IB/mlx4: Fix shutdown crash accessing a non-existent bitmap
[linux-2.6.git] / fs / jffs2 / scan.c
index 3551c39..8d8cd34 100644 (file)
@@ -1,15 +1,14 @@
 /*
  * JFFS2 -- Journalling Flash File System, Version 2.
  *
- * Copyright (C) 2001-2003 Red Hat, Inc.
+ * Copyright © 2001-2007 Red Hat, Inc.
  *
  * Created by David Woodhouse <dwmw2@infradead.org>
  *
  * For licensing information, see the file 'LICENCE' in this directory.
  *
- * $Id: scan.c,v 1.125 2005/09/30 13:59:13 dedekind Exp $
- *
  */
+
 #include <linux/kernel.h>
 #include <linux/sched.h>
 #include <linux/slab.h>
@@ -21,7 +20,7 @@
 #include "summary.h"
 #include "debug.h"
 
-#define DEFAULT_EMPTY_SCAN_SIZE 1024
+#define DEFAULT_EMPTY_SCAN_SIZE 256
 
 #define noisy_printk(noise, args...) do { \
        if (*(noise)) { \
@@ -67,8 +66,11 @@ static inline uint32_t EMPTY_SCAN_SIZE(uint32_t sector_size) {
 
 static int file_dirty(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb)
 {
-       int ret = jffs2_scan_dirty_space(c, jeb, jeb->free_size);
-       if (ret)
+       int ret;
+
+       if ((ret = jffs2_prealloc_raw_node_refs(c, jeb, 1)))
+               return ret;
+       if ((ret = jffs2_scan_dirty_space(c, jeb, jeb->free_size)))
                return ret;
        /* Turned wasted size into dirty, since we apparently 
           think it's recoverable now. */
@@ -92,14 +94,15 @@ int jffs2_scan_medium(struct jffs2_sb_info *c)
        uint32_t buf_size = 0;
        struct jffs2_summary *s = NULL; /* summary info collected by the scan process */
 #ifndef __ECOS
-       size_t pointlen;
+       size_t pointlen, try_size;
 
        if (c->mtd->point) {
-               ret = c->mtd->point (c->mtd, 0, c->mtd->size, &pointlen, &flashbuf);
+               ret = c->mtd->point(c->mtd, 0, c->mtd->size, &pointlen,
+                                   (void **)&flashbuf, NULL);
                if (!ret && pointlen < c->mtd->size) {
                        /* Don't muck about if it won't let us point to the whole flash */
                        D1(printk(KERN_DEBUG "MTD point returned len too short: 0x%zx\n", pointlen));
-                       c->mtd->unpoint(c->mtd, flashbuf, 0, c->mtd->size);
+                       c->mtd->unpoint(c->mtd, 0, pointlen);
                        flashbuf = NULL;
                }
                if (ret)
@@ -110,32 +113,37 @@ int jffs2_scan_medium(struct jffs2_sb_info *c)
                /* For NAND it's quicker to read a whole eraseblock at a time,
                   apparently */
                if (jffs2_cleanmarker_oob(c))
-                       buf_size = c->sector_size;
+                       try_size = c->sector_size;
                else
-                       buf_size = PAGE_SIZE;
+                       try_size = PAGE_SIZE;
 
-               /* Respect kmalloc limitations */
-               if (buf_size > 128*1024)
-                       buf_size = 128*1024;
+               D1(printk(KERN_DEBUG "Trying to allocate readbuf of %zu "
+                       "bytes\n", try_size));
 
-               D1(printk(KERN_DEBUG "Allocating readbuf of %d bytes\n", buf_size));
-               flashbuf = kmalloc(buf_size, GFP_KERNEL);
+               flashbuf = mtd_kmalloc_up_to(c->mtd, &try_size);
                if (!flashbuf)
                        return -ENOMEM;
+
+               D1(printk(KERN_DEBUG "Allocated readbuf of %zu bytes\n",
+                       try_size));
+
+               buf_size = (uint32_t)try_size;
        }
 
        if (jffs2_sum_active()) {
-               s = kmalloc(sizeof(struct jffs2_summary), GFP_KERNEL);
+               s = kzalloc(sizeof(struct jffs2_summary), GFP_KERNEL);
                if (!s) {
                        JFFS2_WARNING("Can't allocate memory for summary\n");
-                       return -ENOMEM;
+                       ret = -ENOMEM;
+                       goto out;
                }
-               memset(s, 0, sizeof(struct jffs2_summary));
        }
 
        for (i=0; i<c->nr_blocks; i++) {
                struct jffs2_eraseblock *jeb = &c->blocks[i];
 
+               cond_resched();
+
                /* reset summary info for next eraseblock scan */
                jffs2_sum_reset_collected(s);
 
@@ -191,7 +199,7 @@ int jffs2_scan_medium(struct jffs2_sb_info *c)
                                if (c->nextblock) {
                                        ret = file_dirty(c, c->nextblock);
                                        if (ret)
-                                               return ret;
+                                               goto out;
                                        /* deleting summary information of the old nextblock */
                                        jffs2_sum_reset_collected(c->summary);
                                }
@@ -202,7 +210,7 @@ int jffs2_scan_medium(struct jffs2_sb_info *c)
                        } else {
                                ret = file_dirty(c, jeb);
                                if (ret)
-                                       return ret;
+                                       goto out;
                        }
                        break;
 
@@ -244,11 +252,8 @@ int jffs2_scan_medium(struct jffs2_sb_info *c)
 
                D1(printk(KERN_DEBUG "jffs2_scan_medium(): Skipping %d bytes in nextblock to ensure page alignment\n",
                          skip));
-               c->nextblock->wasted_size += skip;
-               c->wasted_size += skip;
-
-               c->nextblock->free_size -= skip;
-               c->free_size -= skip;
+               jffs2_prealloc_raw_node_refs(c, c->nextblock, 1);
+               jffs2_scan_dirty_space(c, c->nextblock, skip);
        }
 #endif
        if (c->nr_erasing_blocks) {
@@ -258,7 +263,9 @@ int jffs2_scan_medium(struct jffs2_sb_info *c)
                        ret = -EIO;
                        goto out;
                }
-               jffs2_erase_pending_trigger(c);
+               spin_lock(&c->erase_completion_lock);
+               jffs2_garbage_collect_trigger(c);
+               spin_unlock(&c->erase_completion_lock);
        }
        ret = 0;
  out:
@@ -266,7 +273,7 @@ int jffs2_scan_medium(struct jffs2_sb_info *c)
                kfree(flashbuf);
 #ifndef __ECOS
        else
-               c->mtd->unpoint(c->mtd, flashbuf, 0, c->mtd->size);
+               c->mtd->unpoint(c->mtd, 0, c->mtd->size);
 #endif
        if (s)
                kfree(s);
@@ -274,8 +281,8 @@ int jffs2_scan_medium(struct jffs2_sb_info *c)
        return ret;
 }
 
-int jffs2_fill_scan_buf (struct jffs2_sb_info *c, void *buf,
-                               uint32_t ofs, uint32_t len)
+static int jffs2_fill_scan_buf(struct jffs2_sb_info *c, void *buf,
+                              uint32_t ofs, uint32_t len)
 {
        int ret;
        size_t retlen;
@@ -317,20 +324,23 @@ static int jffs2_scan_xattr_node(struct jffs2_sb_info *c, struct jffs2_erasebloc
                                 struct jffs2_summary *s)
 {
        struct jffs2_xattr_datum *xd;
-       uint32_t totlen, crc;
+       uint32_t xid, version, totlen, crc;
        int err;
 
        crc = crc32(0, rx, sizeof(struct jffs2_raw_xattr) - 4);
        if (crc != je32_to_cpu(rx->node_crc)) {
-               if (je32_to_cpu(rx->node_crc) != 0xffffffff)
-                       JFFS2_WARNING("node CRC failed at %#08x, read=%#08x, calc=%#08x\n",
-                                     ofs, je32_to_cpu(rx->node_crc), crc);
+               JFFS2_WARNING("node CRC failed at %#08x, read=%#08x, calc=%#08x\n",
+                             ofs, je32_to_cpu(rx->node_crc), crc);
                if ((err = jffs2_scan_dirty_space(c, jeb, je32_to_cpu(rx->totlen))))
                        return err;
                return 0;
        }
 
-       totlen = PAD(sizeof(*rx) + rx->name_len + 1 + je16_to_cpu(rx->value_len));
+       xid = je32_to_cpu(rx->xid);
+       version = je32_to_cpu(rx->version);
+
+       totlen = PAD(sizeof(struct jffs2_raw_xattr)
+                       + rx->name_len + 1 + je16_to_cpu(rx->value_len));
        if (totlen != je32_to_cpu(rx->totlen)) {
                JFFS2_WARNING("node length mismatch at %#08x, read=%u, calc=%u\n",
                              ofs, je32_to_cpu(rx->totlen), totlen);
@@ -339,22 +349,24 @@ static int jffs2_scan_xattr_node(struct jffs2_sb_info *c, struct jffs2_erasebloc
                return 0;
        }
 
-       xd = jffs2_setup_xattr_datum(c, je32_to_cpu(rx->xid), je32_to_cpu(rx->version));
-       if (IS_ERR(xd)) {
-               if (PTR_ERR(xd) == -EEXIST) {
-                       if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(rx->totlen)))))
-                               return err;
-                       return 0;
-               }
+       xd = jffs2_setup_xattr_datum(c, xid, version);
+       if (IS_ERR(xd))
                return PTR_ERR(xd);
-       }
-       xd->xprefix = rx->xprefix;
-       xd->name_len = rx->name_len;
-       xd->value_len = je16_to_cpu(rx->value_len);
-       xd->data_crc = je32_to_cpu(rx->data_crc);
 
-       xd->node = jffs2_link_node_ref(c, jeb, ofs | REF_PRISTINE, totlen, NULL);
-       /* FIXME */ xd->node->next_in_ino = (void *)xd;
+       if (xd->version > version) {
+               struct jffs2_raw_node_ref *raw
+                       = jffs2_link_node_ref(c, jeb, ofs | REF_PRISTINE, totlen, NULL);
+               raw->next_in_ino = xd->node->next_in_ino;
+               xd->node->next_in_ino = raw;
+       } else {
+               xd->version = version;
+               xd->xprefix = rx->xprefix;
+               xd->name_len = rx->name_len;
+               xd->value_len = je16_to_cpu(rx->value_len);
+               xd->data_crc = je32_to_cpu(rx->data_crc);
+
+               jffs2_link_node_ref(c, jeb, ofs | REF_PRISTINE, totlen, (void *)xd);
+       }
 
        if (jffs2_sum_active())
                jffs2_sum_add_xattr_mem(s, rx, ofs - jeb->offset);
@@ -373,16 +385,15 @@ static int jffs2_scan_xref_node(struct jffs2_sb_info *c, struct jffs2_eraseblock
 
        crc = crc32(0, rr, sizeof(*rr) - 4);
        if (crc != je32_to_cpu(rr->node_crc)) {
-               if (je32_to_cpu(rr->node_crc) != 0xffffffff)
-                       JFFS2_WARNING("node CRC failed at %#08x, read=%#08x, calc=%#08x\n",
-                                     ofs, je32_to_cpu(rr->node_crc), crc);
+               JFFS2_WARNING("node CRC failed at %#08x, read=%#08x, calc=%#08x\n",
+                             ofs, je32_to_cpu(rr->node_crc), crc);
                if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(rr->totlen)))))
                        return err;
                return 0;
        }
 
        if (PAD(sizeof(struct jffs2_raw_xref)) != je32_to_cpu(rr->totlen)) {
-               JFFS2_WARNING("node length mismatch at %#08x, read=%u, calc=%u\n",
+               JFFS2_WARNING("node length mismatch at %#08x, read=%u, calc=%zd\n",
                              ofs, je32_to_cpu(rr->totlen),
                              PAD(sizeof(struct jffs2_raw_xref)));
                if ((err = jffs2_scan_dirty_space(c, jeb, je32_to_cpu(rr->totlen))))
@@ -395,6 +406,7 @@ static int jffs2_scan_xref_node(struct jffs2_sb_info *c, struct jffs2_eraseblock
                return -ENOMEM;
 
        /* BEFORE jffs2_build_xattr_subsystem() called, 
+        * and AFTER xattr_ref is marked as a dead xref,
         * ref->xid is used to store 32bit xid, xd is not used
         * ref->ino is used to store 32bit inode-number, ic is not used
         * Thoes variables are declared as union, thus using those
@@ -404,11 +416,13 @@ static int jffs2_scan_xref_node(struct jffs2_sb_info *c, struct jffs2_eraseblock
         */
        ref->ino = je32_to_cpu(rr->ino);
        ref->xid = je32_to_cpu(rr->xid);
+       ref->xseqno = je32_to_cpu(rr->xseqno);
+       if (ref->xseqno > c->highest_xseqno)
+               c->highest_xseqno = (ref->xseqno & ~XREF_DELETE_MARKER);
        ref->next = c->xref_temp;
        c->xref_temp = ref;
 
-       ref->node = jffs2_link_node_ref(c, jeb, ofs | REF_PRISTINE, PAD(je32_to_cpu(rr->totlen)), NULL);
-       /* FIXME */ ref->node->next_in_ino = (void *)ref;
+       jffs2_link_node_ref(c, jeb, ofs | REF_PRISTINE, PAD(je32_to_cpu(rr->totlen)), (void *)ref);
 
        if (jffs2_sum_active())
                jffs2_sum_add_xref_mem(s, rr, ofs - jeb->offset);
@@ -424,7 +438,7 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
                                  unsigned char *buf, uint32_t buf_size, struct jffs2_summary *s) {
        struct jffs2_unknown_node *node;
        struct jffs2_unknown_node crcnode;
-       uint32_t ofs, prevofs;
+       uint32_t ofs, prevofs, max_ofs;
        uint32_t hdr_crc, buf_ofs, buf_len;
        int err;
        int noise = 0;
@@ -441,16 +455,20 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
 
 #ifdef CONFIG_JFFS2_FS_WRITEBUFFER
        if (jffs2_cleanmarker_oob(c)) {
-               int ret = jffs2_check_nand_cleanmarker(c, jeb);
+               int ret;
+
+               if (c->mtd->block_isbad(c->mtd, jeb->offset))
+                       return BLK_STATE_BADBLOCK;
+
+               ret = jffs2_check_nand_cleanmarker(c, jeb);
                D2(printk(KERN_NOTICE "jffs_check_nand_cleanmarker returned %d\n",ret));
+
                /* Even if it's not found, we still scan to see
                   if the block is empty. We use this information
                   to decide whether to erase it or not. */
                switch (ret) {
                case 0:         cleanmarkerfound = 1; break;
                case 1:         break;
-               case 2:         return BLK_STATE_BADBLOCK;
-               case 3:         return BLK_STATE_ALLDIRTY; /* Block has failed to erase min. once */
                default:        return ret;
                }
        }
@@ -463,7 +481,7 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
              
                if (!buf_size) {
                        /* XIP case. Just look, point at the summary if it's there */
-                       sm = (void *)buf + jeb->offset - sizeof(*sm);
+                       sm = (void *)buf + c->sector_size - sizeof(*sm);
                        if (je32_to_cpu(sm->magic) == JFFS2_SUM_MAGIC) {
                                sumptr = buf + je32_to_cpu(sm->offset);
                                sumlen = c->sector_size - je32_to_cpu(sm->offset);
@@ -535,12 +553,12 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
 
        /* We temporarily use 'ofs' as a pointer into the buffer/jeb */
        ofs = 0;
-
-       /* Scan only 4KiB of 0xFF before declaring it's empty */
-       while(ofs < EMPTY_SCAN_SIZE(c->sector_size) && *(uint32_t *)(&buf[ofs]) == 0xFFFFFFFF)
+       max_ofs = EMPTY_SCAN_SIZE(c->sector_size);
+       /* Scan only EMPTY_SCAN_SIZE of 0xFF before declaring it's empty */
+       while(ofs < max_ofs && *(uint32_t *)(&buf[ofs]) == 0xFFFFFFFF)
                ofs += 4;
 
-       if (ofs == EMPTY_SCAN_SIZE(c->sector_size)) {
+       if (ofs == max_ofs) {
 #ifdef CONFIG_JFFS2_FS_WRITEBUFFER
                if (jffs2_cleanmarker_oob(c)) {
                        /* scan oob, take care of cleanmarker */
@@ -562,6 +580,8 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
        if (ofs) {
                D1(printk(KERN_DEBUG "Free space at %08x ends at %08x\n", jeb->offset,
                          jeb->offset + ofs));
+               if ((err = jffs2_prealloc_raw_node_refs(c, jeb, 1)))
+                       return err;
                if ((err = jffs2_scan_dirty_space(c, jeb, ofs)))
                        return err;
        }
@@ -579,7 +599,7 @@ scan_more:
                jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
 
                /* Make sure there are node refs available for use */
-               err = jffs2_prealloc_raw_node_refs(c, 2);
+               err = jffs2_prealloc_raw_node_refs(c, jeb, 2);
                if (err)
                        return err;
 
@@ -621,16 +641,17 @@ scan_more:
 
                if (*(uint32_t *)(&buf[ofs-buf_ofs]) == 0xffffffff) {
                        uint32_t inbuf_ofs;
-                       uint32_t empty_start;
+                       uint32_t empty_start, scan_end;
 
                        empty_start = ofs;
                        ofs += 4;
+                       scan_end = min_t(uint32_t, EMPTY_SCAN_SIZE(c->sector_size)/8, buf_len);
 
                        D1(printk(KERN_DEBUG "Found empty flash at 0x%08x\n", ofs));
                more_empty:
                        inbuf_ofs = ofs - buf_ofs;
-                       while (inbuf_ofs < buf_len) {
-                               if (*(uint32_t *)(&buf[inbuf_ofs]) != 0xffffffff) {
+                       while (inbuf_ofs < scan_end) {
+                               if (unlikely(*(uint32_t *)(&buf[inbuf_ofs]) != 0xffffffff)) {
                                        printk(KERN_WARNING "Empty flash at 0x%08x ends at 0x%08x\n",
                                               empty_start, ofs);
                                        if ((err = jffs2_scan_dirty_space(c, jeb, ofs-empty_start)))
@@ -651,7 +672,11 @@ scan_more:
                                D1(printk(KERN_DEBUG "%d bytes at start of block seems clean... assuming all clean\n", EMPTY_SCAN_SIZE(c->sector_size)));
                                return BLK_STATE_CLEANMARKER;
                        }
-
+                       if (!buf_size && (scan_end != buf_len)) {/* XIP/point case */
+                               scan_end = buf_len;
+                               goto more_empty;
+                       }
+                       
                        /* See how much more there is to read in this eraseblock... */
                        buf_len = min_t(uint32_t, buf_size, jeb->offset + c->sector_size - ofs);
                        if (!buf_len) {
@@ -661,6 +686,8 @@ scan_more:
                                          empty_start));
                                break;
                        }
+                       /* point never reaches here */
+                       scan_end = buf_len;
                        D1(printk(KERN_DEBUG "Reading another 0x%x at 0x%08x\n", buf_len, ofs));
                        err = jffs2_fill_scan_buf(c, buf, ofs, buf_len);
                        if (err)
@@ -720,8 +747,7 @@ scan_more:
                        continue;
                }
 
-               if (ofs + je32_to_cpu(node->totlen) >
-                   jeb->offset + c->sector_size) {
+               if (ofs + je32_to_cpu(node->totlen) > jeb->offset + c->sector_size) {
                        /* Eep. Node goes over the end of the erase block. */
                        printk(KERN_WARNING "Node at 0x%08x with length 0x%08x would run over the end of the erase block\n",
                               ofs, je32_to_cpu(node->totlen));
@@ -843,7 +869,7 @@ scan_more:
                        switch (je16_to_cpu(node->nodetype) & JFFS2_COMPAT_MASK) {
                        case JFFS2_FEATURE_ROCOMPAT:
                                printk(KERN_NOTICE "Read-only compatible feature node (0x%04x) found at offset 0x%08x\n", je16_to_cpu(node->nodetype), ofs);
-                               c->flags |= JFFS2_SB_FLAG_RO;
+                               c->flags |= JFFS2_SB_FLAG_RO;
                                if (!(jffs2_is_readonly(c)))
                                        return -EROFS;
                                if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(node->totlen)))))
@@ -884,9 +910,9 @@ scan_more:
                }
        }
 
-       D1(printk(KERN_DEBUG "Block at 0x%08x: free 0x%08x, dirty 0x%08x, unchecked 0x%08x, used 0x%08x\n", jeb->offset,
-                 jeb->free_size, jeb->dirty_size, jeb->unchecked_size, jeb->used_size));
-
+       D1(printk(KERN_DEBUG "Block at 0x%08x: free 0x%08x, dirty 0x%08x, unchecked 0x%08x, used 0x%08x, wasted 0x%08x\n",
+                 jeb->offset,jeb->free_size, jeb->dirty_size, jeb->unchecked_size, jeb->used_size, jeb->wasted_size));
+       
        /* mark_node_obsolete can add to wasted !! */
        if (jeb->wasted_size) {
                jeb->dirty_size += jeb->wasted_size;
@@ -920,7 +946,7 @@ struct jffs2_inode_cache *jffs2_scan_make_ino_cache(struct jffs2_sb_info *c, uin
        ic->nodes = (void *)ic;
        jffs2_add_ino_cache(c, ic);
        if (ino == 1)
-               ic->nlink = 1;
+               ic->pino_nlink = 1;
        return ic;
 }
 
@@ -928,8 +954,7 @@ static int jffs2_scan_inode_node(struct jffs2_sb_info *c, struct jffs2_erasebloc
                                 struct jffs2_raw_inode *ri, uint32_t ofs, struct jffs2_summary *s)
 {
        struct jffs2_inode_cache *ic;
-       uint32_t ino = je32_to_cpu(ri->ino);
-       int err;
+       uint32_t crc, ino = je32_to_cpu(ri->ino);
 
        D1(printk(KERN_DEBUG "jffs2_scan_inode_node(): Node at 0x%08x\n", ofs));
 
@@ -942,21 +967,22 @@ static int jffs2_scan_inode_node(struct jffs2_sb_info *c, struct jffs2_erasebloc
           Which means that the _full_ amount of time to get to proper write mode with GC
           operational may actually be _longer_ than before. Sucks to be me. */
 
+       /* Check the node CRC in any case. */
+       crc = crc32(0, ri, sizeof(*ri)-8);
+       if (crc != je32_to_cpu(ri->node_crc)) {
+               printk(KERN_NOTICE "jffs2_scan_inode_node(): CRC failed on "
+                      "node at 0x%08x: Read 0x%08x, calculated 0x%08x\n",
+                      ofs, je32_to_cpu(ri->node_crc), crc);
+               /*
+                * We believe totlen because the CRC on the node
+                * _header_ was OK, just the node itself failed.
+                */
+               return jffs2_scan_dirty_space(c, jeb,
+                                             PAD(je32_to_cpu(ri->totlen)));
+       }
+
        ic = jffs2_get_ino_cache(c, ino);
        if (!ic) {
-               /* Inocache get failed. Either we read a bogus ino# or it's just genuinely the
-                  first node we found for this inode. Do a CRC check to protect against the former
-                  case */
-               uint32_t crc = crc32(0, ri, sizeof(*ri)-8);
-
-               if (crc != je32_to_cpu(ri->node_crc)) {
-                       printk(KERN_NOTICE "jffs2_scan_inode_node(): CRC failed on node at 0x%08x: Read 0x%08x, calculated 0x%08x\n",
-                              ofs, je32_to_cpu(ri->node_crc), crc);
-                       /* We believe totlen because the CRC on the node _header_ was OK, just the node itself failed. */
-                       if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(ri->totlen)))))
-                               return err;
-                       return 0;
-               }
                ic = jffs2_scan_make_ino_cache(c, ino);
                if (!ic)
                        return -ENOMEM;
@@ -984,6 +1010,7 @@ static int jffs2_scan_dirent_node(struct jffs2_sb_info *c, struct jffs2_eraseblo
 {
        struct jffs2_full_dirent *fd;
        struct jffs2_inode_cache *ic;
+       uint32_t checkedlen;
        uint32_t crc;
        int err;
 
@@ -1004,12 +1031,18 @@ static int jffs2_scan_dirent_node(struct jffs2_sb_info *c, struct jffs2_eraseblo
 
        pseudo_random += je32_to_cpu(rd->version);
 
-       fd = jffs2_alloc_full_dirent(rd->nsize+1);
+       /* Should never happen. Did. (OLPC trac #4184)*/
+       checkedlen = strnlen(rd->name, rd->nsize);
+       if (checkedlen < rd->nsize) {
+               printk(KERN_ERR "Dirent at %08x has zeroes in name. Truncating to %d chars\n",
+                      ofs, checkedlen);
+       }
+       fd = jffs2_alloc_full_dirent(checkedlen+1);
        if (!fd) {
                return -ENOMEM;
        }
-       memcpy(&fd->name, rd->name, rd->nsize);
-       fd->name[rd->nsize] = 0;
+       memcpy(&fd->name, rd->name, checkedlen);
+       fd->name[checkedlen] = 0;
 
        crc = crc32(0, fd->name, rd->nsize);
        if (crc != je32_to_cpu(rd->name_crc)) {
@@ -1029,12 +1062,13 @@ static int jffs2_scan_dirent_node(struct jffs2_sb_info *c, struct jffs2_eraseblo
                return -ENOMEM;
        }
 
-       fd->raw = jffs2_link_node_ref(c, jeb, ofs | REF_PRISTINE, PAD(je32_to_cpu(rd->totlen)), ic);
+       fd->raw = jffs2_link_node_ref(c, jeb, ofs | dirent_node_state(rd),
+                                     PAD(je32_to_cpu(rd->totlen)), ic);
 
        fd->next = NULL;
        fd->version = je32_to_cpu(rd->version);
        fd->ino = je32_to_cpu(rd->ino);
-       fd->nhash = full_name_hash(fd->name, rd->nsize);
+       fd->nhash = full_name_hash(fd->name, checkedlen);
        fd->type = rd->type;
        jffs2_add_fd_to_list(c, fd, &ic->scan_dents);