Several devices have fixes or workarounds in vendor kernels for data corruptions in the eMMC. This can lead to non-working devices as it could potentially corrupt the bootloaders for instance.
The bug #2104 has more details for the Galaxy SIII.
Affected devices: Some Galaxy SIII (GT-I9300)
Vendor kernel patch: mmc: Soft-patch MoviNAND VTU00M (16GB) eMMC failure
Upstream status: not upstream
Replicant >=9 status: In Replicant 11 only
How to check¶
As this patch shows:
+ if (!strncmp(host->card->cid.prod_name, "VTU00M", 6) && + (host->card->cid.prod_rev == 0xf1) && + (mmc_start_movi_smart(host->card) == 0x2)) + host->card->movi_ops = 0x2;
- The name of the eMMC is VTU00M
- Only certain revisions are affected (revision 0xf1)
With Replicant > 6 we can find the eMMC name like that:
$ adb root $ adb shell i9300:/ # cat /sys/bus/mmc/devices/mmc2:0001/name VTU00M
As for the prod_rev, we have this code in the Replicant 6 kernel:
case 4: /* MMC v4 */ [...] card->cid.prod_rev = UNSTUFF_BITS(resp, 48, 8); [...] break;
So it's a MMC v4 and uses
UNSTUFF_BITS(resp, 48, 8);
In upstream Linux we have that instead:
case 4: /* MMC v4 */ [...] card->cid.prv = UNSTUFF_BITS(resp, 48, 8); [...]
So we should be able to get the revision in this way:
$ adb root $ adb shell i9300:/ # cat /sys/bus/mmc/devices/mmc2:0001/prv 0xf7
Here I've the 0xf7 revision and not the problematic 0xf1 revision, so I should probably be ok.
Here this has been tested with a GT-I9300 with a work in progress Replicant 10 image that uses a kernel closely based on upstream Linux.
Vendor kernel workaround analysis¶
The mmc: Soft-patch MoviNAND VTU00M (16GB) eMMC failure patch patches the eMMC firmware at runtime (it patches the firmware in RAM).
The eMMC firmware patch makes the eMMC hang when a corruption is about to happen.
- The eMMC hacking, or: how I fixed long-dead Galaxy S3 phones presentation that has a lot more background on the issue for the Galaxy SIII (GT-I9300).
- The i9300_emmc_toolbox source code related to this talk. Note that while most of it is free software it also contains nonfree code in the sdcard directory.
- The EMMC Bugs page on the archive of the CyanogenMod wiki.
- The XDA developpers eMMC sudden death research thread
- Document this also for other devices, like the Galaxy SII.
- There was a wiki page in LineageOS or CyanogenMod that referenced eMMC firmware bugs. find it and reference it