#
fbed4bae |
|
13-Jan-2024 |
Guo Xuenan <guoxuenan@huawei.com> |
ubi: fix slab-out-of-bounds in ubi_eba_get_ldesc+0xfb/0x130 When using the ioctl interface to resize a UBI volume, `ubi_resize_volume` resizes the EBA table first but does not change `vol->reserved_pebs` in the same atomic context, which may cause concurrent access to the EBA table. For example, when a user shrinks UBI volume A by calling `ubi_resize_volume`, while another thread is writing to volume B and triggering wear-leveling, which may call `ubi_write_fastmap`, under these circumstances, KASAN may report a slab-out-of-bounds error in `ubi_eba_get_ldesc+0xfb/0x130`. This patch fixes race conditions in `ubi_resize_volume` and `ubi_update_fastmap` to avoid out-of-bounds reads of `eba_tbl`. First, it ensures that updates to `eba_tbl` and `reserved_pebs` are protected by `vol->volumes_lock`. Second, it implements a rollback mechanism in case of resize failure. It is also worth mentioning that for volume shrinkage failures, since part of the volume has already been shrunk and unmapped, there is no need to recover `{rsvd/avail}_pebs`. ================================================================== BUG: KASAN: slab-out-of-bounds in ubi_eba_get_ldesc+0xfb/0x130 [ubi] Read of size 4 at addr ffff88800f43f570 by task kworker/u16:0/7 CPU: 0 PID: 7 Comm: kworker/u16:0 Not tainted 5.16.0-rc7 #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Workqueue: writeback wb_workfn (flush-ubifs_0_0) Call Trace: <TASK> dump_stack_lvl+0x4d/0x66 print_address_description.constprop.0+0x41/0x60 kasan_report.cold+0x83/0xdf ubi_eba_get_ldesc+0xfb/0x130 [ubi] ubi_update_fastmap.cold+0x60f/0xc7d [ubi] ubi_wl_get_peb+0x25b/0x4f0 [ubi] try_write_vid_and_data+0x9a/0x4d0 [ubi] ubi_eba_write_leb+0x7e4/0x17d0 [ubi] ubi_leb_map+0x1a0/0x2c0 [ubi] ubifs_leb_map+0x139/0x270 [ubifs] ubifs_add_bud_to_log+0xb40/0xf30 [ubifs] make_reservation+0x86e/0xb00 [ubifs] ubifs_jnl_write_data+0x430/0x9d0 [ubifs] do_writepage+0x1d1/0x550 [ubifs] ubifs_writepage+0x37c/0x670 [ubifs] __writepage+0x67/0x170 write_cache_pages+0x259/0xa90 do_writepages+0x277/0x5d0 __writeback_single_inode+0xb8/0x850 writeback_sb_inodes+0x4b3/0xb20 __writeback_inodes_wb+0xc1/0x220 wb_writeback+0x59f/0x740 wb_workfn+0x6d0/0xca0 process_one_work+0x711/0xfc0 worker_thread+0x95/0xd00 kthread+0x3a6/0x490 ret_from_fork+0x1f/0x30 </TASK> Allocated by task 711: kasan_save_stack+0x1e/0x50 __kasan_kmalloc+0x81/0xa0 ubi_eba_create_table+0x88/0x1a0 [ubi] ubi_resize_volume.cold+0x175/0xae7 [ubi] ubi_cdev_ioctl+0x57f/0x1a60 [ubi] __x64_sys_ioctl+0x13a/0x1c0 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae Last potentially related work creation: kasan_save_stack+0x1e/0x50 __kasan_record_aux_stack+0xb7/0xc0 call_rcu+0xd6/0x1000 blk_stat_free_callback+0x28/0x30 blk_release_queue+0x8a/0x2e0 kobject_put+0x186/0x4c0 scsi_device_dev_release_usercontext+0x620/0xbd0 execute_in_process_context+0x2f/0x120 device_release+0xa4/0x240 kobject_put+0x186/0x4c0 put_device+0x20/0x30 __scsi_remove_device+0x1c3/0x300 scsi_probe_and_add_lun+0x2140/0x2eb0 __scsi_scan_target+0x1f2/0xbb0 scsi_scan_channel+0x11b/0x1a0 scsi_scan_host_selected+0x24c/0x310 do_scsi_scan_host+0x1e0/0x250 do_scan_async+0x45/0x490 async_run_entry_fn+0xa2/0x530 process_one_work+0x711/0xfc0 worker_thread+0x95/0xd00 kthread+0x3a6/0x490 ret_from_fork+0x1f/0x30 The buggy address belongs to the object at ffff88800f43f500 which belongs to the cache kmalloc-128 of size 128 The buggy address is located 112 bytes inside of 128-byte region [ffff88800f43f500, ffff88800f43f580) The buggy address belongs to the page: page:ffffea00003d0f00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xf43c head:ffffea00003d0f00 order:2 compound_mapcount:0 compound_pincount:0 flags: 0x1fffff80010200(slab|head|node=0|zone=1|lastcpupid=0x1fffff) raw: 001fffff80010200 ffffea000046ba08 ffffea0000457208 ffff88810004d1c0 raw: 0000000000000000 0000000000190019 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88800f43f400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88800f43f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc > ffff88800f43f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc ^ ffff88800f43f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88800f43f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc The following steps can used to reproduce: Process 1: write and trigger ubi wear-leveling ubimkvol /dev/ubi0 -s 5000MiB -N v1 ubimkvol /dev/ubi0 -s 2000MiB -N v2 ubimkvol /dev/ubi0 -s 10MiB -N v3 mount -t ubifs /dev/ubi0_0 /mnt/ubifs while true; do filename=/mnt/ubifs/$((RANDOM)) dd if=/dev/random of=${filename} bs=1M count=$((RANDOM % 1000)) rm -rf ${filename} sync /mnt/ubifs/ done Process 2: do random resize struct ubi_rsvol_req req; req.vol_id = 1; req.bytes = (rand() % 50) * 512KB; ioctl(fd, UBI_IOCRSVOL, &req); V3: - Fix the commit message error. V2: - Add volumes_lock in ubi_eba_copy_leb() to avoid race caused by updating eba_tbl. V1: - Rebase the patch on the latest mainline. Signed-off-by: Guo Xuenan <guoxuenan@huawei.com> Signed-off-by: ZhaoLong Wang <wangzhaolong1@huawei.com> Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
a2ea69da |
|
28-Aug-2023 |
Zhihao Cheng <chengzhihao1@huawei.com> |
ubi: fastmap: Wait until there are enough free PEBs before filling pools Wait until there are enough free PEBs before filling pool/wl_pool, sometimes erase_worker is not scheduled in time, which causes two situations: A. There are few PEBs filled in pool, which makes ubi_update_fastmap is frequently called and leads first 64 PEBs are erased more times than other PEBs. So waiting free PEBs before filling pool reduces fastmap updating frequency and prolongs flash service life. B. In situation that space is nearly running out, ubi_refill_pools() cannot make sure pool and wl_pool are filled with free PEBs, caused by the delay of erase_worker. After this patch applied, there must exist free PEBs in pool after one call of ubi_update_fastmap. Besides, this patch is a preparetion for fixing large erase counter in fastmap data block and fixing lapsed wear leveling for first 64 PEBs. Link: https://bugzilla.kernel.org/show_bug.cgi?id=217787 Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
31a149d5 |
|
28-Mar-2023 |
Wang YanQing <udknight@gmail.com> |
ubi: Fix return value overwrite issue in try_write_vid_and_data() The commit 2d78aee426d8 ("UBI: simplify LEB write and atomic LEB change code") adds helper function, try_write_vid_and_data(), to simplify the code, but this helper function has bug, it will return 0 (success) when ubi_io_write_vid_hdr() or the ubi_io_write_data() return error number (-EIO, etc), because the return value of ubi_wl_put_peb() will overwrite the original return value. This issue will cause unexpected data loss issue, because the caller of this function and UBIFS willn't know the data is lost. Fixes: 2d78aee426d8 ("UBI: simplify LEB write and atomic LEB change code") Cc: stable@vger.kernel.org Signed-off-by: Wang YanQing <udknight@gmail.com> Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
0b3bc49c |
|
12-Jan-2023 |
Randy Dunlap <rdunlap@infradead.org> |
ubi: use correct names in function kernel-doc comments Fix kernel-doc warnings by using the correct function names in their kernel-doc notation: drivers/mtd/ubi/eba.c:72: warning: expecting prototype for next_sqnum(). Prototype was for ubi_next_sqnum() instead drivers/mtd/ubi/wl.c:176: warning: expecting prototype for wl_tree_destroy(). Prototype was for wl_entry_destroy() instead drivers/mtd/ubi/misc.c:24: warning: expecting prototype for calc_data_len(). Prototype was for ubi_calc_data_len() instead Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Cc: Richard Weinberger <richard@nod.at> Cc: Miquel Raynal <miquel.raynal@bootlin.com> Cc: Vignesh Raghavendra <vigneshr@ti.com> Cc: linux-mtd@lists.infradead.org Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
ec1f97f5 |
|
10-Aug-2022 |
Jilin Yuan <yuanjilin@cdjrlc.com> |
ubi: Fix repeated words in comments Delete the redundant word 'a'. Delete the redundant word 'the'. Signed-off-by: Jilin Yuan <yuanjilin@cdjrlc.com> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
3b638f99 |
|
16-Dec-2020 |
Zheng Yongjun <zhengyongjun3@huawei.com> |
ubi: eba: Delete useless kfree code The parameter of kfree function is NULL, so kfree code is useless, delete it. Signed-off-by: Zheng Yongjun <zhengyongjun3@huawei.com> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
e1eb368d |
|
09-Nov-2020 |
Lee Jones <lee.jones@linaro.org> |
mtd: ubi: eba: Fix a couple of misdocumentation issues Fixes the following W=1 kernel build warning(s): drivers/mtd/ubi/eba.c:1304: warning: Function parameter or member 'vidb' not described in 'ubi_eba_copy_leb' drivers/mtd/ubi/eba.c:1304: warning: Excess function parameter 'vid_hdr' description in 'ubi_eba_copy_leb' drivers/mtd/ubi/eba.c:1483: warning: Function parameter or member 'ai' not described in 'print_rsvd_warning' Cc: Richard Weinberger <richard@nod.at> Cc: Miquel Raynal <miquel.raynal@bootlin.com> Cc: Vignesh Raghavendra <vigneshr@ti.com> Cc: linux-mtd@lists.infradead.org Signed-off-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com> Link: https://lore.kernel.org/linux-mtd/20201109182206.3037326-12-lee.jones@linaro.org
|
#
3f649ab7 |
|
03-Jun-2020 |
Kees Cook <keescook@chromium.org> |
treewide: Remove uninitialized_var() usage Using uninitialized_var() is dangerous as it papers over real bugs[1] (or can in the future), and suppresses unrelated compiler warnings (e.g. "unused variable"). If the compiler thinks it is uninitialized, either simply initialize the variable or make compiler changes. In preparation for removing[2] the[3] macro[4], remove all remaining needless uses with the following script: git grep '\buninitialized_var\b' | cut -d: -f1 | sort -u | \ xargs perl -pi -e \ 's/\buninitialized_var\(([^\)]+)\)/\1/g; s:\s*/\* (GCC be quiet|to make compiler happy) \*/$::g;' drivers/video/fbdev/riva/riva_hw.c was manually tweaked to avoid pathological white-space. No outstanding warnings were found building allmodconfig with GCC 9.3.0 for x86_64, i386, arm64, arm, powerpc, powerpc64le, s390x, mips, sparc64, alpha, and m68k. [1] https://lore.kernel.org/lkml/20200603174714.192027-1-glider@google.com/ [2] https://lore.kernel.org/lkml/CA+55aFw+Vbj0i=1TGqCR5vQkCzWJ0QxK6CernOU6eedsudAixw@mail.gmail.com/ [3] https://lore.kernel.org/lkml/CA+55aFwgbgqhbp1fkxvRKEpzyR5J8n1vKT1VZdz9knmPuXhOeg@mail.gmail.com/ [4] https://lore.kernel.org/lkml/CA+55aFz2500WfbKXAx8s67wrm9=yVJu65TpLgN_ybYNv0VEOKA@mail.gmail.com/ Reviewed-by: Leon Romanovsky <leonro@mellanox.com> # drivers/infiniband and mlx4/mlx5 Acked-by: Jason Gunthorpe <jgg@mellanox.com> # IB Acked-by: Kalle Valo <kvalo@codeaurora.org> # wireless drivers Reviewed-by: Chao Yu <yuchao0@huawei.com> # erofs Signed-off-by: Kees Cook <keescook@chromium.org>
|
#
1a59d1b8 |
|
27-May-2019 |
Thomas Gleixner <tglx@linutronix.de> |
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public license as published by the free software foundation either version 2 of the license or at your option any later version this program is distributed in the hope that it will be useful but without any warranty without even the implied warranty of merchantability or fitness for a particular purpose see the gnu general public license for more details you should have received a copy of the gnu general public license along with this program if not write to the free software foundation inc 59 temple place suite 330 boston ma 02111 1307 usa extracted by the scancode license scanner the SPDX license identifier GPL-2.0-or-later has been chosen to replace the boilerplate/reference in 1334 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Richard Fontana <rfontana@redhat.com> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190527070033.113240726@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
6da2ec56 |
|
12-Jun-2018 |
Kees Cook <keescook@chromium.org> |
treewide: kmalloc() -> kmalloc_array() The kmalloc() function has a 2-factor argument form, kmalloc_array(). This patch replaces cases of: kmalloc(a * b, gfp) with: kmalloc_array(a * b, gfp) as well as handling cases of: kmalloc(a * b * c, gfp) with: kmalloc(array3_size(a, b, c), gfp) as it's slightly less ugly than: kmalloc_array(array_size(a, b), c, gfp) This does, however, attempt to ignore constant size factors like: kmalloc(4 * 1024, gfp) though any constants defined via macros get caught up in the conversion. Any factors with a sizeof() of "unsigned char", "char", and "u8" were dropped, since they're redundant. The tools/ directory was manually excluded, since it has its own implementation of kmalloc(). The Coccinelle script used for this was: // Fix redundant parens around sizeof(). @@ type TYPE; expression THING, E; @@ ( kmalloc( - (sizeof(TYPE)) * E + sizeof(TYPE) * E , ...) | kmalloc( - (sizeof(THING)) * E + sizeof(THING) * E , ...) ) // Drop single-byte sizes and redundant parens. @@ expression COUNT; typedef u8; typedef __u8; @@ ( kmalloc( - sizeof(u8) * (COUNT) + COUNT , ...) | kmalloc( - sizeof(__u8) * (COUNT) + COUNT , ...) | kmalloc( - sizeof(char) * (COUNT) + COUNT , ...) | kmalloc( - sizeof(unsigned char) * (COUNT) + COUNT , ...) | kmalloc( - sizeof(u8) * COUNT + COUNT , ...) | kmalloc( - sizeof(__u8) * COUNT + COUNT , ...) | kmalloc( - sizeof(char) * COUNT + COUNT , ...) | kmalloc( - sizeof(unsigned char) * COUNT + COUNT , ...) ) // 2-factor product with sizeof(type/expression) and identifier or constant. @@ type TYPE; expression THING; identifier COUNT_ID; constant COUNT_CONST; @@ ( - kmalloc + kmalloc_array ( - sizeof(TYPE) * (COUNT_ID) + COUNT_ID, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(TYPE) * COUNT_ID + COUNT_ID, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(TYPE) * (COUNT_CONST) + COUNT_CONST, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(TYPE) * COUNT_CONST + COUNT_CONST, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * (COUNT_ID) + COUNT_ID, sizeof(THING) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * COUNT_ID + COUNT_ID, sizeof(THING) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * (COUNT_CONST) + COUNT_CONST, sizeof(THING) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * COUNT_CONST + COUNT_CONST, sizeof(THING) , ...) ) // 2-factor product, only identifiers. @@ identifier SIZE, COUNT; @@ - kmalloc + kmalloc_array ( - SIZE * COUNT + COUNT, SIZE , ...) // 3-factor product with 1 sizeof(type) or sizeof(expression), with // redundant parens removed. @@ expression THING; identifier STRIDE, COUNT; type TYPE; @@ ( kmalloc( - sizeof(TYPE) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kmalloc( - sizeof(TYPE) * (COUNT) * STRIDE + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kmalloc( - sizeof(TYPE) * COUNT * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kmalloc( - sizeof(TYPE) * COUNT * STRIDE + array3_size(COUNT, STRIDE, sizeof(TYPE)) , ...) | kmalloc( - sizeof(THING) * (COUNT) * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | kmalloc( - sizeof(THING) * (COUNT) * STRIDE + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | kmalloc( - sizeof(THING) * COUNT * (STRIDE) + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) | kmalloc( - sizeof(THING) * COUNT * STRIDE + array3_size(COUNT, STRIDE, sizeof(THING)) , ...) ) // 3-factor product with 2 sizeof(variable), with redundant parens removed. @@ expression THING1, THING2; identifier COUNT; type TYPE1, TYPE2; @@ ( kmalloc( - sizeof(TYPE1) * sizeof(TYPE2) * COUNT + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2)) , ...) | kmalloc( - sizeof(TYPE1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2)) , ...) | kmalloc( - sizeof(THING1) * sizeof(THING2) * COUNT + array3_size(COUNT, sizeof(THING1), sizeof(THING2)) , ...) | kmalloc( - sizeof(THING1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(THING1), sizeof(THING2)) , ...) | kmalloc( - sizeof(TYPE1) * sizeof(THING2) * COUNT + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2)) , ...) | kmalloc( - sizeof(TYPE1) * sizeof(THING2) * (COUNT) + array3_size(COUNT, sizeof(TYPE1), sizeof(THING2)) , ...) ) // 3-factor product, only identifiers, with redundant parens removed. @@ identifier STRIDE, SIZE, COUNT; @@ ( kmalloc( - (COUNT) * STRIDE * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - COUNT * (STRIDE) * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - COUNT * STRIDE * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - (COUNT) * (STRIDE) * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - COUNT * (STRIDE) * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - (COUNT) * STRIDE * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - (COUNT) * (STRIDE) * (SIZE) + array3_size(COUNT, STRIDE, SIZE) , ...) | kmalloc( - COUNT * STRIDE * SIZE + array3_size(COUNT, STRIDE, SIZE) , ...) ) // Any remaining multi-factor products, first at least 3-factor products, // when they're not all constants... @@ expression E1, E2, E3; constant C1, C2, C3; @@ ( kmalloc(C1 * C2 * C3, ...) | kmalloc( - (E1) * E2 * E3 + array3_size(E1, E2, E3) , ...) | kmalloc( - (E1) * (E2) * E3 + array3_size(E1, E2, E3) , ...) | kmalloc( - (E1) * (E2) * (E3) + array3_size(E1, E2, E3) , ...) | kmalloc( - E1 * E2 * E3 + array3_size(E1, E2, E3) , ...) ) // And then all remaining 2 factors products when they're not all constants, // keeping sizeof() as the second factor argument. @@ expression THING, E1, E2; type TYPE; constant C1, C2, C3; @@ ( kmalloc(sizeof(THING) * C2, ...) | kmalloc(sizeof(TYPE) * C2, ...) | kmalloc(C1 * C2 * C3, ...) | kmalloc(C1 * C2, ...) | - kmalloc + kmalloc_array ( - sizeof(TYPE) * (E2) + E2, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(TYPE) * E2 + E2, sizeof(TYPE) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * (E2) + E2, sizeof(THING) , ...) | - kmalloc + kmalloc_array ( - sizeof(THING) * E2 + E2, sizeof(THING) , ...) | - kmalloc + kmalloc_array ( - (E1) * E2 + E1, E2 , ...) | - kmalloc + kmalloc_array ( - (E1) * (E2) + E1, E2 , ...) | - kmalloc + kmalloc_array ( - E1 * E2 + E1, E2 , ...) ) Signed-off-by: Kees Cook <keescook@chromium.org>
|
#
3e5e4335 |
|
28-May-2018 |
Richard Weinberger <richard@nod.at> |
ubi: fastmap: Detect EBA mismatches on-the-fly Now we have the machinery to detect EBA mismatches on-the-fly by comparing the in-memory volume ID and LEB number with the found VID header. This helps to detect malfunction of Fastmap. Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
34653fd8 |
|
28-May-2018 |
Richard Weinberger <richard@nod.at> |
ubi: fastmap: Check each mapping only once Maintain a bitmap to keep track of which LEB->PEB mapping was checked already. That way we have to read back VID headers only once. Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
78193237 |
|
28-May-2018 |
Richard Weinberger <richard@nod.at> |
ubi: fastmap: Correctly handle interrupted erasures in EBA Fastmap cannot track the LEB unmap operation, therefore it can happen that after an interrupted erasure the mapping still looks good from Fastmap's point of view, while reading from the PEB will cause an ECC error and confuses the upper layer. Instead of teaching users of UBI how to deal with that, we read back the VID header and check for errors. If the PEB is empty or shows ECC errors we fixup the mapping and schedule the PEB for erasure. Fixes: dbb7d2a88d2a ("UBI: Add fastmap core") Cc: <stable@vger.kernel.org> Reported-by: martin bayern <Martinbayern@outlook.com> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
01f19694 |
|
23-Nov-2017 |
Sascha Hauer <s.hauer@pengutronix.de> |
ubi: Fix copy/paste error in function documentation The function documentation of leb_write_trylock is copied from leb_write_lock. Replace the function name with the correct one. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
884a3b64 |
|
13-Oct-2016 |
Geert Uytterhoeven <geert@linux-m68k.org> |
UBI: Fix crash in try_recover_peb() drivers/mtd/ubi/eba.c: In function ‘try_recover_peb’: drivers/mtd/ubi/eba.c:744: warning: ‘vid_hdr’ is used uninitialized in this function The pointer vid_hdr is indeed not initialized, leading to a crash when it is dereferenced. Fix this by obtaining the pointer from the VID buffer, like is done everywhere else. Fixes: 3291b52f9ff0acc8 ("UBI: introduce the VID buffer concept") Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Reviewed-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
2e8f08de |
|
24-Aug-2016 |
Richard Weinberger <richard@nod.at> |
ubi: Fix races around ubi_refill_pools() When writing a new Fastmap the first thing that happens is refilling the pools in memory. At this stage it is possible that new PEBs from the new pools get already claimed and written with data. If this happens before the new Fastmap data structure hits the flash and we face power cut the freshly written PEB will not scanned and unnoticed. Solve the issue by locking the pools until Fastmap is written. Cc: <stable@vger.kernel.org> Fixes: dbb7d2a88d ("UBI: Add fastmap core") Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
3291b52f |
|
16-Sep-2016 |
Boris Brezillon <bbrezillon@kernel.org> |
UBI: introduce the VID buffer concept Currently, all VID headers are allocated and freed using the ubi_zalloc_vid_hdr() and ubi_free_vid_hdr() function. These functions make sure to align allocation on ubi->vid_hdr_alsize and adjust the vid_hdr pointer to match the ubi->vid_hdr_shift requirements. This works fine, but is a bit convoluted. Moreover, the future introduction of LEB consolidation (needed to support MLC/TLC NANDs) will allows a VID buffer to contain more than one VID header. Hence the creation of a ubi_vid_io_buf struct to attach extra information to the VID header. We currently only store the actual pointer of the underlying buffer, but will soon add the number of VID headers contained in the buffer. Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
799dca34 |
|
16-Sep-2016 |
Boris Brezillon <bbrezillon@kernel.org> |
UBI: hide EBA internals Create a private ubi_eba_table struct to hide EBA internals and provide helpers to allocate, destroy, copy and assing an EBA table to a volume. Now that external EBA users are using helpers to query/modify the EBA state we can safely change the internal representation, which will be needed to support the LEB consolidation concept. Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
1f81a5cc |
|
16-Sep-2016 |
Boris Brezillon <bbrezillon@kernel.org> |
UBI: provide an helper to query LEB information This is part of our attempt to hide EBA internals from other part of the implementation in order to easily adapt it to the MLC needs. Here we are creating an ubi_eba_leb_desc struct to hide the way we keep track of the LEB to PEB mapping. Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
75547696 |
|
16-Sep-2016 |
Boris Brezillon <bbrezillon@kernel.org> |
UBI: provide an helper to check whether a LEB is mapped or not This is part of the process of hiding UBI EBA's internal to other part of the UBI implementation, so that we can add new information to the EBA table without having to patch different places in the UBI code. Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
2d78aee4 |
|
16-Sep-2016 |
Boris Brezillon <bbrezillon@kernel.org> |
UBI: simplify LEB write and atomic LEB change code ubi_eba_write_leb(), ubi_eba_write_leb_st() and ubi_eba_atomic_leb_change() are using a convoluted retry/exit path. Add the try_write_vid_and_data() function to simplify the retry logic and make sure we have a single exit path instead of manually releasing the resources in each error path. Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
f036dfeb |
|
16-Sep-2016 |
Boris Brezillon <bbrezillon@kernel.org> |
UBI: simplify recover_peb() code recover_peb() is using a convoluted retry/exit path. Add try_recover_peb() to simplify the retry logic and make sure we have a single exit path instead of manually releasing the resource in each error path. Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
972228d8 |
|
20-Jun-2016 |
Richard Weinberger <richard@nod.at> |
ubi: Make recover_peb power cut aware recover_peb() was never power cut aware, if a power cut happened right after writing the VID header upon next attach UBI would blindly use the new partial written PEB and all data from the old PEB is lost. In order to make recover_peb() power cut aware, write the new VID with a proper crc and copy_flag set such that the UBI attach process will detect whether the new PEB is completely written or not. We cannot directly use ubi_eba_atomic_leb_change() since we'd have to unlock the LEB which is facing a write error. Cc: stable@vger.kernel.org Reported-by: Jörg Pfähler <pfaehler@isse.de> Reviewed-by: Jörg Pfähler <pfaehler@isse.de> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
1900149c |
|
26-Apr-2016 |
Richard Weinberger <richard@nod.at> |
UBI: Fix static volume checks when Fastmap is used Ezequiel reported that he's facing UBI going into read-only mode after power cut. It turned out that this behavior happens only when updating a static volume is interrupted and Fastmap is used. A possible trace can look like: ubi0 warning: ubi_io_read_vid_hdr [ubi]: no VID header found at PEB 2323, only 0xFF bytes ubi0 warning: ubi_eba_read_leb [ubi]: switch to read-only mode CPU: 0 PID: 833 Comm: ubiupdatevol Not tainted 4.6.0-rc2-ARCH #4 Hardware name: SAMSUNG ELECTRONICS CO., LTD. 300E4C/300E5C/300E7C/NP300E5C-AD8AR, BIOS P04RAP 10/15/2012 0000000000000286 00000000eba949bd ffff8800c45a7b38 ffffffff8140d841 ffff8801964be000 ffff88018eaa4800 ffff8800c45a7bb8 ffffffffa003abf6 ffffffff850e2ac0 8000000000000163 ffff8801850e2ac0 ffff8801850e2ac0 Call Trace: [<ffffffff8140d841>] dump_stack+0x63/0x82 [<ffffffffa003abf6>] ubi_eba_read_leb+0x486/0x4a0 [ubi] [<ffffffffa00453b3>] ubi_check_volume+0x83/0xf0 [ubi] [<ffffffffa0039d97>] ubi_open_volume+0x177/0x350 [ubi] [<ffffffffa00375d8>] vol_cdev_open+0x58/0xb0 [ubi] [<ffffffff8124b08e>] chrdev_open+0xae/0x1d0 [<ffffffff81243bcf>] do_dentry_open+0x1ff/0x300 [<ffffffff8124afe0>] ? cdev_put+0x30/0x30 [<ffffffff81244d36>] vfs_open+0x56/0x60 [<ffffffff812545f4>] path_openat+0x4f4/0x1190 [<ffffffff81256621>] do_filp_open+0x91/0x100 [<ffffffff81263547>] ? __alloc_fd+0xc7/0x190 [<ffffffff812450df>] do_sys_open+0x13f/0x210 [<ffffffff812451ce>] SyS_open+0x1e/0x20 [<ffffffff81a99e32>] entry_SYSCALL_64_fastpath+0x1a/0xa4 UBI checks static volumes for data consistency and reads the whole volume upon first open. If the volume is found erroneous users of UBI cannot read from it, but another volume update is possible to fix it. The check is performed by running ubi_eba_read_leb() on every allocated LEB of the volume. For static volumes ubi_eba_read_leb() computes the checksum of all data stored in a LEB. To verify the computed checksum it has to read the LEB's volume header which stores the original checksum. If the volume header is not found UBI treats this as fatal internal error and switches to RO mode. If the UBI device was attached via a full scan the assumption is correct, the volume header has to be present as it had to be there while scanning to get known as mapped. If the attach operation happened via Fastmap the assumption is no longer correct. When attaching via Fastmap UBI learns the mapping table from Fastmap's snapshot of the system state and not via a full scan. It can happen that a LEB got unmapped after a Fastmap was written to the flash. Then UBI can learn the LEB still as mapped and accessing it returns only 0xFF bytes. As UBI is not a FTL it is allowed to have mappings to empty PEBs, it assumes that the layer above takes care of LEB accounting and referencing. UBIFS does so using the LEB property tree (LPT). For static volumes UBI blindly assumes that all LEBs are present and therefore special actions have to be taken. The described situation can happen when updating a static volume is interrupted, either by a user or a power cut. The volume update code first unmaps all LEBs of a volume and then writes LEB by LEB. If the sequence of operations is interrupted UBI detects this either by the absence of LEBs, no volume header present at scan time, or corrupted payload, detected via checksum. In the Fastmap case the former method won't trigger as no scan happened and UBI automatically thinks all LEBs are present. Only by reading data from a LEB it detects that the volume header is missing and incorrectly treats this as fatal error. To deal with the situation ubi_eba_read_leb() from now on checks whether we attached via Fastmap and handles the absence of a volume header like a data corruption error. This way interrupted static volume updates will correctly get detected also when Fastmap is used. Cc: <stable@vger.kernel.org> Reported-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar> Tested-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
1e0a74f1 |
|
07-May-2016 |
Richard Weinberger <richard@nod.at> |
UBI: Don't read back all data in ubi_eba_copy_leb() Drop this paranoia check from the old days. If our MTD driver or the flash is so bad that we even cannot trust it to write data we have bigger problems. If one really does not trust the flash and wants write-verify she can enable UBI io checks using debugfs. Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
5347417e |
|
03-Jul-2015 |
Richard Weinberger <richard@nod.at> |
UBI: Fix debug message We have to use j instead of i. i is the volume id and not the block. Reported-by: Alexander.Block@continental-corporation.com Signed-off-by: Richard Weinberger <richard@nod.at> Acked-by: Brian Norris <computersforpeace@gmail.com>
|
#
111ab0b2 |
|
10-Nov-2014 |
Richard Weinberger <richard@nod.at> |
UBI: Fastmap: Locking updates a) Rename ubi->fm_sem to ubi->fm_eba_sem as this semaphore protects EBA changes. b) Turn ubi->fm_mutex into a rw semaphore. It will still serialize fastmap writes but also ensures that ubi_wl_put_peb() is not interrupted by a fastmap write. We use a rw semaphore to allow ubi_wl_put_peb() still to be executed in parallel if no fastmap write is happening. Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
8fb2a514 |
|
10-Nov-2014 |
Richard Weinberger <richard@nod.at> |
UBI: Fastmap: Fix race after ubi_wl_get_peb() ubi_wl_get_peb() returns a fresh PEB which can be used by user of UBI. Due to the pool logic fastmap will correctly map this PEB upon attach time because it will be scanned. If a new fastmap is written (due to heavy parallel io) while the before the fresh PEB is assigned to the EBA table it will not be scanned as it is no longer in the pool. So, the race window exists between ubi_wl_get_peb() and the EBA table assignment. We have to make sure that no new fastmap can be written while that. To ensure that ubi_wl_get_peb() will grab ubi->fm_sem in read mode and the user of ubi_wl_get_peb() has to release it after the PEB got assigned. Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
36a87e44 |
|
07-Oct-2014 |
Richard Weinberger <richard@nod.at> |
UBI: Fastmap: Fix race in ubi_eba_atomic_leb_change() This function a) requests a new PEB, b) writes data to it, c) returns the old PEB and d) registers the new PEB in the EBA table. For the non-fastmap case this works perfectly fine and is powercut safe. Is fastmap enabled this can lead to issues. If a new fastmap is written between a) and c) the freshly requested PEB is no longer in a pool and will not be scanned upon attaching. If now a powercut happens between c) and d) the freshly requested PEB will not be scanned and the old one got already scheduled for erase. After attaching the EBA table will point to a erased PEB. Fix this issue by swapping steps c) and d). Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
d74adbdb |
|
28-Feb-2015 |
Brian Norris <computersforpeace@gmail.com> |
UBI: fix out of bounds write If aeb->len >= vol->reserved_pebs, we should not be writing aeb into the PEB->LEB mapping. Caught by Coverity, CID #711212. Cc: stable <stable@vger.kernel.org> Signed-off-by: Brian Norris <computersforpeace@gmail.com> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
b388e6a7 |
|
23-Feb-2015 |
Brian Norris <computersforpeace@gmail.com> |
UBI: fix missing brace control flow commit 0e707ae79ba3 ("UBI: do propagate positive error codes up") seems to have produced an unintended change in the control flow here. Completely untested, but it looks obvious. Caught by Coverity, which didn't like the indentation. CID 1271184. Signed-off-by: Brian Norris <computersforpeace@gmail.com> Cc: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Richard Weinberger <richard@nod.at>
|
#
0e707ae7 |
|
25-Nov-2014 |
Artem Bityutskiy <artem.bityutskiy@linux.intel.com> |
UBI: do propagate positive error codes up UBI uses positive function return codes internally, and should not propagate them up, except in the place this path fixes. Here is the original bug report from Dan Carpenter: The problem is really in ubi_eba_read_leb(). drivers/mtd/ubi/eba.c 412 err = ubi_io_read_vid_hdr(ubi, pnum, vid_hdr, 1); 413 if (err && err != UBI_IO_BITFLIPS) { 414 if (err > 0) { 415 /* 416 * The header is either absent or corrupted. 417 * The former case means there is a bug - 418 * switch to read-only mode just in case. 419 * The latter case means a real corruption - we 420 * may try to recover data. FIXME: but this is 421 * not implemented. 422 */ 423 if (err == UBI_IO_BAD_HDR_EBADMSG || 424 err == UBI_IO_BAD_HDR) { 425 ubi_warn("corrupted VID header at PEB %d, LEB %d:%d", 426 pnum, vol_id, lnum); 427 err = -EBADMSG; 428 } else 429 ubi_ro_mode(ubi); On this path we return UBI_IO_FF and UBI_IO_FF_BITFLIPS and it eventually gets passed to ERR_PTR(). We probably dereference the bad pointer and oops. At that point we've gone read only so it was already a bad situation... 430 } 431 goto out_free; 432 } else if (err == UBI_IO_BITFLIPS) 433 scrub = 1; 434 Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
|
#
9ff08979 |
|
10-Jan-2015 |
Richard Weinberger <richard@nod.at> |
UBI: Add initial support for scatter gather Adds a new set of functions to deal with scatter gather. ubi_eba_read_leb_sg() will read from a LEB into a scatter gather list. The new data structure struct ubi_sgl will be used within UBI to hold the scatter gather list itself and metadata to have a cursor within the list. Signed-off-by: Richard Weinberger <richard@nod.at> Tested-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar> Reviewed-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
|
#
32608703 |
|
20-Oct-2014 |
Tanya Brokhman <tlinder@codeaurora.org> |
UBI: Extend UBI layer debug/messaging capabilities If there is more then one UBI device mounted, there is no way to distinguish between messages from different UBI devices. Add device number to all ubi layer message types. The R/O block driver messages were replaced by pr_* since ubi_device structure is not used by it. Amended a bit by Artem. Signed-off-by: Tanya Brokhman <tlinder@codeaurora.org> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
|
#
170505f5 |
|
22-Sep-2014 |
Richard Weinberger <richard@nod.at> |
UBI: ubi_eba_read_leb: Remove in vain variable assignment There is no need to set err, it will be overwritten in any case later at: if (scrub) err = ubi_wl_scrub_peb(ubi, pnum); Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
|
#
8974b15c |
|
26-Sep-2012 |
Richard Weinberger <richard@nod.at> |
UBI: Wire-up ->fm_sem Fastmap uses ->fm_sem to stop EBA changes while writing a new fastmap. Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
|
#
00abf304 |
|
26-Sep-2012 |
Richard Weinberger <richard@nod.at> |
UBI: Add self_check_eba() self_check_eba() compares two ubi_attach_info objects. Fastmap uses this function for self checks. Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
|
#
a7306653 |
|
26-Sep-2012 |
Richard Weinberger <richard@nod.at> |
UBI: Export next_sqnum() Fastmap needs next_sqnum(), rename it to ubi_next_sqnum() and make it non-static. Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
|
#
049333ce |
|
27-Aug-2012 |
Artem Bityutskiy <artem.bityutskiy@linux.intel.com> |
UBI: comply with coding style Join all the split printk lines in order to stop checkpatch complaining. Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
|
#
d36e59e6 |
|
18-May-2012 |
Joel Reardon <joel@clambassador.com> |
UBI: add lnum and vol_id to struct ubi_work This is part of a multipart patch to allow UBI to force the erasure of particular logical eraseblock numbers. In this patch, the volume id and LEB number are added to ubi_work data structure, and both are also passed as a parameter to schedule erase to set it appropriately. Whenever ubi_wl_put_peb is called, the lnum is also passed to be forwarded to schedule erase. Later, a new ubi_sync_lnum will be added to execute immediately all work related to that lnum. This was tested by outputting the vol_id and lnum during the schedule of erasure. The ubi thread was disabled and two ubifs drives on separate partitions repeated changed a small number of LEBs. The ubi module was readded, and all the erased LEBs, corresponding to the volumes, were added to the schedule erase queue. Artem: minor tweaks Signed-off-by: Joel Reardon <reardonj@inf.ethz.ch> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
|
#
41e0cd9d |
|
17-May-2012 |
Artem Bityutskiy <artem.bityutskiy@linux.intel.com> |
UBI: rename _init_scan functions We have a couple of initialization funcntionsn left which have "_scan" suffic - rename them: ubi_eba_init_scan() -> ubi_eba_init() ubi_wl_init_scan() -> ubi_wl_init() Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
|
#
0bae2887 |
|
17-May-2012 |
Artem Bityutskiy <artem.bityutskiy@linux.intel.com> |
UBI: rename ubi_scan_move_to_list The old name is not logical anymore - rename it to 'ubi_move_aeb_to_list()'. Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
|
#
dcd85fdd |
|
17-May-2012 |
Artem Bityutskiy <artem.bityutskiy@linux.intel.com> |
UBI: rename ubi_scan_find_av The old name is not logical anymore - rename it to 'ubi_find_av()'. Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
|
#
517af48c |
|
17-May-2012 |
Artem Bityutskiy <artem.bityutskiy@linux.intel.com> |
UBI: rename sv to av After re-naming the 'struct ubi_scan_volume' we should adjust all variables named 'sv' to something else, because 'sv' stands for "scanning volume". Let's rename it to 'av' which stands for "attaching volume" which is a bit more consistent and has the same length, which makes re-naming easy. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@linux.intel.com>
|
#
a4e6042f |
|
17-May-2012 |
Artem Bityutskiy <Artem.Bityutskiy@linux.intel.com> |
UBI: rename si to ai After re-naming the 'struct ubi_scan_info' we should adjust all variables named 'si' to something else, because 'si' stands for "scanning info". Let's rename it to 'ai' which stands for "attaching info" which is a bit more consistent and has the same length, which makes re-naming easy. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@linux.intel.com>
|
#
2c5ec5ce |
|
16-May-2012 |
Artem Bityutskiy <Artem.Bityutskiy@linux.intel.com> |
UBI: rename seb to aeb After re-naming the 'struct ubi_scan_leb' we should adjust all variables named 'seb' to something else, because 'seb' stands for "scanning eraseblock". Let's rename it to 'aeb' which stands for "attaching eraseblock" which is a bit more consistend and has the same length. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@linux.intel.com>
|
#
afc15a81 |
|
16-May-2012 |
Artem Bityutskiy <Artem.Bityutskiy@linux.intel.com> |
UBI: rename struct ubi_scan_info Rename 'struct ubi_scan_info' to 'struct ubi_attach_info'. This is part of the code re-structuring I am trying to do in order to add fastmap in a more logical way. Fastmap can share a lot with scanning, including the attach-time data structures, which all now have "scan" word in the name. Let's get rid of this word. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@linux.intel.com>
|
#
cb28a932 |
|
16-May-2012 |
Artem Bityutskiy <Artem.Bityutskiy@linux.intel.com> |
UBI: rename struct ubi_scan_volume Rename 'struct ubi_scan_volume' to 'struct ubi_ainf_volume'. This is part of the code re-structuring I am trying to do in order to add fastmap in a more logical way. Fastmap can share a lot with scanning, including the attach-time data structures, which all now have "scan" word in the name. Let's get rid of this word and use "ainf" instead which stands for "attach information". It has the same length as "scan" so re-naming is trivial. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@linux.intel.com>
|
#
227423d2 |
|
16-May-2012 |
Artem Bityutskiy <Artem.Bityutskiy@linux.intel.com> |
UBI: rename struct ubi_scan_leb Rename 'struct ubi_scan_leb' to 'struct ubi_ainf_leb'. This is part of the code re-structuring I am trying to do in order to add fastmap in a more logical way. Fastmap can share a lot with scanning, including the attach-time data structures, which all now have "scan" word in the name. Let's get rid of this word and use "ainf" instead which stands for "attach information". It has the same length as "scan" so re-naming is trivial. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@linux.intel.com>
|
#
b36a261e |
|
14-May-2012 |
Richard Weinberger <richard@nod.at> |
UBI: Kill data type hint We do not need this feature and to our shame it even was not working and there was a bug found very recently. -- Artem Bityutskiy Without the data type hint UBI2 (fastmap) will be easier to implement. Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
|
#
cc831464 |
|
09-Mar-2012 |
Artem Bityutskiy <artem.bityutskiy@linux.intel.com> |
UBI: rename MOVE_CANCEL_BITFLIPS to MOVE_TARGET_BITFLIPS While looking at a problem reported by UBI around the PEB moving area I noticed that the 'MOVE_CANCEL_BITFLIPS' is a bit inconsistent name and 'MOVE_TARGET_BITFLIPS' better - let's rename it. Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
|
#
0ca39d74 |
|
08-Mar-2012 |
Artem Bityutskiy <artem.bityutskiy@linux.intel.com> |
UBI: rename peb_buf1 to peb_buf Now we have only one buffer so let's rename it to just 'peb_buf1'. Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
|
#
43b043e7 |
|
22-Feb-2012 |
Josselin Costanzi <josselin.costanzi@mobile-devices.fr> |
UBI: reduce memory consumption Remove the pre-allocated 'peb_buf2' buffer because we do not really need it. The only reason UBI has it is to check that the data were written correctly. But we do not have to have 2 buffers for this and waste RAM - we can just compare CRC checksums instead. This reduces UBI memory consumption. Artem bityutskiy: massaged the patch and commit message Signed-off-by: Josselin Costanzi <josselin.costanzi@mobile-devices.fr> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
|
#
e801e128 |
|
30-Nov-2011 |
Bhavesh Parekh <bparekh@nvidia.com> |
UBI: fix missing scrub when there is a bit-flip Under some cases, when scrubbing the PEB if we did not get the lock on the PEB it fails to scrub. Add that PEB again to the scrub list Artem: minor amendments. Cc: stable@kernel.org [2.6.31+] Signed-off-by: Bhavesh Parekh <bparekh@nvidia.com> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
|
#
d57f4054 |
|
20-Sep-2011 |
Brian Norris <computersforpeace@gmail.com> |
mtd: utilize `mtd_is_*()' functions Signed-off-by: Brian Norris <computersforpeace@gmail.com> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@intel.com>
|
#
5fc01ab6 |
|
03-Sep-2010 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: preserve corrupted PEBs Currently UBI erases all corrupted eraseblocks, irrespectively of the nature of corruption: corruption due to power cuts and non-power cut corruption. The former case is OK, but the latter is not, because UBI may destroy potentially important data. With this patch, during scanning, when UBI hits a PEB with corrupted VID header, it checks whether this PEB contains only 0xFF data. If yes, it is safe to erase this PEB and it is put to the 'erase' list. If not, this may be important data and it is better to avoid erasing this PEB. Instead, UBI puts it to the corr list and moves out of the pool of available PEB. IOW, UBI preserves this PEB. Such corrupted PEB lessen the amount of available PEBs. So the more of them we accumulate, the less PEBs are available. The maximum amount of non-power cut corrupted PEBs is 8. This patch is a response to UBIFS problem where reporter (Matthew L. Creech <mlcreech@gmail.com>) observes that UBIFS index points to an unmapped LEB. The theory is that corresponding PEB somehow got corrupted and UBI wiped it. This patch (actually a series of patches) tries to make sure such PEBs are preserved - this would make it is easier to analyze the corruption. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
756e1df1 |
|
02-Sep-2010 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: rename IO error code Rename UBI_IO_BAD_HDR_READ into UBI_IO_BAD_HDR_EBADMSG which is presumably more self-documenting and readable. Indeed, the '_READ' suffix does not tell much and even confuses, while '_EBADMSG' tells about uncorrectable ECC error, because we use -EBADMSG all over the place to represent ECC errors. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
64d4b4c9 |
|
30-Jul-2010 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: do not warn unnecessarily Currently, when UBI attaches an MTD device and cannot reserve all 1% (by default) of PEBs for bad eraseblocks handling, it prints a warning. However, Matthew L. Creech <mlcreech@gmail.com> is not very happy to see this warning, because he did reserve enough of PEB at the beginning, but with time some PEBs became bad. The warning is not necessary in this case. This patch makes UBI print the warning o if this is a new image o of this is used image and the amount of reserved PEBs is only 10% (or less) of the size of the reserved PEB pool. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
eb89580e |
|
03-May-2010 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: introduce a new IO return code This patch introduces the %UBI_IO_BAD_HDR_READ return code for the I/O level function. We will use this code in order to distinguish between "corrupted header possibly because this is non-ubi data" and "corrupted header possibly because of real data corruption and ECC error". So far this patch does not introduce any functional change, just a preparation. This patch is pased on a patch from Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com> Reviewed-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Tested-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
|
#
786d7831 |
|
30-Apr-2010 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: simplify IO error codes We do not really need 2 separate error codes for indicating bad VID and bad EC headers (UBI_IO_BAD_EC_HDR, UBI_IO_BAD_VID_HDR), it is enough to have only one UBI_IO_BAD_HDR return code. This patch does not introduce any functional change, only some code simplification. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com> Reviewed-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Tested-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
|
#
fd589a8f |
|
16-Jul-2009 |
Anand Gadiyar <gadiyar@ti.com> |
trivial: fix typo "to to" in multiple files Signed-off-by: Anand Gadiyar <gadiyar@ti.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
|
#
7194e6f9 |
|
24-Jul-2009 |
Adrian Hunter <Adrian.Hunter@nokia.com> |
UBI: fix double free on error path If we fail in 'ubi_eba_init_scan()', we free 'ubi->volumes[i]->eba_tbl' in there, but also later free it in 'free_internal_volumes()'. Fix this by assigning NULL to 'ubi->volumes[i]->eba_tbl' after it is freed. Signed-off-by: Adrian Hunter <adrian.hunter@nokia.com> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
6b5c94c6 |
|
10-Jun-2009 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: handle more error codes The UBIFS WL worker may encounter read errors and there is logic which makes a decision whether we should do one of: 1. cancel the operation and move the PEB with the read errors to the 'erroneous' list; 2. switch to R/O mode. ATM, only -EIO errors trigger 1., other errors trigger 2. The idea is that if we know we encountered an I/O error, do 1. Otherwise, we do not know how to react, and do 2., just in case. E.g., if the underlying driver became crazy because of a bug, we do not want to harm any data, and switch to R/O mode. This patch does 2 things: 1. Makes sure reads from the source PEB always cause 1. This is more consistent with other reads which come from the upper layers and never cause R/O. 2. Teaches UBI to do 1. also on -EBADMSG, UBI_IO_BAD_VID_HDR, -ENOMEM, and -ETIMEOUT. But this is only when reading the target PEB. This preblems were hunted by Adrian Hunter. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
815bc5f8f |
|
08-Jun-2009 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: fix multiple spelling typos Some of the typos were indicated by Adrian Hunter, some by 'aspell'. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
b86a2c56 |
|
24-May-2009 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: do not switch to R/O mode on read errors This patch improves UBI errors handling. ATM UBI switches to R/O mode when the WL worker fails to read the source PEB. This means that the upper layers (e.g., UBIFS) has no chances to unmap the erroneous PEB and fix the error. This patch changes this behaviour and makes UBI put PEBs like this into a separate RB-tree, thus preventing the WL worker from hitting the same read errors again and again. But there is a 10% limit on a maximum amount of PEBs like this. If there are too much of them, UBI switches to R/O mode. Additionally, this patch teaches UBI not to panic and switch to R/O mode if after a PEB has been copied, the target LEB cannot be read back. Instead, now UBI cancels the operation and schedules the target PEB for torturing. The error paths has been tested by ingecting errors into 'ubi_eba_copy_leb()'. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
87960c0b |
|
24-May-2009 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: fix and clean-up error paths in WL worker This patch fixes the error path in the WL worker - in same cases UBI oopses when 'goto out_error' happens and e1 or e2 are NULL. This patch also cleans up the error paths a little. And I have tested nearly all error paths in the WL worker. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
90bf0265 |
|
23-May-2009 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: introduce new constants This patch is a clean-up and a preparation for the following patches. It introduece constants for the return values of the 'ubi_eba_copy_leb()' function. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
025dfdaf |
|
16-Oct-2008 |
Frederik Schwarzer <schwarzerf@gmail.com> |
trivial: fix then -> than typos in comments and documentation - (better, more, bigger ...) then -> (...) than Signed-off-by: Frederik Schwarzer <schwarzerf@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
|
#
6fa6f5bb |
|
05-Dec-2008 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: handle write errors in WL worker When a PEB is moved and a write error happens, UBI switches to R/O mode, which is wrong, because we just copy the data and may select a different PEB and re-try this. This patch fixes WL worker's behavior. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
4df581f3 |
|
04-Dec-2008 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: fix deadlock We cannot call 'ubi_wl_get_peb()' with @ubi->buf_mutex locked, because 'ubi_wl_get_peb()' may force erasure, which, in turn, may call 'torture_peb()' which also locks the @ubi->buf_mutex and deadlocks. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
b77bcb07 |
|
29-Oct-2008 |
Zoltan Sogor <weth@inf.u-szeged.hu> |
UBI: fix EBADMSG handling 'ubi_io_read_data()' may return EBADMSG in case of an ECC error, and we should not panic because of this. We have CRC32 checksum and may check the data. So just ignore the EBADMSG error. This patch also fixes a minor spelling error at the same time. Signed-off-by: Zoltan Sogor <weth@inf.u-szeged.hu> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
9c9ec147 |
|
18-Jul-2008 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: fix checkpatch.pl errors and warnings Just out or curiousity ran checkpatch.pl for whole UBI, and discovered there are quite a few of stylistic issues. Fix them. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
4d88de4b |
|
17-Jul-2008 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: bugfix - do not torture PEB needlessly This is probably a copy-paste bug - we torture the old PEB in the atomic LEB change function, but we should not do this. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
85c6e6e2 |
|
16-Jul-2008 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: amend commentaries Hch asked not to use "unit" for sub-systems, let it be so. Also some other commentaries modifications. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
23add745 |
|
16-Jun-2008 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: fix LEB locking leb_read_unlock() may be called simultaniously by several tasks. The would race at the following code: up_read(&le->mutex); if (free) kfree(le); And it is possible that one task frees 'le' before the other tasks do 'up_read()'. Fix this by doing up_read and free inside the 'ubi->ltree' lock. Below it the oops we had because of this: BUG: spinlock bad magic on CPU#0, integck/7504 BUG: unable to handle kernel paging request at 6b6b6c4f IP: [<c0211221>] spin_bug+0x5c/0xdb *pde = 00000000 Oops: 0000 [#1] PREEMPT SMP Modules linked in: ubifs ubi nandsim nand nand_ids nand_ecc video output Pid: 7504, comm: integck Not tainted (2.6.26-rc3ubifs26 #8) EIP: 0060:[<c0211221>] EFLAGS: 00010002 CPU: 0 EIP is at spin_bug+0x5c/0xdb EAX: 00000032 EBX: 6b6b6b6b ECX: 6b6b6b6b EDX: f7f7ce30 ESI: f76491dc EDI: c044f51f EBP: e8a736cc ESP: e8a736a8 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 Process integck (pid: 7504, ti=e8a72000 task=f7f7ce30 task.ti=e8a72000) Stack: c044f754 c044f51f 00000000 f7f7d024 00001d50 00000001 f76491dc 00000296 f6df50e0 e8a736d8 c02112f0 f76491dc e8a736e8 c039157a f7d9e830 f76491d8 e8a7370c c020b975 f76491dc 00000296 f76491f8 00000000 f76491d8 00000000 Call Trace: [<c02112f0>] ? _raw_spin_unlock+0x50/0x7c [<c039157a>] ? _spin_unlock_irqrestore+0x20/0x58 [<c020b975>] ? rwsem_wake+0x4b/0x122 [<c0390e0a>] ? call_rwsem_wake+0xa/0xc [<c0139ee7>] ? up_read+0x28/0x31 [<f8873b3c>] ? leb_read_unlock+0x73/0x7b [ubi] [<f88742a3>] ? ubi_eba_read_leb+0x195/0x2b0 [ubi] [<f8872a04>] ? ubi_leb_read+0xaf/0xf8 [ubi] Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
abc5e922 |
|
04-Jun-2008 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: fix memory leak ubi_free_volume() function sets ubi->volumes[] to NULL, so ubi_eba_close() is useless, it does not free what has to be freed. So zap it and free vol->eba_tbl at the volume release function. Pointed-out-by: Adrian Hunter <ext-adrian.hunter@nokia.com> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
cadb40cc |
|
21-May-2008 |
Kyungmin Park <kyungmin.park@samsung.com> |
UBI: avoid unnecessary division operations UBI already checks that @min io size is the power of 2 at io_init. It is save to use bit operations then. Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
60c03153 |
|
24-Jan-2008 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: handle zero-length case ubi_eba_atomic_leb_change() has to just map the LEB to a free PEB if data length is zero. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
91f2d53c |
|
24-Jan-2008 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: add layout volume information Add more information about layout volume to make userspace tools use the macros instead of constants. Also rename UBI_LAYOUT_VOL_ID to make it consistent with other macros. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
4ccf8cff |
|
16-Jan-2008 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: add auto-resize feature The problem: NAND flashes have different amount of initial bad physical eraseblocks (marked as bad by the manufacturer). For example, for 256MiB Samsung OneNAND flash there might be from 0 to 40 bad initial eraseblocks, which is about 2%. When UBI is used as the base system, one needs to know the exact amount of good physical eraseblocks, because this number is needed to create the UBI image which is put to the devices during production. But this number is not know, which forces us to use the minimum number of good physical eraseblocks. And UBI additionally reserves some percentage of physical eraseblocks for bad block handling (default is 1%), so we have 1-3% of PEBs reserved at the end, depending on the amount of initial bad PEBs. But it is desired to always have 1% (or more, depending on the configuration). Solution: this patch adds an "auto-resize" flag to the volume table. The volume which has the "auto-resize" flag will automatically be re-sized (enlarged) on the first UBI initialization. UBI clears the flag when the volume is re-sized. Only one volume may have the "auto-resize" flag. So, the production UBI image may have one volume with "auto-resize" flag set, and its size is automatically adjusted on the first boot of the device. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
b9a06623 |
|
15-Jan-2008 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: get rid of ubi_ltree_slab This slab cache is not really needed since the number of objects is low and the constructor does not make much sense because we allocate oblects when doint I/O, which is way slower then allocation. Suggested-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
e73f4459 |
|
17-Dec-2007 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: add UBI devices reference counting This is one more step on the way to "removable" UBI devices. It adds reference counting for UBI devices. Every time a volume on this device is opened - the device's refcount is increased. It is also increased if someone is reading any sysfs file of this UBI device or of one of its volumes. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
43f9b25a |
|
18-Dec-2007 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: bugfix: protect from volume removal When the WL worker is moving an LEB, the volume might go away occasionally. UBI does not handle these situations correctly. This patch introduces a new mutex which serializes wear-levelling worker and the the 'ubi_wl_put_peb()' function. Now, if one puts an LEB, and its PEB is being moved, it will wait on the mutex. And because we unmap all LEBs when removing volumes, this will make the volume remove function to wait while the LEB movement finishes. Below is an example of an oops which should be fixed by this patch: Pid: 9167, comm: io_paral Not tainted (2.6.24-rc5-ubi-2.6.git #2) EIP: 0060:[<f884a379>] EFLAGS: 00010246 CPU: 0 EIP is at prot_tree_del+0x2a/0x63 [ubi] EAX: f39a90e0 EBX: 00000000 ECX: 00000000 EDX: 00000134 ESI: f39a90e0 EDI: f39a90e0 EBP: f2d55ddc ESP: f2d55dd4 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 Process io_paral (pid: 9167, ti=f2d54000 task=f72a8030 task.ti=f2d54000) Stack: f39a95f8 ef6aae50 f2d55e08 f884a511 f88538e1 f884ecea 00000134 00000000 f39a9604 f39a95f0 efea8280 00000000 f39a90e0 f2d55e40 f8847261 f8850c3c f884eaad 00000001 000000b9 00000134 00000172 000000b9 00000134 00000001 Call Trace: [<c0105227>] show_trace_log_lvl+0x1a/0x30 [<c01052e2>] show_stack_log_lvl+0xa5/0xca [<c01053d6>] show_registers+0xcf/0x21b [<c0105648>] die+0x126/0x224 [<c0119a62>] do_page_fault+0x27f/0x60d [<c037dd62>] error_code+0x72/0x78 [<f884a511>] ubi_wl_put_peb+0xf0/0x191 [ubi] [<f8847261>] ubi_eba_unmap_leb+0xaf/0xcc [ubi] [<f8843c21>] ubi_remove_volume+0x102/0x1e8 [ubi] [<f8846077>] ubi_cdev_ioctl+0x22a/0x383 [ubi] [<c017d768>] do_ioctl+0x68/0x71 [<c017d7c6>] vfs_ioctl+0x55/0x271 [<c017da15>] sys_ioctl+0x33/0x52 [<c0104152>] sysenter_past_esp+0x5f/0xa5 ======================= Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
d05c77a8 |
|
17-Dec-2007 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: introduce volume refcounting Add ref_count field to UBI volumes and remove weired "vol->removed" field. This way things are better understandable and we do not have to do whold show_attr operation under spinlock. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
c63a491d |
|
17-Dec-2007 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: add some more comments Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
89b96b69 |
|
16-Dec-2007 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: improve internal interfaces Pass volume description object to the EBA function which makes more sense, and EBA function do not have to find the volume description object by volume ID. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
3a8d4642 |
|
15-Dec-2007 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: create ltree_entry slab on initialization Since the ltree_entry slab cache is a global entity, which is used by all UBI devices, it is more logical to create it on module initialization time and destro on module exit time. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
393852ec |
|
06-Dec-2007 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: add ubi_leb_map interface The idea of this interface belongs to Adrian Hunter. The interface is extremely useful when one has to have a guarantee that an LEB will contain all 0xFFs even in case of an unclean reboot. UBI does have an 'ubi_leb_erase()' call which may do this, but it is stupid and ineffecient, because it flushes whole queue. I should be re-worked to just be a pair of unmap, map calls. The user of the interfaci is UBIFS at the moment. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
94780d4d |
|
04-Dec-2007 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: bugfix: allocate mandatory EBs first First allocate the necessary eraseblocks, then the optional ones. Otherwise it allocates all PEBs for bad EB handling, and fails on then following EBA LEB allocation. Reported-by: Adrian Hunter <ext-adrian.hunter@nokia.com> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
4ba9b9d0 |
|
17-Oct-2007 |
Christoph Lameter <clameter@sgi.com> |
Slab API: remove useless ctor parameter and reorder parameters Slab constructors currently have a flags parameter that is never used. And the order of the arguments is opposite to other slab functions. The object pointer is placed before the kmem_cache pointer. Convert ctor(void *object, struct kmem_cache *s, unsigned long flags) to ctor(struct kmem_cache *s, void *object) throughout the kernel [akpm@linux-foundation.org: coupla fixes] Signed-off-by: Christoph Lameter <clameter@sgi.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
cc5f4f28 |
|
14-Oct-2007 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: return correct error code Fix the following warning: drivers/mtd/ubi/eba.c: In function 'ubi_eba_init_scan': drivers/mtd/ubi/eba.c:1116: warning: 'err' may be used uninitialized in this function Pointed-to-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
e8823bd6 |
|
13-Sep-2007 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: fix atomic LEB change problems When the UBI device is nearly full, i.e. all LEBs are mapped, we have only one spare LEB left - the one we reserved for WL purposes. Well, I do not count the LEBs which were reserved for bad PEB handling - suppose NOR flash for simplicity. If an "atomic LEB change operation" is run, and the WL unit is moving a LEB, we have no spare LEBs to finish the operation and fail, which is not good. Moreover, if there are 2 or more simultanious "atomic LEB change" requests, only one of them has chances to succeed, the other will fail with -ENOSPC. Not good either. This patch does 2 things: 1. Reserves one PEB for the "atomic LEB change" operation. 2. Serealize the operations so that only on of them may run at a time (by means of a mutex). Pointed-to-by: Brijesh Singh <brijesh.s.singh@gmail.com> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
e88d6e10 |
|
29-Aug-2007 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: do not use vmalloc on I/O path Similar reason as in case of the previous patch: it causes deadlocks if a filesystem with writeback support works on top of UBI. So pre-allocate needed buffers when attaching MTD device. We also need mutexes to protect the buffers, but they do not cause much contantion because they are used in recovery, torture, and WL copy routines, which are called seldom. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
33818bbb |
|
28-Aug-2007 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: allocate memory with GFP_NOFS Use GFP_NOFS flag when allocating memory on I/O path, because otherwise we may deadlock the filesystem which works on top of us. We observed the deadlocks with UBIFS. Example: VFS->FS lock a lock->UBI->kmalloc()->VFS writeback->FS locks the same lock again. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
20c2df83 |
|
19-Jul-2007 |
Paul Mundt <lethal@linux-sh.org> |
mm: Remove slab destructors from kmem_cache_create(). Slab destructors were no longer supported after Christoph's c59def9f222d44bb7e2f0a559f2906191a0862d7 change. They've been BUGs for both slab and slub, and slob never supported them either. This rips out support for the dtor pointer from kmem_cache_create() completely and fixes up every single callsite in the kernel (there were about 224, not including the slab allocator definitions themselves, or the documentation references). Signed-off-by: Paul Mundt <lethal@linux-sh.org>
|
#
84a92580 |
|
04-Jul-2007 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: fix bug in atomic_leb_change() atomic_leb_change() is only allowed for dynamic volumes, so set the volume type correctly. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
a443db48 |
|
21-May-2007 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: bugfix in ubi_leb_change() Do not call 'ubi_wl_put_peb()' if the LEB was unmapped. Reported-by: Gabor Loki <loki@inf.u-szeged.hu> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
3261ebd7 |
|
21-May-2007 |
Christoph Hellwig <hch@lst.de> |
UBI: kill homegrown endian macros Kill UBI's homegrown endianess handling and replace it with the standard kernel endianess handling. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
92ad8f37 |
|
06-May-2007 |
Artem Bityutskiy <Artem.Bityutskiy@nokia.com> |
UBI: use vmalloc for large buffers UBI allocates temporary buffers of PEB size, which may be 256KiB. Use vmalloc instead of kmalloc for such big temporary buffers. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
|
#
a6343afb |
|
17-Jul-2007 |
Jeff Garzik <jeff@garzik.org> |
drivers/*: mark variables with uninitialized_var() Mark variables in drivers/* with uninitialized_var() if such a warning appears, and analysis proves that the var is initialized properly on all paths it is used. Signed-off-by: Jeff Garzik <jeff@garzik.org>
|
#
2ab934b8 |
|
16-Jul-2007 |
Jeff Garzik <jeff@garzik.org> |
drivers/mtd/ubi/eba: minor cleanup: tighten scope of a local var Signed-off-by: Jeff Garzik <jeff@garzik.org>
|
#
a35afb83 |
|
16-May-2007 |
Christoph Lameter <clameter@sgi.com> |
Remove SLAB_CTOR_CONSTRUCTOR SLAB_CTOR_CONSTRUCTOR is always specified. No point in checking it. Signed-off-by: Christoph Lameter <clameter@sgi.com> Cc: David Howells <dhowells@redhat.com> Cc: Jens Axboe <jens.axboe@oracle.com> Cc: Steven French <sfrench@us.ibm.com> Cc: Michael Halcrow <mhalcrow@us.ibm.com> Cc: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> Cc: Miklos Szeredi <miklos@szeredi.hu> Cc: Steven Whitehouse <swhiteho@redhat.com> Cc: Roman Zippel <zippel@linux-m68k.org> Cc: David Woodhouse <dwmw2@infradead.org> Cc: Dave Kleikamp <shaggy@austin.ibm.com> Cc: Trond Myklebust <trond.myklebust@fys.uio.no> Cc: "J. Bruce Fields" <bfields@fieldses.org> Cc: Anton Altaparmakov <aia21@cantab.net> Cc: Mark Fasheh <mark.fasheh@oracle.com> Cc: Paul Mackerras <paulus@samba.org> Cc: Christoph Hellwig <hch@lst.de> Cc: Jan Kara <jack@ucw.cz> Cc: David Chinner <dgc@sgi.com> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
50953fe9 |
|
06-May-2007 |
Christoph Lameter <clameter@sgi.com> |
slab allocators: Remove SLAB_DEBUG_INITIAL flag I have never seen a use of SLAB_DEBUG_INITIAL. It is only supported by SLAB. I think its purpose was to have a callback after an object has been freed to verify that the state is the constructor state again? The callback is performed before each freeing of an object. I would think that it is much easier to check the object state manually before the free. That also places the check near the code object manipulation of the object. Also the SLAB_DEBUG_INITIAL callback is only performed if the kernel was compiled with SLAB debugging on. If there would be code in a constructor handling SLAB_DEBUG_INITIAL then it would have to be conditional on SLAB_DEBUG otherwise it would just be dead code. But there is no such code in the kernel. I think SLUB_DEBUG_INITIAL is too problematic to make real use of, difficult to understand and there are easier ways to accomplish the same effect (i.e. add debug code before kfree). There is a related flag SLAB_CTOR_VERIFY that is frequently checked to be clear in fs inode caches. Remove the pointless checks (they would even be pointless without removeal of SLAB_DEBUG_INITIAL) from the fs constructors. This is the last slab flag that SLUB did not support. Remove the check for unimplemented flags from SLUB. Signed-off-by: Christoph Lameter <clameter@sgi.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
801c135c |
|
26-Jun-2006 |
Artem B. Bityutskiy <dedekind@linutronix.de> |
UBI: Unsorted Block Images UBI (Latin: "where?") manages multiple logical volumes on a single flash device, specifically supporting NAND flash devices. UBI provides a flexible partitioning concept which still allows for wear-levelling across the whole flash device. In a sense, UBI may be compared to the Logical Volume Manager (LVM). Whereas LVM maps logical sector numbers to physical HDD sector numbers, UBI maps logical eraseblocks to physical eraseblocks. More information may be found at http://www.linux-mtd.infradead.org/doc/ubi.html Partitioning/Re-partitioning An UBI volume occupies a certain number of erase blocks. This is limited by a configured maximum volume size, which could also be viewed as the partition size. Each individual UBI volume's size can be changed independently of the other UBI volumes, provided that the sum of all volume sizes doesn't exceed a certain limit. UBI supports dynamic volumes and static volumes. Static volumes are read-only and their contents are protected by CRC check sums. Bad eraseblocks handling UBI transparently handles bad eraseblocks. When a physical eraseblock becomes bad, it is substituted by a good physical eraseblock, and the user does not even notice this. Scrubbing On a NAND flash bit flips can occur on any write operation, sometimes also on read. If bit flips persist on the device, at first they can still be corrected by ECC, but once they accumulate, correction will become impossible. Thus it is best to actively scrub the affected eraseblock, by first copying it to a free eraseblock and then erasing the original. The UBI layer performs this type of scrubbing under the covers, transparently to the UBI volume users. Erase Counts UBI maintains an erase count header per eraseblock. This frees higher-level layers (like file systems) from doing this and allows for centralized erase count management instead. The erase counts are used by the wear-levelling algorithm in the UBI layer. The algorithm itself is exchangeable. Booting from NAND For booting directly from NAND flash the hardware must at least be capable of fetching and executing a small portion of the NAND flash. Some NAND flash controllers have this kind of support. They usually limit the window to a few kilobytes in erase block 0. This "initial program loader" (IPL) must then contain sufficient logic to load and execute the next boot phase. Due to bad eraseblocks, which may be randomly scattered over the flash device, it is problematic to store the "secondary program loader" (SPL) statically. Also, due to bit-flips it may become corrupted over time. UBI allows to solve this problem gracefully by storing the SPL in a small static UBI volume. UBI volumes vs. static partitions UBI volumes are still very similar to static MTD partitions: * both consist of eraseblocks (logical eraseblocks in case of UBI volumes, and physical eraseblocks in case of static partitions; * both support three basic operations - read, write, erase. But UBI volumes have the following advantages over traditional static MTD partitions: * there are no eraseblock wear-leveling constraints in case of UBI volumes, so the user should not care about this; * there are no bit-flips and bad eraseblocks in case of UBI volumes. So, UBI volumes may be considered as flash devices with relaxed restrictions. Where can it be found? Documentation, kernel code and applications can be found in the MTD gits. What are the applications for? The applications help to create binary flash images for two purposes: pfi files (partial flash images) for in-system update of UBI volumes, and plain binary images, with or without OOB data in case of NAND, for a manufacturing step. Furthermore some tools are/and will be created that allow flash content analysis after a system has crashed.. Who did UBI? The original ideas, where UBI is based on, were developed by Andreas Arnez, Frank Haverkamp and Thomas Gleixner. Josh W. Boyer and some others were involved too. The implementation of the kernel layer was done by Artem B. Bityutskiy. The user-space applications and tools were written by Oliver Lohmann with contributions from Frank Haverkamp, Andreas Arnez, and Artem. Joern Engel contributed a patch which modifies JFFS2 so that it can be run on a UBI volume. Thomas Gleixner did modifications to the NAND layer. Alexander Schmidt made some testing work as well as core functionality improvements. Signed-off-by: Artem B. Bityutskiy <dedekind@linutronix.de> Signed-off-by: Frank Haverkamp <haver@vnet.ibm.com>
|