linux/fs/jffs2/readinode.c
<<
>>
Prefs
   1/*
   2 * JFFS2 -- Journalling Flash File System, Version 2.
   3 *
   4 * Copyright © 2001-2007 Red Hat, Inc.
   5 *
   6 * Created by David Woodhouse <dwmw2@infradead.org>
   7 *
   8 * For licensing information, see the file 'LICENCE' in this directory.
   9 *
  10 */
  11
  12#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  13
  14#include <linux/kernel.h>
  15#include <linux/sched.h>
  16#include <linux/slab.h>
  17#include <linux/fs.h>
  18#include <linux/crc32.h>
  19#include <linux/pagemap.h>
  20#include <linux/mtd/mtd.h>
  21#include <linux/compiler.h>
  22#include "nodelist.h"
  23
  24/*
  25 * Check the data CRC of the node.
  26 *
  27 * Returns: 0 if the data CRC is correct;
  28 *          1 - if incorrect;
  29 *          error code if an error occurred.
  30 */
  31static int check_node_data(struct jffs2_sb_info *c, struct jffs2_tmp_dnode_info *tn)
  32{
  33        struct jffs2_raw_node_ref *ref = tn->fn->raw;
  34        int err = 0, pointed = 0;
  35        struct jffs2_eraseblock *jeb;
  36        unsigned char *buffer;
  37        uint32_t crc, ofs, len;
  38        size_t retlen;
  39
  40        BUG_ON(tn->csize == 0);
  41
  42        /* Calculate how many bytes were already checked */
  43        ofs = ref_offset(ref) + sizeof(struct jffs2_raw_inode);
  44        len = tn->csize;
  45
  46        if (jffs2_is_writebuffered(c)) {
  47                int adj = ofs % c->wbuf_pagesize;
  48                if (likely(adj))
  49                        adj = c->wbuf_pagesize - adj;
  50
  51                if (adj >= tn->csize) {
  52                        dbg_readinode("no need to check node at %#08x, data length %u, data starts at %#08x - it has already been checked.\n",
  53                                      ref_offset(ref), tn->csize, ofs);
  54                        goto adj_acc;
  55                }
  56
  57                ofs += adj;
  58                len -= adj;
  59        }
  60
  61        dbg_readinode("check node at %#08x, data length %u, partial CRC %#08x, correct CRC %#08x, data starts at %#08x, start checking from %#08x - %u bytes.\n",
  62                ref_offset(ref), tn->csize, tn->partial_crc, tn->data_crc, ofs - len, ofs, len);
  63
  64#ifndef __ECOS
  65        /* TODO: instead, incapsulate point() stuff to jffs2_flash_read(),
  66         * adding and jffs2_flash_read_end() interface. */
  67        err = mtd_point(c->mtd, ofs, len, &retlen, (void **)&buffer, NULL);
  68        if (!err && retlen < len) {
  69                JFFS2_WARNING("MTD point returned len too short: %zu instead of %u.\n", retlen, tn->csize);
  70                mtd_unpoint(c->mtd, ofs, retlen);
  71        } else if (err) {
  72                if (err != -EOPNOTSUPP)
  73                        JFFS2_WARNING("MTD point failed: error code %d.\n", err);
  74        } else
  75                pointed = 1; /* succefully pointed to device */
  76#endif
  77
  78        if (!pointed) {
  79                buffer = kmalloc(len, GFP_KERNEL);
  80                if (unlikely(!buffer))
  81                        return -ENOMEM;
  82
  83                /* TODO: this is very frequent pattern, make it a separate
  84                 * routine */
  85                err = jffs2_flash_read(c, ofs, len, &retlen, buffer);
  86                if (err) {
  87                        JFFS2_ERROR("can not read %d bytes from 0x%08x, error code: %d.\n", len, ofs, err);
  88                        goto free_out;
  89                }
  90
  91                if (retlen != len) {
  92                        JFFS2_ERROR("short read at %#08x: %zd instead of %d.\n", ofs, retlen, len);
  93                        err = -EIO;
  94                        goto free_out;
  95                }
  96        }
  97
  98        /* Continue calculating CRC */
  99        crc = crc32(tn->partial_crc, buffer, len);
 100        if(!pointed)
 101                kfree(buffer);
 102#ifndef __ECOS
 103        else
 104                mtd_unpoint(c->mtd, ofs, len);
 105#endif
 106
 107        if (crc != tn->data_crc) {
 108                JFFS2_NOTICE("wrong data CRC in data node at 0x%08x: read %#08x, calculated %#08x.\n",
 109                             ref_offset(ref), tn->data_crc, crc);
 110                return 1;
 111        }
 112
 113adj_acc:
 114        jeb = &c->blocks[ref->flash_offset / c->sector_size];
 115        len = ref_totlen(c, jeb, ref);
 116        /* If it should be REF_NORMAL, it'll get marked as such when
 117           we build the fragtree, shortly. No need to worry about GC
 118           moving it while it's marked REF_PRISTINE -- GC won't happen
 119           till we've finished checking every inode anyway. */
 120        ref->flash_offset |= REF_PRISTINE;
 121        /*
 122         * Mark the node as having been checked and fix the
 123         * accounting accordingly.
 124         */
 125        spin_lock(&c->erase_completion_lock);
 126        jeb->used_size += len;
 127        jeb->unchecked_size -= len;
 128        c->used_size += len;
 129        c->unchecked_size -= len;
 130        jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
 131        spin_unlock(&c->erase_completion_lock);
 132
 133        return 0;
 134
 135free_out:
 136        if(!pointed)
 137                kfree(buffer);
 138#ifndef __ECOS
 139        else
 140                mtd_unpoint(c->mtd, ofs, len);
 141#endif
 142        return err;
 143}
 144
 145/*
 146 * Helper function for jffs2_add_older_frag_to_fragtree().
 147 *
 148 * Checks the node if we are in the checking stage.
 149 */
 150static int check_tn_node(struct jffs2_sb_info *c, struct jffs2_tmp_dnode_info *tn)
 151{
 152        int ret;
 153
 154        BUG_ON(ref_obsolete(tn->fn->raw));
 155
 156        /* We only check the data CRC of unchecked nodes */
 157        if (ref_flags(tn->fn->raw) != REF_UNCHECKED)
 158                return 0;
 159
 160        dbg_readinode("check node %#04x-%#04x, phys offs %#08x\n",
 161                      tn->fn->ofs, tn->fn->ofs + tn->fn->size, ref_offset(tn->fn->raw));
 162
 163        ret = check_node_data(c, tn);
 164        if (unlikely(ret < 0)) {
 165                JFFS2_ERROR("check_node_data() returned error: %d.\n",
 166                        ret);
 167        } else if (unlikely(ret > 0)) {
 168                dbg_readinode("CRC error, mark it obsolete.\n");
 169                jffs2_mark_node_obsolete(c, tn->fn->raw);
 170        }
 171
 172        return ret;
 173}
 174
 175static struct jffs2_tmp_dnode_info *jffs2_lookup_tn(struct rb_root *tn_root, uint32_t offset)
 176{
 177        struct rb_node *next;
 178        struct jffs2_tmp_dnode_info *tn = NULL;
 179
 180        dbg_readinode("root %p, offset %d\n", tn_root, offset);
 181
 182        next = tn_root->rb_node;
 183
 184        while (next) {
 185                tn = rb_entry(next, struct jffs2_tmp_dnode_info, rb);
 186
 187                if (tn->fn->ofs < offset)
 188                        next = tn->rb.rb_right;
 189                else if (tn->fn->ofs >= offset)
 190                        next = tn->rb.rb_left;
 191                else
 192                        break;
 193        }
 194
 195        return tn;
 196}
 197
 198
 199static void jffs2_kill_tn(struct jffs2_sb_info *c, struct jffs2_tmp_dnode_info *tn)
 200{
 201        jffs2_mark_node_obsolete(c, tn->fn->raw);
 202        jffs2_free_full_dnode(tn->fn);
 203        jffs2_free_tmp_dnode_info(tn);
 204}
 205/*
 206 * This function is used when we read an inode. Data nodes arrive in
 207 * arbitrary order -- they may be older or newer than the nodes which
 208 * are already in the tree. Where overlaps occur, the older node can
 209 * be discarded as long as the newer passes the CRC check. We don't
 210 * bother to keep track of holes in this rbtree, and neither do we deal
 211 * with frags -- we can have multiple entries starting at the same
 212 * offset, and the one with the smallest length will come first in the
 213 * ordering.
 214 *
 215 * Returns 0 if the node was handled (including marking it obsolete)
 216 *       < 0 an if error occurred
 217 */
 218static int jffs2_add_tn_to_tree(struct jffs2_sb_info *c,
 219                                struct jffs2_readinode_info *rii,
 220                                struct jffs2_tmp_dnode_info *tn)
 221{
 222        uint32_t fn_end = tn->fn->ofs + tn->fn->size;
 223        struct jffs2_tmp_dnode_info *this, *ptn;
 224
 225        dbg_readinode("insert fragment %#04x-%#04x, ver %u at %08x\n", tn->fn->ofs, fn_end, tn->version, ref_offset(tn->fn->raw));
 226
 227        /* If a node has zero dsize, we only have to keep it if it might be the
 228           node with highest version -- i.e. the one which will end up as f->metadata.
 229           Note that such nodes won't be REF_UNCHECKED since there are no data to
 230           check anyway. */
 231        if (!tn->fn->size) {
 232                if (rii->mdata_tn) {
 233                        if (rii->mdata_tn->version < tn->version) {
 234                                /* We had a candidate mdata node already */
 235                                dbg_readinode("kill old mdata with ver %d\n", rii->mdata_tn->version);
 236                                jffs2_kill_tn(c, rii->mdata_tn);
 237                        } else {
 238                                dbg_readinode("kill new mdata with ver %d (older than existing %d\n",
 239                                              tn->version, rii->mdata_tn->version);
 240                                jffs2_kill_tn(c, tn);
 241                                return 0;
 242                        }
 243                }
 244                rii->mdata_tn = tn;
 245                dbg_readinode("keep new mdata with ver %d\n", tn->version);
 246                return 0;
 247        }
 248
 249        /* Find the earliest node which _may_ be relevant to this one */
 250        this = jffs2_lookup_tn(&rii->tn_root, tn->fn->ofs);
 251        if (this) {
 252                /* If the node is coincident with another at a lower address,
 253                   back up until the other node is found. It may be relevant */
 254                while (this->overlapped) {
 255                        ptn = tn_prev(this);
 256                        if (!ptn) {
 257                                /*
 258                                 * We killed a node which set the overlapped
 259                                 * flags during the scan. Fix it up.
 260                                 */
 261                                this->overlapped = 0;
 262                                break;
 263                        }
 264                        this = ptn;
 265                }
 266                dbg_readinode("'this' found %#04x-%#04x (%s)\n", this->fn->ofs, this->fn->ofs + this->fn->size, this->fn ? "data" : "hole");
 267        }
 268
 269        while (this) {
 270                if (this->fn->ofs > fn_end)
 271                        break;
 272                dbg_readinode("Ponder this ver %d, 0x%x-0x%x\n",
 273                              this->version, this->fn->ofs, this->fn->size);
 274
 275                if (this->version == tn->version) {
 276                        /* Version number collision means REF_PRISTINE GC. Accept either of them
 277                           as long as the CRC is correct. Check the one we have already...  */
 278                        if (!check_tn_node(c, this)) {
 279                                /* The one we already had was OK. Keep it and throw away the new one */
 280                                dbg_readinode("Like old node. Throw away new\n");
 281                                jffs2_kill_tn(c, tn);
 282                                return 0;
 283                        } else {
 284                                /* Who cares if the new one is good; keep it for now anyway. */
 285                                dbg_readinode("Like new node. Throw away old\n");
 286                                rb_replace_node(&this->rb, &tn->rb, &rii->tn_root);
 287                                jffs2_kill_tn(c, this);
 288                                /* Same overlapping from in front and behind */
 289                                return 0;
 290                        }
 291                }
 292                if (this->version < tn->version &&
 293                    this->fn->ofs >= tn->fn->ofs &&
 294                    this->fn->ofs + this->fn->size <= fn_end) {
 295                        /* New node entirely overlaps 'this' */
 296                        if (check_tn_node(c, tn)) {
 297                                dbg_readinode("new node bad CRC\n");
 298                                jffs2_kill_tn(c, tn);
 299                                return 0;
 300                        }
 301                        /* ... and is good. Kill 'this' and any subsequent nodes which are also overlapped */
 302                        while (this && this->fn->ofs + this->fn->size <= fn_end) {
 303                                struct jffs2_tmp_dnode_info *next = tn_next(this);
 304                                if (this->version < tn->version) {
 305                                        tn_erase(this, &rii->tn_root);
 306                                        dbg_readinode("Kill overlapped ver %d, 0x%x-0x%x\n",
 307                                                      this->version, this->fn->ofs,
 308                                                      this->fn->ofs+this->fn->size);
 309                                        jffs2_kill_tn(c, this);
 310                                }
 311                                this = next;
 312                        }
 313                        dbg_readinode("Done killing overlapped nodes\n");
 314                        continue;
 315                }
 316                if (this->version > tn->version &&
 317                    this->fn->ofs <= tn->fn->ofs &&
 318                    this->fn->ofs+this->fn->size >= fn_end) {
 319                        /* New node entirely overlapped by 'this' */
 320                        if (!check_tn_node(c, this)) {
 321                                dbg_readinode("Good CRC on old node. Kill new\n");
 322                                jffs2_kill_tn(c, tn);
 323                                return 0;
 324                        }
 325                        /* ... but 'this' was bad. Replace it... */
 326                        dbg_readinode("Bad CRC on old overlapping node. Kill it\n");
 327                        tn_erase(this, &rii->tn_root);
 328                        jffs2_kill_tn(c, this);
 329                        break;
 330                }
 331
 332                this = tn_next(this);
 333        }
 334
 335        /* We neither completely obsoleted nor were completely
 336           obsoleted by an earlier node. Insert into the tree */
 337        {
 338                struct rb_node *parent;
 339                struct rb_node **link = &rii->tn_root.rb_node;
 340                struct jffs2_tmp_dnode_info *insert_point = NULL;
 341
 342                while (*link) {
 343                        parent = *link;
 344                        insert_point = rb_entry(parent, struct jffs2_tmp_dnode_info, rb);
 345                        if (tn->fn->ofs > insert_point->fn->ofs)
 346                                link = &insert_point->rb.rb_right;
 347                        else if (tn->fn->ofs < insert_point->fn->ofs ||
 348                                 tn->fn->size < insert_point->fn->size)
 349                                link = &insert_point->rb.rb_left;
 350                        else
 351                                link = &insert_point->rb.rb_right;
 352                }
 353                rb_link_node(&tn->rb, &insert_point->rb, link);
 354                rb_insert_color(&tn->rb, &rii->tn_root);
 355        }
 356
 357        /* If there's anything behind that overlaps us, note it */
 358        this = tn_prev(tn);
 359        if (this) {
 360                while (1) {
 361                        if (this->fn->ofs + this->fn->size > tn->fn->ofs) {
 362                                dbg_readinode("Node is overlapped by %p (v %d, 0x%x-0x%x)\n",
 363                                              this, this->version, this->fn->ofs,
 364                                              this->fn->ofs+this->fn->size);
 365                                tn->overlapped = 1;
 366                                break;
 367                        }
 368                        if (!this->overlapped)
 369                                break;
 370
 371                        ptn = tn_prev(this);
 372                        if (!ptn) {
 373                                /*
 374                                 * We killed a node which set the overlapped
 375                                 * flags during the scan. Fix it up.
 376                                 */
 377                                this->overlapped = 0;
 378                                break;
 379                        }
 380                        this = ptn;
 381                }
 382        }
 383
 384        /* If the new node overlaps anything ahead, note it */
 385        this = tn_next(tn);
 386        while (this && this->fn->ofs < fn_end) {
 387                this->overlapped = 1;
 388                dbg_readinode("Node ver %d, 0x%x-0x%x is overlapped\n",
 389                              this->version, this->fn->ofs,
 390                              this->fn->ofs+this->fn->size);
 391                this = tn_next(this);
 392        }
 393        return 0;
 394}
 395
 396/* Trivial function to remove the last node in the tree. Which by definition
 397   has no right-hand child — so can be removed just by making its left-hand
 398   child (if any) take its place under its parent. Since this is only done
 399   when we're consuming the whole tree, there's no need to use rb_erase()
 400   and let it worry about adjusting colours and balancing the tree. That
 401   would just be a waste of time. */
 402static void eat_last(struct rb_root *root, struct rb_node *node)
 403{
 404        struct rb_node *parent = rb_parent(node);
 405        struct rb_node **link;
 406
 407        /* LAST! */
 408        BUG_ON(node->rb_right);
 409
 410        if (!parent)
 411                link = &root->rb_node;
 412        else if (node == parent->rb_left)
 413                link = &parent->rb_left;
 414        else
 415                link = &parent->rb_right;
 416
 417        *link = node->rb_left;
 418        if (node->rb_left)
 419                node->rb_left->__rb_parent_color = node->__rb_parent_color;
 420}
 421
 422/* We put the version tree in reverse order, so we can use the same eat_last()
 423   function that we use to consume the tmpnode tree (tn_root). */
 424static void ver_insert(struct rb_root *ver_root, struct jffs2_tmp_dnode_info *tn)
 425{
 426        struct rb_node **link = &ver_root->rb_node;
 427        struct rb_node *parent = NULL;
 428        struct jffs2_tmp_dnode_info *this_tn;
 429
 430        while (*link) {
 431                parent = *link;
 432                this_tn = rb_entry(parent, struct jffs2_tmp_dnode_info, rb);
 433
 434                if (tn->version > this_tn->version)
 435                        link = &parent->rb_left;
 436                else
 437                        link = &parent->rb_right;
 438        }
 439        dbg_readinode("Link new node at %p (root is %p)\n", link, ver_root);
 440        rb_link_node(&tn->rb, parent, link);
 441        rb_insert_color(&tn->rb, ver_root);
 442}
 443
 444/* Build final, normal fragtree from tn tree. It doesn't matter which order
 445   we add nodes to the real fragtree, as long as they don't overlap. And
 446   having thrown away the majority of overlapped nodes as we went, there
 447   really shouldn't be many sets of nodes which do overlap. If we start at
 448   the end, we can use the overlap markers -- we can just eat nodes which
 449   aren't overlapped, and when we encounter nodes which _do_ overlap we
 450   sort them all into a temporary tree in version order before replaying them. */
 451static int jffs2_build_inode_fragtree(struct jffs2_sb_info *c,
 452                                      struct jffs2_inode_info *f,
 453                                      struct jffs2_readinode_info *rii)
 454{
 455        struct jffs2_tmp_dnode_info *pen, *last, *this;
 456        struct rb_root ver_root = RB_ROOT;
 457        uint32_t high_ver = 0;
 458
 459        if (rii->mdata_tn) {
 460                dbg_readinode("potential mdata is ver %d at %p\n", rii->mdata_tn->version, rii->mdata_tn);
 461                high_ver = rii->mdata_tn->version;
 462                rii->latest_ref = rii->mdata_tn->fn->raw;
 463        }
 464#ifdef JFFS2_DBG_READINODE_MESSAGES
 465        this = tn_last(&rii->tn_root);
 466        while (this) {
 467                dbg_readinode("tn %p ver %d range 0x%x-0x%x ov %d\n", this, this->version, this->fn->ofs,
 468                              this->fn->ofs+this->fn->size, this->overlapped);
 469                this = tn_prev(this);
 470        }
 471#endif
 472        pen = tn_last(&rii->tn_root);
 473        while ((last = pen)) {
 474                pen = tn_prev(last);
 475
 476                eat_last(&rii->tn_root, &last->rb);
 477                ver_insert(&ver_root, last);
 478
 479                if (unlikely(last->overlapped)) {
 480                        if (pen)
 481                                continue;
 482                        /*
 483                         * We killed a node which set the overlapped
 484                         * flags during the scan. Fix it up.
 485                         */
 486                        last->overlapped = 0;
 487                }
 488
 489                /* Now we have a bunch of nodes in reverse version
 490                   order, in the tree at ver_root. Most of the time,
 491                   there'll actually be only one node in the 'tree',
 492                   in fact. */
 493                this = tn_last(&ver_root);
 494
 495                while (this) {
 496                        struct jffs2_tmp_dnode_info *vers_next;
 497                        int ret;
 498                        vers_next = tn_prev(this);
 499                        eat_last(&ver_root, &this->rb);
 500                        if (check_tn_node(c, this)) {
 501                                dbg_readinode("node ver %d, 0x%x-0x%x failed CRC\n",
 502                                             this->version, this->fn->ofs,
 503                                             this->fn->ofs+this->fn->size);
 504                                jffs2_kill_tn(c, this);
 505                        } else {
 506                                if (this->version > high_ver) {
 507                                        /* Note that this is different from the other
 508                                           highest_version, because this one is only
 509                                           counting _valid_ nodes which could give the
 510                                           latest inode metadata */
 511                                        high_ver = this->version;
 512                                        rii->latest_ref = this->fn->raw;
 513                                }
 514                                dbg_readinode("Add %p (v %d, 0x%x-0x%x, ov %d) to fragtree\n",
 515                                             this, this->version, this->fn->ofs,
 516                                             this->fn->ofs+this->fn->size, this->overlapped);
 517
 518                                ret = jffs2_add_full_dnode_to_inode(c, f, this->fn);
 519                                if (ret) {
 520                                        /* Free the nodes in vers_root; let the caller
 521                                           deal with the rest */
 522                                        JFFS2_ERROR("Add node to tree failed %d\n", ret);
 523                                        while (1) {
 524                                                vers_next = tn_prev(this);
 525                                                if (check_tn_node(c, this))
 526                                                        jffs2_mark_node_obsolete(c, this->fn->raw);
 527                                                jffs2_free_full_dnode(this->fn);
 528                                                jffs2_free_tmp_dnode_info(this);
 529                                                this = vers_next;
 530                                                if (!this)
 531                                                        break;
 532                                                eat_last(&ver_root, &vers_next->rb);
 533                                        }
 534                                        return ret;
 535                                }
 536                                jffs2_free_tmp_dnode_info(this);
 537                        }
 538                        this = vers_next;
 539                }
 540        }
 541        return 0;
 542}
 543
 544static void jffs2_free_tmp_dnode_info_list(struct rb_root *list)
 545{
 546        struct jffs2_tmp_dnode_info *tn, *next;
 547
 548        rbtree_postorder_for_each_entry_safe(tn, next, list, rb) {
 549                        jffs2_free_full_dnode(tn->fn);
 550                        jffs2_free_tmp_dnode_info(tn);
 551        }
 552
 553        *list = RB_ROOT;
 554}
 555
 556static void jffs2_free_full_dirent_list(struct jffs2_full_dirent *fd)
 557{
 558        struct jffs2_full_dirent *next;
 559
 560        while (fd) {
 561                next = fd->next;
 562                jffs2_free_full_dirent(fd);
 563                fd = next;
 564        }
 565}
 566
 567/* Returns first valid node after 'ref'. May return 'ref' */
 568static struct jffs2_raw_node_ref *jffs2_first_valid_node(struct jffs2_raw_node_ref *ref)
 569{
 570        while (ref && ref->next_in_ino) {
 571                if (!ref_obsolete(ref))
 572                        return ref;
 573                dbg_noderef("node at 0x%08x is obsoleted. Ignoring.\n", ref_offset(ref));
 574                ref = ref->next_in_ino;
 575        }
 576        return NULL;
 577}
 578
 579/*
 580 * Helper function for jffs2_get_inode_nodes().
 581 * It is called every time an directory entry node is found.
 582 *
 583 * Returns: 0 on success;
 584 *          negative error code on failure.
 585 */
 586static inline int read_direntry(struct jffs2_sb_info *c, struct jffs2_raw_node_ref *ref,
 587                                struct jffs2_raw_dirent *rd, size_t read,
 588                                struct jffs2_readinode_info *rii)
 589{
 590        struct jffs2_full_dirent *fd;
 591        uint32_t crc;
 592
 593        /* Obsoleted. This cannot happen, surely? dwmw2 20020308 */
 594        BUG_ON(ref_obsolete(ref));
 595
 596        crc = crc32(0, rd, sizeof(*rd) - 8);
 597        if (unlikely(crc != je32_to_cpu(rd->node_crc))) {
 598                JFFS2_NOTICE("header CRC failed on dirent node at %#08x: read %#08x, calculated %#08x\n",
 599                             ref_offset(ref), je32_to_cpu(rd->node_crc), crc);
 600                jffs2_mark_node_obsolete(c, ref);
 601                return 0;
 602        }
 603
 604        /* If we've never checked the CRCs on this node, check them now */
 605        if (ref_flags(ref) == REF_UNCHECKED) {
 606                struct jffs2_eraseblock *jeb;
 607                int len;
 608
 609                /* Sanity check */
 610                if (unlikely(PAD((rd->nsize + sizeof(*rd))) != PAD(je32_to_cpu(rd->totlen)))) {
 611                        JFFS2_ERROR("illegal nsize in node at %#08x: nsize %#02x, totlen %#04x\n",
 612                                    ref_offset(ref), rd->nsize, je32_to_cpu(rd->totlen));
 613                        jffs2_mark_node_obsolete(c, ref);
 614                        return 0;
 615                }
 616
 617                jeb = &c->blocks[ref->flash_offset / c->sector_size];
 618                len = ref_totlen(c, jeb, ref);
 619
 620                spin_lock(&c->erase_completion_lock);
 621                jeb->used_size += len;
 622                jeb->unchecked_size -= len;
 623                c->used_size += len;
 624                c->unchecked_size -= len;
 625                ref->flash_offset = ref_offset(ref) | dirent_node_state(rd);
 626                spin_unlock(&c->erase_completion_lock);
 627        }
 628
 629        fd = jffs2_alloc_full_dirent(rd->nsize + 1);
 630        if (unlikely(!fd))
 631                return -ENOMEM;
 632
 633        fd->raw = ref;
 634        fd->version = je32_to_cpu(rd->version);
 635        fd->ino = je32_to_cpu(rd->ino);
 636        fd->type = rd->type;
 637
 638        if (fd->version > rii->highest_version)
 639                rii->highest_version = fd->version;
 640
 641        /* Pick out the mctime of the latest dirent */
 642        if(fd->version > rii->mctime_ver && je32_to_cpu(rd->mctime)) {
 643                rii->mctime_ver = fd->version;
 644                rii->latest_mctime = je32_to_cpu(rd->mctime);
 645        }
 646
 647        /*
 648         * Copy as much of the name as possible from the raw
 649         * dirent we've already read from the flash.
 650         */
 651        if (read > sizeof(*rd))
 652                memcpy(&fd->name[0], &rd->name[0],
 653                       min_t(uint32_t, rd->nsize, (read - sizeof(*rd)) ));
 654
 655        /* Do we need to copy any more of the name directly from the flash? */
 656        if (rd->nsize + sizeof(*rd) > read) {
 657                /* FIXME: point() */
 658                int err;
 659                int already = read - sizeof(*rd);
 660
 661                err = jffs2_flash_read(c, (ref_offset(ref)) + read,
 662                                rd->nsize - already, &read, &fd->name[already]);
 663                if (unlikely(read != rd->nsize - already) && likely(!err)) {
 664                        jffs2_free_full_dirent(fd);
 665                        JFFS2_ERROR("short read: wanted %d bytes, got %zd\n",
 666                                    rd->nsize - already, read);
 667                        return -EIO;
 668                }
 669
 670                if (unlikely(err)) {
 671                        JFFS2_ERROR("read remainder of name: error %d\n", err);
 672                        jffs2_free_full_dirent(fd);
 673                        return -EIO;
 674                }
 675        }
 676
 677        fd->nhash = full_name_hash(NULL, fd->name, rd->nsize);
 678        fd->next = NULL;
 679        fd->name[rd->nsize] = '\0';
 680
 681        /*
 682         * Wheee. We now have a complete jffs2_full_dirent structure, with
 683         * the name in it and everything. Link it into the list
 684         */
 685        jffs2_add_fd_to_list(c, fd, &rii->fds);
 686
 687        return 0;
 688}
 689
 690/*
 691 * Helper function for jffs2_get_inode_nodes().
 692 * It is called every time an inode node is found.
 693 *
 694 * Returns: 0 on success (possibly after marking a bad node obsolete);
 695 *          negative error code on failure.
 696 */
 697static inline int read_dnode(struct jffs2_sb_info *c, struct jffs2_raw_node_ref *ref,
 698                             struct jffs2_raw_inode *rd, int rdlen,
 699                             struct jffs2_readinode_info *rii)
 700{
 701        struct jffs2_tmp_dnode_info *tn;
 702        uint32_t len, csize;
 703        int ret = 0;
 704        uint32_t crc;
 705
 706        /* Obsoleted. This cannot happen, surely? dwmw2 20020308 */
 707        BUG_ON(ref_obsolete(ref));
 708
 709        crc = crc32(0, rd, sizeof(*rd) - 8);
 710        if (unlikely(crc != je32_to_cpu(rd->node_crc))) {
 711                JFFS2_NOTICE("node CRC failed on dnode at %#08x: read %#08x, calculated %#08x\n",
 712                             ref_offset(ref), je32_to_cpu(rd->node_crc), crc);
 713                jffs2_mark_node_obsolete(c, ref);
 714                return 0;
 715        }
 716
 717        tn = jffs2_alloc_tmp_dnode_info();
 718        if (!tn) {
 719                JFFS2_ERROR("failed to allocate tn (%zu bytes).\n", sizeof(*tn));
 720                return -ENOMEM;
 721        }
 722
 723        tn->partial_crc = 0;
 724        csize = je32_to_cpu(rd->csize);
 725
 726        /* If we've never checked the CRCs on this node, check them now */
 727        if (ref_flags(ref) == REF_UNCHECKED) {
 728
 729                /* Sanity checks */
 730                if (unlikely(je32_to_cpu(rd->offset) > je32_to_cpu(rd->isize)) ||
 731                    unlikely(PAD(je32_to_cpu(rd->csize) + sizeof(*rd)) != PAD(je32_to_cpu(rd->totlen)))) {
 732                        JFFS2_WARNING("inode node header CRC is corrupted at %#08x\n", ref_offset(ref));
 733                        jffs2_dbg_dump_node(c, ref_offset(ref));
 734                        jffs2_mark_node_obsolete(c, ref);
 735                        goto free_out;
 736                }
 737
 738                if (jffs2_is_writebuffered(c) && csize != 0) {
 739                        /* At this point we are supposed to check the data CRC
 740                         * of our unchecked node. But thus far, we do not
 741                         * know whether the node is valid or obsolete. To
 742                         * figure this out, we need to walk all the nodes of
 743                         * the inode and build the inode fragtree. We don't
 744                         * want to spend time checking data of nodes which may
 745                         * later be found to be obsolete. So we put off the full
 746                         * data CRC checking until we have read all the inode
 747                         * nodes and have started building the fragtree.
 748                         *
 749                         * The fragtree is being built starting with nodes
 750                         * having the highest version number, so we'll be able
 751                         * to detect whether a node is valid (i.e., it is not
 752                         * overlapped by a node with higher version) or not.
 753                         * And we'll be able to check only those nodes, which
 754                         * are not obsolete.
 755                         *
 756                         * Of course, this optimization only makes sense in case
 757                         * of NAND flashes (or other flashes with
 758                         * !jffs2_can_mark_obsolete()), since on NOR flashes
 759                         * nodes are marked obsolete physically.
 760                         *
 761                         * Since NAND flashes (or other flashes with
 762                         * jffs2_is_writebuffered(c)) are anyway read by
 763                         * fractions of c->wbuf_pagesize, and we have just read
 764                         * the node header, it is likely that the starting part
 765                         * of the node data is also read when we read the
 766                         * header. So we don't mind to check the CRC of the
 767                         * starting part of the data of the node now, and check
 768                         * the second part later (in jffs2_check_node_data()).
 769                         * Of course, we will not need to re-read and re-check
 770                         * the NAND page which we have just read. This is why we
 771                         * read the whole NAND page at jffs2_get_inode_nodes(),
 772                         * while we needed only the node header.
 773                         */
 774                        unsigned char *buf;
 775
 776                        /* 'buf' will point to the start of data */
 777                        buf = (unsigned char *)rd + sizeof(*rd);
 778                        /* len will be the read data length */
 779                        len = min_t(uint32_t, rdlen - sizeof(*rd), csize);
 780                        tn->partial_crc = crc32(0, buf, len);
 781
 782                        dbg_readinode("Calculates CRC (%#08x) for %d bytes, csize %d\n", tn->partial_crc, len, csize);
 783
 784                        /* If we actually calculated the whole data CRC
 785                         * and it is wrong, drop the node. */
 786                        if (len >= csize && unlikely(tn->partial_crc != je32_to_cpu(rd->data_crc))) {
 787                                JFFS2_NOTICE("wrong data CRC in data node at 0x%08x: read %#08x, calculated %#08x.\n",
 788                                        ref_offset(ref), tn->partial_crc, je32_to_cpu(rd->data_crc));
 789                                jffs2_mark_node_obsolete(c, ref);
 790                                goto free_out;
 791                        }
 792
 793                } else if (csize == 0) {
 794                        /*
 795                         * We checked the header CRC. If the node has no data, adjust
 796                         * the space accounting now. For other nodes this will be done
 797                         * later either when the node is marked obsolete or when its
 798                         * data is checked.
 799                         */
 800                        struct jffs2_eraseblock *jeb;
 801
 802                        dbg_readinode("the node has no data.\n");
 803                        jeb = &c->blocks[ref->flash_offset / c->sector_size];
 804                        len = ref_totlen(c, jeb, ref);
 805
 806                        spin_lock(&c->erase_completion_lock);
 807                        jeb->used_size += len;
 808                        jeb->unchecked_size -= len;
 809                        c->used_size += len;
 810                        c->unchecked_size -= len;
 811                        ref->flash_offset = ref_offset(ref) | REF_NORMAL;
 812                        spin_unlock(&c->erase_completion_lock);
 813                }
 814        }
 815
 816        tn->fn = jffs2_alloc_full_dnode();
 817        if (!tn->fn) {
 818                JFFS2_ERROR("alloc fn failed\n");
 819                ret = -ENOMEM;
 820                goto free_out;
 821        }
 822
 823        tn->version = je32_to_cpu(rd->version);
 824        tn->fn->ofs = je32_to_cpu(rd->offset);
 825        tn->data_crc = je32_to_cpu(rd->data_crc);
 826        tn->csize = csize;
 827        tn->fn->raw = ref;
 828        tn->overlapped = 0;
 829
 830        if (tn->version > rii->highest_version)
 831                rii->highest_version = tn->version;
 832
 833        /* There was a bug where we wrote hole nodes out with
 834           csize/dsize swapped. Deal with it */
 835        if (rd->compr == JFFS2_COMPR_ZERO && !je32_to_cpu(rd->dsize) && csize)
 836                tn->fn->size = csize;
 837        else // normal case...
 838                tn->fn->size = je32_to_cpu(rd->dsize);
 839
 840        dbg_readinode2("dnode @%08x: ver %u, offset %#04x, dsize %#04x, csize %#04x\n",
 841                       ref_offset(ref), je32_to_cpu(rd->version),
 842                       je32_to_cpu(rd->offset), je32_to_cpu(rd->dsize), csize);
 843
 844        ret = jffs2_add_tn_to_tree(c, rii, tn);
 845
 846        if (ret) {
 847                jffs2_free_full_dnode(tn->fn);
 848        free_out:
 849                jffs2_free_tmp_dnode_info(tn);
 850                return ret;
 851        }
 852#ifdef JFFS2_DBG_READINODE2_MESSAGES
 853        dbg_readinode2("After adding ver %d:\n", je32_to_cpu(rd->version));
 854        tn = tn_first(&rii->tn_root);
 855        while (tn) {
 856                dbg_readinode2("%p: v %d r 0x%x-0x%x ov %d\n",
 857                               tn, tn->version, tn->fn->ofs,
 858                               tn->fn->ofs+tn->fn->size, tn->overlapped);
 859                tn = tn_next(tn);
 860        }
 861#endif
 862        return 0;
 863}
 864
 865/*
 866 * Helper function for jffs2_get_inode_nodes().
 867 * It is called every time an unknown node is found.
 868 *
 869 * Returns: 0 on success;
 870 *          negative error code on failure.
 871 */
 872static inline int read_unknown(struct jffs2_sb_info *c, struct jffs2_raw_node_ref *ref, struct jffs2_unknown_node *un)
 873{
 874        /* We don't mark unknown nodes as REF_UNCHECKED */
 875        if (ref_flags(ref) == REF_UNCHECKED) {
 876                JFFS2_ERROR("REF_UNCHECKED but unknown node at %#08x\n",
 877                            ref_offset(ref));
 878                JFFS2_ERROR("Node is {%04x,%04x,%08x,%08x}. Please report this error.\n",
 879                            je16_to_cpu(un->magic), je16_to_cpu(un->nodetype),
 880                            je32_to_cpu(un->totlen), je32_to_cpu(un->hdr_crc));
 881                jffs2_mark_node_obsolete(c, ref);
 882                return 0;
 883        }
 884
 885        un->nodetype = cpu_to_je16(JFFS2_NODE_ACCURATE | je16_to_cpu(un->nodetype));
 886
 887        switch(je16_to_cpu(un->nodetype) & JFFS2_COMPAT_MASK) {
 888
 889        case JFFS2_FEATURE_INCOMPAT:
 890                JFFS2_ERROR("unknown INCOMPAT nodetype %#04X at %#08x\n",
 891                            je16_to_cpu(un->nodetype), ref_offset(ref));
 892                /* EEP */
 893                BUG();
 894                break;
 895
 896        case JFFS2_FEATURE_ROCOMPAT:
 897                JFFS2_ERROR("unknown ROCOMPAT nodetype %#04X at %#08x\n",
 898                            je16_to_cpu(un->nodetype), ref_offset(ref));
 899                BUG_ON(!(c->flags & JFFS2_SB_FLAG_RO));
 900                break;
 901
 902        case JFFS2_FEATURE_RWCOMPAT_COPY:
 903                JFFS2_NOTICE("unknown RWCOMPAT_COPY nodetype %#04X at %#08x\n",
 904                             je16_to_cpu(un->nodetype), ref_offset(ref));
 905                break;
 906
 907        case JFFS2_FEATURE_RWCOMPAT_DELETE:
 908                JFFS2_NOTICE("unknown RWCOMPAT_DELETE nodetype %#04X at %#08x\n",
 909                             je16_to_cpu(un->nodetype), ref_offset(ref));
 910                jffs2_mark_node_obsolete(c, ref);
 911                return 0;
 912        }
 913
 914        return 0;
 915}
 916
 917/*
 918 * Helper function for jffs2_get_inode_nodes().
 919 * The function detects whether more data should be read and reads it if yes.
 920 *
 921 * Returns: 0 on success;
 922 *          negative error code on failure.
 923 */
 924static int read_more(struct jffs2_sb_info *c, struct jffs2_raw_node_ref *ref,
 925                     int needed_len, int *rdlen, unsigned char *buf)
 926{
 927        int err, to_read = needed_len - *rdlen;
 928        size_t retlen;
 929        uint32_t offs;
 930
 931        if (jffs2_is_writebuffered(c)) {
 932                int rem = to_read % c->wbuf_pagesize;
 933
 934                if (rem)
 935                        to_read += c->wbuf_pagesize - rem;
 936        }
 937
 938        /* We need to read more data */
 939        offs = ref_offset(ref) + *rdlen;
 940
 941        dbg_readinode("read more %d bytes\n", to_read);
 942
 943        err = jffs2_flash_read(c, offs, to_read, &retlen, buf + *rdlen);
 944        if (err) {
 945                JFFS2_ERROR("can not read %d bytes from 0x%08x, "
 946                        "error code: %d.\n", to_read, offs, err);
 947                return err;
 948        }
 949
 950        if (retlen < to_read) {
 951                JFFS2_ERROR("short read at %#08x: %zu instead of %d.\n",
 952                                offs, retlen, to_read);
 953                return -EIO;
 954        }
 955
 956        *rdlen += to_read;
 957        return 0;
 958}
 959
 960/* Get tmp_dnode_info and full_dirent for all non-obsolete nodes associated
 961   with this ino. Perform a preliminary ordering on data nodes, throwing away
 962   those which are completely obsoleted by newer ones. The naïve approach we
 963   use to take of just returning them _all_ in version order will cause us to
 964   run out of memory in certain degenerate cases. */
 965static int jffs2_get_inode_nodes(struct jffs2_sb_info *c, struct jffs2_inode_info *f,
 966                                 struct jffs2_readinode_info *rii)
 967{
 968        struct jffs2_raw_node_ref *ref, *valid_ref;
 969        unsigned char *buf = NULL;
 970        union jffs2_node_union *node;
 971        size_t retlen;
 972        int len, err;
 973
 974        rii->mctime_ver = 0;
 975
 976        dbg_readinode("ino #%u\n", f->inocache->ino);
 977
 978        /* FIXME: in case of NOR and available ->point() this
 979         * needs to be fixed. */
 980        len = sizeof(union jffs2_node_union) + c->wbuf_pagesize;
 981        buf = kmalloc(len, GFP_KERNEL);
 982        if (!buf)
 983                return -ENOMEM;
 984
 985        spin_lock(&c->erase_completion_lock);
 986        valid_ref = jffs2_first_valid_node(f->inocache->nodes);
 987        if (!valid_ref && f->inocache->ino != 1)
 988                JFFS2_WARNING("Eep. No valid nodes for ino #%u.\n", f->inocache->ino);
 989        while (valid_ref) {
 990                /* We can hold a pointer to a non-obsolete node without the spinlock,
 991                   but _obsolete_ nodes may disappear at any time, if the block
 992                   they're in gets erased. So if we mark 'ref' obsolete while we're
 993                   not holding the lock, it can go away immediately. For that reason,
 994                   we find the next valid node first, before processing 'ref'.
 995                */
 996                ref = valid_ref;
 997                valid_ref = jffs2_first_valid_node(ref->next_in_ino);
 998                spin_unlock(&c->erase_completion_lock);
 999
1000                cond_resched();
1001
1002                /*
1003                 * At this point we don't know the type of the node we're going
1004                 * to read, so we do not know the size of its header. In order
1005                 * to minimize the amount of flash IO we assume the header is
1006                 * of size = JFFS2_MIN_NODE_HEADER.
1007                 */
1008                len = JFFS2_MIN_NODE_HEADER;
1009                if (jffs2_is_writebuffered(c)) {
1010                        int end, rem;
1011
1012                        /*
1013                         * We are about to read JFFS2_MIN_NODE_HEADER bytes,
1014                         * but this flash has some minimal I/O unit. It is
1015                         * possible that we'll need to read more soon, so read
1016                         * up to the next min. I/O unit, in order not to
1017                         * re-read the same min. I/O unit twice.
1018                         */
1019                        end = ref_offset(ref) + len;
1020                        rem = end % c->wbuf_pagesize;
1021                        if (rem)
1022                                end += c->wbuf_pagesize - rem;
1023                        len = end - ref_offset(ref);
1024                }
1025
1026                dbg_readinode("read %d bytes at %#08x(%d).\n", len, ref_offset(ref), ref_flags(ref));
1027
1028                /* FIXME: point() */
1029                err = jffs2_flash_read(c, ref_offset(ref), len, &retlen, buf);
1030                if (err) {
1031                        JFFS2_ERROR("can not read %d bytes from 0x%08x, error code: %d.\n", len, ref_offset(ref), err);
1032                        goto free_out;
1033                }
1034
1035                if (retlen < len) {
1036                        JFFS2_ERROR("short read at %#08x: %zu instead of %d.\n", ref_offset(ref), retlen, len);
1037                        err = -EIO;
1038                        goto free_out;
1039                }
1040
1041                node = (union jffs2_node_union *)buf;
1042
1043                /* No need to mask in the valid bit; it shouldn't be invalid */
1044                if (je32_to_cpu(node->u.hdr_crc) != crc32(0, node, sizeof(node->u)-4)) {
1045                        JFFS2_NOTICE("Node header CRC failed at %#08x. {%04x,%04x,%08x,%08x}\n",
1046                                     ref_offset(ref), je16_to_cpu(node->u.magic),
1047                                     je16_to_cpu(node->u.nodetype),
1048                                     je32_to_cpu(node->u.totlen),
1049                                     je32_to_cpu(node->u.hdr_crc));
1050                        jffs2_dbg_dump_node(c, ref_offset(ref));
1051                        jffs2_mark_node_obsolete(c, ref);
1052                        goto cont;
1053                }
1054                if (je16_to_cpu(node->u.magic) != JFFS2_MAGIC_BITMASK) {
1055                        /* Not a JFFS2 node, whinge and move on */
1056                        JFFS2_NOTICE("Wrong magic bitmask 0x%04x in node header at %#08x.\n",
1057                                     je16_to_cpu(node->u.magic), ref_offset(ref));
1058                        jffs2_mark_node_obsolete(c, ref);
1059                        goto cont;
1060                }
1061
1062                switch (je16_to_cpu(node->u.nodetype)) {
1063
1064                case JFFS2_NODETYPE_DIRENT:
1065
1066                        if (JFFS2_MIN_NODE_HEADER < sizeof(struct jffs2_raw_dirent) &&
1067                            len < sizeof(struct jffs2_raw_dirent)) {
1068                                err = read_more(c, ref, sizeof(struct jffs2_raw_dirent), &len, buf);
1069                                if (unlikely(err))
1070                                        goto free_out;
1071                        }
1072
1073                        err = read_direntry(c, ref, &node->d, retlen, rii);
1074                        if (unlikely(err))
1075                                goto free_out;
1076
1077                        break;
1078
1079                case JFFS2_NODETYPE_INODE:
1080
1081                        if (JFFS2_MIN_NODE_HEADER < sizeof(struct jffs2_raw_inode) &&
1082                            len < sizeof(struct jffs2_raw_inode)) {
1083                                err = read_more(c, ref, sizeof(struct jffs2_raw_inode), &len, buf);
1084                                if (unlikely(err))
1085                                        goto free_out;
1086                        }
1087
1088                        err = read_dnode(c, ref, &node->i, len, rii);
1089                        if (unlikely(err))
1090                                goto free_out;
1091
1092                        break;
1093
1094                default:
1095                        if (JFFS2_MIN_NODE_HEADER < sizeof(struct jffs2_unknown_node) &&
1096                            len < sizeof(struct jffs2_unknown_node)) {
1097                                err = read_more(c, ref, sizeof(struct jffs2_unknown_node), &len, buf);
1098                                if (unlikely(err))
1099                                        goto free_out;
1100                        }
1101
1102                        err = read_unknown(c, ref, &node->u);
1103                        if (unlikely(err))
1104                                goto free_out;
1105
1106                }
1107        cont:
1108                spin_lock(&c->erase_completion_lock);
1109        }
1110
1111        spin_unlock(&c->erase_completion_lock);
1112        kfree(buf);
1113
1114        f->highest_version = rii->highest_version;
1115
1116        dbg_readinode("nodes of inode #%u were read, the highest version is %u, latest_mctime %u, mctime_ver %u.\n",
1117                      f->inocache->ino, rii->highest_version, rii->latest_mctime,
1118                      rii->mctime_ver);
1119        return 0;
1120
1121 free_out:
1122        jffs2_free_tmp_dnode_info_list(&rii->tn_root);
1123        jffs2_free_full_dirent_list(rii->fds);
1124        rii->fds = NULL;
1125        kfree(buf);
1126        return err;
1127}
1128
1129static int jffs2_do_read_inode_internal(struct jffs2_sb_info *c,
1130                                        struct jffs2_inode_info *f,
1131                                        struct jffs2_raw_inode *latest_node)
1132{
1133        struct jffs2_readinode_info rii;
1134        uint32_t crc, new_size;
1135        size_t retlen;
1136        int ret;
1137
1138        dbg_readinode("ino #%u pino/nlink is %d\n", f->inocache->ino,
1139                      f->inocache->pino_nlink);
1140
1141        memset(&rii, 0, sizeof(rii));
1142
1143        /* Grab all nodes relevant to this ino */
1144        ret = jffs2_get_inode_nodes(c, f, &rii);
1145
1146        if (ret) {
1147                JFFS2_ERROR("cannot read nodes for ino %u, returned error is %d\n", f->inocache->ino, ret);
1148                if (f->inocache->state == INO_STATE_READING)
1149                        jffs2_set_inocache_state(c, f->inocache, INO_STATE_CHECKEDABSENT);
1150                return ret;
1151        }
1152
1153        ret = jffs2_build_inode_fragtree(c, f, &rii);
1154        if (ret) {
1155                JFFS2_ERROR("Failed to build final fragtree for inode #%u: error %d\n",
1156                            f->inocache->ino, ret);
1157                if (f->inocache->state == INO_STATE_READING)
1158                        jffs2_set_inocache_state(c, f->inocache, INO_STATE_CHECKEDABSENT);
1159                jffs2_free_tmp_dnode_info_list(&rii.tn_root);
1160                /* FIXME: We could at least crc-check them all */
1161                if (rii.mdata_tn) {
1162                        jffs2_free_full_dnode(rii.mdata_tn->fn);
1163                        jffs2_free_tmp_dnode_info(rii.mdata_tn);
1164                        rii.mdata_tn = NULL;
1165                }
1166                return ret;
1167        }
1168
1169        if (rii.mdata_tn) {
1170                if (rii.mdata_tn->fn->raw == rii.latest_ref) {
1171                        f->metadata = rii.mdata_tn->fn;
1172                        jffs2_free_tmp_dnode_info(rii.mdata_tn);
1173                } else {
1174                        jffs2_kill_tn(c, rii.mdata_tn);
1175                }
1176                rii.mdata_tn = NULL;
1177        }
1178
1179        f->dents = rii.fds;
1180
1181        jffs2_dbg_fragtree_paranoia_check_nolock(f);
1182
1183        if (unlikely(!rii.latest_ref)) {
1184                /* No data nodes for this inode. */
1185                if (f->inocache->ino != 1) {
1186                        JFFS2_WARNING("no data nodes found for ino #%u\n", f->inocache->ino);
1187                        if (!rii.fds) {
1188                                if (f->inocache->state == INO_STATE_READING)
1189                                        jffs2_set_inocache_state(c, f->inocache, INO_STATE_CHECKEDABSENT);
1190                                return -EIO;
1191                        }
1192                        JFFS2_NOTICE("but it has children so we fake some modes for it\n");
1193                }
1194                latest_node->mode = cpu_to_jemode(S_IFDIR|S_IRUGO|S_IWUSR|S_IXUGO);
1195                latest_node->version = cpu_to_je32(0);
1196                latest_node->atime = latest_node->ctime = latest_node->mtime = cpu_to_je32(0);
1197                latest_node->isize = cpu_to_je32(0);
1198                latest_node->gid = cpu_to_je16(0);
1199                latest_node->uid = cpu_to_je16(0);
1200                if (f->inocache->state == INO_STATE_READING)
1201                        jffs2_set_inocache_state(c, f->inocache, INO_STATE_PRESENT);
1202                return 0;
1203        }
1204
1205        ret = jffs2_flash_read(c, ref_offset(rii.latest_ref), sizeof(*latest_node), &retlen, (void *)latest_node);
1206        if (ret || retlen != sizeof(*latest_node)) {
1207                JFFS2_ERROR("failed to read from flash: error %d, %zd of %zd bytes read\n",
1208                        ret, retlen, sizeof(*latest_node));
1209                /* FIXME: If this fails, there seems to be a memory leak. Find it. */
1210                return ret ? ret : -EIO;
1211        }
1212
1213        crc = crc32(0, latest_node, sizeof(*latest_node)-8);
1214        if (crc != je32_to_cpu(latest_node->node_crc)) {
1215                JFFS2_ERROR("CRC failed for read_inode of inode %u at physical location 0x%x\n",
1216                        f->inocache->ino, ref_offset(rii.latest_ref));
1217                return -EIO;
1218        }
1219
1220        switch(jemode_to_cpu(latest_node->mode) & S_IFMT) {
1221        case S_IFDIR:
1222                if (rii.mctime_ver > je32_to_cpu(latest_node->version)) {
1223                        /* The times in the latest_node are actually older than
1224                           mctime in the latest dirent. Cheat. */
1225                        latest_node->ctime = latest_node->mtime = cpu_to_je32(rii.latest_mctime);
1226                }
1227                break;
1228
1229
1230        case S_IFREG:
1231                /* If it was a regular file, truncate it to the latest node's isize */
1232                new_size = jffs2_truncate_fragtree(c, &f->fragtree, je32_to_cpu(latest_node->isize));
1233                if (new_size != je32_to_cpu(latest_node->isize)) {
1234                        JFFS2_WARNING("Truncating ino #%u to %d bytes failed because it only had %d bytes to start with!\n",
1235                                      f->inocache->ino, je32_to_cpu(latest_node->isize), new_size);
1236                        latest_node->isize = cpu_to_je32(new_size);
1237                }
1238                break;
1239
1240        case S_IFLNK:
1241                /* Hack to work around broken isize in old symlink code.
1242                   Remove this when dwmw2 comes to his senses and stops
1243                   symlinks from being an entirely gratuitous special
1244                   case. */
1245                if (!je32_to_cpu(latest_node->isize))
1246                        latest_node->isize = latest_node->dsize;
1247
1248                if (f->inocache->state != INO_STATE_CHECKING) {
1249                        /* Symlink's inode data is the target path. Read it and
1250                         * keep in RAM to facilitate quick follow symlink
1251                         * operation. */
1252                        uint32_t csize = je32_to_cpu(latest_node->csize);
1253                        if (csize > JFFS2_MAX_NAME_LEN)
1254                                return -ENAMETOOLONG;
1255                        f->target = kmalloc(csize + 1, GFP_KERNEL);
1256                        if (!f->target) {
1257                                JFFS2_ERROR("can't allocate %u bytes of memory for the symlink target path cache\n", csize);
1258                                return -ENOMEM;
1259                        }
1260
1261                        ret = jffs2_flash_read(c, ref_offset(rii.latest_ref) + sizeof(*latest_node),
1262                                               csize, &retlen, (char *)f->target);
1263
1264                        if (ret || retlen != csize) {
1265                                if (retlen != csize)
1266                                        ret = -EIO;
1267                                kfree(f->target);
1268                                f->target = NULL;
1269                                return ret;
1270                        }
1271
1272                        f->target[csize] = '\0';
1273                        dbg_readinode("symlink's target '%s' cached\n", f->target);
1274                }
1275
1276                /* fall through... */
1277
1278        case S_IFBLK:
1279        case S_IFCHR:
1280                /* Certain inode types should have only one data node, and it's
1281                   kept as the metadata node */
1282                if (f->metadata) {
1283                        JFFS2_ERROR("Argh. Special inode #%u with mode 0%o had metadata node\n",
1284                               f->inocache->ino, jemode_to_cpu(latest_node->mode));
1285                        return -EIO;
1286                }
1287                if (!frag_first(&f->fragtree)) {
1288                        JFFS2_ERROR("Argh. Special inode #%u with mode 0%o has no fragments\n",
1289                               f->inocache->ino, jemode_to_cpu(latest_node->mode));
1290                        return -EIO;
1291                }
1292                /* ASSERT: f->fraglist != NULL */
1293                if (frag_next(frag_first(&f->fragtree))) {
1294                        JFFS2_ERROR("Argh. Special inode #%u with mode 0x%x had more than one node\n",
1295                               f->inocache->ino, jemode_to_cpu(latest_node->mode));
1296                        /* FIXME: Deal with it - check crc32, check for duplicate node, check times and discard the older one */
1297                        return -EIO;
1298                }
1299                /* OK. We're happy */
1300                f->metadata = frag_first(&f->fragtree)->node;
1301                jffs2_free_node_frag(frag_first(&f->fragtree));
1302                f->fragtree = RB_ROOT;
1303                break;
1304        }
1305        if (f->inocache->state == INO_STATE_READING)
1306                jffs2_set_inocache_state(c, f->inocache, INO_STATE_PRESENT);
1307
1308        return 0;
1309}
1310
1311/* Scan the list of all nodes present for this ino, build map of versions, etc. */
1312int jffs2_do_read_inode(struct jffs2_sb_info *c, struct jffs2_inode_info *f,
1313                        uint32_t ino, struct jffs2_raw_inode *latest_node)
1314{
1315        dbg_readinode("read inode #%u\n", ino);
1316
1317 retry_inocache:
1318        spin_lock(&c->inocache_lock);
1319        f->inocache = jffs2_get_ino_cache(c, ino);
1320
1321        if (f->inocache) {
1322                /* Check its state. We may need to wait before we can use it */
1323                switch(f->inocache->state) {
1324                case INO_STATE_UNCHECKED:
1325                case INO_STATE_CHECKEDABSENT:
1326                        f->inocache->state = INO_STATE_READING;
1327                        break;
1328
1329                case INO_STATE_CHECKING:
1330                case INO_STATE_GC:
1331                        /* If it's in either of these states, we need
1332                           to wait for whoever's got it to finish and
1333                           put it back. */
1334                        dbg_readinode("waiting for ino #%u in state %d\n", ino, f->inocache->state);
1335                        sleep_on_spinunlock(&c->inocache_wq, &c->inocache_lock);
1336                        goto retry_inocache;
1337
1338                case INO_STATE_READING:
1339                case INO_STATE_PRESENT:
1340                        /* Eep. This should never happen. It can
1341                        happen if Linux calls read_inode() again
1342                        before clear_inode() has finished though. */
1343                        JFFS2_ERROR("Eep. Trying to read_inode #%u when it's already in state %d!\n", ino, f->inocache->state);
1344                        /* Fail. That's probably better than allowing it to succeed */
1345                        f->inocache = NULL;
1346                        break;
1347
1348                default:
1349                        BUG();
1350                }
1351        }
1352        spin_unlock(&c->inocache_lock);
1353
1354        if (!f->inocache && ino == 1) {
1355                /* Special case - no root inode on medium */
1356                f->inocache = jffs2_alloc_inode_cache();
1357                if (!f->inocache) {
1358                        JFFS2_ERROR("cannot allocate inocache for root inode\n");
1359                        return -ENOMEM;
1360                }
1361                dbg_readinode("creating inocache for root inode\n");
1362                memset(f->inocache, 0, sizeof(struct jffs2_inode_cache));
1363                f->inocache->ino = f->inocache->pino_nlink = 1;
1364                f->inocache->nodes = (struct jffs2_raw_node_ref *)f->inocache;
1365                f->inocache->state = INO_STATE_READING;
1366                jffs2_add_ino_cache(c, f->inocache);
1367        }
1368        if (!f->inocache) {
1369                JFFS2_ERROR("requested to read a nonexistent ino %u\n", ino);
1370                return -ENOENT;
1371        }
1372
1373        return jffs2_do_read_inode_internal(c, f, latest_node);
1374}
1375
1376int jffs2_do_crccheck_inode(struct jffs2_sb_info *c, struct jffs2_inode_cache *ic)
1377{
1378        struct jffs2_raw_inode n;
1379        struct jffs2_inode_info *f = kzalloc(sizeof(*f), GFP_KERNEL);
1380        int ret;
1381
1382        if (!f)
1383                return -ENOMEM;
1384
1385        mutex_init(&f->sem);
1386        mutex_lock(&f->sem);
1387        f->inocache = ic;
1388
1389        ret = jffs2_do_read_inode_internal(c, f, &n);
1390        mutex_unlock(&f->sem);
1391        jffs2_do_clear_inode(c, f);
1392        jffs2_xattr_do_crccheck_inode(c, ic);
1393        kfree (f);
1394        return ret;
1395}
1396
1397void jffs2_do_clear_inode(struct jffs2_sb_info *c, struct jffs2_inode_info *f)
1398{
1399        struct jffs2_full_dirent *fd, *fds;
1400        int deleted;
1401
1402        jffs2_xattr_delete_inode(c, f->inocache);
1403        mutex_lock(&f->sem);
1404        deleted = f->inocache && !f->inocache->pino_nlink;
1405
1406        if (f->inocache && f->inocache->state != INO_STATE_CHECKING)
1407                jffs2_set_inocache_state(c, f->inocache, INO_STATE_CLEARING);
1408
1409        if (f->metadata) {
1410                if (deleted)
1411                        jffs2_mark_node_obsolete(c, f->metadata->raw);
1412                jffs2_free_full_dnode(f->metadata);
1413        }
1414
1415        jffs2_kill_fragtree(&f->fragtree, deleted?c:NULL);
1416
1417        if (f->target) {
1418                kfree(f->target);
1419                f->target = NULL;
1420        }
1421
1422        fds = f->dents;
1423        while(fds) {
1424                fd = fds;
1425                fds = fd->next;
1426                jffs2_free_full_dirent(fd);
1427        }
1428
1429        if (f->inocache && f->inocache->state != INO_STATE_CHECKING) {
1430                jffs2_set_inocache_state(c, f->inocache, INO_STATE_CHECKEDABSENT);
1431                if (f->inocache->nodes == (void *)f->inocache)
1432                        jffs2_del_ino_cache(c, f->inocache);
1433        }
1434
1435        mutex_unlock(&f->sem);
1436}
1437