]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - drivers/mtd/ubi/fastmap.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
UBI: Fix memory leak in ubi_attach_fastmap() error path
[mirror_ubuntu-artful-kernel.git] / drivers / mtd / ubi / fastmap.c
CommitLineData
dbb7d2a8
RW		 1/*
2 * Copyright (c) 2012 Linutronix GmbH
3 * Author: Richard Weinberger <richard@nod.at>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; version 2.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
12 * the GNU General Public License for more details.
13 *
14 */
15
16#include <linux/crc32.h>
17#include "ubi.h"
18
19/**
20 * ubi_calc_fm_size - calculates the fastmap size in bytes for an UBI device.
21 * @ubi: UBI device description object
22 */
23size_t ubi_calc_fm_size(struct ubi_device *ubi)
24{
25 size_t size;
26
27 size = sizeof(struct ubi_fm_hdr) + \
28 sizeof(struct ubi_fm_scan_pool) + \
29 sizeof(struct ubi_fm_scan_pool) + \
30 (ubi->peb_count * sizeof(struct ubi_fm_ec)) + \
31 (sizeof(struct ubi_fm_eba) + \
32 (ubi->peb_count * sizeof(__be32))) + \
33 sizeof(struct ubi_fm_volhdr) * UBI_MAX_VOLUMES;
34 return roundup(size, ubi->leb_size);
35}
36
37
38/**
39 * new_fm_vhdr - allocate a new volume header for fastmap usage.
40 * @ubi: UBI device description object
41 * @vol_id: the VID of the new header
42 *
43 * Returns a new struct ubi_vid_hdr on success.
44 * NULL indicates out of memory.
45 */
46static struct ubi_vid_hdr *new_fm_vhdr(struct ubi_device *ubi, int vol_id)
47{
48 struct ubi_vid_hdr *new;
49
50 new = ubi_zalloc_vid_hdr(ubi, GFP_KERNEL);
51 if (!new)
52 goto out;
53
54 new->vol_type = UBI_VID_DYNAMIC;
55 new->vol_id = cpu_to_be32(vol_id);
56
57 /* UBI implementations without fastmap support have to delete the
58 * fastmap.
59 */
60 new->compat = UBI_COMPAT_DELETE;
61
62out:
63 return new;
64}
65
66/**
67 * add_aeb - create and add a attach erase block to a given list.
68 * @ai: UBI attach info object
69 * @list: the target list
70 * @pnum: PEB number of the new attach erase block
71 * @ec: erease counter of the new LEB
72 * @scrub: scrub this PEB after attaching
73 *
74 * Returns 0 on success, < 0 indicates an internal error.
75 */
76static int add_aeb(struct ubi_attach_info *ai, struct list_head *list,
77 int pnum, int ec, int scrub)
78{
79 struct ubi_ainf_peb *aeb;
80
81 aeb = kmem_cache_alloc(ai->aeb_slab_cache, GFP_KERNEL);
82 if (!aeb)
83 return -ENOMEM;
84
85 aeb->pnum = pnum;
86 aeb->ec = ec;
87 aeb->lnum = -1;
88 aeb->scrub = scrub;
89 aeb->copy_flag = aeb->sqnum = 0;
90
91 ai->ec_sum += aeb->ec;
92 ai->ec_count++;
93
94 if (ai->max_ec < aeb->ec)
95 ai->max_ec = aeb->ec;
96
97 if (ai->min_ec > aeb->ec)
98 ai->min_ec = aeb->ec;
99
100 list_add_tail(&aeb->u.list, list);
101
102 return 0;
103}
104
105/**
106 * add_vol - create and add a new volume to ubi_attach_info.
107 * @ai: ubi_attach_info object
108 * @vol_id: VID of the new volume
109 * @used_ebs: number of used EBS
110 * @data_pad: data padding value of the new volume
111 * @vol_type: volume type
112 * @last_eb_bytes: number of bytes in the last LEB
113 *
114 * Returns the new struct ubi_ainf_volume on success.
115 * NULL indicates an error.
116 */
117static struct ubi_ainf_volume *add_vol(struct ubi_attach_info *ai, int vol_id,
118 int used_ebs, int data_pad, u8 vol_type,
119 int last_eb_bytes)
120{
121 struct ubi_ainf_volume *av;
122 struct rb_node **p = &ai->volumes.rb_node, *parent = NULL;
123
124 while (*p) {
125 parent = *p;
126 av = rb_entry(parent, struct ubi_ainf_volume, rb);
127
128 if (vol_id > av->vol_id)
129 p = &(*p)->rb_left;
130 else if (vol_id > av->vol_id)
131 p = &(*p)->rb_right;
132 }
133
134 av = kmalloc(sizeof(struct ubi_ainf_volume), GFP_KERNEL);
135 if (!av)
136 goto out;
137
138 av->highest_lnum = av->leb_count = 0;
139 av->vol_id = vol_id;
140 av->used_ebs = used_ebs;
141 av->data_pad = data_pad;
142 av->last_data_size = last_eb_bytes;
143 av->compat = 0;
144 av->vol_type = vol_type;
145 av->root = RB_ROOT;
146
147 dbg_bld("found volume (ID %i)", vol_id);
148
149 rb_link_node(&av->rb, parent, p);
150 rb_insert_color(&av->rb, &ai->volumes);
151
152out:
153 return av;
154}
155
156/**
157 * assign_aeb_to_av - assigns a SEB to a given ainf_volume and removes it
158 * from it's original list.
159 * @ai: ubi_attach_info object
160 * @aeb: the to be assigned SEB
161 * @av: target scan volume
162 */
163static void assign_aeb_to_av(struct ubi_attach_info *ai,
164 struct ubi_ainf_peb *aeb,
165 struct ubi_ainf_volume *av)
166{
167 struct ubi_ainf_peb *tmp_aeb;
168 struct rb_node **p = &ai->volumes.rb_node, *parent = NULL;
169
170 p = &av->root.rb_node;
171 while (*p) {
172 parent = *p;
173
174 tmp_aeb = rb_entry(parent, struct ubi_ainf_peb, u.rb);
175 if (aeb->lnum != tmp_aeb->lnum) {
176 if (aeb->lnum < tmp_aeb->lnum)
177 p = &(*p)->rb_left;
178 else
179 p = &(*p)->rb_right;
180
181 continue;
182 } else
183 break;
184 }
185
186 list_del(&aeb->u.list);
187 av->leb_count++;
188
189 rb_link_node(&aeb->u.rb, parent, p);
190 rb_insert_color(&aeb->u.rb, &av->root);
191}
192
193/**
194 * update_vol - inserts or updates a LEB which was found a pool.
195 * @ubi: the UBI device object
196 * @ai: attach info object
197 * @av: the volume this LEB belongs to
198 * @new_vh: the volume header derived from new_aeb
199 * @new_aeb: the AEB to be examined
200 *
201 * Returns 0 on success, < 0 indicates an internal error.
202 */
203static int update_vol(struct ubi_device *ubi, struct ubi_attach_info *ai,
204 struct ubi_ainf_volume *av, struct ubi_vid_hdr *new_vh,
205 struct ubi_ainf_peb *new_aeb)
206{
207 struct rb_node **p = &av->root.rb_node, *parent = NULL;
208 struct ubi_ainf_peb *aeb, *victim;
209 int cmp_res;
210
211 while (*p) {
212 parent = *p;
213 aeb = rb_entry(parent, struct ubi_ainf_peb, u.rb);
214
215 if (be32_to_cpu(new_vh->lnum) != aeb->lnum) {
216 if (be32_to_cpu(new_vh->lnum) < aeb->lnum)
217 p = &(*p)->rb_left;
218 else
219 p = &(*p)->rb_right;
220
221 continue;
222 }
223
224 /* This case can happen if the fastmap gets written
225 * because of a volume change (creation, deletion, ..).
226 * Then a PEB can be within the persistent EBA and the pool.
227 */
228 if (aeb->pnum == new_aeb->pnum) {
229 ubi_assert(aeb->lnum == new_aeb->lnum);
230 kmem_cache_free(ai->aeb_slab_cache, new_aeb);
231
232 return 0;
233 }
234
235 cmp_res = ubi_compare_lebs(ubi, aeb, new_aeb->pnum, new_vh);
236 if (cmp_res < 0)
237 return cmp_res;
238
239 /* new_aeb is newer */
240 if (cmp_res & 1) {
241 victim = kmem_cache_alloc(ai->aeb_slab_cache,
242 GFP_KERNEL);
243 if (!victim)
244 return -ENOMEM;
245
246 victim->ec = aeb->ec;
247 victim->pnum = aeb->pnum;
248 list_add_tail(&victim->u.list, &ai->erase);
249
250 if (av->highest_lnum == be32_to_cpu(new_vh->lnum))
251 av->last_data_size = \
252 be32_to_cpu(new_vh->data_size);
253
254 dbg_bld("vol %i: AEB %i's PEB %i is the newer",
255 av->vol_id, aeb->lnum, new_aeb->pnum);
256
257 aeb->ec = new_aeb->ec;
258 aeb->pnum = new_aeb->pnum;
259 aeb->copy_flag = new_vh->copy_flag;
260 aeb->scrub = new_aeb->scrub;
261 kmem_cache_free(ai->aeb_slab_cache, new_aeb);
262
263 /* new_aeb is older */
264 } else {
265 dbg_bld("vol %i: AEB %i's PEB %i is old, dropping it",
266 av->vol_id, aeb->lnum, new_aeb->pnum);
267 list_add_tail(&new_aeb->u.list, &ai->erase);
268 }
269
270 return 0;
271 }
272 /* This LEB is new, let's add it to the volume */
273
274 if (av->highest_lnum <= be32_to_cpu(new_vh->lnum)) {
275 av->highest_lnum = be32_to_cpu(new_vh->lnum);
276 av->last_data_size = be32_to_cpu(new_vh->data_size);
277 }
278
279 if (av->vol_type == UBI_STATIC_VOLUME)
280 av->used_ebs = be32_to_cpu(new_vh->used_ebs);
281
282 av->leb_count++;
283
284 rb_link_node(&new_aeb->u.rb, parent, p);
285 rb_insert_color(&new_aeb->u.rb, &av->root);
286
287 return 0;
288}
289
290/**
291 * process_pool_aeb - we found a non-empty PEB in a pool.
292 * @ubi: UBI device object
293 * @ai: attach info object
294 * @new_vh: the volume header derived from new_aeb
295 * @new_aeb: the AEB to be examined
296 *
297 * Returns 0 on success, < 0 indicates an internal error.
298 */
299static int process_pool_aeb(struct ubi_device *ubi, struct ubi_attach_info *ai,
300 struct ubi_vid_hdr *new_vh,
301 struct ubi_ainf_peb *new_aeb)
302{
303 struct ubi_ainf_volume *av, *tmp_av = NULL;
304 struct rb_node **p = &ai->volumes.rb_node, *parent = NULL;
305 int found = 0;
306
307 if (be32_to_cpu(new_vh->vol_id) == UBI_FM_SB_VOLUME_ID ||
308 be32_to_cpu(new_vh->vol_id) == UBI_FM_DATA_VOLUME_ID) {
309 kmem_cache_free(ai->aeb_slab_cache, new_aeb);
310
311 return 0;
312 }
313
314 /* Find the volume this SEB belongs to */
315 while (*p) {
316 parent = *p;
317 tmp_av = rb_entry(parent, struct ubi_ainf_volume, rb);
318
319 if (be32_to_cpu(new_vh->vol_id) > tmp_av->vol_id)
320 p = &(*p)->rb_left;
321 else if (be32_to_cpu(new_vh->vol_id) < tmp_av->vol_id)
322 p = &(*p)->rb_right;
323 else {
324 found = 1;
325 break;
326 }
327 }
328
329 if (found)
330 av = tmp_av;
331 else {
332 ubi_err("orphaned volume in fastmap pool!");
333 return UBI_BAD_FASTMAP;
334 }
335
336 ubi_assert(be32_to_cpu(new_vh->vol_id) == av->vol_id);
337
338 return update_vol(ubi, ai, av, new_vh, new_aeb);
339}
340
341/**
342 * unmap_peb - unmap a PEB.
343 * If fastmap detects a free PEB in the pool it has to check whether
344 * this PEB has been unmapped after writing the fastmap.
345 *
346 * @ai: UBI attach info object
347 * @pnum: The PEB to be unmapped
348 */
349static void unmap_peb(struct ubi_attach_info *ai, int pnum)
350{
351 struct ubi_ainf_volume *av;
352 struct rb_node *node, *node2;
353 struct ubi_ainf_peb *aeb;
354
355 for (node = rb_first(&ai->volumes); node; node = rb_next(node)) {
356 av = rb_entry(node, struct ubi_ainf_volume, rb);
357
358 for (node2 = rb_first(&av->root); node2;
359 node2 = rb_next(node2)) {
360 aeb = rb_entry(node2, struct ubi_ainf_peb, u.rb);
361 if (aeb->pnum == pnum) {
362 rb_erase(&aeb->u.rb, &av->root);
363 kmem_cache_free(ai->aeb_slab_cache, aeb);
364 return;
365 }
366 }
367 }
368}
369
370/**
371 * scan_pool - scans a pool for changed (no longer empty PEBs).
372 * @ubi: UBI device object
373 * @ai: attach info object
374 * @pebs: an array of all PEB numbers in the to be scanned pool
375 * @pool_size: size of the pool (number of entries in @pebs)
376 * @max_sqnum: pointer to the maximal sequence number
377 * @eba_orphans: list of PEBs which need to be scanned
378 * @free: list of PEBs which are most likely free (and go into @ai->free)
379 *
380 * Returns 0 on success, if the pool is unusable UBI_BAD_FASTMAP is returned.
381 * < 0 indicates an internal error.
382 */
383static int scan_pool(struct ubi_device *ubi, struct ubi_attach_info *ai,
384 int *pebs, int pool_size, unsigned long long *max_sqnum,
385 struct list_head *eba_orphans, struct list_head *free)
386{
387 struct ubi_vid_hdr *vh;
388 struct ubi_ec_hdr *ech;
389 struct ubi_ainf_peb *new_aeb, *tmp_aeb;
390 int i, pnum, err, found_orphan, ret = 0;
391
392 ech = kzalloc(ubi->ec_hdr_alsize, GFP_KERNEL);
393 if (!ech)
394 return -ENOMEM;
395
396 vh = ubi_zalloc_vid_hdr(ubi, GFP_KERNEL);
397 if (!vh) {
398 kfree(ech);
399 return -ENOMEM;
400 }
401
402 dbg_bld("scanning fastmap pool: size = %i", pool_size);
403
404 /*
405 * Now scan all PEBs in the pool to find changes which have been made
406 * after the creation of the fastmap
407 */
408 for (i = 0; i < pool_size; i++) {
409 int scrub = 0;
c22301ad 410 int image_seq;
dbb7d2a8
RW		 411
412 pnum = be32_to_cpu(pebs[i]);
413
414 if (ubi_io_is_bad(ubi, pnum)) {
415 ubi_err("bad PEB in fastmap pool!");
416 ret = UBI_BAD_FASTMAP;
417 goto out;
418 }
419
420 err = ubi_io_read_ec_hdr(ubi, pnum, ech, 0);
421 if (err && err != UBI_IO_BITFLIPS) {
422 ubi_err("unable to read EC header! PEB:%i err:%i",
423 pnum, err);
424 ret = err > 0 ? UBI_BAD_FASTMAP : err;
425 goto out;
426 } else if (ret == UBI_IO_BITFLIPS)
427 scrub = 1;
428
c22301ad
RG		 429 /*
430 * Older UBI implementations have image_seq set to zero, so
431 * we shouldn't fail if image_seq == 0.
432 */
433 image_seq = be32_to_cpu(ech->image_seq);
434
435 if (image_seq && (image_seq != ubi->image_seq)) {
dbb7d2a8
RW		 436 ubi_err("bad image seq: 0x%x, expected: 0x%x",
437 be32_to_cpu(ech->image_seq), ubi->image_seq);
f240dca8 438 ret = UBI_BAD_FASTMAP;
dbb7d2a8
RW		 439 goto out;
440 }
441
442 err = ubi_io_read_vid_hdr(ubi, pnum, vh, 0);
443 if (err == UBI_IO_FF || err == UBI_IO_FF_BITFLIPS) {
444 unsigned long long ec = be64_to_cpu(ech->ec);
445 unmap_peb(ai, pnum);
446 dbg_bld("Adding PEB to free: %i", pnum);
447 if (err == UBI_IO_FF_BITFLIPS)
448 add_aeb(ai, free, pnum, ec, 1);
449 else
450 add_aeb(ai, free, pnum, ec, 0);
451 continue;
452 } else if (err == 0 || err == UBI_IO_BITFLIPS) {
453 dbg_bld("Found non empty PEB:%i in pool", pnum);
454
455 if (err == UBI_IO_BITFLIPS)
456 scrub = 1;
457
458 found_orphan = 0;
459 list_for_each_entry(tmp_aeb, eba_orphans, u.list) {
460 if (tmp_aeb->pnum == pnum) {
461 found_orphan = 1;
462 break;
463 }
464 }
465 if (found_orphan) {
466 kmem_cache_free(ai->aeb_slab_cache, tmp_aeb);
467 list_del(&tmp_aeb->u.list);
468 }
469
470 new_aeb = kmem_cache_alloc(ai->aeb_slab_cache,
471 GFP_KERNEL);
472 if (!new_aeb) {
473 ret = -ENOMEM;
474 goto out;
475 }
476
477 new_aeb->ec = be64_to_cpu(ech->ec);
478 new_aeb->pnum = pnum;
479 new_aeb->lnum = be32_to_cpu(vh->lnum);
480 new_aeb->sqnum = be64_to_cpu(vh->sqnum);
481 new_aeb->copy_flag = vh->copy_flag;
482 new_aeb->scrub = scrub;
483
484 if (*max_sqnum < new_aeb->sqnum)
485 *max_sqnum = new_aeb->sqnum;
486
487 err = process_pool_aeb(ubi, ai, vh, new_aeb);
488 if (err) {
489 ret = err > 0 ? UBI_BAD_FASTMAP : err;
490 goto out;
491 }
492 } else {
493 /* We are paranoid and fall back to scanning mode */
494 ubi_err("fastmap pool PEBs contains damaged PEBs!");
495 ret = err > 0 ? UBI_BAD_FASTMAP : err;
496 goto out;
497 }
498
499 }
500
501out:
502 ubi_free_vid_hdr(ubi, vh);
503 kfree(ech);
504 return ret;
505}
506
507/**
508 * count_fastmap_pebs - Counts the PEBs found by fastmap.
509 * @ai: The UBI attach info object
510 */
511static int count_fastmap_pebs(struct ubi_attach_info *ai)
512{
513 struct ubi_ainf_peb *aeb;
514 struct ubi_ainf_volume *av;
515 struct rb_node *rb1, *rb2;
516 int n = 0;
517
518 list_for_each_entry(aeb, &ai->erase, u.list)
519 n++;
520
521 list_for_each_entry(aeb, &ai->free, u.list)
522 n++;
523
524 ubi_rb_for_each_entry(rb1, av, &ai->volumes, rb)
525 ubi_rb_for_each_entry(rb2, aeb, &av->root, u.rb)
526 n++;
527
528 return n;
529}
530
531/**
532 * ubi_attach_fastmap - creates ubi_attach_info from a fastmap.
533 * @ubi: UBI device object
534 * @ai: UBI attach info object
535 * @fm: the fastmap to be attached
536 *
537 * Returns 0 on success, UBI_BAD_FASTMAP if the found fastmap was unusable.
538 * < 0 indicates an internal error.
539 */
540static int ubi_attach_fastmap(struct ubi_device *ubi,
541 struct ubi_attach_info *ai,
542 struct ubi_fastmap_layout *fm)
543{
544 struct list_head used, eba_orphans, free;
545 struct ubi_ainf_volume *av;
546 struct ubi_ainf_peb *aeb, *tmp_aeb, *_tmp_aeb;
547 struct ubi_ec_hdr *ech;
548 struct ubi_fm_sb *fmsb;
549 struct ubi_fm_hdr *fmhdr;
550 struct ubi_fm_scan_pool *fmpl1, *fmpl2;
551 struct ubi_fm_ec *fmec;
552 struct ubi_fm_volhdr *fmvhdr;
553 struct ubi_fm_eba *fm_eba;
554 int ret, i, j, pool_size, wl_pool_size;
555 size_t fm_pos = 0, fm_size = ubi->fm_size;
556 unsigned long long max_sqnum = 0;
557 void *fm_raw = ubi->fm_buf;
558
559 INIT_LIST_HEAD(&used);
560 INIT_LIST_HEAD(&free);
561 INIT_LIST_HEAD(&eba_orphans);
562 INIT_LIST_HEAD(&ai->corr);
563 INIT_LIST_HEAD(&ai->free);
564 INIT_LIST_HEAD(&ai->erase);
565 INIT_LIST_HEAD(&ai->alien);
566 ai->volumes = RB_ROOT;
567 ai->min_ec = UBI_MAX_ERASECOUNTER;
568
569 ai->aeb_slab_cache = kmem_cache_create("ubi_ainf_peb_slab",
570 sizeof(struct ubi_ainf_peb),
571 0, 0, NULL);
572 if (!ai->aeb_slab_cache) {
573 ret = -ENOMEM;
574 goto fail;
575 }
576
577 fmsb = (struct ubi_fm_sb *)(fm_raw);
578 ai->max_sqnum = fmsb->sqnum;
579 fm_pos += sizeof(struct ubi_fm_sb);
580 if (fm_pos >= fm_size)
581 goto fail_bad;
582
583 fmhdr = (struct ubi_fm_hdr *)(fm_raw + fm_pos);
584 fm_pos += sizeof(*fmhdr);
585 if (fm_pos >= fm_size)
586 goto fail_bad;
587
588 if (be32_to_cpu(fmhdr->magic) != UBI_FM_HDR_MAGIC) {
589 ubi_err("bad fastmap header magic: 0x%x, expected: 0x%x",
590 be32_to_cpu(fmhdr->magic), UBI_FM_HDR_MAGIC);
591 goto fail_bad;
592 }
593
594 fmpl1 = (struct ubi_fm_scan_pool *)(fm_raw + fm_pos);
595 fm_pos += sizeof(*fmpl1);
596 if (fm_pos >= fm_size)
597 goto fail_bad;
598 if (be32_to_cpu(fmpl1->magic) != UBI_FM_POOL_MAGIC) {
599 ubi_err("bad fastmap pool magic: 0x%x, expected: 0x%x",
600 be32_to_cpu(fmpl1->magic), UBI_FM_POOL_MAGIC);
601 goto fail_bad;
602 }
603
604 fmpl2 = (struct ubi_fm_scan_pool *)(fm_raw + fm_pos);
605 fm_pos += sizeof(*fmpl2);
606 if (fm_pos >= fm_size)
607 goto fail_bad;
608 if (be32_to_cpu(fmpl2->magic) != UBI_FM_POOL_MAGIC) {
609 ubi_err("bad fastmap pool magic: 0x%x, expected: 0x%x",
610 be32_to_cpu(fmpl2->magic), UBI_FM_POOL_MAGIC);
611 goto fail_bad;
612 }
613
614 pool_size = be16_to_cpu(fmpl1->size);
615 wl_pool_size = be16_to_cpu(fmpl2->size);
616 fm->max_pool_size = be16_to_cpu(fmpl1->max_size);
617 fm->max_wl_pool_size = be16_to_cpu(fmpl2->max_size);
618
619 if (pool_size > UBI_FM_MAX_POOL_SIZE || pool_size < 0) {
620 ubi_err("bad pool size: %i", pool_size);
621 goto fail_bad;
622 }
623
624 if (wl_pool_size > UBI_FM_MAX_POOL_SIZE || wl_pool_size < 0) {
625 ubi_err("bad WL pool size: %i", wl_pool_size);
626 goto fail_bad;
627 }
628
629
630 if (fm->max_pool_size > UBI_FM_MAX_POOL_SIZE ||
631 fm->max_pool_size < 0) {
632 ubi_err("bad maximal pool size: %i", fm->max_pool_size);
633 goto fail_bad;
634 }
635
636 if (fm->max_wl_pool_size > UBI_FM_MAX_POOL_SIZE ||
637 fm->max_wl_pool_size < 0) {
638 ubi_err("bad maximal WL pool size: %i", fm->max_wl_pool_size);
639 goto fail_bad;
640 }
641
642 /* read EC values from free list */
643 for (i = 0; i < be32_to_cpu(fmhdr->free_peb_count); i++) {
644 fmec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
645 fm_pos += sizeof(*fmec);
646 if (fm_pos >= fm_size)
647 goto fail_bad;
648
649 add_aeb(ai, &ai->free, be32_to_cpu(fmec->pnum),
650 be32_to_cpu(fmec->ec), 0);
651 }
652
653 /* read EC values from used list */
654 for (i = 0; i < be32_to_cpu(fmhdr->used_peb_count); i++) {
655 fmec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
656 fm_pos += sizeof(*fmec);
657 if (fm_pos >= fm_size)
658 goto fail_bad;
659
660 add_aeb(ai, &used, be32_to_cpu(fmec->pnum),
661 be32_to_cpu(fmec->ec), 0);
662 }
663
664 /* read EC values from scrub list */
665 for (i = 0; i < be32_to_cpu(fmhdr->scrub_peb_count); i++) {
666 fmec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
667 fm_pos += sizeof(*fmec);
668 if (fm_pos >= fm_size)
669 goto fail_bad;
670
671 add_aeb(ai, &used, be32_to_cpu(fmec->pnum),
672 be32_to_cpu(fmec->ec), 1);
673 }
674
675 /* read EC values from erase list */
676 for (i = 0; i < be32_to_cpu(fmhdr->erase_peb_count); i++) {
677 fmec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
678 fm_pos += sizeof(*fmec);
679 if (fm_pos >= fm_size)
680 goto fail_bad;
681
682 add_aeb(ai, &ai->erase, be32_to_cpu(fmec->pnum),
683 be32_to_cpu(fmec->ec), 1);
684 }
685
686 ai->mean_ec = div_u64(ai->ec_sum, ai->ec_count);
687 ai->bad_peb_count = be32_to_cpu(fmhdr->bad_peb_count);
688
689 /* Iterate over all volumes and read their EBA table */
690 for (i = 0; i < be32_to_cpu(fmhdr->vol_count); i++) {
691 fmvhdr = (struct ubi_fm_volhdr *)(fm_raw + fm_pos);
692 fm_pos += sizeof(*fmvhdr);
693 if (fm_pos >= fm_size)
694 goto fail_bad;
695
696 if (be32_to_cpu(fmvhdr->magic) != UBI_FM_VHDR_MAGIC) {
697 ubi_err("bad fastmap vol header magic: 0x%x, " \
698 "expected: 0x%x",
699 be32_to_cpu(fmvhdr->magic), UBI_FM_VHDR_MAGIC);
700 goto fail_bad;
701 }
702
703 av = add_vol(ai, be32_to_cpu(fmvhdr->vol_id),
704 be32_to_cpu(fmvhdr->used_ebs),
705 be32_to_cpu(fmvhdr->data_pad),
706 fmvhdr->vol_type,
707 be32_to_cpu(fmvhdr->last_eb_bytes));
708
709 if (!av)
710 goto fail_bad;
711
712 ai->vols_found++;
713 if (ai->highest_vol_id < be32_to_cpu(fmvhdr->vol_id))
714 ai->highest_vol_id = be32_to_cpu(fmvhdr->vol_id);
715
716 fm_eba = (struct ubi_fm_eba *)(fm_raw + fm_pos);
717 fm_pos += sizeof(*fm_eba);
718 fm_pos += (sizeof(__be32) * be32_to_cpu(fm_eba->reserved_pebs));
719 if (fm_pos >= fm_size)
720 goto fail_bad;
721
722 if (be32_to_cpu(fm_eba->magic) != UBI_FM_EBA_MAGIC) {
723 ubi_err("bad fastmap EBA header magic: 0x%x, " \
724 "expected: 0x%x",
725 be32_to_cpu(fm_eba->magic), UBI_FM_EBA_MAGIC);
726 goto fail_bad;
727 }
728
729 for (j = 0; j < be32_to_cpu(fm_eba->reserved_pebs); j++) {
730 int pnum = be32_to_cpu(fm_eba->pnum[j]);
731
732 if ((int)be32_to_cpu(fm_eba->pnum[j]) < 0)
733 continue;
734
735 aeb = NULL;
736 list_for_each_entry(tmp_aeb, &used, u.list) {
584d4623 737 if (tmp_aeb->pnum == pnum) {
dbb7d2a8 738 aeb = tmp_aeb;
584d4623
BP		 739 break;
740 }
dbb7d2a8
RW		 741 }
742
743 /* This can happen if a PEB is already in an EBA known
744 * by this fastmap but the PEB itself is not in the used
745 * list.
746 * In this case the PEB can be within the fastmap pool
747 * or while writing the fastmap it was in the protection
748 * queue.
749 */
750 if (!aeb) {
751 aeb = kmem_cache_alloc(ai->aeb_slab_cache,
752 GFP_KERNEL);
753 if (!aeb) {
754 ret = -ENOMEM;
755
756 goto fail;
757 }
758
759 aeb->lnum = j;
760 aeb->pnum = be32_to_cpu(fm_eba->pnum[j]);
761 aeb->ec = -1;
762 aeb->scrub = aeb->copy_flag = aeb->sqnum = 0;
763 list_add_tail(&aeb->u.list, &eba_orphans);
764 continue;
765 }
766
767 aeb->lnum = j;
768
769 if (av->highest_lnum <= aeb->lnum)
770 av->highest_lnum = aeb->lnum;
771
772 assign_aeb_to_av(ai, aeb, av);
773
774 dbg_bld("inserting PEB:%i (LEB %i) to vol %i",
775 aeb->pnum, aeb->lnum, av->vol_id);
776 }
777
778 ech = kzalloc(ubi->ec_hdr_alsize, GFP_KERNEL);
779 if (!ech) {
780 ret = -ENOMEM;
781 goto fail;
782 }
783
784 list_for_each_entry_safe(tmp_aeb, _tmp_aeb, &eba_orphans,
785 u.list) {
786 int err;
787
788 if (ubi_io_is_bad(ubi, tmp_aeb->pnum)) {
789 ubi_err("bad PEB in fastmap EBA orphan list");
790 ret = UBI_BAD_FASTMAP;
791 kfree(ech);
792 goto fail;
793 }
794
795 err = ubi_io_read_ec_hdr(ubi, tmp_aeb->pnum, ech, 0);
796 if (err && err != UBI_IO_BITFLIPS) {
797 ubi_err("unable to read EC header! PEB:%i " \
798 "err:%i", tmp_aeb->pnum, err);
799 ret = err > 0 ? UBI_BAD_FASTMAP : err;
800 kfree(ech);
801
802 goto fail;
803 } else if (err == UBI_IO_BITFLIPS)
804 tmp_aeb->scrub = 1;
805
806 tmp_aeb->ec = be64_to_cpu(ech->ec);
807 assign_aeb_to_av(ai, tmp_aeb, av);
808 }
809
810 kfree(ech);
811 }
812
813 ret = scan_pool(ubi, ai, fmpl1->pebs, pool_size, &max_sqnum,
814 &eba_orphans, &free);
815 if (ret)
816 goto fail;
817
818 ret = scan_pool(ubi, ai, fmpl2->pebs, wl_pool_size, &max_sqnum,
819 &eba_orphans, &free);
820 if (ret)
821 goto fail;
822
823 if (max_sqnum > ai->max_sqnum)
824 ai->max_sqnum = max_sqnum;
825
6a059abd
WY		 826 list_for_each_entry_safe(tmp_aeb, _tmp_aeb, &free, u.list)
827 list_move_tail(&tmp_aeb->u.list, &ai->free);
dbb7d2a8
RW		 828
829 /*
830 * If fastmap is leaking PEBs (must not happen), raise a
831 * fat warning and fall back to scanning mode.
832 * We do this here because in ubi_wl_init() it's too late
833 * and we cannot fall back to scanning.
834 */
835 if (WARN_ON(count_fastmap_pebs(ai) != ubi->peb_count -
836 ai->bad_peb_count - fm->used_blocks))
837 goto fail_bad;
838
839 return 0;
840
841fail_bad:
842 ret = UBI_BAD_FASTMAP;
843fail:
fe24c6e5
RW		 844 list_for_each_entry_safe(tmp_aeb, _tmp_aeb, &used, u.list) {
845 kmem_cache_free(ai->aeb_slab_cache, tmp_aeb);
846 list_del(&tmp_aeb->u.list);
847 }
848 list_for_each_entry_safe(tmp_aeb, _tmp_aeb, &eba_orphans, u.list) {
849 kmem_cache_free(ai->aeb_slab_cache, tmp_aeb);
850 list_del(&tmp_aeb->u.list);
851 }
852 list_for_each_entry_safe(tmp_aeb, _tmp_aeb, &free, u.list) {
853 kmem_cache_free(ai->aeb_slab_cache, tmp_aeb);
854 list_del(&tmp_aeb->u.list);
855 }
856
dbb7d2a8
RW		 857 return ret;
858}
859
860/**
861 * ubi_scan_fastmap - scan the fastmap.
862 * @ubi: UBI device object
863 * @ai: UBI attach info to be filled
864 * @fm_anchor: The fastmap starts at this PEB
865 *
866 * Returns 0 on success, UBI_NO_FASTMAP if no fastmap was found,
867 * UBI_BAD_FASTMAP if one was found but is not usable.
868 * < 0 indicates an internal error.
869 */
870int ubi_scan_fastmap(struct ubi_device *ubi, struct ubi_attach_info *ai,
871 int fm_anchor)
872{
873 struct ubi_fm_sb *fmsb, *fmsb2;
874 struct ubi_vid_hdr *vh;
875 struct ubi_ec_hdr *ech;
876 struct ubi_fastmap_layout *fm;
877 int i, used_blocks, pnum, ret = 0;
878 size_t fm_size;
879 __be32 crc, tmp_crc;
880 unsigned long long sqnum = 0;
881
882 mutex_lock(&ubi->fm_mutex);
883 memset(ubi->fm_buf, 0, ubi->fm_size);
884
885 fmsb = kmalloc(sizeof(*fmsb), GFP_KERNEL);
886 if (!fmsb) {
887 ret = -ENOMEM;
888 goto out;
889 }
890
891 fm = kzalloc(sizeof(*fm), GFP_KERNEL);
892 if (!fm) {
893 ret = -ENOMEM;
894 kfree(fmsb);
895 goto out;
896 }
897
898 ret = ubi_io_read(ubi, fmsb, fm_anchor, ubi->leb_start, sizeof(*fmsb));
899 if (ret && ret != UBI_IO_BITFLIPS)
900 goto free_fm_sb;
901 else if (ret == UBI_IO_BITFLIPS)
902 fm->to_be_tortured[0] = 1;
903
904 if (be32_to_cpu(fmsb->magic) != UBI_FM_SB_MAGIC) {
905 ubi_err("bad super block magic: 0x%x, expected: 0x%x",
906 be32_to_cpu(fmsb->magic), UBI_FM_SB_MAGIC);
907 ret = UBI_BAD_FASTMAP;
908 goto free_fm_sb;
909 }
910
911 if (fmsb->version != UBI_FM_FMT_VERSION) {
912 ubi_err("bad fastmap version: %i, expected: %i",
913 fmsb->version, UBI_FM_FMT_VERSION);
914 ret = UBI_BAD_FASTMAP;
915 goto free_fm_sb;
916 }
917
918 used_blocks = be32_to_cpu(fmsb->used_blocks);
919 if (used_blocks > UBI_FM_MAX_BLOCKS || used_blocks < 1) {
920 ubi_err("number of fastmap blocks is invalid: %i", used_blocks);
921 ret = UBI_BAD_FASTMAP;
922 goto free_fm_sb;
923 }
924
925 fm_size = ubi->leb_size * used_blocks;
926 if (fm_size != ubi->fm_size) {
927 ubi_err("bad fastmap size: %zi, expected: %zi", fm_size,
928 ubi->fm_size);
929 ret = UBI_BAD_FASTMAP;
930 goto free_fm_sb;
931 }
932
933 ech = kzalloc(ubi->ec_hdr_alsize, GFP_KERNEL);
934 if (!ech) {
935 ret = -ENOMEM;
936 goto free_fm_sb;
937 }
938
939 vh = ubi_zalloc_vid_hdr(ubi, GFP_KERNEL);
940 if (!vh) {
941 ret = -ENOMEM;
942 goto free_hdr;
943 }
944
945 for (i = 0; i < used_blocks; i++) {
c22301ad
RG		 946 int image_seq;
947
dbb7d2a8
RW		 948 pnum = be32_to_cpu(fmsb->block_loc[i]);
949
950 if (ubi_io_is_bad(ubi, pnum)) {
951 ret = UBI_BAD_FASTMAP;
952 goto free_hdr;
953 }
954
955 ret = ubi_io_read_ec_hdr(ubi, pnum, ech, 0);
956 if (ret && ret != UBI_IO_BITFLIPS) {
957 ubi_err("unable to read fastmap block# %i EC (PEB: %i)",
958 i, pnum);
959 if (ret > 0)
960 ret = UBI_BAD_FASTMAP;
961 goto free_hdr;
962 } else if (ret == UBI_IO_BITFLIPS)
963 fm->to_be_tortured[i] = 1;
964
c22301ad 965 image_seq = be32_to_cpu(ech->image_seq);
dbb7d2a8 966 if (!ubi->image_seq)
c22301ad 967 ubi->image_seq = image_seq;
dbb7d2a8 968
c22301ad
RG		 969 /*
970 * Older UBI implementations have image_seq set to zero, so
971 * we shouldn't fail if image_seq == 0.
972 */
973 if (image_seq && (image_seq != ubi->image_seq)) {
974 ubi_err("wrong image seq:%d instead of %d",
975 be32_to_cpu(ech->image_seq), ubi->image_seq);
dbb7d2a8
RW		 976 ret = UBI_BAD_FASTMAP;
977 goto free_hdr;
978 }
979
980 ret = ubi_io_read_vid_hdr(ubi, pnum, vh, 0);
981 if (ret && ret != UBI_IO_BITFLIPS) {
982 ubi_err("unable to read fastmap block# %i (PEB: %i)",
983 i, pnum);
984 goto free_hdr;
985 }
986
987 if (i == 0) {
988 if (be32_to_cpu(vh->vol_id) != UBI_FM_SB_VOLUME_ID) {
989 ubi_err("bad fastmap anchor vol_id: 0x%x," \
990 " expected: 0x%x",
991 be32_to_cpu(vh->vol_id),
992 UBI_FM_SB_VOLUME_ID);
993 ret = UBI_BAD_FASTMAP;
994 goto free_hdr;
995 }
996 } else {
997 if (be32_to_cpu(vh->vol_id) != UBI_FM_DATA_VOLUME_ID) {
998 ubi_err("bad fastmap data vol_id: 0x%x," \
999 " expected: 0x%x",
1000 be32_to_cpu(vh->vol_id),
1001 UBI_FM_DATA_VOLUME_ID);
1002 ret = UBI_BAD_FASTMAP;
1003 goto free_hdr;
1004 }
1005 }
1006
1007 if (sqnum < be64_to_cpu(vh->sqnum))
1008 sqnum = be64_to_cpu(vh->sqnum);
1009
1010 ret = ubi_io_read(ubi, ubi->fm_buf + (ubi->leb_size * i), pnum,
1011 ubi->leb_start, ubi->leb_size);
1012 if (ret && ret != UBI_IO_BITFLIPS) {
1013 ubi_err("unable to read fastmap block# %i (PEB: %i, " \
1014 "err: %i)", i, pnum, ret);
1015 goto free_hdr;
1016 }
1017 }
1018
1019 kfree(fmsb);
1020 fmsb = NULL;
1021
1022 fmsb2 = (struct ubi_fm_sb *)(ubi->fm_buf);
1023 tmp_crc = be32_to_cpu(fmsb2->data_crc);
1024 fmsb2->data_crc = 0;
1025 crc = crc32(UBI_CRC32_INIT, ubi->fm_buf, fm_size);
1026 if (crc != tmp_crc) {
1027 ubi_err("fastmap data CRC is invalid");
1028 ubi_err("CRC should be: 0x%x, calc: 0x%x", tmp_crc, crc);
1029 ret = UBI_BAD_FASTMAP;
1030 goto free_hdr;
1031 }
1032
1033 fmsb2->sqnum = sqnum;
1034
1035 fm->used_blocks = used_blocks;
1036
1037 ret = ubi_attach_fastmap(ubi, ai, fm);
1038 if (ret) {
1039 if (ret > 0)
1040 ret = UBI_BAD_FASTMAP;
1041 goto free_hdr;
1042 }
1043
1044 for (i = 0; i < used_blocks; i++) {
1045 struct ubi_wl_entry *e;
1046
1047 e = kmem_cache_alloc(ubi_wl_entry_slab, GFP_KERNEL);
1048 if (!e) {
1049 while (i--)
1050 kfree(fm->e[i]);
1051
1052 ret = -ENOMEM;
1053 goto free_hdr;
1054 }
1055
1056 e->pnum = be32_to_cpu(fmsb2->block_loc[i]);
1057 e->ec = be32_to_cpu(fmsb2->block_ec[i]);
1058 fm->e[i] = e;
1059 }
1060
1061 ubi->fm = fm;
1062 ubi->fm_pool.max_size = ubi->fm->max_pool_size;
1063 ubi->fm_wl_pool.max_size = ubi->fm->max_wl_pool_size;
1064 ubi_msg("attached by fastmap");
1065 ubi_msg("fastmap pool size: %d", ubi->fm_pool.max_size);
1066 ubi_msg("fastmap WL pool size: %d", ubi->fm_wl_pool.max_size);
1067 ubi->fm_disabled = 0;
1068
1069 ubi_free_vid_hdr(ubi, vh);
1070 kfree(ech);
1071out:
1072 mutex_unlock(&ubi->fm_mutex);
1073 if (ret == UBI_BAD_FASTMAP)
1074 ubi_err("Attach by fastmap failed, doing a full scan!");
1075 return ret;
1076
1077free_hdr:
1078 ubi_free_vid_hdr(ubi, vh);
1079 kfree(ech);
1080free_fm_sb:
1081 kfree(fmsb);
1082 kfree(fm);
1083 goto out;
1084}
1085
1086/**
1087 * ubi_write_fastmap - writes a fastmap.
1088 * @ubi: UBI device object
1089 * @new_fm: the to be written fastmap
1090 *
1091 * Returns 0 on success, < 0 indicates an internal error.
1092 */
1093static int ubi_write_fastmap(struct ubi_device *ubi,
1094 struct ubi_fastmap_layout *new_fm)
1095{
1096 size_t fm_pos = 0;
1097 void *fm_raw;
1098 struct ubi_fm_sb *fmsb;
1099 struct ubi_fm_hdr *fmh;
1100 struct ubi_fm_scan_pool *fmpl1, *fmpl2;
1101 struct ubi_fm_ec *fec;
1102 struct ubi_fm_volhdr *fvh;
1103 struct ubi_fm_eba *feba;
1104 struct rb_node *node;
1105 struct ubi_wl_entry *wl_e;
1106 struct ubi_volume *vol;
1107 struct ubi_vid_hdr *avhdr, *dvhdr;
1108 struct ubi_work *ubi_wrk;
1109 int ret, i, j, free_peb_count, used_peb_count, vol_count;
1110 int scrub_peb_count, erase_peb_count;
1111
1112 fm_raw = ubi->fm_buf;
1113 memset(ubi->fm_buf, 0, ubi->fm_size);
1114
1115 avhdr = new_fm_vhdr(ubi, UBI_FM_SB_VOLUME_ID);
1116 if (!avhdr) {
1117 ret = -ENOMEM;
1118 goto out;
1119 }
1120
1121 dvhdr = new_fm_vhdr(ubi, UBI_FM_DATA_VOLUME_ID);
1122 if (!dvhdr) {
1123 ret = -ENOMEM;
1124 goto out_kfree;
1125 }
1126
1127 spin_lock(&ubi->volumes_lock);
1128 spin_lock(&ubi->wl_lock);
1129
1130 fmsb = (struct ubi_fm_sb *)fm_raw;
1131 fm_pos += sizeof(*fmsb);
1132 ubi_assert(fm_pos <= ubi->fm_size);
1133
1134 fmh = (struct ubi_fm_hdr *)(fm_raw + fm_pos);
1135 fm_pos += sizeof(*fmh);
1136 ubi_assert(fm_pos <= ubi->fm_size);
1137
1138 fmsb->magic = cpu_to_be32(UBI_FM_SB_MAGIC);
1139 fmsb->version = UBI_FM_FMT_VERSION;
1140 fmsb->used_blocks = cpu_to_be32(new_fm->used_blocks);
1141 /* the max sqnum will be filled in while *reading* the fastmap */
1142 fmsb->sqnum = 0;
1143
1144 fmh->magic = cpu_to_be32(UBI_FM_HDR_MAGIC);
1145 free_peb_count = 0;
1146 used_peb_count = 0;
1147 scrub_peb_count = 0;
1148 erase_peb_count = 0;
1149 vol_count = 0;
1150
1151 fmpl1 = (struct ubi_fm_scan_pool *)(fm_raw + fm_pos);
1152 fm_pos += sizeof(*fmpl1);
1153 fmpl1->magic = cpu_to_be32(UBI_FM_POOL_MAGIC);
1154 fmpl1->size = cpu_to_be16(ubi->fm_pool.size);
1155 fmpl1->max_size = cpu_to_be16(ubi->fm_pool.max_size);
1156
1157 for (i = 0; i < ubi->fm_pool.size; i++)
1158 fmpl1->pebs[i] = cpu_to_be32(ubi->fm_pool.pebs[i]);
1159
1160 fmpl2 = (struct ubi_fm_scan_pool *)(fm_raw + fm_pos);
1161 fm_pos += sizeof(*fmpl2);
1162 fmpl2->magic = cpu_to_be32(UBI_FM_POOL_MAGIC);
1163 fmpl2->size = cpu_to_be16(ubi->fm_wl_pool.size);
1164 fmpl2->max_size = cpu_to_be16(ubi->fm_wl_pool.max_size);
1165
1166 for (i = 0; i < ubi->fm_wl_pool.size; i++)
1167 fmpl2->pebs[i] = cpu_to_be32(ubi->fm_wl_pool.pebs[i]);
1168
1169 for (node = rb_first(&ubi->free); node; node = rb_next(node)) {
1170 wl_e = rb_entry(node, struct ubi_wl_entry, u.rb);
1171 fec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
1172
1173 fec->pnum = cpu_to_be32(wl_e->pnum);
1174 fec->ec = cpu_to_be32(wl_e->ec);
1175
1176 free_peb_count++;
1177 fm_pos += sizeof(*fec);
1178 ubi_assert(fm_pos <= ubi->fm_size);
1179 }
1180 fmh->free_peb_count = cpu_to_be32(free_peb_count);
1181
1182 for (node = rb_first(&ubi->used); node; node = rb_next(node)) {
1183 wl_e = rb_entry(node, struct ubi_wl_entry, u.rb);
1184 fec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
1185
1186 fec->pnum = cpu_to_be32(wl_e->pnum);
1187 fec->ec = cpu_to_be32(wl_e->ec);
1188
1189 used_peb_count++;
1190 fm_pos += sizeof(*fec);
1191 ubi_assert(fm_pos <= ubi->fm_size);
1192 }
1193 fmh->used_peb_count = cpu_to_be32(used_peb_count);
1194
1195 for (node = rb_first(&ubi->scrub); node; node = rb_next(node)) {
1196 wl_e = rb_entry(node, struct ubi_wl_entry, u.rb);
1197 fec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
1198
1199 fec->pnum = cpu_to_be32(wl_e->pnum);
1200 fec->ec = cpu_to_be32(wl_e->ec);
1201
1202 scrub_peb_count++;
1203 fm_pos += sizeof(*fec);
1204 ubi_assert(fm_pos <= ubi->fm_size);
1205 }
1206 fmh->scrub_peb_count = cpu_to_be32(scrub_peb_count);
1207
1208
1209 list_for_each_entry(ubi_wrk, &ubi->works, list) {
1210 if (ubi_is_erase_work(ubi_wrk)) {
1211 wl_e = ubi_wrk->e;
1212 ubi_assert(wl_e);
1213
1214 fec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
1215
1216 fec->pnum = cpu_to_be32(wl_e->pnum);
1217 fec->ec = cpu_to_be32(wl_e->ec);
1218
1219 erase_peb_count++;
1220 fm_pos += sizeof(*fec);
1221 ubi_assert(fm_pos <= ubi->fm_size);
1222 }
1223 }
1224 fmh->erase_peb_count = cpu_to_be32(erase_peb_count);
1225
1226 for (i = 0; i < UBI_MAX_VOLUMES + UBI_INT_VOL_COUNT; i++) {
1227 vol = ubi->volumes[i];
1228
1229 if (!vol)
1230 continue;
1231
1232 vol_count++;
1233
1234 fvh = (struct ubi_fm_volhdr *)(fm_raw + fm_pos);
1235 fm_pos += sizeof(*fvh);
1236 ubi_assert(fm_pos <= ubi->fm_size);
1237
1238 fvh->magic = cpu_to_be32(UBI_FM_VHDR_MAGIC);
1239 fvh->vol_id = cpu_to_be32(vol->vol_id);
1240 fvh->vol_type = vol->vol_type;
1241 fvh->used_ebs = cpu_to_be32(vol->used_ebs);
1242 fvh->data_pad = cpu_to_be32(vol->data_pad);
1243 fvh->last_eb_bytes = cpu_to_be32(vol->last_eb_bytes);
1244
1245 ubi_assert(vol->vol_type == UBI_DYNAMIC_VOLUME ||
1246 vol->vol_type == UBI_STATIC_VOLUME);
1247
1248 feba = (struct ubi_fm_eba *)(fm_raw + fm_pos);
1249 fm_pos += sizeof(*feba) + (sizeof(__be32) * vol->reserved_pebs);
1250 ubi_assert(fm_pos <= ubi->fm_size);
1251
1252 for (j = 0; j < vol->reserved_pebs; j++)
1253 feba->pnum[j] = cpu_to_be32(vol->eba_tbl[j]);
1254
1255 feba->reserved_pebs = cpu_to_be32(j);
1256 feba->magic = cpu_to_be32(UBI_FM_EBA_MAGIC);
1257 }
1258 fmh->vol_count = cpu_to_be32(vol_count);
1259 fmh->bad_peb_count = cpu_to_be32(ubi->bad_peb_count);
1260
1261 avhdr->sqnum = cpu_to_be64(ubi_next_sqnum(ubi));
1262 avhdr->lnum = 0;
1263
1264 spin_unlock(&ubi->wl_lock);
1265 spin_unlock(&ubi->volumes_lock);
1266
1267 dbg_bld("writing fastmap SB to PEB %i", new_fm->e[0]->pnum);
1268 ret = ubi_io_write_vid_hdr(ubi, new_fm->e[0]->pnum, avhdr);
1269 if (ret) {
1270 ubi_err("unable to write vid_hdr to fastmap SB!");
1271 goto out_kfree;
1272 }
1273
1274 for (i = 0; i < new_fm->used_blocks; i++) {
1275 fmsb->block_loc[i] = cpu_to_be32(new_fm->e[i]->pnum);
1276 fmsb->block_ec[i] = cpu_to_be32(new_fm->e[i]->ec);
1277 }
1278
1279 fmsb->data_crc = 0;
1280 fmsb->data_crc = cpu_to_be32(crc32(UBI_CRC32_INIT, fm_raw,
1281 ubi->fm_size));
1282
1283 for (i = 1; i < new_fm->used_blocks; i++) {
1284 dvhdr->sqnum = cpu_to_be64(ubi_next_sqnum(ubi));
1285 dvhdr->lnum = cpu_to_be32(i);
1286 dbg_bld("writing fastmap data to PEB %i sqnum %llu",
1287 new_fm->e[i]->pnum, be64_to_cpu(dvhdr->sqnum));
1288 ret = ubi_io_write_vid_hdr(ubi, new_fm->e[i]->pnum, dvhdr);
1289 if (ret) {
1290 ubi_err("unable to write vid_hdr to PEB %i!",
1291 new_fm->e[i]->pnum);
1292 goto out_kfree;
1293 }
1294 }
1295
1296 for (i = 0; i < new_fm->used_blocks; i++) {
1297 ret = ubi_io_write(ubi, fm_raw + (i * ubi->leb_size),
1298 new_fm->e[i]->pnum, ubi->leb_start, ubi->leb_size);
1299 if (ret) {
1300 ubi_err("unable to write fastmap to PEB %i!",
1301 new_fm->e[i]->pnum);
1302 goto out_kfree;
1303 }
1304 }
1305
1306 ubi_assert(new_fm);
1307 ubi->fm = new_fm;
1308
1309 dbg_bld("fastmap written!");
1310
1311out_kfree:
1312 ubi_free_vid_hdr(ubi, avhdr);
1313 ubi_free_vid_hdr(ubi, dvhdr);
1314out:
1315 return ret;
1316}
1317
1318/**
1319 * erase_block - Manually erase a PEB.
1320 * @ubi: UBI device object
1321 * @pnum: PEB to be erased
1322 *
1323 * Returns the new EC value on success, < 0 indicates an internal error.
1324 */
1325static int erase_block(struct ubi_device *ubi, int pnum)
1326{
1327 int ret;
1328 struct ubi_ec_hdr *ec_hdr;
1329 long long ec;
1330
1331 ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_KERNEL);
1332 if (!ec_hdr)
1333 return -ENOMEM;
1334
1335 ret = ubi_io_read_ec_hdr(ubi, pnum, ec_hdr, 0);
1336 if (ret < 0)
1337 goto out;
1338 else if (ret && ret != UBI_IO_BITFLIPS) {
1339 ret = -EINVAL;
1340 goto out;
1341 }
1342
1343 ret = ubi_io_sync_erase(ubi, pnum, 0);
1344 if (ret < 0)
1345 goto out;
1346
1347 ec = be64_to_cpu(ec_hdr->ec);
1348 ec += ret;
1349 if (ec > UBI_MAX_ERASECOUNTER) {
1350 ret = -EINVAL;
1351 goto out;
1352 }
1353
1354 ec_hdr->ec = cpu_to_be64(ec);
1355 ret = ubi_io_write_ec_hdr(ubi, pnum, ec_hdr);
1356 if (ret < 0)
1357 goto out;
1358
1359 ret = ec;
1360out:
1361 kfree(ec_hdr);
1362 return ret;
1363}
1364
1365/**
1366 * invalidate_fastmap - destroys a fastmap.
1367 * @ubi: UBI device object
1368 * @fm: the fastmap to be destroyed
1369 *
1370 * Returns 0 on success, < 0 indicates an internal error.
1371 */
1372static int invalidate_fastmap(struct ubi_device *ubi,
1373 struct ubi_fastmap_layout *fm)
1374{
8930fa50 1375 int ret;
dbb7d2a8
RW		 1376 struct ubi_vid_hdr *vh;
1377
1378 ret = erase_block(ubi, fm->e[0]->pnum);
1379 if (ret < 0)
1380 return ret;
1381
1382 vh = new_fm_vhdr(ubi, UBI_FM_SB_VOLUME_ID);
1383 if (!vh)
1384 return -ENOMEM;
1385
1386 /* deleting the current fastmap SB is not enough, an old SB may exist,
1387 * so create a (corrupted) SB such that fastmap will find it and fall
1388 * back to scanning mode in any case */
1389 vh->sqnum = cpu_to_be64(ubi_next_sqnum(ubi));
1390 ret = ubi_io_write_vid_hdr(ubi, fm->e[0]->pnum, vh);
1391
dbb7d2a8
RW		 1392 return ret;
1393}
1394
1395/**
1396 * ubi_update_fastmap - will be called by UBI if a volume changes or
1397 * a fastmap pool becomes full.
1398 * @ubi: UBI device object
1399 *
1400 * Returns 0 on success, < 0 indicates an internal error.
1401 */
1402int ubi_update_fastmap(struct ubi_device *ubi)
1403{
1404 int ret, i;
1405 struct ubi_fastmap_layout *new_fm, *old_fm;
1406 struct ubi_wl_entry *tmp_e;
1407
1408 mutex_lock(&ubi->fm_mutex);
1409
1410 ubi_refill_pools(ubi);
1411
1412 if (ubi->ro_mode || ubi->fm_disabled) {
1413 mutex_unlock(&ubi->fm_mutex);
1414 return 0;
1415 }
1416
1417 ret = ubi_ensure_anchor_pebs(ubi);
1418 if (ret) {
1419 mutex_unlock(&ubi->fm_mutex);
1420 return ret;
1421 }
1422
1423 new_fm = kzalloc(sizeof(*new_fm), GFP_KERNEL);
1424 if (!new_fm) {
1425 mutex_unlock(&ubi->fm_mutex);
1426 return -ENOMEM;
1427 }
1428
1429 new_fm->used_blocks = ubi->fm_size / ubi->leb_size;
1430
1431 for (i = 0; i < new_fm->used_blocks; i++) {
1432 new_fm->e[i] = kmem_cache_alloc(ubi_wl_entry_slab, GFP_KERNEL);
1433 if (!new_fm->e[i]) {
1434 while (i--)
1435 kfree(new_fm->e[i]);
1436
1437 kfree(new_fm);
1438 mutex_unlock(&ubi->fm_mutex);
1439 return -ENOMEM;
1440 }
1441 }
1442
1443 old_fm = ubi->fm;
1444 ubi->fm = NULL;
1445
1446 if (new_fm->used_blocks > UBI_FM_MAX_BLOCKS) {
1447 ubi_err("fastmap too large");
1448 ret = -ENOSPC;
1449 goto err;
1450 }
1451
1452 for (i = 1; i < new_fm->used_blocks; i++) {
1453 spin_lock(&ubi->wl_lock);
1454 tmp_e = ubi_wl_get_fm_peb(ubi, 0);
1455 spin_unlock(&ubi->wl_lock);
1456
1457 if (!tmp_e && !old_fm) {
1458 int j;
1459 ubi_err("could not get any free erase block");
1460
1461 for (j = 1; j < i; j++)
1462 ubi_wl_put_fm_peb(ubi, new_fm->e[j], j, 0);
1463
1464 ret = -ENOSPC;
1465 goto err;
1466 } else if (!tmp_e && old_fm) {
1467 ret = erase_block(ubi, old_fm->e[i]->pnum);
1468 if (ret < 0) {
1469 int j;
1470
1471 for (j = 1; j < i; j++)
1472 ubi_wl_put_fm_peb(ubi, new_fm->e[j],
1473 j, 0);
1474
1475 ubi_err("could not erase old fastmap PEB");
1476 goto err;
1477 }
1478
1479 new_fm->e[i]->pnum = old_fm->e[i]->pnum;
1480 new_fm->e[i]->ec = old_fm->e[i]->ec;
1481 } else {
1482 new_fm->e[i]->pnum = tmp_e->pnum;
1483 new_fm->e[i]->ec = tmp_e->ec;
1484
1485 if (old_fm)
1486 ubi_wl_put_fm_peb(ubi, old_fm->e[i], i,
1487 old_fm->to_be_tortured[i]);
1488 }
1489 }
1490
1491 spin_lock(&ubi->wl_lock);
1492 tmp_e = ubi_wl_get_fm_peb(ubi, 1);
1493 spin_unlock(&ubi->wl_lock);
1494
1495 if (old_fm) {
1496 /* no fresh anchor PEB was found, reuse the old one */
1497 if (!tmp_e) {
1498 ret = erase_block(ubi, old_fm->e[0]->pnum);
1499 if (ret < 0) {
1500 int i;
1501 ubi_err("could not erase old anchor PEB");
1502
1503 for (i = 1; i < new_fm->used_blocks; i++)
1504 ubi_wl_put_fm_peb(ubi, new_fm->e[i],
1505 i, 0);
1506 goto err;
1507 }
1508
1509 new_fm->e[0]->pnum = old_fm->e[0]->pnum;
1510 new_fm->e[0]->ec = ret;
1511 } else {
1512 /* we've got a new anchor PEB, return the old one */
1513 ubi_wl_put_fm_peb(ubi, old_fm->e[0], 0,
1514 old_fm->to_be_tortured[0]);
1515
1516 new_fm->e[0]->pnum = tmp_e->pnum;
1517 new_fm->e[0]->ec = tmp_e->ec;
1518 }
1519 } else {
1520 if (!tmp_e) {
1521 int i;
1522 ubi_err("could not find any anchor PEB");
1523
1524 for (i = 1; i < new_fm->used_blocks; i++)
1525 ubi_wl_put_fm_peb(ubi, new_fm->e[i], i, 0);
1526
1527 ret = -ENOSPC;
1528 goto err;
1529 }
1530
1531 new_fm->e[0]->pnum = tmp_e->pnum;
1532 new_fm->e[0]->ec = tmp_e->ec;
1533 }
1534
1535 down_write(&ubi->work_sem);
1536 down_write(&ubi->fm_sem);
1537 ret = ubi_write_fastmap(ubi, new_fm);
1538 up_write(&ubi->fm_sem);
1539 up_write(&ubi->work_sem);
1540
1541 if (ret)
1542 goto err;
1543
1544out_unlock:
1545 mutex_unlock(&ubi->fm_mutex);
1546 kfree(old_fm);
1547 return ret;
1548
1549err:
1550 kfree(new_fm);
1551
1552 ubi_warn("Unable to write new fastmap, err=%i", ret);
1553
1554 ret = 0;
1555 if (old_fm) {
1556 ret = invalidate_fastmap(ubi, old_fm);
1557 if (ret < 0)
1558 ubi_err("Unable to invalidiate current fastmap!");
1559 else if (ret)
1560 ret = 0;
1561 }
1562 goto out_unlock;
1563}
Ubuntu Artful kernel mirror