UBIFS Corrupt during power failure
Jamie Lokier
jamie at shareable.org
Wed Jul 15 18:09:42 EDT 2009
Eric Holmberg wrote:
> > So I guess the right thing is to assume nothing, just that the whole
> > block may have bits flipped from 1 to 0 in an indeterminate order, and
> > then all bits flipped from 0 to 1 in an indeterminate order.
> >
> > Or maybe the weaker assumption, that the whole block is indeterminate
> > during erase.
>
> >From the beginning of the erase to the end is definitely an
> indeterminate state for the entire PEB. Writing all zero's to the
> header as in Artem's fix should work in all cases excluding the
> extremely rare cases where a write of 0's is interrupted and the header
> has been changed to a valid value and in the case where an erase
> (0-to-1) transition is interrupted which results in a valid header. The
> odds against that are huge, so I would expect the flash to wear out
> before it ever happens in real life.
I agree, with a nice strong checksum that should be rare. With 100
millions of devices and full lifetime of each device, I don't know if
they are so rare with the checksum actually used that they'll never
happen though, or if it matters.
Anyway, the checksums have to be strong for other reasons.
It could be made virtually impossible by writing to a record on a
different PEB which says which PEB is undergoing erase and therefore
indeterminate. Is that required for NAND in principle, since you
can't overwrite the header to zero it?
If there are NANDs which would require that, it could be a generic
part of UBI/UBIFS and strengthen the behaviour on NOR slightly,
otherwise I'm sure the header-zeroing is enough for NOR.
-- Jamie
More information about the linux-mtd
mailing list