[PATCH v6 14/18] pstore/zone: Provide way to skip "broken" zone for MTD devices

From: Kees Cook
Date: Sat May 09 2020 - 19:41:34 EST


From: WeiXiong Liao <liaoweixiong@xxxxxxxxxxxxxxxxx>

One requirement to support MTD devices in pstore/zone is having a
way to declare certain regions as broken. Add this support to
pstore/zone.

The MTD driver should return -ENOMSG when encountering a bad region,
which tells pstore/zone to skip and try the next one.

Signed-off-by: WeiXiong Liao <liaoweixiong@xxxxxxxxxxxxxxxxx>
Link: https://lore.kernel.org/r/1585126506-18635-9-git-send-email-liaoweixiong@xxxxxxxxxxxxxxxxx
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
---
fs/pstore/blk.c | 10 ++++--
fs/pstore/zone.c | 65 ++++++++++++++++++++++++++++++-------
include/linux/pstore_blk.h | 3 +-
include/linux/pstore_zone.h | 12 ++++---
4 files changed, 71 insertions(+), 19 deletions(-)

diff --git a/fs/pstore/blk.c b/fs/pstore/blk.c
index 04930b971c22..884b51e5879f 100644
--- a/fs/pstore/blk.c
+++ b/fs/pstore/blk.c
@@ -108,9 +108,12 @@ static struct bdev_info {
* means error.
* @write: The same as @read, but the following error number:
* -EBUSY means try to write again later.
+ * -ENOMSG means to try next zone.
* @panic_write:The write operation only used for panic case. It's optional
- * if you do not care panic log. The parameters and return value
- * are the same as @read.
+ * if you do not care panic log. The parameters are relative
+ * value to storage.
+ * On success, the number of bytes should be returned, others
+ * excluding -ENOMSG mean error. -ENOMSG means to try next zone.
*/
struct psblk_device {
unsigned long total_size;
@@ -324,6 +327,9 @@ static ssize_t psblk_blk_panic_write(const char *buf, size_t size,
/* size and off must align to SECTOR_SIZE for block device */
ret = blkdev_panic_write(buf, off >> SECTOR_SHIFT,
size >> SECTOR_SHIFT);
+ /* try next zone */
+ if (ret == -ENOMSG)
+ return ret;
return ret ? -EIO : size;
}

diff --git a/fs/pstore/zone.c b/fs/pstore/zone.c
index 45c0a422f1de..17c9a0439d6e 100644
--- a/fs/pstore/zone.c
+++ b/fs/pstore/zone.c
@@ -249,6 +249,9 @@ static int psz_zone_write(struct pstore_zone *zone,

return 0;
dirty:
+ /* no need to mark dirty if going to try next zone */
+ if (wcnt == -ENOMSG)
+ return -ENOMSG;
atomic_set(&zone->dirty, true);
/* flush dirty zones nicely */
if (wcnt == -EBUSY && !is_on_panic())
@@ -391,7 +394,11 @@ static int psz_kmsg_recover_meta(struct psz_context *cxt)
return -EINVAL;

rcnt = info->read((char *)buf, len, zone->off);
- if (rcnt != len) {
+ if (rcnt == -ENOMSG) {
+ pr_debug("%s with id %lu may be broken, skip\n",
+ zone->name, i);
+ continue;
+ } else if (rcnt != len) {
pr_err("read %s with id %lu failed\n", zone->name, i);
return (int)rcnt < 0 ? (int)rcnt : -EIO;
}
@@ -726,24 +733,58 @@ static void psz_write_kmsg_hdr(struct pstore_zone *zone,
hdr->counter = 0;
}

+/*
+ * In case zone is broken, which may occur to MTD device, we try each zones,
+ * start at cxt->kmsg_write_cnt.
+ */
static inline int notrace psz_kmsg_write_record(struct psz_context *cxt,
struct pstore_record *record)
{
+ int ret = -EBUSY;
size_t size, hlen;
struct pstore_zone *zone;
- unsigned int zonenum;
+ unsigned int i;

- zonenum = cxt->kmsg_write_cnt;
- zone = cxt->opszs[zonenum];
- if (unlikely(!zone))
- return -ENOSPC;
- cxt->kmsg_write_cnt = (zonenum + 1) % cxt->kmsg_max_cnt;
+ for (i = 0; i < cxt->kmsg_max_cnt; i++) {
+ unsigned int zonenum, len;
+
+ zonenum = (cxt->kmsg_write_cnt + i) % cxt->kmsg_max_cnt;
+ zone = cxt->opszs[zonenum];
+ if (unlikely(!zone))
+ return -ENOSPC;
+
+ /* avoid destroying old data, allocate a new one */
+ len = zone->buffer_size + sizeof(*zone->buffer);
+ zone->oldbuf = zone->buffer;
+ zone->buffer = kzalloc(len, GFP_KERNEL);
+ if (!zone->buffer) {
+ zone->buffer = zone->oldbuf;
+ return -ENOMEM;
+ }
+ zone->buffer->sig = zone->oldbuf->sig;
+
+ pr_debug("write %s to zone id %d\n", zone->name, zonenum);
+ psz_write_kmsg_hdr(zone, record);
+ hlen = sizeof(struct psz_kmsg_header);
+ size = min_t(size_t, record->size, zone->buffer_size - hlen);
+ ret = psz_zone_write(zone, FLUSH_ALL, record->buf, size, hlen);
+ if (likely(!ret || ret != -ENOMSG)) {
+ cxt->kmsg_write_cnt = zonenum + 1;
+ cxt->kmsg_write_cnt %= cxt->kmsg_max_cnt;
+ /* no need to try next zone, free last zone buffer */
+ kfree(zone->oldbuf);
+ zone->oldbuf = NULL;
+ return ret;
+ }

- pr_debug("write %s to zone id %d\n", zone->name, zonenum);
- psz_write_kmsg_hdr(zone, record);
- hlen = sizeof(struct psz_kmsg_header);
- size = min_t(size_t, record->size, zone->buffer_size - hlen);
- return psz_zone_write(zone, FLUSH_ALL, record->buf, size, hlen);
+ pr_debug("zone %u may be broken, try next dmesg zone\n",
+ zonenum);
+ kfree(zone->buffer);
+ zone->buffer = zone->oldbuf;
+ zone->oldbuf = NULL;
+ }
+
+ return -EBUSY;
}

static int notrace psz_kmsg_write(struct psz_context *cxt,
diff --git a/include/linux/pstore_blk.h b/include/linux/pstore_blk.h
index 70963e811646..121b70e314a8 100644
--- a/include/linux/pstore_blk.h
+++ b/include/linux/pstore_blk.h
@@ -14,7 +14,8 @@
* @start_sect: start sector to block device
* @sects: sectors count on buf
*
- * Return: On success, zero should be returned. Others mean error.
+ * Return: On success, zero should be returned. Others excluding -ENOMSG
+ * mean error. -ENOMSG means to try next zone.
*
* Panic write to block device must be aligned to SECTOR_SIZE.
*/
diff --git a/include/linux/pstore_zone.h b/include/linux/pstore_zone.h
index 94f441b8b616..ddb3dfea4ea6 100644
--- a/include/linux/pstore_zone.h
+++ b/include/linux/pstore_zone.h
@@ -23,11 +23,15 @@ typedef ssize_t (*psz_write_op)(const char *, size_t, loff_t);
* @read: The general read operation. Both of the function parameters
* @size and @offset are relative value to storage.
* On success, the number of bytes should be returned, others
- * means error.
- * @write: The same as @read, but -EBUSY means try to write again later.
+ * mean error.
+ * @write: The same as @read, but the following error number:
+ * -EBUSY means try to write again later.
+ * -ENOMSG means to try next zone.
* @panic_write:The write operation only used for panic case. It's optional
- * if you do not care panic log. The parameters and return value
- * are the same as @read.
+ * if you do not care panic log. The parameters are relative
+ * value to storage.
+ * On success, the number of bytes should be returned, others
+ * excluding -ENOMSG mean error. -ENOMSG means to try next zone.
*/
struct pstore_zone_info {
struct module *owner;
--
2.20.1