EMMCFirmwareBugs » History » Version 6
Denis 'GNUtoo' Carikli, 11/22/2020 05:06 PM
Add revision
| 1 | 1 | Denis 'GNUtoo' Carikli | h1. EMMCFirmwareBugs |
|---|---|---|---|
| 2 | |||
| 3 | 4 | Denis 'GNUtoo' Carikli | {{toc}} |
| 4 | |||
| 5 | 1 | Denis 'GNUtoo' Carikli | h2. Data corruption |
| 6 | |||
| 7 | Several devices have fixes or workarounds in vendor kernels for data corruptions in the eMMC. This can lead to non-working devices as it could potentially corrupt the bootloaders for instance. |
||
| 8 | |||
| 9 | The bug #2104 has more details for the Galaxy SIII. |
||
| 10 | |||
| 11 | h3. Affected devices |
||
| 12 | |||
| 13 | 3 | Denis 'GNUtoo' Carikli | h4. VTU00M |
| 14 | |||
| 15 | *Affected devices*: Some Galaxy SIII (GT-I9300) |
||
| 16 | *Vendor kernel patch*: "mmc: Soft-patch MoviNAND VTU00M (16GB) eMMC failure":https://git.replicant.us/replicant/kernel_samsung_smdk4412/commit/?id=da8461692362317a8ffce4d4646953985fcf4e1d |
||
| 17 | *Upstream status*: not upstream |
||
| 18 | *Replicant >=9 status*: not yet ported |
||
| 19 | |||
| 20 | h5. How to check |
||
| 21 | |||
| 22 | As this patch shows: |
||
| 23 | <pre> |
||
| 24 | + if (!strncmp(host->card->cid.prod_name, "VTU00M", 6) && |
||
| 25 | + (host->card->cid.prod_rev == 0xf1) && |
||
| 26 | + (mmc_start_movi_smart(host->card) == 0x2)) |
||
| 27 | + host->card->movi_ops = 0x2; |
||
| 28 | </pre> |
||
| 29 | |||
| 30 | * The name of the eMMC is VTU00M |
||
| 31 | * Only certain revisions are affected (revision 0xf1) |
||
| 32 | * The revision is probably in the prv field |
||
| 33 | |||
| 34 | 5 | Denis 'GNUtoo' Carikli | With Replicant > 6 we can find the eMMC name like that: |
| 35 | <pre> |
||
| 36 | $ adb root |
||
| 37 | $ adb shell |
||
| 38 | i9300:/ # cat /sys/bus/mmc/devices/mmc2:0001/name |
||
| 39 | VTU00M |
||
| 40 | </pre> |
||
| 41 | |||
| 42 | 6 | Denis 'GNUtoo' Carikli | As for the prod_rev, we have "this code":https://git.replicant.us/replicant/kernel_samsung_smdk4412/tree/drivers/mmc/core/mmc.c?id=da8461692362317a8ffce4d4646953985fcf4e1d#n101 in the Replicant 6 kernel: |
| 43 | <pre> |
||
| 44 | case 4: /* MMC v4 */ |
||
| 45 | [...] |
||
| 46 | card->cid.prod_rev = UNSTUFF_BITS(resp, 48, 8); |
||
| 47 | [...] |
||
| 48 | break; |
||
| 49 | </pre> |
||
| 50 | |||
| 51 | So it's a MMC v4 and uses @UNSTUFF_BITS(resp, 48, 8);@ |
||
| 52 | |||
| 53 | In upstream Linux we have that instead: |
||
| 54 | <pre> |
||
| 55 | case 4: /* MMC v4 */ |
||
| 56 | [...] |
||
| 57 | card->cid.prv = UNSTUFF_BITS(resp, 48, 8); |
||
| 58 | [...] |
||
| 59 | </pre> |
||
| 60 | |||
| 61 | So we should be able to get the revision in this way: |
||
| 62 | <pre> |
||
| 63 | $ adb root |
||
| 64 | $ adb shell |
||
| 65 | i9300:/ # cat /sys/bus/mmc/devices/mmc2:0001/prv |
||
| 66 | 0xf7 |
||
| 67 | </pre> |
||
| 68 | |||
| 69 | Here I've the 0xf7 revision and not the problematic 0xf1 revision, so I should probably be ok. |
||
| 70 | |||
| 71 | 5 | Denis 'GNUtoo' Carikli | Here this has been tested with a GT-I9300 with a work in progress Replicant 10 image that uses a kernel closely based on upstream Linux. |
| 72 | |||
| 73 | 3 | Denis 'GNUtoo' Carikli | h5. Vendor kernel workaround analysis |
| 74 | |||
| 75 | The "mmc: Soft-patch MoviNAND VTU00M (16GB) eMMC failure":https://git.replicant.us/replicant/kernel_samsung_smdk4412/commit/?id=da8461692362317a8ffce4d4646953985fcf4e1d patch patches the eMMC firmware at runtime (it patches the firmware in RAM). |
||
| 76 | |||
| 77 | The eMMC firmware patch makes the eMMC hang when a corruption is about to happen. |