Context Navigation

scan.c @ fb5bc64d

Last change on this file since fb5bc64d was 8e55f0d, checked in by Chen Jie <chenjie6@…>, on 02/10/15 at 20:49:48

jffs2: fix handling of corrupted summary length

sm->offset maybe wrong but magic maybe right, the offset do not have CRC.

Badness at c00c7580 [verbose debug info unavailable]
NIP: c00c7580 LR: c00c718c CTR: 00000014
REGS: df07bb40 TRAP: 0700 Not tainted (2.6.34.13-WR4.3.0.0_standard)
MSR: 00029000 <EE,ME,CE> CR: 22084f84 XER: 00000000
TASK = df84d6e0[908] 'mount' THREAD: df07a000
GPR00: 00000001 df07bbf0 df84d6e0 00000000 00000001 00000000 df07bb58 00000041
GPR08: 00000041 c0638860 00000000 00000010 22084f88 100636c8 df814ff8 00000000
GPR16: df84d6e0 dfa558cc c05adb90 00000048 c0452d30 00000000 000240d0 000040d0
GPR24: 00000014 c05ae734 c05be2e0 00000000 00000001 00000000 00000000 c05ae730
NIP [c00c7580] alloc_pages_nodemask+0x4d0/0x638
LR [c00c718c] alloc_pages_nodemask+0xdc/0x638
Call Trace:
[df07bbf0] [c00c718c] alloc_pages_nodemask+0xdc/0x638 (unreliable)
[df07bc90] [c00c7708] get_free_pages+0x20/0x48
[df07bca0] [c00f4a40] kmalloc+0x15c/0x1ec
[df07bcd0] [c01fc880] jffs2_scan_medium+0xa58/0x14d0
[df07bd70] [c01ff38c] jffs2_do_mount_fs+0x1f4/0x6b4
[df07bdb0] [c020144c] jffs2_do_fill_super+0xa8/0x260
[df07bdd0] [c020230c] jffs2_fill_super+0x104/0x184
[df07be00] [c0335814] get_sb_mtd_aux+0x9c/0xec
[df07be20] [c033596c] get_sb_mtd+0x84/0x1e8
[df07be60] [c0201ed0] jffs2_get_sb+0x1c/0x2c
[df07be70] [c0103898] vfs_kern_mount+0x78/0x1e8
[df07bea0] [c0103a58] do_kern_mount+0x40/0x100
[df07bec0] [c011fe90] do_mount+0x240/0x890
[df07bf10] [c0120570] sys_mount+0x90/0xd8
[df07bf40] [c00110d8] ret_from_syscall+0x0/0x4

Exception: c01 at 0xff61a34

LR = 0x100135f0

Instruction dump:
38800005 38600000 48010f41 4bfffe1c 4bfc2d15 4bfffe8c 72e90200 4082fc28
3d20c064 39298860 8809000d 68000001 <0f000000> 2f800000 419efc0c 38000001
mount: mounting /dev/mtdblock3 on /common failed: Input/output error

Signed-off-by: Chen Jie <chenjie6@…>
Cc: <stable@…>
Signed-off-by: Andrew Morton <akpm@…>
Signed-off-by: David Woodhouse <David.Woodhouse@…>

Property mode set to 100644

File size: 35.2 KB

Line
1	#include "rtems-jffs2-config.h"
2
3	/*
4	* JFFS2 -- Journalling Flash File System, Version 2.
5	*
6	* Copyright Â© 2001-2007 Red Hat, Inc.
7	*
8	* Created by David Woodhouse <dwmw2@infradead.org>
9	*
10	* For licensing information, see the file 'LICENCE' in this directory.
11	*
12	*/
13
14	#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15
16	#include <linux/kernel.h>
17	#include <linux/sched.h>
18	#include <linux/slab.h>
19	#include <linux/mtd/mtd.h>
20	#include <linux/pagemap.h>
21	#include <linux/crc32.h>
22	#include <linux/compiler.h>
23	#include "nodelist.h"
24	#include "summary.h"
25	#include "debug.h"
26
27	#define DEFAULT_EMPTY_SCAN_SIZE 256
28
29	#define noisy_printk(noise, fmt, ...) \
30	do { \
31	if (*(noise)) { \
32	pr_notice(fmt, ##__VA_ARGS__); \
33	(*(noise))--; \
34	if (!(*(noise))) \
35	pr_notice("Further such events for this erase block will not be printed\n"); \
36	} \
37	} while (0)
38
39	static uint32_t pseudo_random;
40
41	static int jffs2_scan_eraseblock (struct jffs2_sb_info c, struct jffs2_eraseblock jeb,
42	unsigned char buf, uint32_t buf_size, struct jffs2_summary s);
43
44	/* These helper functions _must_ increase ofs and also do the dirty/used space accounting.
45	* Returning an error will abort the mount - bad checksums etc. should just mark the space
46	* as dirty.
47	*/
48	static int jffs2_scan_inode_node(struct jffs2_sb_info c, struct jffs2_eraseblock jeb,
49	struct jffs2_raw_inode ri, uint32_t ofs, struct jffs2_summary s);
50	static int jffs2_scan_dirent_node(struct jffs2_sb_info c, struct jffs2_eraseblock jeb,
51	struct jffs2_raw_dirent rd, uint32_t ofs, struct jffs2_summary s);
52
53	static inline int min_free(struct jffs2_sb_info *c)
54	{
55	uint32_t min = 2 * sizeof(struct jffs2_raw_inode);
56	#ifdef CONFIG_JFFS2_FS_WRITEBUFFER
57	if (!jffs2_can_mark_obsolete(c) && min < c->wbuf_pagesize)
58	return c->wbuf_pagesize;
59	#endif
60	return min;
61
62	}
63
64	static inline uint32_t EMPTY_SCAN_SIZE(uint32_t sector_size) {
65	if (sector_size < DEFAULT_EMPTY_SCAN_SIZE)
66	return sector_size;
67	else
68	return DEFAULT_EMPTY_SCAN_SIZE;
69	}
70
71	static int file_dirty(struct jffs2_sb_info c, struct jffs2_eraseblock jeb)
72	{
73	int ret;
74
75	if ((ret = jffs2_prealloc_raw_node_refs(c, jeb, 1)))
76	return ret;
77	if ((ret = jffs2_scan_dirty_space(c, jeb, jeb->free_size)))
78	return ret;
79	/* Turned wasted size into dirty, since we apparently
80	think it's recoverable now. */
81	jeb->dirty_size += jeb->wasted_size;
82	c->dirty_size += jeb->wasted_size;
83	c->wasted_size -= jeb->wasted_size;
84	jeb->wasted_size = 0;
85	if (VERYDIRTY(c, jeb->dirty_size)) {
86	list_add(&jeb->list, &c->very_dirty_list);
87	} else {
88	list_add(&jeb->list, &c->dirty_list);
89	}
90	return 0;
91	}
92
93	int jffs2_scan_medium(struct jffs2_sb_info *c)
94	{
95	int i, ret;
96	uint32_t empty_blocks = 0, bad_blocks = 0;
97	unsigned char *flashbuf = NULL;
98	uint32_t buf_size = 0;
99	struct jffs2_summary s = NULL; / summary info collected by the scan process */
100	size_t try_size;
101	#ifndef __ECOS
102	size_t pointlen;
103
104	ret = mtd_point(c->mtd, 0, c->mtd->size, &pointlen,
105	(void **)&flashbuf, NULL);
106	if (!ret && pointlen < c->mtd->size) {
107	/* Don't muck about if it won't let us point to the whole flash */
108	jffs2_dbg(1, "MTD point returned len too short: 0x%zx\n",
109	pointlen);
110	mtd_unpoint(c->mtd, 0, pointlen);
111	flashbuf = NULL;
112	}
113	if (ret && ret != -EOPNOTSUPP)
114	jffs2_dbg(1, "MTD point failed %d\n", ret);
115	#endif
116	if (!flashbuf) {
117	/* For NAND it's quicker to read a whole eraseblock at a time,
118	apparently */
119	if (jffs2_cleanmarker_oob(c))
120	try_size = c->sector_size;
121	else
122	try_size = PAGE_SIZE;
123
124	jffs2_dbg(1, "Trying to allocate readbuf of %zu "
125	"bytes\n", try_size);
126
127	flashbuf = mtd_kmalloc_up_to(c->mtd, &try_size);
128	if (!flashbuf)
129	return -ENOMEM;
130
131	jffs2_dbg(1, "Allocated readbuf of %zu bytes\n",
132	try_size);
133
134	buf_size = (uint32_t)try_size;
135	}
136
137	if (jffs2_sum_active()) {
138	s = kzalloc(sizeof(struct jffs2_summary), GFP_KERNEL);
139	if (!s) {
140	JFFS2_WARNING("Can't allocate memory for summary\n");
141	ret = -ENOMEM;
142	goto out;
143	}
144	}
145
146	for (i=0; i<c->nr_blocks; i++) {
147	struct jffs2_eraseblock *jeb = &c->blocks[i];
148
149	cond_resched();
150
151	/* reset summary info for next eraseblock scan */
152	jffs2_sum_reset_collected(s);
153
154	ret = jffs2_scan_eraseblock(c, jeb, buf_size?flashbuf:(flashbuf+jeb->offset),
155	buf_size, s);
156
157	if (ret < 0)
158	goto out;
159
160	jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
161
162	/* Now decide which list to put it on */
163	switch(ret) {
164	case BLK_STATE_ALLFF:
165	/*
166	* Empty block. Since we can't be sure it
167	* was entirely erased, we just queue it for erase
168	* again. It will be marked as such when the erase
169	* is complete. Meanwhile we still count it as empty
170	* for later checks.
171	*/
172	empty_blocks++;
173	list_add(&jeb->list, &c->erase_pending_list);
174	c->nr_erasing_blocks++;
175	break;
176
177	case BLK_STATE_CLEANMARKER:
178	/* Only a CLEANMARKER node is valid */
179	if (!jeb->dirty_size) {
180	/* It's actually free */
181	list_add(&jeb->list, &c->free_list);
182	c->nr_free_blocks++;
183	} else {
184	/* Dirt */
185	jffs2_dbg(1, "Adding all-dirty block at 0x%08x to erase_pending_list\n",
186	jeb->offset);
187	list_add(&jeb->list, &c->erase_pending_list);
188	c->nr_erasing_blocks++;
189	}
190	break;
191
192	case BLK_STATE_CLEAN:
193	/* Full (or almost full) of clean data. Clean list */
194	list_add(&jeb->list, &c->clean_list);
195	break;
196
197	case BLK_STATE_PARTDIRTY:
198	/* Some data, but not full. Dirty list. */
199	/* We want to remember the block with most free space
200	and stick it in the 'nextblock' position to start writing to it. */
201	if (jeb->free_size > min_free(c) &&
202	(!c->nextblock \|\| c->nextblock->free_size < jeb->free_size)) {
203	/* Better candidate for the next writes to go to */
204	if (c->nextblock) {
205	ret = file_dirty(c, c->nextblock);
206	if (ret)
207	goto out;
208	/* deleting summary information of the old nextblock */
209	jffs2_sum_reset_collected(c->summary);
210	}
211	/* update collected summary information for the current nextblock */
212	jffs2_sum_move_collected(c, s);
213	jffs2_dbg(1, "%s(): new nextblock = 0x%08x\n",
214	__func__, jeb->offset);
215	c->nextblock = jeb;
216	} else {
217	ret = file_dirty(c, jeb);
218	if (ret)
219	goto out;
220	}
221	break;
222
223	case BLK_STATE_ALLDIRTY:
224	/* Nothing valid - not even a clean marker. Needs erasing. */
225	/* For now we just put it on the erasing list. We'll start the erases later */
226	jffs2_dbg(1, "Erase block at 0x%08x is not formatted. It will be erased\n",
227	jeb->offset);
228	list_add(&jeb->list, &c->erase_pending_list);
229	c->nr_erasing_blocks++;
230	break;
231
232	case BLK_STATE_BADBLOCK:
233	jffs2_dbg(1, "Block at 0x%08x is bad\n", jeb->offset);
234	list_add(&jeb->list, &c->bad_list);
235	c->bad_size += c->sector_size;
236	c->free_size -= c->sector_size;
237	bad_blocks++;
238	break;
239	default:
240	pr_warn("%s(): unknown block state\n", __func__);
241	BUG();
242	}
243	}
244
245	/* Nextblock dirty is always seen as wasted, because we cannot recycle it now */
246	if (c->nextblock && (c->nextblock->dirty_size)) {
247	c->nextblock->wasted_size += c->nextblock->dirty_size;
248	c->wasted_size += c->nextblock->dirty_size;
249	c->dirty_size -= c->nextblock->dirty_size;
250	c->nextblock->dirty_size = 0;
251	}
252	#ifdef CONFIG_JFFS2_FS_WRITEBUFFER
253	if (!jffs2_can_mark_obsolete(c) && c->wbuf_pagesize && c->nextblock && (c->nextblock->free_size % c->wbuf_pagesize)) {
254	/* If we're going to start writing into a block which already
255	contains data, and the end of the data isn't page-aligned,
256	skip a little and align it. */
257
258	uint32_t skip = c->nextblock->free_size % c->wbuf_pagesize;
259
260	jffs2_dbg(1, "%s(): Skipping %d bytes in nextblock to ensure page alignment\n",
261	__func__, skip);
262	jffs2_prealloc_raw_node_refs(c, c->nextblock, 1);
263	jffs2_scan_dirty_space(c, c->nextblock, skip);
264	}
265	#endif
266	if (c->nr_erasing_blocks) {
267	if ( !c->used_size && ((c->nr_free_blocks+empty_blocks+bad_blocks)!= c->nr_blocks \|\| bad_blocks == c->nr_blocks) ) {
268	pr_notice("Cowardly refusing to erase blocks on filesystem with no valid JFFS2 nodes\n");
269	pr_notice("empty_blocks %d, bad_blocks %d, c->nr_blocks %d\n",
270	empty_blocks, bad_blocks, c->nr_blocks);
271	ret = -EIO;
272	goto out;
273	}
274	spin_lock(&c->erase_completion_lock);
275	jffs2_garbage_collect_trigger(c);
276	spin_unlock(&c->erase_completion_lock);
277	}
278	ret = 0;
279	out:
280	if (buf_size)
281	kfree(flashbuf);
282	#ifndef __ECOS
283	else
284	mtd_unpoint(c->mtd, 0, c->mtd->size);
285	#endif
286	kfree(s);
287	return ret;
288	}
289
290	static int jffs2_fill_scan_buf(struct jffs2_sb_info c, void buf,
291	uint32_t ofs, uint32_t len)
292	{
293	int ret;
294	size_t retlen;
295
296	ret = jffs2_flash_read(c, ofs, len, &retlen, buf);
297	if (ret) {
298	jffs2_dbg(1, "mtd->read(0x%x bytes from 0x%x) returned %d\n",
299	len, ofs, ret);
300	return ret;
301	}
302	if (retlen < len) {
303	jffs2_dbg(1, "Read at 0x%x gave only 0x%zx bytes\n",
304	ofs, retlen);
305	return -EIO;
306	}
307	return 0;
308	}
309
310	int jffs2_scan_classify_jeb(struct jffs2_sb_info c, struct jffs2_eraseblock jeb)
311	{
312	if ((jeb->used_size + jeb->unchecked_size) == PAD(c->cleanmarker_size) && !jeb->dirty_size
313	&& (!jeb->first_node \|\| !ref_next(jeb->first_node)) )
314	return BLK_STATE_CLEANMARKER;
315
316	/* move blocks with max 4 byte dirty space to cleanlist */
317	else if (!ISDIRTY(c->sector_size - (jeb->used_size + jeb->unchecked_size))) {
318	c->dirty_size -= jeb->dirty_size;
319	c->wasted_size += jeb->dirty_size;
320	jeb->wasted_size += jeb->dirty_size;
321	jeb->dirty_size = 0;
322	return BLK_STATE_CLEAN;
323	} else if (jeb->used_size \|\| jeb->unchecked_size)
324	return BLK_STATE_PARTDIRTY;
325	else
326	return BLK_STATE_ALLDIRTY;
327	}
328
329	#ifdef CONFIG_JFFS2_FS_XATTR
330	static int jffs2_scan_xattr_node(struct jffs2_sb_info c, struct jffs2_eraseblock jeb,
331	struct jffs2_raw_xattr *rx, uint32_t ofs,
332	struct jffs2_summary *s)
333	{
334	struct jffs2_xattr_datum *xd;
335	uint32_t xid, version, totlen, crc;
336	int err;
337
338	crc = crc32(0, rx, sizeof(struct jffs2_raw_xattr) - 4);
339	if (crc != je32_to_cpu(rx->node_crc)) {
340	JFFS2_WARNING("node CRC failed at %#08x, read=%#08x, calc=%#08x\n",
341	ofs, je32_to_cpu(rx->node_crc), crc);
342	if ((err = jffs2_scan_dirty_space(c, jeb, je32_to_cpu(rx->totlen))))
343	return err;
344	return 0;
345	}
346
347	xid = je32_to_cpu(rx->xid);
348	version = je32_to_cpu(rx->version);
349
350	totlen = PAD(sizeof(struct jffs2_raw_xattr)
351	+ rx->name_len + 1 + je16_to_cpu(rx->value_len));
352	if (totlen != je32_to_cpu(rx->totlen)) {
353	JFFS2_WARNING("node length mismatch at %#08x, read=%u, calc=%u\n",
354	ofs, je32_to_cpu(rx->totlen), totlen);
355	if ((err = jffs2_scan_dirty_space(c, jeb, je32_to_cpu(rx->totlen))))
356	return err;
357	return 0;
358	}
359
360	xd = jffs2_setup_xattr_datum(c, xid, version);
361	if (IS_ERR(xd))
362	return PTR_ERR(xd);
363
364	if (xd->version > version) {
365	struct jffs2_raw_node_ref *raw
366	= jffs2_link_node_ref(c, jeb, ofs \| REF_PRISTINE, totlen, NULL);
367	raw->next_in_ino = xd->node->next_in_ino;
368	xd->node->next_in_ino = raw;
369	} else {
370	xd->version = version;
371	xd->xprefix = rx->xprefix;
372	xd->name_len = rx->name_len;
373	xd->value_len = je16_to_cpu(rx->value_len);
374	xd->data_crc = je32_to_cpu(rx->data_crc);
375
376	jffs2_link_node_ref(c, jeb, ofs \| REF_PRISTINE, totlen, (void *)xd);
377	}
378
379	if (jffs2_sum_active())
380	jffs2_sum_add_xattr_mem(s, rx, ofs - jeb->offset);
381	dbg_xattr("scanning xdatum at %#08x (xid=%u, version=%u)\n",
382	ofs, xd->xid, xd->version);
383	return 0;
384	}
385
386	static int jffs2_scan_xref_node(struct jffs2_sb_info c, struct jffs2_eraseblock jeb,
387	struct jffs2_raw_xref *rr, uint32_t ofs,
388	struct jffs2_summary *s)
389	{
390	struct jffs2_xattr_ref *ref;
391	uint32_t crc;
392	int err;
393
394	crc = crc32(0, rr, sizeof(*rr) - 4);
395	if (crc != je32_to_cpu(rr->node_crc)) {
396	JFFS2_WARNING("node CRC failed at %#08x, read=%#08x, calc=%#08x\n",
397	ofs, je32_to_cpu(rr->node_crc), crc);
398	if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(rr->totlen)))))
399	return err;
400	return 0;
401	}
402
403	if (PAD(sizeof(struct jffs2_raw_xref)) != je32_to_cpu(rr->totlen)) {
404	JFFS2_WARNING("node length mismatch at %#08x, read=%u, calc=%zd\n",
405	ofs, je32_to_cpu(rr->totlen),
406	PAD(sizeof(struct jffs2_raw_xref)));
407	if ((err = jffs2_scan_dirty_space(c, jeb, je32_to_cpu(rr->totlen))))
408	return err;
409	return 0;
410	}
411
412	ref = jffs2_alloc_xattr_ref();
413	if (!ref)
414	return -ENOMEM;
415
416	/* BEFORE jffs2_build_xattr_subsystem() called,
417	* and AFTER xattr_ref is marked as a dead xref,
418	* ref->xid is used to store 32bit xid, xd is not used
419	* ref->ino is used to store 32bit inode-number, ic is not used
420	* Thoes variables are declared as union, thus using those
421	* are exclusive. In a similar way, ref->next is temporarily
422	* used to chain all xattr_ref object. It's re-chained to
423	* jffs2_inode_cache in jffs2_build_xattr_subsystem() correctly.
424	*/
425	ref->ino = je32_to_cpu(rr->ino);
426	ref->xid = je32_to_cpu(rr->xid);
427	ref->xseqno = je32_to_cpu(rr->xseqno);
428	if (ref->xseqno > c->highest_xseqno)
429	c->highest_xseqno = (ref->xseqno & ~XREF_DELETE_MARKER);
430	ref->next = c->xref_temp;
431	c->xref_temp = ref;
432
433	jffs2_link_node_ref(c, jeb, ofs \| REF_PRISTINE, PAD(je32_to_cpu(rr->totlen)), (void *)ref);
434
435	if (jffs2_sum_active())
436	jffs2_sum_add_xref_mem(s, rr, ofs - jeb->offset);
437	dbg_xattr("scan xref at %#08x (xid=%u, ino=%u)\n",
438	ofs, ref->xid, ref->ino);
439	return 0;
440	}
441	#endif
442
443	/* Called with 'buf_size == 0' if buf is in fact a pointer _directly_ into
444	the flash, XIP-style */
445	static int jffs2_scan_eraseblock (struct jffs2_sb_info c, struct jffs2_eraseblock jeb,
446	unsigned char buf, uint32_t buf_size, struct jffs2_summary s) {
447	struct jffs2_unknown_node *node;
448	struct jffs2_unknown_node crcnode;
449	uint32_t ofs, prevofs, max_ofs;
450	uint32_t hdr_crc, buf_ofs, buf_len;
451	int err;
452	int noise = 0;
453
454
455	#ifdef CONFIG_JFFS2_FS_WRITEBUFFER
456	int cleanmarkerfound = 0;
457	#endif
458
459	ofs = jeb->offset;
460	prevofs = jeb->offset - 1;
461
462	jffs2_dbg(1, "%s(): Scanning block at 0x%x\n", __func__, ofs);
463
464	#ifdef CONFIG_JFFS2_FS_WRITEBUFFER
465	if (jffs2_cleanmarker_oob(c)) {
466	int ret;
467
468	if (mtd_block_isbad(c->mtd, jeb->offset))
469	return BLK_STATE_BADBLOCK;
470
471	ret = jffs2_check_nand_cleanmarker(c, jeb);
472	jffs2_dbg(2, "jffs_check_nand_cleanmarker returned %d\n", ret);
473
474	/* Even if it's not found, we still scan to see
475	if the block is empty. We use this information
476	to decide whether to erase it or not. */
477	switch (ret) {
478	case 0: cleanmarkerfound = 1; break;
479	case 1: break;
480	default: return ret;
481	}
482	}
483	#endif
484
485	if (jffs2_sum_active()) {
486	struct jffs2_sum_marker *sm;
487	void *sumptr = NULL;
488	uint32_t sumlen;
489
490	if (!buf_size) {
491	/* XIP case. Just look, point at the summary if it's there */
492	sm = (void )buf + c->sector_size - sizeof(sm);
493	if (je32_to_cpu(sm->magic) == JFFS2_SUM_MAGIC) {
494	sumptr = buf + je32_to_cpu(sm->offset);
495	sumlen = c->sector_size - je32_to_cpu(sm->offset);
496	}
497	} else {
498	/* If NAND flash, read a whole page of it. Else just the end */
499	if (c->wbuf_pagesize)
500	buf_len = c->wbuf_pagesize;
501	else
502	buf_len = sizeof(*sm);
503
504	/* Read as much as we want into the _end_ of the preallocated buffer */
505	err = jffs2_fill_scan_buf(c, buf + buf_size - buf_len,
506	jeb->offset + c->sector_size - buf_len,
507	buf_len);
508	if (err)
509	return err;
510
511	sm = (void )buf + buf_size - sizeof(sm);
512	if (je32_to_cpu(sm->magic) == JFFS2_SUM_MAGIC) {
513	sumlen = c->sector_size - je32_to_cpu(sm->offset);
514	sumptr = buf + buf_size - sumlen;
515
516	/* sm->offset maybe wrong but MAGIC maybe right */
517	if (sumlen > c->sector_size)
518	goto full_scan;
519
520	/* Now, make sure the summary itself is available */
521	if (sumlen > buf_size) {
522	/* Need to kmalloc for this. */
523	sumptr = kmalloc(sumlen, GFP_KERNEL);
524	if (!sumptr)
525	return -ENOMEM;
526	memcpy(sumptr + sumlen - buf_len, buf + buf_size - buf_len, buf_len);
527	}
528	if (buf_len < sumlen) {
529	/* Need to read more so that the entire summary node is present */
530	err = jffs2_fill_scan_buf(c, sumptr,
531	jeb->offset + c->sector_size - sumlen,
532	sumlen - buf_len);
533	if (err)
534	return err;
535	}
536	}
537
538	}
539
540	if (sumptr) {
541	err = jffs2_sum_scan_sumnode(c, jeb, sumptr, sumlen, &pseudo_random);
542
543	if (buf_size && sumlen > buf_size)
544	kfree(sumptr);
545	/* If it returns with a real error, bail.
546	If it returns positive, that's a block classification
547	(i.e. BLK_STATE_xxx) so return that too.
548	If it returns zero, fall through to full scan. */
549	if (err)
550	return err;
551	}
552	}
553
554	full_scan:
555	buf_ofs = jeb->offset;
556
557	if (!buf_size) {
558	/* This is the XIP case -- we're reading _directly_ from the flash chip */
559	buf_len = c->sector_size;
560	} else {
561	buf_len = EMPTY_SCAN_SIZE(c->sector_size);
562	err = jffs2_fill_scan_buf(c, buf, buf_ofs, buf_len);
563	if (err)
564	return err;
565	}
566
567	/* We temporarily use 'ofs' as a pointer into the buffer/jeb */
568	ofs = 0;
569	max_ofs = EMPTY_SCAN_SIZE(c->sector_size);
570	/* Scan only EMPTY_SCAN_SIZE of 0xFF before declaring it's empty */
571	while(ofs < max_ofs && (uint32_t )(&buf[ofs]) == 0xFFFFFFFF)
572	ofs += 4;
573
574	if (ofs == max_ofs) {
575	#ifdef CONFIG_JFFS2_FS_WRITEBUFFER
576	if (jffs2_cleanmarker_oob(c)) {
577	/* scan oob, take care of cleanmarker */
578	int ret = jffs2_check_oob_empty(c, jeb, cleanmarkerfound);
579	jffs2_dbg(2, "jffs2_check_oob_empty returned %d\n",
580	ret);
581	switch (ret) {
582	case 0: return cleanmarkerfound ? BLK_STATE_CLEANMARKER : BLK_STATE_ALLFF;
583	case 1: return BLK_STATE_ALLDIRTY;
584	default: return ret;
585	}
586	}
587	#endif
588	jffs2_dbg(1, "Block at 0x%08x is empty (erased)\n",
589	jeb->offset);
590	if (c->cleanmarker_size == 0)
591	return BLK_STATE_CLEANMARKER; /* don't bother with re-erase */
592	else
593	return BLK_STATE_ALLFF; /* OK to erase if all blocks are like this */
594	}
595	if (ofs) {
596	jffs2_dbg(1, "Free space at %08x ends at %08x\n", jeb->offset,
597	jeb->offset + ofs);
598	if ((err = jffs2_prealloc_raw_node_refs(c, jeb, 1)))
599	return err;
600	if ((err = jffs2_scan_dirty_space(c, jeb, ofs)))
601	return err;
602	}
603
604	/* Now ofs is a complete physical flash offset as it always was... */
605	ofs += jeb->offset;
606
607	noise = 10;
608
609	dbg_summary("no summary found in jeb 0x%08x. Apply original scan.\n",jeb->offset);
610
611	scan_more:
612	while(ofs < jeb->offset + c->sector_size) {
613
614	jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
615
616	/* Make sure there are node refs available for use */
617	err = jffs2_prealloc_raw_node_refs(c, jeb, 2);
618	if (err)
619	return err;
620
621	cond_resched();
622
623	if (ofs & 3) {
624	pr_warn("Eep. ofs 0x%08x not word-aligned!\n", ofs);
625	ofs = PAD(ofs);
626	continue;
627	}
628	if (ofs == prevofs) {
629	pr_warn("ofs 0x%08x has already been seen. Skipping\n",
630	ofs);
631	if ((err = jffs2_scan_dirty_space(c, jeb, 4)))
632	return err;
633	ofs += 4;
634	continue;
635	}
636	prevofs = ofs;
637
638	if (jeb->offset + c->sector_size < ofs + sizeof(*node)) {
639	jffs2_dbg(1, "Fewer than %zd bytes left to end of block. (%x+%x<%x+%zx) Not reading\n",
640	sizeof(struct jffs2_unknown_node),
641	jeb->offset, c->sector_size, ofs,
642	sizeof(*node));
643	if ((err = jffs2_scan_dirty_space(c, jeb, (jeb->offset + c->sector_size)-ofs)))
644	return err;
645	break;
646	}
647
648	if (buf_ofs + buf_len < ofs + sizeof(*node)) {
649	buf_len = min_t(uint32_t, buf_size, jeb->offset + c->sector_size - ofs);
650	jffs2_dbg(1, "Fewer than %zd bytes (node header) left to end of buf. Reading 0x%x at 0x%08x\n",
651	sizeof(struct jffs2_unknown_node),
652	buf_len, ofs);
653	err = jffs2_fill_scan_buf(c, buf, ofs, buf_len);
654	if (err)
655	return err;
656	buf_ofs = ofs;
657	}
658
659	node = (struct jffs2_unknown_node *)&buf[ofs-buf_ofs];
660
661	if ((uint32_t )(&buf[ofs-buf_ofs]) == 0xffffffff) {
662	uint32_t inbuf_ofs;
663	uint32_t empty_start, scan_end;
664
665	empty_start = ofs;
666	ofs += 4;
667	scan_end = min_t(uint32_t, EMPTY_SCAN_SIZE(c->sector_size)/8, buf_len);
668
669	jffs2_dbg(1, "Found empty flash at 0x%08x\n", ofs);
670	more_empty:
671	inbuf_ofs = ofs - buf_ofs;
672	while (inbuf_ofs < scan_end) {
673	if (unlikely((uint32_t )(&buf[inbuf_ofs]) != 0xffffffff)) {
674	pr_warn("Empty flash at 0x%08x ends at 0x%08x\n",
675	empty_start, ofs);
676	if ((err = jffs2_scan_dirty_space(c, jeb, ofs-empty_start)))
677	return err;
678	goto scan_more;
679	}
680
681	inbuf_ofs+=4;
682	ofs += 4;
683	}
684	/* Ran off end. */
685	jffs2_dbg(1, "Empty flash to end of buffer at 0x%08x\n",
686	ofs);
687
688	/* If we're only checking the beginning of a block with a cleanmarker,
689	bail now */
690	if (buf_ofs == jeb->offset && jeb->used_size == PAD(c->cleanmarker_size) &&
691	c->cleanmarker_size && !jeb->dirty_size && !ref_next(jeb->first_node)) {
692	jffs2_dbg(1, "%d bytes at start of block seems clean... assuming all clean\n",
693	EMPTY_SCAN_SIZE(c->sector_size));
694	return BLK_STATE_CLEANMARKER;
695	}
696	if (!buf_size && (scan_end != buf_len)) {/* XIP/point case */
697	scan_end = buf_len;
698	goto more_empty;
699	}
700
701	/* See how much more there is to read in this eraseblock... */
702	buf_len = min_t(uint32_t, buf_size, jeb->offset + c->sector_size - ofs);
703	if (!buf_len) {
704	/* No more to read. Break out of main loop without marking
705	this range of empty space as dirty (because it's not) */
706	jffs2_dbg(1, "Empty flash at %08x runs to end of block. Treating as free_space\n",
707	empty_start);
708	break;
709	}
710	/* point never reaches here */
711	scan_end = buf_len;
712	jffs2_dbg(1, "Reading another 0x%x at 0x%08x\n",
713	buf_len, ofs);
714	err = jffs2_fill_scan_buf(c, buf, ofs, buf_len);
715	if (err)
716	return err;
717	buf_ofs = ofs;
718	goto more_empty;
719	}
720
721	if (ofs == jeb->offset && je16_to_cpu(node->magic) == KSAMTIB_CIGAM_2SFFJ) {
722	pr_warn("Magic bitmask is backwards at offset 0x%08x. Wrong endian filesystem?\n",
723	ofs);
724	if ((err = jffs2_scan_dirty_space(c, jeb, 4)))
725	return err;
726	ofs += 4;
727	continue;
728	}
729	if (je16_to_cpu(node->magic) == JFFS2_DIRTY_BITMASK) {
730	jffs2_dbg(1, "Dirty bitmask at 0x%08x\n", ofs);
731	if ((err = jffs2_scan_dirty_space(c, jeb, 4)))
732	return err;
733	ofs += 4;
734	continue;
735	}
736	if (je16_to_cpu(node->magic) == JFFS2_OLD_MAGIC_BITMASK) {
737	pr_warn("Old JFFS2 bitmask found at 0x%08x\n", ofs);
738	pr_warn("You cannot use older JFFS2 filesystems with newer kernels\n");
739	if ((err = jffs2_scan_dirty_space(c, jeb, 4)))
740	return err;
741	ofs += 4;
742	continue;
743	}
744	if (je16_to_cpu(node->magic) != JFFS2_MAGIC_BITMASK) {
745	/* OK. We're out of possibilities. Whinge and move on */
746	noisy_printk(&noise, "%s(): Magic bitmask 0x%04x not found at 0x%08x: 0x%04x instead\n",
747	__func__,
748	JFFS2_MAGIC_BITMASK, ofs,
749	je16_to_cpu(node->magic));
750	if ((err = jffs2_scan_dirty_space(c, jeb, 4)))
751	return err;
752	ofs += 4;
753	continue;
754	}
755	/* We seem to have a node of sorts. Check the CRC */
756	crcnode.magic = node->magic;
757	crcnode.nodetype = cpu_to_je16( je16_to_cpu(node->nodetype) \| JFFS2_NODE_ACCURATE);
758	crcnode.totlen = node->totlen;
759	hdr_crc = crc32(0, &crcnode, sizeof(crcnode)-4);
760
761	if (hdr_crc != je32_to_cpu(node->hdr_crc)) {
762	noisy_printk(&noise, "%s(): Node at 0x%08x {0x%04x, 0x%04x, 0x%08x) has invalid CRC 0x%08x (calculated 0x%08x)\n",
763	__func__,
764	ofs, je16_to_cpu(node->magic),
765	je16_to_cpu(node->nodetype),
766	je32_to_cpu(node->totlen),
767	je32_to_cpu(node->hdr_crc),
768	hdr_crc);
769	if ((err = jffs2_scan_dirty_space(c, jeb, 4)))
770	return err;
771	ofs += 4;
772	continue;
773	}
774
775	if (ofs + je32_to_cpu(node->totlen) > jeb->offset + c->sector_size) {
776	/* Eep. Node goes over the end of the erase block. */
777	pr_warn("Node at 0x%08x with length 0x%08x would run over the end of the erase block\n",
778	ofs, je32_to_cpu(node->totlen));
779	pr_warn("Perhaps the file system was created with the wrong erase size?\n");
780	if ((err = jffs2_scan_dirty_space(c, jeb, 4)))
781	return err;
782	ofs += 4;
783	continue;
784	}
785
786	if (!(je16_to_cpu(node->nodetype) & JFFS2_NODE_ACCURATE)) {
787	/* Wheee. This is an obsoleted node */
788	jffs2_dbg(2, "Node at 0x%08x is obsolete. Skipping\n",
789	ofs);
790	if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(node->totlen)))))
791	return err;
792	ofs += PAD(je32_to_cpu(node->totlen));
793	continue;
794	}
795
796	switch(je16_to_cpu(node->nodetype)) {
797	case JFFS2_NODETYPE_INODE:
798	if (buf_ofs + buf_len < ofs + sizeof(struct jffs2_raw_inode)) {
799	buf_len = min_t(uint32_t, buf_size, jeb->offset + c->sector_size - ofs);
800	jffs2_dbg(1, "Fewer than %zd bytes (inode node) left to end of buf. Reading 0x%x at 0x%08x\n",
801	sizeof(struct jffs2_raw_inode),
802	buf_len, ofs);
803	err = jffs2_fill_scan_buf(c, buf, ofs, buf_len);
804	if (err)
805	return err;
806	buf_ofs = ofs;
807	node = (void *)buf;
808	}
809	err = jffs2_scan_inode_node(c, jeb, (void *)node, ofs, s);
810	if (err) return err;
811	ofs += PAD(je32_to_cpu(node->totlen));
812	break;
813
814	case JFFS2_NODETYPE_DIRENT:
815	if (buf_ofs + buf_len < ofs + je32_to_cpu(node->totlen)) {
816	buf_len = min_t(uint32_t, buf_size, jeb->offset + c->sector_size - ofs);
817	jffs2_dbg(1, "Fewer than %d bytes (dirent node) left to end of buf. Reading 0x%x at 0x%08x\n",
818	je32_to_cpu(node->totlen), buf_len,
819	ofs);
820	err = jffs2_fill_scan_buf(c, buf, ofs, buf_len);
821	if (err)
822	return err;
823	buf_ofs = ofs;
824	node = (void *)buf;
825	}
826	err = jffs2_scan_dirent_node(c, jeb, (void *)node, ofs, s);
827	if (err) return err;
828	ofs += PAD(je32_to_cpu(node->totlen));
829	break;
830
831	#ifdef CONFIG_JFFS2_FS_XATTR
832	case JFFS2_NODETYPE_XATTR:
833	if (buf_ofs + buf_len < ofs + je32_to_cpu(node->totlen)) {
834	buf_len = min_t(uint32_t, buf_size, jeb->offset + c->sector_size - ofs);
835	jffs2_dbg(1, "Fewer than %d bytes (xattr node) left to end of buf. Reading 0x%x at 0x%08x\n",
836	je32_to_cpu(node->totlen), buf_len,
837	ofs);
838	err = jffs2_fill_scan_buf(c, buf, ofs, buf_len);
839	if (err)
840	return err;
841	buf_ofs = ofs;
842	node = (void *)buf;
843	}
844	err = jffs2_scan_xattr_node(c, jeb, (void *)node, ofs, s);
845	if (err)
846	return err;
847	ofs += PAD(je32_to_cpu(node->totlen));
848	break;
849	case JFFS2_NODETYPE_XREF:
850	if (buf_ofs + buf_len < ofs + je32_to_cpu(node->totlen)) {
851	buf_len = min_t(uint32_t, buf_size, jeb->offset + c->sector_size - ofs);
852	jffs2_dbg(1, "Fewer than %d bytes (xref node) left to end of buf. Reading 0x%x at 0x%08x\n",
853	je32_to_cpu(node->totlen), buf_len,
854	ofs);
855	err = jffs2_fill_scan_buf(c, buf, ofs, buf_len);
856	if (err)
857	return err;
858	buf_ofs = ofs;
859	node = (void *)buf;
860	}
861	err = jffs2_scan_xref_node(c, jeb, (void *)node, ofs, s);
862	if (err)
863	return err;
864	ofs += PAD(je32_to_cpu(node->totlen));
865	break;
866	#endif /* CONFIG_JFFS2_FS_XATTR */
867
868	case JFFS2_NODETYPE_CLEANMARKER:
869	jffs2_dbg(1, "CLEANMARKER node found at 0x%08x\n", ofs);
870	if (je32_to_cpu(node->totlen) != c->cleanmarker_size) {
871	pr_notice("CLEANMARKER node found at 0x%08x has totlen 0x%x != normal 0x%x\n",
872	ofs, je32_to_cpu(node->totlen),
873	c->cleanmarker_size);
874	if ((err = jffs2_scan_dirty_space(c, jeb, PAD(sizeof(struct jffs2_unknown_node)))))
875	return err;
876	ofs += PAD(sizeof(struct jffs2_unknown_node));
877	} else if (jeb->first_node) {
878	pr_notice("CLEANMARKER node found at 0x%08x, not first node in block (0x%08x)\n",
879	ofs, jeb->offset);
880	if ((err = jffs2_scan_dirty_space(c, jeb, PAD(sizeof(struct jffs2_unknown_node)))))
881	return err;
882	ofs += PAD(sizeof(struct jffs2_unknown_node));
883	} else {
884	jffs2_link_node_ref(c, jeb, ofs \| REF_NORMAL, c->cleanmarker_size, NULL);
885
886	ofs += PAD(c->cleanmarker_size);
887	}
888	break;
889
890	case JFFS2_NODETYPE_PADDING:
891	if (jffs2_sum_active())
892	jffs2_sum_add_padding_mem(s, je32_to_cpu(node->totlen));
893	if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(node->totlen)))))
894	return err;
895	ofs += PAD(je32_to_cpu(node->totlen));
896	break;
897
898	default:
899	switch (je16_to_cpu(node->nodetype) & JFFS2_COMPAT_MASK) {
900	case JFFS2_FEATURE_ROCOMPAT:
901	pr_notice("Read-only compatible feature node (0x%04x) found at offset 0x%08x\n",
902	je16_to_cpu(node->nodetype), ofs);
903	c->flags \|= JFFS2_SB_FLAG_RO;
904	if (!(jffs2_is_readonly(c)))
905	return -EROFS;
906	if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(node->totlen)))))
907	return err;
908	ofs += PAD(je32_to_cpu(node->totlen));
909	break;
910
911	case JFFS2_FEATURE_INCOMPAT:
912	pr_notice("Incompatible feature node (0x%04x) found at offset 0x%08x\n",
913	je16_to_cpu(node->nodetype), ofs);
914	return -EINVAL;
915
916	case JFFS2_FEATURE_RWCOMPAT_DELETE:
917	jffs2_dbg(1, "Unknown but compatible feature node (0x%04x) found at offset 0x%08x\n",
918	je16_to_cpu(node->nodetype), ofs);
919	if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(node->totlen)))))
920	return err;
921	ofs += PAD(je32_to_cpu(node->totlen));
922	break;
923
924	case JFFS2_FEATURE_RWCOMPAT_COPY: {
925	jffs2_dbg(1, "Unknown but compatible feature node (0x%04x) found at offset 0x%08x\n",
926	je16_to_cpu(node->nodetype), ofs);
927
928	jffs2_link_node_ref(c, jeb, ofs \| REF_PRISTINE, PAD(je32_to_cpu(node->totlen)), NULL);
929
930	/* We can't summarise nodes we don't grok */
931	jffs2_sum_disable_collecting(s);
932	ofs += PAD(je32_to_cpu(node->totlen));
933	break;
934	}
935	}
936	}
937	}
938
939	if (jffs2_sum_active()) {
940	if (PAD(s->sum_size + JFFS2_SUMMARY_FRAME_SIZE) > jeb->free_size) {
941	dbg_summary("There is not enough space for "
942	"summary information, disabling for this jeb!\n");
943	jffs2_sum_disable_collecting(s);
944	}
945	}
946
947	jffs2_dbg(1, "Block at 0x%08x: free 0x%08x, dirty 0x%08x, unchecked 0x%08x, used 0x%08x, wasted 0x%08x\n",
948	jeb->offset, jeb->free_size, jeb->dirty_size,
949	jeb->unchecked_size, jeb->used_size, jeb->wasted_size);
950
951	/* mark_node_obsolete can add to wasted !! */
952	if (jeb->wasted_size) {
953	jeb->dirty_size += jeb->wasted_size;
954	c->dirty_size += jeb->wasted_size;
955	c->wasted_size -= jeb->wasted_size;
956	jeb->wasted_size = 0;
957	}
958
959	return jffs2_scan_classify_jeb(c, jeb);
960	}
961
962	struct jffs2_inode_cache jffs2_scan_make_ino_cache(struct jffs2_sb_info c, uint32_t ino)
963	{
964	struct jffs2_inode_cache *ic;
965
966	ic = jffs2_get_ino_cache(c, ino);
967	if (ic)
968	return ic;
969
970	if (ino > c->highest_ino)
971	c->highest_ino = ino;
972
973	ic = jffs2_alloc_inode_cache();
974	if (!ic) {
975	pr_notice("%s(): allocation of inode cache failed\n", __func__);
976	return NULL;
977	}
978	memset(ic, 0, sizeof(*ic));
979
980	ic->ino = ino;
981	ic->nodes = (void *)ic;
982	jffs2_add_ino_cache(c, ic);
983	if (ino == 1)
984	ic->pino_nlink = 1;
985	return ic;
986	}
987
988	static int jffs2_scan_inode_node(struct jffs2_sb_info c, struct jffs2_eraseblock jeb,
989	struct jffs2_raw_inode ri, uint32_t ofs, struct jffs2_summary s)
990	{
991	struct jffs2_inode_cache *ic;
992	uint32_t crc, ino = je32_to_cpu(ri->ino);
993
994	jffs2_dbg(1, "%s(): Node at 0x%08x\n", __func__, ofs);
995
996	/* We do very little here now. Just check the ino# to which we should attribute
997	this node; we can do all the CRC checking etc. later. There's a tradeoff here --
998	we used to scan the flash once only, reading everything we want from it into
999	memory, then building all our in-core data structures and freeing the extra
1000	information. Now we allow the first part of the mount to complete a lot quicker,
1001	but we have to go _back_ to the flash in order to finish the CRC checking, etc.
1002	Which means that the _full_ amount of time to get to proper write mode with GC
1003	operational may actually be _longer_ than before. Sucks to be me. */
1004
1005	/* Check the node CRC in any case. */
1006	crc = crc32(0, ri, sizeof(*ri)-8);
1007	if (crc != je32_to_cpu(ri->node_crc)) {
1008	pr_notice("%s(): CRC failed on node at 0x%08x: Read 0x%08x, calculated 0x%08x\n",
1009	__func__, ofs, je32_to_cpu(ri->node_crc), crc);
1010	/*
1011	* We believe totlen because the CRC on the node
1012	* _header_ was OK, just the node itself failed.
1013	*/
1014	return jffs2_scan_dirty_space(c, jeb,
1015	PAD(je32_to_cpu(ri->totlen)));
1016	}
1017
1018	ic = jffs2_get_ino_cache(c, ino);
1019	if (!ic) {
1020	ic = jffs2_scan_make_ino_cache(c, ino);
1021	if (!ic)
1022	return -ENOMEM;
1023	}
1024
1025	/* Wheee. It worked */
1026	jffs2_link_node_ref(c, jeb, ofs \| REF_UNCHECKED, PAD(je32_to_cpu(ri->totlen)), ic);
1027
1028	jffs2_dbg(1, "Node is ino #%u, version %d. Range 0x%x-0x%x\n",
1029	je32_to_cpu(ri->ino), je32_to_cpu(ri->version),
1030	je32_to_cpu(ri->offset),
1031	je32_to_cpu(ri->offset)+je32_to_cpu(ri->dsize));
1032
1033	pseudo_random += je32_to_cpu(ri->version);
1034
1035	if (jffs2_sum_active()) {
1036	jffs2_sum_add_inode_mem(s, ri, ofs - jeb->offset);
1037	}
1038
1039	return 0;
1040	}
1041
1042	static int jffs2_scan_dirent_node(struct jffs2_sb_info c, struct jffs2_eraseblock jeb,
1043	struct jffs2_raw_dirent rd, uint32_t ofs, struct jffs2_summary s)
1044	{
1045	struct jffs2_full_dirent *fd;
1046	struct jffs2_inode_cache *ic;
1047	uint32_t checkedlen;
1048	uint32_t crc;
1049	int err;
1050
1051	jffs2_dbg(1, "%s(): Node at 0x%08x\n", __func__, ofs);
1052
1053	/* We don't get here unless the node is still valid, so we don't have to
1054	mask in the ACCURATE bit any more. */
1055	crc = crc32(0, rd, sizeof(*rd)-8);
1056
1057	if (crc != je32_to_cpu(rd->node_crc)) {
1058	pr_notice("%s(): Node CRC failed on node at 0x%08x: Read 0x%08x, calculated 0x%08x\n",
1059	__func__, ofs, je32_to_cpu(rd->node_crc), crc);
1060	/* We believe totlen because the CRC on the node _header_ was OK, just the node itself failed. */
1061	if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(rd->totlen)))))
1062	return err;
1063	return 0;
1064	}
1065
1066	pseudo_random += je32_to_cpu(rd->version);
1067
1068	/* Should never happen. Did. (OLPC trac #4184)*/
1069	checkedlen = strnlen(rd->name, rd->nsize);
1070	if (checkedlen < rd->nsize) {
1071	pr_err("Dirent at %08x has zeroes in name. Truncating to %d chars\n",
1072	ofs, checkedlen);
1073	}
1074	fd = jffs2_alloc_full_dirent(checkedlen+1);
1075	if (!fd) {
1076	return -ENOMEM;
1077	}
1078	memcpy(&fd->name, rd->name, checkedlen);
1079	fd->name[checkedlen] = 0;
1080
1081	crc = crc32(0, fd->name, rd->nsize);
1082	if (crc != je32_to_cpu(rd->name_crc)) {
1083	pr_notice("%s(): Name CRC failed on node at 0x%08x: Read 0x%08x, calculated 0x%08x\n",
1084	__func__, ofs, je32_to_cpu(rd->name_crc), crc);
1085	jffs2_dbg(1, "Name for which CRC failed is (now) '%s', ino #%d\n",
1086	fd->name, je32_to_cpu(rd->ino));
1087	jffs2_free_full_dirent(fd);
1088	/* FIXME: Why do we believe totlen? */
1089	/* We believe totlen because the CRC on the node _header_ was OK, just the name failed. */
1090	if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(rd->totlen)))))
1091	return err;
1092	return 0;
1093	}
1094	ic = jffs2_scan_make_ino_cache(c, je32_to_cpu(rd->pino));
1095	if (!ic) {
1096	jffs2_free_full_dirent(fd);
1097	return -ENOMEM;
1098	}
1099
1100	fd->raw = jffs2_link_node_ref(c, jeb, ofs \| dirent_node_state(rd),
1101	PAD(je32_to_cpu(rd->totlen)), ic);
1102
1103	fd->next = NULL;
1104	fd->version = je32_to_cpu(rd->version);
1105	fd->ino = je32_to_cpu(rd->ino);
1106	fd->nhash = full_name_hash(fd->name, checkedlen);
1107	fd->type = rd->type;
1108	jffs2_add_fd_to_list(c, fd, &ic->scan_dents);
1109
1110	if (jffs2_sum_active()) {
1111	jffs2_sum_add_dirent_mem(s, rd, ofs - jeb->offset);
1112	}
1113
1114	return 0;
1115	}
1116
1117	static int count_list(struct list_head *l)
1118	{
1119	uint32_t count = 0;
1120	struct list_head *tmp;
1121
1122	list_for_each(tmp, l) {
1123	count++;
1124	}
1125	return count;
1126	}
1127
1128	/* Note: This breaks if list_empty(head). I don't care. You
1129	might, if you copy this code and use it elsewhere :) */
1130	static void rotate_list(struct list_head *head, uint32_t count)
1131	{
1132	struct list_head *n = head->next;
1133
1134	list_del(head);
1135	while(count--) {
1136	n = n->next;
1137	}
1138	list_add(head, n);
1139	}
1140
1141	void jffs2_rotate_lists(struct jffs2_sb_info *c)
1142	{
1143	uint32_t x;
1144	uint32_t rotateby;
1145
1146	x = count_list(&c->clean_list);
1147	if (x) {
1148	rotateby = pseudo_random % x;
1149	rotate_list((&c->clean_list), rotateby);
1150	}
1151
1152	x = count_list(&c->very_dirty_list);
1153	if (x) {
1154	rotateby = pseudo_random % x;
1155	rotate_list((&c->very_dirty_list), rotateby);
1156	}
1157
1158	x = count_list(&c->dirty_list);
1159	if (x) {
1160	rotateby = pseudo_random % x;
1161	rotate_list((&c->dirty_list), rotateby);
1162	}
1163
1164	x = count_list(&c->erasable_list);
1165	if (x) {
1166	rotateby = pseudo_random % x;
1167	rotate_list((&c->erasable_list), rotateby);
1168	}
1169
1170	if (c->nr_erasing_blocks) {
1171	rotateby = pseudo_random % c->nr_erasing_blocks;
1172	rotate_list((&c->erase_pending_list), rotateby);
1173	}
1174
1175	if (c->nr_free_blocks) {
1176	rotateby = pseudo_random % c->nr_free_blocks;
1177	rotate_list((&c->free_list), rotateby);
1178	}
1179	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: rtems/cpukit/libfs/src/jffs2/src/scan.c @ fb5bc64d

Exception: c01 at 0xff61a34

Download in other formats: