Previously EBAD (invalid exchange), mapping the error CORRUPT to EILSEQ
(illegal byte sequence) makes more sense as a description of the type of
error.
Right now, many users are trying out many different filesystems.
Unfortunately, this can leave partially written filesystems on disk
in various states.
A very common pattern for using embedded filesystems is to attempt
a mount, and on failure, format the storage with the filesystem.
Unfortunately, this simply doesn't work if you try to change the
filesystem being used on a piece of storage. Filesystems don't always
use the same regions of storage, and can leave enough metadata lying
around from old filesystems to trick a different mount into thinking a
valid filesystem exists on disk. The filesystems we have were never
designed to check for malicious modification and can't protect against
arbitrary changes.
That being said, it's caused enough problems for users, so as a
workaround this patch adds a disk erase to the FAT filesystem format.
The most common error happens when you use LittleFS, followed by FAT,
followed again by LittleFS.
No other combination of filesystem usage has shown a similar failure,
but it is possible after extensive filesystem use, so it is still
suggested to force a format of the storage when changing filesystems.
Paths such as the following were causing issues:
/tea/hottea/.
/tea/hottea/..
Unfortunately the existing structure for path lookup didn't make it very
easy to introduce proper handling in this case without duplicating the
entire skip logic for paths. So the lfs_dir_find function had to be
restructured a bit.
One odd side-effect of this is that now lfs_dir_find includes the
initial fetch operation. This kinda breaks the fetch -> op pattern of
the dir functions, but does come with a nice code size reduction.
As pointed out by davidefer, the lookahead pointer modular arithmetic
does not work around integer overflow when the pointer size is not a
multiple of the block count.
To avoid overflow problems, the easy solution is to stop trying to
work around integer overflows and keep the lookahead offset inside the
block device. To make this work, the ack was modified into a resetable
counter that is decremented every block allocation.
As a plus, quite a bit of the allocation logic ended up simplified.
One of the big simplifications in littlefs's implementation is the
complete lack of tracking free blocks, allowing operations to simply
drop blocks that are no longer in use.
However, this means the lookahead buffer can easily contain outdated
blocks that were previously deleted. This is usually fine, as littlefs
will rescan the storage if it can't find a free block in the lookahead
buffer, but after changes that caused littlefs to more conservatively
respect the alloc acks (e611cf5), any scanned blocks after an ack would
be incorrectly trusted.
The fix is to eagerly scan ahead in the lookahead when we allocate so
that alloc acks are better able to discredit old lookahead blocks. Since
usually alloc acks are tightly coupled to allocations of one or two blocks,
this allows littlefs to properly rescan every set of allocations.
This may still be a concern if there is a long series of worn out
blocks, but in the worst case littlefs will conservatively avoid using
blocks it's not sure about.
Found by davidefer
Like most of the lfs_dir_t functions, lfs_dir_append is responsible for
updating the lfs_dir_t struct if the underlying directory block is
moved. This property makes handling worn out blocks much easier by
removing the amount of state that needs to be considered during a
directory update.
However, extending the dir chain is a bit of a corner case. It's not
changing the old block, but callers of lfs_dir_append do assume the
"entry" will reside in "dir" after lfs_dir_append completes.
This issue only occurs when creating files, since mkdir does not use
the entry after lfs_dir_append. Unfortunately, the tests against
extending the directory chain were all made using mkdir.
Found by schouleu
Enables intrinsics for bit operations such as ctz, popc, and le32
conversion. Can be disabled to help debug toolchain issues. Has
proven to be surprisingly useful.
Much like the logging functions, assertions can be enabled, disabled
and forced with the littlefs.enable_assert config option. Integrates
with the new LFS_ASSERT macro.
Before this patch, when calling lfs_mkdir or lfs_file_open with root
as the target, littlefs wouldn't find the path properly and happily
run into undefined behaviour.
The fix is to populate a directory entry for root in the lfs_dir_find
function. As an added plus, this allowed several special cases around
root to be completely dropped.
Regression after ChanFS update: Due to parameter changes in the f_mkfs
function, the option to use a separate block for MBR (FDISK) was turned
back on. This should be off as it conflicts with an explicit MBR when
using the MBRBlockDevice.
Rather than tracking all in-flight blocks blocks during a lookahead,
littlefs uses an ack scheme to mark the first allocated block that
hasn't reached the disk yet. littlefs assumes all blocks since the
last ack are bad or in-flight, and uses this to know when it's out
of storage.
However, these unacked allocations were still being populated in the
lookahead buffer. If the whole block device fits in the lookahead
buffer, _and_ littlefs managed to scan around the whole storage while
an unacked block was still in-flight, it would assume the block was
free and misallocate it.
The fix is to only fill the lookahead buffer up to the last ack.
The internal free structure was restructured to simplify the runtime
calculation of lookahead size.
Senthil Ramakrishnan
Cruz Monrreal
Martin Kojtal
Christopher Haster
David Saada
Jimmy Brisson
Cruz Monrreal
Deepika
Brendan McDonnell
Amanda Butler