2 * Copyright (c) International Business Machines Corp., 2006
3 * Copyright (c) Nokia Corporation, 2006, 2007
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
13 * the GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 * Author: Artem Bityutskiy (Битюцкий Артём)
23 * UBI input/output sub-system.
25 * This sub-system provides a uniform way to work with all kinds of the
26 * underlying MTD devices. It also implements handy functions for reading and
27 * writing UBI headers.
29 * We are trying to have a paranoid mindset and not to trust to what we read
30 * from the flash media in order to be more secure and robust. So this
31 * sub-system validates every single header it reads from the flash media.
33 * Some words about how the eraseblock headers are stored.
35 * The erase counter header is always stored at offset zero. By default, the
36 * VID header is stored after the EC header at the closest aligned offset
37 * (i.e. aligned to the minimum I/O unit size). Data starts next to the VID
38 * header at the closest aligned offset. But this default layout may be
39 * changed. For example, for different reasons (e.g., optimization) UBI may be
40 * asked to put the VID header at further offset, and even at an unaligned
41 * offset. Of course, if the offset of the VID header is unaligned, UBI adds
42 * proper padding in front of it. Data offset may also be changed but it has to
45 * About minimal I/O units. In general, UBI assumes flash device model where
46 * there is only one minimal I/O unit size. E.g., in case of NOR flash it is 1,
47 * in case of NAND flash it is a NAND page, etc. This is reported by MTD in the
48 * @ubi->mtd->writesize field. But as an exception, UBI admits of using another
49 * (smaller) minimal I/O unit size for EC and VID headers to make it possible
50 * to do different optimizations.
52 * This is extremely useful in case of NAND flashes which admit of several
53 * write operations to one NAND page. In this case UBI can fit EC and VID
54 * headers at one NAND page. Thus, UBI may use "sub-page" size as the minimal
55 * I/O unit for the headers (the @ubi->hdrs_min_io_size field). But it still
56 * reports NAND page size (@ubi->min_io_size) as a minimal I/O unit for the UBI
59 * Example: some Samsung NANDs with 2KiB pages allow 4x 512-byte writes, so
60 * although the minimal I/O unit is 2K, UBI uses 512 bytes for EC and VID
63 * Q: why not just to treat sub-page as a minimal I/O unit of this flash
64 * device, e.g., make @ubi->min_io_size = 512 in the example above?
66 * A: because when writing a sub-page, MTD still writes a full 2K page but the
67 * bytes which are no relevant to the sub-page are 0xFF. So, basically, writing
68 * 4x512 sub-pages is 4 times slower then writing one 2KiB NAND page. Thus, we
69 * prefer to use sub-pages only for EV and VID headers.
71 * As it was noted above, the VID header may start at a non-aligned offset.
72 * For example, in case of a 2KiB page NAND flash with a 512 bytes sub-page,
73 * the VID header may reside at offset 1984 which is the last 64 bytes of the
74 * last sub-page (EC header is always at offset zero). This causes some
75 * difficulties when reading and writing VID headers.
77 * Suppose we have a 64-byte buffer and we read a VID header at it. We change
78 * the data and want to write this VID header out. As we can only write in
79 * 512-byte chunks, we have to allocate one more buffer and copy our VID header
80 * to offset 448 of this buffer.
82 * The I/O sub-system does the following trick in order to avoid this extra
83 * copy. It always allocates a @ubi->vid_hdr_alsize bytes buffer for the VID
84 * header and returns a pointer to offset @ubi->vid_hdr_shift of this buffer.
85 * When the VID header is being written out, it shifts the VID header pointer
86 * back and writes the whole sub-page.
89 #include <linux/crc32.h>
90 #include <linux/err.h>
93 #ifdef CONFIG_MTD_UBI_DEBUG_PARANOID
94 static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum);
95 static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum);
96 static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum,
97 const struct ubi_ec_hdr *ec_hdr);
98 static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum);
99 static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum,
100 const struct ubi_vid_hdr *vid_hdr);
101 static int paranoid_check_all_ff(struct ubi_device *ubi, int pnum, int offset,
103 static int paranoid_check_empty(struct ubi_device *ubi, int pnum);
105 #define paranoid_check_not_bad(ubi, pnum) 0
106 #define paranoid_check_peb_ec_hdr(ubi, pnum) 0
107 #define paranoid_check_ec_hdr(ubi, pnum, ec_hdr) 0
108 #define paranoid_check_peb_vid_hdr(ubi, pnum) 0
109 #define paranoid_check_vid_hdr(ubi, pnum, vid_hdr) 0
110 #define paranoid_check_all_ff(ubi, pnum, offset, len) 0
111 #define paranoid_check_empty(ubi, pnum) 0
115 * ubi_io_read - read data from a physical eraseblock.
116 * @ubi: UBI device description object
117 * @buf: buffer where to store the read data
118 * @pnum: physical eraseblock number to read from
119 * @offset: offset within the physical eraseblock from where to read
120 * @len: how many bytes to read
122 * This function reads data from offset @offset of physical eraseblock @pnum
123 * and stores the read data in the @buf buffer. The following return codes are
126 * o %0 if all the requested data were successfully read;
127 * o %UBI_IO_BITFLIPS if all the requested data were successfully read, but
128 * correctable bit-flips were detected; this is harmless but may indicate
129 * that this eraseblock may become bad soon (but do not have to);
130 * o %-EBADMSG if the MTD subsystem reported about data integrity problems, for
131 * example it can be an ECC error in case of NAND; this most probably means
132 * that the data is corrupted;
133 * o %-EIO if some I/O error occurred;
134 * o other negative error codes in case of other errors.
136 int ubi_io_read(const struct ubi_device *ubi, void *buf, int pnum, int offset,
139 int err, retries = 0;
143 dbg_io("read %d bytes from PEB %d:%d", len, pnum, offset);
145 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
146 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
149 err = paranoid_check_not_bad(ubi, pnum);
151 return err > 0 ? -EINVAL : err;
153 addr = (loff_t)pnum * ubi->peb_size + offset;
155 err = ubi->mtd->read(ubi->mtd, addr, len, &read, buf);
157 if (err == -EUCLEAN) {
159 * -EUCLEAN is reported if there was a bit-flip which
160 * was corrected, so this is harmless.
162 * We do not report about it here unless debugging is
163 * enabled. A corresponding message will be printed
164 * later, when it is has been scrubbed.
166 dbg_msg("fixable bit-flip detected at PEB %d", pnum);
167 ubi_assert(len == read);
168 return UBI_IO_BITFLIPS;
171 if (read != len && retries++ < UBI_IO_RETRIES) {
172 dbg_io("error %d while reading %d bytes from PEB %d:%d,"
173 " read only %zd bytes, retry",
174 err, len, pnum, offset, read);
179 ubi_err("error %d while reading %d bytes from PEB %d:%d, "
180 "read %zd bytes", err, len, pnum, offset, read);
181 ubi_dbg_dump_stack();
184 * The driver should never return -EBADMSG if it failed to read
185 * all the requested data. But some buggy drivers might do
186 * this, so we change it to -EIO.
188 if (read != len && err == -EBADMSG) {
193 ubi_assert(len == read);
195 if (ubi_dbg_is_bitflip()) {
196 dbg_gen("bit-flip (emulated)");
197 err = UBI_IO_BITFLIPS;
205 * ubi_io_write - write data to a physical eraseblock.
206 * @ubi: UBI device description object
207 * @buf: buffer with the data to write
208 * @pnum: physical eraseblock number to write to
209 * @offset: offset within the physical eraseblock where to write
210 * @len: how many bytes to write
212 * This function writes @len bytes of data from buffer @buf to offset @offset
213 * of physical eraseblock @pnum. If all the data were successfully written,
214 * zero is returned. If an error occurred, this function returns a negative
215 * error code. If %-EIO is returned, the physical eraseblock most probably went
218 * Note, in case of an error, it is possible that something was still written
219 * to the flash media, but may be some garbage.
221 int ubi_io_write(struct ubi_device *ubi, const void *buf, int pnum, int offset,
228 dbg_io("write %d bytes to PEB %d:%d", len, pnum, offset);
230 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
231 ubi_assert(offset >= 0 && offset + len <= ubi->peb_size);
232 ubi_assert(offset % ubi->hdrs_min_io_size == 0);
233 ubi_assert(len > 0 && len % ubi->hdrs_min_io_size == 0);
236 ubi_err("read-only mode");
240 /* The below has to be compiled out if paranoid checks are disabled */
242 err = paranoid_check_not_bad(ubi, pnum);
244 return err > 0 ? -EINVAL : err;
246 /* The area we are writing to has to contain all 0xFF bytes */
247 err = paranoid_check_all_ff(ubi, pnum, offset, len);
249 return err > 0 ? -EINVAL : err;
251 if (offset >= ubi->leb_start) {
253 * We write to the data area of the physical eraseblock. Make
254 * sure it has valid EC and VID headers.
256 err = paranoid_check_peb_ec_hdr(ubi, pnum);
258 return err > 0 ? -EINVAL : err;
259 err = paranoid_check_peb_vid_hdr(ubi, pnum);
261 return err > 0 ? -EINVAL : err;
264 if (ubi_dbg_is_write_failure()) {
265 dbg_err("cannot write %d bytes to PEB %d:%d "
266 "(emulated)", len, pnum, offset);
267 ubi_dbg_dump_stack();
271 addr = (loff_t)pnum * ubi->peb_size + offset;
272 err = ubi->mtd->write(ubi->mtd, addr, len, &written, buf);
274 ubi_err("error %d while writing %d bytes to PEB %d:%d, written"
275 " %zd bytes", err, len, pnum, offset, written);
276 ubi_dbg_dump_stack();
278 ubi_assert(written == len);
284 * erase_callback - MTD erasure call-back.
285 * @ei: MTD erase information object.
287 * Note, even though MTD erase interface is asynchronous, all the current
288 * implementations are synchronous anyway.
290 static void erase_callback(struct erase_info *ei)
292 wake_up_interruptible((wait_queue_head_t *)ei->priv);
296 * do_sync_erase - synchronously erase a physical eraseblock.
297 * @ubi: UBI device description object
298 * @pnum: the physical eraseblock number to erase
300 * This function synchronously erases physical eraseblock @pnum and returns
301 * zero in case of success and a negative error code in case of failure. If
302 * %-EIO is returned, the physical eraseblock most probably went bad.
304 static int do_sync_erase(struct ubi_device *ubi, int pnum)
306 int err, retries = 0;
307 struct erase_info ei;
308 wait_queue_head_t wq;
310 dbg_io("erase PEB %d", pnum);
313 init_waitqueue_head(&wq);
314 memset(&ei, 0, sizeof(struct erase_info));
317 ei.addr = (loff_t)pnum * ubi->peb_size;
318 ei.len = ubi->peb_size;
319 ei.callback = erase_callback;
320 ei.priv = (unsigned long)&wq;
322 err = ubi->mtd->erase(ubi->mtd, &ei);
324 if (retries++ < UBI_IO_RETRIES) {
325 dbg_io("error %d while erasing PEB %d, retry",
330 ubi_err("cannot erase PEB %d, error %d", pnum, err);
331 ubi_dbg_dump_stack();
335 err = wait_event_interruptible(wq, ei.state == MTD_ERASE_DONE ||
336 ei.state == MTD_ERASE_FAILED);
338 ubi_err("interrupted PEB %d erasure", pnum);
342 if (ei.state == MTD_ERASE_FAILED) {
343 if (retries++ < UBI_IO_RETRIES) {
344 dbg_io("error while erasing PEB %d, retry", pnum);
348 ubi_err("cannot erase PEB %d", pnum);
349 ubi_dbg_dump_stack();
353 err = paranoid_check_all_ff(ubi, pnum, 0, ubi->peb_size);
355 return err > 0 ? -EINVAL : err;
357 if (ubi_dbg_is_erase_failure() && !err) {
358 dbg_err("cannot erase PEB %d (emulated)", pnum);
366 * check_pattern - check if buffer contains only a certain byte pattern.
367 * @buf: buffer to check
368 * @patt: the pattern to check
369 * @size: buffer size in bytes
371 * This function returns %1 in there are only @patt bytes in @buf, and %0 if
372 * something else was also found.
374 static int check_pattern(const void *buf, uint8_t patt, int size)
378 for (i = 0; i < size; i++)
379 if (((const uint8_t *)buf)[i] != patt)
384 /* Patterns to write to a physical eraseblock when torturing it */
385 static uint8_t patterns[] = {0xa5, 0x5a, 0x0};
388 * torture_peb - test a supposedly bad physical eraseblock.
389 * @ubi: UBI device description object
390 * @pnum: the physical eraseblock number to test
392 * This function returns %-EIO if the physical eraseblock did not pass the
393 * test, a positive number of erase operations done if the test was
394 * successfully passed, and other negative error codes in case of other errors.
396 static int torture_peb(struct ubi_device *ubi, int pnum)
398 int err, i, patt_count;
400 ubi_msg("run torture test for PEB %d", pnum);
401 patt_count = ARRAY_SIZE(patterns);
402 ubi_assert(patt_count > 0);
404 mutex_lock(&ubi->buf_mutex);
405 for (i = 0; i < patt_count; i++) {
406 err = do_sync_erase(ubi, pnum);
410 /* Make sure the PEB contains only 0xFF bytes */
411 err = ubi_io_read(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size);
415 err = check_pattern(ubi->peb_buf1, 0xFF, ubi->peb_size);
417 ubi_err("erased PEB %d, but a non-0xFF byte found",
423 /* Write a pattern and check it */
424 memset(ubi->peb_buf1, patterns[i], ubi->peb_size);
425 err = ubi_io_write(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size);
429 memset(ubi->peb_buf1, ~patterns[i], ubi->peb_size);
430 err = ubi_io_read(ubi, ubi->peb_buf1, pnum, 0, ubi->peb_size);
434 err = check_pattern(ubi->peb_buf1, patterns[i], ubi->peb_size);
436 ubi_err("pattern %x checking failed for PEB %d",
444 ubi_msg("PEB %d passed torture test, do not mark it a bad", pnum);
447 mutex_unlock(&ubi->buf_mutex);
448 if (err == UBI_IO_BITFLIPS || err == -EBADMSG) {
450 * If a bit-flip or data integrity error was detected, the test
451 * has not passed because it happened on a freshly erased
452 * physical eraseblock which means something is wrong with it.
454 ubi_err("read problems on freshly erased PEB %d, must be bad",
462 * ubi_io_sync_erase - synchronously erase a physical eraseblock.
463 * @ubi: UBI device description object
464 * @pnum: physical eraseblock number to erase
465 * @torture: if this physical eraseblock has to be tortured
467 * This function synchronously erases physical eraseblock @pnum. If @torture
468 * flag is not zero, the physical eraseblock is checked by means of writing
469 * different patterns to it and reading them back. If the torturing is enabled,
470 * the physical eraseblock is erased more than once.
472 * This function returns the number of erasures made in case of success, %-EIO
473 * if the erasure failed or the torturing test failed, and other negative error
474 * codes in case of other errors. Note, %-EIO means that the physical
477 int ubi_io_sync_erase(struct ubi_device *ubi, int pnum, int torture)
481 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
483 err = paranoid_check_not_bad(ubi, pnum);
485 return err > 0 ? -EINVAL : err;
488 ubi_err("read-only mode");
493 ret = torture_peb(ubi, pnum);
498 err = do_sync_erase(ubi, pnum);
506 * ubi_io_is_bad - check if a physical eraseblock is bad.
507 * @ubi: UBI device description object
508 * @pnum: the physical eraseblock number to check
510 * This function returns a positive number if the physical eraseblock is bad,
511 * zero if not, and a negative error code if an error occurred.
513 int ubi_io_is_bad(const struct ubi_device *ubi, int pnum)
515 struct mtd_info *mtd = ubi->mtd;
517 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
519 if (ubi->bad_allowed) {
522 ret = mtd->block_isbad(mtd, (loff_t)pnum * ubi->peb_size);
524 ubi_err("error %d while checking if PEB %d is bad",
527 dbg_io("PEB %d is bad", pnum);
535 * ubi_io_mark_bad - mark a physical eraseblock as bad.
536 * @ubi: UBI device description object
537 * @pnum: the physical eraseblock number to mark
539 * This function returns zero in case of success and a negative error code in
542 int ubi_io_mark_bad(const struct ubi_device *ubi, int pnum)
545 struct mtd_info *mtd = ubi->mtd;
547 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
550 ubi_err("read-only mode");
554 if (!ubi->bad_allowed)
557 err = mtd->block_markbad(mtd, (loff_t)pnum * ubi->peb_size);
559 ubi_err("cannot mark PEB %d bad, error %d", pnum, err);
564 * validate_ec_hdr - validate an erase counter header.
565 * @ubi: UBI device description object
566 * @ec_hdr: the erase counter header to check
568 * This function returns zero if the erase counter header is OK, and %1 if
571 static int validate_ec_hdr(const struct ubi_device *ubi,
572 const struct ubi_ec_hdr *ec_hdr)
575 int vid_hdr_offset, leb_start;
577 ec = be64_to_cpu(ec_hdr->ec);
578 vid_hdr_offset = be32_to_cpu(ec_hdr->vid_hdr_offset);
579 leb_start = be32_to_cpu(ec_hdr->data_offset);
581 if (ec_hdr->version != UBI_VERSION) {
582 ubi_err("node with incompatible UBI version found: "
583 "this UBI version is %d, image version is %d",
584 UBI_VERSION, (int)ec_hdr->version);
588 if (vid_hdr_offset != ubi->vid_hdr_offset) {
589 ubi_err("bad VID header offset %d, expected %d",
590 vid_hdr_offset, ubi->vid_hdr_offset);
594 if (leb_start != ubi->leb_start) {
595 ubi_err("bad data offset %d, expected %d",
596 leb_start, ubi->leb_start);
600 if (ec < 0 || ec > UBI_MAX_ERASECOUNTER) {
601 ubi_err("bad erase counter %lld", ec);
608 ubi_err("bad EC header");
609 ubi_dbg_dump_ec_hdr(ec_hdr);
610 ubi_dbg_dump_stack();
615 * ubi_io_read_ec_hdr - read and check an erase counter header.
616 * @ubi: UBI device description object
617 * @pnum: physical eraseblock to read from
618 * @ec_hdr: a &struct ubi_ec_hdr object where to store the read erase counter
620 * @verbose: be verbose if the header is corrupted or was not found
622 * This function reads erase counter header from physical eraseblock @pnum and
623 * stores it in @ec_hdr. This function also checks CRC checksum of the read
624 * erase counter header. The following codes may be returned:
626 * o %0 if the CRC checksum is correct and the header was successfully read;
627 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected
628 * and corrected by the flash driver; this is harmless but may indicate that
629 * this eraseblock may become bad soon (but may be not);
630 * o %UBI_IO_BAD_EC_HDR if the erase counter header is corrupted (a CRC error);
631 * o %UBI_IO_PEB_EMPTY if the physical eraseblock is empty;
632 * o a negative error code in case of failure.
634 int ubi_io_read_ec_hdr(struct ubi_device *ubi, int pnum,
635 struct ubi_ec_hdr *ec_hdr, int verbose)
637 int err, read_err = 0;
638 uint32_t crc, magic, hdr_crc;
640 dbg_io("read EC header from PEB %d", pnum);
641 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
643 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
645 if (err != UBI_IO_BITFLIPS && err != -EBADMSG)
649 * We read all the data, but either a correctable bit-flip
650 * occurred, or MTD reported about some data integrity error,
651 * like an ECC error in case of NAND. The former is harmless,
652 * the later may mean that the read data is corrupted. But we
653 * have a CRC check-sum and we will detect this. If the EC
654 * header is still OK, we just report this as there was a
660 magic = be32_to_cpu(ec_hdr->magic);
661 if (magic != UBI_EC_HDR_MAGIC) {
663 * The magic field is wrong. Let's check if we have read all
664 * 0xFF. If yes, this physical eraseblock is assumed to be
667 * But if there was a read error, we do not test it for all
668 * 0xFFs. Even if it does contain all 0xFFs, this error
669 * indicates that something is still wrong with this physical
670 * eraseblock and we anyway cannot treat it as empty.
672 if (read_err != -EBADMSG &&
673 check_pattern(ec_hdr, 0xFF, UBI_EC_HDR_SIZE)) {
674 /* The physical eraseblock is supposedly empty */
675 err = paranoid_check_all_ff(ubi, pnum, 0,
678 return err > 0 ? UBI_IO_BAD_EC_HDR : err;
681 ubi_warn("no EC header found at PEB %d, "
682 "only 0xFF bytes", pnum);
683 else if (UBI_IO_DEBUG)
684 dbg_msg("no EC header found at PEB %d, "
685 "only 0xFF bytes", pnum);
686 return UBI_IO_PEB_EMPTY;
690 * This is not a valid erase counter header, and these are not
691 * 0xFF bytes. Report that the header is corrupted.
694 ubi_warn("bad magic number at PEB %d: %08x instead of "
695 "%08x", pnum, magic, UBI_EC_HDR_MAGIC);
696 ubi_dbg_dump_ec_hdr(ec_hdr);
697 } else if (UBI_IO_DEBUG)
698 dbg_msg("bad magic number at PEB %d: %08x instead of "
699 "%08x", pnum, magic, UBI_EC_HDR_MAGIC);
700 return UBI_IO_BAD_EC_HDR;
703 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
704 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
706 if (hdr_crc != crc) {
708 ubi_warn("bad EC header CRC at PEB %d, calculated "
709 "%#08x, read %#08x", pnum, crc, hdr_crc);
710 ubi_dbg_dump_ec_hdr(ec_hdr);
711 } else if (UBI_IO_DEBUG)
712 dbg_msg("bad EC header CRC at PEB %d, calculated "
713 "%#08x, read %#08x", pnum, crc, hdr_crc);
714 return UBI_IO_BAD_EC_HDR;
717 /* And of course validate what has just been read from the media */
718 err = validate_ec_hdr(ubi, ec_hdr);
720 ubi_err("validation failed for PEB %d", pnum);
724 return read_err ? UBI_IO_BITFLIPS : 0;
728 * ubi_io_write_ec_hdr - write an erase counter header.
729 * @ubi: UBI device description object
730 * @pnum: physical eraseblock to write to
731 * @ec_hdr: the erase counter header to write
733 * This function writes erase counter header described by @ec_hdr to physical
734 * eraseblock @pnum. It also fills most fields of @ec_hdr before writing, so
735 * the caller do not have to fill them. Callers must only fill the @ec_hdr->ec
738 * This function returns zero in case of success and a negative error code in
739 * case of failure. If %-EIO is returned, the physical eraseblock most probably
742 int ubi_io_write_ec_hdr(struct ubi_device *ubi, int pnum,
743 struct ubi_ec_hdr *ec_hdr)
748 dbg_io("write EC header to PEB %d", pnum);
749 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
751 ec_hdr->magic = cpu_to_be32(UBI_EC_HDR_MAGIC);
752 ec_hdr->version = UBI_VERSION;
753 ec_hdr->vid_hdr_offset = cpu_to_be32(ubi->vid_hdr_offset);
754 ec_hdr->data_offset = cpu_to_be32(ubi->leb_start);
755 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
756 ec_hdr->hdr_crc = cpu_to_be32(crc);
758 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr);
762 err = ubi_io_write(ubi, ec_hdr, pnum, 0, ubi->ec_hdr_alsize);
767 * validate_vid_hdr - validate a volume identifier header.
768 * @ubi: UBI device description object
769 * @vid_hdr: the volume identifier header to check
771 * This function checks that data stored in the volume identifier header
772 * @vid_hdr. Returns zero if the VID header is OK and %1 if not.
774 static int validate_vid_hdr(const struct ubi_device *ubi,
775 const struct ubi_vid_hdr *vid_hdr)
777 int vol_type = vid_hdr->vol_type;
778 int copy_flag = vid_hdr->copy_flag;
779 int vol_id = be32_to_cpu(vid_hdr->vol_id);
780 int lnum = be32_to_cpu(vid_hdr->lnum);
781 int compat = vid_hdr->compat;
782 int data_size = be32_to_cpu(vid_hdr->data_size);
783 int used_ebs = be32_to_cpu(vid_hdr->used_ebs);
784 int data_pad = be32_to_cpu(vid_hdr->data_pad);
785 int data_crc = be32_to_cpu(vid_hdr->data_crc);
786 int usable_leb_size = ubi->leb_size - data_pad;
788 if (copy_flag != 0 && copy_flag != 1) {
789 dbg_err("bad copy_flag");
793 if (vol_id < 0 || lnum < 0 || data_size < 0 || used_ebs < 0 ||
795 dbg_err("negative values");
799 if (vol_id >= UBI_MAX_VOLUMES && vol_id < UBI_INTERNAL_VOL_START) {
800 dbg_err("bad vol_id");
804 if (vol_id < UBI_INTERNAL_VOL_START && compat != 0) {
805 dbg_err("bad compat");
809 if (vol_id >= UBI_INTERNAL_VOL_START && compat != UBI_COMPAT_DELETE &&
810 compat != UBI_COMPAT_RO && compat != UBI_COMPAT_PRESERVE &&
811 compat != UBI_COMPAT_REJECT) {
812 dbg_err("bad compat");
816 if (vol_type != UBI_VID_DYNAMIC && vol_type != UBI_VID_STATIC) {
817 dbg_err("bad vol_type");
821 if (data_pad >= ubi->leb_size / 2) {
822 dbg_err("bad data_pad");
826 if (vol_type == UBI_VID_STATIC) {
828 * Although from high-level point of view static volumes may
829 * contain zero bytes of data, but no VID headers can contain
830 * zero at these fields, because they empty volumes do not have
831 * mapped logical eraseblocks.
834 dbg_err("zero used_ebs");
837 if (data_size == 0) {
838 dbg_err("zero data_size");
841 if (lnum < used_ebs - 1) {
842 if (data_size != usable_leb_size) {
843 dbg_err("bad data_size");
846 } else if (lnum == used_ebs - 1) {
847 if (data_size == 0) {
848 dbg_err("bad data_size at last LEB");
852 dbg_err("too high lnum");
856 if (copy_flag == 0) {
858 dbg_err("non-zero data CRC");
861 if (data_size != 0) {
862 dbg_err("non-zero data_size");
866 if (data_size == 0) {
867 dbg_err("zero data_size of copy");
872 dbg_err("bad used_ebs");
880 ubi_err("bad VID header");
881 ubi_dbg_dump_vid_hdr(vid_hdr);
882 ubi_dbg_dump_stack();
887 * ubi_io_read_vid_hdr - read and check a volume identifier header.
888 * @ubi: UBI device description object
889 * @pnum: physical eraseblock number to read from
890 * @vid_hdr: &struct ubi_vid_hdr object where to store the read volume
892 * @verbose: be verbose if the header is corrupted or wasn't found
894 * This function reads the volume identifier header from physical eraseblock
895 * @pnum and stores it in @vid_hdr. It also checks CRC checksum of the read
896 * volume identifier header. The following codes may be returned:
898 * o %0 if the CRC checksum is correct and the header was successfully read;
899 * o %UBI_IO_BITFLIPS if the CRC is correct, but bit-flips were detected
900 * and corrected by the flash driver; this is harmless but may indicate that
901 * this eraseblock may become bad soon;
902 * o %UBI_IO_BAD_VID_HDR if the volume identifier header is corrupted (a CRC
904 * o %UBI_IO_PEB_FREE if the physical eraseblock is free (i.e., there is no VID
906 * o a negative error code in case of failure.
908 int ubi_io_read_vid_hdr(struct ubi_device *ubi, int pnum,
909 struct ubi_vid_hdr *vid_hdr, int verbose)
911 int err, read_err = 0;
912 uint32_t crc, magic, hdr_crc;
915 dbg_io("read VID header from PEB %d", pnum);
916 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
918 p = (char *)vid_hdr - ubi->vid_hdr_shift;
919 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
920 ubi->vid_hdr_alsize);
922 if (err != UBI_IO_BITFLIPS && err != -EBADMSG)
926 * We read all the data, but either a correctable bit-flip
927 * occurred, or MTD reported about some data integrity error,
928 * like an ECC error in case of NAND. The former is harmless,
929 * the later may mean the read data is corrupted. But we have a
930 * CRC check-sum and we will identify this. If the VID header is
931 * still OK, we just report this as there was a bit-flip.
936 magic = be32_to_cpu(vid_hdr->magic);
937 if (magic != UBI_VID_HDR_MAGIC) {
939 * If we have read all 0xFF bytes, the VID header probably does
940 * not exist and the physical eraseblock is assumed to be free.
942 * But if there was a read error, we do not test the data for
943 * 0xFFs. Even if it does contain all 0xFFs, this error
944 * indicates that something is still wrong with this physical
945 * eraseblock and it cannot be regarded as free.
947 if (read_err != -EBADMSG &&
948 check_pattern(vid_hdr, 0xFF, UBI_VID_HDR_SIZE)) {
949 /* The physical eraseblock is supposedly free */
952 * The below is just a paranoid check, it has to be
953 * compiled out if paranoid checks are disabled.
955 err = paranoid_check_empty(ubi, pnum);
957 return err > 0 ? UBI_IO_BAD_VID_HDR : err;
960 ubi_warn("no VID header found at PEB %d, "
961 "only 0xFF bytes", pnum);
962 else if (UBI_IO_DEBUG)
963 dbg_msg("no VID header found at PEB %d, "
964 "only 0xFF bytes", pnum);
965 return UBI_IO_PEB_FREE;
969 * This is not a valid VID header, and these are not 0xFF
970 * bytes. Report that the header is corrupted.
973 ubi_warn("bad magic number at PEB %d: %08x instead of "
974 "%08x", pnum, magic, UBI_VID_HDR_MAGIC);
975 ubi_dbg_dump_vid_hdr(vid_hdr);
976 } else if (UBI_IO_DEBUG)
977 dbg_msg("bad magic number at PEB %d: %08x instead of "
978 "%08x", pnum, magic, UBI_VID_HDR_MAGIC);
979 return UBI_IO_BAD_VID_HDR;
982 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
983 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
985 if (hdr_crc != crc) {
987 ubi_warn("bad CRC at PEB %d, calculated %#08x, "
988 "read %#08x", pnum, crc, hdr_crc);
989 ubi_dbg_dump_vid_hdr(vid_hdr);
990 } else if (UBI_IO_DEBUG)
991 dbg_msg("bad CRC at PEB %d, calculated %#08x, "
992 "read %#08x", pnum, crc, hdr_crc);
993 return UBI_IO_BAD_VID_HDR;
996 /* Validate the VID header that we have just read */
997 err = validate_vid_hdr(ubi, vid_hdr);
999 ubi_err("validation failed for PEB %d", pnum);
1003 return read_err ? UBI_IO_BITFLIPS : 0;
1007 * ubi_io_write_vid_hdr - write a volume identifier header.
1008 * @ubi: UBI device description object
1009 * @pnum: the physical eraseblock number to write to
1010 * @vid_hdr: the volume identifier header to write
1012 * This function writes the volume identifier header described by @vid_hdr to
1013 * physical eraseblock @pnum. This function automatically fills the
1014 * @vid_hdr->magic and the @vid_hdr->version fields, as well as calculates
1015 * header CRC checksum and stores it at vid_hdr->hdr_crc.
1017 * This function returns zero in case of success and a negative error code in
1018 * case of failure. If %-EIO is returned, the physical eraseblock probably went
1021 int ubi_io_write_vid_hdr(struct ubi_device *ubi, int pnum,
1022 struct ubi_vid_hdr *vid_hdr)
1028 dbg_io("write VID header to PEB %d", pnum);
1029 ubi_assert(pnum >= 0 && pnum < ubi->peb_count);
1031 err = paranoid_check_peb_ec_hdr(ubi, pnum);
1033 return err > 0 ? -EINVAL : err;
1035 vid_hdr->magic = cpu_to_be32(UBI_VID_HDR_MAGIC);
1036 vid_hdr->version = UBI_VERSION;
1037 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_VID_HDR_SIZE_CRC);
1038 vid_hdr->hdr_crc = cpu_to_be32(crc);
1040 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr);
1044 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1045 err = ubi_io_write(ubi, p, pnum, ubi->vid_hdr_aloffset,
1046 ubi->vid_hdr_alsize);
1050 #ifdef CONFIG_MTD_UBI_DEBUG_PARANOID
1053 * paranoid_check_not_bad - ensure that a physical eraseblock is not bad.
1054 * @ubi: UBI device description object
1055 * @pnum: physical eraseblock number to check
1057 * This function returns zero if the physical eraseblock is good, a positive
1058 * number if it is bad and a negative error code if an error occurred.
1060 static int paranoid_check_not_bad(const struct ubi_device *ubi, int pnum)
1064 err = ubi_io_is_bad(ubi, pnum);
1068 ubi_err("paranoid check failed for PEB %d", pnum);
1069 ubi_dbg_dump_stack();
1074 * paranoid_check_ec_hdr - check if an erase counter header is all right.
1075 * @ubi: UBI device description object
1076 * @pnum: physical eraseblock number the erase counter header belongs to
1077 * @ec_hdr: the erase counter header to check
1079 * This function returns zero if the erase counter header contains valid
1080 * values, and %1 if not.
1082 static int paranoid_check_ec_hdr(const struct ubi_device *ubi, int pnum,
1083 const struct ubi_ec_hdr *ec_hdr)
1088 magic = be32_to_cpu(ec_hdr->magic);
1089 if (magic != UBI_EC_HDR_MAGIC) {
1090 ubi_err("bad magic %#08x, must be %#08x",
1091 magic, UBI_EC_HDR_MAGIC);
1095 err = validate_ec_hdr(ubi, ec_hdr);
1097 ubi_err("paranoid check failed for PEB %d", pnum);
1104 ubi_dbg_dump_ec_hdr(ec_hdr);
1105 ubi_dbg_dump_stack();
1110 * paranoid_check_peb_ec_hdr - check erase counter header.
1111 * @ubi: UBI device description object
1112 * @pnum: the physical eraseblock number to check
1114 * This function returns zero if the erase counter header is all right, %1 if
1115 * not, and a negative error code if an error occurred.
1117 static int paranoid_check_peb_ec_hdr(const struct ubi_device *ubi, int pnum)
1120 uint32_t crc, hdr_crc;
1121 struct ubi_ec_hdr *ec_hdr;
1123 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_NOFS);
1127 err = ubi_io_read(ubi, ec_hdr, pnum, 0, UBI_EC_HDR_SIZE);
1128 if (err && err != UBI_IO_BITFLIPS && err != -EBADMSG)
1131 crc = crc32(UBI_CRC32_INIT, ec_hdr, UBI_EC_HDR_SIZE_CRC);
1132 hdr_crc = be32_to_cpu(ec_hdr->hdr_crc);
1133 if (hdr_crc != crc) {
1134 ubi_err("bad CRC, calculated %#08x, read %#08x", crc, hdr_crc);
1135 ubi_err("paranoid check failed for PEB %d", pnum);
1136 ubi_dbg_dump_ec_hdr(ec_hdr);
1137 ubi_dbg_dump_stack();
1142 err = paranoid_check_ec_hdr(ubi, pnum, ec_hdr);
1150 * paranoid_check_vid_hdr - check that a volume identifier header is all right.
1151 * @ubi: UBI device description object
1152 * @pnum: physical eraseblock number the volume identifier header belongs to
1153 * @vid_hdr: the volume identifier header to check
1155 * This function returns zero if the volume identifier header is all right, and
1158 static int paranoid_check_vid_hdr(const struct ubi_device *ubi, int pnum,
1159 const struct ubi_vid_hdr *vid_hdr)
1164 magic = be32_to_cpu(vid_hdr->magic);
1165 if (magic != UBI_VID_HDR_MAGIC) {
1166 ubi_err("bad VID header magic %#08x at PEB %d, must be %#08x",
1167 magic, pnum, UBI_VID_HDR_MAGIC);
1171 err = validate_vid_hdr(ubi, vid_hdr);
1173 ubi_err("paranoid check failed for PEB %d", pnum);
1180 ubi_err("paranoid check failed for PEB %d", pnum);
1181 ubi_dbg_dump_vid_hdr(vid_hdr);
1182 ubi_dbg_dump_stack();
1188 * paranoid_check_peb_vid_hdr - check volume identifier header.
1189 * @ubi: UBI device description object
1190 * @pnum: the physical eraseblock number to check
1192 * This function returns zero if the volume identifier header is all right,
1193 * %1 if not, and a negative error code if an error occurred.
1195 static int paranoid_check_peb_vid_hdr(const struct ubi_device *ubi, int pnum)
1198 uint32_t crc, hdr_crc;
1199 struct ubi_vid_hdr *vid_hdr;
1202 vid_hdr = ubi_zalloc_vid_hdr(ubi, GFP_NOFS);
1206 p = (char *)vid_hdr - ubi->vid_hdr_shift;
1207 err = ubi_io_read(ubi, p, pnum, ubi->vid_hdr_aloffset,
1208 ubi->vid_hdr_alsize);
1209 if (err && err != UBI_IO_BITFLIPS && err != -EBADMSG)
1212 crc = crc32(UBI_CRC32_INIT, vid_hdr, UBI_EC_HDR_SIZE_CRC);
1213 hdr_crc = be32_to_cpu(vid_hdr->hdr_crc);
1214 if (hdr_crc != crc) {
1215 ubi_err("bad VID header CRC at PEB %d, calculated %#08x, "
1216 "read %#08x", pnum, crc, hdr_crc);
1217 ubi_err("paranoid check failed for PEB %d", pnum);
1218 ubi_dbg_dump_vid_hdr(vid_hdr);
1219 ubi_dbg_dump_stack();
1224 err = paranoid_check_vid_hdr(ubi, pnum, vid_hdr);
1227 ubi_free_vid_hdr(ubi, vid_hdr);
1232 * paranoid_check_all_ff - check that a region of flash is empty.
1233 * @ubi: UBI device description object
1234 * @pnum: the physical eraseblock number to check
1235 * @offset: the starting offset within the physical eraseblock to check
1236 * @len: the length of the region to check
1238 * This function returns zero if only 0xFF bytes are present at offset
1239 * @offset of the physical eraseblock @pnum, %1 if not, and a negative error
1240 * code if an error occurred.
1242 static int paranoid_check_all_ff(struct ubi_device *ubi, int pnum, int offset,
1247 loff_t addr = (loff_t)pnum * ubi->peb_size + offset;
1249 mutex_lock(&ubi->dbg_buf_mutex);
1250 err = ubi->mtd->read(ubi->mtd, addr, len, &read, ubi->dbg_peb_buf);
1251 if (err && err != -EUCLEAN) {
1252 ubi_err("error %d while reading %d bytes from PEB %d:%d, "
1253 "read %zd bytes", err, len, pnum, offset, read);
1257 err = check_pattern(ubi->dbg_peb_buf, 0xFF, len);
1259 ubi_err("flash region at PEB %d:%d, length %d does not "
1260 "contain all 0xFF bytes", pnum, offset, len);
1263 mutex_unlock(&ubi->dbg_buf_mutex);
1268 ubi_err("paranoid check failed for PEB %d", pnum);
1269 ubi_msg("hex dump of the %d-%d region", offset, offset + len);
1270 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1271 ubi->dbg_peb_buf, len, 1);
1274 ubi_dbg_dump_stack();
1275 mutex_unlock(&ubi->dbg_buf_mutex);
1280 * paranoid_check_empty - whether a PEB is empty.
1281 * @ubi: UBI device description object
1282 * @pnum: the physical eraseblock number to check
1284 * This function makes sure PEB @pnum is empty, which means it contains only
1285 * %0xFF data bytes. Returns zero if the PEB is empty, %1 if not, and a
1286 * negative error code in case of failure.
1288 * Empty PEBs have the EC header, and do not have the VID header. The caller of
1289 * this function should have already made sure the PEB does not have the VID
1290 * header. However, this function re-checks that, because it is possible that
1291 * the header and data has already been written to the PEB.
1293 * Let's consider a possible scenario. Suppose there are 2 tasks - A and B.
1294 * Task A is in 'wear_leveling_worker()'. It is reading VID header of PEB X to
1295 * find which LEB it corresponds to. PEB X is currently unmapped, and has no
1296 * VID header. Task B is trying to write to PEB X.
1298 * Task A: in 'ubi_io_read_vid_hdr()': reads the VID header from PEB X. The
1299 * read data contain all 0xFF bytes;
1300 * Task B: writes VID header and some data to PEB X;
1301 * Task A: assumes PEB X is empty, calls 'paranoid_check_empty()'. And if we
1302 * do not re-read the VID header, and do not cancel the checking if it
1303 * is there, we fail.
1305 static int paranoid_check_empty(struct ubi_device *ubi, int pnum)
1307 int err, offs = ubi->vid_hdr_aloffset, len = ubi->vid_hdr_alsize;
1310 const struct ubi_vid_hdr *vid_hdr;
1312 mutex_lock(&ubi->dbg_buf_mutex);
1313 err = ubi->mtd->read(ubi->mtd, offs, len, &read, ubi->dbg_peb_buf);
1314 if (err && err != -EUCLEAN) {
1315 ubi_err("error %d while reading %d bytes from PEB %d:%d, "
1316 "read %zd bytes", err, len, pnum, offs, read);
1320 vid_hdr = ubi->dbg_peb_buf;
1321 magic = be32_to_cpu(vid_hdr->magic);
1322 if (magic == UBI_VID_HDR_MAGIC)
1323 /* The PEB contains VID header, so it is not empty */
1326 err = check_pattern(ubi->dbg_peb_buf, 0xFF, len);
1328 ubi_err("flash region at PEB %d:%d, length %d does not "
1329 "contain all 0xFF bytes", pnum, offs, len);
1334 mutex_unlock(&ubi->dbg_buf_mutex);
1338 ubi_err("paranoid check failed for PEB %d", pnum);
1339 ubi_msg("hex dump of the %d-%d region", offs, offs + len);
1340 print_hex_dump(KERN_DEBUG, "", DUMP_PREFIX_OFFSET, 32, 1,
1341 ubi->dbg_peb_buf, len, 1);
1344 ubi_dbg_dump_stack();
1345 mutex_unlock(&ubi->dbg_buf_mutex);
1349 #endif /* CONFIG_MTD_UBI_DEBUG_PARANOID */