EMMC Bugs
Note:
End users: if your device seems to have an affected emmc but is not on the device list below, DON'T PANIC. Calmly point your friendly device maintainer to this page. Your device may be fine, the fix may already be in place (or may be unnecessary). In this case, the wiki just needs to be updated.
Contents
What this page is about
Recently, some devices have reported data integrity issues, which have been traced to errors in the emmc firmware for those devices. For most of these problems, the problem (aka "errata") has been already confirmed by the manufacturer, and a fix was issued. Often these fixes are changes to the kernel or upgrades to the emmc firmware (or both).
Due to the default use of advanced features such as TRIM in CM 10.2, some of these problems are becoming more apparent.
This page is intended for developers to take a look and make sure you're up to date if any version of your devices use one of the following emmc chips. Note that some manufacturers may have used more than one emmc vendor. Therefore, individual units may have different emmc chips from one another.
eMMC parts known to be buggy
| EMMC Model ("name") | manfid | fwrev | fw date | hwrev | Impact | Details |
|---|---|---|---|---|---|---|
| KYL00M | 0x15 (Samsung) | < 0x25 | any | all? | device brick | #Samsung eMMC secure erase bug |
| KYL00M | 0x15 (Samsung) | 0x25 | any | all? | data corruption | #Samsung eMMC wear leveling data corruption bug |
| M8G2FA | 0x15 (Samsung) | all? | any | all? | device brick | #Samsung eMMC secure erase bug |
| M8G2FA | 0x15 (Samsung) | 0x11 | any | all? | unknown (at least data corruption) | #M8G2FA "P17 corruption" bug |
| MAG2GA | 0x15 (Samsung) | all? | any | all? | device brick | #MAG2GA TRIM bug |
| MAG4FA | 0x15 (Samsung) | < 0x25 | any | all? | device brick | #Samsung eMMC secure erase bug |
| MAG4FA | 0x15 (Samsung) | 0x25 | any | all? | data corruption | #Samsung eMMC wear leveling data corruption bug |
| MBG8FA | 0x15 (Samsung) | all? | any | all? | device brick | #Samsung eMMC secure erase bug |
| MCGAFA | 0x15 (Samsung) | all? | any | all? | device brick | #Samsung eMMC secure erase bug |
| VAL00M | 0x15 (Samsung) | all? | any | all? | device brick | #Samsung eMMC secure erase bug |
| VTU001 | 0x15 (Samsung) | 0xf1 | any | all? | device brick | #VTU00M random bricking bug |
| VYL00M | 0x15 (Samsung) | < 0x25 | any | all? | device brick | #Samsung eMMC secure erase bug |
| VYL00M | 0x15 (Samsung) | 0x25 | any | all? | data corruption | #Samsung eMMC wear leveling data corruption bug |
| VZL00M | 0x15 (Samsung) | all? | any | all? | device brick | #Samsung eMMC secure erase bug |
Affected devices
Note:
Maintainers, please check your devices, and update the status in the table below.
| Name | Codename | MMC | Affected by | When fixed? | Notes |
|---|---|---|---|---|---|
| Kindle Fire 1st Gen | otter | M8G2FA | Samsung eMMC secure erase bug | June 1, 2012 | Kindle Fires affected by CWM builds using an early 3.0 kernel back in May 2012 can now follow the directions in this XDA thread to repair their emmc to full working order: http://forum.xda-developers.com/showthread.php?t=2413453. No known kernels for the Kindle Fire are still in use with the original bug. |
| Kindle Fire 1st Gen | otter | MMC08G | no known bugs | n/a | |
| Nexus 7 (2012) | grouper | MAG2GA | MAG2GA TRIM bug | Hopefully fixed in stock AOSP 4.3. | All versions of AOSP 4.3/CM 10.2 should be okay. |
| Nook Color | encore | SEM08G | no known bugs | n/a | The majority of Nook Colors have this eMMC part and should be unaffected. |
| Nook Color | encore | M8G2FA | Samsung eMMC secure erase bug, M8G2FA "P17 corruption" bug | August 20, 2013 | Nook Colors with this eMMC part are believed to be somewhat rare. Do not use CWM 6.x recoveries on these devices! (A fixed CWM 6.x recovery is on the way -- this will be updated when that's released.) CM10/10.1 builds prior to August 20 should be safe for day-to-day usage, but do not run fstrim (e.g. "Lagfix") without upgrading! |
| Nook HD+ | ovation | MAG2GA | MAG2GA TRIM bug | August 17, 2013 | Do not use CM10.2 builds prior to August 17, 2013 on these devices! |
Device Workarounds
Barnes & Noble HD+
It is possible to avoid using the eMMC entirely on devices with an SD card port. The HD+ has a CM10.1-no-emmc version available.
How do I check my device's eMMC details?
From an adb shell:
$ su # cd /sys/class/block/mmcblk0/device # cat name MAG2GA # cat manfid 0x000015 # cut -b 19,20 cid 05 // this is the firmware revision in hex # cat date 05/2012
etc
Discussion of specific bugs
Samsung eMMC secure erase bug
Also known as: "superbrick" bug
Status: fix available since June 2012
Fix type: kernel workaround disabling buggy functionality
Patch: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3550ccd
The patch above is Samsung's official fix for the patch. Prior fixes used by CyanogenMod include:
Setting BOARD_SUPPRESS_EMMC_WIPE for affected devices to disable erase commands issued by recovery and update-binary
Removing the MMC_CAP_ERASE flag from kernels for affected devices to disable all erase commands, secure and non-secure
This bug results in damage to wear leveller internal data structures when a secure erase command is issued to the chip when the wear leveller is in a particular state. The issue manifests itself as the chip locking up whenever an attempt is made to access regions that were near whatever region was erased. This is why some users had hardbricks (damage hit the bootloader) but others only found /data inaccessible. Once damage occurs, the only way to repair a device is a motherboard replacement. Not even JTAG can fix these devices -- hence the term "Superbrick".
It is confirmed to be present in the following parts:
- VYL00M, KYL00M, MAG4FA fwrev 0x19
- M8G2FA fwrev 0x11
Other chips listed in the patch have some confirmed fwrevs, but other fwrevs may be safe. It should be assumed that unless otherwise known (VYL00M/KYL00M/MAG4FA fwrev 0x25 for example) that all fwrevs of these models should be assumed to be affected.
Devices known and confirmed to contain affected chips:
- GT-N7000 (International Galaxy Note)
- GT-I9100 (Galaxy S II)
- SGH-I777 (AT&T Galaxy S II)
- SGH-I727 (Samsung Skyrocket)
- SGH-T989 (T-Mobile Galaxy S II - Hercules)
- Most other Samsung tablets and handsets released in 2011
- Amazon Kindle Fire first generation (Approximately 50% of units - the rest have unaffected Toshiba eMMC)
- Acer A500
Samsung eMMC wear leveling data corruption bug
Status: fix available since March 2012
Fix type: eMMC firmware patch applied by kernel on chip power-on
Patch: https://android.googlesource.com/kernel/omap/+/3c57a612f12b069bbc863ec0c74a26850d76a9e8%5E!/
This bug affects Samsung eMMC parts VYL00M, KYL00M and MAG4FA with firmware revision 0x25 (the firmware revision which fixes the secure erase bug); devices with these parts include the Galaxy Nexus and the AT&T Galaxy Note (SGH-I717) (note that the International Note (GT-N7000) contains an earlier fwrev vulnerable to "Superbrick").
In some cases, the wear leveling code on these parts will randomly insert 32 KB (one flash page?) of zeros into the storage, causing data corruption. Samsung has provided a kernel patch to Google which applies a firmware hotfix every time the chip is booted, fixing the problem.
This problem also occurs in fwrev 0x19, but has not been observed there, and is in any event far less severe than the infamous "Superbrick" secure erase bug, as the user only needs to perform a wipe data/factory reset operation to recover.
VTU00M random bricking bug
Also known as: "sudden death syndrome", "SDS"
Status: fix available since January 2013
Fix type: eMMC firmware patch applied by kernel on chip power-on
Devices confirmed affected: International Samsung Galaxy S3 (GT-I9300)
International Samsung Galaxy Note II (GT-N7000)
USA Galaxy S3 units are NOT known to be affected
MAG2GA TRIM bug
Status: possible fix available? (unverified)
Fix type: kernel workaround avoiding buggy functionality
Some Nook HD+s have been reportedly bricking due to a corruption bug in Samsung's EMMC firmware (model MAG2GA) related to TRIM.
The 2012 Nexus 7 has the same EMMC model as the Nook HD+s (as does the Epic 4G and nVidia SHIELD Portable). The Nook HD+ firmware (v06 dated 08/2012) is newer than the 2012 Nexus 7 firmware (v05 05/2012) and SHIELD Portable (v04 05/1997), and yet neither the Nexus 7 nor the SHIELD Portable seem to have the problem.
A kernel patch in the 2012 Nexus 7 seems to have addressed the issue. This patch may need to be ported to other devices which have the same firmware and use TRIM (default in AOSP 4.3/CyanogenMod 10.2).
M8G2FA "P17 corruption" bug
Status: fix available
Fix type: eMMC firmware patch applied by kernel on chip power-on
Patch: https://github.com/steven676/nook_kernel/commit/4b51e605cb5deff9dad6ed89fc7c021489f29bf1#L3R323
Buried in the kernel source for Nook Color software version 1.4.3 was an eMMC firmware patch for Samsung M8G2FA eMMC parts with firmware 0x11. The full impact of this bug is unknown, but it's described in the patch as a "P17 corruption" bug, so it's safe to assume that it results in at least data corruption, and possibly worse.
