mtd: do not use mtd->block_markbad directly
[linux-2.6.git] / fs / jffs2 / readinode.c
1 /*
2  * JFFS2 -- Journalling Flash File System, Version 2.
3  *
4  * Copyright © 2001-2007 Red Hat, Inc.
5  *
6  * Created by David Woodhouse <dwmw2@infradead.org>
7  *
8  * For licensing information, see the file 'LICENCE' in this directory.
9  *
10  */
11
12 #include <linux/kernel.h>
13 #include <linux/sched.h>
14 #include <linux/slab.h>
15 #include <linux/fs.h>
16 #include <linux/crc32.h>
17 #include <linux/pagemap.h>
18 #include <linux/mtd/mtd.h>
19 #include <linux/compiler.h>
20 #include "nodelist.h"
21
22 /*
23  * Check the data CRC of the node.
24  *
25  * Returns: 0 if the data CRC is correct;
26  *          1 - if incorrect;
27  *          error code if an error occurred.
28  */
29 static int check_node_data(struct jffs2_sb_info *c, struct jffs2_tmp_dnode_info *tn)
30 {
31         struct jffs2_raw_node_ref *ref = tn->fn->raw;
32         int err = 0, pointed = 0;
33         struct jffs2_eraseblock *jeb;
34         unsigned char *buffer;
35         uint32_t crc, ofs, len;
36         size_t retlen;
37
38         BUG_ON(tn->csize == 0);
39
40         /* Calculate how many bytes were already checked */
41         ofs = ref_offset(ref) + sizeof(struct jffs2_raw_inode);
42         len = tn->csize;
43
44         if (jffs2_is_writebuffered(c)) {
45                 int adj = ofs % c->wbuf_pagesize;
46                 if (likely(adj))
47                         adj = c->wbuf_pagesize - adj;
48
49                 if (adj >= tn->csize) {
50                         dbg_readinode("no need to check node at %#08x, data length %u, data starts at %#08x - it has already been checked.\n",
51                                       ref_offset(ref), tn->csize, ofs);
52                         goto adj_acc;
53                 }
54
55                 ofs += adj;
56                 len -= adj;
57         }
58
59         dbg_readinode("check node at %#08x, data length %u, partial CRC %#08x, correct CRC %#08x, data starts at %#08x, start checking from %#08x - %u bytes.\n",
60                 ref_offset(ref), tn->csize, tn->partial_crc, tn->data_crc, ofs - len, ofs, len);
61
62 #ifndef __ECOS
63         /* TODO: instead, incapsulate point() stuff to jffs2_flash_read(),
64          * adding and jffs2_flash_read_end() interface. */
65         err = mtd_point(c->mtd, ofs, len, &retlen, (void **)&buffer, NULL);
66         if (!err && retlen < len) {
67                 JFFS2_WARNING("MTD point returned len too short: %zu instead of %u.\n", retlen, tn->csize);
68                 mtd_unpoint(c->mtd, ofs, retlen);
69         } else if (err) {
70                 if (err != -EOPNOTSUPP)
71                         JFFS2_WARNING("MTD point failed: error code %d.\n", err);
72         } else
73                 pointed = 1; /* succefully pointed to device */
74 #endif
75
76         if (!pointed) {
77                 buffer = kmalloc(len, GFP_KERNEL);
78                 if (unlikely(!buffer))
79                         return -ENOMEM;
80
81                 /* TODO: this is very frequent pattern, make it a separate
82                  * routine */
83                 err = jffs2_flash_read(c, ofs, len, &retlen, buffer);
84                 if (err) {
85                         JFFS2_ERROR("can not read %d bytes from 0x%08x, error code: %d.\n", len, ofs, err);
86                         goto free_out;
87                 }
88
89                 if (retlen != len) {
90                         JFFS2_ERROR("short read at %#08x: %zd instead of %d.\n", ofs, retlen, len);
91                         err = -EIO;
92                         goto free_out;
93                 }
94         }
95
96         /* Continue calculating CRC */
97         crc = crc32(tn->partial_crc, buffer, len);
98         if(!pointed)
99                 kfree(buffer);
100 #ifndef __ECOS
101         else
102                 mtd_unpoint(c->mtd, ofs, len);
103 #endif
104
105         if (crc != tn->data_crc) {
106                 JFFS2_NOTICE("wrong data CRC in data node at 0x%08x: read %#08x, calculated %#08x.\n",
107                              ref_offset(ref), tn->data_crc, crc);
108                 return 1;
109         }
110
111 adj_acc:
112         jeb = &c->blocks[ref->flash_offset / c->sector_size];
113         len = ref_totlen(c, jeb, ref);
114         /* If it should be REF_NORMAL, it'll get marked as such when
115            we build the fragtree, shortly. No need to worry about GC
116            moving it while it's marked REF_PRISTINE -- GC won't happen
117            till we've finished checking every inode anyway. */
118         ref->flash_offset |= REF_PRISTINE;
119         /*
120          * Mark the node as having been checked and fix the
121          * accounting accordingly.
122          */
123         spin_lock(&c->erase_completion_lock);
124         jeb->used_size += len;
125         jeb->unchecked_size -= len;
126         c->used_size += len;
127         c->unchecked_size -= len;
128         jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
129         spin_unlock(&c->erase_completion_lock);
130
131         return 0;
132
133 free_out:
134         if(!pointed)
135                 kfree(buffer);
136 #ifndef __ECOS
137         else
138                 mtd_unpoint(c->mtd, ofs, len);
139 #endif
140         return err;
141 }
142
143 /*
144  * Helper function for jffs2_add_older_frag_to_fragtree().
145  *
146  * Checks the node if we are in the checking stage.
147  */
148 static int check_tn_node(struct jffs2_sb_info *c, struct jffs2_tmp_dnode_info *tn)
149 {
150         int ret;
151
152         BUG_ON(ref_obsolete(tn->fn->raw));
153
154         /* We only check the data CRC of unchecked nodes */
155         if (ref_flags(tn->fn->raw) != REF_UNCHECKED)
156                 return 0;
157
158         dbg_readinode("check node %#04x-%#04x, phys offs %#08x\n",
159                       tn->fn->ofs, tn->fn->ofs + tn->fn->size, ref_offset(tn->fn->raw));
160
161         ret = check_node_data(c, tn);
162         if (unlikely(ret < 0)) {
163                 JFFS2_ERROR("check_node_data() returned error: %d.\n",
164                         ret);
165         } else if (unlikely(ret > 0)) {
166                 dbg_readinode("CRC error, mark it obsolete.\n");
167                 jffs2_mark_node_obsolete(c, tn->fn->raw);
168         }
169
170         return ret;
171 }
172
173 static struct jffs2_tmp_dnode_info *jffs2_lookup_tn(struct rb_root *tn_root, uint32_t offset)
174 {
175         struct rb_node *next;
176         struct jffs2_tmp_dnode_info *tn = NULL;
177
178         dbg_readinode("root %p, offset %d\n", tn_root, offset);
179
180         next = tn_root->rb_node;
181
182         while (next) {
183                 tn = rb_entry(next, struct jffs2_tmp_dnode_info, rb);
184
185                 if (tn->fn->ofs < offset)
186                         next = tn->rb.rb_right;
187                 else if (tn->fn->ofs >= offset)
188                         next = tn->rb.rb_left;
189                 else
190                         break;
191         }
192
193         return tn;
194 }
195
196
197 static void jffs2_kill_tn(struct jffs2_sb_info *c, struct jffs2_tmp_dnode_info *tn)
198 {
199         jffs2_mark_node_obsolete(c, tn->fn->raw);
200         jffs2_free_full_dnode(tn->fn);
201         jffs2_free_tmp_dnode_info(tn);
202 }
203 /*
204  * This function is used when we read an inode. Data nodes arrive in
205  * arbitrary order -- they may be older or newer than the nodes which
206  * are already in the tree. Where overlaps occur, the older node can
207  * be discarded as long as the newer passes the CRC check. We don't
208  * bother to keep track of holes in this rbtree, and neither do we deal
209  * with frags -- we can have multiple entries starting at the same
210  * offset, and the one with the smallest length will come first in the
211  * ordering.
212  *
213  * Returns 0 if the node was handled (including marking it obsolete)
214  *       < 0 an if error occurred
215  */
216 static int jffs2_add_tn_to_tree(struct jffs2_sb_info *c,
217                                 struct jffs2_readinode_info *rii,
218                                 struct jffs2_tmp_dnode_info *tn)
219 {
220         uint32_t fn_end = tn->fn->ofs + tn->fn->size;
221         struct jffs2_tmp_dnode_info *this, *ptn;
222
223         dbg_readinode("insert fragment %#04x-%#04x, ver %u at %08x\n", tn->fn->ofs, fn_end, tn->version, ref_offset(tn->fn->raw));
224
225         /* If a node has zero dsize, we only have to keep if it if it might be the
226            node with highest version -- i.e. the one which will end up as f->metadata.
227            Note that such nodes won't be REF_UNCHECKED since there are no data to
228            check anyway. */
229         if (!tn->fn->size) {
230                 if (rii->mdata_tn) {
231                         if (rii->mdata_tn->version < tn->version) {
232                                 /* We had a candidate mdata node already */
233                                 dbg_readinode("kill old mdata with ver %d\n", rii->mdata_tn->version);
234                                 jffs2_kill_tn(c, rii->mdata_tn);
235                         } else {
236                                 dbg_readinode("kill new mdata with ver %d (older than existing %d\n",
237                                               tn->version, rii->mdata_tn->version);
238                                 jffs2_kill_tn(c, tn);
239                                 return 0;
240                         }
241                 }
242                 rii->mdata_tn = tn;
243                 dbg_readinode("keep new mdata with ver %d\n", tn->version);
244                 return 0;
245         }
246
247         /* Find the earliest node which _may_ be relevant to this one */
248         this = jffs2_lookup_tn(&rii->tn_root, tn->fn->ofs);
249         if (this) {
250                 /* If the node is coincident with another at a lower address,
251                    back up until the other node is found. It may be relevant */
252                 while (this->overlapped) {
253                         ptn = tn_prev(this);
254                         if (!ptn) {
255                                 /*
256                                  * We killed a node which set the overlapped
257                                  * flags during the scan. Fix it up.
258                                  */
259                                 this->overlapped = 0;
260                                 break;
261                         }
262                         this = ptn;
263                 }
264                 dbg_readinode("'this' found %#04x-%#04x (%s)\n", this->fn->ofs, this->fn->ofs + this->fn->size, this->fn ? "data" : "hole");
265         }
266
267         while (this) {
268                 if (this->fn->ofs > fn_end)
269                         break;
270                 dbg_readinode("Ponder this ver %d, 0x%x-0x%x\n",
271                               this->version, this->fn->ofs, this->fn->size);
272
273                 if (this->version == tn->version) {
274                         /* Version number collision means REF_PRISTINE GC. Accept either of them
275                            as long as the CRC is correct. Check the one we have already...  */
276                         if (!check_tn_node(c, this)) {
277                                 /* The one we already had was OK. Keep it and throw away the new one */
278                                 dbg_readinode("Like old node. Throw away new\n");
279                                 jffs2_kill_tn(c, tn);
280                                 return 0;
281                         } else {
282                                 /* Who cares if the new one is good; keep it for now anyway. */
283                                 dbg_readinode("Like new node. Throw away old\n");
284                                 rb_replace_node(&this->rb, &tn->rb, &rii->tn_root);
285                                 jffs2_kill_tn(c, this);
286                                 /* Same overlapping from in front and behind */
287                                 return 0;
288                         }
289                 }
290                 if (this->version < tn->version &&
291                     this->fn->ofs >= tn->fn->ofs &&
292                     this->fn->ofs + this->fn->size <= fn_end) {
293                         /* New node entirely overlaps 'this' */
294                         if (check_tn_node(c, tn)) {
295                                 dbg_readinode("new node bad CRC\n");
296                                 jffs2_kill_tn(c, tn);
297                                 return 0;
298                         }
299                         /* ... and is good. Kill 'this' and any subsequent nodes which are also overlapped */
300                         while (this && this->fn->ofs + this->fn->size <= fn_end) {
301                                 struct jffs2_tmp_dnode_info *next = tn_next(this);
302                                 if (this->version < tn->version) {
303                                         tn_erase(this, &rii->tn_root);
304                                         dbg_readinode("Kill overlapped ver %d, 0x%x-0x%x\n",
305                                                       this->version, this->fn->ofs,
306                                                       this->fn->ofs+this->fn->size);
307                                         jffs2_kill_tn(c, this);
308                                 }
309                                 this = next;
310                         }
311                         dbg_readinode("Done killing overlapped nodes\n");
312                         continue;
313                 }
314                 if (this->version > tn->version &&
315                     this->fn->ofs <= tn->fn->ofs &&
316                     this->fn->ofs+this->fn->size >= fn_end) {
317                         /* New node entirely overlapped by 'this' */
318                         if (!check_tn_node(c, this)) {
319                                 dbg_readinode("Good CRC on old node. Kill new\n");
320                                 jffs2_kill_tn(c, tn);
321                                 return 0;
322                         }
323                         /* ... but 'this' was bad. Replace it... */
324                         dbg_readinode("Bad CRC on old overlapping node. Kill it\n");
325                         tn_erase(this, &rii->tn_root);
326                         jffs2_kill_tn(c, this);
327                         break;
328                 }
329
330                 this = tn_next(this);
331         }
332
333         /* We neither completely obsoleted nor were completely
334            obsoleted by an earlier node. Insert into the tree */
335         {
336                 struct rb_node *parent;
337                 struct rb_node **link = &rii->tn_root.rb_node;
338                 struct jffs2_tmp_dnode_info *insert_point = NULL;
339
340                 while (*link) {
341                         parent = *link;
342                         insert_point = rb_entry(parent, struct jffs2_tmp_dnode_info, rb);
343                         if (tn->fn->ofs > insert_point->fn->ofs)
344                                 link = &insert_point->rb.rb_right;
345                         else if (tn->fn->ofs < insert_point->fn->ofs ||
346                                  tn->fn->size < insert_point->fn->size)
347                                 link = &insert_point->rb.rb_left;
348                         else
349                                 link = &insert_point->rb.rb_right;
350                 }
351                 rb_link_node(&tn->rb, &insert_point->rb, link);
352                 rb_insert_color(&tn->rb, &rii->tn_root);
353         }
354
355         /* If there's anything behind that overlaps us, note it */
356         this = tn_prev(tn);
357         if (this) {
358                 while (1) {
359                         if (this->fn->ofs + this->fn->size > tn->fn->ofs) {
360                                 dbg_readinode("Node is overlapped by %p (v %d, 0x%x-0x%x)\n",
361                                               this, this->version, this->fn->ofs,
362                                               this->fn->ofs+this->fn->size);
363                                 tn->overlapped = 1;
364                                 break;
365                         }
366                         if (!this->overlapped)
367                                 break;
368
369                         ptn = tn_prev(this);
370                         if (!ptn) {
371                                 /*
372                                  * We killed a node which set the overlapped
373                                  * flags during the scan. Fix it up.
374                                  */
375                                 this->overlapped = 0;
376                                 break;
377                         }
378                         this = ptn;
379                 }
380         }
381
382         /* If the new node overlaps anything ahead, note it */
383         this = tn_next(tn);
384         while (this && this->fn->ofs < fn_end) {
385                 this->overlapped = 1;
386                 dbg_readinode("Node ver %d, 0x%x-0x%x is overlapped\n",
387                               this->version, this->fn->ofs,
388                               this->fn->ofs+this->fn->size);
389                 this = tn_next(this);
390         }
391         return 0;
392 }
393
394 /* Trivial function to remove the last node in the tree. Which by definition
395    has no right-hand -- so can be removed just by making its only child (if
396    any) take its place under its parent. */
397 static void eat_last(struct rb_root *root, struct rb_node *node)
398 {
399         struct rb_node *parent = rb_parent(node);
400         struct rb_node **link;
401
402         /* LAST! */
403         BUG_ON(node->rb_right);
404
405         if (!parent)
406                 link = &root->rb_node;
407         else if (node == parent->rb_left)
408                 link = &parent->rb_left;
409         else
410                 link = &parent->rb_right;
411
412         *link = node->rb_left;
413         /* Colour doesn't matter now. Only the parent pointer. */
414         if (node->rb_left)
415                 node->rb_left->rb_parent_color = node->rb_parent_color;
416 }
417
418 /* We put this in reverse order, so we can just use eat_last */
419 static void ver_insert(struct rb_root *ver_root, struct jffs2_tmp_dnode_info *tn)
420 {
421         struct rb_node **link = &ver_root->rb_node;
422         struct rb_node *parent = NULL;
423         struct jffs2_tmp_dnode_info *this_tn;
424
425         while (*link) {
426                 parent = *link;
427                 this_tn = rb_entry(parent, struct jffs2_tmp_dnode_info, rb);
428
429                 if (tn->version > this_tn->version)
430                         link = &parent->rb_left;
431                 else
432                         link = &parent->rb_right;
433         }
434         dbg_readinode("Link new node at %p (root is %p)\n", link, ver_root);
435         rb_link_node(&tn->rb, parent, link);
436         rb_insert_color(&tn->rb, ver_root);
437 }
438
439 /* Build final, normal fragtree from tn tree. It doesn't matter which order
440    we add nodes to the real fragtree, as long as they don't overlap. And
441    having thrown away the majority of overlapped nodes as we went, there
442    really shouldn't be many sets of nodes which do overlap. If we start at
443    the end, we can use the overlap markers -- we can just eat nodes which
444    aren't overlapped, and when we encounter nodes which _do_ overlap we
445    sort them all into a temporary tree in version order before replaying them. */
446 static int jffs2_build_inode_fragtree(struct jffs2_sb_info *c,
447                                       struct jffs2_inode_info *f,
448                                       struct jffs2_readinode_info *rii)
449 {
450         struct jffs2_tmp_dnode_info *pen, *last, *this;
451         struct rb_root ver_root = RB_ROOT;
452         uint32_t high_ver = 0;
453
454         if (rii->mdata_tn) {
455                 dbg_readinode("potential mdata is ver %d at %p\n", rii->mdata_tn->version, rii->mdata_tn);
456                 high_ver = rii->mdata_tn->version;
457                 rii->latest_ref = rii->mdata_tn->fn->raw;
458         }
459 #ifdef JFFS2_DBG_READINODE_MESSAGES
460         this = tn_last(&rii->tn_root);
461         while (this) {
462                 dbg_readinode("tn %p ver %d range 0x%x-0x%x ov %d\n", this, this->version, this->fn->ofs,
463                               this->fn->ofs+this->fn->size, this->overlapped);
464                 this = tn_prev(this);
465         }
466 #endif
467         pen = tn_last(&rii->tn_root);
468         while ((last = pen)) {
469                 pen = tn_prev(last);
470
471                 eat_last(&rii->tn_root, &last->rb);
472                 ver_insert(&ver_root, last);
473
474                 if (unlikely(last->overlapped)) {
475                         if (pen)
476                                 continue;
477                         /*
478                          * We killed a node which set the overlapped
479                          * flags during the scan. Fix it up.
480                          */
481                         last->overlapped = 0;
482                 }
483
484                 /* Now we have a bunch of nodes in reverse version
485                    order, in the tree at ver_root. Most of the time,
486                    there'll actually be only one node in the 'tree',
487                    in fact. */
488                 this = tn_last(&ver_root);
489
490                 while (this) {
491                         struct jffs2_tmp_dnode_info *vers_next;
492                         int ret;
493                         vers_next = tn_prev(this);
494                         eat_last(&ver_root, &this->rb);
495                         if (check_tn_node(c, this)) {
496                                 dbg_readinode("node ver %d, 0x%x-0x%x failed CRC\n",
497                                              this->version, this->fn->ofs,
498                                              this->fn->ofs+this->fn->size);
499                                 jffs2_kill_tn(c, this);
500                         } else {
501                                 if (this->version > high_ver) {
502                                         /* Note that this is different from the other
503                                            highest_version, because this one is only
504                                            counting _valid_ nodes which could give the
505                                            latest inode metadata */
506                                         high_ver = this->version;
507                                         rii->latest_ref = this->fn->raw;
508                                 }
509                                 dbg_readinode("Add %p (v %d, 0x%x-0x%x, ov %d) to fragtree\n",
510                                              this, this->version, this->fn->ofs,
511                                              this->fn->ofs+this->fn->size, this->overlapped);
512
513                                 ret = jffs2_add_full_dnode_to_inode(c, f, this->fn);
514                                 if (ret) {
515                                         /* Free the nodes in vers_root; let the caller
516                                            deal with the rest */
517                                         JFFS2_ERROR("Add node to tree failed %d\n", ret);
518                                         while (1) {
519                                                 vers_next = tn_prev(this);
520                                                 if (check_tn_node(c, this))
521                                                         jffs2_mark_node_obsolete(c, this->fn->raw);
522                                                 jffs2_free_full_dnode(this->fn);
523                                                 jffs2_free_tmp_dnode_info(this);
524                                                 this = vers_next;
525                                                 if (!this)
526                                                         break;
527                                                 eat_last(&ver_root, &vers_next->rb);
528                                         }
529                                         return ret;
530                                 }
531                                 jffs2_free_tmp_dnode_info(this);
532                         }
533                         this = vers_next;
534                 }
535         }
536         return 0;
537 }
538
539 static void jffs2_free_tmp_dnode_info_list(struct rb_root *list)
540 {
541         struct rb_node *this;
542         struct jffs2_tmp_dnode_info *tn;
543
544         this = list->rb_node;
545
546         /* Now at bottom of tree */
547         while (this) {
548                 if (this->rb_left)
549                         this = this->rb_left;
550                 else if (this->rb_right)
551                         this = this->rb_right;
552                 else {
553                         tn = rb_entry(this, struct jffs2_tmp_dnode_info, rb);
554                         jffs2_free_full_dnode(tn->fn);
555                         jffs2_free_tmp_dnode_info(tn);
556
557                         this = rb_parent(this);
558                         if (!this)
559                                 break;
560
561                         if (this->rb_left == &tn->rb)
562                                 this->rb_left = NULL;
563                         else if (this->rb_right == &tn->rb)
564                                 this->rb_right = NULL;
565                         else BUG();
566                 }
567         }
568         *list = RB_ROOT;
569 }
570
571 static void jffs2_free_full_dirent_list(struct jffs2_full_dirent *fd)
572 {
573         struct jffs2_full_dirent *next;
574
575         while (fd) {
576                 next = fd->next;
577                 jffs2_free_full_dirent(fd);
578                 fd = next;
579         }
580 }
581
582 /* Returns first valid node after 'ref'. May return 'ref' */
583 static struct jffs2_raw_node_ref *jffs2_first_valid_node(struct jffs2_raw_node_ref *ref)
584 {
585         while (ref && ref->next_in_ino) {
586                 if (!ref_obsolete(ref))
587                         return ref;
588                 dbg_noderef("node at 0x%08x is obsoleted. Ignoring.\n", ref_offset(ref));
589                 ref = ref->next_in_ino;
590         }
591         return NULL;
592 }
593
594 /*
595  * Helper function for jffs2_get_inode_nodes().
596  * It is called every time an directory entry node is found.
597  *
598  * Returns: 0 on success;
599  *          negative error code on failure.
600  */
601 static inline int read_direntry(struct jffs2_sb_info *c, struct jffs2_raw_node_ref *ref,
602                                 struct jffs2_raw_dirent *rd, size_t read,
603                                 struct jffs2_readinode_info *rii)
604 {
605         struct jffs2_full_dirent *fd;
606         uint32_t crc;
607
608         /* Obsoleted. This cannot happen, surely? dwmw2 20020308 */
609         BUG_ON(ref_obsolete(ref));
610
611         crc = crc32(0, rd, sizeof(*rd) - 8);
612         if (unlikely(crc != je32_to_cpu(rd->node_crc))) {
613                 JFFS2_NOTICE("header CRC failed on dirent node at %#08x: read %#08x, calculated %#08x\n",
614                              ref_offset(ref), je32_to_cpu(rd->node_crc), crc);
615                 jffs2_mark_node_obsolete(c, ref);
616                 return 0;
617         }
618
619         /* If we've never checked the CRCs on this node, check them now */
620         if (ref_flags(ref) == REF_UNCHECKED) {
621                 struct jffs2_eraseblock *jeb;
622                 int len;
623
624                 /* Sanity check */
625                 if (unlikely(PAD((rd->nsize + sizeof(*rd))) != PAD(je32_to_cpu(rd->totlen)))) {
626                         JFFS2_ERROR("illegal nsize in node at %#08x: nsize %#02x, totlen %#04x\n",
627                                     ref_offset(ref), rd->nsize, je32_to_cpu(rd->totlen));
628                         jffs2_mark_node_obsolete(c, ref);
629                         return 0;
630                 }
631
632                 jeb = &c->blocks[ref->flash_offset / c->sector_size];
633                 len = ref_totlen(c, jeb, ref);
634
635                 spin_lock(&c->erase_completion_lock);
636                 jeb->used_size += len;
637                 jeb->unchecked_size -= len;
638                 c->used_size += len;
639                 c->unchecked_size -= len;
640                 ref->flash_offset = ref_offset(ref) | dirent_node_state(rd);
641                 spin_unlock(&c->erase_completion_lock);
642         }
643
644         fd = jffs2_alloc_full_dirent(rd->nsize + 1);
645         if (unlikely(!fd))
646                 return -ENOMEM;
647
648         fd->raw = ref;
649         fd->version = je32_to_cpu(rd->version);
650         fd->ino = je32_to_cpu(rd->ino);
651         fd->type = rd->type;
652
653         if (fd->version > rii->highest_version)
654                 rii->highest_version = fd->version;
655
656         /* Pick out the mctime of the latest dirent */
657         if(fd->version > rii->mctime_ver && je32_to_cpu(rd->mctime)) {
658                 rii->mctime_ver = fd->version;
659                 rii->latest_mctime = je32_to_cpu(rd->mctime);
660         }
661
662         /*
663          * Copy as much of the name as possible from the raw
664          * dirent we've already read from the flash.
665          */
666         if (read > sizeof(*rd))
667                 memcpy(&fd->name[0], &rd->name[0],
668                        min_t(uint32_t, rd->nsize, (read - sizeof(*rd)) ));
669
670         /* Do we need to copy any more of the name directly from the flash? */
671         if (rd->nsize + sizeof(*rd) > read) {
672                 /* FIXME: point() */
673                 int err;
674                 int already = read - sizeof(*rd);
675
676                 err = jffs2_flash_read(c, (ref_offset(ref)) + read,
677                                 rd->nsize - already, &read, &fd->name[already]);
678                 if (unlikely(read != rd->nsize - already) && likely(!err))
679                         return -EIO;
680
681                 if (unlikely(err)) {
682                         JFFS2_ERROR("read remainder of name: error %d\n", err);
683                         jffs2_free_full_dirent(fd);
684                         return -EIO;
685                 }
686         }
687
688         fd->nhash = full_name_hash(fd->name, rd->nsize);
689         fd->next = NULL;
690         fd->name[rd->nsize] = '\0';
691
692         /*
693          * Wheee. We now have a complete jffs2_full_dirent structure, with
694          * the name in it and everything. Link it into the list
695          */
696         jffs2_add_fd_to_list(c, fd, &rii->fds);
697
698         return 0;
699 }
700
701 /*
702  * Helper function for jffs2_get_inode_nodes().
703  * It is called every time an inode node is found.
704  *
705  * Returns: 0 on success (possibly after marking a bad node obsolete);
706  *          negative error code on failure.
707  */
708 static inline int read_dnode(struct jffs2_sb_info *c, struct jffs2_raw_node_ref *ref,
709                              struct jffs2_raw_inode *rd, int rdlen,
710                              struct jffs2_readinode_info *rii)
711 {
712         struct jffs2_tmp_dnode_info *tn;
713         uint32_t len, csize;
714         int ret = 0;
715         uint32_t crc;
716
717         /* Obsoleted. This cannot happen, surely? dwmw2 20020308 */
718         BUG_ON(ref_obsolete(ref));
719
720         crc = crc32(0, rd, sizeof(*rd) - 8);
721         if (unlikely(crc != je32_to_cpu(rd->node_crc))) {
722                 JFFS2_NOTICE("node CRC failed on dnode at %#08x: read %#08x, calculated %#08x\n",
723                              ref_offset(ref), je32_to_cpu(rd->node_crc), crc);
724                 jffs2_mark_node_obsolete(c, ref);
725                 return 0;
726         }
727
728         tn = jffs2_alloc_tmp_dnode_info();
729         if (!tn) {
730                 JFFS2_ERROR("failed to allocate tn (%zu bytes).\n", sizeof(*tn));
731                 return -ENOMEM;
732         }
733
734         tn->partial_crc = 0;
735         csize = je32_to_cpu(rd->csize);
736
737         /* If we've never checked the CRCs on this node, check them now */
738         if (ref_flags(ref) == REF_UNCHECKED) {
739
740                 /* Sanity checks */
741                 if (unlikely(je32_to_cpu(rd->offset) > je32_to_cpu(rd->isize)) ||
742                     unlikely(PAD(je32_to_cpu(rd->csize) + sizeof(*rd)) != PAD(je32_to_cpu(rd->totlen)))) {
743                         JFFS2_WARNING("inode node header CRC is corrupted at %#08x\n", ref_offset(ref));
744                         jffs2_dbg_dump_node(c, ref_offset(ref));
745                         jffs2_mark_node_obsolete(c, ref);
746                         goto free_out;
747                 }
748
749                 if (jffs2_is_writebuffered(c) && csize != 0) {
750                         /* At this point we are supposed to check the data CRC
751                          * of our unchecked node. But thus far, we do not
752                          * know whether the node is valid or obsolete. To
753                          * figure this out, we need to walk all the nodes of
754                          * the inode and build the inode fragtree. We don't
755                          * want to spend time checking data of nodes which may
756                          * later be found to be obsolete. So we put off the full
757                          * data CRC checking until we have read all the inode
758                          * nodes and have started building the fragtree.
759                          *
760                          * The fragtree is being built starting with nodes
761                          * having the highest version number, so we'll be able
762                          * to detect whether a node is valid (i.e., it is not
763                          * overlapped by a node with higher version) or not.
764                          * And we'll be able to check only those nodes, which
765                          * are not obsolete.
766                          *
767                          * Of course, this optimization only makes sense in case
768                          * of NAND flashes (or other flashes with
769                          * !jffs2_can_mark_obsolete()), since on NOR flashes
770                          * nodes are marked obsolete physically.
771                          *
772                          * Since NAND flashes (or other flashes with
773                          * jffs2_is_writebuffered(c)) are anyway read by
774                          * fractions of c->wbuf_pagesize, and we have just read
775                          * the node header, it is likely that the starting part
776                          * of the node data is also read when we read the
777                          * header. So we don't mind to check the CRC of the
778                          * starting part of the data of the node now, and check
779                          * the second part later (in jffs2_check_node_data()).
780                          * Of course, we will not need to re-read and re-check
781                          * the NAND page which we have just read. This is why we
782                          * read the whole NAND page at jffs2_get_inode_nodes(),
783                          * while we needed only the node header.
784                          */
785                         unsigned char *buf;
786
787                         /* 'buf' will point to the start of data */
788                         buf = (unsigned char *)rd + sizeof(*rd);
789                         /* len will be the read data length */
790                         len = min_t(uint32_t, rdlen - sizeof(*rd), csize);
791                         tn->partial_crc = crc32(0, buf, len);
792
793                         dbg_readinode("Calculates CRC (%#08x) for %d bytes, csize %d\n", tn->partial_crc, len, csize);
794
795                         /* If we actually calculated the whole data CRC
796                          * and it is wrong, drop the node. */
797                         if (len >= csize && unlikely(tn->partial_crc != je32_to_cpu(rd->data_crc))) {
798                                 JFFS2_NOTICE("wrong data CRC in data node at 0x%08x: read %#08x, calculated %#08x.\n",
799                                         ref_offset(ref), tn->partial_crc, je32_to_cpu(rd->data_crc));
800                                 jffs2_mark_node_obsolete(c, ref);
801                                 goto free_out;
802                         }
803
804                 } else if (csize == 0) {
805                         /*
806                          * We checked the header CRC. If the node has no data, adjust
807                          * the space accounting now. For other nodes this will be done
808                          * later either when the node is marked obsolete or when its
809                          * data is checked.
810                          */
811                         struct jffs2_eraseblock *jeb;
812
813                         dbg_readinode("the node has no data.\n");
814                         jeb = &c->blocks[ref->flash_offset / c->sector_size];
815                         len = ref_totlen(c, jeb, ref);
816
817                         spin_lock(&c->erase_completion_lock);
818                         jeb->used_size += len;
819                         jeb->unchecked_size -= len;
820                         c->used_size += len;
821                         c->unchecked_size -= len;
822                         ref->flash_offset = ref_offset(ref) | REF_NORMAL;
823                         spin_unlock(&c->erase_completion_lock);
824                 }
825         }
826
827         tn->fn = jffs2_alloc_full_dnode();
828         if (!tn->fn) {
829                 JFFS2_ERROR("alloc fn failed\n");
830                 ret = -ENOMEM;
831                 goto free_out;
832         }
833
834         tn->version = je32_to_cpu(rd->version);
835         tn->fn->ofs = je32_to_cpu(rd->offset);
836         tn->data_crc = je32_to_cpu(rd->data_crc);
837         tn->csize = csize;
838         tn->fn->raw = ref;
839         tn->overlapped = 0;
840
841         if (tn->version > rii->highest_version)
842                 rii->highest_version = tn->version;
843
844         /* There was a bug where we wrote hole nodes out with
845            csize/dsize swapped. Deal with it */
846         if (rd->compr == JFFS2_COMPR_ZERO && !je32_to_cpu(rd->dsize) && csize)
847                 tn->fn->size = csize;
848         else // normal case...
849                 tn->fn->size = je32_to_cpu(rd->dsize);
850
851         dbg_readinode2("dnode @%08x: ver %u, offset %#04x, dsize %#04x, csize %#04x\n",
852                        ref_offset(ref), je32_to_cpu(rd->version),
853                        je32_to_cpu(rd->offset), je32_to_cpu(rd->dsize), csize);
854
855         ret = jffs2_add_tn_to_tree(c, rii, tn);
856
857         if (ret) {
858                 jffs2_free_full_dnode(tn->fn);
859         free_out:
860                 jffs2_free_tmp_dnode_info(tn);
861                 return ret;
862         }
863 #ifdef JFFS2_DBG_READINODE2_MESSAGES
864         dbg_readinode2("After adding ver %d:\n", je32_to_cpu(rd->version));
865         tn = tn_first(&rii->tn_root);
866         while (tn) {
867                 dbg_readinode2("%p: v %d r 0x%x-0x%x ov %d\n",
868                                tn, tn->version, tn->fn->ofs,
869                                tn->fn->ofs+tn->fn->size, tn->overlapped);
870                 tn = tn_next(tn);
871         }
872 #endif
873         return 0;
874 }
875
876 /*
877  * Helper function for jffs2_get_inode_nodes().
878  * It is called every time an unknown node is found.
879  *
880  * Returns: 0 on success;
881  *          negative error code on failure.
882  */
883 static inline int read_unknown(struct jffs2_sb_info *c, struct jffs2_raw_node_ref *ref, struct jffs2_unknown_node *un)
884 {
885         /* We don't mark unknown nodes as REF_UNCHECKED */
886         if (ref_flags(ref) == REF_UNCHECKED) {
887                 JFFS2_ERROR("REF_UNCHECKED but unknown node at %#08x\n",
888                             ref_offset(ref));
889                 JFFS2_ERROR("Node is {%04x,%04x,%08x,%08x}. Please report this error.\n",
890                             je16_to_cpu(un->magic), je16_to_cpu(un->nodetype),
891                             je32_to_cpu(un->totlen), je32_to_cpu(un->hdr_crc));
892                 jffs2_mark_node_obsolete(c, ref);
893                 return 0;
894         }
895
896         un->nodetype = cpu_to_je16(JFFS2_NODE_ACCURATE | je16_to_cpu(un->nodetype));
897
898         switch(je16_to_cpu(un->nodetype) & JFFS2_COMPAT_MASK) {
899
900         case JFFS2_FEATURE_INCOMPAT:
901                 JFFS2_ERROR("unknown INCOMPAT nodetype %#04X at %#08x\n",
902                             je16_to_cpu(un->nodetype), ref_offset(ref));
903                 /* EEP */
904                 BUG();
905                 break;
906
907         case JFFS2_FEATURE_ROCOMPAT:
908                 JFFS2_ERROR("unknown ROCOMPAT nodetype %#04X at %#08x\n",
909                             je16_to_cpu(un->nodetype), ref_offset(ref));
910                 BUG_ON(!(c->flags & JFFS2_SB_FLAG_RO));
911                 break;
912
913         case JFFS2_FEATURE_RWCOMPAT_COPY:
914                 JFFS2_NOTICE("unknown RWCOMPAT_COPY nodetype %#04X at %#08x\n",
915                              je16_to_cpu(un->nodetype), ref_offset(ref));
916                 break;
917
918         case JFFS2_FEATURE_RWCOMPAT_DELETE:
919                 JFFS2_NOTICE("unknown RWCOMPAT_DELETE nodetype %#04X at %#08x\n",
920                              je16_to_cpu(un->nodetype), ref_offset(ref));
921                 jffs2_mark_node_obsolete(c, ref);
922                 return 0;
923         }
924
925         return 0;
926 }
927
928 /*
929  * Helper function for jffs2_get_inode_nodes().
930  * The function detects whether more data should be read and reads it if yes.
931  *
932  * Returns: 0 on success;
933  *          negative error code on failure.
934  */
935 static int read_more(struct jffs2_sb_info *c, struct jffs2_raw_node_ref *ref,
936                      int needed_len, int *rdlen, unsigned char *buf)
937 {
938         int err, to_read = needed_len - *rdlen;
939         size_t retlen;
940         uint32_t offs;
941
942         if (jffs2_is_writebuffered(c)) {
943                 int rem = to_read % c->wbuf_pagesize;
944
945                 if (rem)
946                         to_read += c->wbuf_pagesize - rem;
947         }
948
949         /* We need to read more data */
950         offs = ref_offset(ref) + *rdlen;
951
952         dbg_readinode("read more %d bytes\n", to_read);
953
954         err = jffs2_flash_read(c, offs, to_read, &retlen, buf + *rdlen);
955         if (err) {
956                 JFFS2_ERROR("can not read %d bytes from 0x%08x, "
957                         "error code: %d.\n", to_read, offs, err);
958                 return err;
959         }
960
961         if (retlen < to_read) {
962                 JFFS2_ERROR("short read at %#08x: %zu instead of %d.\n",
963                                 offs, retlen, to_read);
964                 return -EIO;
965         }
966
967         *rdlen += to_read;
968         return 0;
969 }
970
971 /* Get tmp_dnode_info and full_dirent for all non-obsolete nodes associated
972    with this ino. Perform a preliminary ordering on data nodes, throwing away
973    those which are completely obsoleted by newer ones. The naïve approach we
974    use to take of just returning them _all_ in version order will cause us to
975    run out of memory in certain degenerate cases. */
976 static int jffs2_get_inode_nodes(struct jffs2_sb_info *c, struct jffs2_inode_info *f,
977                                  struct jffs2_readinode_info *rii)
978 {
979         struct jffs2_raw_node_ref *ref, *valid_ref;
980         unsigned char *buf = NULL;
981         union jffs2_node_union *node;
982         size_t retlen;
983         int len, err;
984
985         rii->mctime_ver = 0;
986
987         dbg_readinode("ino #%u\n", f->inocache->ino);
988
989         /* FIXME: in case of NOR and available ->point() this
990          * needs to be fixed. */
991         len = sizeof(union jffs2_node_union) + c->wbuf_pagesize;
992         buf = kmalloc(len, GFP_KERNEL);
993         if (!buf)
994                 return -ENOMEM;
995
996         spin_lock(&c->erase_completion_lock);
997         valid_ref = jffs2_first_valid_node(f->inocache->nodes);
998         if (!valid_ref && f->inocache->ino != 1)
999                 JFFS2_WARNING("Eep. No valid nodes for ino #%u.\n", f->inocache->ino);
1000         while (valid_ref) {
1001                 /* We can hold a pointer to a non-obsolete node without the spinlock,
1002                    but _obsolete_ nodes may disappear at any time, if the block
1003                    they're in gets erased. So if we mark 'ref' obsolete while we're
1004                    not holding the lock, it can go away immediately. For that reason,
1005                    we find the next valid node first, before processing 'ref'.
1006                 */
1007                 ref = valid_ref;
1008                 valid_ref = jffs2_first_valid_node(ref->next_in_ino);
1009                 spin_unlock(&c->erase_completion_lock);
1010
1011                 cond_resched();
1012
1013                 /*
1014                  * At this point we don't know the type of the node we're going
1015                  * to read, so we do not know the size of its header. In order
1016                  * to minimize the amount of flash IO we assume the header is
1017                  * of size = JFFS2_MIN_NODE_HEADER.
1018                  */
1019                 len = JFFS2_MIN_NODE_HEADER;
1020                 if (jffs2_is_writebuffered(c)) {
1021                         int end, rem;
1022
1023                         /*
1024                          * We are about to read JFFS2_MIN_NODE_HEADER bytes,
1025                          * but this flash has some minimal I/O unit. It is
1026                          * possible that we'll need to read more soon, so read
1027                          * up to the next min. I/O unit, in order not to
1028                          * re-read the same min. I/O unit twice.
1029                          */
1030                         end = ref_offset(ref) + len;
1031                         rem = end % c->wbuf_pagesize;
1032                         if (rem)
1033                                 end += c->wbuf_pagesize - rem;
1034                         len = end - ref_offset(ref);
1035                 }
1036
1037                 dbg_readinode("read %d bytes at %#08x(%d).\n", len, ref_offset(ref), ref_flags(ref));
1038
1039                 /* FIXME: point() */
1040                 err = jffs2_flash_read(c, ref_offset(ref), len, &retlen, buf);
1041                 if (err) {
1042                         JFFS2_ERROR("can not read %d bytes from 0x%08x, error code: %d.\n", len, ref_offset(ref), err);
1043                         goto free_out;
1044                 }
1045
1046                 if (retlen < len) {
1047                         JFFS2_ERROR("short read at %#08x: %zu instead of %d.\n", ref_offset(ref), retlen, len);
1048                         err = -EIO;
1049                         goto free_out;
1050                 }
1051
1052                 node = (union jffs2_node_union *)buf;
1053
1054                 /* No need to mask in the valid bit; it shouldn't be invalid */
1055                 if (je32_to_cpu(node->u.hdr_crc) != crc32(0, node, sizeof(node->u)-4)) {
1056                         JFFS2_NOTICE("Node header CRC failed at %#08x. {%04x,%04x,%08x,%08x}\n",
1057                                      ref_offset(ref), je16_to_cpu(node->u.magic),
1058                                      je16_to_cpu(node->u.nodetype),
1059                                      je32_to_cpu(node->u.totlen),
1060                                      je32_to_cpu(node->u.hdr_crc));
1061                         jffs2_dbg_dump_node(c, ref_offset(ref));
1062                         jffs2_mark_node_obsolete(c, ref);
1063                         goto cont;
1064                 }
1065                 if (je16_to_cpu(node->u.magic) != JFFS2_MAGIC_BITMASK) {
1066                         /* Not a JFFS2 node, whinge and move on */
1067                         JFFS2_NOTICE("Wrong magic bitmask 0x%04x in node header at %#08x.\n",
1068                                      je16_to_cpu(node->u.magic), ref_offset(ref));
1069                         jffs2_mark_node_obsolete(c, ref);
1070                         goto cont;
1071                 }
1072
1073                 switch (je16_to_cpu(node->u.nodetype)) {
1074
1075                 case JFFS2_NODETYPE_DIRENT:
1076
1077                         if (JFFS2_MIN_NODE_HEADER < sizeof(struct jffs2_raw_dirent) &&
1078                             len < sizeof(struct jffs2_raw_dirent)) {
1079                                 err = read_more(c, ref, sizeof(struct jffs2_raw_dirent), &len, buf);
1080                                 if (unlikely(err))
1081                                         goto free_out;
1082                         }
1083
1084                         err = read_direntry(c, ref, &node->d, retlen, rii);
1085                         if (unlikely(err))
1086                                 goto free_out;
1087
1088                         break;
1089
1090                 case JFFS2_NODETYPE_INODE:
1091
1092                         if (JFFS2_MIN_NODE_HEADER < sizeof(struct jffs2_raw_inode) &&
1093                             len < sizeof(struct jffs2_raw_inode)) {
1094                                 err = read_more(c, ref, sizeof(struct jffs2_raw_inode), &len, buf);
1095                                 if (unlikely(err))
1096                                         goto free_out;
1097                         }
1098
1099                         err = read_dnode(c, ref, &node->i, len, rii);
1100                         if (unlikely(err))
1101                                 goto free_out;
1102
1103                         break;
1104
1105                 default:
1106                         if (JFFS2_MIN_NODE_HEADER < sizeof(struct jffs2_unknown_node) &&
1107                             len < sizeof(struct jffs2_unknown_node)) {
1108                                 err = read_more(c, ref, sizeof(struct jffs2_unknown_node), &len, buf);
1109                                 if (unlikely(err))
1110                                         goto free_out;
1111                         }
1112
1113                         err = read_unknown(c, ref, &node->u);
1114                         if (unlikely(err))
1115                                 goto free_out;
1116
1117                 }
1118         cont:
1119                 spin_lock(&c->erase_completion_lock);
1120         }
1121
1122         spin_unlock(&c->erase_completion_lock);
1123         kfree(buf);
1124
1125         f->highest_version = rii->highest_version;
1126
1127         dbg_readinode("nodes of inode #%u were read, the highest version is %u, latest_mctime %u, mctime_ver %u.\n",
1128                       f->inocache->ino, rii->highest_version, rii->latest_mctime,
1129                       rii->mctime_ver);
1130         return 0;
1131
1132  free_out:
1133         jffs2_free_tmp_dnode_info_list(&rii->tn_root);
1134         jffs2_free_full_dirent_list(rii->fds);
1135         rii->fds = NULL;
1136         kfree(buf);
1137         return err;
1138 }
1139
1140 static int jffs2_do_read_inode_internal(struct jffs2_sb_info *c,
1141                                         struct jffs2_inode_info *f,
1142                                         struct jffs2_raw_inode *latest_node)
1143 {
1144         struct jffs2_readinode_info rii;
1145         uint32_t crc, new_size;
1146         size_t retlen;
1147         int ret;
1148
1149         dbg_readinode("ino #%u pino/nlink is %d\n", f->inocache->ino,
1150                       f->inocache->pino_nlink);
1151
1152         memset(&rii, 0, sizeof(rii));
1153
1154         /* Grab all nodes relevant to this ino */
1155         ret = jffs2_get_inode_nodes(c, f, &rii);
1156
1157         if (ret) {
1158                 JFFS2_ERROR("cannot read nodes for ino %u, returned error is %d\n", f->inocache->ino, ret);
1159                 if (f->inocache->state == INO_STATE_READING)
1160                         jffs2_set_inocache_state(c, f->inocache, INO_STATE_CHECKEDABSENT);
1161                 return ret;
1162         }
1163
1164         ret = jffs2_build_inode_fragtree(c, f, &rii);
1165         if (ret) {
1166                 JFFS2_ERROR("Failed to build final fragtree for inode #%u: error %d\n",
1167                             f->inocache->ino, ret);
1168                 if (f->inocache->state == INO_STATE_READING)
1169                         jffs2_set_inocache_state(c, f->inocache, INO_STATE_CHECKEDABSENT);
1170                 jffs2_free_tmp_dnode_info_list(&rii.tn_root);
1171                 /* FIXME: We could at least crc-check them all */
1172                 if (rii.mdata_tn) {
1173                         jffs2_free_full_dnode(rii.mdata_tn->fn);
1174                         jffs2_free_tmp_dnode_info(rii.mdata_tn);
1175                         rii.mdata_tn = NULL;
1176                 }
1177                 return ret;
1178         }
1179
1180         if (rii.mdata_tn) {
1181                 if (rii.mdata_tn->fn->raw == rii.latest_ref) {
1182                         f->metadata = rii.mdata_tn->fn;
1183                         jffs2_free_tmp_dnode_info(rii.mdata_tn);
1184                 } else {
1185                         jffs2_kill_tn(c, rii.mdata_tn);
1186                 }
1187                 rii.mdata_tn = NULL;
1188         }
1189
1190         f->dents = rii.fds;
1191
1192         jffs2_dbg_fragtree_paranoia_check_nolock(f);
1193
1194         if (unlikely(!rii.latest_ref)) {
1195                 /* No data nodes for this inode. */
1196                 if (f->inocache->ino != 1) {
1197                         JFFS2_WARNING("no data nodes found for ino #%u\n", f->inocache->ino);
1198                         if (!rii.fds) {
1199                                 if (f->inocache->state == INO_STATE_READING)
1200                                         jffs2_set_inocache_state(c, f->inocache, INO_STATE_CHECKEDABSENT);
1201                                 return -EIO;
1202                         }
1203                         JFFS2_NOTICE("but it has children so we fake some modes for it\n");
1204                 }
1205                 latest_node->mode = cpu_to_jemode(S_IFDIR|S_IRUGO|S_IWUSR|S_IXUGO);
1206                 latest_node->version = cpu_to_je32(0);
1207                 latest_node->atime = latest_node->ctime = latest_node->mtime = cpu_to_je32(0);
1208                 latest_node->isize = cpu_to_je32(0);
1209                 latest_node->gid = cpu_to_je16(0);
1210                 latest_node->uid = cpu_to_je16(0);
1211                 if (f->inocache->state == INO_STATE_READING)
1212                         jffs2_set_inocache_state(c, f->inocache, INO_STATE_PRESENT);
1213                 return 0;
1214         }
1215
1216         ret = jffs2_flash_read(c, ref_offset(rii.latest_ref), sizeof(*latest_node), &retlen, (void *)latest_node);
1217         if (ret || retlen != sizeof(*latest_node)) {
1218                 JFFS2_ERROR("failed to read from flash: error %d, %zd of %zd bytes read\n",
1219                         ret, retlen, sizeof(*latest_node));
1220                 /* FIXME: If this fails, there seems to be a memory leak. Find it. */
1221                 mutex_unlock(&f->sem);
1222                 jffs2_do_clear_inode(c, f);
1223                 return ret?ret:-EIO;
1224         }
1225
1226         crc = crc32(0, latest_node, sizeof(*latest_node)-8);
1227         if (crc != je32_to_cpu(latest_node->node_crc)) {
1228                 JFFS2_ERROR("CRC failed for read_inode of inode %u at physical location 0x%x\n",
1229                         f->inocache->ino, ref_offset(rii.latest_ref));
1230                 mutex_unlock(&f->sem);
1231                 jffs2_do_clear_inode(c, f);
1232                 return -EIO;
1233         }
1234
1235         switch(jemode_to_cpu(latest_node->mode) & S_IFMT) {
1236         case S_IFDIR:
1237                 if (rii.mctime_ver > je32_to_cpu(latest_node->version)) {
1238                         /* The times in the latest_node are actually older than
1239                            mctime in the latest dirent. Cheat. */
1240                         latest_node->ctime = latest_node->mtime = cpu_to_je32(rii.latest_mctime);
1241                 }
1242                 break;
1243
1244
1245         case S_IFREG:
1246                 /* If it was a regular file, truncate it to the latest node's isize */
1247                 new_size = jffs2_truncate_fragtree(c, &f->fragtree, je32_to_cpu(latest_node->isize));
1248                 if (new_size != je32_to_cpu(latest_node->isize)) {
1249                         JFFS2_WARNING("Truncating ino #%u to %d bytes failed because it only had %d bytes to start with!\n",
1250                                       f->inocache->ino, je32_to_cpu(latest_node->isize), new_size);
1251                         latest_node->isize = cpu_to_je32(new_size);
1252                 }
1253                 break;
1254
1255         case S_IFLNK:
1256                 /* Hack to work around broken isize in old symlink code.
1257                    Remove this when dwmw2 comes to his senses and stops
1258                    symlinks from being an entirely gratuitous special
1259                    case. */
1260                 if (!je32_to_cpu(latest_node->isize))
1261                         latest_node->isize = latest_node->dsize;
1262
1263                 if (f->inocache->state != INO_STATE_CHECKING) {
1264                         /* Symlink's inode data is the target path. Read it and
1265                          * keep in RAM to facilitate quick follow symlink
1266                          * operation. */
1267                         f->target = kmalloc(je32_to_cpu(latest_node->csize) + 1, GFP_KERNEL);
1268                         if (!f->target) {
1269                                 JFFS2_ERROR("can't allocate %d bytes of memory for the symlink target path cache\n", je32_to_cpu(latest_node->csize));
1270                                 mutex_unlock(&f->sem);
1271                                 jffs2_do_clear_inode(c, f);
1272                                 return -ENOMEM;
1273                         }
1274
1275                         ret = jffs2_flash_read(c, ref_offset(rii.latest_ref) + sizeof(*latest_node),
1276                                                 je32_to_cpu(latest_node->csize), &retlen, (char *)f->target);
1277
1278                         if (ret  || retlen != je32_to_cpu(latest_node->csize)) {
1279                                 if (retlen != je32_to_cpu(latest_node->csize))
1280                                         ret = -EIO;
1281                                 kfree(f->target);
1282                                 f->target = NULL;
1283                                 mutex_unlock(&f->sem);
1284                                 jffs2_do_clear_inode(c, f);
1285                                 return ret;
1286                         }
1287
1288                         f->target[je32_to_cpu(latest_node->csize)] = '\0';
1289                         dbg_readinode("symlink's target '%s' cached\n", f->target);
1290                 }
1291
1292                 /* fall through... */
1293
1294         case S_IFBLK:
1295         case S_IFCHR:
1296                 /* Certain inode types should have only one data node, and it's
1297                    kept as the metadata node */
1298                 if (f->metadata) {
1299                         JFFS2_ERROR("Argh. Special inode #%u with mode 0%o had metadata node\n",
1300                                f->inocache->ino, jemode_to_cpu(latest_node->mode));
1301                         mutex_unlock(&f->sem);
1302                         jffs2_do_clear_inode(c, f);
1303                         return -EIO;
1304                 }
1305                 if (!frag_first(&f->fragtree)) {
1306                         JFFS2_ERROR("Argh. Special inode #%u with mode 0%o has no fragments\n",
1307                                f->inocache->ino, jemode_to_cpu(latest_node->mode));
1308                         mutex_unlock(&f->sem);
1309                         jffs2_do_clear_inode(c, f);
1310                         return -EIO;
1311                 }
1312                 /* ASSERT: f->fraglist != NULL */
1313                 if (frag_next(frag_first(&f->fragtree))) {
1314                         JFFS2_ERROR("Argh. Special inode #%u with mode 0x%x had more than one node\n",
1315                                f->inocache->ino, jemode_to_cpu(latest_node->mode));
1316                         /* FIXME: Deal with it - check crc32, check for duplicate node, check times and discard the older one */
1317                         mutex_unlock(&f->sem);
1318                         jffs2_do_clear_inode(c, f);
1319                         return -EIO;
1320                 }
1321                 /* OK. We're happy */
1322                 f->metadata = frag_first(&f->fragtree)->node;
1323                 jffs2_free_node_frag(frag_first(&f->fragtree));
1324                 f->fragtree = RB_ROOT;
1325                 break;
1326         }
1327         if (f->inocache->state == INO_STATE_READING)
1328                 jffs2_set_inocache_state(c, f->inocache, INO_STATE_PRESENT);
1329
1330         return 0;
1331 }
1332
1333 /* Scan the list of all nodes present for this ino, build map of versions, etc. */
1334 int jffs2_do_read_inode(struct jffs2_sb_info *c, struct jffs2_inode_info *f,
1335                         uint32_t ino, struct jffs2_raw_inode *latest_node)
1336 {
1337         dbg_readinode("read inode #%u\n", ino);
1338
1339  retry_inocache:
1340         spin_lock(&c->inocache_lock);
1341         f->inocache = jffs2_get_ino_cache(c, ino);
1342
1343         if (f->inocache) {
1344                 /* Check its state. We may need to wait before we can use it */
1345                 switch(f->inocache->state) {
1346                 case INO_STATE_UNCHECKED:
1347                 case INO_STATE_CHECKEDABSENT:
1348                         f->inocache->state = INO_STATE_READING;
1349                         break;
1350
1351                 case INO_STATE_CHECKING:
1352                 case INO_STATE_GC:
1353                         /* If it's in either of these states, we need
1354                            to wait for whoever's got it to finish and
1355                            put it back. */
1356                         dbg_readinode("waiting for ino #%u in state %d\n", ino, f->inocache->state);
1357                         sleep_on_spinunlock(&c->inocache_wq, &c->inocache_lock);
1358                         goto retry_inocache;
1359
1360                 case INO_STATE_READING:
1361                 case INO_STATE_PRESENT:
1362                         /* Eep. This should never happen. It can
1363                         happen if Linux calls read_inode() again
1364                         before clear_inode() has finished though. */
1365                         JFFS2_ERROR("Eep. Trying to read_inode #%u when it's already in state %d!\n", ino, f->inocache->state);
1366                         /* Fail. That's probably better than allowing it to succeed */
1367                         f->inocache = NULL;
1368                         break;
1369
1370                 default:
1371                         BUG();
1372                 }
1373         }
1374         spin_unlock(&c->inocache_lock);
1375
1376         if (!f->inocache && ino == 1) {
1377                 /* Special case - no root inode on medium */
1378                 f->inocache = jffs2_alloc_inode_cache();
1379                 if (!f->inocache) {
1380                         JFFS2_ERROR("cannot allocate inocache for root inode\n");
1381                         return -ENOMEM;
1382                 }
1383                 dbg_readinode("creating inocache for root inode\n");
1384                 memset(f->inocache, 0, sizeof(struct jffs2_inode_cache));
1385                 f->inocache->ino = f->inocache->pino_nlink = 1;
1386                 f->inocache->nodes = (struct jffs2_raw_node_ref *)f->inocache;
1387                 f->inocache->state = INO_STATE_READING;
1388                 jffs2_add_ino_cache(c, f->inocache);
1389         }
1390         if (!f->inocache) {
1391                 JFFS2_ERROR("requestied to read an nonexistent ino %u\n", ino);
1392                 return -ENOENT;
1393         }
1394
1395         return jffs2_do_read_inode_internal(c, f, latest_node);
1396 }
1397
1398 int jffs2_do_crccheck_inode(struct jffs2_sb_info *c, struct jffs2_inode_cache *ic)
1399 {
1400         struct jffs2_raw_inode n;
1401         struct jffs2_inode_info *f = kzalloc(sizeof(*f), GFP_KERNEL);
1402         int ret;
1403
1404         if (!f)
1405                 return -ENOMEM;
1406
1407         mutex_init(&f->sem);
1408         mutex_lock(&f->sem);
1409         f->inocache = ic;
1410
1411         ret = jffs2_do_read_inode_internal(c, f, &n);
1412         if (!ret) {
1413                 mutex_unlock(&f->sem);
1414                 jffs2_do_clear_inode(c, f);
1415         }
1416         kfree (f);
1417         return ret;
1418 }
1419
1420 void jffs2_do_clear_inode(struct jffs2_sb_info *c, struct jffs2_inode_info *f)
1421 {
1422         struct jffs2_full_dirent *fd, *fds;
1423         int deleted;
1424
1425         jffs2_xattr_delete_inode(c, f->inocache);
1426         mutex_lock(&f->sem);
1427         deleted = f->inocache && !f->inocache->pino_nlink;
1428
1429         if (f->inocache && f->inocache->state != INO_STATE_CHECKING)
1430                 jffs2_set_inocache_state(c, f->inocache, INO_STATE_CLEARING);
1431
1432         if (f->metadata) {
1433                 if (deleted)
1434                         jffs2_mark_node_obsolete(c, f->metadata->raw);
1435                 jffs2_free_full_dnode(f->metadata);
1436         }
1437
1438         jffs2_kill_fragtree(&f->fragtree, deleted?c:NULL);
1439
1440         if (f->target) {
1441                 kfree(f->target);
1442                 f->target = NULL;
1443         }
1444
1445         fds = f->dents;
1446         while(fds) {
1447                 fd = fds;
1448                 fds = fd->next;
1449                 jffs2_free_full_dirent(fd);
1450         }
1451
1452         if (f->inocache && f->inocache->state != INO_STATE_CHECKING) {
1453                 jffs2_set_inocache_state(c, f->inocache, INO_STATE_CHECKEDABSENT);
1454                 if (f->inocache->nodes == (void *)f->inocache)
1455                         jffs2_del_ino_cache(c, f->inocache);
1456         }
1457
1458         mutex_unlock(&f->sem);
1459 }