embox

1
/*
2
 * JFFS2 -- Journalling Flash File System, Version 2.
3
 *
4
 * Copyright (C) 2001-2003 Red Hat, Inc.
5
 *
6
 * Created by David Woodhouse <dwmw2@infradead.org>
7
 *
8
 * For licensing information, see the file 'LICENCE' in this directory.
9
 *
10
 * $Id: scan.c,v 1.121 2005/07/20 15:32:28 dedekind Exp $
11
 *
12
 */
13
#include <linux/kernel.h>
14
#include <linux/sched.h>
15
#include <linux/slab.h>
16
#include <linux/mtd/mtd.h>
17
#include <linux/pagemap.h>
18
#include <linux/crc32.h>
19
#include <linux/compiler.h>
20
#include "nodelist.h"
21

22
#define DEFAULT_EMPTY_SCAN_SIZE 1024
23

24
#define DIRTY_SPACE(x) do { typeof(x) _x = (x); \
25
		c->free_size -= _x; c->dirty_size += _x; \
26
		jeb->free_size -= _x ; jeb->dirty_size += _x; \
27
		}while(0)
28
#define USED_SPACE(x) do { typeof(x) _x = (x); \
29
		c->free_size -= _x; c->used_size += _x; \
30
		jeb->free_size -= _x ; jeb->used_size += _x; \
31
		}while(0)
32
#define UNCHECKED_SPACE(x) do { typeof(x) _x = (x); \
33
		c->free_size -= _x; c->unchecked_size += _x; \
34
		jeb->free_size -= _x ; jeb->unchecked_size += _x; \
35
		}while(0)
36

37
#define noisy_printk(noise, args...) do { \
38
	if (*(noise)) { \
39
		printk(KERN_NOTICE args); \
40
		 (*(noise))--; \
41
		 if (!(*(noise))) { \
42
			 printk(KERN_NOTICE "Further such events for this erase block will not be printed\n"); \
43
		 } \
44
	} \
45
} while(0)
46

47
static uint32_t pseudo_random;
48

49
static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb,
50
				  unsigned char *buf, uint32_t buf_size);
51

52
/* These helper functions _must_ increase ofs and also do the dirty/used space accounting.
53
 * Returning an error will abort the mount - bad checksums etc. should just mark the space
54
 * as dirty.
55
 */
56
static int jffs2_scan_inode_node(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb,
57
				 struct jffs2_raw_inode *ri, uint32_t ofs);
58
static int jffs2_scan_dirent_node(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb,
59
				 struct jffs2_raw_dirent *rd, uint32_t ofs);
60

61
#define BLK_STATE_ALLFF		0
62
#define BLK_STATE_CLEAN		1
63
#define BLK_STATE_PARTDIRTY	2
64
#define BLK_STATE_CLEANMARKER	3
65
#define BLK_STATE_ALLDIRTY	4
66
#define BLK_STATE_BADBLOCK	5
67

68
static inline int min_free(struct jffs2_sb_info *c)
69
{
70
	uint32_t min = 2 * sizeof(struct jffs2_raw_inode);
71
#ifdef CONFIG_JFFS2_FS_WRITEBUFFER
72
	if (!jffs2_can_mark_obsolete(c) && min < c->wbuf_pagesize)
73
		return c->wbuf_pagesize;
74
#endif
75
	return min;
76

77
}
78

79
static inline uint32_t EMPTY_SCAN_SIZE(uint32_t sector_size) {
80
	if (sector_size < DEFAULT_EMPTY_SCAN_SIZE) {
81
		return sector_size;
82
	}
83
	else {
84
		return DEFAULT_EMPTY_SCAN_SIZE;
85
	}
86
}
87

88
int jffs2_scan_medium(struct jffs2_sb_info *c)
89
{
90
	int i, ret;
91
	uint32_t empty_blocks = 0, bad_blocks = 0;
92
	unsigned char *flashbuf = NULL;
93
	uint32_t buf_size = 0;
94

95
	if (!flashbuf) {
96
		/* For NAND it's quicker to read a whole eraseblock at a time,
97
		   apparently */
98
		if (jffs2_cleanmarker_oob(c)) {
99
			buf_size = c->sector_size;
100
		} else {
101
			buf_size = PAGE_SIZE();
102
		}
103

104
		/* Respect kmalloc limitations */
105
		if (buf_size > 128*1024) {
106
			buf_size = 128*1024;
107
		}
108

109
		D1(printk( "Allocating readbuf of %d bytes\n", buf_size));
110
		flashbuf = sysmalloc(buf_size);
111
		if (!flashbuf) {
112
			return -ENOMEM;
113
		}
114
	}
115

116
	for (i=0; i < c->nr_blocks; i++) {
117
		struct jffs2_eraseblock *jeb = &c->blocks[i];
118

119
		ret = jffs2_scan_eraseblock(c, jeb, buf_size ?
120
				flashbuf:(flashbuf + jeb->offset), buf_size);
121

122
		if (ret < 0) {
123
			goto out;
124
		}
125

126
		jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
127

128
		/* Now decide which list to put it on */
129
		switch(ret) {
130
		case BLK_STATE_ALLFF:
131
			/*
132
			 * Empty block.   Since we can't be sure it
133
			 * was entirely erased, we just queue it for erase
134
			 * again.  It will be marked as such when the erase
135
			 * is complete.  Meanwhile we still count it as empty
136
			 * for later checks.
137
			 */
138
			empty_blocks++;
139
			list_add(&jeb->list, &c->erase_pending_list);
140
			c->nr_erasing_blocks++;
141
			break;
142

143
		case BLK_STATE_CLEANMARKER:
144
			/* Only a CLEANMARKER node is valid */
145
			if (!jeb->dirty_size) {
146
				/* It's actually free */
147
				list_add(&jeb->list, &c->free_list);
148
				c->nr_free_blocks++;
149
			} else {
150
				/* Dirt */
151
				D1(printk( "Adding all-dirty block at 0x%08x to erase_pending_list\n", jeb->offset));
152
				list_add(&jeb->list, &c->erase_pending_list);
153
				c->nr_erasing_blocks++;
154
			}
155
			break;
156

157
		case BLK_STATE_CLEAN:
158
				/* Full (or almost full) of clean data. Clean list */
159
				list_add(&jeb->list, &c->clean_list);
160
			break;
161

162
		case BLK_STATE_PARTDIRTY:
163
				/* Some data, but not full. Dirty list.
164
				 * We want to remember the block with most free space
165
				 * and stick it in the 'nextblock' position to start writing to it.
166
				 */
167
				if ((jeb->free_size > min_free(c)) &&
168
						(!c->nextblock ||
169
						  c->nextblock->free_size < jeb->free_size)) {
170
					/* Better candidate for the next writes to go to */
171
					if (c->nextblock) {
172
						c->nextblock->dirty_size += c->nextblock->free_size +
173
								c->nextblock->wasted_size;
174
						c->dirty_size += c->nextblock->free_size +
175
								c->nextblock->wasted_size;
176
						c->free_size -= c->nextblock->free_size;
177
						c->wasted_size -= c->nextblock->wasted_size;
178
						c->nextblock->free_size = c->nextblock->wasted_size = 0;
179
						if (VERYDIRTY(c, c->nextblock->dirty_size)) {
180
							list_add(&c->nextblock->list, &c->very_dirty_list);
181
						} else {
182
							list_add(&c->nextblock->list, &c->dirty_list);
183
						}
184
					}
185
					c->nextblock = jeb;
186
                } else {
187
					jeb->dirty_size += jeb->free_size + jeb->wasted_size;
188
					c->dirty_size += jeb->free_size + jeb->wasted_size;
189
					c->free_size -= jeb->free_size;
190
					c->wasted_size -= jeb->wasted_size;
191
					jeb->free_size = jeb->wasted_size = 0;
192
					if (VERYDIRTY(c, jeb->dirty_size)) {
193
						list_add(&jeb->list, &c->very_dirty_list);
194
					} else {
195
						list_add(&jeb->list, &c->dirty_list);
196
					}
197
                }
198
			break;
199

200
		case BLK_STATE_ALLDIRTY:
201
			/* Nothing valid - not even a clean marker. Needs erasing. */
202
                        /* For now we just put it on the erasing list. We'll start the erases later */
203
			D1(printk(KERN_NOTICE "JFFS2: Erase block at 0x%08x is not formatted. It will be erased\n", jeb->offset));
204
                        list_add(&jeb->list, &c->erase_pending_list);
205
			c->nr_erasing_blocks++;
206
			break;
207

208
		case BLK_STATE_BADBLOCK:
209
			D1(printk(KERN_NOTICE "JFFS2: Block at 0x%08x is bad\n", jeb->offset));
210
                        list_add(&jeb->list, &c->bad_list);
211
			c->bad_size += c->sector_size;
212
			c->free_size -= c->sector_size;
213
			bad_blocks++;
214
			break;
215
		default:
216
			printk(KERN_WARNING "jffs2_scan_medium(): unknown block state\n");
217
			BUG();
218
			break;
219
		}
220
	}
221

222
	/* Nextblock dirty is always seen as wasted, because we cannot recycle it now */
223
	if (c->nextblock && (c->nextblock->dirty_size)) {
224
		c->nextblock->wasted_size += c->nextblock->dirty_size;
225
		c->wasted_size += c->nextblock->dirty_size;
226
		c->dirty_size -= c->nextblock->dirty_size;
227
		c->nextblock->dirty_size = 0;
228
	}
229
#ifdef CONFIG_JFFS2_FS_WRITEBUFFER
230
	if (!jffs2_can_mark_obsolete(c) && c->nextblock && (c->nextblock->free_size & (c->wbuf_pagesize-1))) {
231
		/* If we're going to start writing into a block which already
232
		   contains data, and the end of the data isn't page-aligned,
233
		   skip a little and align it. */
234

235
		uint32_t skip = c->nextblock->free_size & (c->wbuf_pagesize-1);
236

237
		D1(printk( "jffs2_scan_medium(): Skipping %d bytes in nextblock to ensure page alignment\n",
238
			  skip));
239
		c->nextblock->wasted_size += skip;
240
		c->wasted_size += skip;
241

242
		c->nextblock->free_size -= skip;
243
		c->free_size -= skip;
244
	}
245
#endif
246
	if (c->nr_erasing_blocks) {
247
		if (!c->used_size && ((c->nr_free_blocks + empty_blocks + bad_blocks)
248
							  != c->nr_blocks || bad_blocks == c->nr_blocks)) {
249
			printk(KERN_NOTICE "Cowardly refusing to erase blocks on filesystem with no valid JFFS2 nodes\n");
250
			printk(KERN_NOTICE "empty_blocks %d, bad_blocks %d, c->nr_blocks %d\n",empty_blocks,bad_blocks,c->nr_blocks);
251
			ret = -EIO;
252
			goto out;
253
		}
254
		jffs2_erase_pending_trigger(c);
255
	}
256
	ret = 0;
257
 out:
258
	if (buf_size) {
259
		sysfree(flashbuf);
260
	}
261
	return ret;
262
}
263

264
static int jffs2_fill_scan_buf (struct jffs2_sb_info *c, unsigned char *buf,
265
				uint32_t ofs, uint32_t len)
266
{
267
	int ret;
268
	size_t retlen;
269

270
	ret = jffs2_flash_read(c, ofs, len, &retlen, buf);
271
	if (ret) {
272
		D1(printk(KERN_WARNING "mtd->read(0x%x bytes from 0x%x) returned %d\n", len, ofs, ret));
273
		return ret;
274
	}
275
	if (retlen < len) {
276
		D1(printk(KERN_WARNING "Read at 0x%x gave only 0x%zx bytes\n", ofs, retlen));
277
		return -EIO;
278
	}
279
	D2(printk( "Read 0x%x bytes from 0x%08x into buf\n", len, ofs));
280
	D2(printk( "000: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n",
281
		  buf[0], buf[1], buf[2], buf[3], buf[4], buf[5], buf[6], buf[7], buf[8], buf[9], buf[10], buf[11], buf[12], buf[13], buf[14], buf[15]));
282
	return 0;
283
}
284

285
static int jffs2_scan_eraseblock (struct jffs2_sb_info *c,
286
		struct jffs2_eraseblock *jeb, unsigned char *buf, uint32_t buf_size) {
287
	struct jffs2_unknown_node *node;
288
	struct jffs2_unknown_node crcnode;
289
	uint32_t ofs, prevofs;
290
	uint32_t hdr_crc, buf_ofs, buf_len;
291
	int err;
292
	int noise = 0;
293
#ifdef CONFIG_JFFS2_FS_WRITEBUFFER
294
	int cleanmarkerfound = 0;
295
#endif
296

297
	ofs = jeb->offset;
298
	prevofs = jeb->offset - 1;
299

300
	D1(printk( "jffs2_scan_eraseblock(): Scanning block at 0x%x\n", ofs));
301

302
#ifdef CONFIG_JFFS2_FS_WRITEBUFFER
303
	if (jffs2_cleanmarker_oob(c)) {
304
		int ret = jffs2_check_nand_cleanmarker(c, jeb);
305
		D2(printk(KERN_NOTICE "jffs_check_nand_cleanmarker returned %d\n",ret));
306
		/* Even if it's not found, we still scan to see
307
		   if the block is empty. We use this information
308
		   to decide whether to erase it or not. */
309
		switch (ret) {
310
		case 0:		cleanmarkerfound = 1; break;
311
		case 1: 	break;
312
		case 2: 	return BLK_STATE_BADBLOCK;
313
		case 3:		return BLK_STATE_ALLDIRTY; /* Block has failed to erase min. once */
314
		default: 	return ret;
315
		}
316
	}
317
#endif
318
	buf_ofs = jeb->offset;
319

320
	if (!buf_size) {
321
		buf_len = c->sector_size;
322
	} else {
323
		buf_len = EMPTY_SCAN_SIZE(c->sector_size);
324
		err = jffs2_fill_scan_buf(c, buf, buf_ofs, buf_len);
325
		if (err) {
326
			return err;
327
		}
328
	}
329

330
	/* We temporarily use 'ofs' as a pointer into the buffer/jeb */
331
	ofs = 0;
332

333
	/* Scan only 4KiB of 0xFF before declaring it's empty */
334
	while(ofs < EMPTY_SCAN_SIZE(c->sector_size)
335
			&& *(uint32_t *)(&buf[ofs]) == 0xFFFFFFFF) {
336
		ofs += 4;
337
	}
338

339
	if (ofs == EMPTY_SCAN_SIZE(c->sector_size)) {
340
#ifdef CONFIG_JFFS2_FS_WRITEBUFFER
341
		if (jffs2_cleanmarker_oob(c)) {
342
			/* scan oob, take care of cleanmarker */
343
			int ret = jffs2_check_oob_empty(c, jeb, cleanmarkerfound);
344
			D2(printk(KERN_NOTICE "jffs2_check_oob_empty returned %d\n",ret));
345
			switch (ret) {
346
			case 0:		return cleanmarkerfound ? BLK_STATE_CLEANMARKER : BLK_STATE_ALLFF;
347
			case 1: 	return BLK_STATE_ALLDIRTY;
348
			default: 	return ret;
349
			}
350
		}
351
#endif
352
		D1(printk( "Block at 0x%08x is empty (erased)\n", jeb->offset));
353
		if (c->cleanmarker_size == 0) {
354
			return BLK_STATE_CLEANMARKER;	/* don't bother with re-erase */
355
		} else {
356
			return BLK_STATE_ALLFF;	/* OK to erase if all blocks are like this */
357
		}
358
	}
359
	if (ofs) {
360
		D1(printk( "Free space at %08x ends at %08x\n", jeb->offset,
361
			  jeb->offset + ofs));
362
		DIRTY_SPACE(ofs);
363
	}
364

365
	/* Now ofs is a complete physical flash offset as it always was... */
366
	ofs += jeb->offset;
367

368
	noise = 10;
369

370
scan_more:
371
	while(ofs < jeb->offset + c->sector_size) {
372

373
		jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
374

375
		cond_resched();
376

377
		if (ofs & 3) {
378
			printk(KERN_WARNING "Eep. ofs 0x%08x not word-aligned!\n", ofs);
379
			ofs = PAD(ofs);
380
			continue;
381
		}
382
		if (ofs == prevofs) {
383
			printk(KERN_WARNING "ofs 0x%08x has already been seen. Skipping\n", ofs);
384
			DIRTY_SPACE(4);
385
			ofs += 4;
386
			continue;
387
		}
388
		prevofs = ofs;
389

390
		if (jeb->offset + c->sector_size < ofs + sizeof(*node)) {
391
			D1(printk( "Fewer than %zd bytes left to end of block. (%x+%x<%x+%zx) Not reading\n", sizeof(struct jffs2_unknown_node),
392
				  jeb->offset, c->sector_size, ofs, sizeof(*node)));
393
			DIRTY_SPACE((jeb->offset + c->sector_size)-ofs);
394
			break;
395
		}
396

397
		if (buf_ofs + buf_len < ofs + sizeof(*node)) {
398
			buf_len = min_t(uint32_t, buf_size, jeb->offset + c->sector_size - ofs);
399
			D1(printk( "Fewer than %zd bytes (node header) left to end of buf. Reading 0x%x at 0x%08x\n",
400
				  sizeof(struct jffs2_unknown_node), buf_len, ofs));
401
			err = jffs2_fill_scan_buf(c, buf, ofs, buf_len);
402
			if (err) {
403
				return err;
404
			}
405
			buf_ofs = ofs;
406
		}
407

408
		node = (struct jffs2_unknown_node *)&buf[ofs - buf_ofs];
409

410
		if (*(uint32_t *)(&buf[ofs - buf_ofs]) == 0xffffffff) {
411
			uint32_t inbuf_ofs;
412
			uint32_t empty_start;
413

414
			empty_start = ofs;
415
			ofs += 4;
416

417
			D1(printk( "Found empty flash at 0x%08x\n", ofs));
418
		more_empty:
419
			inbuf_ofs = ofs - buf_ofs;
420
			while (inbuf_ofs < buf_len) {
421
				if (*(uint32_t *)(&buf[inbuf_ofs]) != 0xffffffff) {
422
					printk(KERN_WARNING "Empty flash at 0x%08x ends at 0x%08x\n",
423
					       empty_start, ofs);
424
					DIRTY_SPACE(ofs-empty_start);
425
					goto scan_more;
426
				}
427

428
				inbuf_ofs+=4;
429
				ofs += 4;
430
			}
431
			/* Ran off end. */
432
			D1(printk( "Empty flash to end of buffer at 0x%08x\n", ofs));
433

434
			/* If we're only checking the beginning of a block with a cleanmarker,
435
			   bail now */
436
			if (buf_ofs == jeb->offset && jeb->used_size == PAD(c->cleanmarker_size) &&
437
			    c->cleanmarker_size && !jeb->dirty_size && !jeb->first_node->next_phys) {
438
				D1(printk( "%d bytes at start of block seems clean... assuming all clean\n", EMPTY_SCAN_SIZE(c->sector_size)));
439
				return BLK_STATE_CLEANMARKER;
440
			}
441

442
			/* See how much more there is to read in this eraseblock... */
443
			buf_len = min_t(uint32_t, buf_size, jeb->offset + c->sector_size - ofs);
444
			if (!buf_len) {
445
				/* No more to read. Break out of main loop without marking
446
				   this range of empty space as dirty (because it's not) */
447
				D1(printk( "Empty flash at %08x runs to end of block. Treating as free_space\n",
448
					  empty_start));
449
				break;
450
			}
451
			D1(printk( "Reading another 0x%x at 0x%08x\n", buf_len, ofs));
452
			err = jffs2_fill_scan_buf(c, buf, ofs, buf_len);
453
			if (err) {
454
				return err;
455
			}
456
			buf_ofs = ofs;
457
			goto more_empty;
458
		}
459

460
		if (ofs == jeb->offset && je16_to_cpu(node->magic) == KSAMTIB_CIGAM_2SFFJ) {
461
			printk(KERN_WARNING "Magic bitmask is backwards at offset 0x%08x. Wrong endian filesystem?\n", ofs);
462
			DIRTY_SPACE(4);
463
			ofs += 4;
464
			continue;
465
		}
466
		if (je16_to_cpu(node->magic) == JFFS2_DIRTY_BITMASK) {
467
			D1(printk( "Dirty bitmask at 0x%08x\n", ofs));
468
			DIRTY_SPACE(4);
469
			ofs += 4;
470
			continue;
471
		}
472
		if (je16_to_cpu(node->magic) == JFFS2_OLD_MAGIC_BITMASK) {
473
			printk(KERN_WARNING "Old JFFS2 bitmask found at 0x%08x\n", ofs);
474
			printk(KERN_WARNING "You cannot use older JFFS2 filesystems with newer kernels\n");
475
			DIRTY_SPACE(4);
476
			ofs += 4;
477
			continue;
478
		}
479
		if (je16_to_cpu(node->magic) != JFFS2_MAGIC_BITMASK) {
480
			/* OK. We're out of possibilities. Whinge and move on */
481
			noisy_printk(&noise, "jffs2_scan_eraseblock(): Magic bitmask 0x%04x not found at 0x%08x: 0x%04x instead\n",
482
				     JFFS2_MAGIC_BITMASK, ofs,
483
				     je16_to_cpu(node->magic));
484
			DIRTY_SPACE(4);
485
			ofs += 4;
486
			continue;
487
		}
488
		/* We seem to have a node of sorts. Check the CRC */
489
		crcnode.magic = node->magic;
490
		crcnode.nodetype = cpu_to_je16( je16_to_cpu(node->nodetype) | JFFS2_NODE_ACCURATE);
491
		crcnode.totlen = node->totlen;
492
		hdr_crc = crc32(0, &crcnode, sizeof(crcnode) - 4);
493

494
		if (hdr_crc != je32_to_cpu(node->hdr_crc)) {
495
			noisy_printk(&noise, "jffs2_scan_eraseblock(): Node at 0x%08x {0x%04x, 0x%04x, 0x%08x) has invalid CRC 0x%08x (calculated 0x%08x)\n",
496
				     ofs, je16_to_cpu(node->magic),
497
				     je16_to_cpu(node->nodetype),
498
				     je32_to_cpu(node->totlen),
499
				     je32_to_cpu(node->hdr_crc),
500
				     hdr_crc);
501
			DIRTY_SPACE(4);
502
			ofs += 4;
503
			continue;
504
		}
505

506
		if (ofs + je32_to_cpu(node->totlen) >
507
		    jeb->offset + c->sector_size) {
508
			/* Eep. Node goes over the end of the erase block. */
509
			printk(KERN_WARNING "Node at 0x%08x with length 0x%08x would run over the end of the erase block\n",
510
			       ofs, je32_to_cpu(node->totlen));
511
			printk(KERN_WARNING "Perhaps the file system was created with the wrong erase size?\n");
512
			DIRTY_SPACE(4);
513
			ofs += 4;
514
			continue;
515
		}
516

517
		if (!(je16_to_cpu(node->nodetype) & JFFS2_NODE_ACCURATE)) {
518
			/* Wheee. This is an obsoleted node */
519
			D2(printk( "Node at 0x%08x is obsolete. Skipping\n", ofs));
520
			DIRTY_SPACE(PAD(je32_to_cpu(node->totlen)));
521
			ofs += PAD(je32_to_cpu(node->totlen));
522
			continue;
523
		}
524

525
		switch(je16_to_cpu(node->nodetype)) {
526
		case JFFS2_NODETYPE_INODE:
527
			if (buf_ofs + buf_len < ofs + sizeof(struct jffs2_raw_inode)) {
528
				buf_len = min_t(uint32_t, buf_size,
529
						jeb->offset + c->sector_size - ofs);
530
				D1(printk( "Fewer than %zd bytes (inode node) left to end of buf. Reading 0x%x at 0x%08x\n",
531
					  sizeof(struct jffs2_raw_inode), buf_len, ofs));
532
				err = jffs2_fill_scan_buf(c, buf, ofs, buf_len);
533
				if (err) {
534
					return err;
535
				}
536
				buf_ofs = ofs;
537
				node = (void *)buf;
538
			}
539
			err = jffs2_scan_inode_node(c, jeb, (void *)node, ofs);
540
			if (err) {
541
				return err;
542
			}
543
			ofs += PAD(je32_to_cpu(node->totlen));
544
			break;
545

546
		case JFFS2_NODETYPE_DIRENT:
547
			if (buf_ofs + buf_len < ofs + je32_to_cpu(node->totlen)) {
548
				buf_len = min_t(uint32_t, buf_size, jeb->offset + c->sector_size - ofs);
549
				D1(printk( "Fewer than %d bytes (dirent node) left to end of buf. Reading 0x%x at 0x%08x\n",
550
					  je32_to_cpu(node->totlen), buf_len, ofs));
551
				err = jffs2_fill_scan_buf(c, buf, ofs, buf_len);
552
				if (err) {
553
					return err;
554
				}
555
				buf_ofs = ofs;
556
				node = (void *)buf;
557
			}
558
			err = jffs2_scan_dirent_node(c, jeb, (void *)node, ofs);
559
			if (err) {
560
				return err;
561
			}
562
			ofs += PAD(je32_to_cpu(node->totlen));
563
			break;
564

565
		case JFFS2_NODETYPE_CLEANMARKER:
566
			D1(printk( "CLEANMARKER node found at 0x%08x\n", ofs));
567
			if (je32_to_cpu(node->totlen) != c->cleanmarker_size) {
568
				printk(KERN_NOTICE "CLEANMARKER node found at 0x%08x has totlen 0x%x != normal 0x%x\n",
569
				       ofs, je32_to_cpu(node->totlen), c->cleanmarker_size);
570
				DIRTY_SPACE(PAD(sizeof(struct jffs2_unknown_node)));
571
				ofs += PAD(sizeof(struct jffs2_unknown_node));
572
			} else if (jeb->first_node) {
573
				printk(KERN_NOTICE "CLEANMARKER node found at 0x%08x, not first node in block (0x%08x)\n", ofs, jeb->offset);
574
				DIRTY_SPACE(PAD(sizeof(struct jffs2_unknown_node)));
575
				ofs += PAD(sizeof(struct jffs2_unknown_node));
576
			} else {
577
				struct jffs2_raw_node_ref *marker_ref = jffs2_alloc_raw_node_ref();
578
				if (!marker_ref) {
579
					printk(KERN_NOTICE "Failed to allocate node ref for clean marker\n");
580
					return -ENOMEM;
581
				}
582
				marker_ref->next_in_ino = NULL;
583
				marker_ref->next_phys = NULL;
584
				marker_ref->flash_offset = ofs | REF_NORMAL;
585
				marker_ref->__totlen = c->cleanmarker_size;
586
				jeb->first_node = jeb->last_node = marker_ref;
587

588
				USED_SPACE(PAD(c->cleanmarker_size));
589
				ofs += PAD(c->cleanmarker_size);
590
			}
591
			break;
592

593
		case JFFS2_NODETYPE_PADDING:
594
			DIRTY_SPACE(PAD(je32_to_cpu(node->totlen)));
595
			ofs += PAD(je32_to_cpu(node->totlen));
596
			break;
597

598
		default:
599
			switch (je16_to_cpu(node->nodetype) & JFFS2_COMPAT_MASK) {
600
			case JFFS2_FEATURE_ROCOMPAT:
601
				printk(KERN_NOTICE "Read-only compatible feature node (0x%04x) found at offset 0x%08x\n", je16_to_cpu(node->nodetype), ofs);
602
			        c->flags |= JFFS2_SB_FLAG_RO;
603
				DIRTY_SPACE(PAD(je32_to_cpu(node->totlen)));
604
				ofs += PAD(je32_to_cpu(node->totlen));
605
				break;
606

607
			case JFFS2_FEATURE_INCOMPAT:
608
				printk(KERN_NOTICE "Incompatible feature node (0x%04x) found at offset 0x%08x\n", je16_to_cpu(node->nodetype), ofs);
609
				return -EINVAL;
610

611
			case JFFS2_FEATURE_RWCOMPAT_DELETE:
612
				D1(printk(KERN_NOTICE "Unknown but compatible feature node (0x%04x) found at offset 0x%08x\n", je16_to_cpu(node->nodetype), ofs));
613
				DIRTY_SPACE(PAD(je32_to_cpu(node->totlen)));
614
				ofs += PAD(je32_to_cpu(node->totlen));
615
				break;
616

617
			case JFFS2_FEATURE_RWCOMPAT_COPY:
618
				D1(printk(KERN_NOTICE "Unknown but compatible feature node (0x%04x) found at offset 0x%08x\n", je16_to_cpu(node->nodetype), ofs));
619
				USED_SPACE(PAD(je32_to_cpu(node->totlen)));
620
				ofs += PAD(je32_to_cpu(node->totlen));
621
				break;
622
			}
623
		}
624
	}
625

626

627
	D1(printk( "Block at 0x%08x: free 0x%08x, dirty 0x%08x, unchecked 0x%08x, used 0x%08x\n", jeb->offset,
628
		  jeb->free_size, jeb->dirty_size, jeb->unchecked_size, jeb->used_size));
629

630
	/* mark_node_obsolete can add to wasted !! */
631
	if (jeb->wasted_size) {
632
		jeb->dirty_size += jeb->wasted_size;
633
		c->dirty_size += jeb->wasted_size;
634
		c->wasted_size -= jeb->wasted_size;
635
		jeb->wasted_size = 0;
636
	}
637

638
	if ((jeb->used_size + jeb->unchecked_size) == PAD(c->cleanmarker_size)
639
			&& !jeb->dirty_size
640
			&& (!jeb->first_node || !jeb->first_node->next_phys)) {
641
		return BLK_STATE_CLEANMARKER;
642
	/* move blocks with max 4 byte dirty space to cleanlist */
643
	} else if (!ISDIRTY(c->sector_size - (jeb->used_size + jeb->unchecked_size))) {
644
		c->dirty_size -= jeb->dirty_size;
645
		c->wasted_size += jeb->dirty_size;
646
		jeb->wasted_size += jeb->dirty_size;
647
		jeb->dirty_size = 0;
648
		return BLK_STATE_CLEAN;
649
	} else if (jeb->used_size || jeb->unchecked_size) {
650
		return BLK_STATE_PARTDIRTY;
651
	} else {
652
		return BLK_STATE_ALLDIRTY;
653
	}
654
}
655

656
static struct jffs2_inode_cache *jffs2_scan_make_ino_cache(struct jffs2_sb_info *c, uint32_t ino)
657
{
658
	struct jffs2_inode_cache *ic;
659

660
	ic = jffs2_get_ino_cache(c, ino);
661
	if (ic)
662
		return ic;
663

664
	if (ino > c->highest_ino)
665
		c->highest_ino = ino;
666

667
	ic = jffs2_alloc_inode_cache();
668
	if (!ic) {
669
		printk(KERN_NOTICE "jffs2_scan_make_inode_cache(): allocation of inode cache failed\n");
670
		return NULL;
671
	}
672
	memset(ic, 0, sizeof(*ic));
673

674
	ic->ino = ino;
675
	ic->nodes = (void *)ic;
676
	jffs2_add_ino_cache(c, ic);
677
	if (ino == 1)
678
		ic->nlink = 1;
679
	return ic;
680
}
681

682
static int jffs2_scan_inode_node(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb,
683
				 struct jffs2_raw_inode *ri, uint32_t ofs)
684
{
685
	struct jffs2_raw_node_ref *raw;
686
	struct jffs2_inode_cache *ic;
687
	uint32_t ino = je32_to_cpu(ri->ino);
688

689
	D1(printk( "jffs2_scan_inode_node(): Node at 0x%08x\n", ofs));
690

691
	/* We do very little here now. Just check the ino# to which we should attribute
692
	   this node; we can do all the CRC checking etc. later. There's a tradeoff here --
693
	   we used to scan the flash once only, reading everything we want from it into
694
	   memory, then building all our in-core data structures and freeing the extra
695
	   information. Now we allow the first part of the mount to complete a lot quicker,
696
	   but we have to go _back_ to the flash in order to finish the CRC checking, etc.
697
	   Which means that the _full_ amount of time to get to proper write mode with GC
698
	   operational may actually be _longer_ than before. Sucks to be me. */
699

700
	raw = jffs2_alloc_raw_node_ref();
701
	if (!raw) {
702
		printk(KERN_NOTICE "jffs2_scan_inode_node(): allocation of node reference failed\n");
703
		return -ENOMEM;
704
	}
705

706
	ic = jffs2_get_ino_cache(c, ino);
707
	if (!ic) {
708
		/* Inocache get failed. Either we read a bogus ino# or it's just genuinely the
709
		   first node we found for this inode. Do a CRC check to protect against the former
710
		   case */
711
		uint32_t crc = crc32(0, ri, sizeof(*ri)-8);
712

713
		if (crc != je32_to_cpu(ri->node_crc)) {
714
			printk(KERN_NOTICE "jffs2_scan_inode_node(): CRC failed on node at 0x%08x: Read 0x%08x, calculated 0x%08x\n",
715
			       ofs, je32_to_cpu(ri->node_crc), crc);
716
			/* We believe totlen because the CRC on the node _header_ was OK, just the node itself failed. */
717
			DIRTY_SPACE(PAD(je32_to_cpu(ri->totlen)));
718
			jffs2_free_raw_node_ref(raw);
719
			return 0;
720
		}
721
		ic = jffs2_scan_make_ino_cache(c, ino);
722
		if (!ic) {
723
			jffs2_free_raw_node_ref(raw);
724
			return -ENOMEM;
725
		}
726
	}
727

728
	/* Wheee. It worked */
729

730
	raw->flash_offset = ofs | REF_UNCHECKED;
731
	raw->__totlen = PAD(je32_to_cpu(ri->totlen));
732
	raw->next_phys = NULL;
733
	raw->next_in_ino = ic->nodes;
734

735
	ic->nodes = raw;
736
	if (!jeb->first_node)
737
		jeb->first_node = raw;
738
	if (jeb->last_node)
739
		jeb->last_node->next_phys = raw;
740
	jeb->last_node = raw;
741

742
	D1(printk( "Node is ino #%u, version %d. Range 0x%x-0x%x\n",
743
		  je32_to_cpu(ri->ino), je32_to_cpu(ri->version),
744
		  je32_to_cpu(ri->offset),
745
		  je32_to_cpu(ri->offset)+je32_to_cpu(ri->dsize)));
746

747
	pseudo_random += je32_to_cpu(ri->version);
748

749
	UNCHECKED_SPACE(PAD(je32_to_cpu(ri->totlen)));
750
	return 0;
751
}
752

753
static int jffs2_scan_dirent_node(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb,
754
				  struct jffs2_raw_dirent *rd, uint32_t ofs)
755
{
756
	struct jffs2_raw_node_ref *raw;
757
	struct jffs2_full_dirent *fd;
758
	struct jffs2_inode_cache *ic;
759
	uint32_t crc;
760

761
	D1(printk( "jffs2_scan_dirent_node(): Node at 0x%08x\n", ofs));
762

763
	/* We don't get here unless the node is still valid, so we don't have to
764
	   mask in the ACCURATE bit any more. */
765
	crc = crc32(0, rd, sizeof(*rd)-8);
766

767
	if (crc != je32_to_cpu(rd->node_crc)) {
768
		printk(KERN_NOTICE "jffs2_scan_dirent_node(): Node CRC failed on node at 0x%08x: Read 0x%08x, calculated 0x%08x\n",
769
		       ofs, je32_to_cpu(rd->node_crc), crc);
770
		/* We believe totlen because the CRC on the node _header_ was OK, just the node itself failed. */
771
		DIRTY_SPACE(PAD(je32_to_cpu(rd->totlen)));
772
		return 0;
773
	}
774

775
	pseudo_random += je32_to_cpu(rd->version);
776

777
	fd = jffs2_alloc_full_dirent(rd->nsize+1);
778
	if (!fd) {
779
		return -ENOMEM;
780
	}
781
	memcpy(&fd->name, rd->name, rd->nsize);
782
	fd->name[rd->nsize] = 0;
783

784
	crc = crc32(0, fd->name, rd->nsize);
785
	if (crc != je32_to_cpu(rd->name_crc)) {
786
		printk(KERN_NOTICE "jffs2_scan_dirent_node(): Name CRC failed on node at 0x%08x: Read 0x%08x, calculated 0x%08x\n",
787
		       ofs, je32_to_cpu(rd->name_crc), crc);
788
		D1(printk(KERN_NOTICE "Name for which CRC failed is (now) '%s', ino #%d\n", fd->name, je32_to_cpu(rd->ino)));
789
		jffs2_free_full_dirent(fd);
790
		/* FIXME: Why do we believe totlen? */
791
		/* We believe totlen because the CRC on the node _header_ was OK, just the name failed. */
792
		DIRTY_SPACE(PAD(je32_to_cpu(rd->totlen)));
793
		return 0;
794
	}
795
	raw = jffs2_alloc_raw_node_ref();
796
	if (!raw) {
797
		jffs2_free_full_dirent(fd);
798
		printk(KERN_NOTICE "jffs2_scan_dirent_node(): allocation of node reference failed\n");
799
		return -ENOMEM;
800
	}
801
	ic = jffs2_scan_make_ino_cache(c, je32_to_cpu(rd->pino));
802
	if (!ic) {
803
		jffs2_free_full_dirent(fd);
804
		jffs2_free_raw_node_ref(raw);
805
		return -ENOMEM;
806
	}
807

808
	raw->__totlen = PAD(je32_to_cpu(rd->totlen));
809
	raw->flash_offset = ofs | REF_PRISTINE;
810
	raw->next_phys = NULL;
811
	raw->next_in_ino = ic->nodes;
812
	ic->nodes = raw;
813
	if (!jeb->first_node)
814
		jeb->first_node = raw;
815
	if (jeb->last_node)
816
		jeb->last_node->next_phys = raw;
817
	jeb->last_node = raw;
818

819
	fd->raw = raw;
820
	fd->next = NULL;
821
	fd->version = je32_to_cpu(rd->version);
822
	fd->ino = je32_to_cpu(rd->ino);
823
	fd->nhash = full_name_hash(fd->name, rd->nsize);
824
	fd->type = rd->type;
825
	USED_SPACE(PAD(je32_to_cpu(rd->totlen)));
826
	jffs2_add_fd_to_list(c, fd, &ic->scan_dents);
827

828
	return 0;
829
}
830

831
static int count_list(struct list_head *l)
832
{
833
	uint32_t count = 0;
834
	struct list_head *tmp;
835

836
	list_for_each(tmp, l) {
837
		count++;
838
	}
839
	return count;
840
}
841

842
/* Note: This breaks if list_empty(head). I don't care. You
843
   might, if you copy this code and use it elsewhere :) */
844
static void rotate_list(struct list_head *head, uint32_t count)
845
{
846
	struct list_head *n = head->next;
847

848
	list_del(head);
849
	while(count--) {
850
		n = n->next;
851
	}
852
	list_add(head, n);
853
}
854

855
void jffs2_rotate_lists(struct jffs2_sb_info *c)
856
{
857
	uint32_t x;
858
	uint32_t rotateby;
859

860
	x = count_list(&c->clean_list);
861
	if (x) {
862
		rotateby = pseudo_random % x;
863
		D1(printk( "Rotating clean_list by %d\n", rotateby));
864

865
		rotate_list((&c->clean_list), rotateby);
866

867
		D1(printk( "Erase block at front of clean_list is at %08x\n",
868
			  list_entry(c->clean_list.next, struct jffs2_eraseblock, list)->offset));
869
	} else {
870
		D1(printk( "Not rotating empty clean_list\n"));
871
	}
872

873
	x = count_list(&c->very_dirty_list);
874
	if (x) {
875
		rotateby = pseudo_random % x;
876
		D1(printk( "Rotating very_dirty_list by %d\n", rotateby));
877

878
		rotate_list((&c->very_dirty_list), rotateby);
879

880
		D1(printk( "Erase block at front of very_dirty_list is at %08x\n",
881
			  list_entry(c->very_dirty_list.next, struct jffs2_eraseblock, list)->offset));
882
	} else {
883
		D1(printk( "Not rotating empty very_dirty_list\n"));
884
	}
885

886
	x = count_list(&c->dirty_list);
887
	if (x) {
888
		rotateby = pseudo_random % x;
889
		D1(printk( "Rotating dirty_list by %d\n", rotateby));
890

891
		rotate_list((&c->dirty_list), rotateby);
892

893
		D1(printk( "Erase block at front of dirty_list is at %08x\n",
894
			  list_entry(c->dirty_list.next, struct jffs2_eraseblock, list)->offset));
895
	} else {
896
		D1(printk( "Not rotating empty dirty_list\n"));
897
	}
898

899
	x = count_list(&c->erasable_list);
900
	if (x) {
901
		rotateby = pseudo_random % x;
902
		D1(printk( "Rotating erasable_list by %d\n", rotateby));
903

904
		rotate_list((&c->erasable_list), rotateby);
905

906
		D1(printk( "Erase block at front of erasable_list is at %08x\n",
907
			  list_entry(c->erasable_list.next, struct jffs2_eraseblock, list)->offset));
908
	} else {
909
		D1(printk( "Not rotating empty erasable_list\n"));
910
	}
911

912
	if (c->nr_erasing_blocks) {
913
		rotateby = pseudo_random % c->nr_erasing_blocks;
914
		D1(printk( "Rotating erase_pending_list by %d\n", rotateby));
915

916
		rotate_list((&c->erase_pending_list), rotateby);
917

918
		D1(printk( "Erase block at front of erase_pending_list is at %08x\n",
919
			  list_entry(c->erase_pending_list.next, struct jffs2_eraseblock, list)->offset));
920
	} else {
921
		D1(printk( "Not rotating empty erase_pending_list\n"));
922
	}
923

924
	if (c->nr_free_blocks) {
925
		rotateby = pseudo_random % c->nr_free_blocks;
926
		D1(printk( "Rotating free_list by %d\n", rotateby));
927

928
		rotate_list((&c->free_list), rotateby);
929

930
		D1(printk( "Erase block at front of free_list is at %08x\n",
931
			  list_entry(c->free_list.next, struct jffs2_eraseblock, list)->offset));
932
	} else {
933
		D1(printk( "Not rotating empty free_list\n"));
934
	}
935
}
936