435 			pnum);
436 		err = -EIO;
437 	}
438 	return err;
439 }
440 
441 /**
442  * nor_erase_prepare - prepare a NOR flash PEB for erasure.
443  * @ubi: UBI device description object
444  * @pnum: physical eraseblock number to prepare
445  *
446  * NOR flash, or at least some of them, have peculiar embedded PEB erasure
447  * algorithm: the PEB is first filled with zeroes, then it is erased. And
448  * filling with zeroes starts from the end of the PEB. This was observed with
449  * Spansion S29GL512N NOR flash.
450  *
451  * This means that in case of a power cut we may end up with intact data at the
452  * beginning of the PEB, and all zeroes at the end of PEB. In other words, the
453  * EC and VID headers are OK, but a large chunk of data at the end of PEB is
454  * zeroed. This makes UBI mistakenly treat this PEB as used and associate it
455  * with an LEB, which leads to subsequent failures (e.g., UBIFS fails).
456  *
457  * This function is called before erasing NOR PEBs and it zeroes out EC and VID
458  * magic numbers in order to invalidate them and prevent the failures. Returns
459  * zero in case of success and a negative error code in case of failure.
460  */
nor_erase_prepare(struct ubi_device * ubi,int pnum)461 static int nor_erase_prepare(struct ubi_device *ubi, int pnum)
462 {
463 	int err;
464 	size_t written;
465 	loff_t addr;
466 	uint32_t data = 0;
467 	struct ubi_ec_hdr ec_hdr;
468 	struct ubi_vid_io_buf vidb;
469 
470 	/*
471 	 * Note, we cannot generally define VID header buffers on stack,
472 	 * because of the way we deal with these buffers (see the header
473 	 * comment in this file). But we know this is a NOR-specific piece of
474 	 * code, so we can do this. But yes, this is error-prone and we should
475 	 * (pre-)allocate VID header buffer instead.
476 	 */
477 	struct ubi_vid_hdr vid_hdr;
478 
479 	/*
480 	 * If VID or EC is valid, we have to corrupt them before erasing.
481 	 * It is important to first invalidate the EC header, and then the VID
482 	 * header. Otherwise a power cut may lead to valid EC header and
483 	 * invalid VID header, in which case UBI will treat this PEB as
484 	 * corrupted and will try to preserve it, and print scary warnings.
485 	 */
486 	addr = (loff_t)pnum * ubi->peb_size;
487 	err = ubi_io_read_ec_hdr(ubi, pnum, &ec_hdr, 0);
488 	if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
489 	    err != UBI_IO_FF){
490 		err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
491 		if(err)
492 			goto error;
493 	}
494 
495 	ubi_init_vid_buf(ubi, &vidb, &vid_hdr);
496 	ubi_assert(&vid_hdr == ubi_get_vid_hdr(&vidb));
497 
498 	err = ubi_io_read_vid_hdr(ubi, pnum, &vidb, 0);
499 	if (err != UBI_IO_BAD_HDR_EBADMSG && err != UBI_IO_BAD_HDR &&
500 	    err != UBI_IO_FF){
501 		addr += ubi->vid_hdr_aloffset;
502 		err = mtd_write(ubi->mtd, addr, 4, &written, (void *)&data);
503 		if (err)
504 			goto error;
505 	}
506 	return 0;
507 
508 error:
509 	/*
510 	 * The PEB contains a valid VID or EC header, but we cannot invalidate
511 	 * it. Supposedly the flash media or the driver is screwed up, so
512 	 * return an error.
513 	 */
514 	ubi_err(ubi, "cannot invalidate PEB %d, write returned %d", pnum, err);
515 	ubi_dump_flash(ubi, pnum, 0, ubi->peb_size);
516 	return -EIO;
517 }
518 
519 /**
520  * ubi_io_sync_erase - synchronously erase a physical eraseblock.
521  * @ubi: UBI device description object
522  * @pnum: physical eraseblock number to erase
523  * @torture: if this physical eraseblock has to be tortured
524  *
525  * This function synchronously erases physical eraseblock @pnum. If @torture
526  * flag is not zero, the physical eraseblock is checked by means of writing
527  * different patterns to it and reading them back. If the torturing is enabled,
528  * the physical eraseblock is erased more than once.
529  *
530  * This function returns the number of erasures made in case of success, %-EIO
531  * if the erasure failed or the torturing test failed, and other negative error
532  * codes in case of other errors. Note, %-EIO means that the physical
533  * eraseblock is bad.
534  */
ubi_io_sync_erase(struct ubi_device * ubi,int pnum,int torture)535 int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture)
536 {
537 	int err, ret = 0;
538 
539 	ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
540 
541 	err = self_check_not_bad(ubi, pnum);
542 	if (err != 0)
543 		return err;
544 
545 	if (ubi->ro_mode) {
546 		ubi_err(ubi, "read-only mode");
547 		return -EROFS;
548 	}
549 
550 	/*
551 	 * If the flash is ECC-ed then we have to erase the ECC block before we
552 	 * can write to it. But the write is in preparation to an erase in the
553 	 * first place. This means we cannot zero out EC and VID before the
554 	 * erase and we just have to hope the flash starts erasing from the
555 	 * start of the page.
556 	 */
557 	if (ubi->nor_flash && ubi->mtd->writesize == 1) {
558 		err = nor_erase_prepare(ubi, pnum);
559 		if (err)
560 			return err;
561 	}
562 
563 	if (torture) {
564 		ret = torture_peb(ubi, pnum);
565 		if (ret < 0)
566 			return ret;
567 	}
568 
569 	err = do_sync_erase(ubi, pnum);
570 	if (err)
571 		return err;
572 
573 	return ret + 1;
574 }
575 
576 /**
577  * ubi_io_is_bad - check if a physical eraseblock is bad.
578  * @ubi: UBI device description object
579  * @pnum: the physical eraseblock number to check
580  *
581  * This function returns a positive number if the physical eraseblock is bad,
582  * zero if not, and a negative error code if an error occurred.
583  */
ubi_io_is_bad(const struct ubi_device * ubi,int pnum)584 int ubi_io_is_bad(const struct ubi_device *ubi, int pnum)
585 {
586 	struct mtd_info *mtd = ubi->mtd;
587 
588 	ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
589 
590 	if (ubi->bad_allowed) {
591 		int ret;
592 
593 		ret = mtd_block_isbad(mtd, (loff_t)pnum * ubi->peb_size);
594 		if (ret < 0)
595 			ubi_err(ubi, "error %d while checking if PEB %d is bad",
596 				ret, pnum);
597 		else if (ret)
598 			dbg_io("PEB %d is bad", pnum);
599 		return ret;
600 	}
601 
602 	return 0;
603 }
604 
605 /**
606  * ubi_io_mark_bad - mark a physical eraseblock as bad.
607  * @ubi: UBI device description object
608  * @pnum: the physical eraseblock number to mark
609  *
610  * This function returns zero in case of success and a negative error code in
611  * case of failure.
612  */
ubi_io_mark_bad(const struct ubi_device * ubi,int pnum)613 int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum)
614 {
615 	int err;
616 	struct mtd_info *mtd = ubi->mtd;
617 
618 	ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
619 
620 	if (ubi->ro_mode) {
621 		ubi_err(ubi, "read-only mode");
622 		return -EROFS;
623 	}
624 
625 	if (!ubi->bad_allowed)
626 		return 0;
627 
628 	err = mtd_block_markbad(mtd, (loff_t)pnum * ubi->peb_size);
629 	if (err)
630 		ubi_err(ubi, "cannot mark PEB %d bad, error %d", pnum, err);
631 	return err;
632 }
633 
634 /**
635  * validate_ec_hdr - validate an erase counter header.
636  * @ubi: UBI device description object
637  * @ec_hdr: the erase counter header to check
638  *
639  * This function returns zero if the erase counter header is OK, and %1 if
640  * not.
641  */
validate_ec_hdr(const struct ubi_device * ubi,const struct ubi_ec_hdr * ec_hdr)642 static int validate_ec_hdr(const struct ubi_device *ubi,
643 			   const struct ubi_ec_hdr *ec_hdr)
644 {
645 	long long ec;
646 	int vid_hdr_offset, leb_start;
647 
648 	ec = be64_to_cpu(ec_hdr->ec);
649 	vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset);
650 	leb_start = be32_to_cpu(ec_hdr->data_offset);
651 
652 	if (ec_hdr->version != UBI_VERSION) {
653 		ubi_err(ubi, "node with incompatible UBI version found: this UBI version is %d, image version is %d",
654 			UBI_VERSION, (int)ec_hdr->version);
655 		goto bad;
656 	}
657 
658 	if (vid_hdr_offset != ubi->vid_hdr_offset) {
659 		ubi_err(ubi, "bad VID header offset %d, expected %d",
660 			vid_hdr_offset, ubi->vid_hdr_offset);
661 		goto bad;
662 	}
663 
664 	if (leb_start != ubi->leb_start) {
665 		ubi_err(ubi, "bad data offset %d, expected %d",
666 			leb_start, ubi->leb_start);
667 		goto bad;
668 	}
669 
670 	if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) {
671 		ubi_err(ubi, "bad erase counter %lld", ec);
672 		goto bad;
673 	}
674 
675 	return 0;
676 
677 bad:
678 	ubi_err(ubi, "bad EC header");
679 	ubi_dump_ec_hdr(ec_hdr);
680 	dump_stack();
681 	return 1;
682 }
683 
684 /**
685  * ubi_io_read_ec_hdr - read and check an erase counter header.
686  * @ubi: UBI device description object
687  * @pnum: physical eraseblock to read from
688  * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter
689  * header
690  * @verbose: be verbose if the header is corrupted or was not found
691  *
692  * This function reads erase counter header from physical eraseblock @pnum and
693  * stores it in @ec_hdr. This function also checks CRC checksum of the read
694  * erase counter header. The following codes may be returned:
695  *
696  * o %0 if the CRC checksum is correct and the header was successfully read;
697  * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected
698  *   and corrected by the flash driver; this is harmless but may indicate that
699  *   this eraseblock may become bad soon (but may be not);
700  * o %UBI_IO_BAD_HDR if the erase counter header is corrupted (a CRC error);
701  * o %UBI_IO_BAD_HDR_EBADMSG is the same as %UBI_IO_BAD_HDR, but there also was
702  *   a data integrity error (uncorrectable ECC error in case of NAND);
703  * o %UBI_IO_FF if only 0xFF bytes were read (the PEB is supposedly empty)
704  * o a negative error code in case of failure.
705  */
ubi_io_read_ec_hdr(struct ubi_device * ubi,int pnum,struct ubi_ec_hdr * ec_hdr,int verbose)706 int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum,
707 		       struct ubi_ec_hdr *ec_hdr, int verbose)
708 {
709 	int err, read_err;
710 	uint32_t crc, magic, hdr_crc;
711 
712 	dbg_io("read EC header from PEB %d", pnum);
713 	ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
714 
715 	read_err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
716 	if (read_err) {
717 		if (read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
718 			return read_err;
719 
720 		/*
721 		 * We read all the data, but either a correctable bit-flip
722 		 * occurred, or MTD reported a data integrity error
723 		 * (uncorrectable ECC error in case of NAND). The former is
724 		 * harmless, the later may mean that the read data is
725 		 * corrupted. But we have a CRC check-sum and we will detect
726 		 * this. If the EC header is still OK, we just report this as
727 		 * there was a bit-flip, to force scrubbing.
728 		 */
729 	}
730 
731 	magic = be32_to_cpu(ec_hdr->magic);
732 	if (magic != UBI_EC_HDR_MAGIC) {
733 		if (mtd_is_eccerr(read_err))
734 			return UBI_IO_BAD_HDR_EBADMSG;
735 
736 		/*
737 		 * The magic field is wrong. Let's check if we have read all
738 		 * 0xFF. If yes, this physical eraseblock is assumed to be
739 		 * empty.
740 		 */
741 		if (ubi_check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) {
742 			/* The physical eraseblock is supposedly empty */
743 			if (verbose)
744 				ubi_warn(ubi, "no EC header found at PEB %d, only 0xFF bytes",
745 					 pnum);
746 			dbg_bld("no EC header found at PEB %d, only 0xFF bytes",
747 				pnum);
748 			if (!read_err)
749 				return UBI_IO_FF;
750 			else
751 				return UBI_IO_FF_BITFLIPS;
752 		}
753 
754 		/*
755 		 * This is not a valid erase counter header, and these are not
756 		 * 0xFF bytes. Report that the header is corrupted.
757 		 */
758 		if (verbose) {
759 			ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
760 				 pnum, magic, UBI_EC_HDR_MAGIC);
761 			ubi_dump_ec_hdr(ec_hdr);
762 		}
763 		dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
764 			pnum, magic, UBI_EC_HDR_MAGIC);
765 		return UBI_IO_BAD_HDR;
766 	}
767 
768 	crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
769 	hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
770 
771 	if (hdr_crc != crc) {
772 		if (verbose) {
773 			ubi_warn(ubi, "bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
774 				 pnum, crc, hdr_crc);
775 			ubi_dump_ec_hdr(ec_hdr);
776 		}
777 		dbg_bld("bad EC header CRC at PEB %d, calculated %#08x, read %#08x",
778 			pnum, crc, hdr_crc);
779 
780 		if (!read_err)
781 			return UBI_IO_BAD_HDR;
782 		else
783 			return UBI_IO_BAD_HDR_EBADMSG;
784 	}
785 
786 	/* And of course validate what has just been read from the media */
787 	err = validate_ec_hdr(ubi, ec_hdr);
788 	if (err) {
789 		ubi_err(ubi, "validation failed for PEB %d", pnum);
790 		return -EINVAL;
791 	}
792 
793 	/*
794 	 * If there was %-EBADMSG, but the header CRC is still OK, report about
795 	 * a bit-flip to force scrubbing on this PEB.
796 	 */
797 	if (read_err)
798 		return UBI_IO_BITFLIPS;
799 
800 	if (ubi_dbg_is_read_failure(ubi, MASK_READ_FAILURE_EC)) {
801 		ubi_warn(ubi, "cannot read EC header from PEB %d (emulated)",
802 			 pnum);
803 		return -EIO;
804 	}
805 
806 	if (ubi_dbg_is_ff(ubi, MASK_IO_FF_EC)) {
807 		ubi_warn(ubi, "bit-all-ff (emulated)");
808 		return UBI_IO_FF;
809 	}
810 
811 	if (ubi_dbg_is_ff_bitflips(ubi, MASK_IO_FF_BITFLIPS_EC)) {
812 		ubi_warn(ubi, "bit-all-ff with error reported by MTD driver (emulated)");
813 		return UBI_IO_FF_BITFLIPS;
814 	}
815 
816 	if (ubi_dbg_is_bad_hdr(ubi, MASK_BAD_HDR_EC)) {
817 		ubi_warn(ubi, "bad_hdr (emulated)");
818 		return UBI_IO_BAD_HDR;
819 	}
820 
821 	if (ubi_dbg_is_bad_hdr_ebadmsg(ubi, MASK_BAD_HDR_EBADMSG_EC)) {
822 		ubi_warn(ubi, "bad_hdr with ECC error (emulated)");
823 		return UBI_IO_BAD_HDR_EBADMSG;
824 	}
825 
826 	return 0;
827 }
828 
829 /**
830  * ubi_io_write_ec_hdr - write an erase counter header.
831  * @ubi: UBI device description object
832  * @pnum: physical eraseblock to write to
833  * @ec_hdr: the erase counter header to write
834  *
835  * This function writes erase counter header described by @ec_hdr to physical
836  * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so
837  * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec
838  * field.
839  *
840  * This function returns zero in case of success and a negative error code in
841  * case of failure. If %-EIO is returned, the physical eraseblock most probably
842  * went bad.
843  */
ubi_io_write_ec_hdr(struct ubi_device * ubi,int pnum,struct ubi_ec_hdr * ec_hdr)844 int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum,
845 			struct ubi_ec_hdr *ec_hdr)
846 {
847 	int err;
848 	uint32_t crc;
849 
850 	dbg_io("write EC header to PEB %d", pnum);
851 	ubi_assert(pnum >= 0 &&  pnum < ubi->peb_count);
852 
853 	ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC);
854 	ec_hdr->version = UBI_VERSION;
855 	ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset);
856 	ec_hdr->data_offset = cpu_to_be32(ubi->leb_start);
857 	ec_hdr->image_seq = cpu_to_be32(ubi->image_seq);
858 	crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
859 	ec_hdr->hdr_crc = cpu_to_be32(crc);
860 
861 	err = self_check_ec_hdr(ubi, pnum, ec_hdr);
862 	if (err)
863 		return err;
864 
865 	if (ubi_dbg_is_power_cut(ubi, MASK_POWER_CUT_EC)) {
866 		ubi_warn(ubi, "emulating a power cut when writing EC header");
867 		ubi_ro_mode(ubi);
868 		return -EROFS;
869 	}
870 
871 	err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize);
872 	return err;
873 }
874 
875 /**
876  * validate_vid_hdr - validate a volume identifier header.
877  * @ubi: UBI device description object
878  * @vid_hdr: the volume identifier header to check
879  *
880  * This function checks that data stored in the volume identifier header
881  * @vid_hdr. Returns zero if the VID header is OK and %1 if not.
882  */
validate_vid_hdr(const struct ubi_device * ubi,const struct ubi_vid_hdr * vid_hdr)883 static int validate_vid_hdr(const struct ubi_device *ubi,
884 			    const struct ubi_vid_hdr *vid_hdr)
885 {
886 	int vol_type = vid_hdr->vol_type;
887 	int copy_flag = vid_hdr->copy_flag;
888 	int vol_id = be32_to_cpu(vid_hdr->vol_id);
889 	int lnum = be32_to_cpu(vid_hdr->lnum);
890 	int compat = vid_hdr->compat;
891 	int data_size = be32_to_cpu(vid_hdr->data_size);
892 	int used_ebs = be32_to_cpu(vid_hdr->used_ebs);
893 	int data_pad = be32_to_cpu(vid_hdr->data_pad);
894 	int data_crc = be32_to_cpu(vid_hdr->data_crc);
895 	int usable_leb_size = ubi->leb_size - data_pad;
896 
897 	if (copy_flag != 0 && copy_flag != 1) {
898 		ubi_err(ubi, "bad copy_flag");
899 		goto bad;
900 	}
901 
902 	if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 ||
903 	    data_pad < 0) {
904 		ubi_err(ubi, "negative values");
905 		goto bad;
906 	}
907 
908 	if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) {
909 		ubi_err(ubi, "bad vol_id");
910 		goto bad;
911 	}
912 
913 	if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) {
914 		ubi_err(ubi, "bad compat");
915 		goto bad;
916 	}
917 
918 	if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE &&
919 	    compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE &&
920 	    compat != UBI_COMPAT_REJECT) {
921 		ubi_err(ubi, "bad compat");
922 		goto bad;
923 	}
924 
925 	if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) {
926 		ubi_err(ubi, "bad vol_type");
927 		goto bad;
928 	}
929 
930 	if (data_pad >= ubi->leb_size / 2) {
931 		ubi_err(ubi, "bad data_pad");
932 		goto bad;
933 	}
934 
935 	if (data_size > ubi->leb_size) {
936 		ubi_err(ubi, "bad data_size");
937 		goto bad;
938 	}
939 
940 	if (vol_type == UBI_VID_STATIC) {
941 		/*
942 		 * Although from high-level point of view static volumes may
943 		 * contain zero bytes of data, but no VID headers can contain
944 		 * zero at these fields, because they empty volumes do not have
945 		 * mapped logical eraseblocks.
946 		 */
947 		if (used_ebs == 0) {
948 			ubi_err(ubi, "zero used_ebs");
949 			goto bad;
950 		}
951 		if (data_size == 0) {
952 			ubi_err(ubi, "zero data_size");
953 			goto bad;
954 		}
955 		if (lnum < used_ebs - 1) {
956 			if (data_size != usable_leb_size) {
957 				ubi_err(ubi, "bad data_size");
958 				goto bad;
959 			}
960 		} else if (lnum > used_ebs - 1) {
961 			ubi_err(ubi, "too high lnum");
962 			goto bad;
963 		}
964 	} else {
965 		if (copy_flag == 0) {
966 			if (data_crc != 0) {
967 				ubi_err(ubi, "non-zero data CRC");
968 				goto bad;
969 			}
970 			if (data_size != 0) {
971 				ubi_err(ubi, "non-zero data_size");
972 				goto bad;
973 			}
974 		} else {
975 			if (data_size == 0) {
976 				ubi_err(ubi, "zero data_size of copy");
977 				goto bad;
978 			}
979 		}
980 		if (used_ebs != 0) {
981 			ubi_err(ubi, "bad used_ebs");
982 			goto bad;
983 		}
984 	}
985 
986 	return 0;
987 
988 bad:
989 	ubi_err(ubi, "bad VID header");
990 	ubi_dump_vid_hdr(vid_hdr);
991 	dump_stack();
992 	return 1;
993 }
994 
995 /**
996  * ubi_io_read_vid_hdr - read and check a volume identifier header.
997  * @ubi: UBI device description object
998  * @pnum: physical eraseblock number to read from
999  * @vidb: the volume identifier buffer to store data in
1000  * @verbose: be verbose if the header is corrupted or wasn't found
1001  *
1002  * This function reads the volume identifier header from physical eraseblock
1003  * @pnum and stores it in @vidb. It also checks CRC checksum of the read
1004  * volume identifier header. The error codes are the same as in
1005  * 'ubi_io_read_ec_hdr()'.
1006  *
1007  * Note, the implementation of this function is also very similar to
1008  * 'ubi_io_read_ec_hdr()', so refer commentaries in 'ubi_io_read_ec_hdr()'.
1009  */
ubi_io_read_vid_hdr(struct ubi_device * ubi,int pnum,struct ubi_vid_io_buf * vidb,int verbose)1010 int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum,
1011 			struct ubi_vid_io_buf *vidb, int verbose)
1012 {
1013 	int err, read_err;
1014 	uint32_t crc, magic, hdr_crc;
1015 	struct ubi_vid_hdr *vid_hdr = ubi_get_vid_hdr(vidb);
1016 	void *p = vidb->buffer;
1017 
1018 	dbg_io("read VID header from PEB %d", pnum);
1019 	ubi_assert(pnum >= 0 &&  pnum < ubi->peb_count);
1020 
1021 	read_err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1022 			  ubi->vid_hdr_shift + UBI_VID_HDR_SIZE);
1023 	if (read_err && read_err != UBI_IO_BITFLIPS && !mtd_is_eccerr(read_err))
1024 		return read_err;
1025 
1026 	magic = be32_to_cpu(vid_hdr->magic);
1027 	if (magic != UBI_VID_HDR_MAGIC) {
1028 		if (mtd_is_eccerr(read_err))
1029 			return UBI_IO_BAD_HDR_EBADMSG;
1030 
1031 		if (ubi_check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) {
1032 			if (verbose)
1033 				ubi_warn(ubi, "no VID header found at PEB %d, only 0xFF bytes",
1034 					 pnum);
1035 			dbg_bld("no VID header found at PEB %d, only 0xFF bytes",
1036 				pnum);
1037 			if (!read_err)
1038 				return UBI_IO_FF;
1039 			else
1040 				return UBI_IO_FF_BITFLIPS;
1041 		}
1042 
1043 		if (verbose) {
1044 			ubi_warn(ubi, "bad magic number at PEB %d: %08x instead of %08x",
1045 				 pnum, magic, UBI_VID_HDR_MAGIC);
1046 			ubi_dump_vid_hdr(vid_hdr);
1047 		}
1048 		dbg_bld("bad magic number at PEB %d: %08x instead of %08x",
1049 			pnum, magic, UBI_VID_HDR_MAGIC);
1050 		return UBI_IO_BAD_HDR;
1051 	}
1052 
1053 	crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1054 	hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1055 
1056 	if (hdr_crc != crc) {
1057 		if (verbose) {
1058 			ubi_warn(ubi, "bad CRC at PEB %d, calculated %#08x, read %#08x",
1059 				 pnum, crc, hdr_crc);
1060 			ubi_dump_vid_hdr(vid_hdr);
1061 		}
1062 		dbg_bld("bad CRC at PEB %d, calculated %#08x, read %#08x",
1063 			pnum, crc, hdr_crc);
1064 		if (!read_err)
1065 			return UBI_IO_BAD_HDR;
1066 		else
1067 			return UBI_IO_BAD_HDR_EBADMSG;
1068 	}
1069 
1070 	err = validate_vid_hdr(ubi, vid_hdr);
1071 	if (err) {
1072 		ubi_err(ubi, "validation failed for PEB %d", pnum);
1073 		return -EINVAL;
1074 	}
1075 
1076 	if (read_err)
1077 		return UBI_IO_BITFLIPS;
1078 
1079 	if (ubi_dbg_is_read_failure(ubi, MASK_READ_FAILURE_VID)) {
1080 		ubi_warn(ubi, "cannot read VID header from PEB %d (emulated)",
1081 			 pnum);
1082 		return -EIO;
1083 	}
1084 
1085 	if (ubi_dbg_is_ff(ubi, MASK_IO_FF_VID)) {
1086 		ubi_warn(ubi, "bit-all-ff (emulated)");
1087 		return UBI_IO_FF;
1088 	}
1089 
1090 	if (ubi_dbg_is_ff_bitflips(ubi, MASK_IO_FF_BITFLIPS_VID)) {
1091 		ubi_warn(ubi, "bit-all-ff with error reported by MTD driver (emulated)");
1092 		return UBI_IO_FF_BITFLIPS;
1093 	}
1094 
1095 	if (ubi_dbg_is_bad_hdr(ubi, MASK_BAD_HDR_VID)) {
1096 		ubi_warn(ubi, "bad_hdr (emulated)");
1097 		return UBI_IO_BAD_HDR;
1098 	}
1099 
1100 	if (ubi_dbg_is_bad_hdr_ebadmsg(ubi, MASK_BAD_HDR_EBADMSG_VID)) {
1101 		ubi_warn(ubi, "bad_hdr with ECC error (emulated)");
1102 		return UBI_IO_BAD_HDR_EBADMSG;
1103 	}
1104 
1105 	return 0;
1106 }
1107 
1108 /**
1109  * ubi_io_write_vid_hdr - write a volume identifier header.
1110  * @ubi: UBI device description object
1111  * @pnum: the physical eraseblock number to write to
1112  * @vidb: the volume identifier buffer to write
1113  *
1114  * This function writes the volume identifier header described by @vid_hdr to
1115  * physical eraseblock @pnum. This function automatically fills the
1116  * @vidb->hdr->magic and the @vidb->hdr->version fields, as well as calculates
1117  * header CRC checksum and stores it at vidb->hdr->hdr_crc.
1118  *
1119  * This function returns zero in case of success and a negative error code in
1120  * case of failure. If %-EIO is returned, the physical eraseblock probably went
1121  * bad.
1122  */
ubi_io_write_vid_hdr(struct ubi_device * ubi,int pnum,struct ubi_vid_io_buf * vidb)1123 int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum,
1124 			 struct ubi_vid_io_buf *vidb)
1125 {
1126 	struct ubi_vid_hdr *vid_hdr = ubi_get_vid_hdr(vidb);
1127 	int err;
1128 	uint32_t crc;
1129 	void *p = vidb->buffer;
1130 
1131 	dbg_io("write VID header to PEB %d", pnum);
1132 	ubi_assert(pnum >= 0 &&  pnum < ubi->peb_count);
1133 
1134 	err = self_check_peb_ec_hdr(ubi, pnum);
1135 	if (err)
1136 		return err;
1137 
1138 	vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC);
1139 	vid_hdr->version = UBI_VERSION;
1140 	crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1141 	vid_hdr->hdr_crc = cpu_to_be32(crc);
1142 
1143 	err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1144 	if (err)
1145 		return err;
1146 
1147 	if (ubi_dbg_is_power_cut(ubi, MASK_POWER_CUT_VID)) {
1148 		ubi_warn(ubi, "emulating a power cut when writing VID header");
1149 		ubi_ro_mode(ubi);
1150 		return -EROFS;
1151 	}
1152 
1153 	err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset,
1154 			   ubi->vid_hdr_alsize);
1155 	return err;
1156 }
1157 
1158 /**
1159  * self_check_not_bad - ensure that a physical eraseblock is not bad.
1160  * @ubi: UBI device description object
1161  * @pnum: physical eraseblock number to check
1162  *
1163  * This function returns zero if the physical eraseblock is good, %-EINVAL if
1164  * it is bad and a negative error code if an error occurred.
1165  */
self_check_not_bad(const struct ubi_device * ubi,int pnum)1166 static int self_check_not_bad(const struct ubi_device *ubi, int pnum)
1167 {
1168 	int err;
1169 
1170 	if (!ubi_dbg_chk_io(ubi))
1171 		return 0;
1172 
1173 	err = ubi_io_is_bad(ubi, pnum);
1174 	if (!err)
1175 		return err;
1176 
1177 	ubi_err(ubi, "self-check failed for PEB %d", pnum);
1178 	dump_stack();
1179 	return err > 0 ? -EINVAL : err;
1180 }
1181 
1182 /**
1183  * self_check_ec_hdr - check if an erase counter header is all right.
1184  * @ubi: UBI device description object
1185  * @pnum: physical eraseblock number the erase counter header belongs to
1186  * @ec_hdr: the erase counter header to check
1187  *
1188  * This function returns zero if the erase counter header contains valid
1189  * values, and %-EINVAL if not.
1190  */
self_check_ec_hdr(const struct ubi_device * ubi,int pnum,const struct ubi_ec_hdr * ec_hdr)1191 static int self_check_ec_hdr(const struct ubi_device *ubi, int pnum,
1192 			     const struct ubi_ec_hdr *ec_hdr)
1193 {
1194 	int err;
1195 	uint32_t magic;
1196 
1197 	if (!ubi_dbg_chk_io(ubi))
1198 		return 0;
1199 
1200 	magic = be32_to_cpu(ec_hdr->magic);
1201 	if (magic != UBI_EC_HDR_MAGIC) {
1202 		ubi_err(ubi, "bad magic %#08x, must be %#08x",
1203 			magic, UBI_EC_HDR_MAGIC);
1204 		goto fail;
1205 	}
1206 
1207 	err = validate_ec_hdr(ubi, ec_hdr);
1208 	if (err) {
1209 		ubi_err(ubi, "self-check failed for PEB %d", pnum);
1210 		goto fail;
1211 	}
1212 
1213 	return 0;
1214 
1215 fail:
1216 	ubi_dump_ec_hdr(ec_hdr);
1217 	dump_stack();
1218 	return -EINVAL;
1219 }
1220 
1221 /**
1222  * self_check_peb_ec_hdr - check erase counter header.
1223  * @ubi: UBI device description object
1224  * @pnum: the physical eraseblock number to check
1225  *
1226  * This function returns zero if the erase counter header is all right and
1227  * a negative error code if not or if an error occurred.
1228  */
self_check_peb_ec_hdr(const struct ubi_device * ubi,int pnum)1229 static int self_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum)
1230 {
1231 	int err;
1232 	uint32_t crc, hdr_crc;
1233 	struct ubi_ec_hdr *ec_hdr;
1234 
1235 	if (!ubi_dbg_chk_io(ubi))
1236 		return 0;
1237 
1238 	ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS);
1239 	if (!ec_hdr)
1240 		return -ENOMEM;
1241 
1242 	err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
1243 	if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1244 		goto exit;
1245 
1246 	crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
1247 	hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
1248 	if (hdr_crc != crc) {
1249 		ubi_err(ubi, "bad CRC, calculated %#08x, read %#08x",
1250 			crc, hdr_crc);
1251 		ubi_err(ubi, "self-check failed for PEB %d", pnum);
1252 		ubi_dump_ec_hdr(ec_hdr);
1253 		dump_stack();
1254 		err = -EINVAL;
1255 		goto exit;
1256 	}
1257 
1258 	err = self_check_ec_hdr(ubi, pnum, ec_hdr);
1259 
1260 exit:
1261 	kfree(ec_hdr);
1262 	return err;
1263 }
1264 
1265 /**
1266  * self_check_vid_hdr - check that a volume identifier header is all right.
1267  * @ubi: UBI device description object
1268  * @pnum: physical eraseblock number the volume identifier header belongs to
1269  * @vid_hdr: the volume identifier header to check
1270  *
1271  * This function returns zero if the volume identifier header is all right, and
1272  * %-EINVAL if not.
1273  */
self_check_vid_hdr(const struct ubi_device * ubi,int pnum,const struct ubi_vid_hdr * vid_hdr)1274 static int self_check_vid_hdr(const struct ubi_device *ubi, int pnum,
1275 			      const struct ubi_vid_hdr *vid_hdr)
1276 {
1277 	int err;
1278 	uint32_t magic;
1279 
1280 	if (!ubi_dbg_chk_io(ubi))
1281 		return 0;
1282 
1283 	magic = be32_to_cpu(vid_hdr->magic);
1284 	if (magic != UBI_VID_HDR_MAGIC) {
1285 		ubi_err(ubi, "bad VID header magic %#08x at PEB %d, must be %#08x",
1286 			magic, pnum, UBI_VID_HDR_MAGIC);
1287 		goto fail;
1288 	}
1289 
1290 	err = validate_vid_hdr(ubi, vid_hdr);
1291 	if (err) {
1292 		ubi_err(ubi, "self-check failed for PEB %d", pnum);
1293 		goto fail;
1294 	}
1295 
1296 	return err;
1297 
1298 fail:
1299 	ubi_err(ubi, "self-check failed for PEB %d", pnum);
1300 	ubi_dump_vid_hdr(vid_hdr);
1301 	dump_stack();
1302 	return -EINVAL;
1303 
1304 }
1305 
1306 /**
1307  * self_check_peb_vid_hdr - check volume identifier header.
1308  * @ubi: UBI device description object
1309  * @pnum: the physical eraseblock number to check
1310  *
1311  * This function returns zero if the volume identifier header is all right,
1312  * and a negative error code if not or if an error occurred.
1313  */
self_check_peb_vid_hdr(const struct ubi_device * ubi,int pnum)1314 static int self_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum)
1315 {
1316 	int err;
1317 	uint32_t crc, hdr_crc;
1318 	struct ubi_vid_io_buf *vidb;
1319 	struct ubi_vid_hdr *vid_hdr;
1320 	void *p;
1321 
1322 	if (!ubi_dbg_chk_io(ubi))
1323 		return 0;
1324 
1325 	vidb = ubi_alloc_vid_buf(ubi, GFP_NOFS);
1326 	if (!vidb)
1327 		return -ENOMEM;
1328 
1329 	vid_hdr = ubi_get_vid_hdr(vidb);
1330 	p = vidb->buffer;
1331 	err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1332 			  ubi->vid_hdr_alsize);
1333 	if (err && err != UBI_IO_BITFLIPS && !mtd_is_eccerr(err))
1334 		goto exit;
1335 
1336 	crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1337 	hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1338 	if (hdr_crc != crc) {
1339 		ubi_err(ubi, "bad VID header CRC at PEB %d, calculated %#08x, read %#08x",
1340 			pnum, crc, hdr_crc);
1341 		ubi_err(ubi, "self-check failed for PEB %d", pnum);
1342 		ubi_dump_vid_hdr(vid_hdr);
1343 		dump_stack();
1344 		err = -EINVAL;
1345 		goto exit;
1346 	}
1347 
1348 	err = self_check_vid_hdr(ubi, pnum, vid_hdr);
1349 
1350 exit:
1351 	ubi_free_vid_buf(vidb);
1352 	return err;
1353 }
1354 
1355 /**
1356  * self_check_write - make sure write succeeded.
1357  * @ubi: UBI device description object
1358  * @buf: buffer with data which were written
1359  * @pnum: physical eraseblock number the data were written to
1360  * @offset: offset within the physical eraseblock the data were written to
1361  * @len: how many bytes were written
1362  *
1363  * This functions reads data which were recently written and compares it with
1364  * the original data buffer - the data have to match. Returns zero if the data
1365  * match and a negative error code if not or in case of failure.
1366  */
self_check_write(struct ubi_device * ubi,const void * buf,int pnum,int offset,int len)1367 static int self_check_write(struct ubi_device *ubi, const void *buf, int pnum,
1368 			    int offset, int len)
1369 {
1370 	int err, i;
1371 	size_t read;
1372 	void *buf1;
1373 	loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1374 
1375 	if (!ubi_dbg_chk_io(ubi))
1376 		return 0;
1377 
1378 	buf1 = __vmalloc(len, GFP_NOFS);
1379 	if (!buf1) {
1380 		ubi_err(ubi, "cannot allocate memory to check writes");
1381 		return 0;
1382 	}
1383 
1384 	err = mtd_read(ubi->mtd, addr, len, &read, buf1);
1385 	if (err && !mtd_is_bitflip(err))
1386 		goto out_free;
1387 
1388 	for (i = 0; i < len; i++) {
1389 		uint8_t c = ((uint8_t *)buf)[i];
1390 		uint8_t c1 = ((uint8_t *)buf1)[i];
1391 		int dump_len;
1392 
1393 		if (c == c1)
1394 			continue;
1395 
1396 		ubi_err(ubi, "self-check failed for PEB %d:%d, len %d",
1397 			pnum, offset, len);
1398 		ubi_msg(ubi, "data differ at position %d", i);
1399 		dump_len = max_t(int, 128, len - i);
1400 		ubi_msg(ubi, "hex dump of the original buffer from %d to %d",
1401 			i, i + dump_len);
1402 		print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1403 			       buf + i, dump_len, 1);
1404 		ubi_msg(ubi, "hex dump of the read buffer from %d to %d",
1405 			i, i + dump_len);
1406 		print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1407 			       buf1 + i, dump_len, 1);
1408 		dump_stack();
1409 		err = -EINVAL;
1410 		goto out_free;
1411 	}
1412 
1413 	vfree(buf1);
1414 	return 0;
1415 
1416 out_free:
1417 	vfree(buf1);
1418 	return err;
1419 }
1420 
1421 /**
1422  * ubi_self_check_all_ff - check that a region of flash is empty.
1423  * @ubi: UBI device description object
1424  * @pnum: the physical eraseblock number to check
1425  * @offset: the starting offset within the physical eraseblock to check
1426  * @len: the length of the region to check
1427  *
1428  * This function returns zero if only 0xFF bytes are present at offset
1429  * @offset of the physical eraseblock @pnum, and a negative error code if not
1430  * or if an error occurred.
1431  */
ubi_self_check_all_ff(struct ubi_device * ubi,int pnum,int offset,int len)1432 int ubi_self_check_all_ff(struct ubi_device *ubi, int pnum, int offset, int len)
1433 {
1434 	size_t read;
1435 	int err;
1436 	void *buf;
1437 	loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1438 
1439 	if (!ubi_dbg_chk_io(ubi))
1440 		return 0;
1441 
1442 	buf = __vmalloc(len, GFP_NOFS);
1443 	if (!buf) {
1444 		ubi_err(ubi, "cannot allocate memory to check for 0xFFs");
1445 		return 0;
1446 	}
1447 
1448 	err = mtd_read(ubi->mtd, addr, len, &read, buf);
1449 	if (err && !mtd_is_bitflip(err)) {
1450 		ubi_err(ubi, "err %d while reading %d bytes from PEB %d:%d, read %zd bytes",
1451 			err, len, pnum, offset, read);
1452 		goto error;
1453 	}
1454 
1455 	err = ubi_check_pattern(buf, 0xFF, len);
1456 	if (err == 0) {
1457 		ubi_err(ubi, "flash region at PEB %d:%d, length %d does not contain all 0xFF bytes",
1458 			pnum, offset, len);
1459 		goto fail;
1460 	}
1461 
1462 	vfree(buf);
1463 	return 0;
1464 
1465 fail:
1466 	ubi_err(ubi, "self-check failed for PEB %d", pnum);
1467 	ubi_msg(ubi, "hex dump of the %d-%d region", offset, offset + len);
1468 	print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1, buf, len, 1);
1469 	err = -EINVAL;
1470 error:
1471 	dump_stack();
1472 	vfree(buf);
1473 	return err;
1474 }
1475