Static UBI volumes and ubiupdatevol ?
Ricard Wanderlof
ricard.wanderlof at axis.com
Fri Dec 17 04:33:12 EST 2010
On Thu, 16 Dec 2010, Artem Bityutskiy wrote:
> > Using 'static' UBI volumes seems to be the preferred way of creating read
> > only file systems.
>
> No, I think the _original_ idea behind static volumes was storing some
> important r/o blobs there without any FS. So UBI static volumes simplify
> this by making the volume size being = the contents size, even if the
> contents size is not multiple of LEB size, and static volumes also
> protect the data with CRC-32.
That's good news, because that's what exactly what I'd need.
> But UBIFS has its own CRC32 protection, so does not need UBI static
> volume services.
> [...]
> All eraseblocks are protected with CRC-32. Fist time the static volume
> is openend, it is checked. See the 'ubi_check_volume()' function. It is
> also checked after it has been updated.
The thing is, I'd like to be able to checksum, or otherwise verify, a
couple of read-only partitions on the flash _before_ attempting to boot
Linux. No point in trying to boot Linux if the kernel or the root file
system is not intact. So although it is nice that UBI verifies static
volumes during attach, and UBIFS during mount, it is really too late as I
need to do this in the boot loader.
Of course, extending the bootloader to be able to verify UBI volumes is
probably doable. I could then use cramfs, squashfs or similar for the root
file system, with gluebi, and use the static volume UBI CRC32 for
verification by the bootloader. Makeing the boot loader understand UBIFS I
think would be too much work.
>> With a system based on mtd+jffs2 it is actually possible to reflash the
>> partition with the [read only] root file system on it without unmounting,
>> as long as no accesses are made to the physical flash during the rewrite
>> or afterwards. In other words, immediately after reflashing the system
>> must be rebooted.
> The same with UBIFS - we never write when we are mounted R/O. There are
> many ubifs_assert()s to check this as well.
... but UBI might still do writes during the course of scrubbing I guess,
unless ...
> [ ... ] you need to make sure all the backgound stuff like moving and
> eraseing eraseblocs is done before doing this by doing fsync() on your
> /dev/ubiX_Y device (UBI volume character device), see the
> 'vol_cdev_fsync()' function. Ah, and of course you need to sync UBIFS
> before this.
That would be no problem, it is basically the same stuff we need to do
with JFFS2 before reflashing.
> > so it is possible to use a
> > simple checksum to verify data integrity.
>
> You can do this with UBIFS I think, did not try though.
What I meant was 'a simple checksum on the raw mtd partition', which can't
work with UBIFS as the UBI erase counters etc can change over time as a
result of scrubbing.
I guess I could read from the /dev/ubix_y device to just get the raw UBIFS
data which shouldn't change even in the event of scrubbing? Or should I
use gluebi to get both a raw mtd partition corresponding to the raw UBIFS
data, as well as using UBIFS (on /dev/ubix_y) for the file system?
> The difference between JFFS2 and UBIFS is that JFFS2 cannot distinguish
> between nodes corrupted because of power cuts, and nodes corrupted
> because something bad happened to the flash. UBIFS does better job here
> - it recovers only from errors which could possibly be caused by power
> cuts, and it switches to R/O mode for other errors.
> [...]
> Just call sync(), then fsync on the UBI volume, and you won't have
> background processes if there is not I/O.
>
> Be beware, even reading from UBIFS can cause scrubbing in UBI.
That's very good. My basic problem though is still that I need to verify
the integrity before booting, although it is very nice that the file
system can detect errors during mount. With JFFS2 there's always a
nagging idea that errors will go undetected and we won't notice until a
file is missing or contains zeros.
I often get complaints from other developers in our company saying "can't
we suppress these 'jffs2 crc error' messages if they don't actually
indicate a failure. My answer is always a) We don't know if they indicate
a failure or not and b) Since mostly they are harmless, come back when you
have found that a file has disappeared from the file system or other file
problem. So far no one has come back with any complaints referring to b).
/Ricard
--
Ricard Wolf Wanderlöf ricardw(at)axis.com
Axis Communications AB, Lund, Sweden www.axis.com
Phone +46 46 272 2016 Fax +46 46 13 61 30
More information about the linux-mtd
mailing list