embox

1
/*
2
 * JFFS2 -- Journalling Flash File System, Version 2.
3
 *
4
 * Copyright (C) 2001-2003 Red Hat, Inc.
5
 *
6
 * Created by David Woodhouse <dwmw2@infradead.org>
7
 *
8
 * For licensing information, see the file 'LICENCE' in this directory.
9
 *
10
 * $Id: readinode.c,v 1.132 2005/07/28 14:46:40 dedekind Exp $
11
 *
12
 */
13

14
#include <linux/kernel.h>
15
#include <linux/sched.h>
16
#include <linux/slab.h>
17
#include <linux/fs.h>
18
#include <linux/crc32.h>
19
#include <linux/pagemap.h>
20
#include <linux/mtd/mtd.h>
21
#include <linux/compiler.h>
22
#include "nodelist.h"
23

24
void jffs2_truncate_fragtree (struct jffs2_sb_info *c,
25
					struct rb_root *list, uint32_t size) {
26
	struct jffs2_node_frag *frag = jffs2_lookup_node_frag(list, size);
27

28
	JFFS2_DBG_FRAGTREE("truncating fragtree to 0x%08x bytes\n", size);
29

30
	/* We know frag->ofs <= size. That's what lookup does for us */
31
	if (frag && frag->ofs != size) {
32
		if (frag->ofs+frag->size >= size) {
33
			JFFS2_DBG_FRAGTREE2("truncating frag 0x%08x-0x%08x\n", frag->ofs, frag->ofs+frag->size);
34
			frag->size = size - frag->ofs;
35
		}
36
		frag = frag_next(frag);
37
	}
38
	while (frag && frag->ofs >= size) {
39
		struct jffs2_node_frag *next = frag_next(frag);
40

41
		JFFS2_DBG_FRAGTREE("removing frag 0x%08x-0x%08x\n", frag->ofs, frag->ofs+frag->size);
42
		frag_erase(frag, list);
43
		jffs2_obsolete_node_frag(c, frag);
44
		frag = next;
45
	}
46
}
47

48
/*
49
 * Put a new tmp_dnode_info into the temporaty RB-tree, keeping the list in
50
 * order of increasing version.
51
 */
52
static void jffs2_add_tn_to_tree(struct jffs2_tmp_dnode_info *tn, struct rb_root *list)
53
{
54
	struct rb_node **p = &list->rb_node;
55
	struct rb_node * parent = NULL;
56
	struct jffs2_tmp_dnode_info *this;
57

58
	while (*p) {
59
		parent = *p;
60
		this = rb_entry(parent, struct jffs2_tmp_dnode_info, rb);
61

62
		/* There may actually be a collision here, but it doesn't
63
		 * actually matter. As long as the two nodes with the same
64
		 * version are together, it's all fine.
65
		 */
66
		if (tn->version < this->version) {
67
			p = &(*p)->rb_left;
68
		} else {
69
			p = &(*p)->rb_right;
70
		}
71
	}
72

73
	rb_link_node(&tn->rb, parent, p);
74
	rb_insert_color(&tn->rb, list);
75
}
76

77
static void jffs2_free_tmp_dnode_info_list(struct rb_root *list) {
78
	struct rb_node *this;
79
	struct jffs2_tmp_dnode_info *tn;
80

81
	this = list->rb_node;
82

83
	/* Now at bottom of tree */
84
	while (this) {
85
		if (this->rb_left) {
86
			this = this->rb_left;
87
		} else if (this->rb_right) {
88
			this = this->rb_right;
89
		} else {
90
			tn = rb_entry(this, struct jffs2_tmp_dnode_info, rb);
91
			jffs2_free_full_dnode(tn->fn);
92
			jffs2_free_tmp_dnode_info(tn);
93

94
			this = this->rb_parent;
95
			if (!this) {
96
				break;
97
			}
98

99
			if (this->rb_left == &tn->rb) {
100
				this->rb_left = NULL;
101
			} else if (this->rb_right == &tn->rb) {
102
				this->rb_right = NULL;
103
			} else {
104
				BUG();
105
			}
106
		}
107
	}
108
	list->rb_node = NULL;
109
}
110

111
static void jffs2_free_full_dirent_list(struct jffs2_full_dirent *fd) {
112
	struct jffs2_full_dirent *next;
113

114
	while (fd) {
115
		next = fd->next;
116
		jffs2_free_full_dirent(fd);
117
		fd = next;
118
	}
119
}
120

121
/* Returns first valid node after 'ref'. May return 'ref' */
122
static struct jffs2_raw_node_ref
123
			*jffs2_first_valid_node(struct jffs2_raw_node_ref *ref) {
124
	while (ref && ref->next_in_ino) {
125
		if (!ref_obsolete(ref)) {
126
			return ref;
127
		}
128
		JFFS2_DBG_NODEREF("node at 0x%08x is obsoleted. Ignoring.\n", ref_offset(ref));
129
		ref = ref->next_in_ino;
130
	}
131
	return NULL;
132
}
133

134
/*
135
 * Helper function for jffs2_get_inode_nodes().
136
 * It is called every time an directory entry node is found.
137
 *
138
 * Returns: 0 on succes;
139
 * 	    1 if the node should be marked obsolete;
140
 * 	    negative error code on failure.
141
 */
142
static inline int read_direntry(struct jffs2_sb_info *c,
143
	      struct jffs2_raw_node_ref *ref, struct jffs2_raw_dirent *rd,
144
	      uint32_t read, struct jffs2_full_dirent **fdp,
145
	      uint32_t *latest_mctime, uint32_t *mctime_ver) {
146
	struct jffs2_full_dirent *fd;
147

148
	/* The direntry nodes are checked during the flash scanning */
149
	BUG_ON(ref_flags(ref) == REF_UNCHECKED);
150
	/* Obsoleted. This cannot happen, surely? dwmw2 20020308 */
151
	BUG_ON(ref_obsolete(ref));
152

153
	/* Sanity check */
154
	if (unlikely(PAD((rd->nsize + sizeof(*rd))) != PAD(je32_to_cpu(rd->totlen)))) {
155
		JFFS2_ERROR("illegal nsize in node at %#08x: nsize %#02x, totlen %#04x\n",
156
		       ref_offset(ref), rd->nsize, je32_to_cpu(rd->totlen));
157
		return 1;
158
	}
159

160
	fd = jffs2_alloc_full_dirent(rd->nsize + 1);
161
	if (unlikely(!fd)) {
162
		return -ENOMEM;
163
	}
164

165
	fd->raw = ref;
166
	fd->version = je32_to_cpu(rd->version);
167
	fd->ino = je32_to_cpu(rd->ino);
168
	fd->type = rd->type;
169

170
	/* Pick out the mctime of the latest dirent */
171
	if(fd->version > *mctime_ver) {
172
		*mctime_ver = fd->version;
173
		*latest_mctime = je32_to_cpu(rd->mctime);
174
	}
175

176
	/*
177
	 * Copy as much of the name as possible from the raw
178
	 * dirent we've already read from the flash.
179
	 */
180
	if (read > sizeof(*rd)) {
181
		memcpy(&fd->name[0], &rd->name[0],
182
		       min_t(uint32_t, rd->nsize, (read - sizeof(*rd)) ));
183
	}
184

185
	/* Do we need to copy any more of the name directly from the flash? */
186
	if (rd->nsize + sizeof(*rd) > read) {
187
		/* FIXME: point() */
188
		int err;
189
		int already = read - sizeof(*rd);
190

191
		err = jffs2_flash_read(c, (ref_offset(ref)) + read,
192
				rd->nsize - already, &read, &fd->name[already]);
193
		if (unlikely(read != rd->nsize - already) && likely(!err)) {
194
			return -EIO;
195
		}
196
		if (unlikely(err)) {
197
			JFFS2_ERROR("read remainder of name: error %d\n", err);
198
			jffs2_free_full_dirent(fd);
199
			return -EIO;
200
		}
201
	}
202

203
	fd->nhash = full_name_hash(fd->name, rd->nsize);
204
	fd->next = NULL;
205
	fd->name[rd->nsize] = '\0';
206

207
	/*
208
	 * Wheee. We now have a complete jffs2_full_dirent structure, with
209
	 * the name in it and everything. Link it into the list
210
	 */
211
	jffs2_add_fd_to_list(c, fd, fdp);
212

213
	return 0;
214
}
215

216
/*
217
 * Helper function for jffs2_get_inode_nodes().
218
 * It is called every time an inode node is found.
219
 *
220
 * Returns: 0 on succes;
221
 * 	    1 if the node should be marked obsolete;
222
 * 	    negative error code on failure.
223
 */
224
static inline int read_dnode(struct jffs2_sb_info *c,
225
	   struct jffs2_raw_node_ref *ref, struct jffs2_raw_inode *rd,
226
	   uint32_t read, struct rb_root *tnp, uint32_t *latest_mctime,
227
	   	   	   	   	   	   	   	   	   	   	   uint32_t *mctime_ver) {
228
	struct jffs2_eraseblock *jeb;
229
	struct jffs2_tmp_dnode_info *tn;
230

231
	/* Obsoleted. This cannot happen, surely? dwmw2 20020308 */
232
	BUG_ON(ref_obsolete(ref));
233

234
	/* If we've never checked the CRCs on this node, check them now */
235
	if (ref_flags(ref) == REF_UNCHECKED) {
236
		uint32_t crc, len;
237

238
		crc = crc32(0, rd, sizeof(*rd) - 8);
239
		if (unlikely(crc != je32_to_cpu(rd->node_crc))) {
240
			JFFS2_NOTICE("header CRC failed on node at %#08x: read %#08x, calculated %#08x\n",
241
					ref_offset(ref), je32_to_cpu(rd->node_crc), crc);
242
			return 1;
243
		}
244

245
		/* Sanity checks */
246
		if (unlikely(je32_to_cpu(rd->offset) > je32_to_cpu(rd->isize)) ||
247
		    unlikely(PAD(je32_to_cpu(rd->csize) + sizeof(*rd)) != PAD(je32_to_cpu(rd->totlen)))) {
248
				JFFS2_WARNING("inode node header CRC is corrupted at %#08x\n", ref_offset(ref));
249
				jffs2_dbg_dump_node(c, ref_offset(ref));
250
			return 1;
251
		}
252

253
		if (rd->compr != JFFS2_COMPR_ZERO && je32_to_cpu(rd->csize)) {
254
			unsigned char *buf = NULL;
255
			uint32_t pointed = 0;
256
			int err;
257
			if(!pointed){
258
				buf = kmalloc(je32_to_cpu(rd->csize), GFP_KERNEL);
259
				if (!buf) {
260
					return -ENOMEM;
261
				}
262

263
				err = jffs2_flash_read(c, ref_offset(ref) + sizeof(*rd), je32_to_cpu(rd->csize),
264
							&read, buf);
265
				if (unlikely(read != je32_to_cpu(rd->csize)) && likely(!err)) {
266
					err = -EIO;
267
				}
268
				if (err) {
269
					kfree(buf);
270
					return err;
271
				}
272
			}
273
			crc = crc32(0, buf, je32_to_cpu(rd->csize));
274
			if(!pointed) {
275
				kfree(buf);
276
			}
277

278
			if (crc != je32_to_cpu(rd->data_crc)) {
279
				JFFS2_NOTICE("data CRC failed on node at %#08x: read %#08x, calculated %#08x\n",
280
					ref_offset(ref), je32_to_cpu(rd->data_crc), crc);
281
				return 1;
282
			}
283

284
		}
285

286
		/* Mark the node as having been checked and fix the accounting accordingly */
287
		jeb = &c->blocks[ref->flash_offset / c->sector_size];
288
		len = ref_totlen(c, jeb, ref);
289

290
		spin_lock(&c->erase_completion_lock);
291
		jeb->used_size += len;
292
		jeb->unchecked_size -= len;
293
		c->used_size += len;
294
		c->unchecked_size -= len;
295

296
		/* If node covers at least a whole page, or if it starts at the
297
		 * beginning of a page and runs to the end of the file, or if
298
		 * it's a hole node, mark it REF_PRISTINE, else REF_NORMAL.
299
		 *
300
		 * If it's actually overlapped, it'll get made NORMAL (or OBSOLETE)
301
		 * when the overlapping node(s) get added to the tree anyway.
302
		 */
303
		if ((je32_to_cpu(rd->dsize) >= PAGE_CACHE_SIZE) ||
304
		    ( ((je32_to_cpu(rd->offset) & (PAGE_CACHE_SIZE-1)) == 0) &&
305
		      (je32_to_cpu(rd->dsize) + je32_to_cpu(rd->offset) ==
306
		    		  	  	  	  	  	  	  	  je32_to_cpu(rd->isize)))) {
307
			JFFS2_DBG_READINODE("marking node at %#08x REF_PRISTINE\n", ref_offset(ref));
308
			ref->flash_offset = ref_offset(ref) | REF_PRISTINE;
309
		} else {
310
			JFFS2_DBG_READINODE("marking node at %#08x REF_NORMAL\n", ref_offset(ref));
311
			ref->flash_offset = ref_offset(ref) | REF_NORMAL;
312
		}
313
		spin_unlock(&c->erase_completion_lock);
314
	}
315

316
	tn = jffs2_alloc_tmp_dnode_info();
317
	if (!tn) {
318
		JFFS2_ERROR("alloc tn failed\n");
319
		return -ENOMEM;
320
	}
321

322
	tn->fn = jffs2_alloc_full_dnode();
323
	if (!tn->fn) {
324
		JFFS2_ERROR("alloc fn failed\n");
325
		jffs2_free_tmp_dnode_info(tn);
326
		return -ENOMEM;
327
	}
328

329
	tn->version = je32_to_cpu(rd->version);
330
	tn->fn->ofs = je32_to_cpu(rd->offset);
331
	tn->fn->raw = ref;
332

333
	/* There was a bug where we wrote hole nodes out with
334
	 * csize/dsize swapped. Deal with it
335
	 */
336
	if (rd->compr == JFFS2_COMPR_ZERO && !je32_to_cpu(rd->dsize)
337
										&& je32_to_cpu(rd->csize)) {
338
		tn->fn->size = je32_to_cpu(rd->csize);
339
	} 	else { /* normal case... */
340
		tn->fn->size = je32_to_cpu(rd->dsize);
341
	}
342

343
	JFFS2_DBG_READINODE("dnode @%08x: ver %u, offset %#04x, dsize %#04x\n",
344
		  ref_offset(ref), je32_to_cpu(rd->version), je32_to_cpu(rd->offset), je32_to_cpu(rd->dsize));
345

346
	jffs2_add_tn_to_tree(tn, tnp);
347

348
	return 0;
349
}
350

351
/*
352
 * Helper function for jffs2_get_inode_nodes().
353
 * It is called every time an unknown node is found.
354
 *
355
 * Returns: 0 on succes;
356
 * 	    1 if the node should be marked obsolete;
357
 * 	    negative error code on failure.
358
 */
359
static inline int read_unknown(struct jffs2_sb_info *c,
360
	     struct jffs2_raw_node_ref *ref,
361
	     struct jffs2_unknown_node *un, uint32_t read) {
362
	/* We don't mark unknown nodes as REF_UNCHECKED */
363
	BUG_ON(ref_flags(ref) == REF_UNCHECKED);
364

365
	un->nodetype = cpu_to_je16(JFFS2_NODE_ACCURATE |
366
							je16_to_cpu(un->nodetype));
367

368
	if (crc32(0, un, sizeof(struct jffs2_unknown_node) - 4) !=
369
									je32_to_cpu(un->hdr_crc)) {
370
		/* Hmmm. This should have been caught at scan time. */
371
		JFFS2_NOTICE("node header CRC failed at %#08x. But it must have been OK earlier.\n", ref_offset(ref));
372
		jffs2_dbg_dump_node(c, ref_offset(ref));
373
		return 1;
374
	} else {
375
		switch(je16_to_cpu(un->nodetype) & JFFS2_COMPAT_MASK) {
376

377
		case JFFS2_FEATURE_INCOMPAT:
378
			JFFS2_ERROR("unknown INCOMPAT nodetype %#04X at %#08x\n",
379
				je16_to_cpu(un->nodetype), ref_offset(ref));
380
			/* EEP */
381
			BUG();
382
			break;
383

384
		case JFFS2_FEATURE_ROCOMPAT:
385
			JFFS2_ERROR("unknown ROCOMPAT nodetype %#04X at %#08x\n",
386
					je16_to_cpu(un->nodetype), ref_offset(ref));
387
			BUG_ON(!(c->flags & JFFS2_SB_FLAG_RO));
388
			break;
389

390
		case JFFS2_FEATURE_RWCOMPAT_COPY:
391
			JFFS2_NOTICE("unknown RWCOMPAT_COPY nodetype %#04X at %#08x\n",
392
					je16_to_cpu(un->nodetype), ref_offset(ref));
393
			break;
394

395
		case JFFS2_FEATURE_RWCOMPAT_DELETE:
396
			JFFS2_NOTICE("unknown RWCOMPAT_DELETE nodetype %#04X at %#08x\n",
397
					je16_to_cpu(un->nodetype), ref_offset(ref));
398
			return 1;
399
		}
400
	}
401

402
	return 0;
403
}
404

405
/**
406
 *  Get tmp_dnode_info and full_dirent for all non-obsolete nodes associated
407
 * with this ino, returning the former in order of version
408
 */
409
static int jffs2_get_inode_nodes(struct jffs2_sb_info *c, struct jffs2_inode_info *f,
410
				 struct rb_root *tnp, struct jffs2_full_dirent **fdp,
411
				 uint32_t *highest_version, uint32_t *latest_mctime,
412
				 uint32_t *mctime_ver) {
413
	struct jffs2_raw_node_ref *ref, *valid_ref;
414
	struct rb_root ret_tn = RB_ROOT;
415
	struct jffs2_full_dirent *ret_fd = NULL;
416
	union jffs2_node_union node;
417
	size_t retlen;
418
	int err;
419

420
	*mctime_ver = 0;
421

422
	JFFS2_DBG_READINODE("ino #%u\n", f->inocache->ino);
423

424
	spin_lock(&c->erase_completion_lock);
425

426
	valid_ref = jffs2_first_valid_node(f->inocache->nodes);
427

428
	if (!valid_ref && (f->inocache->ino != 1)) {
429
		JFFS2_WARNING("no valid nodes for ino #%u\n", f->inocache->ino);
430
	}
431

432
	while (valid_ref) {
433
		/* We can hold a pointer to a non-obsolete node without the spinlock,
434
		 * but _obsolete_ nodes may disappear at any time, if the block
435
		 * they're in gets erased. So if we mark 'ref' obsolete while we're
436
		 * not holding the lock, it can go away immediately. For that reason,
437
		 * we find the next valid node first, before processing 'ref'.
438
		 */
439
		ref = valid_ref;
440
		valid_ref = jffs2_first_valid_node(ref->next_in_ino);
441
		spin_unlock(&c->erase_completion_lock);
442

443
		cond_resched();
444

445
		/* FIXME: point() */
446
		err = jffs2_flash_read(c, (ref_offset(ref)),
447
				       min_t(uint32_t, ref_totlen(c, NULL, ref), sizeof(node)),
448
				       &retlen, (void *)&node);
449
		if (err) {
450
			JFFS2_ERROR("error %d reading node at 0x%08x in get_inode_nodes()\n", err, ref_offset(ref));
451
			goto free_out;
452
		}
453

454
		switch (je16_to_cpu(node.u.nodetype)) {
455

456
		case JFFS2_NODETYPE_DIRENT:
457
			JFFS2_DBG_READINODE("node at %08x (%d) is a dirent node\n", ref_offset(ref), ref_flags(ref));
458

459
			if (retlen < sizeof(node.d)) {
460
				JFFS2_ERROR("short read dirent at %#08x\n", ref_offset(ref));
461
				err = -EIO;
462
				goto free_out;
463
			}
464

465
			err = read_direntry(c, ref, &node.d, retlen, &ret_fd,
466
					latest_mctime, mctime_ver);
467
			if (err == 1) {
468
				jffs2_mark_node_obsolete(c, ref);
469
				break;
470
			} else if (unlikely(err)) {
471
				goto free_out;
472
			}
473

474
			if (je32_to_cpu(node.d.version) > *highest_version) {
475
				*highest_version = je32_to_cpu(node.d.version);
476
			}
477

478
			break;
479

480
		case JFFS2_NODETYPE_INODE:
481
			JFFS2_DBG_READINODE("node at %08x (%d) is a data node\n",
482
					ref_offset(ref), ref_flags(ref));
483

484
			if (retlen < sizeof(node.i)) {
485
				JFFS2_ERROR("short read dnode at %#08x\n", ref_offset(ref));
486
				err = -EIO;
487
				goto free_out;
488
			}
489

490
			err = read_dnode(c, ref, &node.i, retlen, &ret_tn,
491
					latest_mctime, mctime_ver);
492
			if (err == 1) {
493
				jffs2_mark_node_obsolete(c, ref);
494
				break;
495
			} else if (unlikely(err)) {
496
				goto free_out;
497
			}
498

499
			if (je32_to_cpu(node.i.version) > *highest_version) {
500
				*highest_version = je32_to_cpu(node.i.version);
501
			}
502

503
			JFFS2_DBG_READINODE("version %d, highest_version now %d\n",
504
					je32_to_cpu(node.i.version), *highest_version);
505

506
			break;
507

508
		default:
509
			/* Check we've managed to read at least the common node header */
510
			if (retlen < sizeof(struct jffs2_unknown_node)) {
511
				JFFS2_ERROR("short read unknown node at %#08x\n", ref_offset(ref));
512
				return -EIO;
513
			}
514

515
			err = read_unknown(c, ref, &node.u, retlen);
516
			if (err == 1) {
517
				jffs2_mark_node_obsolete(c, ref);
518
				break;
519
			} else if (unlikely(err)) {
520
				goto free_out;
521
			}
522

523
		}
524
		spin_lock(&c->erase_completion_lock);
525

526
	}
527
	spin_unlock(&c->erase_completion_lock);
528
	*tnp = ret_tn;
529
	*fdp = ret_fd;
530

531
	return 0;
532

533
 free_out:
534
	jffs2_free_tmp_dnode_info_list(&ret_tn);
535
	jffs2_free_full_dirent_list(ret_fd);
536
	return err;
537
}
538

539
static int jffs2_do_read_inode_internal(struct jffs2_sb_info *c,
540
					struct jffs2_inode_info *f,
541
					struct jffs2_raw_inode *latest_node) {
542
	struct jffs2_tmp_dnode_info *tn = NULL;
543
	struct rb_root tn_list;
544
	struct rb_node *rb, *repl_rb;
545
	struct jffs2_full_dirent *fd_list = NULL;
546
	struct jffs2_full_dnode *fn = NULL;
547
	uint32_t crc;
548
	uint32_t latest_mctime = 0, mctime_ver;
549
	uint32_t mdata_ver = 0;
550
	size_t retlen;
551
	int ret;
552

553
	JFFS2_DBG_READINODE("ino #%u nlink is %d\n", f->inocache->ino, f->inocache->nlink);
554

555
	/* Grab all nodes relevant to this ino */
556
	ret = jffs2_get_inode_nodes(c, f, &tn_list,
557
			&fd_list, &f->highest_version, &latest_mctime, &mctime_ver);
558

559
	if (ret) {
560
		JFFS2_ERROR("cannot read nodes for ino %u, returned error is %d\n", f->inocache->ino, ret);
561
		if (f->inocache->state == INO_STATE_READING) {
562
			jffs2_set_inocache_state(c, f->inocache, INO_STATE_CHECKEDABSENT);
563
		}
564
		return ret;
565
	}
566
	f->dents = fd_list;
567

568
	rb = rb_first(&tn_list);
569

570
	while (rb) {
571
		tn = rb_entry(rb, struct jffs2_tmp_dnode_info, rb);
572
		fn = tn->fn;
573

574
		if (f->metadata) {
575
			if (likely(tn->version >= mdata_ver)) {
576
				JFFS2_DBG_READINODE("obsoleting old metadata at 0x%08x\n", ref_offset(f->metadata->raw));
577
				jffs2_mark_node_obsolete(c, f->metadata->raw);
578
				jffs2_free_full_dnode(f->metadata);
579
				f->metadata = NULL;
580

581
				mdata_ver = 0;
582
			} else {
583
				/* This should never happen. */
584
				JFFS2_ERROR("Er. New metadata at 0x%08x with ver %d is actually older than previous ver %d at 0x%08x\n",
585
					  ref_offset(fn->raw), tn->version, mdata_ver, ref_offset(f->metadata->raw));
586
				jffs2_mark_node_obsolete(c, fn->raw);
587
				jffs2_free_full_dnode(fn);
588
				/* Fill in latest_node from the metadata, not this one we're about to free... */
589
				fn = f->metadata;
590
				goto next_tn;
591
			}
592
		}
593

594
		if (fn->size) {
595
			jffs2_add_full_dnode_to_inode(c, f, fn);
596
		} else {
597
			/* Zero-sized node at end of version list. Just a metadata update */
598
			JFFS2_DBG_READINODE("metadata @%08x: ver %d\n", ref_offset(fn->raw), tn->version);
599
			f->metadata = fn;
600
			mdata_ver = tn->version;
601
		}
602
	next_tn:
603
		BUG_ON(rb->rb_left);
604
		if (rb->rb_parent && rb->rb_parent->rb_left == rb) {
605
			/* We were then left-hand child of our parent. We need
606
			   to move our own right-hand child into our place. */
607
			repl_rb = rb->rb_right;
608
			if (repl_rb) {
609
				repl_rb->rb_parent = rb->rb_parent;
610
			}
611
		} else {
612
			repl_rb = NULL;
613
		}
614

615
		rb = rb_next(rb);
616

617
		/* Remove the spent tn from the tree; don't bother rebalancing
618
		   but put our right-hand child in our own place. */
619
		if (tn->rb.rb_parent) {
620
			if (tn->rb.rb_parent->rb_left == &tn->rb) {
621
				tn->rb.rb_parent->rb_left = repl_rb;
622
			} else if (tn->rb.rb_parent->rb_right == &tn->rb) {
623
				tn->rb.rb_parent->rb_right = repl_rb;
624
			} else  {
625
				BUG();
626
			}
627
		} else if (tn->rb.rb_right) {
628
			tn->rb.rb_right->rb_parent = NULL;
629
		}
630

631
		jffs2_free_tmp_dnode_info(tn);
632
	}
633
	jffs2_dbg_fragtree_paranoia_check_nolock(f);
634

635
	if (!fn) {
636
		/* No data nodes for this inode. */
637
		if (f->inocache->ino != 1) {
638
			JFFS2_WARNING("no data nodes found for ino #%u\n", f->inocache->ino);
639
			if (!fd_list) {
640
				if (f->inocache->state == INO_STATE_READING) {
641
					jffs2_set_inocache_state(c,
642
							f->inocache, INO_STATE_CHECKEDABSENT);
643
				}
644
				return -EIO;
645
			}
646
			JFFS2_NOTICE("but it has children so we fake some modes for it\n");
647
		}
648
		latest_node->mode = cpu_to_jemode(S_IFDIR|S_IRUGO|S_IWUSR|S_IXUGO);
649
		latest_node->version = cpu_to_je32(0);
650
		latest_node->atime = latest_node->ctime =
651
				latest_node->mtime = cpu_to_je32(0);
652
		latest_node->isize = cpu_to_je32(0);
653
		latest_node->gid = cpu_to_je16(0);
654
		latest_node->uid = cpu_to_je16(0);
655
		if (f->inocache->state == INO_STATE_READING) {
656
			jffs2_set_inocache_state(c, f->inocache, INO_STATE_PRESENT);
657
		}
658
		return 0;
659
	}
660

661
	ret = jffs2_flash_read(c, ref_offset(fn->raw),
662
			sizeof(*latest_node), &retlen, (void *)latest_node);
663
	if (ret || retlen != sizeof(*latest_node)) {
664
		JFFS2_ERROR("failed to read from flash: error %d, %zd of %zd bytes read\n",
665
			ret, retlen, sizeof(*latest_node));
666
		/* FIXME: If this fails, there seems to be a memory leak. Find it. */
667
		up(&f->sem);
668
		jffs2_do_clear_inode(c, f);
669
		return ret?ret:-EIO;
670
	}
671

672
	crc = crc32(0, latest_node, sizeof(*latest_node)-8);
673
	if (crc != je32_to_cpu(latest_node->node_crc)) {
674
		JFFS2_ERROR("CRC failed for read_inode of inode %u at physical location 0x%x\n",
675
			f->inocache->ino, ref_offset(fn->raw));
676
		up(&f->sem);
677
		jffs2_do_clear_inode(c, f);
678
		return -EIO;
679
	}
680

681
	switch(jemode_to_cpu(latest_node->mode) & S_IFMT) {
682
	case S_IFDIR:
683
		if (mctime_ver > je32_to_cpu(latest_node->version)) {
684
			/* The times in the latest_node are actually older than
685
			 * mctime in the latest dirent. Cheat.
686
			 */
687
			latest_node->ctime = latest_node->mtime = cpu_to_je32(latest_mctime);
688
		}
689
		break;
690

691

692
	case S_IFREG:
693
		/* If it was a regular file, truncate it to the latest node's isize */
694
		jffs2_truncate_fragtree(c, &f->fragtree, je32_to_cpu(latest_node->isize));
695
		break;
696

697
	case S_IFLNK:
698
		/* Hack to work around broken isize in old symlink code.
699
		 * Remove this when dwmw2 comes to his senses and stops
700
		 * symlinks from being an entirely gratuitous special
701
		 * case.
702
		 */
703
		if (!je32_to_cpu(latest_node->isize)) {
704
			latest_node->isize = latest_node->dsize;
705
		}
706

707
		if (f->inocache->state != INO_STATE_CHECKING) {
708
			/* Symlink's inode data is the target path. Read it and
709
			 * keep in RAM to facilitate quick follow symlink
710
			 * operation. */
711
			f->target = kmalloc(je32_to_cpu(latest_node->csize) + 1, GFP_KERNEL);
712
			if (!f->target) {
713
				JFFS2_ERROR("can't allocate %d bytes of memory for the symlink target path cache\n", je32_to_cpu(latest_node->csize));
714
				up(&f->sem);
715
				jffs2_do_clear_inode(c, f);
716
				return -ENOMEM;
717
			}
718

719
			ret = jffs2_flash_read(c, ref_offset(fn->raw) +
720
					sizeof(*latest_node), je32_to_cpu(latest_node->csize),
721
										&retlen, (unsigned char *)f->target);
722

723
			if (ret  || retlen != je32_to_cpu(latest_node->csize)) {
724
				if (retlen != je32_to_cpu(latest_node->csize)) {
725
					ret = -EIO;
726
				}
727
				kfree(f->target);
728
				f->target = NULL;
729
				up(&f->sem);
730
				jffs2_do_clear_inode(c, f);
731
				return -ret;
732
			}
733

734
			f->target[je32_to_cpu(latest_node->csize)] = '\0';
735
			JFFS2_DBG_READINODE("symlink's target '%s' cached\n", f->target);
736
		}
737

738
	/* fall through... */
739
	case S_IFBLK:
740
	case S_IFCHR:
741
		/* Certain inode types should have only one data node, and it's
742
		 * kept as the metadata node
743
		 */
744
		if (f->metadata) {
745
			JFFS2_ERROR("Argh. Special inode #%u with mode 0%o had metadata node\n",
746
			       f->inocache->ino, jemode_to_cpu(latest_node->mode));
747
			up(&f->sem);
748
			jffs2_do_clear_inode(c, f);
749
			return -EIO;
750
		}
751
		if (!frag_first(&f->fragtree)) {
752
			JFFS2_ERROR("Argh. Special inode #%u with mode 0%o has no fragments\n",
753
			       f->inocache->ino, jemode_to_cpu(latest_node->mode));
754
			up(&f->sem);
755
			jffs2_do_clear_inode(c, f);
756
			return -EIO;
757
		}
758
		/* ASSERT: f->fraglist != NULL */
759
		if (frag_next(frag_first(&f->fragtree))) {
760
			JFFS2_ERROR("Argh. Special inode #%u with mode 0x%x had more than one node\n",
761
			       f->inocache->ino, jemode_to_cpu(latest_node->mode));
762
			/* FIXME: Deal with it - check crc32, check for duplicate node, check times and discard the older one */
763
			up(&f->sem);
764
			jffs2_do_clear_inode(c, f);
765
			return -EIO;
766
		}
767
		/* OK. We're happy */
768
		f->metadata = frag_first(&f->fragtree)->node;
769
		jffs2_free_node_frag(frag_first(&f->fragtree));
770
		f->fragtree = RB_ROOT;
771
		break;
772
	}
773
	if (f->inocache->state == INO_STATE_READING) {
774
		jffs2_set_inocache_state(c, f->inocache, INO_STATE_PRESENT);
775
	}
776

777
	return 0;
778
}
779

780
/* Scan the list of all nodes present for this ino, build map of versions, etc. */
781
int jffs2_do_read_inode(struct jffs2_sb_info *c, struct jffs2_inode_info *f,
782
			uint32_t ino, struct jffs2_raw_inode *latest_node) {
783
	JFFS2_DBG_READINODE("read inode #%u\n", ino);
784

785
 retry_inocache:
786
	spin_lock(&c->inocache_lock);
787
	f->inocache = jffs2_get_ino_cache(c, ino);
788

789
	if (f->inocache) {
790
		/* Check its state. We may need to wait before we can use it */
791
		switch(f->inocache->state) {
792
		case INO_STATE_UNCHECKED:
793
		case INO_STATE_CHECKEDABSENT:
794
			f->inocache->state = INO_STATE_READING;
795
			break;
796

797
		case INO_STATE_CHECKING:
798
		case INO_STATE_GC:
799
			/* If it's in either of these states, we need
800
			 * to wait for whoever's got it to finish and
801
			 * put it back.
802
			 */
803
			JFFS2_DBG_READINODE("waiting for ino #%u in state %d\n", ino, f->inocache->state);
804
			sleep_on_spinunlock(&c->inocache_wq, &c->inocache_lock);
805
			goto retry_inocache;
806

807
		case INO_STATE_READING:
808
		case INO_STATE_PRESENT:
809
			/* Eep. This should never happen. It can happen if Linux calls
810
			 * read_inode() again before clear_inode() has finished though.
811
			 */
812
			JFFS2_ERROR("Eep. Trying to read_inode #%u when it's already in state %d!\n", ino, f->inocache->state);
813
			/* Fail. That's probably better than allowing it to succeed */
814
			f->inocache = NULL;
815
			break;
816

817
		default:
818
			BUG();
819
			break;
820
		}
821
	}
822
	spin_unlock(&c->inocache_lock);
823

824
	if (!f->inocache && ino == 1) {
825
		/* Special case - no root inode on medium */
826
		f->inocache = jffs2_alloc_inode_cache();
827
		if (!f->inocache) {
828
			JFFS2_ERROR("cannot allocate inocache for root inode\n");
829
			return -ENOMEM;
830
		}
831
		JFFS2_DBG_READINODE("creating inocache for root inode\n");
832
		memset(f->inocache, 0, sizeof(struct jffs2_inode_cache));
833
		f->inocache->ino = f->inocache->nlink = 1;
834
		f->inocache->nodes = (struct jffs2_raw_node_ref *)f->inocache;
835
		f->inocache->state = INO_STATE_READING;
836
		jffs2_add_ino_cache(c, f->inocache);
837
	}
838
	if (!f->inocache) {
839
		JFFS2_ERROR("requestied to read an nonexistent ino %u\n", ino);
840
		return -ENOENT;
841
	}
842

843
	return jffs2_do_read_inode_internal(c, f, latest_node);
844
}
845

846
int jffs2_do_crccheck_inode(struct jffs2_sb_info *c,
847
						struct jffs2_inode_cache *ic) {
848
	struct jffs2_raw_inode n;
849
	struct jffs2_inode_info *f = kmalloc(sizeof(*f), GFP_KERNEL);
850
	int ret;
851

852
	if (!f) {
853
		return -ENOMEM;
854
	}
855

856
	memset(f, 0, sizeof(*f));
857
	init_MUTEX_LOCKED(&f->sem);
858
	f->inocache = ic;
859

860
	ret = jffs2_do_read_inode_internal(c, f, &n);
861
	if (!ret) {
862
		up(&f->sem);
863
		jffs2_do_clear_inode(c, f);
864
	}
865
	kfree (f);
866
	return ret;
867
}
868

869
void jffs2_do_clear_inode(struct jffs2_sb_info *c,
870
						struct jffs2_inode_info *f) {
871
	struct jffs2_full_dirent *fd, *fds;
872
	int deleted;
873

874
	down(&f->sem);
875
	deleted = f->inocache && !f->inocache->nlink;
876

877
	if (f->inocache && f->inocache->state != INO_STATE_CHECKING) {
878
		jffs2_set_inocache_state(c, f->inocache, INO_STATE_CLEARING);
879
	}
880

881
	if (f->metadata) {
882
		if (deleted) {
883
			jffs2_mark_node_obsolete(c, f->metadata->raw);
884
		}
885
		jffs2_free_full_dnode(f->metadata);
886
	}
887

888
	jffs2_kill_fragtree(&f->fragtree, deleted?c:NULL);
889

890
	if (f->target) {
891
		kfree(f->target);
892
		f->target = NULL;
893
	}
894

895
	fds = f->dents;
896
	while(fds) {
897
		fd = fds;
898
		fds = fd->next;
899
		jffs2_free_full_dirent(fd);
900
	}
901

902
	if (f->inocache && f->inocache->state != INO_STATE_CHECKING) {
903
		jffs2_set_inocache_state(c, f->inocache, INO_STATE_CHECKEDABSENT);
904
		if (f->inocache->nodes == (void *)f->inocache) {
905
			jffs2_del_ino_cache(c, f->inocache);
906
		}
907
	}
908

909
	up(&f->sem);
910
}
911