背景
我正在维护一个产品,它有一个 Analog Devices ADSP-BF547 Blackfin 微处理器,它运行 ADI 的 2011R1-RC3 uCLinux 发行版,它使用 Busybox。处理器安装一个 SD 卡,它会定期向其中写入一些加密的 TAR 文件报告。注意,uCLinux 适用于没有 MMU 的处理器。
以下是有关 uImage 分区和挂载内容的一些详细信息:
root:root:~> cat /proc/mtd
dev: size erasesize name
mtd0: 00100000 00020000 "uboot"
mtd1: 00800000 00020000 "uImage0"
mtd2: 00800000 00020000 "uImage1"~> cat /proc/mtd
dev: size erasesize name
mtd0: 00100000 00020000 "uboot"
mtd1: 00800000 00020000 "uImage0"
mtd2: 00800000 00020000 "uImage1"
NAND device: Manufacturer ID: 0x2c, Chip ID: 0xda (Micron MT29F2G08ABAEAH4)
Creating 7 MTD partitions on "MT29F2G08ABAEAH4":
0x000000000000-0x000000100000 : "uboot"
0x000000100000-0x000000900000 : "uImage0"
0x000000900000-0x000001100000 : "uImage1"
0x000001100000-0x000003000000 : "firmware"
0x000003000000-0x000003400000 : "factory_conf"
0x000003400000-0x000003800000 : "var_conf"
0x000003800000-0x000010000000 : "nand_temp"
yaffs: dev is 32505859 name is "mtdblock3" ro
yaffs: passed flags ""
yaffs: dev is 32505860 name is "mtdblock4" ro
yaffs: passed flags ""
yaffs: dev is 32505861 name is "mtdblock5" rw
yaffs: passed flags ""
yaffs: dev is 32505862 name is "mtdblock6" rw
yaffs: passed flags ""
root:~> mount
rootfs on / type rootfs (rw)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
mdev on /dev type tmpfs (rw,nosuid,relatime,mode=0755,size=10M)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,mode=600)
var on /var type ramfs (rw,relatime)
tmp on /tmp type tmpfs (rw,nosuid,nodev,relatime)
/dev/mtdblock3 on /mnt/firmware type yaffs2 (ro,noatime)
/dev/mtdblock4 on /mnt/factory_conf type yaffs2 (ro,noatime)
/dev/mtdblock5 on /mnt/var_conf type yaffs2 (rw,noatime)
/dev/mtdblock6 on /mnt/nand_temp type yaffs2 (rw,noatime)
/dev/mmcblk0p1 on /mnt/sd type vfat (rw,relatime,fmask=0022,dmask=0022,codepage=cp437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
问题
我从外地取回了一些无法启动的设备。U-Boot 报告没有有效的 uImage。我在 uImage 应该在的位置开始时从 U-Boot 读取内存,发现它已大部分被擦除。写入的内容似乎与写入 SD 卡的内容相同。但是,该区域与 FAT 文件系统不同。
我基于以下假设:
- 转储的 ASCII 中存在的文件名与我们在 SD 卡上使用的相同约定
- 字符串“reports”在转储中,也就是我们在 SD 卡上写入的目录
- 报告包含的唯一 ASCII 信息是字符串 REPORTDATA
这是显示这些功能的转储的开头:
00000000: 03 00 00 00 01 00 00 00 ff ff 72 65 70 6f 72 74 ..........report
00000010: 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 s...............
00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
*
000000e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000000f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000100: 00 00 00 00 00 00 00 00 00 00 ff ff ed 41 00 00 .............A..
00000110: 00 00 00 00 00 00 00 00 06 cb b9 5e 06 cb b9 5e ...........^...^
00000120: 06 cb b9 5e ff ff ff ff ff ff ff ff ff ff ff ff ...^............
00000130: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
00000140: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
*
000001a0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
000001b0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
000001c0: ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 ................
000001d0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
000001e0: ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ................
000001f0: ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 ................
00000200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
00000210: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
*
000007e0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
000007f0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
00000800: 03 00 00 00 00 00 00 00 ff ff 00 00 00 00 00 00 ................
00000810: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000820: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
*
000008e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000008f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000900: 00 00 00 00 00 00 00 00 00 00 ff ff ed 41 00 00 .............A..
00000910: 00 00 00 00 00 00 00 00 02 cb b9 5e 06 cb b9 5e ...........^...^
00000920: 06 cb b9 5e ff ff ff ff ff ff ff ff ff ff ff ff ...^............
00000930: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
00000940: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
*
000009a0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
000009b0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
000009c0: ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 ................
000009d0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
000009e0: ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ................
000009f0: ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 ................
00000a00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
00000a10: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
*
00000fe0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
00000ff0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
00001000: 01 00 00 00 01 01 00 00 ff ff 30 39 39 39 39 5f ..........09999_
00001010: 41 42 43 44 30 30 31 36 30 5f 30 34 33 39 36 32 ABCD00160_043962
00001020: 5f 31 33 32 31 2e 74 61 72 00 00 00 00 00 00 00 _1321.tar.......
00001030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00001040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
*
000010e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000010f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00001100: 00 00 00 00 00 00 00 00 00 00 ff ff 80 81 00 00 ................
00001110: 00 00 00 00 00 00 00 00 08 cb b9 5e 08 cb b9 5e ...........^...^
00001120: 08 cb b9 5e 00 00 00 00 ff ff ff ff ff ff ff ff ...^............
00001130: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
00001140: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
*
000011a0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
000011b0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
000011c0: ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 ................
000011d0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
000011e0: ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ................
000011f0: 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 ................
00001200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
00001210: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
*
000017e0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
000017f0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
00001800: 52 45 50 4f 52 54 44 41 54 41 01 f8 7b 00 00 34 REPORTDATA..{..4
00001810: 00 46 b0 9e 27 97 7d 88 33 da 21 93 2b c8 51 c2 .F..'.}.3.!.+.Q.
00001820: 7e 00 02 80 fb 30 bc 14 9a 86 73 c5 c8 f7 37 5f ~....0....s...7_
00001830: 79 28 45 c5 53 03 c8 73 91 b9 fe 21 1d f7 41 ac y(E.S..s...!..A.
00001840: 8c 85 7d f0 d6 c8 c2 9f 07 2d 65 81 d4 2e a5 a0 ..}......-e.....
当我们构建这些报告时,我们使用 RAM ( /tmp/) 中的临时文件。在将报告复制到 SD 卡并为其命名之前,我们检查 SD 卡是否已安装。最后,我们使用mv命令的系统调用来移动文件。
在我们检查它是否存在并且我试图弹出它之后,我试图立即卸载它。我也尝试在运行mv命令之前立即执行相同的操作。在任何一种情况下,都会打印一条有意义的错误消息,例如:
mv: can't rename '/tmp/reportZe1MAL': No such file or directory
ERROR: Failed to move /tmp/reportZe1MAL to /mnt/sd/reports/09999_ABCD00160_044082_1007.tar: exit status was 256
问题
- 损坏区域中的文件系统是否类似于任何东西,例如 tempfs?
- 对 的写入
/mnt/sd,即mmcblk0p1,怎么会最终出现在mtdblock1甚至没有安装的 NAND 中?
我还没有尝试创建内存外场景。但它在我要尝试的事情清单上。
编辑,这是一个线索
我能够查看写入 NAND 的加密 tar 文件中的一些日志数据。从这个日志数据中,我可以看出设备认为 SD 卡已安装,但在/mnt/sd/reports生成 tar 文件之前该目录不存在。我在多个单位中始终看到这一点。