2020-03-09 |
state: backend_storage: deal gracefully with runtime bucket corruption
...
Corrupting an already selected bucket and then reading it again will
crash barebox when it attempts the refresh:
barebox$ state -l
barebox$ mw -d /dev/eeprom0.state 0 0x42
barebox$ state -l
ERROR: state: No meta data header found
state: Using bucket 1@0x00000040
unable to handle NULL pointer dereference at address 0x00000000
pc : [<4fe4f1ea>] lr : [<4fe0bcb1>]
sp : 4ffefd5c ip : 00000000 fp : 2ff68f04
r10: 4ffefdc8 r9 : 4b434d63 r8 : 30155f50
r7 : 00000024 r6 : 2ff68b60 r5 : 2ff68e90 r4 : 00000000
r3 : 00000024 r2 : 00000024 r1 : 30155f50 r0 : 00000000
Flags: Nzcv IRQs off FIQs off Mode SVC_32
WARNING: [<4fe4f1ea>] (memcmp+0x14/0x1a) from [<4fe0bcb1>] (bucket_refresh.isra.0+0x4d/0x78)
WARNING: [<4fe0bcb1>] (bucket_refresh.isra.0+0x4d/0x78) from [<4fe0be1d>] (state_storage_read+0xd1/0x104)
WARNING: [<4fe0be1d>] (state_storage_read+0xd1/0x104) from [<4fe0a5bd>] (state_do_load+0x1d/0x78)
WARNING: [<4fe0a5bd>] (state_do_load+0x1d/0x78) from [<4fe04137>] (execute_command+0x23/0x4c)
The memcmp called here is an optimization to skip I/O if the used bucket
and the one to be refreshed compare equal. Unfortunately, if the now
corrupt bucket was previously the used one, bucket->len will hold the
old value and we'll run into a NULL pointer dereference.
While this is quite inconvenient, it appears it doesn't affect
correctness: after the reset, the corrupt bucket will be refreshed
as expected.
Improve upon this by setting the length to zero when we are NULLing the
buffer. The zero length of the corrupted bucket will then compare unequal
to used_bucket->len in bucket_refresh() and ensure we will always refresh
the buffer if it becomes corrupted without an intermittent reset.
Fixes: 238008b4bd8f ("state: Drop cache bucket")
Cc: Enrico Jörns <ejo@pengutronix.de>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Ahmad Fatoum
authored
on 5 Mar 2020
Sascha Hauer
committed
on 9 Mar 2020
|
2019-02-11 |
common: state: harmonize code with dt-utils
...
Linux userspace with recent glibc versions lets barebox-state suffer from
linux/stat.h redefining 'struct statx' and because of that switched to the
inclusion of sys/stat.h instead, see dt-utils commit 1c80e31872ae ("src: fix
compilation for glibc version 2.27.9000-36.fc29 and newer").
We can follow this switch in barebox without any problems, too, as in barebox
sys/stat.h includes linux/stat.h (and adds some more definitions on top that
don't hurt us here).
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Ulrich Ölmann
authored
on 8 Feb 2019
Sascha Hauer
committed
on 11 Feb 2019
|
common: state: fix formatting of "off_t" variables
...
To harmonize the common codebase this ports the following dt-utils commit:
| commit 89d0332
| Author: Ulrich Ölmann <u.oelmann@pengutronix.de>
| Date: Sun Feb 3 22:48:06 2019 +0100
|
| state: fix formatting of "off_t" variables
|
| Explicitely casting an "off_t" variable to "long long" and formatting it via
| "%lld" or "%llx" respectively makes 32- as well as 64-bit compilers
| happy (tested with gcc-8.2.1 and clang-7.0.1).
|
| Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
| Signed-off-by: Roland Hieber <rhi@pengutronix.de>
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Ulrich Ölmann
authored
on 8 Feb 2019
Sascha Hauer
committed
on 11 Feb 2019
|
2017-09-06 |
state: don't use uninitialized variable
...
Printing 'ret' makes no sense.
Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Juergen Borleis
authored
on 17 Aug 2017
Sascha Hauer
committed
on 6 Sep 2017
|
state: use the given backend storage type name
...
Change 119f92b already tried to fix it, but
forgets the 'direct' usecase.
The 'backend-storage-type' node is optional. Its default depends on the
capability of the used backend memory, which means "circular" or NULL.
The latter defaults to 'direct' in the routines.
If it is NULL, the devicetree fixup routine skips exporting a
'backend-storage-type' node to the kernel's devicetree.
But currently if the 'backend-storage-type' node is explicitly given as
'direct', it will be skipped silently and set to NULL instead. In this
case the user of the 'barebox-state' tool then ends up with the warning:
"No backend-storage-type found, using default"
which is annoying, because it was given.
Storing the given value will still use a NULL if the
'backend-storage-type' node isn't defined, but stores everything else if
it is defined. Then the 'backend-storage-type' node is present in the
kernel's devicetree as well.
Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Juergen Borleis
authored
on 17 Aug 2017
Sascha Hauer
committed
on 6 Sep 2017
|
state: add debugging help
...
While working on the state documentation it turns out to be helpful to have
more debug messages while a developer implements a 'state' variable set
and tries to configure it correctly.
Signed-off-by: Juergen Borleis <jbe@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Juergen Borleis
authored
on 15 Aug 2017
Sascha Hauer
committed
on 6 Sep 2017
|
2017-07-31 |
Merge branch 'for-next/state'
Lucas Stach
committed
on 31 Jul 2017
|
2017-07-20 |
state: backend_storage: remove unreachable error message
...
This looks like a leftover.
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Philipp Zabel
authored
on 18 Jul 2017
Lucas Stach
committed
on 20 Jul 2017
|
2017-07-10 |
state: fix compile warnings for dev_err expansion
...
Fix the following warnings:
CC common/state/backend_format_dtb.o
In file included from include/common.h:33:0,
from common/state/backend_format_dtb.c:18:
common/state/backend_format_dtb.c: In function ‘state_backend_format_dtb_verify’:
include/printk.h:52:52: warning: format ‘%d’ expects argument of type ‘int’, but
argument 4 has type ‘size_t {aka long unsigned int}’ [-Wformat=]
(level) <= LOGLEVEL ? dev_printf((level), (dev), (format), ##args) : 0; \
^
include/printk.h:63:2: note: in expansion of macro ‘__dev_printf’
__dev_printf(3, (dev) , format , ## arg)
^~~~~~~~~~~~
common/state/backend_format_dtb.c:52:3: note: in expansion of macro ‘dev_err’
dev_err(fdtb->dev, "Error, stored DTB length (%d) longer than read buffer (%d)\n",
^~~~~~~
include/printk.h:52:52: warning: format ‘%d’ expects argument of type ‘int’, but
argument 5 has type ‘size_t {aka long unsigned int}’ [-Wformat=]
(level) <= LOGLEVEL ? dev_printf((level), (dev), (format), ##args) : 0; \
^
include/printk.h:63:2: note: in expansion of macro ‘__dev_printf’
__dev_printf(3, (dev) , format , ## arg)
^~~~~~~~~~~~
common/state/backend_format_dtb.c:52:3: note: in expansion of macro ‘dev_err’
dev_err(fdtb->dev, "Error, stored DTB length (%d) longer than read buffer (%d)\n",
^~~~~~~
CC common/state/backend_format_raw.o
In file included from include/common.h:33:0,
from common/state/backend_format_raw.c:18:
common/state/backend_format_raw.c: In function ‘backend_format_raw_verify’:
include/printk.h:52:52: warning: format ‘%d’ expects argument of type ‘int’, but
argument 4 has type ‘ssize_t {aka long int}’ [-Wformat=]
(level) <= LOGLEVEL ? dev_printf((level), (dev), (format), ##args) : 0; \
^
include/printk.h:63:2: note: in expansion of macro ‘__dev_printf’
__dev_printf(3, (dev) , format , ## arg)
^~~~~~~~~~~~
common/state/backend_format_raw.c:111:3: note: in expansion of macro ‘dev_err’
dev_err(backend_raw->dev, "Error, buffer length (%d) is shorter than the minimum required header length\n",
^~~~~~~
CC common/state/backend_storage.o
In file included from common/state/backend_storage.c:24:0:
common/state/backend_storage.c: In function ‘state_storage_mtd_buckets_init’:
include/printk.h:52:52: warning: format ‘%zu’ expects argument of type ‘size_t’,
but argument 5 has type ‘uint32_t {aka unsigned int}’ [-Wformat=]
(level) <= LOGLEVEL ? dev_printf((level), (dev), (format), ##args) : 0; \
^
include/printk.h:63:2: note: in expansion of macro ‘__dev_printf’
__dev_printf(3, (dev) , format , ## arg)
^~~~~~~~~~~~
common/state/backend_storage.c:250:3: note: in expansion of macro ‘dev_err’
dev_err(storage->dev, "Offset within the device is not aligned to eraseblocks. Offset is %ld, erasesize %zu\n",
^~~~~~~
Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Steffen Trumtrar
authored
on 10 Jul 2017
Lucas Stach
committed
on 10 Jul 2017
|
2017-06-23 |
state: backend: always pass backend type to Linux dtb
...
When the "backend-storage-type" property is unset in the barebox dtb
then barebox will use the default. Instead of leaving the property
unset in the Linux dtb, set it to the value we used as default. By
making the default explicit to Linux we force Linux to the same backend
type, even when the defaults may differ.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 23 Jun 2017
|
2017-04-19 |
state: backend_storage: Set needs_refresh back to 0 after refreshing
...
Set needs_refresh back to 0 after refreshing so that we do not refresh
it again without need. This would only happen when we read the state
from the storage multiple times, which normally is not the case.
However, it's more consistent like this.
Reported-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 19 Apr 2017
|
2017-03-31 |
state: Allow to load without authentification
...
Sometimes it's useful to be able to load a state even when it
can't be authentificated. Add an option for this.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 31 Mar 2017
|
state: backend_storage: rename more variables
...
Use "buckets" rather than "copies" in variable names.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 31 Mar 2017
|
state: backend_storage: make locally used variable static
...
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 31 Mar 2017
|
state: backend_storage: rewrite function doc
...
The function documentation for state_storage_file_buckets_init() is not
very accurate. Rewrite it.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 31 Mar 2017
|
state: backend_storage: Rename variable desired_copies to desired_buckets
...
We defined what a bucket is, so rename the variable that holds the
number of desired buckets from desired_copies to desired_buckets.
While at it, make locally used variable static.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 31 Mar 2017
|
state: backend_storage: Rename variable nr_copies to n_buckets
...
We defined what a bucket is, so use n_buckets when counting buckets,
and not nr_copies.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 31 Mar 2017
|
state: backend_circular: rewrite function doc
...
The commment talks about copies where buckets are meant and also
claims we start at offset 0, which may not be true. Rewrite comment.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 31 Mar 2017
|
state: backend_circular: default to circular storage
...
Default to the new circular storage format which saves erase
cycles. The old format can still be selected with
backend-storage-type = "noncircular".
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 31 Mar 2017
|
state: backend: Add some documentation
...
Write some sentences to make the concepts clearer.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 31 Mar 2017
|
state: backend_circular: remove unnecessary warning
...
It's expected that NAND flashes contain bad blocks, do not warn
about them.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 31 Mar 2017
|
state: backend: Add more fields to struct state_backend_storage
...
To save a few function arguments.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 31 Mar 2017
|
state: bucket: Make output more informative
...
Print offset and number of the bucket along with the bucket
specific messages to give a hint which bucket a message is for.
Also it's pretty much expected that buckets sometimes have no
data or need cleanup, so instead of complaining loudly, only
write which bucket is used and which buckets are cleaned up.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 31 Mar 2017
|
state: Drop cache bucket
...
The cache bucket sits between the storage functions and the backend
storage. We only read from the storage once, so there is no need to cache
anything. The real purpose of the cache bucket is to keep the -EUCLEAN
information when a NAND block needs to be rewritten and to keep the read
buffers as long as the backend iterates over all buckets trying to find
the one we want to use.
This can be coded easier and more obvious in the backend code, so drop
the cache bucket.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 31 Mar 2017
|
state: Convert all bufs to void *
...
A void * is a much better type for a buffer than a u8 * as it
can be casted to any other type implicitly. Convert all buffers
used by the state framework to void *.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 31 Mar 2017
|
state: replace len_hint logic
...
The len_hint mechanism is rather hard to understand as it's not clear
from where to where the hint is passed and also it's not clear what
happens if the hint is empty or wrong.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 31 Mar 2017
|
state: simplify direct backend
...
- drop support for regular files. This, if at all, is only useful for
debugging. For the debugging case still a file of sufficient size
can be created manually.
- make stridesize mandatory. Makes the code simpler.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 31 Mar 2017
|
state: drop lazy_init
...
lazy_init is an optimization that makes it possible to read only up to
the first valid bucket when starting. However, when restoring consistency,
immediately afterwards we have we have to initialize all buckets anyway,
so being lazy doesn't give us any gain. Remove it to simplify the code.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 31 Mar 2017
|
state: storage: initialize variable once outside loop
...
writesize is initialized with the same value in each loop iteration,
Instead, initialize it once outside the loop.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 31 Mar 2017
|
state: pass struct state * to storage functions
...
We can get a state_backend_storage * and the device * from struct state,
so pass this to the storage functions rather than the two pointers.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Sascha Hauer
committed
on 31 Mar 2017
|