xref: /openbmc/linux/fs/jffs2/readinode.c (revision 9cdb81c7)
1 /*
2  * JFFS2 -- Journalling Flash File System, Version 2.
3  *
4  * Copyright © 2001-2007 Red Hat, Inc.
5  *
6  * Created by David Woodhouse <dwmw2@infradead.org>
7  *
8  * For licensing information, see the file 'LICENCE' in this directory.
9  *
10  */
11 
12 #include <linux/kernel.h>
13 #include <linux/sched.h>
14 #include <linux/slab.h>
15 #include <linux/fs.h>
16 #include <linux/crc32.h>
17 #include <linux/pagemap.h>
18 #include <linux/mtd/mtd.h>
19 #include <linux/compiler.h>
20 #include "nodelist.h"
21 
22 /*
23  * Check the data CRC of the node.
24  *
25  * Returns: 0 if the data CRC is correct;
26  * 	    1 - if incorrect;
27  *	    error code if an error occurred.
28  */
29 static int check_node_data(struct jffs2_sb_info *c, struct jffs2_tmp_dnode_info *tn)
30 {
31 	struct jffs2_raw_node_ref *ref = tn->fn->raw;
32 	int err = 0, pointed = 0;
33 	struct jffs2_eraseblock *jeb;
34 	unsigned char *buffer;
35 	uint32_t crc, ofs, len;
36 	size_t retlen;
37 
38 	BUG_ON(tn->csize == 0);
39 
40 	/* Calculate how many bytes were already checked */
41 	ofs = ref_offset(ref) + sizeof(struct jffs2_raw_inode);
42 	len = tn->csize;
43 
44 	if (jffs2_is_writebuffered(c)) {
45 		int adj = ofs % c->wbuf_pagesize;
46 		if (likely(adj))
47 			adj = c->wbuf_pagesize - adj;
48 
49 		if (adj >= tn->csize) {
50 			dbg_readinode("no need to check node at %#08x, data length %u, data starts at %#08x - it has already been checked.\n",
51 				      ref_offset(ref), tn->csize, ofs);
52 			goto adj_acc;
53 		}
54 
55 		ofs += adj;
56 		len -= adj;
57 	}
58 
59 	dbg_readinode("check node at %#08x, data length %u, partial CRC %#08x, correct CRC %#08x, data starts at %#08x, start checking from %#08x - %u bytes.\n",
60 		ref_offset(ref), tn->csize, tn->partial_crc, tn->data_crc, ofs - len, ofs, len);
61 
62 #ifndef __ECOS
63 	/* TODO: instead, incapsulate point() stuff to jffs2_flash_read(),
64 	 * adding and jffs2_flash_read_end() interface. */
65 	err = mtd_point(c->mtd, ofs, len, &retlen, (void **)&buffer, NULL);
66 	if (!err && retlen < len) {
67 		JFFS2_WARNING("MTD point returned len too short: %zu instead of %u.\n", retlen, tn->csize);
68 		mtd_unpoint(c->mtd, ofs, retlen);
69 	} else if (err) {
70 		if (err != -EOPNOTSUPP)
71 			JFFS2_WARNING("MTD point failed: error code %d.\n", err);
72 	} else
73 		pointed = 1; /* succefully pointed to device */
74 #endif
75 
76 	if (!pointed) {
77 		buffer = kmalloc(len, GFP_KERNEL);
78 		if (unlikely(!buffer))
79 			return -ENOMEM;
80 
81 		/* TODO: this is very frequent pattern, make it a separate
82 		 * routine */
83 		err = jffs2_flash_read(c, ofs, len, &retlen, buffer);
84 		if (err) {
85 			JFFS2_ERROR("can not read %d bytes from 0x%08x, error code: %d.\n", len, ofs, err);
86 			goto free_out;
87 		}
88 
89 		if (retlen != len) {
90 			JFFS2_ERROR("short read at %#08x: %zd instead of %d.\n", ofs, retlen, len);
91 			err = -EIO;
92 			goto free_out;
93 		}
94 	}
95 
96 	/* Continue calculating CRC */
97 	crc = crc32(tn->partial_crc, buffer, len);
98 	if(!pointed)
99 		kfree(buffer);
100 #ifndef __ECOS
101 	else
102 		mtd_unpoint(c->mtd, ofs, len);
103 #endif
104 
105 	if (crc != tn->data_crc) {
106 		JFFS2_NOTICE("wrong data CRC in data node at 0x%08x: read %#08x, calculated %#08x.\n",
107 			     ref_offset(ref), tn->data_crc, crc);
108 		return 1;
109 	}
110 
111 adj_acc:
112 	jeb = &c->blocks[ref->flash_offset / c->sector_size];
113 	len = ref_totlen(c, jeb, ref);
114 	/* If it should be REF_NORMAL, it'll get marked as such when
115 	   we build the fragtree, shortly. No need to worry about GC
116 	   moving it while it's marked REF_PRISTINE -- GC won't happen
117 	   till we've finished checking every inode anyway. */
118 	ref->flash_offset |= REF_PRISTINE;
119 	/*
120 	 * Mark the node as having been checked and fix the
121 	 * accounting accordingly.
122 	 */
123 	spin_lock(&c->erase_completion_lock);
124 	jeb->used_size += len;
125 	jeb->unchecked_size -= len;
126 	c->used_size += len;
127 	c->unchecked_size -= len;
128 	jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
129 	spin_unlock(&c->erase_completion_lock);
130 
131 	return 0;
132 
133 free_out:
134 	if(!pointed)
135 		kfree(buffer);
136 #ifndef __ECOS
137 	else
138 		mtd_unpoint(c->mtd, ofs, len);
139 #endif
140 	return err;
141 }
142 
143 /*
144  * Helper function for jffs2_add_older_frag_to_fragtree().
145  *
146  * Checks the node if we are in the checking stage.
147  */
148 static int check_tn_node(struct jffs2_sb_info *c, struct jffs2_tmp_dnode_info *tn)
149 {
150 	int ret;
151 
152 	BUG_ON(ref_obsolete(tn->fn->raw));
153 
154 	/* We only check the data CRC of unchecked nodes */
155 	if (ref_flags(tn->fn->raw) != REF_UNCHECKED)
156 		return 0;
157 
158 	dbg_readinode("check node %#04x-%#04x, phys offs %#08x\n",
159 		      tn->fn->ofs, tn->fn->ofs + tn->fn->size, ref_offset(tn->fn->raw));
160 
161 	ret = check_node_data(c, tn);
162 	if (unlikely(ret < 0)) {
163 		JFFS2_ERROR("check_node_data() returned error: %d.\n",
164 			ret);
165 	} else if (unlikely(ret > 0)) {
166 		dbg_readinode("CRC error, mark it obsolete.\n");
167 		jffs2_mark_node_obsolete(c, tn->fn->raw);
168 	}
169 
170 	return ret;
171 }
172 
173 static struct jffs2_tmp_dnode_info *jffs2_lookup_tn(struct rb_root *tn_root, uint32_t offset)
174 {
175 	struct rb_node *next;
176 	struct jffs2_tmp_dnode_info *tn = NULL;
177 
178 	dbg_readinode("root %p, offset %d\n", tn_root, offset);
179 
180 	next = tn_root->rb_node;
181 
182 	while (next) {
183 		tn = rb_entry(next, struct jffs2_tmp_dnode_info, rb);
184 
185 		if (tn->fn->ofs < offset)
186 			next = tn->rb.rb_right;
187 		else if (tn->fn->ofs >= offset)
188 			next = tn->rb.rb_left;
189 		else
190 			break;
191 	}
192 
193 	return tn;
194 }
195 
196 
197 static void jffs2_kill_tn(struct jffs2_sb_info *c, struct jffs2_tmp_dnode_info *tn)
198 {
199 	jffs2_mark_node_obsolete(c, tn->fn->raw);
200 	jffs2_free_full_dnode(tn->fn);
201 	jffs2_free_tmp_dnode_info(tn);
202 }
203 /*
204  * This function is used when we read an inode. Data nodes arrive in
205  * arbitrary order -- they may be older or newer than the nodes which
206  * are already in the tree. Where overlaps occur, the older node can
207  * be discarded as long as the newer passes the CRC check. We don't
208  * bother to keep track of holes in this rbtree, and neither do we deal
209  * with frags -- we can have multiple entries starting at the same
210  * offset, and the one with the smallest length will come first in the
211  * ordering.
212  *
213  * Returns 0 if the node was handled (including marking it obsolete)
214  *	 < 0 an if error occurred
215  */
216 static int jffs2_add_tn_to_tree(struct jffs2_sb_info *c,
217 				struct jffs2_readinode_info *rii,
218 				struct jffs2_tmp_dnode_info *tn)
219 {
220 	uint32_t fn_end = tn->fn->ofs + tn->fn->size;
221 	struct jffs2_tmp_dnode_info *this, *ptn;
222 
223 	dbg_readinode("insert fragment %#04x-%#04x, ver %u at %08x\n", tn->fn->ofs, fn_end, tn->version, ref_offset(tn->fn->raw));
224 
225 	/* If a node has zero dsize, we only have to keep if it if it might be the
226 	   node with highest version -- i.e. the one which will end up as f->metadata.
227 	   Note that such nodes won't be REF_UNCHECKED since there are no data to
228 	   check anyway. */
229 	if (!tn->fn->size) {
230 		if (rii->mdata_tn) {
231 			if (rii->mdata_tn->version < tn->version) {
232 				/* We had a candidate mdata node already */
233 				dbg_readinode("kill old mdata with ver %d\n", rii->mdata_tn->version);
234 				jffs2_kill_tn(c, rii->mdata_tn);
235 			} else {
236 				dbg_readinode("kill new mdata with ver %d (older than existing %d\n",
237 					      tn->version, rii->mdata_tn->version);
238 				jffs2_kill_tn(c, tn);
239 				return 0;
240 			}
241 		}
242 		rii->mdata_tn = tn;
243 		dbg_readinode("keep new mdata with ver %d\n", tn->version);
244 		return 0;
245 	}
246 
247 	/* Find the earliest node which _may_ be relevant to this one */
248 	this = jffs2_lookup_tn(&rii->tn_root, tn->fn->ofs);
249 	if (this) {
250 		/* If the node is coincident with another at a lower address,
251 		   back up until the other node is found. It may be relevant */
252 		while (this->overlapped) {
253 			ptn = tn_prev(this);
254 			if (!ptn) {
255 				/*
256 				 * We killed a node which set the overlapped
257 				 * flags during the scan. Fix it up.
258 				 */
259 				this->overlapped = 0;
260 				break;
261 			}
262 			this = ptn;
263 		}
264 		dbg_readinode("'this' found %#04x-%#04x (%s)\n", this->fn->ofs, this->fn->ofs + this->fn->size, this->fn ? "data" : "hole");
265 	}
266 
267 	while (this) {
268 		if (this->fn->ofs > fn_end)
269 			break;
270 		dbg_readinode("Ponder this ver %d, 0x%x-0x%x\n",
271 			      this->version, this->fn->ofs, this->fn->size);
272 
273 		if (this->version == tn->version) {
274 			/* Version number collision means REF_PRISTINE GC. Accept either of them
275 			   as long as the CRC is correct. Check the one we have already...  */
276 			if (!check_tn_node(c, this)) {
277 				/* The one we already had was OK. Keep it and throw away the new one */
278 				dbg_readinode("Like old node. Throw away new\n");
279 				jffs2_kill_tn(c, tn);
280 				return 0;
281 			} else {
282 				/* Who cares if the new one is good; keep it for now anyway. */
283 				dbg_readinode("Like new node. Throw away old\n");
284 				rb_replace_node(&this->rb, &tn->rb, &rii->tn_root);
285 				jffs2_kill_tn(c, this);
286 				/* Same overlapping from in front and behind */
287 				return 0;
288 			}
289 		}
290 		if (this->version < tn->version &&
291 		    this->fn->ofs >= tn->fn->ofs &&
292 		    this->fn->ofs + this->fn->size <= fn_end) {
293 			/* New node entirely overlaps 'this' */
294 			if (check_tn_node(c, tn)) {
295 				dbg_readinode("new node bad CRC\n");
296 				jffs2_kill_tn(c, tn);
297 				return 0;
298 			}
299 			/* ... and is good. Kill 'this' and any subsequent nodes which are also overlapped */
300 			while (this && this->fn->ofs + this->fn->size <= fn_end) {
301 				struct jffs2_tmp_dnode_info *next = tn_next(this);
302 				if (this->version < tn->version) {
303 					tn_erase(this, &rii->tn_root);
304 					dbg_readinode("Kill overlapped ver %d, 0x%x-0x%x\n",
305 						      this->version, this->fn->ofs,
306 						      this->fn->ofs+this->fn->size);
307 					jffs2_kill_tn(c, this);
308 				}
309 				this = next;
310 			}
311 			dbg_readinode("Done killing overlapped nodes\n");
312 			continue;
313 		}
314 		if (this->version > tn->version &&
315 		    this->fn->ofs <= tn->fn->ofs &&
316 		    this->fn->ofs+this->fn->size >= fn_end) {
317 			/* New node entirely overlapped by 'this' */
318 			if (!check_tn_node(c, this)) {
319 				dbg_readinode("Good CRC on old node. Kill new\n");
320 				jffs2_kill_tn(c, tn);
321 				return 0;
322 			}
323 			/* ... but 'this' was bad. Replace it... */
324 			dbg_readinode("Bad CRC on old overlapping node. Kill it\n");
325 			tn_erase(this, &rii->tn_root);
326 			jffs2_kill_tn(c, this);
327 			break;
328 		}
329 
330 		this = tn_next(this);
331 	}
332 
333 	/* We neither completely obsoleted nor were completely
334 	   obsoleted by an earlier node. Insert into the tree */
335 	{
336 		struct rb_node *parent;
337 		struct rb_node **link = &rii->tn_root.rb_node;
338 		struct jffs2_tmp_dnode_info *insert_point = NULL;
339 
340 		while (*link) {
341 			parent = *link;
342 			insert_point = rb_entry(parent, struct jffs2_tmp_dnode_info, rb);
343 			if (tn->fn->ofs > insert_point->fn->ofs)
344 				link = &insert_point->rb.rb_right;
345 			else if (tn->fn->ofs < insert_point->fn->ofs ||
346 				 tn->fn->size < insert_point->fn->size)
347 				link = &insert_point->rb.rb_left;
348 			else
349 				link = &insert_point->rb.rb_right;
350 		}
351 		rb_link_node(&tn->rb, &insert_point->rb, link);
352 		rb_insert_color(&tn->rb, &rii->tn_root);
353 	}
354 
355 	/* If there's anything behind that overlaps us, note it */
356 	this = tn_prev(tn);
357 	if (this) {
358 		while (1) {
359 			if (this->fn->ofs + this->fn->size > tn->fn->ofs) {
360 				dbg_readinode("Node is overlapped by %p (v %d, 0x%x-0x%x)\n",
361 					      this, this->version, this->fn->ofs,
362 					      this->fn->ofs+this->fn->size);
363 				tn->overlapped = 1;
364 				break;
365 			}
366 			if (!this->overlapped)
367 				break;
368 
369 			ptn = tn_prev(this);
370 			if (!ptn) {
371 				/*
372 				 * We killed a node which set the overlapped
373 				 * flags during the scan. Fix it up.
374 				 */
375 				this->overlapped = 0;
376 				break;
377 			}
378 			this = ptn;
379 		}
380 	}
381 
382 	/* If the new node overlaps anything ahead, note it */
383 	this = tn_next(tn);
384 	while (this && this->fn->ofs < fn_end) {
385 		this->overlapped = 1;
386 		dbg_readinode("Node ver %d, 0x%x-0x%x is overlapped\n",
387 			      this->version, this->fn->ofs,
388 			      this->fn->ofs+this->fn->size);
389 		this = tn_next(this);
390 	}
391 	return 0;
392 }
393 
394 /* Trivial function to remove the last node in the tree. Which by definition
395    has no right-hand -- so can be removed just by making its only child (if
396    any) take its place under its parent. */
397 static void eat_last(struct rb_root *root, struct rb_node *node)
398 {
399 	struct rb_node *parent = rb_parent(node);
400 	struct rb_node **link;
401 
402 	/* LAST! */
403 	BUG_ON(node->rb_right);
404 
405 	if (!parent)
406 		link = &root->rb_node;
407 	else if (node == parent->rb_left)
408 		link = &parent->rb_left;
409 	else
410 		link = &parent->rb_right;
411 
412 	*link = node->rb_left;
413 	/* Colour doesn't matter now. Only the parent pointer. */
414 	if (node->rb_left)
415 		node->rb_left->rb_parent_color = node->rb_parent_color;
416 }
417 
418 /* We put this in reverse order, so we can just use eat_last */
419 static void ver_insert(struct rb_root *ver_root, struct jffs2_tmp_dnode_info *tn)
420 {
421 	struct rb_node **link = &ver_root->rb_node;
422 	struct rb_node *parent = NULL;
423 	struct jffs2_tmp_dnode_info *this_tn;
424 
425 	while (*link) {
426 		parent = *link;
427 		this_tn = rb_entry(parent, struct jffs2_tmp_dnode_info, rb);
428 
429 		if (tn->version > this_tn->version)
430 			link = &parent->rb_left;
431 		else
432 			link = &parent->rb_right;
433 	}
434 	dbg_readinode("Link new node at %p (root is %p)\n", link, ver_root);
435 	rb_link_node(&tn->rb, parent, link);
436 	rb_insert_color(&tn->rb, ver_root);
437 }
438 
439 /* Build final, normal fragtree from tn tree. It doesn't matter which order
440    we add nodes to the real fragtree, as long as they don't overlap. And
441    having thrown away the majority of overlapped nodes as we went, there
442    really shouldn't be many sets of nodes which do overlap. If we start at
443    the end, we can use the overlap markers -- we can just eat nodes which
444    aren't overlapped, and when we encounter nodes which _do_ overlap we
445    sort them all into a temporary tree in version order before replaying them. */
446 static int jffs2_build_inode_fragtree(struct jffs2_sb_info *c,
447 				      struct jffs2_inode_info *f,
448 				      struct jffs2_readinode_info *rii)
449 {
450 	struct jffs2_tmp_dnode_info *pen, *last, *this;
451 	struct rb_root ver_root = RB_ROOT;
452 	uint32_t high_ver = 0;
453 
454 	if (rii->mdata_tn) {
455 		dbg_readinode("potential mdata is ver %d at %p\n", rii->mdata_tn->version, rii->mdata_tn);
456 		high_ver = rii->mdata_tn->version;
457 		rii->latest_ref = rii->mdata_tn->fn->raw;
458 	}
459 #ifdef JFFS2_DBG_READINODE_MESSAGES
460 	this = tn_last(&rii->tn_root);
461 	while (this) {
462 		dbg_readinode("tn %p ver %d range 0x%x-0x%x ov %d\n", this, this->version, this->fn->ofs,
463 			      this->fn->ofs+this->fn->size, this->overlapped);
464 		this = tn_prev(this);
465 	}
466 #endif
467 	pen = tn_last(&rii->tn_root);
468 	while ((last = pen)) {
469 		pen = tn_prev(last);
470 
471 		eat_last(&rii->tn_root, &last->rb);
472 		ver_insert(&ver_root, last);
473 
474 		if (unlikely(last->overlapped)) {
475 			if (pen)
476 				continue;
477 			/*
478 			 * We killed a node which set the overlapped
479 			 * flags during the scan. Fix it up.
480 			 */
481 			last->overlapped = 0;
482 		}
483 
484 		/* Now we have a bunch of nodes in reverse version
485 		   order, in the tree at ver_root. Most of the time,
486 		   there'll actually be only one node in the 'tree',
487 		   in fact. */
488 		this = tn_last(&ver_root);
489 
490 		while (this) {
491 			struct jffs2_tmp_dnode_info *vers_next;
492 			int ret;
493 			vers_next = tn_prev(this);
494 			eat_last(&ver_root, &this->rb);
495 			if (check_tn_node(c, this)) {
496 				dbg_readinode("node ver %d, 0x%x-0x%x failed CRC\n",
497 					     this->version, this->fn->ofs,
498 					     this->fn->ofs+this->fn->size);
499 				jffs2_kill_tn(c, this);
500 			} else {
501 				if (this->version > high_ver) {
502 					/* Note that this is different from the other
503 					   highest_version, because this one is only
504 					   counting _valid_ nodes which could give the
505 					   latest inode metadata */
506 					high_ver = this->version;
507 					rii->latest_ref = this->fn->raw;
508 				}
509 				dbg_readinode("Add %p (v %d, 0x%x-0x%x, ov %d) to fragtree\n",
510 					     this, this->version, this->fn->ofs,
511 					     this->fn->ofs+this->fn->size, this->overlapped);
512 
513 				ret = jffs2_add_full_dnode_to_inode(c, f, this->fn);
514 				if (ret) {
515 					/* Free the nodes in vers_root; let the caller
516 					   deal with the rest */
517 					JFFS2_ERROR("Add node to tree failed %d\n", ret);
518 					while (1) {
519 						vers_next = tn_prev(this);
520 						if (check_tn_node(c, this))
521 							jffs2_mark_node_obsolete(c, this->fn->raw);
522 						jffs2_free_full_dnode(this->fn);
523 						jffs2_free_tmp_dnode_info(this);
524 						this = vers_next;
525 						if (!this)
526 							break;
527 						eat_last(&ver_root, &vers_next->rb);
528 					}
529 					return ret;
530 				}
531 				jffs2_free_tmp_dnode_info(this);
532 			}
533 			this = vers_next;
534 		}
535 	}
536 	return 0;
537 }
538 
539 static void jffs2_free_tmp_dnode_info_list(struct rb_root *list)
540 {
541 	struct rb_node *this;
542 	struct jffs2_tmp_dnode_info *tn;
543 
544 	this = list->rb_node;
545 
546 	/* Now at bottom of tree */
547 	while (this) {
548 		if (this->rb_left)
549 			this = this->rb_left;
550 		else if (this->rb_right)
551 			this = this->rb_right;
552 		else {
553 			tn = rb_entry(this, struct jffs2_tmp_dnode_info, rb);
554 			jffs2_free_full_dnode(tn->fn);
555 			jffs2_free_tmp_dnode_info(tn);
556 
557 			this = rb_parent(this);
558 			if (!this)
559 				break;
560 
561 			if (this->rb_left == &tn->rb)
562 				this->rb_left = NULL;
563 			else if (this->rb_right == &tn->rb)
564 				this->rb_right = NULL;
565 			else BUG();
566 		}
567 	}
568 	*list = RB_ROOT;
569 }
570 
571 static void jffs2_free_full_dirent_list(struct jffs2_full_dirent *fd)
572 {
573 	struct jffs2_full_dirent *next;
574 
575 	while (fd) {
576 		next = fd->next;
577 		jffs2_free_full_dirent(fd);
578 		fd = next;
579 	}
580 }
581 
582 /* Returns first valid node after 'ref'. May return 'ref' */
583 static struct jffs2_raw_node_ref *jffs2_first_valid_node(struct jffs2_raw_node_ref *ref)
584 {
585 	while (ref && ref->next_in_ino) {
586 		if (!ref_obsolete(ref))
587 			return ref;
588 		dbg_noderef("node at 0x%08x is obsoleted. Ignoring.\n", ref_offset(ref));
589 		ref = ref->next_in_ino;
590 	}
591 	return NULL;
592 }
593 
594 /*
595  * Helper function for jffs2_get_inode_nodes().
596  * It is called every time an directory entry node is found.
597  *
598  * Returns: 0 on success;
599  * 	    negative error code on failure.
600  */
601 static inline int read_direntry(struct jffs2_sb_info *c, struct jffs2_raw_node_ref *ref,
602 				struct jffs2_raw_dirent *rd, size_t read,
603 				struct jffs2_readinode_info *rii)
604 {
605 	struct jffs2_full_dirent *fd;
606 	uint32_t crc;
607 
608 	/* Obsoleted. This cannot happen, surely? dwmw2 20020308 */
609 	BUG_ON(ref_obsolete(ref));
610 
611 	crc = crc32(0, rd, sizeof(*rd) - 8);
612 	if (unlikely(crc != je32_to_cpu(rd->node_crc))) {
613 		JFFS2_NOTICE("header CRC failed on dirent node at %#08x: read %#08x, calculated %#08x\n",
614 			     ref_offset(ref), je32_to_cpu(rd->node_crc), crc);
615 		jffs2_mark_node_obsolete(c, ref);
616 		return 0;
617 	}
618 
619 	/* If we've never checked the CRCs on this node, check them now */
620 	if (ref_flags(ref) == REF_UNCHECKED) {
621 		struct jffs2_eraseblock *jeb;
622 		int len;
623 
624 		/* Sanity check */
625 		if (unlikely(PAD((rd->nsize + sizeof(*rd))) != PAD(je32_to_cpu(rd->totlen)))) {
626 			JFFS2_ERROR("illegal nsize in node at %#08x: nsize %#02x, totlen %#04x\n",
627 				    ref_offset(ref), rd->nsize, je32_to_cpu(rd->totlen));
628 			jffs2_mark_node_obsolete(c, ref);
629 			return 0;
630 		}
631 
632 		jeb = &c->blocks[ref->flash_offset / c->sector_size];
633 		len = ref_totlen(c, jeb, ref);
634 
635 		spin_lock(&c->erase_completion_lock);
636 		jeb->used_size += len;
637 		jeb->unchecked_size -= len;
638 		c->used_size += len;
639 		c->unchecked_size -= len;
640 		ref->flash_offset = ref_offset(ref) | dirent_node_state(rd);
641 		spin_unlock(&c->erase_completion_lock);
642 	}
643 
644 	fd = jffs2_alloc_full_dirent(rd->nsize + 1);
645 	if (unlikely(!fd))
646 		return -ENOMEM;
647 
648 	fd->raw = ref;
649 	fd->version = je32_to_cpu(rd->version);
650 	fd->ino = je32_to_cpu(rd->ino);
651 	fd->type = rd->type;
652 
653 	if (fd->version > rii->highest_version)
654 		rii->highest_version = fd->version;
655 
656 	/* Pick out the mctime of the latest dirent */
657 	if(fd->version > rii->mctime_ver && je32_to_cpu(rd->mctime)) {
658 		rii->mctime_ver = fd->version;
659 		rii->latest_mctime = je32_to_cpu(rd->mctime);
660 	}
661 
662 	/*
663 	 * Copy as much of the name as possible from the raw
664 	 * dirent we've already read from the flash.
665 	 */
666 	if (read > sizeof(*rd))
667 		memcpy(&fd->name[0], &rd->name[0],
668 		       min_t(uint32_t, rd->nsize, (read - sizeof(*rd)) ));
669 
670 	/* Do we need to copy any more of the name directly from the flash? */
671 	if (rd->nsize + sizeof(*rd) > read) {
672 		/* FIXME: point() */
673 		int err;
674 		int already = read - sizeof(*rd);
675 
676 		err = jffs2_flash_read(c, (ref_offset(ref)) + read,
677 				rd->nsize - already, &read, &fd->name[already]);
678 		if (unlikely(read != rd->nsize - already) && likely(!err))
679 			return -EIO;
680 
681 		if (unlikely(err)) {
682 			JFFS2_ERROR("read remainder of name: error %d\n", err);
683 			jffs2_free_full_dirent(fd);
684 			return -EIO;
685 		}
686 	}
687 
688 	fd->nhash = full_name_hash(fd->name, rd->nsize);
689 	fd->next = NULL;
690 	fd->name[rd->nsize] = '\0';
691 
692 	/*
693 	 * Wheee. We now have a complete jffs2_full_dirent structure, with
694 	 * the name in it and everything. Link it into the list
695 	 */
696 	jffs2_add_fd_to_list(c, fd, &rii->fds);
697 
698 	return 0;
699 }
700 
701 /*
702  * Helper function for jffs2_get_inode_nodes().
703  * It is called every time an inode node is found.
704  *
705  * Returns: 0 on success (possibly after marking a bad node obsolete);
706  * 	    negative error code on failure.
707  */
708 static inline int read_dnode(struct jffs2_sb_info *c, struct jffs2_raw_node_ref *ref,
709 			     struct jffs2_raw_inode *rd, int rdlen,
710 			     struct jffs2_readinode_info *rii)
711 {
712 	struct jffs2_tmp_dnode_info *tn;
713 	uint32_t len, csize;
714 	int ret = 0;
715 	uint32_t crc;
716 
717 	/* Obsoleted. This cannot happen, surely? dwmw2 20020308 */
718 	BUG_ON(ref_obsolete(ref));
719 
720 	crc = crc32(0, rd, sizeof(*rd) - 8);
721 	if (unlikely(crc != je32_to_cpu(rd->node_crc))) {
722 		JFFS2_NOTICE("node CRC failed on dnode at %#08x: read %#08x, calculated %#08x\n",
723 			     ref_offset(ref), je32_to_cpu(rd->node_crc), crc);
724 		jffs2_mark_node_obsolete(c, ref);
725 		return 0;
726 	}
727 
728 	tn = jffs2_alloc_tmp_dnode_info();
729 	if (!tn) {
730 		JFFS2_ERROR("failed to allocate tn (%zu bytes).\n", sizeof(*tn));
731 		return -ENOMEM;
732 	}
733 
734 	tn->partial_crc = 0;
735 	csize = je32_to_cpu(rd->csize);
736 
737 	/* If we've never checked the CRCs on this node, check them now */
738 	if (ref_flags(ref) == REF_UNCHECKED) {
739 
740 		/* Sanity checks */
741 		if (unlikely(je32_to_cpu(rd->offset) > je32_to_cpu(rd->isize)) ||
742 		    unlikely(PAD(je32_to_cpu(rd->csize) + sizeof(*rd)) != PAD(je32_to_cpu(rd->totlen)))) {
743 			JFFS2_WARNING("inode node header CRC is corrupted at %#08x\n", ref_offset(ref));
744 			jffs2_dbg_dump_node(c, ref_offset(ref));
745 			jffs2_mark_node_obsolete(c, ref);
746 			goto free_out;
747 		}
748 
749 		if (jffs2_is_writebuffered(c) && csize != 0) {
750 			/* At this point we are supposed to check the data CRC
751 			 * of our unchecked node. But thus far, we do not
752 			 * know whether the node is valid or obsolete. To
753 			 * figure this out, we need to walk all the nodes of
754 			 * the inode and build the inode fragtree. We don't
755 			 * want to spend time checking data of nodes which may
756 			 * later be found to be obsolete. So we put off the full
757 			 * data CRC checking until we have read all the inode
758 			 * nodes and have started building the fragtree.
759 			 *
760 			 * The fragtree is being built starting with nodes
761 			 * having the highest version number, so we'll be able
762 			 * to detect whether a node is valid (i.e., it is not
763 			 * overlapped by a node with higher version) or not.
764 			 * And we'll be able to check only those nodes, which
765 			 * are not obsolete.
766 			 *
767 			 * Of course, this optimization only makes sense in case
768 			 * of NAND flashes (or other flashes with
769 			 * !jffs2_can_mark_obsolete()), since on NOR flashes
770 			 * nodes are marked obsolete physically.
771 			 *
772 			 * Since NAND flashes (or other flashes with
773 			 * jffs2_is_writebuffered(c)) are anyway read by
774 			 * fractions of c->wbuf_pagesize, and we have just read
775 			 * the node header, it is likely that the starting part
776 			 * of the node data is also read when we read the
777 			 * header. So we don't mind to check the CRC of the
778 			 * starting part of the data of the node now, and check
779 			 * the second part later (in jffs2_check_node_data()).
780 			 * Of course, we will not need to re-read and re-check
781 			 * the NAND page which we have just read. This is why we
782 			 * read the whole NAND page at jffs2_get_inode_nodes(),
783 			 * while we needed only the node header.
784 			 */
785 			unsigned char *buf;
786 
787 			/* 'buf' will point to the start of data */
788 			buf = (unsigned char *)rd + sizeof(*rd);
789 			/* len will be the read data length */
790 			len = min_t(uint32_t, rdlen - sizeof(*rd), csize);
791 			tn->partial_crc = crc32(0, buf, len);
792 
793 			dbg_readinode("Calculates CRC (%#08x) for %d bytes, csize %d\n", tn->partial_crc, len, csize);
794 
795 			/* If we actually calculated the whole data CRC
796 			 * and it is wrong, drop the node. */
797 			if (len >= csize && unlikely(tn->partial_crc != je32_to_cpu(rd->data_crc))) {
798 				JFFS2_NOTICE("wrong data CRC in data node at 0x%08x: read %#08x, calculated %#08x.\n",
799 					ref_offset(ref), tn->partial_crc, je32_to_cpu(rd->data_crc));
800 				jffs2_mark_node_obsolete(c, ref);
801 				goto free_out;
802 			}
803 
804 		} else if (csize == 0) {
805 			/*
806 			 * We checked the header CRC. If the node has no data, adjust
807 			 * the space accounting now. For other nodes this will be done
808 			 * later either when the node is marked obsolete or when its
809 			 * data is checked.
810 			 */
811 			struct jffs2_eraseblock *jeb;
812 
813 			dbg_readinode("the node has no data.\n");
814 			jeb = &c->blocks[ref->flash_offset / c->sector_size];
815 			len = ref_totlen(c, jeb, ref);
816 
817 			spin_lock(&c->erase_completion_lock);
818 			jeb->used_size += len;
819 			jeb->unchecked_size -= len;
820 			c->used_size += len;
821 			c->unchecked_size -= len;
822 			ref->flash_offset = ref_offset(ref) | REF_NORMAL;
823 			spin_unlock(&c->erase_completion_lock);
824 		}
825 	}
826 
827 	tn->fn = jffs2_alloc_full_dnode();
828 	if (!tn->fn) {
829 		JFFS2_ERROR("alloc fn failed\n");
830 		ret = -ENOMEM;
831 		goto free_out;
832 	}
833 
834 	tn->version = je32_to_cpu(rd->version);
835 	tn->fn->ofs = je32_to_cpu(rd->offset);
836 	tn->data_crc = je32_to_cpu(rd->data_crc);
837 	tn->csize = csize;
838 	tn->fn->raw = ref;
839 	tn->overlapped = 0;
840 
841 	if (tn->version > rii->highest_version)
842 		rii->highest_version = tn->version;
843 
844 	/* There was a bug where we wrote hole nodes out with
845 	   csize/dsize swapped. Deal with it */
846 	if (rd->compr == JFFS2_COMPR_ZERO && !je32_to_cpu(rd->dsize) && csize)
847 		tn->fn->size = csize;
848 	else // normal case...
849 		tn->fn->size = je32_to_cpu(rd->dsize);
850 
851 	dbg_readinode2("dnode @%08x: ver %u, offset %#04x, dsize %#04x, csize %#04x\n",
852 		       ref_offset(ref), je32_to_cpu(rd->version),
853 		       je32_to_cpu(rd->offset), je32_to_cpu(rd->dsize), csize);
854 
855 	ret = jffs2_add_tn_to_tree(c, rii, tn);
856 
857 	if (ret) {
858 		jffs2_free_full_dnode(tn->fn);
859 	free_out:
860 		jffs2_free_tmp_dnode_info(tn);
861 		return ret;
862 	}
863 #ifdef JFFS2_DBG_READINODE2_MESSAGES
864 	dbg_readinode2("After adding ver %d:\n", je32_to_cpu(rd->version));
865 	tn = tn_first(&rii->tn_root);
866 	while (tn) {
867 		dbg_readinode2("%p: v %d r 0x%x-0x%x ov %d\n",
868 			       tn, tn->version, tn->fn->ofs,
869 			       tn->fn->ofs+tn->fn->size, tn->overlapped);
870 		tn = tn_next(tn);
871 	}
872 #endif
873 	return 0;
874 }
875 
876 /*
877  * Helper function for jffs2_get_inode_nodes().
878  * It is called every time an unknown node is found.
879  *
880  * Returns: 0 on success;
881  * 	    negative error code on failure.
882  */
883 static inline int read_unknown(struct jffs2_sb_info *c, struct jffs2_raw_node_ref *ref, struct jffs2_unknown_node *un)
884 {
885 	/* We don't mark unknown nodes as REF_UNCHECKED */
886 	if (ref_flags(ref) == REF_UNCHECKED) {
887 		JFFS2_ERROR("REF_UNCHECKED but unknown node at %#08x\n",
888 			    ref_offset(ref));
889 		JFFS2_ERROR("Node is {%04x,%04x,%08x,%08x}. Please report this error.\n",
890 			    je16_to_cpu(un->magic), je16_to_cpu(un->nodetype),
891 			    je32_to_cpu(un->totlen), je32_to_cpu(un->hdr_crc));
892 		jffs2_mark_node_obsolete(c, ref);
893 		return 0;
894 	}
895 
896 	un->nodetype = cpu_to_je16(JFFS2_NODE_ACCURATE | je16_to_cpu(un->nodetype));
897 
898 	switch(je16_to_cpu(un->nodetype) & JFFS2_COMPAT_MASK) {
899 
900 	case JFFS2_FEATURE_INCOMPAT:
901 		JFFS2_ERROR("unknown INCOMPAT nodetype %#04X at %#08x\n",
902 			    je16_to_cpu(un->nodetype), ref_offset(ref));
903 		/* EEP */
904 		BUG();
905 		break;
906 
907 	case JFFS2_FEATURE_ROCOMPAT:
908 		JFFS2_ERROR("unknown ROCOMPAT nodetype %#04X at %#08x\n",
909 			    je16_to_cpu(un->nodetype), ref_offset(ref));
910 		BUG_ON(!(c->flags & JFFS2_SB_FLAG_RO));
911 		break;
912 
913 	case JFFS2_FEATURE_RWCOMPAT_COPY:
914 		JFFS2_NOTICE("unknown RWCOMPAT_COPY nodetype %#04X at %#08x\n",
915 			     je16_to_cpu(un->nodetype), ref_offset(ref));
916 		break;
917 
918 	case JFFS2_FEATURE_RWCOMPAT_DELETE:
919 		JFFS2_NOTICE("unknown RWCOMPAT_DELETE nodetype %#04X at %#08x\n",
920 			     je16_to_cpu(un->nodetype), ref_offset(ref));
921 		jffs2_mark_node_obsolete(c, ref);
922 		return 0;
923 	}
924 
925 	return 0;
926 }
927 
928 /*
929  * Helper function for jffs2_get_inode_nodes().
930  * The function detects whether more data should be read and reads it if yes.
931  *
932  * Returns: 0 on success;
933  * 	    negative error code on failure.
934  */
935 static int read_more(struct jffs2_sb_info *c, struct jffs2_raw_node_ref *ref,
936 		     int needed_len, int *rdlen, unsigned char *buf)
937 {
938 	int err, to_read = needed_len - *rdlen;
939 	size_t retlen;
940 	uint32_t offs;
941 
942 	if (jffs2_is_writebuffered(c)) {
943 		int rem = to_read % c->wbuf_pagesize;
944 
945 		if (rem)
946 			to_read += c->wbuf_pagesize - rem;
947 	}
948 
949 	/* We need to read more data */
950 	offs = ref_offset(ref) + *rdlen;
951 
952 	dbg_readinode("read more %d bytes\n", to_read);
953 
954 	err = jffs2_flash_read(c, offs, to_read, &retlen, buf + *rdlen);
955 	if (err) {
956 		JFFS2_ERROR("can not read %d bytes from 0x%08x, "
957 			"error code: %d.\n", to_read, offs, err);
958 		return err;
959 	}
960 
961 	if (retlen < to_read) {
962 		JFFS2_ERROR("short read at %#08x: %zu instead of %d.\n",
963 				offs, retlen, to_read);
964 		return -EIO;
965 	}
966 
967 	*rdlen += to_read;
968 	return 0;
969 }
970 
971 /* Get tmp_dnode_info and full_dirent for all non-obsolete nodes associated
972    with this ino. Perform a preliminary ordering on data nodes, throwing away
973    those which are completely obsoleted by newer ones. The naïve approach we
974    use to take of just returning them _all_ in version order will cause us to
975    run out of memory in certain degenerate cases. */
976 static int jffs2_get_inode_nodes(struct jffs2_sb_info *c, struct jffs2_inode_info *f,
977 				 struct jffs2_readinode_info *rii)
978 {
979 	struct jffs2_raw_node_ref *ref, *valid_ref;
980 	unsigned char *buf = NULL;
981 	union jffs2_node_union *node;
982 	size_t retlen;
983 	int len, err;
984 
985 	rii->mctime_ver = 0;
986 
987 	dbg_readinode("ino #%u\n", f->inocache->ino);
988 
989 	/* FIXME: in case of NOR and available ->point() this
990 	 * needs to be fixed. */
991 	len = sizeof(union jffs2_node_union) + c->wbuf_pagesize;
992 	buf = kmalloc(len, GFP_KERNEL);
993 	if (!buf)
994 		return -ENOMEM;
995 
996 	spin_lock(&c->erase_completion_lock);
997 	valid_ref = jffs2_first_valid_node(f->inocache->nodes);
998 	if (!valid_ref && f->inocache->ino != 1)
999 		JFFS2_WARNING("Eep. No valid nodes for ino #%u.\n", f->inocache->ino);
1000 	while (valid_ref) {
1001 		/* We can hold a pointer to a non-obsolete node without the spinlock,
1002 		   but _obsolete_ nodes may disappear at any time, if the block
1003 		   they're in gets erased. So if we mark 'ref' obsolete while we're
1004 		   not holding the lock, it can go away immediately. For that reason,
1005 		   we find the next valid node first, before processing 'ref'.
1006 		*/
1007 		ref = valid_ref;
1008 		valid_ref = jffs2_first_valid_node(ref->next_in_ino);
1009 		spin_unlock(&c->erase_completion_lock);
1010 
1011 		cond_resched();
1012 
1013 		/*
1014 		 * At this point we don't know the type of the node we're going
1015 		 * to read, so we do not know the size of its header. In order
1016 		 * to minimize the amount of flash IO we assume the header is
1017 		 * of size = JFFS2_MIN_NODE_HEADER.
1018 		 */
1019 		len = JFFS2_MIN_NODE_HEADER;
1020 		if (jffs2_is_writebuffered(c)) {
1021 			int end, rem;
1022 
1023 			/*
1024 			 * We are about to read JFFS2_MIN_NODE_HEADER bytes,
1025 			 * but this flash has some minimal I/O unit. It is
1026 			 * possible that we'll need to read more soon, so read
1027 			 * up to the next min. I/O unit, in order not to
1028 			 * re-read the same min. I/O unit twice.
1029 			 */
1030 			end = ref_offset(ref) + len;
1031 			rem = end % c->wbuf_pagesize;
1032 			if (rem)
1033 				end += c->wbuf_pagesize - rem;
1034 			len = end - ref_offset(ref);
1035 		}
1036 
1037 		dbg_readinode("read %d bytes at %#08x(%d).\n", len, ref_offset(ref), ref_flags(ref));
1038 
1039 		/* FIXME: point() */
1040 		err = jffs2_flash_read(c, ref_offset(ref), len, &retlen, buf);
1041 		if (err) {
1042 			JFFS2_ERROR("can not read %d bytes from 0x%08x, error code: %d.\n", len, ref_offset(ref), err);
1043 			goto free_out;
1044 		}
1045 
1046 		if (retlen < len) {
1047 			JFFS2_ERROR("short read at %#08x: %zu instead of %d.\n", ref_offset(ref), retlen, len);
1048 			err = -EIO;
1049 			goto free_out;
1050 		}
1051 
1052 		node = (union jffs2_node_union *)buf;
1053 
1054 		/* No need to mask in the valid bit; it shouldn't be invalid */
1055 		if (je32_to_cpu(node->u.hdr_crc) != crc32(0, node, sizeof(node->u)-4)) {
1056 			JFFS2_NOTICE("Node header CRC failed at %#08x. {%04x,%04x,%08x,%08x}\n",
1057 				     ref_offset(ref), je16_to_cpu(node->u.magic),
1058 				     je16_to_cpu(node->u.nodetype),
1059 				     je32_to_cpu(node->u.totlen),
1060 				     je32_to_cpu(node->u.hdr_crc));
1061 			jffs2_dbg_dump_node(c, ref_offset(ref));
1062 			jffs2_mark_node_obsolete(c, ref);
1063 			goto cont;
1064 		}
1065 		if (je16_to_cpu(node->u.magic) != JFFS2_MAGIC_BITMASK) {
1066 			/* Not a JFFS2 node, whinge and move on */
1067 			JFFS2_NOTICE("Wrong magic bitmask 0x%04x in node header at %#08x.\n",
1068 				     je16_to_cpu(node->u.magic), ref_offset(ref));
1069 			jffs2_mark_node_obsolete(c, ref);
1070 			goto cont;
1071 		}
1072 
1073 		switch (je16_to_cpu(node->u.nodetype)) {
1074 
1075 		case JFFS2_NODETYPE_DIRENT:
1076 
1077 			if (JFFS2_MIN_NODE_HEADER < sizeof(struct jffs2_raw_dirent) &&
1078 			    len < sizeof(struct jffs2_raw_dirent)) {
1079 				err = read_more(c, ref, sizeof(struct jffs2_raw_dirent), &len, buf);
1080 				if (unlikely(err))
1081 					goto free_out;
1082 			}
1083 
1084 			err = read_direntry(c, ref, &node->d, retlen, rii);
1085 			if (unlikely(err))
1086 				goto free_out;
1087 
1088 			break;
1089 
1090 		case JFFS2_NODETYPE_INODE:
1091 
1092 			if (JFFS2_MIN_NODE_HEADER < sizeof(struct jffs2_raw_inode) &&
1093 			    len < sizeof(struct jffs2_raw_inode)) {
1094 				err = read_more(c, ref, sizeof(struct jffs2_raw_inode), &len, buf);
1095 				if (unlikely(err))
1096 					goto free_out;
1097 			}
1098 
1099 			err = read_dnode(c, ref, &node->i, len, rii);
1100 			if (unlikely(err))
1101 				goto free_out;
1102 
1103 			break;
1104 
1105 		default:
1106 			if (JFFS2_MIN_NODE_HEADER < sizeof(struct jffs2_unknown_node) &&
1107 			    len < sizeof(struct jffs2_unknown_node)) {
1108 				err = read_more(c, ref, sizeof(struct jffs2_unknown_node), &len, buf);
1109 				if (unlikely(err))
1110 					goto free_out;
1111 			}
1112 
1113 			err = read_unknown(c, ref, &node->u);
1114 			if (unlikely(err))
1115 				goto free_out;
1116 
1117 		}
1118 	cont:
1119 		spin_lock(&c->erase_completion_lock);
1120 	}
1121 
1122 	spin_unlock(&c->erase_completion_lock);
1123 	kfree(buf);
1124 
1125 	f->highest_version = rii->highest_version;
1126 
1127 	dbg_readinode("nodes of inode #%u were read, the highest version is %u, latest_mctime %u, mctime_ver %u.\n",
1128 		      f->inocache->ino, rii->highest_version, rii->latest_mctime,
1129 		      rii->mctime_ver);
1130 	return 0;
1131 
1132  free_out:
1133 	jffs2_free_tmp_dnode_info_list(&rii->tn_root);
1134 	jffs2_free_full_dirent_list(rii->fds);
1135 	rii->fds = NULL;
1136 	kfree(buf);
1137 	return err;
1138 }
1139 
1140 static int jffs2_do_read_inode_internal(struct jffs2_sb_info *c,
1141 					struct jffs2_inode_info *f,
1142 					struct jffs2_raw_inode *latest_node)
1143 {
1144 	struct jffs2_readinode_info rii;
1145 	uint32_t crc, new_size;
1146 	size_t retlen;
1147 	int ret;
1148 
1149 	dbg_readinode("ino #%u pino/nlink is %d\n", f->inocache->ino,
1150 		      f->inocache->pino_nlink);
1151 
1152 	memset(&rii, 0, sizeof(rii));
1153 
1154 	/* Grab all nodes relevant to this ino */
1155 	ret = jffs2_get_inode_nodes(c, f, &rii);
1156 
1157 	if (ret) {
1158 		JFFS2_ERROR("cannot read nodes for ino %u, returned error is %d\n", f->inocache->ino, ret);
1159 		if (f->inocache->state == INO_STATE_READING)
1160 			jffs2_set_inocache_state(c, f->inocache, INO_STATE_CHECKEDABSENT);
1161 		return ret;
1162 	}
1163 
1164 	ret = jffs2_build_inode_fragtree(c, f, &rii);
1165 	if (ret) {
1166 		JFFS2_ERROR("Failed to build final fragtree for inode #%u: error %d\n",
1167 			    f->inocache->ino, ret);
1168 		if (f->inocache->state == INO_STATE_READING)
1169 			jffs2_set_inocache_state(c, f->inocache, INO_STATE_CHECKEDABSENT);
1170 		jffs2_free_tmp_dnode_info_list(&rii.tn_root);
1171 		/* FIXME: We could at least crc-check them all */
1172 		if (rii.mdata_tn) {
1173 			jffs2_free_full_dnode(rii.mdata_tn->fn);
1174 			jffs2_free_tmp_dnode_info(rii.mdata_tn);
1175 			rii.mdata_tn = NULL;
1176 		}
1177 		return ret;
1178 	}
1179 
1180 	if (rii.mdata_tn) {
1181 		if (rii.mdata_tn->fn->raw == rii.latest_ref) {
1182 			f->metadata = rii.mdata_tn->fn;
1183 			jffs2_free_tmp_dnode_info(rii.mdata_tn);
1184 		} else {
1185 			jffs2_kill_tn(c, rii.mdata_tn);
1186 		}
1187 		rii.mdata_tn = NULL;
1188 	}
1189 
1190 	f->dents = rii.fds;
1191 
1192 	jffs2_dbg_fragtree_paranoia_check_nolock(f);
1193 
1194 	if (unlikely(!rii.latest_ref)) {
1195 		/* No data nodes for this inode. */
1196 		if (f->inocache->ino != 1) {
1197 			JFFS2_WARNING("no data nodes found for ino #%u\n", f->inocache->ino);
1198 			if (!rii.fds) {
1199 				if (f->inocache->state == INO_STATE_READING)
1200 					jffs2_set_inocache_state(c, f->inocache, INO_STATE_CHECKEDABSENT);
1201 				return -EIO;
1202 			}
1203 			JFFS2_NOTICE("but it has children so we fake some modes for it\n");
1204 		}
1205 		latest_node->mode = cpu_to_jemode(S_IFDIR|S_IRUGO|S_IWUSR|S_IXUGO);
1206 		latest_node->version = cpu_to_je32(0);
1207 		latest_node->atime = latest_node->ctime = latest_node->mtime = cpu_to_je32(0);
1208 		latest_node->isize = cpu_to_je32(0);
1209 		latest_node->gid = cpu_to_je16(0);
1210 		latest_node->uid = cpu_to_je16(0);
1211 		if (f->inocache->state == INO_STATE_READING)
1212 			jffs2_set_inocache_state(c, f->inocache, INO_STATE_PRESENT);
1213 		return 0;
1214 	}
1215 
1216 	ret = jffs2_flash_read(c, ref_offset(rii.latest_ref), sizeof(*latest_node), &retlen, (void *)latest_node);
1217 	if (ret || retlen != sizeof(*latest_node)) {
1218 		JFFS2_ERROR("failed to read from flash: error %d, %zd of %zd bytes read\n",
1219 			ret, retlen, sizeof(*latest_node));
1220 		/* FIXME: If this fails, there seems to be a memory leak. Find it. */
1221 		mutex_unlock(&f->sem);
1222 		jffs2_do_clear_inode(c, f);
1223 		return ret?ret:-EIO;
1224 	}
1225 
1226 	crc = crc32(0, latest_node, sizeof(*latest_node)-8);
1227 	if (crc != je32_to_cpu(latest_node->node_crc)) {
1228 		JFFS2_ERROR("CRC failed for read_inode of inode %u at physical location 0x%x\n",
1229 			f->inocache->ino, ref_offset(rii.latest_ref));
1230 		mutex_unlock(&f->sem);
1231 		jffs2_do_clear_inode(c, f);
1232 		return -EIO;
1233 	}
1234 
1235 	switch(jemode_to_cpu(latest_node->mode) & S_IFMT) {
1236 	case S_IFDIR:
1237 		if (rii.mctime_ver > je32_to_cpu(latest_node->version)) {
1238 			/* The times in the latest_node are actually older than
1239 			   mctime in the latest dirent. Cheat. */
1240 			latest_node->ctime = latest_node->mtime = cpu_to_je32(rii.latest_mctime);
1241 		}
1242 		break;
1243 
1244 
1245 	case S_IFREG:
1246 		/* If it was a regular file, truncate it to the latest node's isize */
1247 		new_size = jffs2_truncate_fragtree(c, &f->fragtree, je32_to_cpu(latest_node->isize));
1248 		if (new_size != je32_to_cpu(latest_node->isize)) {
1249 			JFFS2_WARNING("Truncating ino #%u to %d bytes failed because it only had %d bytes to start with!\n",
1250 				      f->inocache->ino, je32_to_cpu(latest_node->isize), new_size);
1251 			latest_node->isize = cpu_to_je32(new_size);
1252 		}
1253 		break;
1254 
1255 	case S_IFLNK:
1256 		/* Hack to work around broken isize in old symlink code.
1257 		   Remove this when dwmw2 comes to his senses and stops
1258 		   symlinks from being an entirely gratuitous special
1259 		   case. */
1260 		if (!je32_to_cpu(latest_node->isize))
1261 			latest_node->isize = latest_node->dsize;
1262 
1263 		if (f->inocache->state != INO_STATE_CHECKING) {
1264 			/* Symlink's inode data is the target path. Read it and
1265 			 * keep in RAM to facilitate quick follow symlink
1266 			 * operation. */
1267 			f->target = kmalloc(je32_to_cpu(latest_node->csize) + 1, GFP_KERNEL);
1268 			if (!f->target) {
1269 				JFFS2_ERROR("can't allocate %d bytes of memory for the symlink target path cache\n", je32_to_cpu(latest_node->csize));
1270 				mutex_unlock(&f->sem);
1271 				jffs2_do_clear_inode(c, f);
1272 				return -ENOMEM;
1273 			}
1274 
1275 			ret = jffs2_flash_read(c, ref_offset(rii.latest_ref) + sizeof(*latest_node),
1276 						je32_to_cpu(latest_node->csize), &retlen, (char *)f->target);
1277 
1278 			if (ret  || retlen != je32_to_cpu(latest_node->csize)) {
1279 				if (retlen != je32_to_cpu(latest_node->csize))
1280 					ret = -EIO;
1281 				kfree(f->target);
1282 				f->target = NULL;
1283 				mutex_unlock(&f->sem);
1284 				jffs2_do_clear_inode(c, f);
1285 				return ret;
1286 			}
1287 
1288 			f->target[je32_to_cpu(latest_node->csize)] = '\0';
1289 			dbg_readinode("symlink's target '%s' cached\n", f->target);
1290 		}
1291 
1292 		/* fall through... */
1293 
1294 	case S_IFBLK:
1295 	case S_IFCHR:
1296 		/* Certain inode types should have only one data node, and it's
1297 		   kept as the metadata node */
1298 		if (f->metadata) {
1299 			JFFS2_ERROR("Argh. Special inode #%u with mode 0%o had metadata node\n",
1300 			       f->inocache->ino, jemode_to_cpu(latest_node->mode));
1301 			mutex_unlock(&f->sem);
1302 			jffs2_do_clear_inode(c, f);
1303 			return -EIO;
1304 		}
1305 		if (!frag_first(&f->fragtree)) {
1306 			JFFS2_ERROR("Argh. Special inode #%u with mode 0%o has no fragments\n",
1307 			       f->inocache->ino, jemode_to_cpu(latest_node->mode));
1308 			mutex_unlock(&f->sem);
1309 			jffs2_do_clear_inode(c, f);
1310 			return -EIO;
1311 		}
1312 		/* ASSERT: f->fraglist != NULL */
1313 		if (frag_next(frag_first(&f->fragtree))) {
1314 			JFFS2_ERROR("Argh. Special inode #%u with mode 0x%x had more than one node\n",
1315 			       f->inocache->ino, jemode_to_cpu(latest_node->mode));
1316 			/* FIXME: Deal with it - check crc32, check for duplicate node, check times and discard the older one */
1317 			mutex_unlock(&f->sem);
1318 			jffs2_do_clear_inode(c, f);
1319 			return -EIO;
1320 		}
1321 		/* OK. We're happy */
1322 		f->metadata = frag_first(&f->fragtree)->node;
1323 		jffs2_free_node_frag(frag_first(&f->fragtree));
1324 		f->fragtree = RB_ROOT;
1325 		break;
1326 	}
1327 	if (f->inocache->state == INO_STATE_READING)
1328 		jffs2_set_inocache_state(c, f->inocache, INO_STATE_PRESENT);
1329 
1330 	return 0;
1331 }
1332 
1333 /* Scan the list of all nodes present for this ino, build map of versions, etc. */
1334 int jffs2_do_read_inode(struct jffs2_sb_info *c, struct jffs2_inode_info *f,
1335 			uint32_t ino, struct jffs2_raw_inode *latest_node)
1336 {
1337 	dbg_readinode("read inode #%u\n", ino);
1338 
1339  retry_inocache:
1340 	spin_lock(&c->inocache_lock);
1341 	f->inocache = jffs2_get_ino_cache(c, ino);
1342 
1343 	if (f->inocache) {
1344 		/* Check its state. We may need to wait before we can use it */
1345 		switch(f->inocache->state) {
1346 		case INO_STATE_UNCHECKED:
1347 		case INO_STATE_CHECKEDABSENT:
1348 			f->inocache->state = INO_STATE_READING;
1349 			break;
1350 
1351 		case INO_STATE_CHECKING:
1352 		case INO_STATE_GC:
1353 			/* If it's in either of these states, we need
1354 			   to wait for whoever's got it to finish and
1355 			   put it back. */
1356 			dbg_readinode("waiting for ino #%u in state %d\n", ino, f->inocache->state);
1357 			sleep_on_spinunlock(&c->inocache_wq, &c->inocache_lock);
1358 			goto retry_inocache;
1359 
1360 		case INO_STATE_READING:
1361 		case INO_STATE_PRESENT:
1362 			/* Eep. This should never happen. It can
1363 			happen if Linux calls read_inode() again
1364 			before clear_inode() has finished though. */
1365 			JFFS2_ERROR("Eep. Trying to read_inode #%u when it's already in state %d!\n", ino, f->inocache->state);
1366 			/* Fail. That's probably better than allowing it to succeed */
1367 			f->inocache = NULL;
1368 			break;
1369 
1370 		default:
1371 			BUG();
1372 		}
1373 	}
1374 	spin_unlock(&c->inocache_lock);
1375 
1376 	if (!f->inocache && ino == 1) {
1377 		/* Special case - no root inode on medium */
1378 		f->inocache = jffs2_alloc_inode_cache();
1379 		if (!f->inocache) {
1380 			JFFS2_ERROR("cannot allocate inocache for root inode\n");
1381 			return -ENOMEM;
1382 		}
1383 		dbg_readinode("creating inocache for root inode\n");
1384 		memset(f->inocache, 0, sizeof(struct jffs2_inode_cache));
1385 		f->inocache->ino = f->inocache->pino_nlink = 1;
1386 		f->inocache->nodes = (struct jffs2_raw_node_ref *)f->inocache;
1387 		f->inocache->state = INO_STATE_READING;
1388 		jffs2_add_ino_cache(c, f->inocache);
1389 	}
1390 	if (!f->inocache) {
1391 		JFFS2_ERROR("requestied to read an nonexistent ino %u\n", ino);
1392 		return -ENOENT;
1393 	}
1394 
1395 	return jffs2_do_read_inode_internal(c, f, latest_node);
1396 }
1397 
1398 int jffs2_do_crccheck_inode(struct jffs2_sb_info *c, struct jffs2_inode_cache *ic)
1399 {
1400 	struct jffs2_raw_inode n;
1401 	struct jffs2_inode_info *f = kzalloc(sizeof(*f), GFP_KERNEL);
1402 	int ret;
1403 
1404 	if (!f)
1405 		return -ENOMEM;
1406 
1407 	mutex_init(&f->sem);
1408 	mutex_lock(&f->sem);
1409 	f->inocache = ic;
1410 
1411 	ret = jffs2_do_read_inode_internal(c, f, &n);
1412 	if (!ret) {
1413 		mutex_unlock(&f->sem);
1414 		jffs2_do_clear_inode(c, f);
1415 	}
1416 	kfree (f);
1417 	return ret;
1418 }
1419 
1420 void jffs2_do_clear_inode(struct jffs2_sb_info *c, struct jffs2_inode_info *f)
1421 {
1422 	struct jffs2_full_dirent *fd, *fds;
1423 	int deleted;
1424 
1425 	jffs2_xattr_delete_inode(c, f->inocache);
1426 	mutex_lock(&f->sem);
1427 	deleted = f->inocache && !f->inocache->pino_nlink;
1428 
1429 	if (f->inocache && f->inocache->state != INO_STATE_CHECKING)
1430 		jffs2_set_inocache_state(c, f->inocache, INO_STATE_CLEARING);
1431 
1432 	if (f->metadata) {
1433 		if (deleted)
1434 			jffs2_mark_node_obsolete(c, f->metadata->raw);
1435 		jffs2_free_full_dnode(f->metadata);
1436 	}
1437 
1438 	jffs2_kill_fragtree(&f->fragtree, deleted?c:NULL);
1439 
1440 	if (f->target) {
1441 		kfree(f->target);
1442 		f->target = NULL;
1443 	}
1444 
1445 	fds = f->dents;
1446 	while(fds) {
1447 		fd = fds;
1448 		fds = fd->next;
1449 		jffs2_free_full_dirent(fd);
1450 	}
1451 
1452 	if (f->inocache && f->inocache->state != INO_STATE_CHECKING) {
1453 		jffs2_set_inocache_state(c, f->inocache, INO_STATE_CHECKEDABSENT);
1454 		if (f->inocache->nodes == (void *)f->inocache)
1455 			jffs2_del_ino_cache(c, f->inocache);
1456 	}
1457 
1458 	mutex_unlock(&f->sem);
1459 }
1460