1 /* 2 * This file is part of UBIFS. 3 * 4 * Copyright (C) 2006-2008 Nokia Corporation 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 as published by 8 * the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, but WITHOUT 11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 13 * more details. 14 * 15 * You should have received a copy of the GNU General Public License along with 16 * this program; if not, write to the Free Software Foundation, Inc., 51 17 * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 18 * 19 * Authors: Adrian Hunter 20 * Artem Bityutskiy (Битюцкий Артём) 21 */ 22 23 /* 24 * This file implements functions needed to recover from unclean un-mounts. 25 * When UBIFS is mounted, it checks a flag on the master node to determine if 26 * an un-mount was completed successfully. If not, the process of mounting 27 * incorparates additional checking and fixing of on-flash data structures. 28 * UBIFS always cleans away all remnants of an unclean un-mount, so that 29 * errors do not accumulate. However UBIFS defers recovery if it is mounted 30 * read-only, and the flash is not modified in that case. 31 */ 32 33 #include <linux/crc32.h> 34 #include "ubifs.h" 35 36 /** 37 * is_empty - determine whether a buffer is empty (contains all 0xff). 38 * @buf: buffer to clean 39 * @len: length of buffer 40 * 41 * This function returns %1 if the buffer is empty (contains all 0xff) otherwise 42 * %0 is returned. 43 */ 44 static int is_empty(void *buf, int len) 45 { 46 uint8_t *p = buf; 47 int i; 48 49 for (i = 0; i < len; i++) 50 if (*p++ != 0xff) 51 return 0; 52 return 1; 53 } 54 55 /** 56 * first_non_ff - find offset of the first non-0xff byte. 57 * @buf: buffer to search in 58 * @len: length of buffer 59 * 60 * This function returns offset of the first non-0xff byte in @buf or %-1 if 61 * the buffer contains only 0xff bytes. 62 */ 63 static int first_non_ff(void *buf, int len) 64 { 65 uint8_t *p = buf; 66 int i; 67 68 for (i = 0; i < len; i++) 69 if (*p++ != 0xff) 70 return i; 71 return -1; 72 } 73 74 /** 75 * get_master_node - get the last valid master node allowing for corruption. 76 * @c: UBIFS file-system description object 77 * @lnum: LEB number 78 * @pbuf: buffer containing the LEB read, is returned here 79 * @mst: master node, if found, is returned here 80 * @cor: corruption, if found, is returned here 81 * 82 * This function allocates a buffer, reads the LEB into it, and finds and 83 * returns the last valid master node allowing for one area of corruption. 84 * The corrupt area, if there is one, must be consistent with the assumption 85 * that it is the result of an unclean unmount while the master node was being 86 * written. Under those circumstances, it is valid to use the previously written 87 * master node. 88 * 89 * This function returns %0 on success and a negative error code on failure. 90 */ 91 static int get_master_node(const struct ubifs_info *c, int lnum, void **pbuf, 92 struct ubifs_mst_node **mst, void **cor) 93 { 94 const int sz = c->mst_node_alsz; 95 int err, offs, len; 96 void *sbuf, *buf; 97 98 sbuf = vmalloc(c->leb_size); 99 if (!sbuf) 100 return -ENOMEM; 101 102 err = ubi_read(c->ubi, lnum, sbuf, 0, c->leb_size); 103 if (err && err != -EBADMSG) 104 goto out_free; 105 106 /* Find the first position that is definitely not a node */ 107 offs = 0; 108 buf = sbuf; 109 len = c->leb_size; 110 while (offs + UBIFS_MST_NODE_SZ <= c->leb_size) { 111 struct ubifs_ch *ch = buf; 112 113 if (le32_to_cpu(ch->magic) != UBIFS_NODE_MAGIC) 114 break; 115 offs += sz; 116 buf += sz; 117 len -= sz; 118 } 119 /* See if there was a valid master node before that */ 120 if (offs) { 121 int ret; 122 123 offs -= sz; 124 buf -= sz; 125 len += sz; 126 ret = ubifs_scan_a_node(c, buf, len, lnum, offs, 1); 127 if (ret != SCANNED_A_NODE && offs) { 128 /* Could have been corruption so check one place back */ 129 offs -= sz; 130 buf -= sz; 131 len += sz; 132 ret = ubifs_scan_a_node(c, buf, len, lnum, offs, 1); 133 if (ret != SCANNED_A_NODE) 134 /* 135 * We accept only one area of corruption because 136 * we are assuming that it was caused while 137 * trying to write a master node. 138 */ 139 goto out_err; 140 } 141 if (ret == SCANNED_A_NODE) { 142 struct ubifs_ch *ch = buf; 143 144 if (ch->node_type != UBIFS_MST_NODE) 145 goto out_err; 146 dbg_rcvry("found a master node at %d:%d", lnum, offs); 147 *mst = buf; 148 offs += sz; 149 buf += sz; 150 len -= sz; 151 } 152 } 153 /* Check for corruption */ 154 if (offs < c->leb_size) { 155 if (!is_empty(buf, min_t(int, len, sz))) { 156 *cor = buf; 157 dbg_rcvry("found corruption at %d:%d", lnum, offs); 158 } 159 offs += sz; 160 buf += sz; 161 len -= sz; 162 } 163 /* Check remaining empty space */ 164 if (offs < c->leb_size) 165 if (!is_empty(buf, len)) 166 goto out_err; 167 *pbuf = sbuf; 168 return 0; 169 170 out_err: 171 err = -EINVAL; 172 out_free: 173 vfree(sbuf); 174 *mst = NULL; 175 *cor = NULL; 176 return err; 177 } 178 179 /** 180 * write_rcvrd_mst_node - write recovered master node. 181 * @c: UBIFS file-system description object 182 * @mst: master node 183 * 184 * This function returns %0 on success and a negative error code on failure. 185 */ 186 static int write_rcvrd_mst_node(struct ubifs_info *c, 187 struct ubifs_mst_node *mst) 188 { 189 int err = 0, lnum = UBIFS_MST_LNUM, sz = c->mst_node_alsz; 190 __le32 save_flags; 191 192 dbg_rcvry("recovery"); 193 194 save_flags = mst->flags; 195 mst->flags |= cpu_to_le32(UBIFS_MST_RCVRY); 196 197 ubifs_prepare_node(c, mst, UBIFS_MST_NODE_SZ, 1); 198 err = ubi_leb_change(c->ubi, lnum, mst, sz, UBI_SHORTTERM); 199 if (err) 200 goto out; 201 err = ubi_leb_change(c->ubi, lnum + 1, mst, sz, UBI_SHORTTERM); 202 if (err) 203 goto out; 204 out: 205 mst->flags = save_flags; 206 return err; 207 } 208 209 /** 210 * ubifs_recover_master_node - recover the master node. 211 * @c: UBIFS file-system description object 212 * 213 * This function recovers the master node from corruption that may occur due to 214 * an unclean unmount. 215 * 216 * This function returns %0 on success and a negative error code on failure. 217 */ 218 int ubifs_recover_master_node(struct ubifs_info *c) 219 { 220 void *buf1 = NULL, *buf2 = NULL, *cor1 = NULL, *cor2 = NULL; 221 struct ubifs_mst_node *mst1 = NULL, *mst2 = NULL, *mst; 222 const int sz = c->mst_node_alsz; 223 int err, offs1, offs2; 224 225 dbg_rcvry("recovery"); 226 227 err = get_master_node(c, UBIFS_MST_LNUM, &buf1, &mst1, &cor1); 228 if (err) 229 goto out_free; 230 231 err = get_master_node(c, UBIFS_MST_LNUM + 1, &buf2, &mst2, &cor2); 232 if (err) 233 goto out_free; 234 235 if (mst1) { 236 offs1 = (void *)mst1 - buf1; 237 if ((le32_to_cpu(mst1->flags) & UBIFS_MST_RCVRY) && 238 (offs1 == 0 && !cor1)) { 239 /* 240 * mst1 was written by recovery at offset 0 with no 241 * corruption. 242 */ 243 dbg_rcvry("recovery recovery"); 244 mst = mst1; 245 } else if (mst2) { 246 offs2 = (void *)mst2 - buf2; 247 if (offs1 == offs2) { 248 /* Same offset, so must be the same */ 249 if (memcmp((void *)mst1 + UBIFS_CH_SZ, 250 (void *)mst2 + UBIFS_CH_SZ, 251 UBIFS_MST_NODE_SZ - UBIFS_CH_SZ)) 252 goto out_err; 253 mst = mst1; 254 } else if (offs2 + sz == offs1) { 255 /* 1st LEB was written, 2nd was not */ 256 if (cor1) 257 goto out_err; 258 mst = mst1; 259 } else if (offs1 == 0 && offs2 + sz >= c->leb_size) { 260 /* 1st LEB was unmapped and written, 2nd not */ 261 if (cor1) 262 goto out_err; 263 mst = mst1; 264 } else 265 goto out_err; 266 } else { 267 /* 268 * 2nd LEB was unmapped and about to be written, so 269 * there must be only one master node in the first LEB 270 * and no corruption. 271 */ 272 if (offs1 != 0 || cor1) 273 goto out_err; 274 mst = mst1; 275 } 276 } else { 277 if (!mst2) 278 goto out_err; 279 /* 280 * 1st LEB was unmapped and about to be written, so there must 281 * be no room left in 2nd LEB. 282 */ 283 offs2 = (void *)mst2 - buf2; 284 if (offs2 + sz + sz <= c->leb_size) 285 goto out_err; 286 mst = mst2; 287 } 288 289 ubifs_msg("recovered master node from LEB %d", 290 (mst == mst1 ? UBIFS_MST_LNUM : UBIFS_MST_LNUM + 1)); 291 292 memcpy(c->mst_node, mst, UBIFS_MST_NODE_SZ); 293 294 if ((c->vfs_sb->s_flags & MS_RDONLY)) { 295 /* Read-only mode. Keep a copy for switching to rw mode */ 296 c->rcvrd_mst_node = kmalloc(sz, GFP_KERNEL); 297 if (!c->rcvrd_mst_node) { 298 err = -ENOMEM; 299 goto out_free; 300 } 301 memcpy(c->rcvrd_mst_node, c->mst_node, UBIFS_MST_NODE_SZ); 302 } else { 303 /* Write the recovered master node */ 304 c->max_sqnum = le64_to_cpu(mst->ch.sqnum) - 1; 305 err = write_rcvrd_mst_node(c, c->mst_node); 306 if (err) 307 goto out_free; 308 } 309 310 vfree(buf2); 311 vfree(buf1); 312 313 return 0; 314 315 out_err: 316 err = -EINVAL; 317 out_free: 318 ubifs_err("failed to recover master node"); 319 if (mst1) { 320 dbg_err("dumping first master node"); 321 dbg_dump_node(c, mst1); 322 } 323 if (mst2) { 324 dbg_err("dumping second master node"); 325 dbg_dump_node(c, mst2); 326 } 327 vfree(buf2); 328 vfree(buf1); 329 return err; 330 } 331 332 /** 333 * ubifs_write_rcvrd_mst_node - write the recovered master node. 334 * @c: UBIFS file-system description object 335 * 336 * This function writes the master node that was recovered during mounting in 337 * read-only mode and must now be written because we are remounting rw. 338 * 339 * This function returns %0 on success and a negative error code on failure. 340 */ 341 int ubifs_write_rcvrd_mst_node(struct ubifs_info *c) 342 { 343 int err; 344 345 if (!c->rcvrd_mst_node) 346 return 0; 347 c->rcvrd_mst_node->flags |= cpu_to_le32(UBIFS_MST_DIRTY); 348 c->mst_node->flags |= cpu_to_le32(UBIFS_MST_DIRTY); 349 err = write_rcvrd_mst_node(c, c->rcvrd_mst_node); 350 if (err) 351 return err; 352 kfree(c->rcvrd_mst_node); 353 c->rcvrd_mst_node = NULL; 354 return 0; 355 } 356 357 /** 358 * is_last_write - determine if an offset was in the last write to a LEB. 359 * @c: UBIFS file-system description object 360 * @buf: buffer to check 361 * @offs: offset to check 362 * 363 * This function returns %1 if @offs was in the last write to the LEB whose data 364 * is in @buf, otherwise %0 is returned. The determination is made by checking 365 * for subsequent empty space starting from the next @c->min_io_size boundary. 366 */ 367 static int is_last_write(const struct ubifs_info *c, void *buf, int offs) 368 { 369 int empty_offs, check_len; 370 uint8_t *p; 371 372 /* 373 * Round up to the next @c->min_io_size boundary i.e. @offs is in the 374 * last wbuf written. After that should be empty space. 375 */ 376 empty_offs = ALIGN(offs + 1, c->min_io_size); 377 check_len = c->leb_size - empty_offs; 378 p = buf + empty_offs - offs; 379 return is_empty(p, check_len); 380 } 381 382 /** 383 * clean_buf - clean the data from an LEB sitting in a buffer. 384 * @c: UBIFS file-system description object 385 * @buf: buffer to clean 386 * @lnum: LEB number to clean 387 * @offs: offset from which to clean 388 * @len: length of buffer 389 * 390 * This function pads up to the next min_io_size boundary (if there is one) and 391 * sets empty space to all 0xff. @buf, @offs and @len are updated to the next 392 * @c->min_io_size boundary. 393 */ 394 static void clean_buf(const struct ubifs_info *c, void **buf, int lnum, 395 int *offs, int *len) 396 { 397 int empty_offs, pad_len; 398 399 lnum = lnum; 400 dbg_rcvry("cleaning corruption at %d:%d", lnum, *offs); 401 402 ubifs_assert(!(*offs & 7)); 403 empty_offs = ALIGN(*offs, c->min_io_size); 404 pad_len = empty_offs - *offs; 405 ubifs_pad(c, *buf, pad_len); 406 *offs += pad_len; 407 *buf += pad_len; 408 *len -= pad_len; 409 memset(*buf, 0xff, c->leb_size - empty_offs); 410 } 411 412 /** 413 * no_more_nodes - determine if there are no more nodes in a buffer. 414 * @c: UBIFS file-system description object 415 * @buf: buffer to check 416 * @len: length of buffer 417 * @lnum: LEB number of the LEB from which @buf was read 418 * @offs: offset from which @buf was read 419 * 420 * This function ensures that the corrupted node at @offs is the last thing 421 * written to a LEB. This function returns %1 if more data is not found and 422 * %0 if more data is found. 423 */ 424 static int no_more_nodes(const struct ubifs_info *c, void *buf, int len, 425 int lnum, int offs) 426 { 427 struct ubifs_ch *ch = buf; 428 int skip, dlen = le32_to_cpu(ch->len); 429 430 /* Check for empty space after the corrupt node's common header */ 431 skip = ALIGN(offs + UBIFS_CH_SZ, c->min_io_size) - offs; 432 if (is_empty(buf + skip, len - skip)) 433 return 1; 434 /* 435 * The area after the common header size is not empty, so the common 436 * header must be intact. Check it. 437 */ 438 if (ubifs_check_node(c, buf, lnum, offs, 1, 0) != -EUCLEAN) { 439 dbg_rcvry("unexpected bad common header at %d:%d", lnum, offs); 440 return 0; 441 } 442 /* Now we know the corrupt node's length we can skip over it */ 443 skip = ALIGN(offs + dlen, c->min_io_size) - offs; 444 /* After which there should be empty space */ 445 if (is_empty(buf + skip, len - skip)) 446 return 1; 447 dbg_rcvry("unexpected data at %d:%d", lnum, offs + skip); 448 return 0; 449 } 450 451 /** 452 * fix_unclean_leb - fix an unclean LEB. 453 * @c: UBIFS file-system description object 454 * @sleb: scanned LEB information 455 * @start: offset where scan started 456 */ 457 static int fix_unclean_leb(struct ubifs_info *c, struct ubifs_scan_leb *sleb, 458 int start) 459 { 460 int lnum = sleb->lnum, endpt = start; 461 462 /* Get the end offset of the last node we are keeping */ 463 if (!list_empty(&sleb->nodes)) { 464 struct ubifs_scan_node *snod; 465 466 snod = list_entry(sleb->nodes.prev, 467 struct ubifs_scan_node, list); 468 endpt = snod->offs + snod->len; 469 } 470 471 if ((c->vfs_sb->s_flags & MS_RDONLY) && !c->remounting_rw) { 472 /* Add to recovery list */ 473 struct ubifs_unclean_leb *ucleb; 474 475 dbg_rcvry("need to fix LEB %d start %d endpt %d", 476 lnum, start, sleb->endpt); 477 ucleb = kzalloc(sizeof(struct ubifs_unclean_leb), GFP_NOFS); 478 if (!ucleb) 479 return -ENOMEM; 480 ucleb->lnum = lnum; 481 ucleb->endpt = endpt; 482 list_add_tail(&ucleb->list, &c->unclean_leb_list); 483 } else { 484 /* Write the fixed LEB back to flash */ 485 int err; 486 487 dbg_rcvry("fixing LEB %d start %d endpt %d", 488 lnum, start, sleb->endpt); 489 if (endpt == 0) { 490 err = ubifs_leb_unmap(c, lnum); 491 if (err) 492 return err; 493 } else { 494 int len = ALIGN(endpt, c->min_io_size); 495 496 if (start) { 497 err = ubi_read(c->ubi, lnum, sleb->buf, 0, 498 start); 499 if (err) 500 return err; 501 } 502 /* Pad to min_io_size */ 503 if (len > endpt) { 504 int pad_len = len - ALIGN(endpt, 8); 505 506 if (pad_len > 0) { 507 void *buf = sleb->buf + len - pad_len; 508 509 ubifs_pad(c, buf, pad_len); 510 } 511 } 512 err = ubi_leb_change(c->ubi, lnum, sleb->buf, len, 513 UBI_UNKNOWN); 514 if (err) 515 return err; 516 } 517 } 518 return 0; 519 } 520 521 /** 522 * drop_incomplete_group - drop nodes from an incomplete group. 523 * @sleb: scanned LEB information 524 * @offs: offset of dropped nodes is returned here 525 * 526 * This function returns %1 if nodes are dropped and %0 otherwise. 527 */ 528 static int drop_incomplete_group(struct ubifs_scan_leb *sleb, int *offs) 529 { 530 int dropped = 0; 531 532 while (!list_empty(&sleb->nodes)) { 533 struct ubifs_scan_node *snod; 534 struct ubifs_ch *ch; 535 536 snod = list_entry(sleb->nodes.prev, struct ubifs_scan_node, 537 list); 538 ch = snod->node; 539 if (ch->group_type != UBIFS_IN_NODE_GROUP) 540 return dropped; 541 dbg_rcvry("dropping node at %d:%d", sleb->lnum, snod->offs); 542 *offs = snod->offs; 543 list_del(&snod->list); 544 kfree(snod); 545 sleb->nodes_cnt -= 1; 546 dropped = 1; 547 } 548 return dropped; 549 } 550 551 /** 552 * ubifs_recover_leb - scan and recover a LEB. 553 * @c: UBIFS file-system description object 554 * @lnum: LEB number 555 * @offs: offset 556 * @sbuf: LEB-sized buffer to use 557 * @grouped: nodes may be grouped for recovery 558 * 559 * This function does a scan of a LEB, but caters for errors that might have 560 * been caused by the unclean unmount from which we are attempting to recover. 561 * Returns %0 in case of success, %-EUCLEAN if an unrecoverable corruption is 562 * found, and a negative error code in case of failure. 563 */ 564 struct ubifs_scan_leb *ubifs_recover_leb(struct ubifs_info *c, int lnum, 565 int offs, void *sbuf, int grouped) 566 { 567 int err, len = c->leb_size - offs, need_clean = 0, quiet = 1; 568 int empty_chkd = 0, start = offs; 569 struct ubifs_scan_leb *sleb; 570 void *buf = sbuf + offs; 571 572 dbg_rcvry("%d:%d", lnum, offs); 573 574 sleb = ubifs_start_scan(c, lnum, offs, sbuf); 575 if (IS_ERR(sleb)) 576 return sleb; 577 578 if (sleb->ecc) 579 need_clean = 1; 580 581 while (len >= 8) { 582 int ret; 583 584 dbg_scan("look at LEB %d:%d (%d bytes left)", 585 lnum, offs, len); 586 587 cond_resched(); 588 589 /* 590 * Scan quietly until there is an error from which we cannot 591 * recover 592 */ 593 ret = ubifs_scan_a_node(c, buf, len, lnum, offs, quiet); 594 595 if (ret == SCANNED_A_NODE) { 596 /* A valid node, and not a padding node */ 597 struct ubifs_ch *ch = buf; 598 int node_len; 599 600 err = ubifs_add_snod(c, sleb, buf, offs); 601 if (err) 602 goto error; 603 node_len = ALIGN(le32_to_cpu(ch->len), 8); 604 offs += node_len; 605 buf += node_len; 606 len -= node_len; 607 continue; 608 } 609 610 if (ret > 0) { 611 /* Padding bytes or a valid padding node */ 612 offs += ret; 613 buf += ret; 614 len -= ret; 615 continue; 616 } 617 618 if (ret == SCANNED_EMPTY_SPACE) { 619 if (!is_empty(buf, len)) { 620 if (!is_last_write(c, buf, offs)) 621 break; 622 clean_buf(c, &buf, lnum, &offs, &len); 623 need_clean = 1; 624 } 625 empty_chkd = 1; 626 break; 627 } 628 629 if (ret == SCANNED_GARBAGE || ret == SCANNED_A_BAD_PAD_NODE) 630 if (is_last_write(c, buf, offs)) { 631 clean_buf(c, &buf, lnum, &offs, &len); 632 need_clean = 1; 633 empty_chkd = 1; 634 break; 635 } 636 637 if (ret == SCANNED_A_CORRUPT_NODE) 638 if (no_more_nodes(c, buf, len, lnum, offs)) { 639 clean_buf(c, &buf, lnum, &offs, &len); 640 need_clean = 1; 641 empty_chkd = 1; 642 break; 643 } 644 645 if (quiet) { 646 /* Redo the last scan but noisily */ 647 quiet = 0; 648 continue; 649 } 650 651 switch (ret) { 652 case SCANNED_GARBAGE: 653 dbg_err("garbage"); 654 goto corrupted; 655 case SCANNED_A_CORRUPT_NODE: 656 case SCANNED_A_BAD_PAD_NODE: 657 dbg_err("bad node"); 658 goto corrupted; 659 default: 660 dbg_err("unknown"); 661 err = -EINVAL; 662 goto error; 663 } 664 } 665 666 if (!empty_chkd && !is_empty(buf, len)) { 667 if (is_last_write(c, buf, offs)) { 668 clean_buf(c, &buf, lnum, &offs, &len); 669 need_clean = 1; 670 } else { 671 int corruption = first_non_ff(buf, len); 672 673 ubifs_err("corrupt empty space LEB %d:%d, corruption " 674 "starts at %d", lnum, offs, corruption); 675 /* Make sure we dump interesting non-0xFF data */ 676 offs = corruption; 677 buf += corruption; 678 goto corrupted; 679 } 680 } 681 682 /* Drop nodes from incomplete group */ 683 if (grouped && drop_incomplete_group(sleb, &offs)) { 684 buf = sbuf + offs; 685 len = c->leb_size - offs; 686 clean_buf(c, &buf, lnum, &offs, &len); 687 need_clean = 1; 688 } 689 690 if (offs % c->min_io_size) { 691 clean_buf(c, &buf, lnum, &offs, &len); 692 need_clean = 1; 693 } 694 695 ubifs_end_scan(c, sleb, lnum, offs); 696 697 if (need_clean) { 698 err = fix_unclean_leb(c, sleb, start); 699 if (err) 700 goto error; 701 } 702 703 return sleb; 704 705 corrupted: 706 ubifs_scanned_corruption(c, lnum, offs, buf); 707 err = -EUCLEAN; 708 error: 709 ubifs_err("LEB %d scanning failed", lnum); 710 ubifs_scan_destroy(sleb); 711 return ERR_PTR(err); 712 } 713 714 /** 715 * get_cs_sqnum - get commit start sequence number. 716 * @c: UBIFS file-system description object 717 * @lnum: LEB number of commit start node 718 * @offs: offset of commit start node 719 * @cs_sqnum: commit start sequence number is returned here 720 * 721 * This function returns %0 on success and a negative error code on failure. 722 */ 723 static int get_cs_sqnum(struct ubifs_info *c, int lnum, int offs, 724 unsigned long long *cs_sqnum) 725 { 726 struct ubifs_cs_node *cs_node = NULL; 727 int err, ret; 728 729 dbg_rcvry("at %d:%d", lnum, offs); 730 cs_node = kmalloc(UBIFS_CS_NODE_SZ, GFP_KERNEL); 731 if (!cs_node) 732 return -ENOMEM; 733 if (c->leb_size - offs < UBIFS_CS_NODE_SZ) 734 goto out_err; 735 err = ubi_read(c->ubi, lnum, (void *)cs_node, offs, UBIFS_CS_NODE_SZ); 736 if (err && err != -EBADMSG) 737 goto out_free; 738 ret = ubifs_scan_a_node(c, cs_node, UBIFS_CS_NODE_SZ, lnum, offs, 0); 739 if (ret != SCANNED_A_NODE) { 740 dbg_err("Not a valid node"); 741 goto out_err; 742 } 743 if (cs_node->ch.node_type != UBIFS_CS_NODE) { 744 dbg_err("Node a CS node, type is %d", cs_node->ch.node_type); 745 goto out_err; 746 } 747 if (le64_to_cpu(cs_node->cmt_no) != c->cmt_no) { 748 dbg_err("CS node cmt_no %llu != current cmt_no %llu", 749 (unsigned long long)le64_to_cpu(cs_node->cmt_no), 750 c->cmt_no); 751 goto out_err; 752 } 753 *cs_sqnum = le64_to_cpu(cs_node->ch.sqnum); 754 dbg_rcvry("commit start sqnum %llu", *cs_sqnum); 755 kfree(cs_node); 756 return 0; 757 758 out_err: 759 err = -EINVAL; 760 out_free: 761 ubifs_err("failed to get CS sqnum"); 762 kfree(cs_node); 763 return err; 764 } 765 766 /** 767 * ubifs_recover_log_leb - scan and recover a log LEB. 768 * @c: UBIFS file-system description object 769 * @lnum: LEB number 770 * @offs: offset 771 * @sbuf: LEB-sized buffer to use 772 * 773 * This function does a scan of a LEB, but caters for errors that might have 774 * been caused by the unclean unmount from which we are attempting to recover. 775 * 776 * This function returns %0 on success and a negative error code on failure. 777 */ 778 struct ubifs_scan_leb *ubifs_recover_log_leb(struct ubifs_info *c, int lnum, 779 int offs, void *sbuf) 780 { 781 struct ubifs_scan_leb *sleb; 782 int next_lnum; 783 784 dbg_rcvry("LEB %d", lnum); 785 next_lnum = lnum + 1; 786 if (next_lnum >= UBIFS_LOG_LNUM + c->log_lebs) 787 next_lnum = UBIFS_LOG_LNUM; 788 if (next_lnum != c->ltail_lnum) { 789 /* 790 * We can only recover at the end of the log, so check that the 791 * next log LEB is empty or out of date. 792 */ 793 sleb = ubifs_scan(c, next_lnum, 0, sbuf, 0); 794 if (IS_ERR(sleb)) 795 return sleb; 796 if (sleb->nodes_cnt) { 797 struct ubifs_scan_node *snod; 798 unsigned long long cs_sqnum = c->cs_sqnum; 799 800 snod = list_entry(sleb->nodes.next, 801 struct ubifs_scan_node, list); 802 if (cs_sqnum == 0) { 803 int err; 804 805 err = get_cs_sqnum(c, lnum, offs, &cs_sqnum); 806 if (err) { 807 ubifs_scan_destroy(sleb); 808 return ERR_PTR(err); 809 } 810 } 811 if (snod->sqnum > cs_sqnum) { 812 ubifs_err("unrecoverable log corruption " 813 "in LEB %d", lnum); 814 ubifs_scan_destroy(sleb); 815 return ERR_PTR(-EUCLEAN); 816 } 817 } 818 ubifs_scan_destroy(sleb); 819 } 820 return ubifs_recover_leb(c, lnum, offs, sbuf, 0); 821 } 822 823 /** 824 * recover_head - recover a head. 825 * @c: UBIFS file-system description object 826 * @lnum: LEB number of head to recover 827 * @offs: offset of head to recover 828 * @sbuf: LEB-sized buffer to use 829 * 830 * This function ensures that there is no data on the flash at a head location. 831 * 832 * This function returns %0 on success and a negative error code on failure. 833 */ 834 static int recover_head(const struct ubifs_info *c, int lnum, int offs, 835 void *sbuf) 836 { 837 int len, err; 838 839 if (c->min_io_size > 1) 840 len = c->min_io_size; 841 else 842 len = 512; 843 if (offs + len > c->leb_size) 844 len = c->leb_size - offs; 845 846 if (!len) 847 return 0; 848 849 /* Read at the head location and check it is empty flash */ 850 err = ubi_read(c->ubi, lnum, sbuf, offs, len); 851 if (err || !is_empty(sbuf, len)) { 852 dbg_rcvry("cleaning head at %d:%d", lnum, offs); 853 if (offs == 0) 854 return ubifs_leb_unmap(c, lnum); 855 err = ubi_read(c->ubi, lnum, sbuf, 0, offs); 856 if (err) 857 return err; 858 return ubi_leb_change(c->ubi, lnum, sbuf, offs, UBI_UNKNOWN); 859 } 860 861 return 0; 862 } 863 864 /** 865 * ubifs_recover_inl_heads - recover index and LPT heads. 866 * @c: UBIFS file-system description object 867 * @sbuf: LEB-sized buffer to use 868 * 869 * This function ensures that there is no data on the flash at the index and 870 * LPT head locations. 871 * 872 * This deals with the recovery of a half-completed journal commit. UBIFS is 873 * careful never to overwrite the last version of the index or the LPT. Because 874 * the index and LPT are wandering trees, data from a half-completed commit will 875 * not be referenced anywhere in UBIFS. The data will be either in LEBs that are 876 * assumed to be empty and will be unmapped anyway before use, or in the index 877 * and LPT heads. 878 * 879 * This function returns %0 on success and a negative error code on failure. 880 */ 881 int ubifs_recover_inl_heads(const struct ubifs_info *c, void *sbuf) 882 { 883 int err; 884 885 ubifs_assert(!(c->vfs_sb->s_flags & MS_RDONLY) || c->remounting_rw); 886 887 dbg_rcvry("checking index head at %d:%d", c->ihead_lnum, c->ihead_offs); 888 err = recover_head(c, c->ihead_lnum, c->ihead_offs, sbuf); 889 if (err) 890 return err; 891 892 dbg_rcvry("checking LPT head at %d:%d", c->nhead_lnum, c->nhead_offs); 893 err = recover_head(c, c->nhead_lnum, c->nhead_offs, sbuf); 894 if (err) 895 return err; 896 897 return 0; 898 } 899 900 /** 901 * clean_an_unclean_leb - read and write a LEB to remove corruption. 902 * @c: UBIFS file-system description object 903 * @ucleb: unclean LEB information 904 * @sbuf: LEB-sized buffer to use 905 * 906 * This function reads a LEB up to a point pre-determined by the mount recovery, 907 * checks the nodes, and writes the result back to the flash, thereby cleaning 908 * off any following corruption, or non-fatal ECC errors. 909 * 910 * This function returns %0 on success and a negative error code on failure. 911 */ 912 static int clean_an_unclean_leb(const struct ubifs_info *c, 913 struct ubifs_unclean_leb *ucleb, void *sbuf) 914 { 915 int err, lnum = ucleb->lnum, offs = 0, len = ucleb->endpt, quiet = 1; 916 void *buf = sbuf; 917 918 dbg_rcvry("LEB %d len %d", lnum, len); 919 920 if (len == 0) { 921 /* Nothing to read, just unmap it */ 922 err = ubifs_leb_unmap(c, lnum); 923 if (err) 924 return err; 925 return 0; 926 } 927 928 err = ubi_read(c->ubi, lnum, buf, offs, len); 929 if (err && err != -EBADMSG) 930 return err; 931 932 while (len >= 8) { 933 int ret; 934 935 cond_resched(); 936 937 /* Scan quietly until there is an error */ 938 ret = ubifs_scan_a_node(c, buf, len, lnum, offs, quiet); 939 940 if (ret == SCANNED_A_NODE) { 941 /* A valid node, and not a padding node */ 942 struct ubifs_ch *ch = buf; 943 int node_len; 944 945 node_len = ALIGN(le32_to_cpu(ch->len), 8); 946 offs += node_len; 947 buf += node_len; 948 len -= node_len; 949 continue; 950 } 951 952 if (ret > 0) { 953 /* Padding bytes or a valid padding node */ 954 offs += ret; 955 buf += ret; 956 len -= ret; 957 continue; 958 } 959 960 if (ret == SCANNED_EMPTY_SPACE) { 961 ubifs_err("unexpected empty space at %d:%d", 962 lnum, offs); 963 return -EUCLEAN; 964 } 965 966 if (quiet) { 967 /* Redo the last scan but noisily */ 968 quiet = 0; 969 continue; 970 } 971 972 ubifs_scanned_corruption(c, lnum, offs, buf); 973 return -EUCLEAN; 974 } 975 976 /* Pad to min_io_size */ 977 len = ALIGN(ucleb->endpt, c->min_io_size); 978 if (len > ucleb->endpt) { 979 int pad_len = len - ALIGN(ucleb->endpt, 8); 980 981 if (pad_len > 0) { 982 buf = c->sbuf + len - pad_len; 983 ubifs_pad(c, buf, pad_len); 984 } 985 } 986 987 /* Write back the LEB atomically */ 988 err = ubi_leb_change(c->ubi, lnum, sbuf, len, UBI_UNKNOWN); 989 if (err) 990 return err; 991 992 dbg_rcvry("cleaned LEB %d", lnum); 993 994 return 0; 995 } 996 997 /** 998 * ubifs_clean_lebs - clean LEBs recovered during read-only mount. 999 * @c: UBIFS file-system description object 1000 * @sbuf: LEB-sized buffer to use 1001 * 1002 * This function cleans a LEB identified during recovery that needs to be 1003 * written but was not because UBIFS was mounted read-only. This happens when 1004 * remounting to read-write mode. 1005 * 1006 * This function returns %0 on success and a negative error code on failure. 1007 */ 1008 int ubifs_clean_lebs(const struct ubifs_info *c, void *sbuf) 1009 { 1010 dbg_rcvry("recovery"); 1011 while (!list_empty(&c->unclean_leb_list)) { 1012 struct ubifs_unclean_leb *ucleb; 1013 int err; 1014 1015 ucleb = list_entry(c->unclean_leb_list.next, 1016 struct ubifs_unclean_leb, list); 1017 err = clean_an_unclean_leb(c, ucleb, sbuf); 1018 if (err) 1019 return err; 1020 list_del(&ucleb->list); 1021 kfree(ucleb); 1022 } 1023 return 0; 1024 } 1025 1026 /** 1027 * ubifs_rcvry_gc_commit - recover the GC LEB number and run the commit. 1028 * @c: UBIFS file-system description object 1029 * 1030 * Out-of-place garbage collection requires always one empty LEB with which to 1031 * start garbage collection. The LEB number is recorded in c->gc_lnum and is 1032 * written to the master node on unmounting. In the case of an unclean unmount 1033 * the value of gc_lnum recorded in the master node is out of date and cannot 1034 * be used. Instead, recovery must allocate an empty LEB for this purpose. 1035 * However, there may not be enough empty space, in which case it must be 1036 * possible to GC the dirtiest LEB into the GC head LEB. 1037 * 1038 * This function also runs the commit which causes the TNC updates from 1039 * size-recovery and orphans to be written to the flash. That is important to 1040 * ensure correct replay order for subsequent mounts. 1041 * 1042 * This function returns %0 on success and a negative error code on failure. 1043 */ 1044 int ubifs_rcvry_gc_commit(struct ubifs_info *c) 1045 { 1046 struct ubifs_wbuf *wbuf = &c->jheads[GCHD].wbuf; 1047 struct ubifs_lprops lp; 1048 int lnum, err; 1049 1050 c->gc_lnum = -1; 1051 if (wbuf->lnum == -1) { 1052 dbg_rcvry("no GC head LEB"); 1053 goto find_free; 1054 } 1055 /* 1056 * See whether the used space in the dirtiest LEB fits in the GC head 1057 * LEB. 1058 */ 1059 if (wbuf->offs == c->leb_size) { 1060 dbg_rcvry("no room in GC head LEB"); 1061 goto find_free; 1062 } 1063 err = ubifs_find_dirty_leb(c, &lp, wbuf->offs, 2); 1064 if (err) { 1065 if (err == -ENOSPC) 1066 dbg_err("could not find a dirty LEB"); 1067 return err; 1068 } 1069 ubifs_assert(!(lp.flags & LPROPS_INDEX)); 1070 lnum = lp.lnum; 1071 if (lp.free + lp.dirty == c->leb_size) { 1072 /* An empty LEB was returned */ 1073 if (lp.free != c->leb_size) { 1074 err = ubifs_change_one_lp(c, lnum, c->leb_size, 1075 0, 0, 0, 0); 1076 if (err) 1077 return err; 1078 } 1079 err = ubifs_leb_unmap(c, lnum); 1080 if (err) 1081 return err; 1082 c->gc_lnum = lnum; 1083 dbg_rcvry("allocated LEB %d for GC", lnum); 1084 /* Run the commit */ 1085 dbg_rcvry("committing"); 1086 return ubifs_run_commit(c); 1087 } 1088 /* 1089 * There was no empty LEB so the used space in the dirtiest LEB must fit 1090 * in the GC head LEB. 1091 */ 1092 if (lp.free + lp.dirty < wbuf->offs) { 1093 dbg_rcvry("LEB %d doesn't fit in GC head LEB %d:%d", 1094 lnum, wbuf->lnum, wbuf->offs); 1095 err = ubifs_return_leb(c, lnum); 1096 if (err) 1097 return err; 1098 goto find_free; 1099 } 1100 /* 1101 * We run the commit before garbage collection otherwise subsequent 1102 * mounts will see the GC and orphan deletion in a different order. 1103 */ 1104 dbg_rcvry("committing"); 1105 err = ubifs_run_commit(c); 1106 if (err) 1107 return err; 1108 /* 1109 * The data in the dirtiest LEB fits in the GC head LEB, so do the GC 1110 * - use locking to keep 'ubifs_assert()' happy. 1111 */ 1112 dbg_rcvry("GC'ing LEB %d", lnum); 1113 mutex_lock_nested(&wbuf->io_mutex, wbuf->jhead); 1114 err = ubifs_garbage_collect_leb(c, &lp); 1115 if (err >= 0) { 1116 int err2 = ubifs_wbuf_sync_nolock(wbuf); 1117 1118 if (err2) 1119 err = err2; 1120 } 1121 mutex_unlock(&wbuf->io_mutex); 1122 if (err < 0) { 1123 dbg_err("GC failed, error %d", err); 1124 if (err == -EAGAIN) 1125 err = -EINVAL; 1126 return err; 1127 } 1128 if (err != LEB_RETAINED) { 1129 dbg_err("GC returned %d", err); 1130 return -EINVAL; 1131 } 1132 err = ubifs_leb_unmap(c, c->gc_lnum); 1133 if (err) 1134 return err; 1135 dbg_rcvry("allocated LEB %d for GC", lnum); 1136 return 0; 1137 1138 find_free: 1139 /* 1140 * There is no GC head LEB or the free space in the GC head LEB is too 1141 * small. Allocate gc_lnum by calling 'ubifs_find_free_leb_for_idx()' so 1142 * GC is not run. 1143 */ 1144 lnum = ubifs_find_free_leb_for_idx(c); 1145 if (lnum < 0) { 1146 dbg_err("could not find an empty LEB"); 1147 return lnum; 1148 } 1149 /* And reset the index flag */ 1150 err = ubifs_change_one_lp(c, lnum, LPROPS_NC, LPROPS_NC, 0, 1151 LPROPS_INDEX, 0); 1152 if (err) 1153 return err; 1154 c->gc_lnum = lnum; 1155 dbg_rcvry("allocated LEB %d for GC", lnum); 1156 /* Run the commit */ 1157 dbg_rcvry("committing"); 1158 return ubifs_run_commit(c); 1159 } 1160 1161 /** 1162 * struct size_entry - inode size information for recovery. 1163 * @rb: link in the RB-tree of sizes 1164 * @inum: inode number 1165 * @i_size: size on inode 1166 * @d_size: maximum size based on data nodes 1167 * @exists: indicates whether the inode exists 1168 * @inode: inode if pinned in memory awaiting rw mode to fix it 1169 */ 1170 struct size_entry { 1171 struct rb_node rb; 1172 ino_t inum; 1173 loff_t i_size; 1174 loff_t d_size; 1175 int exists; 1176 struct inode *inode; 1177 }; 1178 1179 /** 1180 * add_ino - add an entry to the size tree. 1181 * @c: UBIFS file-system description object 1182 * @inum: inode number 1183 * @i_size: size on inode 1184 * @d_size: maximum size based on data nodes 1185 * @exists: indicates whether the inode exists 1186 */ 1187 static int add_ino(struct ubifs_info *c, ino_t inum, loff_t i_size, 1188 loff_t d_size, int exists) 1189 { 1190 struct rb_node **p = &c->size_tree.rb_node, *parent = NULL; 1191 struct size_entry *e; 1192 1193 while (*p) { 1194 parent = *p; 1195 e = rb_entry(parent, struct size_entry, rb); 1196 if (inum < e->inum) 1197 p = &(*p)->rb_left; 1198 else 1199 p = &(*p)->rb_right; 1200 } 1201 1202 e = kzalloc(sizeof(struct size_entry), GFP_KERNEL); 1203 if (!e) 1204 return -ENOMEM; 1205 1206 e->inum = inum; 1207 e->i_size = i_size; 1208 e->d_size = d_size; 1209 e->exists = exists; 1210 1211 rb_link_node(&e->rb, parent, p); 1212 rb_insert_color(&e->rb, &c->size_tree); 1213 1214 return 0; 1215 } 1216 1217 /** 1218 * find_ino - find an entry on the size tree. 1219 * @c: UBIFS file-system description object 1220 * @inum: inode number 1221 */ 1222 static struct size_entry *find_ino(struct ubifs_info *c, ino_t inum) 1223 { 1224 struct rb_node *p = c->size_tree.rb_node; 1225 struct size_entry *e; 1226 1227 while (p) { 1228 e = rb_entry(p, struct size_entry, rb); 1229 if (inum < e->inum) 1230 p = p->rb_left; 1231 else if (inum > e->inum) 1232 p = p->rb_right; 1233 else 1234 return e; 1235 } 1236 return NULL; 1237 } 1238 1239 /** 1240 * remove_ino - remove an entry from the size tree. 1241 * @c: UBIFS file-system description object 1242 * @inum: inode number 1243 */ 1244 static void remove_ino(struct ubifs_info *c, ino_t inum) 1245 { 1246 struct size_entry *e = find_ino(c, inum); 1247 1248 if (!e) 1249 return; 1250 rb_erase(&e->rb, &c->size_tree); 1251 kfree(e); 1252 } 1253 1254 /** 1255 * ubifs_destroy_size_tree - free resources related to the size tree. 1256 * @c: UBIFS file-system description object 1257 */ 1258 void ubifs_destroy_size_tree(struct ubifs_info *c) 1259 { 1260 struct rb_node *this = c->size_tree.rb_node; 1261 struct size_entry *e; 1262 1263 while (this) { 1264 if (this->rb_left) { 1265 this = this->rb_left; 1266 continue; 1267 } else if (this->rb_right) { 1268 this = this->rb_right; 1269 continue; 1270 } 1271 e = rb_entry(this, struct size_entry, rb); 1272 if (e->inode) 1273 iput(e->inode); 1274 this = rb_parent(this); 1275 if (this) { 1276 if (this->rb_left == &e->rb) 1277 this->rb_left = NULL; 1278 else 1279 this->rb_right = NULL; 1280 } 1281 kfree(e); 1282 } 1283 c->size_tree = RB_ROOT; 1284 } 1285 1286 /** 1287 * ubifs_recover_size_accum - accumulate inode sizes for recovery. 1288 * @c: UBIFS file-system description object 1289 * @key: node key 1290 * @deletion: node is for a deletion 1291 * @new_size: inode size 1292 * 1293 * This function has two purposes: 1294 * 1) to ensure there are no data nodes that fall outside the inode size 1295 * 2) to ensure there are no data nodes for inodes that do not exist 1296 * To accomplish those purposes, a rb-tree is constructed containing an entry 1297 * for each inode number in the journal that has not been deleted, and recording 1298 * the size from the inode node, the maximum size of any data node (also altered 1299 * by truncations) and a flag indicating a inode number for which no inode node 1300 * was present in the journal. 1301 * 1302 * Note that there is still the possibility that there are data nodes that have 1303 * been committed that are beyond the inode size, however the only way to find 1304 * them would be to scan the entire index. Alternatively, some provision could 1305 * be made to record the size of inodes at the start of commit, which would seem 1306 * very cumbersome for a scenario that is quite unlikely and the only negative 1307 * consequence of which is wasted space. 1308 * 1309 * This functions returns %0 on success and a negative error code on failure. 1310 */ 1311 int ubifs_recover_size_accum(struct ubifs_info *c, union ubifs_key *key, 1312 int deletion, loff_t new_size) 1313 { 1314 ino_t inum = key_inum(c, key); 1315 struct size_entry *e; 1316 int err; 1317 1318 switch (key_type(c, key)) { 1319 case UBIFS_INO_KEY: 1320 if (deletion) 1321 remove_ino(c, inum); 1322 else { 1323 e = find_ino(c, inum); 1324 if (e) { 1325 e->i_size = new_size; 1326 e->exists = 1; 1327 } else { 1328 err = add_ino(c, inum, new_size, 0, 1); 1329 if (err) 1330 return err; 1331 } 1332 } 1333 break; 1334 case UBIFS_DATA_KEY: 1335 e = find_ino(c, inum); 1336 if (e) { 1337 if (new_size > e->d_size) 1338 e->d_size = new_size; 1339 } else { 1340 err = add_ino(c, inum, 0, new_size, 0); 1341 if (err) 1342 return err; 1343 } 1344 break; 1345 case UBIFS_TRUN_KEY: 1346 e = find_ino(c, inum); 1347 if (e) 1348 e->d_size = new_size; 1349 break; 1350 } 1351 return 0; 1352 } 1353 1354 /** 1355 * fix_size_in_place - fix inode size in place on flash. 1356 * @c: UBIFS file-system description object 1357 * @e: inode size information for recovery 1358 */ 1359 static int fix_size_in_place(struct ubifs_info *c, struct size_entry *e) 1360 { 1361 struct ubifs_ino_node *ino = c->sbuf; 1362 unsigned char *p; 1363 union ubifs_key key; 1364 int err, lnum, offs, len; 1365 loff_t i_size; 1366 uint32_t crc; 1367 1368 /* Locate the inode node LEB number and offset */ 1369 ino_key_init(c, &key, e->inum); 1370 err = ubifs_tnc_locate(c, &key, ino, &lnum, &offs); 1371 if (err) 1372 goto out; 1373 /* 1374 * If the size recorded on the inode node is greater than the size that 1375 * was calculated from nodes in the journal then don't change the inode. 1376 */ 1377 i_size = le64_to_cpu(ino->size); 1378 if (i_size >= e->d_size) 1379 return 0; 1380 /* Read the LEB */ 1381 err = ubi_read(c->ubi, lnum, c->sbuf, 0, c->leb_size); 1382 if (err) 1383 goto out; 1384 /* Change the size field and recalculate the CRC */ 1385 ino = c->sbuf + offs; 1386 ino->size = cpu_to_le64(e->d_size); 1387 len = le32_to_cpu(ino->ch.len); 1388 crc = crc32(UBIFS_CRC32_INIT, (void *)ino + 8, len - 8); 1389 ino->ch.crc = cpu_to_le32(crc); 1390 /* Work out where data in the LEB ends and free space begins */ 1391 p = c->sbuf; 1392 len = c->leb_size - 1; 1393 while (p[len] == 0xff) 1394 len -= 1; 1395 len = ALIGN(len + 1, c->min_io_size); 1396 /* Atomically write the fixed LEB back again */ 1397 err = ubi_leb_change(c->ubi, lnum, c->sbuf, len, UBI_UNKNOWN); 1398 if (err) 1399 goto out; 1400 dbg_rcvry("inode %lu at %d:%d size %lld -> %lld ", 1401 (unsigned long)e->inum, lnum, offs, i_size, e->d_size); 1402 return 0; 1403 1404 out: 1405 ubifs_warn("inode %lu failed to fix size %lld -> %lld error %d", 1406 (unsigned long)e->inum, e->i_size, e->d_size, err); 1407 return err; 1408 } 1409 1410 /** 1411 * ubifs_recover_size - recover inode size. 1412 * @c: UBIFS file-system description object 1413 * 1414 * This function attempts to fix inode size discrepancies identified by the 1415 * 'ubifs_recover_size_accum()' function. 1416 * 1417 * This functions returns %0 on success and a negative error code on failure. 1418 */ 1419 int ubifs_recover_size(struct ubifs_info *c) 1420 { 1421 struct rb_node *this = rb_first(&c->size_tree); 1422 1423 while (this) { 1424 struct size_entry *e; 1425 int err; 1426 1427 e = rb_entry(this, struct size_entry, rb); 1428 if (!e->exists) { 1429 union ubifs_key key; 1430 1431 ino_key_init(c, &key, e->inum); 1432 err = ubifs_tnc_lookup(c, &key, c->sbuf); 1433 if (err && err != -ENOENT) 1434 return err; 1435 if (err == -ENOENT) { 1436 /* Remove data nodes that have no inode */ 1437 dbg_rcvry("removing ino %lu", 1438 (unsigned long)e->inum); 1439 err = ubifs_tnc_remove_ino(c, e->inum); 1440 if (err) 1441 return err; 1442 } else { 1443 struct ubifs_ino_node *ino = c->sbuf; 1444 1445 e->exists = 1; 1446 e->i_size = le64_to_cpu(ino->size); 1447 } 1448 } 1449 if (e->exists && e->i_size < e->d_size) { 1450 if (!e->inode && (c->vfs_sb->s_flags & MS_RDONLY)) { 1451 /* Fix the inode size and pin it in memory */ 1452 struct inode *inode; 1453 1454 inode = ubifs_iget(c->vfs_sb, e->inum); 1455 if (IS_ERR(inode)) 1456 return PTR_ERR(inode); 1457 if (inode->i_size < e->d_size) { 1458 dbg_rcvry("ino %lu size %lld -> %lld", 1459 (unsigned long)e->inum, 1460 e->d_size, inode->i_size); 1461 inode->i_size = e->d_size; 1462 ubifs_inode(inode)->ui_size = e->d_size; 1463 e->inode = inode; 1464 this = rb_next(this); 1465 continue; 1466 } 1467 iput(inode); 1468 } else { 1469 /* Fix the size in place */ 1470 err = fix_size_in_place(c, e); 1471 if (err) 1472 return err; 1473 if (e->inode) 1474 iput(e->inode); 1475 } 1476 } 1477 this = rb_next(this); 1478 rb_erase(&e->rb, &c->size_tree); 1479 kfree(e); 1480 } 1481 return 0; 1482 } 1483