state: backend_storage: deal gracefully with runtime bucket corruption ...

Corrupting an already selected bucket and then reading it again will
crash barebox when it attempts the refresh:

  barebox$ state -l
  barebox$ mw -d /dev/eeprom0.state 0 0x42
  barebox$ state -l
  ERROR: state: No meta data header found
  state: Using bucket 1@0x00000040
  unable to handle NULL pointer dereference at address 0x00000000
  pc : [<4fe4f1ea>]    lr : [<4fe0bcb1>]
  sp : 4ffefd5c  ip : 00000000  fp : 2ff68f04
  r10: 4ffefdc8  r9 : 4b434d63  r8 : 30155f50
  r7 : 00000024  r6 : 2ff68b60  r5 : 2ff68e90  r4 : 00000000
  r3 : 00000024  r2 : 00000024  r1 : 30155f50  r0 : 00000000
  Flags: Nzcv  IRQs off  FIQs off  Mode SVC_32
  WARNING: [<4fe4f1ea>] (memcmp+0x14/0x1a) from [<4fe0bcb1>] (bucket_refresh.isra.0+0x4d/0x78)
  WARNING: [<4fe0bcb1>] (bucket_refresh.isra.0+0x4d/0x78) from [<4fe0be1d>] (state_storage_read+0xd1/0x104)
  WARNING: [<4fe0be1d>] (state_storage_read+0xd1/0x104) from [<4fe0a5bd>] (state_do_load+0x1d/0x78)
  WARNING: [<4fe0a5bd>] (state_do_load+0x1d/0x78) from [<4fe04137>] (execute_command+0x23/0x4c)

The memcmp called here is an optimization to skip I/O if the used bucket
and the one to be refreshed compare equal. Unfortunately, if the now
corrupt bucket was previously the used one, bucket->len will hold the
old value and we'll run into a NULL pointer dereference.

While this is quite inconvenient, it appears it doesn't affect
correctness: after the reset, the corrupt bucket will be refreshed
as expected.

Improve upon this by setting the length to zero when we are NULLing the
buffer. The zero length of the corrupted bucket will then compare unequal
to used_bucket->len in bucket_refresh() and ensure we will always refresh
the buffer if it becomes corrupted without an intermittent reset.

Fixes: 238008b4bd8f ("state: Drop cache bucket")
Cc: Enrico Jörns <ejo@pengutronix.de>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

common: state: harmonize code with dt-utils ...

Linux userspace with recent glibc versions lets barebox-state suffer from
linux/stat.h redefining 'struct statx' and because of that switched to the
inclusion of sys/stat.h instead, see dt-utils commit 1c80e31872ae ("src: fix
compilation for glibc version 2.27.9000-36.fc29 and newer").

We can follow this switch in barebox without any problems, too, as in barebox
sys/stat.h includes linux/stat.h (and adds some more definitions on top that
don't hurt us here).

Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

common: state: fix formatting of "off_t" variables ...

To harmonize the common codebase this ports the following dt-utils commit:

| commit 89d0332
| Author: Ulrich Ölmann <u.oelmann@pengutronix.de>
| Date:   Sun Feb 3 22:48:06 2019 +0100
|
|     state: fix formatting of "off_t" variables
|
|     Explicitely casting an "off_t" variable to "long long" and formatting it via
|     "%lld" or "%llx" respectively makes 32- as well as 64-bit compilers
|     happy (tested with gcc-8.2.1 and clang-7.0.1).
|
|     Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
|     Signed-off-by: Roland Hieber <rhi@pengutronix.de>

Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

state: don't use uninitialized variable ...

Printing 'ret' makes no sense.

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

state: use the given backend storage type name ...

Change 119f92b already tried to fix it, but
forgets the 'direct' usecase.

The 'backend-storage-type' node is optional. Its default depends on the
capability of the used backend memory, which means "circular" or NULL.
The latter defaults to 'direct' in the routines.
If it is NULL, the devicetree fixup routine skips exporting a
'backend-storage-type' node to the kernel's devicetree.

But currently if the 'backend-storage-type' node is explicitly given as
'direct', it will be skipped silently and set to NULL instead. In this
case the user of the 'barebox-state' tool then ends up with the warning:

"No backend-storage-type found, using default"

which is annoying, because it was given.

Storing the given value will still use a NULL if the
'backend-storage-type' node isn't defined, but stores everything else if
it is defined. Then the 'backend-storage-type' node is present in the
kernel's devicetree as well.

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

state: add debugging help ...

While working on the state documentation it turns out to be helpful to have
more debug messages while a developer implements a 'state' variable set
and tries to configure it correctly.

Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

Merge branch 'for-next/state'

state: backend_storage: remove unreachable error message ...

This looks like a leftover.

Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>

state: fix compile warnings for dev_err expansion ...

Fix the following warnings:

  CC      common/state/backend_format_dtb.o
In file included from include/common.h:33:0,
                 from common/state/backend_format_dtb.c:18:
common/state/backend_format_dtb.c: In function ‘state_backend_format_dtb_verify’:
include/printk.h:52:52: warning: format ‘%d’ expects argument of type ‘int’, but
argument 4 has type ‘size_t {aka long unsigned int}’ [-Wformat=]
   (level) <= LOGLEVEL ? dev_printf((level), (dev), (format), ##args) : 0; \
                                                    ^
include/printk.h:63:2: note: in expansion of macro ‘__dev_printf’
  __dev_printf(3, (dev) , format , ## arg)
  ^~~~~~~~~~~~
common/state/backend_format_dtb.c:52:3: note: in expansion of macro ‘dev_err’
   dev_err(fdtb->dev, "Error, stored DTB length (%d) longer than read buffer (%d)\n",
   ^~~~~~~
include/printk.h:52:52: warning: format ‘%d’ expects argument of type ‘int’, but
argument 5 has type ‘size_t {aka long unsigned int}’ [-Wformat=]
   (level) <= LOGLEVEL ? dev_printf((level), (dev), (format), ##args) : 0; \
                                                    ^
include/printk.h:63:2: note: in expansion of macro ‘__dev_printf’
  __dev_printf(3, (dev) , format , ## arg)
  ^~~~~~~~~~~~
common/state/backend_format_dtb.c:52:3: note: in expansion of macro ‘dev_err’
   dev_err(fdtb->dev, "Error, stored DTB length (%d) longer than read buffer (%d)\n",
   ^~~~~~~
  CC      common/state/backend_format_raw.o
In file included from include/common.h:33:0,
                 from common/state/backend_format_raw.c:18:
common/state/backend_format_raw.c: In function ‘backend_format_raw_verify’:
include/printk.h:52:52: warning: format ‘%d’ expects argument of type ‘int’, but
argument 4 has type ‘ssize_t {aka long int}’ [-Wformat=]
   (level) <= LOGLEVEL ? dev_printf((level), (dev), (format), ##args) : 0; \
                                                    ^
include/printk.h:63:2: note: in expansion of macro ‘__dev_printf’
  __dev_printf(3, (dev) , format , ## arg)
  ^~~~~~~~~~~~
common/state/backend_format_raw.c:111:3: note: in expansion of macro ‘dev_err’
   dev_err(backend_raw->dev, "Error, buffer length (%d) is shorter than the minimum required header length\n",
   ^~~~~~~
  CC      common/state/backend_storage.o
In file included from common/state/backend_storage.c:24:0:
common/state/backend_storage.c: In function ‘state_storage_mtd_buckets_init’:
include/printk.h:52:52: warning: format ‘%zu’ expects argument of type ‘size_t’,
but argument 5 has type ‘uint32_t {aka unsigned int}’ [-Wformat=]
   (level) <= LOGLEVEL ? dev_printf((level), (dev), (format), ##args) : 0; \
                                                    ^
include/printk.h:63:2: note: in expansion of macro ‘__dev_printf’
  __dev_printf(3, (dev) , format , ## arg)
  ^~~~~~~~~~~~
common/state/backend_storage.c:250:3: note: in expansion of macro ‘dev_err’
   dev_err(storage->dev, "Offset within the device is not aligned to eraseblocks. Offset is %ld, erasesize %zu\n",
   ^~~~~~~

Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>

state: backend: always pass backend type to Linux dtb ...

When the "backend-storage-type" property is unset in the barebox dtb
then barebox will use the default. Instead of leaving the property
unset in the Linux dtb, set it to the value we used as default. By
making the default explicit to Linux we force Linux to the same backend
type, even when the defaults may differ.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

state: backend_storage: Set needs_refresh back to 0 after refreshing ...

Set needs_refresh back to 0 after refreshing so that we do not refresh
it again without need. This would only happen when we read the state
from the storage multiple times, which normally is not the case.
However, it's more consistent like this.

Reported-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

state: Allow to load without authentification ...

Sometimes it's useful to be able to load a state even when it
can't be authentificated. Add an option for this.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

state: backend_storage: rename more variables ...

Use "buckets" rather than "copies" in variable names.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

state: backend_storage: make locally used variable static ...

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

state: backend_storage: rewrite function doc ...

The function documentation for state_storage_file_buckets_init() is not
very accurate. Rewrite it.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

state: backend_storage: Rename variable desired_copies to desired_buckets ...

We defined what a bucket is, so rename the variable that holds the
number of desired buckets from desired_copies to desired_buckets.

While at it, make locally used variable static.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

state: backend_storage: Rename variable nr_copies to n_buckets ...

We defined what a bucket is, so use n_buckets when counting buckets,
and not nr_copies.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

state: backend_circular: rewrite function doc ...

The commment talks about copies where buckets are meant and also
claims we start at offset 0, which may not be true. Rewrite comment.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

state: backend_circular: default to circular storage ...

Default to the new circular storage format which saves erase
cycles. The old format can still be selected with
backend-storage-type = "noncircular".

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

state: backend: Add some documentation ...

Write some sentences to make the concepts clearer.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

state: backend_circular: remove unnecessary warning ...

It's expected that NAND flashes contain bad blocks, do not warn
about them.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

state: backend: Add more fields to struct state_backend_storage ...

To save a few function arguments.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

state: bucket: Make output more informative ...

Print offset and number of the bucket along with the bucket
specific messages to give a hint which bucket a message is for.

Also it's pretty much expected that buckets sometimes have no
data or need cleanup, so instead of complaining loudly, only
write which bucket is used and which buckets are cleaned up.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

state: Drop cache bucket ...

The cache bucket sits between the storage functions and the backend
storage. We only read from the storage once, so there is no need to cache
anything. The real purpose of the cache bucket is to keep the -EUCLEAN
information when a NAND block needs to be rewritten and to keep the read
buffers as long as the backend iterates over all buckets trying to find
the one we want to use.

This can be coded easier and more obvious in the backend code, so drop
the cache bucket.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

state: Convert all bufs to void * ...

A void * is a much better type for a buffer than a u8 * as it
can be casted to any other type implicitly. Convert all buffers
used by the state framework to void *.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

state: replace len_hint logic ...

The len_hint mechanism is rather hard to understand as it's not clear
from where to where the hint is passed and also it's not clear what
happens if the hint is empty or wrong.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

state: simplify direct backend ...

- drop support for regular files. This, if at all, is only useful for
  debugging. For the debugging case still a file of sufficient size
  can be created manually.
- make stridesize mandatory. Makes the code simpler.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

state: drop lazy_init ...

lazy_init is an optimization that makes it possible to read only up to
the first valid bucket when starting. However, when restoring consistency,
immediately afterwards we have we have to initialize all buckets anyway,
so being lazy doesn't give us any gain. Remove it to simplify the code.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

state: storage: initialize variable once outside loop ...

writesize is initialized with the same value in each loop iteration,
Instead, initialize it once outside the loop.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

state: pass struct state * to storage functions ...

We can get a state_backend_storage * and the device * from struct state,
so pass this to the storage functions rather than the two pointers.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>