mtd/ubi/fastmap.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  * Copyright (c) 2012 Linutronix GmbH
0004  * Copyright (c) 2014 sigma star gmbh
0005  * Author: Richard Weinberger <richard@nod.at>
0006  */
0007
0008 #include <linux/crc32.h>
0009 #include <linux/bitmap.h>
0010 #include "ubi.h"
0011
0012 /**
0013  * init_seen - allocate memory for used for debugging.
0014  * @ubi: UBI device description object
0015  */
0016 static inline unsigned long *init_seen(struct ubi_device *ubi)
0017 {
0018     unsigned long *ret;
0019
0020     if (!ubi_dbg_chk_fastmap(ubi))
0021         return NULL;
0022
0023     ret = kcalloc(BITS_TO_LONGS(ubi->peb_count), sizeof(unsigned long),
0024               GFP_KERNEL);
0025     if (!ret)
0026         return ERR_PTR(-ENOMEM);
0027
0028     return ret;
0029 }
0030
0031 /**
0032  * free_seen - free the seen logic integer array.
0033  * @seen: integer array of @ubi->peb_count size
0034  */
0035 static inline void free_seen(unsigned long *seen)
0036 {
0037     kfree(seen);
0038 }
0039
0040 /**
0041  * set_seen - mark a PEB as seen.
0042  * @ubi: UBI device description object
0043  * @pnum: The PEB to be makred as seen
0044  * @seen: integer array of @ubi->peb_count size
0045  */
0046 static inline void set_seen(struct ubi_device *ubi, int pnum, unsigned long *seen)
0047 {
0048     if (!ubi_dbg_chk_fastmap(ubi) || !seen)
0049         return;
0050
0051     set_bit(pnum, seen);
0052 }
0053
0054 /**
0055  * self_check_seen - check whether all PEB have been seen by fastmap.
0056  * @ubi: UBI device description object
0057  * @seen: integer array of @ubi->peb_count size
0058  */
0059 static int self_check_seen(struct ubi_device *ubi, unsigned long *seen)
0060 {
0061     int pnum, ret = 0;
0062
0063     if (!ubi_dbg_chk_fastmap(ubi) || !seen)
0064         return 0;
0065
0066     for (pnum = 0; pnum < ubi->peb_count; pnum++) {
0067         if (!test_bit(pnum, seen) && ubi->lookuptbl[pnum]) {
0068             ubi_err(ubi, "self-check failed for PEB %d, fastmap didn't see it", pnum);
0069             ret = -EINVAL;
0070         }
0071     }
0072
0073     return ret;
0074 }
0075
0076 /**
0077  * ubi_calc_fm_size - calculates the fastmap size in bytes for an UBI device.
0078  * @ubi: UBI device description object
0079  */
0080 size_t ubi_calc_fm_size(struct ubi_device *ubi)
0081 {
0082     size_t size;
0083
0084     size = sizeof(struct ubi_fm_sb) +
0085         sizeof(struct ubi_fm_hdr) +
0086         sizeof(struct ubi_fm_scan_pool) +
0087         sizeof(struct ubi_fm_scan_pool) +
0088         (ubi->peb_count * sizeof(struct ubi_fm_ec)) +
0089         (sizeof(struct ubi_fm_eba) +
0090         (ubi->peb_count * sizeof(__be32))) +
0091         sizeof(struct ubi_fm_volhdr) * UBI_MAX_VOLUMES;
0092     return roundup(size, ubi->leb_size);
0093 }
0094
0095
0096 /**
0097  * new_fm_vhdr - allocate a new volume header for fastmap usage.
0098  * @ubi: UBI device description object
0099  * @vol_id: the VID of the new header
0100  *
0101  * Returns a new struct ubi_vid_hdr on success.
0102  * NULL indicates out of memory.
0103  */
0104 static struct ubi_vid_io_buf *new_fm_vbuf(struct ubi_device *ubi, int vol_id)
0105 {
0106     struct ubi_vid_io_buf *new;
0107     struct ubi_vid_hdr *vh;
0108
0109     new = ubi_alloc_vid_buf(ubi, GFP_KERNEL);
0110     if (!new)
0111         goto out;
0112
0113     vh = ubi_get_vid_hdr(new);
0114     vh->vol_type = UBI_VID_DYNAMIC;
0115     vh->vol_id = cpu_to_be32(vol_id);
0116
0117     /* UBI implementations without fastmap support have to delete the
0118      * fastmap.
0119      */
0120     vh->compat = UBI_COMPAT_DELETE;
0121
0122 out:
0123     return new;
0124 }
0125
0126 /**
0127  * add_aeb - create and add a attach erase block to a given list.
0128  * @ai: UBI attach info object
0129  * @list: the target list
0130  * @pnum: PEB number of the new attach erase block
0131  * @ec: erease counter of the new LEB
0132  * @scrub: scrub this PEB after attaching
0133  *
0134  * Returns 0 on success, < 0 indicates an internal error.
0135  */
0136 static int add_aeb(struct ubi_attach_info *ai, struct list_head *list,
0137            int pnum, int ec, int scrub)
0138 {
0139     struct ubi_ainf_peb *aeb;
0140
0141     aeb = ubi_alloc_aeb(ai, pnum, ec);
0142     if (!aeb)
0143         return -ENOMEM;
0144
0145     aeb->lnum = -1;
0146     aeb->scrub = scrub;
0147     aeb->copy_flag = aeb->sqnum = 0;
0148
0149     ai->ec_sum += aeb->ec;
0150     ai->ec_count++;
0151
0152     if (ai->max_ec < aeb->ec)
0153         ai->max_ec = aeb->ec;
0154
0155     if (ai->min_ec > aeb->ec)
0156         ai->min_ec = aeb->ec;
0157
0158     list_add_tail(&aeb->u.list, list);
0159
0160     return 0;
0161 }
0162
0163 /**
0164  * add_vol - create and add a new volume to ubi_attach_info.
0165  * @ai: ubi_attach_info object
0166  * @vol_id: VID of the new volume
0167  * @used_ebs: number of used EBS
0168  * @data_pad: data padding value of the new volume
0169  * @vol_type: volume type
0170  * @last_eb_bytes: number of bytes in the last LEB
0171  *
0172  * Returns the new struct ubi_ainf_volume on success.
0173  * NULL indicates an error.
0174  */
0175 static struct ubi_ainf_volume *add_vol(struct ubi_attach_info *ai, int vol_id,
0176                        int used_ebs, int data_pad, u8 vol_type,
0177                        int last_eb_bytes)
0178 {
0179     struct ubi_ainf_volume *av;
0180
0181     av = ubi_add_av(ai, vol_id);
0182     if (IS_ERR(av))
0183         return av;
0184
0185     av->data_pad = data_pad;
0186     av->last_data_size = last_eb_bytes;
0187     av->compat = 0;
0188     av->vol_type = vol_type;
0189     if (av->vol_type == UBI_STATIC_VOLUME)
0190         av->used_ebs = used_ebs;
0191
0192     dbg_bld("found volume (ID %i)", vol_id);
0193     return av;
0194 }
0195
0196 /**
0197  * assign_aeb_to_av - assigns a SEB to a given ainf_volume and removes it
0198  * from it's original list.
0199  * @ai: ubi_attach_info object
0200  * @aeb: the to be assigned SEB
0201  * @av: target scan volume
0202  */
0203 static void assign_aeb_to_av(struct ubi_attach_info *ai,
0204                  struct ubi_ainf_peb *aeb,
0205                  struct ubi_ainf_volume *av)
0206 {
0207     struct ubi_ainf_peb *tmp_aeb;
0208     struct rb_node **p = &av->root.rb_node, *parent = NULL;
0209
0210     while (*p) {
0211         parent = *p;
0212
0213         tmp_aeb = rb_entry(parent, struct ubi_ainf_peb, u.rb);
0214         if (aeb->lnum != tmp_aeb->lnum) {
0215             if (aeb->lnum < tmp_aeb->lnum)
0216                 p = &(*p)->rb_left;
0217             else
0218                 p = &(*p)->rb_right;
0219
0220             continue;
0221         } else
0222             break;
0223     }
0224
0225     list_del(&aeb->u.list);
0226     av->leb_count++;
0227
0228     rb_link_node(&aeb->u.rb, parent, p);
0229     rb_insert_color(&aeb->u.rb, &av->root);
0230 }
0231
0232 /**
0233  * update_vol - inserts or updates a LEB which was found a pool.
0234  * @ubi: the UBI device object
0235  * @ai: attach info object
0236  * @av: the volume this LEB belongs to
0237  * @new_vh: the volume header derived from new_aeb
0238  * @new_aeb: the AEB to be examined
0239  *
0240  * Returns 0 on success, < 0 indicates an internal error.
0241  */
0242 static int update_vol(struct ubi_device *ubi, struct ubi_attach_info *ai,
0243               struct ubi_ainf_volume *av, struct ubi_vid_hdr *new_vh,
0244               struct ubi_ainf_peb *new_aeb)
0245 {
0246     struct rb_node **p = &av->root.rb_node, *parent = NULL;
0247     struct ubi_ainf_peb *aeb, *victim;
0248     int cmp_res;
0249
0250     while (*p) {
0251         parent = *p;
0252         aeb = rb_entry(parent, struct ubi_ainf_peb, u.rb);
0253
0254         if (be32_to_cpu(new_vh->lnum) != aeb->lnum) {
0255             if (be32_to_cpu(new_vh->lnum) < aeb->lnum)
0256                 p = &(*p)->rb_left;
0257             else
0258                 p = &(*p)->rb_right;
0259
0260             continue;
0261         }
0262
0263         /* This case can happen if the fastmap gets written
0264          * because of a volume change (creation, deletion, ..).
0265          * Then a PEB can be within the persistent EBA and the pool.
0266          */
0267         if (aeb->pnum == new_aeb->pnum) {
0268             ubi_assert(aeb->lnum == new_aeb->lnum);
0269             ubi_free_aeb(ai, new_aeb);
0270
0271             return 0;
0272         }
0273
0274         cmp_res = ubi_compare_lebs(ubi, aeb, new_aeb->pnum, new_vh);
0275         if (cmp_res < 0)
0276             return cmp_res;
0277
0278         /* new_aeb is newer */
0279         if (cmp_res & 1) {
0280             victim = ubi_alloc_aeb(ai, aeb->pnum, aeb->ec);
0281             if (!victim)
0282                 return -ENOMEM;
0283
0284             list_add_tail(&victim->u.list, &ai->erase);
0285
0286             if (av->highest_lnum == be32_to_cpu(new_vh->lnum))
0287                 av->last_data_size =
0288                     be32_to_cpu(new_vh->data_size);
0289
0290             dbg_bld("vol %i: AEB %i's PEB %i is the newer",
0291                 av->vol_id, aeb->lnum, new_aeb->pnum);
0292
0293             aeb->ec = new_aeb->ec;
0294             aeb->pnum = new_aeb->pnum;
0295             aeb->copy_flag = new_vh->copy_flag;
0296             aeb->scrub = new_aeb->scrub;
0297             aeb->sqnum = new_aeb->sqnum;
0298             ubi_free_aeb(ai, new_aeb);
0299
0300         /* new_aeb is older */
0301         } else {
0302             dbg_bld("vol %i: AEB %i's PEB %i is old, dropping it",
0303                 av->vol_id, aeb->lnum, new_aeb->pnum);
0304             list_add_tail(&new_aeb->u.list, &ai->erase);
0305         }
0306
0307         return 0;
0308     }
0309     /* This LEB is new, let's add it to the volume */
0310
0311     if (av->highest_lnum <= be32_to_cpu(new_vh->lnum)) {
0312         av->highest_lnum = be32_to_cpu(new_vh->lnum);
0313         av->last_data_size = be32_to_cpu(new_vh->data_size);
0314     }
0315
0316     if (av->vol_type == UBI_STATIC_VOLUME)
0317         av->used_ebs = be32_to_cpu(new_vh->used_ebs);
0318
0319     av->leb_count++;
0320
0321     rb_link_node(&new_aeb->u.rb, parent, p);
0322     rb_insert_color(&new_aeb->u.rb, &av->root);
0323
0324     return 0;
0325 }
0326
0327 /**
0328  * process_pool_aeb - we found a non-empty PEB in a pool.
0329  * @ubi: UBI device object
0330  * @ai: attach info object
0331  * @new_vh: the volume header derived from new_aeb
0332  * @new_aeb: the AEB to be examined
0333  *
0334  * Returns 0 on success, < 0 indicates an internal error.
0335  */
0336 static int process_pool_aeb(struct ubi_device *ubi, struct ubi_attach_info *ai,
0337                 struct ubi_vid_hdr *new_vh,
0338                 struct ubi_ainf_peb *new_aeb)
0339 {
0340     int vol_id = be32_to_cpu(new_vh->vol_id);
0341     struct ubi_ainf_volume *av;
0342
0343     if (vol_id == UBI_FM_SB_VOLUME_ID || vol_id == UBI_FM_DATA_VOLUME_ID) {
0344         ubi_free_aeb(ai, new_aeb);
0345
0346         return 0;
0347     }
0348
0349     /* Find the volume this SEB belongs to */
0350     av = ubi_find_av(ai, vol_id);
0351     if (!av) {
0352         ubi_err(ubi, "orphaned volume in fastmap pool!");
0353         ubi_free_aeb(ai, new_aeb);
0354         return UBI_BAD_FASTMAP;
0355     }
0356
0357     ubi_assert(vol_id == av->vol_id);
0358
0359     return update_vol(ubi, ai, av, new_vh, new_aeb);
0360 }
0361
0362 /**
0363  * unmap_peb - unmap a PEB.
0364  * If fastmap detects a free PEB in the pool it has to check whether
0365  * this PEB has been unmapped after writing the fastmap.
0366  *
0367  * @ai: UBI attach info object
0368  * @pnum: The PEB to be unmapped
0369  */
0370 static void unmap_peb(struct ubi_attach_info *ai, int pnum)
0371 {
0372     struct ubi_ainf_volume *av;
0373     struct rb_node *node, *node2;
0374     struct ubi_ainf_peb *aeb;
0375
0376     ubi_rb_for_each_entry(node, av, &ai->volumes, rb) {
0377         ubi_rb_for_each_entry(node2, aeb, &av->root, u.rb) {
0378             if (aeb->pnum == pnum) {
0379                 rb_erase(&aeb->u.rb, &av->root);
0380                 av->leb_count--;
0381                 ubi_free_aeb(ai, aeb);
0382                 return;
0383             }
0384         }
0385     }
0386 }
0387
0388 /**
0389  * scan_pool - scans a pool for changed (no longer empty PEBs).
0390  * @ubi: UBI device object
0391  * @ai: attach info object
0392  * @pebs: an array of all PEB numbers in the to be scanned pool
0393  * @pool_size: size of the pool (number of entries in @pebs)
0394  * @max_sqnum: pointer to the maximal sequence number
0395  * @free: list of PEBs which are most likely free (and go into @ai->free)
0396  *
0397  * Returns 0 on success, if the pool is unusable UBI_BAD_FASTMAP is returned.
0398  * < 0 indicates an internal error.
0399  */
0400 static int scan_pool(struct ubi_device *ubi, struct ubi_attach_info *ai,
0401              __be32 *pebs, int pool_size, unsigned long long *max_sqnum,
0402              struct list_head *free)
0403 {
0404     struct ubi_vid_io_buf *vb;
0405     struct ubi_vid_hdr *vh;
0406     struct ubi_ec_hdr *ech;
0407     struct ubi_ainf_peb *new_aeb;
0408     int i, pnum, err, ret = 0;
0409
0410     ech = kzalloc(ubi->ec_hdr_alsize, GFP_KERNEL);
0411     if (!ech)
0412         return -ENOMEM;
0413
0414     vb = ubi_alloc_vid_buf(ubi, GFP_KERNEL);
0415     if (!vb) {
0416         kfree(ech);
0417         return -ENOMEM;
0418     }
0419
0420     vh = ubi_get_vid_hdr(vb);
0421
0422     dbg_bld("scanning fastmap pool: size = %i", pool_size);
0423
0424     /*
0425      * Now scan all PEBs in the pool to find changes which have been made
0426      * after the creation of the fastmap
0427      */
0428     for (i = 0; i < pool_size; i++) {
0429         int scrub = 0;
0430         int image_seq;
0431
0432         pnum = be32_to_cpu(pebs[i]);
0433
0434         if (ubi_io_is_bad(ubi, pnum)) {
0435             ubi_err(ubi, "bad PEB in fastmap pool!");
0436             ret = UBI_BAD_FASTMAP;
0437             goto out;
0438         }
0439
0440         err = ubi_io_read_ec_hdr(ubi, pnum, ech, 0);
0441         if (err && err != UBI_IO_BITFLIPS) {
0442             ubi_err(ubi, "unable to read EC header! PEB:%i err:%i",
0443                 pnum, err);
0444             ret = err > 0 ? UBI_BAD_FASTMAP : err;
0445             goto out;
0446         } else if (err == UBI_IO_BITFLIPS)
0447             scrub = 1;
0448
0449         /*
0450          * Older UBI implementations have image_seq set to zero, so
0451          * we shouldn't fail if image_seq == 0.
0452          */
0453         image_seq = be32_to_cpu(ech->image_seq);
0454
0455         if (image_seq && (image_seq != ubi->image_seq)) {
0456             ubi_err(ubi, "bad image seq: 0x%x, expected: 0x%x",
0457                 be32_to_cpu(ech->image_seq), ubi->image_seq);
0458             ret = UBI_BAD_FASTMAP;
0459             goto out;
0460         }
0461
0462         err = ubi_io_read_vid_hdr(ubi, pnum, vb, 0);
0463         if (err == UBI_IO_FF || err == UBI_IO_FF_BITFLIPS) {
0464             unsigned long long ec = be64_to_cpu(ech->ec);
0465             unmap_peb(ai, pnum);
0466             dbg_bld("Adding PEB to free: %i", pnum);
0467
0468             if (err == UBI_IO_FF_BITFLIPS)
0469                 scrub = 1;
0470
0471             ret = add_aeb(ai, free, pnum, ec, scrub);
0472             if (ret)
0473                 goto out;
0474             continue;
0475         } else if (err == 0 || err == UBI_IO_BITFLIPS) {
0476             dbg_bld("Found non empty PEB:%i in pool", pnum);
0477
0478             if (err == UBI_IO_BITFLIPS)
0479                 scrub = 1;
0480
0481             new_aeb = ubi_alloc_aeb(ai, pnum, be64_to_cpu(ech->ec));
0482             if (!new_aeb) {
0483                 ret = -ENOMEM;
0484                 goto out;
0485             }
0486
0487             new_aeb->lnum = be32_to_cpu(vh->lnum);
0488             new_aeb->sqnum = be64_to_cpu(vh->sqnum);
0489             new_aeb->copy_flag = vh->copy_flag;
0490             new_aeb->scrub = scrub;
0491
0492             if (*max_sqnum < new_aeb->sqnum)
0493                 *max_sqnum = new_aeb->sqnum;
0494
0495             err = process_pool_aeb(ubi, ai, vh, new_aeb);
0496             if (err) {
0497                 ret = err > 0 ? UBI_BAD_FASTMAP : err;
0498                 goto out;
0499             }
0500         } else {
0501             /* We are paranoid and fall back to scanning mode */
0502             ubi_err(ubi, "fastmap pool PEBs contains damaged PEBs!");
0503             ret = err > 0 ? UBI_BAD_FASTMAP : err;
0504             goto out;
0505         }
0506
0507     }
0508
0509 out:
0510     ubi_free_vid_buf(vb);
0511     kfree(ech);
0512     return ret;
0513 }
0514
0515 /**
0516  * count_fastmap_pebs - Counts the PEBs found by fastmap.
0517  * @ai: The UBI attach info object
0518  */
0519 static int count_fastmap_pebs(struct ubi_attach_info *ai)
0520 {
0521     struct ubi_ainf_peb *aeb;
0522     struct ubi_ainf_volume *av;
0523     struct rb_node *rb1, *rb2;
0524     int n = 0;
0525
0526     list_for_each_entry(aeb, &ai->erase, u.list)
0527         n++;
0528
0529     list_for_each_entry(aeb, &ai->free, u.list)
0530         n++;
0531
0532     ubi_rb_for_each_entry(rb1, av, &ai->volumes, rb)
0533         ubi_rb_for_each_entry(rb2, aeb, &av->root, u.rb)
0534             n++;
0535
0536     return n;
0537 }
0538
0539 /**
0540  * ubi_attach_fastmap - creates ubi_attach_info from a fastmap.
0541  * @ubi: UBI device object
0542  * @ai: UBI attach info object
0543  * @fm: the fastmap to be attached
0544  *
0545  * Returns 0 on success, UBI_BAD_FASTMAP if the found fastmap was unusable.
0546  * < 0 indicates an internal error.
0547  */
0548 static int ubi_attach_fastmap(struct ubi_device *ubi,
0549                   struct ubi_attach_info *ai,
0550                   struct ubi_fastmap_layout *fm)
0551 {
0552     struct list_head used, free;
0553     struct ubi_ainf_volume *av;
0554     struct ubi_ainf_peb *aeb, *tmp_aeb, *_tmp_aeb;
0555     struct ubi_fm_sb *fmsb;
0556     struct ubi_fm_hdr *fmhdr;
0557     struct ubi_fm_scan_pool *fmpl, *fmpl_wl;
0558     struct ubi_fm_ec *fmec;
0559     struct ubi_fm_volhdr *fmvhdr;
0560     struct ubi_fm_eba *fm_eba;
0561     int ret, i, j, pool_size, wl_pool_size;
0562     size_t fm_pos = 0, fm_size = ubi->fm_size;
0563     unsigned long long max_sqnum = 0;
0564     void *fm_raw = ubi->fm_buf;
0565
0566     INIT_LIST_HEAD(&used);
0567     INIT_LIST_HEAD(&free);
0568     ai->min_ec = UBI_MAX_ERASECOUNTER;
0569
0570     fmsb = (struct ubi_fm_sb *)(fm_raw);
0571     ai->max_sqnum = fmsb->sqnum;
0572     fm_pos += sizeof(struct ubi_fm_sb);
0573     if (fm_pos >= fm_size)
0574         goto fail_bad;
0575
0576     fmhdr = (struct ubi_fm_hdr *)(fm_raw + fm_pos);
0577     fm_pos += sizeof(*fmhdr);
0578     if (fm_pos >= fm_size)
0579         goto fail_bad;
0580
0581     if (be32_to_cpu(fmhdr->magic) != UBI_FM_HDR_MAGIC) {
0582         ubi_err(ubi, "bad fastmap header magic: 0x%x, expected: 0x%x",
0583             be32_to_cpu(fmhdr->magic), UBI_FM_HDR_MAGIC);
0584         goto fail_bad;
0585     }
0586
0587     fmpl = (struct ubi_fm_scan_pool *)(fm_raw + fm_pos);
0588     fm_pos += sizeof(*fmpl);
0589     if (fm_pos >= fm_size)
0590         goto fail_bad;
0591     if (be32_to_cpu(fmpl->magic) != UBI_FM_POOL_MAGIC) {
0592         ubi_err(ubi, "bad fastmap pool magic: 0x%x, expected: 0x%x",
0593             be32_to_cpu(fmpl->magic), UBI_FM_POOL_MAGIC);
0594         goto fail_bad;
0595     }
0596
0597     fmpl_wl = (struct ubi_fm_scan_pool *)(fm_raw + fm_pos);
0598     fm_pos += sizeof(*fmpl_wl);
0599     if (fm_pos >= fm_size)
0600         goto fail_bad;
0601     if (be32_to_cpu(fmpl_wl->magic) != UBI_FM_POOL_MAGIC) {
0602         ubi_err(ubi, "bad fastmap WL pool magic: 0x%x, expected: 0x%x",
0603             be32_to_cpu(fmpl_wl->magic), UBI_FM_POOL_MAGIC);
0604         goto fail_bad;
0605     }
0606
0607     pool_size = be16_to_cpu(fmpl->size);
0608     wl_pool_size = be16_to_cpu(fmpl_wl->size);
0609     fm->max_pool_size = be16_to_cpu(fmpl->max_size);
0610     fm->max_wl_pool_size = be16_to_cpu(fmpl_wl->max_size);
0611
0612     if (pool_size > UBI_FM_MAX_POOL_SIZE || pool_size < 0) {
0613         ubi_err(ubi, "bad pool size: %i", pool_size);
0614         goto fail_bad;
0615     }
0616
0617     if (wl_pool_size > UBI_FM_MAX_POOL_SIZE || wl_pool_size < 0) {
0618         ubi_err(ubi, "bad WL pool size: %i", wl_pool_size);
0619         goto fail_bad;
0620     }
0621
0622
0623     if (fm->max_pool_size > UBI_FM_MAX_POOL_SIZE ||
0624         fm->max_pool_size < 0) {
0625         ubi_err(ubi, "bad maximal pool size: %i", fm->max_pool_size);
0626         goto fail_bad;
0627     }
0628
0629     if (fm->max_wl_pool_size > UBI_FM_MAX_POOL_SIZE ||
0630         fm->max_wl_pool_size < 0) {
0631         ubi_err(ubi, "bad maximal WL pool size: %i",
0632             fm->max_wl_pool_size);
0633         goto fail_bad;
0634     }
0635
0636     /* read EC values from free list */
0637     for (i = 0; i < be32_to_cpu(fmhdr->free_peb_count); i++) {
0638         fmec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
0639         fm_pos += sizeof(*fmec);
0640         if (fm_pos >= fm_size)
0641             goto fail_bad;
0642
0643         ret = add_aeb(ai, &ai->free, be32_to_cpu(fmec->pnum),
0644                   be32_to_cpu(fmec->ec), 0);
0645         if (ret)
0646             goto fail;
0647     }
0648
0649     /* read EC values from used list */
0650     for (i = 0; i < be32_to_cpu(fmhdr->used_peb_count); i++) {
0651         fmec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
0652         fm_pos += sizeof(*fmec);
0653         if (fm_pos >= fm_size)
0654             goto fail_bad;
0655
0656         ret = add_aeb(ai, &used, be32_to_cpu(fmec->pnum),
0657                   be32_to_cpu(fmec->ec), 0);
0658         if (ret)
0659             goto fail;
0660     }
0661
0662     /* read EC values from scrub list */
0663     for (i = 0; i < be32_to_cpu(fmhdr->scrub_peb_count); i++) {
0664         fmec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
0665         fm_pos += sizeof(*fmec);
0666         if (fm_pos >= fm_size)
0667             goto fail_bad;
0668
0669         ret = add_aeb(ai, &used, be32_to_cpu(fmec->pnum),
0670                   be32_to_cpu(fmec->ec), 1);
0671         if (ret)
0672             goto fail;
0673     }
0674
0675     /* read EC values from erase list */
0676     for (i = 0; i < be32_to_cpu(fmhdr->erase_peb_count); i++) {
0677         fmec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
0678         fm_pos += sizeof(*fmec);
0679         if (fm_pos >= fm_size)
0680             goto fail_bad;
0681
0682         ret = add_aeb(ai, &ai->erase, be32_to_cpu(fmec->pnum),
0683                   be32_to_cpu(fmec->ec), 1);
0684         if (ret)
0685             goto fail;
0686     }
0687
0688     ai->mean_ec = div_u64(ai->ec_sum, ai->ec_count);
0689     ai->bad_peb_count = be32_to_cpu(fmhdr->bad_peb_count);
0690
0691     /* Iterate over all volumes and read their EBA table */
0692     for (i = 0; i < be32_to_cpu(fmhdr->vol_count); i++) {
0693         fmvhdr = (struct ubi_fm_volhdr *)(fm_raw + fm_pos);
0694         fm_pos += sizeof(*fmvhdr);
0695         if (fm_pos >= fm_size)
0696             goto fail_bad;
0697
0698         if (be32_to_cpu(fmvhdr->magic) != UBI_FM_VHDR_MAGIC) {
0699             ubi_err(ubi, "bad fastmap vol header magic: 0x%x, expected: 0x%x",
0700                 be32_to_cpu(fmvhdr->magic), UBI_FM_VHDR_MAGIC);
0701             goto fail_bad;
0702         }
0703
0704         av = add_vol(ai, be32_to_cpu(fmvhdr->vol_id),
0705                  be32_to_cpu(fmvhdr->used_ebs),
0706                  be32_to_cpu(fmvhdr->data_pad),
0707                  fmvhdr->vol_type,
0708                  be32_to_cpu(fmvhdr->last_eb_bytes));
0709
0710         if (IS_ERR(av)) {
0711             if (PTR_ERR(av) == -EEXIST)
0712                 ubi_err(ubi, "volume (ID %i) already exists",
0713                     fmvhdr->vol_id);
0714
0715             goto fail_bad;
0716         }
0717
0718         ai->vols_found++;
0719         if (ai->highest_vol_id < be32_to_cpu(fmvhdr->vol_id))
0720             ai->highest_vol_id = be32_to_cpu(fmvhdr->vol_id);
0721
0722         fm_eba = (struct ubi_fm_eba *)(fm_raw + fm_pos);
0723         fm_pos += sizeof(*fm_eba);
0724         fm_pos += (sizeof(__be32) * be32_to_cpu(fm_eba->reserved_pebs));
0725         if (fm_pos >= fm_size)
0726             goto fail_bad;
0727
0728         if (be32_to_cpu(fm_eba->magic) != UBI_FM_EBA_MAGIC) {
0729             ubi_err(ubi, "bad fastmap EBA header magic: 0x%x, expected: 0x%x",
0730                 be32_to_cpu(fm_eba->magic), UBI_FM_EBA_MAGIC);
0731             goto fail_bad;
0732         }
0733
0734         for (j = 0; j < be32_to_cpu(fm_eba->reserved_pebs); j++) {
0735             int pnum = be32_to_cpu(fm_eba->pnum[j]);
0736
0737             if (pnum < 0)
0738                 continue;
0739
0740             aeb = NULL;
0741             list_for_each_entry(tmp_aeb, &used, u.list) {
0742                 if (tmp_aeb->pnum == pnum) {
0743                     aeb = tmp_aeb;
0744                     break;
0745                 }
0746             }
0747
0748             if (!aeb) {
0749                 ubi_err(ubi, "PEB %i is in EBA but not in used list", pnum);
0750                 goto fail_bad;
0751             }
0752
0753             aeb->lnum = j;
0754
0755             if (av->highest_lnum <= aeb->lnum)
0756                 av->highest_lnum = aeb->lnum;
0757
0758             assign_aeb_to_av(ai, aeb, av);
0759
0760             dbg_bld("inserting PEB:%i (LEB %i) to vol %i",
0761                 aeb->pnum, aeb->lnum, av->vol_id);
0762         }
0763     }
0764
0765     ret = scan_pool(ubi, ai, fmpl->pebs, pool_size, &max_sqnum, &free);
0766     if (ret)
0767         goto fail;
0768
0769     ret = scan_pool(ubi, ai, fmpl_wl->pebs, wl_pool_size, &max_sqnum, &free);
0770     if (ret)
0771         goto fail;
0772
0773     if (max_sqnum > ai->max_sqnum)
0774         ai->max_sqnum = max_sqnum;
0775
0776     list_for_each_entry_safe(tmp_aeb, _tmp_aeb, &free, u.list)
0777         list_move_tail(&tmp_aeb->u.list, &ai->free);
0778
0779     list_for_each_entry_safe(tmp_aeb, _tmp_aeb, &used, u.list)
0780         list_move_tail(&tmp_aeb->u.list, &ai->erase);
0781
0782     ubi_assert(list_empty(&free));
0783
0784     /*
0785      * If fastmap is leaking PEBs (must not happen), raise a
0786      * fat warning and fall back to scanning mode.
0787      * We do this here because in ubi_wl_init() it's too late
0788      * and we cannot fall back to scanning.
0789      */
0790     if (WARN_ON(count_fastmap_pebs(ai) != ubi->peb_count -
0791             ai->bad_peb_count - fm->used_blocks))
0792         goto fail_bad;
0793
0794     return 0;
0795
0796 fail_bad:
0797     ret = UBI_BAD_FASTMAP;
0798 fail:
0799     list_for_each_entry_safe(tmp_aeb, _tmp_aeb, &used, u.list) {
0800         list_del(&tmp_aeb->u.list);
0801         ubi_free_aeb(ai, tmp_aeb);
0802     }
0803     list_for_each_entry_safe(tmp_aeb, _tmp_aeb, &free, u.list) {
0804         list_del(&tmp_aeb->u.list);
0805         ubi_free_aeb(ai, tmp_aeb);
0806     }
0807
0808     return ret;
0809 }
0810
0811 /**
0812  * find_fm_anchor - find the most recent Fastmap superblock (anchor)
0813  * @ai: UBI attach info to be filled
0814  */
0815 static int find_fm_anchor(struct ubi_attach_info *ai)
0816 {
0817     int ret = -1;
0818     struct ubi_ainf_peb *aeb;
0819     unsigned long long max_sqnum = 0;
0820
0821     list_for_each_entry(aeb, &ai->fastmap, u.list) {
0822         if (aeb->vol_id == UBI_FM_SB_VOLUME_ID && aeb->sqnum > max_sqnum) {
0823             max_sqnum = aeb->sqnum;
0824             ret = aeb->pnum;
0825         }
0826     }
0827
0828     return ret;
0829 }
0830
0831 static struct ubi_ainf_peb *clone_aeb(struct ubi_attach_info *ai,
0832                       struct ubi_ainf_peb *old)
0833 {
0834     struct ubi_ainf_peb *new;
0835
0836     new = ubi_alloc_aeb(ai, old->pnum, old->ec);
0837     if (!new)
0838         return NULL;
0839
0840     new->vol_id = old->vol_id;
0841     new->sqnum = old->sqnum;
0842     new->lnum = old->lnum;
0843     new->scrub = old->scrub;
0844     new->copy_flag = old->copy_flag;
0845
0846     return new;
0847 }
0848
0849 /**
0850  * ubi_scan_fastmap - scan the fastmap.
0851  * @ubi: UBI device object
0852  * @ai: UBI attach info to be filled
0853  * @scan_ai: UBI attach info from the first 64 PEBs,
0854  *           used to find the most recent Fastmap data structure
0855  *
0856  * Returns 0 on success, UBI_NO_FASTMAP if no fastmap was found,
0857  * UBI_BAD_FASTMAP if one was found but is not usable.
0858  * < 0 indicates an internal error.
0859  */
0860 int ubi_scan_fastmap(struct ubi_device *ubi, struct ubi_attach_info *ai,
0861              struct ubi_attach_info *scan_ai)
0862 {
0863     struct ubi_fm_sb *fmsb, *fmsb2;
0864     struct ubi_vid_io_buf *vb;
0865     struct ubi_vid_hdr *vh;
0866     struct ubi_ec_hdr *ech;
0867     struct ubi_fastmap_layout *fm;
0868     struct ubi_ainf_peb *aeb;
0869     int i, used_blocks, pnum, fm_anchor, ret = 0;
0870     size_t fm_size;
0871     __be32 crc, tmp_crc;
0872     unsigned long long sqnum = 0;
0873
0874     fm_anchor = find_fm_anchor(scan_ai);
0875     if (fm_anchor < 0)
0876         return UBI_NO_FASTMAP;
0877
0878     /* Copy all (possible) fastmap blocks into our new attach structure. */
0879     list_for_each_entry(aeb, &scan_ai->fastmap, u.list) {
0880         struct ubi_ainf_peb *new;
0881
0882         new = clone_aeb(ai, aeb);
0883         if (!new)
0884             return -ENOMEM;
0885
0886         list_add(&new->u.list, &ai->fastmap);
0887     }
0888
0889     down_write(&ubi->fm_protect);
0890     memset(ubi->fm_buf, 0, ubi->fm_size);
0891
0892     fmsb = kmalloc(sizeof(*fmsb), GFP_KERNEL);
0893     if (!fmsb) {
0894         ret = -ENOMEM;
0895         goto out;
0896     }
0897
0898     fm = kzalloc(sizeof(*fm), GFP_KERNEL);
0899     if (!fm) {
0900         ret = -ENOMEM;
0901         kfree(fmsb);
0902         goto out;
0903     }
0904
0905     ret = ubi_io_read_data(ubi, fmsb, fm_anchor, 0, sizeof(*fmsb));
0906     if (ret && ret != UBI_IO_BITFLIPS)
0907         goto free_fm_sb;
0908     else if (ret == UBI_IO_BITFLIPS)
0909         fm->to_be_tortured[0] = 1;
0910
0911     if (be32_to_cpu(fmsb->magic) != UBI_FM_SB_MAGIC) {
0912         ubi_err(ubi, "bad super block magic: 0x%x, expected: 0x%x",
0913             be32_to_cpu(fmsb->magic), UBI_FM_SB_MAGIC);
0914         ret = UBI_BAD_FASTMAP;
0915         goto free_fm_sb;
0916     }
0917
0918     if (fmsb->version != UBI_FM_FMT_VERSION) {
0919         ubi_err(ubi, "bad fastmap version: %i, expected: %i",
0920             fmsb->version, UBI_FM_FMT_VERSION);
0921         ret = UBI_BAD_FASTMAP;
0922         goto free_fm_sb;
0923     }
0924
0925     used_blocks = be32_to_cpu(fmsb->used_blocks);
0926     if (used_blocks > UBI_FM_MAX_BLOCKS || used_blocks < 1) {
0927         ubi_err(ubi, "number of fastmap blocks is invalid: %i",
0928             used_blocks);
0929         ret = UBI_BAD_FASTMAP;
0930         goto free_fm_sb;
0931     }
0932
0933     fm_size = ubi->leb_size * used_blocks;
0934     if (fm_size != ubi->fm_size) {
0935         ubi_err(ubi, "bad fastmap size: %zi, expected: %zi",
0936             fm_size, ubi->fm_size);
0937         ret = UBI_BAD_FASTMAP;
0938         goto free_fm_sb;
0939     }
0940
0941     ech = kzalloc(ubi->ec_hdr_alsize, GFP_KERNEL);
0942     if (!ech) {
0943         ret = -ENOMEM;
0944         goto free_fm_sb;
0945     }
0946
0947     vb = ubi_alloc_vid_buf(ubi, GFP_KERNEL);
0948     if (!vb) {
0949         ret = -ENOMEM;
0950         goto free_hdr;
0951     }
0952
0953     vh = ubi_get_vid_hdr(vb);
0954
0955     for (i = 0; i < used_blocks; i++) {
0956         int image_seq;
0957
0958         pnum = be32_to_cpu(fmsb->block_loc[i]);
0959
0960         if (ubi_io_is_bad(ubi, pnum)) {
0961             ret = UBI_BAD_FASTMAP;
0962             goto free_hdr;
0963         }
0964
0965         if (i == 0 && pnum != fm_anchor) {
0966             ubi_err(ubi, "Fastmap anchor PEB mismatch: PEB: %i vs. %i",
0967                 pnum, fm_anchor);
0968             ret = UBI_BAD_FASTMAP;
0969             goto free_hdr;
0970         }
0971
0972         ret = ubi_io_read_ec_hdr(ubi, pnum, ech, 0);
0973         if (ret && ret != UBI_IO_BITFLIPS) {
0974             ubi_err(ubi, "unable to read fastmap block# %i EC (PEB: %i)",
0975                 i, pnum);
0976             if (ret > 0)
0977                 ret = UBI_BAD_FASTMAP;
0978             goto free_hdr;
0979         } else if (ret == UBI_IO_BITFLIPS)
0980             fm->to_be_tortured[i] = 1;
0981
0982         image_seq = be32_to_cpu(ech->image_seq);
0983         if (!ubi->image_seq)
0984             ubi->image_seq = image_seq;
0985
0986         /*
0987          * Older UBI implementations have image_seq set to zero, so
0988          * we shouldn't fail if image_seq == 0.
0989          */
0990         if (image_seq && (image_seq != ubi->image_seq)) {
0991             ubi_err(ubi, "wrong image seq:%d instead of %d",
0992                 be32_to_cpu(ech->image_seq), ubi->image_seq);
0993             ret = UBI_BAD_FASTMAP;
0994             goto free_hdr;
0995         }
0996
0997         ret = ubi_io_read_vid_hdr(ubi, pnum, vb, 0);
0998         if (ret && ret != UBI_IO_BITFLIPS) {
0999             ubi_err(ubi, "unable to read fastmap block# %i (PEB: %i)",
1000                 i, pnum);
1001             goto free_hdr;
1002         }
1003
1004         if (i == 0) {
1005             if (be32_to_cpu(vh->vol_id) != UBI_FM_SB_VOLUME_ID) {
1006                 ubi_err(ubi, "bad fastmap anchor vol_id: 0x%x, expected: 0x%x",
1007                     be32_to_cpu(vh->vol_id),
1008                     UBI_FM_SB_VOLUME_ID);
1009                 ret = UBI_BAD_FASTMAP;
1010                 goto free_hdr;
1011             }
1012         } else {
1013             if (be32_to_cpu(vh->vol_id) != UBI_FM_DATA_VOLUME_ID) {
1014                 ubi_err(ubi, "bad fastmap data vol_id: 0x%x, expected: 0x%x",
1015                     be32_to_cpu(vh->vol_id),
1016                     UBI_FM_DATA_VOLUME_ID);
1017                 ret = UBI_BAD_FASTMAP;
1018                 goto free_hdr;
1019             }
1020         }
1021
1022         if (sqnum < be64_to_cpu(vh->sqnum))
1023             sqnum = be64_to_cpu(vh->sqnum);
1024
1025         ret = ubi_io_read_data(ubi, ubi->fm_buf + (ubi->leb_size * i),
1026                        pnum, 0, ubi->leb_size);
1027         if (ret && ret != UBI_IO_BITFLIPS) {
1028             ubi_err(ubi, "unable to read fastmap block# %i (PEB: %i, "
1029                 "err: %i)", i, pnum, ret);
1030             goto free_hdr;
1031         }
1032     }
1033
1034     kfree(fmsb);
1035     fmsb = NULL;
1036
1037     fmsb2 = (struct ubi_fm_sb *)(ubi->fm_buf);
1038     tmp_crc = be32_to_cpu(fmsb2->data_crc);
1039     fmsb2->data_crc = 0;
1040     crc = crc32(UBI_CRC32_INIT, ubi->fm_buf, fm_size);
1041     if (crc != tmp_crc) {
1042         ubi_err(ubi, "fastmap data CRC is invalid");
1043         ubi_err(ubi, "CRC should be: 0x%x, calc: 0x%x",
1044             tmp_crc, crc);
1045         ret = UBI_BAD_FASTMAP;
1046         goto free_hdr;
1047     }
1048
1049     fmsb2->sqnum = sqnum;
1050
1051     fm->used_blocks = used_blocks;
1052
1053     ret = ubi_attach_fastmap(ubi, ai, fm);
1054     if (ret) {
1055         if (ret > 0)
1056             ret = UBI_BAD_FASTMAP;
1057         goto free_hdr;
1058     }
1059
1060     for (i = 0; i < used_blocks; i++) {
1061         struct ubi_wl_entry *e;
1062
1063         e = kmem_cache_alloc(ubi_wl_entry_slab, GFP_KERNEL);
1064         if (!e) {
1065             while (i--)
1066                 kmem_cache_free(ubi_wl_entry_slab, fm->e[i]);
1067
1068             ret = -ENOMEM;
1069             goto free_hdr;
1070         }
1071
1072         e->pnum = be32_to_cpu(fmsb2->block_loc[i]);
1073         e->ec = be32_to_cpu(fmsb2->block_ec[i]);
1074         fm->e[i] = e;
1075     }
1076
1077     ubi->fm = fm;
1078     ubi->fm_pool.max_size = ubi->fm->max_pool_size;
1079     ubi->fm_wl_pool.max_size = ubi->fm->max_wl_pool_size;
1080     ubi_msg(ubi, "attached by fastmap");
1081     ubi_msg(ubi, "fastmap pool size: %d", ubi->fm_pool.max_size);
1082     ubi_msg(ubi, "fastmap WL pool size: %d",
1083         ubi->fm_wl_pool.max_size);
1084     ubi->fm_disabled = 0;
1085     ubi->fast_attach = 1;
1086
1087     ubi_free_vid_buf(vb);
1088     kfree(ech);
1089 out:
1090     up_write(&ubi->fm_protect);
1091     if (ret == UBI_BAD_FASTMAP)
1092         ubi_err(ubi, "Attach by fastmap failed, doing a full scan!");
1093     return ret;
1094
1095 free_hdr:
1096     ubi_free_vid_buf(vb);
1097     kfree(ech);
1098 free_fm_sb:
1099     kfree(fmsb);
1100     kfree(fm);
1101     goto out;
1102 }
1103
1104 int ubi_fastmap_init_checkmap(struct ubi_volume *vol, int leb_count)
1105 {
1106     struct ubi_device *ubi = vol->ubi;
1107
1108     if (!ubi->fast_attach)
1109         return 0;
1110
1111     vol->checkmap = kcalloc(BITS_TO_LONGS(leb_count), sizeof(unsigned long),
1112                 GFP_KERNEL);
1113     if (!vol->checkmap)
1114         return -ENOMEM;
1115
1116     return 0;
1117 }
1118
1119 void ubi_fastmap_destroy_checkmap(struct ubi_volume *vol)
1120 {
1121     kfree(vol->checkmap);
1122 }
1123
1124 /**
1125  * ubi_write_fastmap - writes a fastmap.
1126  * @ubi: UBI device object
1127  * @new_fm: the to be written fastmap
1128  *
1129  * Returns 0 on success, < 0 indicates an internal error.
1130  */
1131 static int ubi_write_fastmap(struct ubi_device *ubi,
1132                  struct ubi_fastmap_layout *new_fm)
1133 {
1134     size_t fm_pos = 0;
1135     void *fm_raw;
1136     struct ubi_fm_sb *fmsb;
1137     struct ubi_fm_hdr *fmh;
1138     struct ubi_fm_scan_pool *fmpl, *fmpl_wl;
1139     struct ubi_fm_ec *fec;
1140     struct ubi_fm_volhdr *fvh;
1141     struct ubi_fm_eba *feba;
1142     struct ubi_wl_entry *wl_e;
1143     struct ubi_volume *vol;
1144     struct ubi_vid_io_buf *avbuf, *dvbuf;
1145     struct ubi_vid_hdr *avhdr, *dvhdr;
1146     struct ubi_work *ubi_wrk;
1147     struct rb_node *tmp_rb;
1148     int ret, i, j, free_peb_count, used_peb_count, vol_count;
1149     int scrub_peb_count, erase_peb_count;
1150     unsigned long *seen_pebs;
1151
1152     fm_raw = ubi->fm_buf;
1153     memset(ubi->fm_buf, 0, ubi->fm_size);
1154
1155     avbuf = new_fm_vbuf(ubi, UBI_FM_SB_VOLUME_ID);
1156     if (!avbuf) {
1157         ret = -ENOMEM;
1158         goto out;
1159     }
1160
1161     dvbuf = new_fm_vbuf(ubi, UBI_FM_DATA_VOLUME_ID);
1162     if (!dvbuf) {
1163         ret = -ENOMEM;
1164         goto out_free_avbuf;
1165     }
1166
1167     avhdr = ubi_get_vid_hdr(avbuf);
1168     dvhdr = ubi_get_vid_hdr(dvbuf);
1169
1170     seen_pebs = init_seen(ubi);
1171     if (IS_ERR(seen_pebs)) {
1172         ret = PTR_ERR(seen_pebs);
1173         goto out_free_dvbuf;
1174     }
1175
1176     spin_lock(&ubi->volumes_lock);
1177     spin_lock(&ubi->wl_lock);
1178
1179     fmsb = (struct ubi_fm_sb *)fm_raw;
1180     fm_pos += sizeof(*fmsb);
1181     ubi_assert(fm_pos <= ubi->fm_size);
1182
1183     fmh = (struct ubi_fm_hdr *)(fm_raw + fm_pos);
1184     fm_pos += sizeof(*fmh);
1185     ubi_assert(fm_pos <= ubi->fm_size);
1186
1187     fmsb->magic = cpu_to_be32(UBI_FM_SB_MAGIC);
1188     fmsb->version = UBI_FM_FMT_VERSION;
1189     fmsb->used_blocks = cpu_to_be32(new_fm->used_blocks);
1190     /* the max sqnum will be filled in while *reading* the fastmap */
1191     fmsb->sqnum = 0;
1192
1193     fmh->magic = cpu_to_be32(UBI_FM_HDR_MAGIC);
1194     free_peb_count = 0;
1195     used_peb_count = 0;
1196     scrub_peb_count = 0;
1197     erase_peb_count = 0;
1198     vol_count = 0;
1199
1200     fmpl = (struct ubi_fm_scan_pool *)(fm_raw + fm_pos);
1201     fm_pos += sizeof(*fmpl);
1202     fmpl->magic = cpu_to_be32(UBI_FM_POOL_MAGIC);
1203     fmpl->size = cpu_to_be16(ubi->fm_pool.size);
1204     fmpl->max_size = cpu_to_be16(ubi->fm_pool.max_size);
1205
1206     for (i = 0; i < ubi->fm_pool.size; i++) {
1207         fmpl->pebs[i] = cpu_to_be32(ubi->fm_pool.pebs[i]);
1208         set_seen(ubi, ubi->fm_pool.pebs[i], seen_pebs);
1209     }
1210
1211     fmpl_wl = (struct ubi_fm_scan_pool *)(fm_raw + fm_pos);
1212     fm_pos += sizeof(*fmpl_wl);
1213     fmpl_wl->magic = cpu_to_be32(UBI_FM_POOL_MAGIC);
1214     fmpl_wl->size = cpu_to_be16(ubi->fm_wl_pool.size);
1215     fmpl_wl->max_size = cpu_to_be16(ubi->fm_wl_pool.max_size);
1216
1217     for (i = 0; i < ubi->fm_wl_pool.size; i++) {
1218         fmpl_wl->pebs[i] = cpu_to_be32(ubi->fm_wl_pool.pebs[i]);
1219         set_seen(ubi, ubi->fm_wl_pool.pebs[i], seen_pebs);
1220     }
1221
1222     ubi_for_each_free_peb(ubi, wl_e, tmp_rb) {
1223         fec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
1224
1225         fec->pnum = cpu_to_be32(wl_e->pnum);
1226         set_seen(ubi, wl_e->pnum, seen_pebs);
1227         fec->ec = cpu_to_be32(wl_e->ec);
1228
1229         free_peb_count++;
1230         fm_pos += sizeof(*fec);
1231         ubi_assert(fm_pos <= ubi->fm_size);
1232     }
1233     fmh->free_peb_count = cpu_to_be32(free_peb_count);
1234
1235     ubi_for_each_used_peb(ubi, wl_e, tmp_rb) {
1236         fec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
1237
1238         fec->pnum = cpu_to_be32(wl_e->pnum);
1239         set_seen(ubi, wl_e->pnum, seen_pebs);
1240         fec->ec = cpu_to_be32(wl_e->ec);
1241
1242         used_peb_count++;
1243         fm_pos += sizeof(*fec);
1244         ubi_assert(fm_pos <= ubi->fm_size);
1245     }
1246
1247     ubi_for_each_protected_peb(ubi, i, wl_e) {
1248         fec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
1249
1250         fec->pnum = cpu_to_be32(wl_e->pnum);
1251         set_seen(ubi, wl_e->pnum, seen_pebs);
1252         fec->ec = cpu_to_be32(wl_e->ec);
1253
1254         used_peb_count++;
1255         fm_pos += sizeof(*fec);
1256         ubi_assert(fm_pos <= ubi->fm_size);
1257     }
1258     fmh->used_peb_count = cpu_to_be32(used_peb_count);
1259
1260     ubi_for_each_scrub_peb(ubi, wl_e, tmp_rb) {
1261         fec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
1262
1263         fec->pnum = cpu_to_be32(wl_e->pnum);
1264         set_seen(ubi, wl_e->pnum, seen_pebs);
1265         fec->ec = cpu_to_be32(wl_e->ec);
1266
1267         scrub_peb_count++;
1268         fm_pos += sizeof(*fec);
1269         ubi_assert(fm_pos <= ubi->fm_size);
1270     }
1271     fmh->scrub_peb_count = cpu_to_be32(scrub_peb_count);
1272
1273
1274     list_for_each_entry(ubi_wrk, &ubi->works, list) {
1275         if (ubi_is_erase_work(ubi_wrk)) {
1276             wl_e = ubi_wrk->e;
1277             ubi_assert(wl_e);
1278
1279             fec = (struct ubi_fm_ec *)(fm_raw + fm_pos);
1280
1281             fec->pnum = cpu_to_be32(wl_e->pnum);
1282             set_seen(ubi, wl_e->pnum, seen_pebs);
1283             fec->ec = cpu_to_be32(wl_e->ec);
1284
1285             erase_peb_count++;
1286             fm_pos += sizeof(*fec);
1287             ubi_assert(fm_pos <= ubi->fm_size);
1288         }
1289     }
1290     fmh->erase_peb_count = cpu_to_be32(erase_peb_count);
1291
1292     for (i = 0; i < UBI_MAX_VOLUMES + UBI_INT_VOL_COUNT; i++) {
1293         vol = ubi->volumes[i];
1294
1295         if (!vol)
1296             continue;
1297
1298         vol_count++;
1299
1300         fvh = (struct ubi_fm_volhdr *)(fm_raw + fm_pos);
1301         fm_pos += sizeof(*fvh);
1302         ubi_assert(fm_pos <= ubi->fm_size);
1303
1304         fvh->magic = cpu_to_be32(UBI_FM_VHDR_MAGIC);
1305         fvh->vol_id = cpu_to_be32(vol->vol_id);
1306         fvh->vol_type = vol->vol_type;
1307         fvh->used_ebs = cpu_to_be32(vol->used_ebs);
1308         fvh->data_pad = cpu_to_be32(vol->data_pad);
1309         fvh->last_eb_bytes = cpu_to_be32(vol->last_eb_bytes);
1310
1311         ubi_assert(vol->vol_type == UBI_DYNAMIC_VOLUME ||
1312             vol->vol_type == UBI_STATIC_VOLUME);
1313
1314         feba = (struct ubi_fm_eba *)(fm_raw + fm_pos);
1315         fm_pos += sizeof(*feba) + (sizeof(__be32) * vol->reserved_pebs);
1316         ubi_assert(fm_pos <= ubi->fm_size);
1317
1318         for (j = 0; j < vol->reserved_pebs; j++) {
1319             struct ubi_eba_leb_desc ldesc;
1320
1321             ubi_eba_get_ldesc(vol, j, &ldesc);
1322             feba->pnum[j] = cpu_to_be32(ldesc.pnum);
1323         }
1324
1325         feba->reserved_pebs = cpu_to_be32(j);
1326         feba->magic = cpu_to_be32(UBI_FM_EBA_MAGIC);
1327     }
1328     fmh->vol_count = cpu_to_be32(vol_count);
1329     fmh->bad_peb_count = cpu_to_be32(ubi->bad_peb_count);
1330
1331     avhdr->sqnum = cpu_to_be64(ubi_next_sqnum(ubi));
1332     avhdr->lnum = 0;
1333
1334     spin_unlock(&ubi->wl_lock);
1335     spin_unlock(&ubi->volumes_lock);
1336
1337     dbg_bld("writing fastmap SB to PEB %i", new_fm->e[0]->pnum);
1338     ret = ubi_io_write_vid_hdr(ubi, new_fm->e[0]->pnum, avbuf);
1339     if (ret) {
1340         ubi_err(ubi, "unable to write vid_hdr to fastmap SB!");
1341         goto out_free_seen;
1342     }
1343
1344     for (i = 0; i < new_fm->used_blocks; i++) {
1345         fmsb->block_loc[i] = cpu_to_be32(new_fm->e[i]->pnum);
1346         set_seen(ubi, new_fm->e[i]->pnum, seen_pebs);
1347         fmsb->block_ec[i] = cpu_to_be32(new_fm->e[i]->ec);
1348     }
1349
1350     fmsb->data_crc = 0;
1351     fmsb->data_crc = cpu_to_be32(crc32(UBI_CRC32_INIT, fm_raw,
1352                        ubi->fm_size));
1353
1354     for (i = 1; i < new_fm->used_blocks; i++) {
1355         dvhdr->sqnum = cpu_to_be64(ubi_next_sqnum(ubi));
1356         dvhdr->lnum = cpu_to_be32(i);
1357         dbg_bld("writing fastmap data to PEB %i sqnum %llu",
1358             new_fm->e[i]->pnum, be64_to_cpu(dvhdr->sqnum));
1359         ret = ubi_io_write_vid_hdr(ubi, new_fm->e[i]->pnum, dvbuf);
1360         if (ret) {
1361             ubi_err(ubi, "unable to write vid_hdr to PEB %i!",
1362                 new_fm->e[i]->pnum);
1363             goto out_free_seen;
1364         }
1365     }
1366
1367     for (i = 0; i < new_fm->used_blocks; i++) {
1368         ret = ubi_io_write_data(ubi, fm_raw + (i * ubi->leb_size),
1369                     new_fm->e[i]->pnum, 0, ubi->leb_size);
1370         if (ret) {
1371             ubi_err(ubi, "unable to write fastmap to PEB %i!",
1372                 new_fm->e[i]->pnum);
1373             goto out_free_seen;
1374         }
1375     }
1376
1377     ubi_assert(new_fm);
1378     ubi->fm = new_fm;
1379
1380     ret = self_check_seen(ubi, seen_pebs);
1381     dbg_bld("fastmap written!");
1382
1383 out_free_seen:
1384     free_seen(seen_pebs);
1385 out_free_dvbuf:
1386     ubi_free_vid_buf(dvbuf);
1387 out_free_avbuf:
1388     ubi_free_vid_buf(avbuf);
1389
1390 out:
1391     return ret;
1392 }
1393
1394 /**
1395  * erase_block - Manually erase a PEB.
1396  * @ubi: UBI device object
1397  * @pnum: PEB to be erased
1398  *
1399  * Returns the new EC value on success, < 0 indicates an internal error.
1400  */
1401 static int erase_block(struct ubi_device *ubi, int pnum)
1402 {
1403     int ret;
1404     struct ubi_ec_hdr *ec_hdr;
1405     long long ec;
1406
1407     ec_hdr = kzalloc(ubi->ec_hdr_alsize, GFP_KERNEL);
1408     if (!ec_hdr)
1409         return -ENOMEM;
1410
1411     ret = ubi_io_read_ec_hdr(ubi, pnum, ec_hdr, 0);
1412     if (ret < 0)
1413         goto out;
1414     else if (ret && ret != UBI_IO_BITFLIPS) {
1415         ret = -EINVAL;
1416         goto out;
1417     }
1418
1419     ret = ubi_io_sync_erase(ubi, pnum, 0);
1420     if (ret < 0)
1421         goto out;
1422
1423     ec = be64_to_cpu(ec_hdr->ec);
1424     ec += ret;
1425     if (ec > UBI_MAX_ERASECOUNTER) {
1426         ret = -EINVAL;
1427         goto out;
1428     }
1429
1430     ec_hdr->ec = cpu_to_be64(ec);
1431     ret = ubi_io_write_ec_hdr(ubi, pnum, ec_hdr);
1432     if (ret < 0)
1433         goto out;
1434
1435     ret = ec;
1436 out:
1437     kfree(ec_hdr);
1438     return ret;
1439 }
1440
1441 /**
1442  * invalidate_fastmap - destroys a fastmap.
1443  * @ubi: UBI device object
1444  *
1445  * This function ensures that upon next UBI attach a full scan
1446  * is issued. We need this if UBI is about to write a new fastmap
1447  * but is unable to do so. In this case we have two options:
1448  * a) Make sure that the current fastmap will not be usued upon
1449  * attach time and contine or b) fall back to RO mode to have the
1450  * current fastmap in a valid state.
1451  * Returns 0 on success, < 0 indicates an internal error.
1452  */
1453 static int invalidate_fastmap(struct ubi_device *ubi)
1454 {
1455     int ret;
1456     struct ubi_fastmap_layout *fm;
1457     struct ubi_wl_entry *e;
1458     struct ubi_vid_io_buf *vb = NULL;
1459     struct ubi_vid_hdr *vh;
1460
1461     if (!ubi->fm)
1462         return 0;
1463
1464     ubi->fm = NULL;
1465
1466     ret = -ENOMEM;
1467     fm = kzalloc(sizeof(*fm), GFP_KERNEL);
1468     if (!fm)
1469         goto out;
1470
1471     vb = new_fm_vbuf(ubi, UBI_FM_SB_VOLUME_ID);
1472     if (!vb)
1473         goto out_free_fm;
1474
1475     vh = ubi_get_vid_hdr(vb);
1476
1477     ret = -ENOSPC;
1478     e = ubi_wl_get_fm_peb(ubi, 1);
1479     if (!e)
1480         goto out_free_fm;
1481
1482     /*
1483      * Create fake fastmap such that UBI will fall back
1484      * to scanning mode.
1485      */
1486     vh->sqnum = cpu_to_be64(ubi_next_sqnum(ubi));
1487     ret = ubi_io_write_vid_hdr(ubi, e->pnum, vb);
1488     if (ret < 0) {
1489         ubi_wl_put_fm_peb(ubi, e, 0, 0);
1490         goto out_free_fm;
1491     }
1492
1493     fm->used_blocks = 1;
1494     fm->e[0] = e;
1495
1496     ubi->fm = fm;
1497
1498 out:
1499     ubi_free_vid_buf(vb);
1500     return ret;
1501
1502 out_free_fm:
1503     kfree(fm);
1504     goto out;
1505 }
1506
1507 /**
1508  * return_fm_pebs - returns all PEBs used by a fastmap back to the
1509  * WL sub-system.
1510  * @ubi: UBI device object
1511  * @fm: fastmap layout object
1512  */
1513 static void return_fm_pebs(struct ubi_device *ubi,
1514                struct ubi_fastmap_layout *fm)
1515 {
1516     int i;
1517
1518     if (!fm)
1519         return;
1520
1521     for (i = 0; i < fm->used_blocks; i++) {
1522         if (fm->e[i]) {
1523             ubi_wl_put_fm_peb(ubi, fm->e[i], i,
1524                       fm->to_be_tortured[i]);
1525             fm->e[i] = NULL;
1526         }
1527     }
1528 }
1529
1530 /**
1531  * ubi_update_fastmap - will be called by UBI if a volume changes or
1532  * a fastmap pool becomes full.
1533  * @ubi: UBI device object
1534  *
1535  * Returns 0 on success, < 0 indicates an internal error.
1536  */
1537 int ubi_update_fastmap(struct ubi_device *ubi)
1538 {
1539     int ret, i, j;
1540     struct ubi_fastmap_layout *new_fm, *old_fm;
1541     struct ubi_wl_entry *tmp_e;
1542
1543     down_write(&ubi->fm_protect);
1544     down_write(&ubi->work_sem);
1545     down_write(&ubi->fm_eba_sem);
1546
1547     ubi_refill_pools(ubi);
1548
1549     if (ubi->ro_mode || ubi->fm_disabled) {
1550         up_write(&ubi->fm_eba_sem);
1551         up_write(&ubi->work_sem);
1552         up_write(&ubi->fm_protect);
1553         return 0;
1554     }
1555
1556     new_fm = kzalloc(sizeof(*new_fm), GFP_KERNEL);
1557     if (!new_fm) {
1558         up_write(&ubi->fm_eba_sem);
1559         up_write(&ubi->work_sem);
1560         up_write(&ubi->fm_protect);
1561         return -ENOMEM;
1562     }
1563
1564     new_fm->used_blocks = ubi->fm_size / ubi->leb_size;
1565     old_fm = ubi->fm;
1566     ubi->fm = NULL;
1567
1568     if (new_fm->used_blocks > UBI_FM_MAX_BLOCKS) {
1569         ubi_err(ubi, "fastmap too large");
1570         ret = -ENOSPC;
1571         goto err;
1572     }
1573
1574     for (i = 1; i < new_fm->used_blocks; i++) {
1575         spin_lock(&ubi->wl_lock);
1576         tmp_e = ubi_wl_get_fm_peb(ubi, 0);
1577         spin_unlock(&ubi->wl_lock);
1578
1579         if (!tmp_e) {
1580             if (old_fm && old_fm->e[i]) {
1581                 ret = erase_block(ubi, old_fm->e[i]->pnum);
1582                 if (ret < 0) {
1583                     ubi_err(ubi, "could not erase old fastmap PEB");
1584
1585                     for (j = 1; j < i; j++) {
1586                         ubi_wl_put_fm_peb(ubi, new_fm->e[j],
1587                                   j, 0);
1588                         new_fm->e[j] = NULL;
1589                     }
1590                     goto err;
1591                 }
1592                 new_fm->e[i] = old_fm->e[i];
1593                 old_fm->e[i] = NULL;
1594             } else {
1595                 ubi_err(ubi, "could not get any free erase block");
1596
1597                 for (j = 1; j < i; j++) {
1598                     ubi_wl_put_fm_peb(ubi, new_fm->e[j], j, 0);
1599                     new_fm->e[j] = NULL;
1600                 }
1601
1602                 ret = -ENOSPC;
1603                 goto err;
1604             }
1605         } else {
1606             new_fm->e[i] = tmp_e;
1607
1608             if (old_fm && old_fm->e[i]) {
1609                 ubi_wl_put_fm_peb(ubi, old_fm->e[i], i,
1610                           old_fm->to_be_tortured[i]);
1611                 old_fm->e[i] = NULL;
1612             }
1613         }
1614     }
1615
1616     /* Old fastmap is larger than the new one */
1617     if (old_fm && new_fm->used_blocks < old_fm->used_blocks) {
1618         for (i = new_fm->used_blocks; i < old_fm->used_blocks; i++) {
1619             ubi_wl_put_fm_peb(ubi, old_fm->e[i], i,
1620                       old_fm->to_be_tortured[i]);
1621             old_fm->e[i] = NULL;
1622         }
1623     }
1624
1625     spin_lock(&ubi->wl_lock);
1626     tmp_e = ubi->fm_anchor;
1627     ubi->fm_anchor = NULL;
1628     spin_unlock(&ubi->wl_lock);
1629
1630     if (old_fm) {
1631         /* no fresh anchor PEB was found, reuse the old one */
1632         if (!tmp_e) {
1633             ret = erase_block(ubi, old_fm->e[0]->pnum);
1634             if (ret < 0) {
1635                 ubi_err(ubi, "could not erase old anchor PEB");
1636
1637                 for (i = 1; i < new_fm->used_blocks; i++) {
1638                     ubi_wl_put_fm_peb(ubi, new_fm->e[i],
1639                               i, 0);
1640                     new_fm->e[i] = NULL;
1641                 }
1642                 goto err;
1643             }
1644             new_fm->e[0] = old_fm->e[0];
1645             new_fm->e[0]->ec = ret;
1646             old_fm->e[0] = NULL;
1647         } else {
1648             /* we've got a new anchor PEB, return the old one */
1649             ubi_wl_put_fm_peb(ubi, old_fm->e[0], 0,
1650                       old_fm->to_be_tortured[0]);
1651             new_fm->e[0] = tmp_e;
1652             old_fm->e[0] = NULL;
1653         }
1654     } else {
1655         if (!tmp_e) {
1656             ubi_err(ubi, "could not find any anchor PEB");
1657
1658             for (i = 1; i < new_fm->used_blocks; i++) {
1659                 ubi_wl_put_fm_peb(ubi, new_fm->e[i], i, 0);
1660                 new_fm->e[i] = NULL;
1661             }
1662
1663             ret = -ENOSPC;
1664             goto err;
1665         }
1666         new_fm->e[0] = tmp_e;
1667     }
1668
1669     ret = ubi_write_fastmap(ubi, new_fm);
1670
1671     if (ret)
1672         goto err;
1673
1674 out_unlock:
1675     up_write(&ubi->fm_eba_sem);
1676     up_write(&ubi->work_sem);
1677     up_write(&ubi->fm_protect);
1678     kfree(old_fm);
1679
1680     ubi_ensure_anchor_pebs(ubi);
1681
1682     return ret;
1683
1684 err:
1685     ubi_warn(ubi, "Unable to write new fastmap, err=%i", ret);
1686
1687     ret = invalidate_fastmap(ubi);
1688     if (ret < 0) {
1689         ubi_err(ubi, "Unable to invalidate current fastmap!");
1690         ubi_ro_mode(ubi);
1691     } else {
1692         return_fm_pebs(ubi, old_fm);
1693         return_fm_pebs(ubi, new_fm);
1694         ret = 0;
1695     }
1696
1697     kfree(new_fm);
1698     goto out_unlock;
1699 }