Showing error 1187

User: Jiri Slaby
Error type: Double Unlock
Error type description: Some lock is unlocked twice unintentionally in a sequence
File location: fs/jffs2/readinode.c
Line in file: 1391
Project: Linux Kernel
Project version: 2.6.28
Tools: Stanse (1.2)
Entered: 2012-04-30 10:52:00 UTC

Source: 

   1/*
   2 * JFFS2 -- Journalling Flash File System, Version 2.
   3 *
   4 * Copyright �� 2001-2007 Red Hat, Inc.
   5 *
   6 * Created by David Woodhouse <dwmw2@infradead.org>
   7 *
   8 * For licensing information, see the file 'LICENCE' in this directory.
   9 *
  10 */
  11
  12#include <linux/kernel.h>
  13#include <linux/sched.h>
  14#include <linux/slab.h>
  15#include <linux/fs.h>
  16#include <linux/crc32.h>
  17#include <linux/pagemap.h>
  18#include <linux/mtd/mtd.h>
  19#include <linux/compiler.h>
  20#include "nodelist.h"
  21
  22/*
  23 * Check the data CRC of the node.
  24 *
  25 * Returns: 0 if the data CRC is correct;
  26 *             1 - if incorrect;
  27 *            error code if an error occured.
  28 */
  29static int check_node_data(struct jffs2_sb_info *c, struct jffs2_tmp_dnode_info *tn)
  30{
  31        struct jffs2_raw_node_ref *ref = tn->fn->raw;
  32        int err = 0, pointed = 0;
  33        struct jffs2_eraseblock *jeb;
  34        unsigned char *buffer;
  35        uint32_t crc, ofs, len;
  36        size_t retlen;
  37
  38        BUG_ON(tn->csize == 0);
  39
  40        /* Calculate how many bytes were already checked */
  41        ofs = ref_offset(ref) + sizeof(struct jffs2_raw_inode);
  42        len = tn->csize;
  43
  44        if (jffs2_is_writebuffered(c)) {
  45                int adj = ofs % c->wbuf_pagesize;
  46                if (likely(adj))
  47                        adj = c->wbuf_pagesize - adj;
  48
  49                if (adj >= tn->csize) {
  50                        dbg_readinode("no need to check node at %#08x, data length %u, data starts at %#08x - it has already been checked.\n",
  51                                      ref_offset(ref), tn->csize, ofs);
  52                        goto adj_acc;
  53                }
  54
  55                ofs += adj;
  56                len -= adj;
  57        }
  58
  59        dbg_readinode("check node at %#08x, data length %u, partial CRC %#08x, correct CRC %#08x, data starts at %#08x, start checking from %#08x - %u bytes.\n",
  60                ref_offset(ref), tn->csize, tn->partial_crc, tn->data_crc, ofs - len, ofs, len);
  61
  62#ifndef __ECOS
  63        /* TODO: instead, incapsulate point() stuff to jffs2_flash_read(),
  64         * adding and jffs2_flash_read_end() interface. */
  65        if (c->mtd->point) {
  66                err = c->mtd->point(c->mtd, ofs, len, &retlen,
  67                                    (void **)&buffer, NULL);
  68                if (!err && retlen < len) {
  69                        JFFS2_WARNING("MTD point returned len too short: %zu instead of %u.\n", retlen, tn->csize);
  70                        c->mtd->unpoint(c->mtd, ofs, retlen);
  71                } else if (err)
  72                        JFFS2_WARNING("MTD point failed: error code %d.\n", err);
  73                else
  74                        pointed = 1; /* succefully pointed to device */
  75        }
  76#endif
  77
  78        if (!pointed) {
  79                buffer = kmalloc(len, GFP_KERNEL);
  80                if (unlikely(!buffer))
  81                        return -ENOMEM;
  82
  83                /* TODO: this is very frequent pattern, make it a separate
  84                 * routine */
  85                err = jffs2_flash_read(c, ofs, len, &retlen, buffer);
  86                if (err) {
  87                        JFFS2_ERROR("can not read %d bytes from 0x%08x, error code: %d.\n", len, ofs, err);
  88                        goto free_out;
  89                }
  90
  91                if (retlen != len) {
  92                        JFFS2_ERROR("short read at %#08x: %zd instead of %d.\n", ofs, retlen, len);
  93                        err = -EIO;
  94                        goto free_out;
  95                }
  96        }
  97
  98        /* Continue calculating CRC */
  99        crc = crc32(tn->partial_crc, buffer, len);
 100        if(!pointed)
 101                kfree(buffer);
 102#ifndef __ECOS
 103        else
 104                c->mtd->unpoint(c->mtd, ofs, len);
 105#endif
 106
 107        if (crc != tn->data_crc) {
 108                JFFS2_NOTICE("wrong data CRC in data node at 0x%08x: read %#08x, calculated %#08x.\n",
 109                             ref_offset(ref), tn->data_crc, crc);
 110                return 1;
 111        }
 112
 113adj_acc:
 114        jeb = &c->blocks[ref->flash_offset / c->sector_size];
 115        len = ref_totlen(c, jeb, ref);
 116        /* If it should be REF_NORMAL, it'll get marked as such when
 117           we build the fragtree, shortly. No need to worry about GC
 118           moving it while it's marked REF_PRISTINE -- GC won't happen
 119           till we've finished checking every inode anyway. */
 120        ref->flash_offset |= REF_PRISTINE;
 121        /*
 122         * Mark the node as having been checked and fix the
 123         * accounting accordingly.
 124         */
 125        spin_lock(&c->erase_completion_lock);
 126        jeb->used_size += len;
 127        jeb->unchecked_size -= len;
 128        c->used_size += len;
 129        c->unchecked_size -= len;
 130        jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
 131        spin_unlock(&c->erase_completion_lock);
 132
 133        return 0;
 134
 135free_out:
 136        if(!pointed)
 137                kfree(buffer);
 138#ifndef __ECOS
 139        else
 140                c->mtd->unpoint(c->mtd, ofs, len);
 141#endif
 142        return err;
 143}
 144
 145/*
 146 * Helper function for jffs2_add_older_frag_to_fragtree().
 147 *
 148 * Checks the node if we are in the checking stage.
 149 */
 150static int check_tn_node(struct jffs2_sb_info *c, struct jffs2_tmp_dnode_info *tn)
 151{
 152        int ret;
 153
 154        BUG_ON(ref_obsolete(tn->fn->raw));
 155
 156        /* We only check the data CRC of unchecked nodes */
 157        if (ref_flags(tn->fn->raw) != REF_UNCHECKED)
 158                return 0;
 159
 160        dbg_readinode("check node %#04x-%#04x, phys offs %#08x\n",
 161                      tn->fn->ofs, tn->fn->ofs + tn->fn->size, ref_offset(tn->fn->raw));
 162
 163        ret = check_node_data(c, tn);
 164        if (unlikely(ret < 0)) {
 165                JFFS2_ERROR("check_node_data() returned error: %d.\n",
 166                        ret);
 167        } else if (unlikely(ret > 0)) {
 168                dbg_readinode("CRC error, mark it obsolete.\n");
 169                jffs2_mark_node_obsolete(c, tn->fn->raw);
 170        }
 171
 172        return ret;
 173}
 174
 175static struct jffs2_tmp_dnode_info *jffs2_lookup_tn(struct rb_root *tn_root, uint32_t offset)
 176{
 177        struct rb_node *next;
 178        struct jffs2_tmp_dnode_info *tn = NULL;
 179
 180        dbg_readinode("root %p, offset %d\n", tn_root, offset);
 181
 182        next = tn_root->rb_node;
 183
 184        while (next) {
 185                tn = rb_entry(next, struct jffs2_tmp_dnode_info, rb);
 186
 187                if (tn->fn->ofs < offset)
 188                        next = tn->rb.rb_right;
 189                else if (tn->fn->ofs >= offset)
 190                        next = tn->rb.rb_left;
 191                else
 192                        break;
 193        }
 194
 195        return tn;
 196}
 197
 198
 199static void jffs2_kill_tn(struct jffs2_sb_info *c, struct jffs2_tmp_dnode_info *tn)
 200{
 201        jffs2_mark_node_obsolete(c, tn->fn->raw);
 202        jffs2_free_full_dnode(tn->fn);
 203        jffs2_free_tmp_dnode_info(tn);
 204}
 205/*
 206 * This function is used when we read an inode. Data nodes arrive in
 207 * arbitrary order -- they may be older or newer than the nodes which
 208 * are already in the tree. Where overlaps occur, the older node can
 209 * be discarded as long as the newer passes the CRC check. We don't
 210 * bother to keep track of holes in this rbtree, and neither do we deal
 211 * with frags -- we can have multiple entries starting at the same
 212 * offset, and the one with the smallest length will come first in the
 213 * ordering.
 214 *
 215 * Returns 0 if the node was handled (including marking it obsolete)
 216 *         < 0 an if error occurred
 217 */
 218static int jffs2_add_tn_to_tree(struct jffs2_sb_info *c,
 219                                struct jffs2_readinode_info *rii,
 220                                struct jffs2_tmp_dnode_info *tn)
 221{
 222        uint32_t fn_end = tn->fn->ofs + tn->fn->size;
 223        struct jffs2_tmp_dnode_info *this;
 224
 225        dbg_readinode("insert fragment %#04x-%#04x, ver %u at %08x\n", tn->fn->ofs, fn_end, tn->version, ref_offset(tn->fn->raw));
 226
 227        /* If a node has zero dsize, we only have to keep if it if it might be the
 228           node with highest version -- i.e. the one which will end up as f->metadata.
 229           Note that such nodes won't be REF_UNCHECKED since there are no data to
 230           check anyway. */
 231        if (!tn->fn->size) {
 232                if (rii->mdata_tn) {
 233                        if (rii->mdata_tn->version < tn->version) {
 234                                /* We had a candidate mdata node already */
 235                                dbg_readinode("kill old mdata with ver %d\n", rii->mdata_tn->version);
 236                                jffs2_kill_tn(c, rii->mdata_tn);
 237                        } else {
 238                                dbg_readinode("kill new mdata with ver %d (older than existing %d\n",
 239                                              tn->version, rii->mdata_tn->version);
 240                                jffs2_kill_tn(c, tn);
 241                                return 0;
 242                        }
 243                }
 244                rii->mdata_tn = tn;
 245                dbg_readinode("keep new mdata with ver %d\n", tn->version);
 246                return 0;
 247        }
 248
 249        /* Find the earliest node which _may_ be relevant to this one */
 250        this = jffs2_lookup_tn(&rii->tn_root, tn->fn->ofs);
 251        if (this) {
 252                /* If the node is coincident with another at a lower address,
 253                   back up until the other node is found. It may be relevant */
 254                while (this->overlapped)
 255                        this = tn_prev(this);
 256
 257                /* First node should never be marked overlapped */
 258                BUG_ON(!this);
 259                dbg_readinode("'this' found %#04x-%#04x (%s)\n", this->fn->ofs, this->fn->ofs + this->fn->size, this->fn ? "data" : "hole");
 260        }
 261
 262        while (this) {
 263                if (this->fn->ofs > fn_end)
 264                        break;
 265                dbg_readinode("Ponder this ver %d, 0x%x-0x%x\n",
 266                              this->version, this->fn->ofs, this->fn->size);
 267
 268                if (this->version == tn->version) {
 269                        /* Version number collision means REF_PRISTINE GC. Accept either of them
 270                           as long as the CRC is correct. Check the one we have already...  */
 271                        if (!check_tn_node(c, this)) {
 272                                /* The one we already had was OK. Keep it and throw away the new one */
 273                                dbg_readinode("Like old node. Throw away new\n");
 274                                jffs2_kill_tn(c, tn);
 275                                return 0;
 276                        } else {
 277                                /* Who cares if the new one is good; keep it for now anyway. */
 278                                dbg_readinode("Like new node. Throw away old\n");
 279                                rb_replace_node(&this->rb, &tn->rb, &rii->tn_root);
 280                                jffs2_kill_tn(c, this);
 281                                /* Same overlapping from in front and behind */
 282                                return 0;
 283                        }
 284                }
 285                if (this->version < tn->version &&
 286                    this->fn->ofs >= tn->fn->ofs &&
 287                    this->fn->ofs + this->fn->size <= fn_end) {
 288                        /* New node entirely overlaps 'this' */
 289                        if (check_tn_node(c, tn)) {
 290                                dbg_readinode("new node bad CRC\n");
 291                                jffs2_kill_tn(c, tn);
 292                                return 0;
 293                        }
 294                        /* ... and is good. Kill 'this' and any subsequent nodes which are also overlapped */
 295                        while (this && this->fn->ofs + this->fn->size <= fn_end) {
 296                                struct jffs2_tmp_dnode_info *next = tn_next(this);
 297                                if (this->version < tn->version) {
 298                                        tn_erase(this, &rii->tn_root);
 299                                        dbg_readinode("Kill overlapped ver %d, 0x%x-0x%x\n",
 300                                                      this->version, this->fn->ofs,
 301                                                      this->fn->ofs+this->fn->size);
 302                                        jffs2_kill_tn(c, this);
 303                                }
 304                                this = next;
 305                        }
 306                        dbg_readinode("Done killing overlapped nodes\n");
 307                        continue;
 308                }
 309                if (this->version > tn->version &&
 310                    this->fn->ofs <= tn->fn->ofs &&
 311                    this->fn->ofs+this->fn->size >= fn_end) {
 312                        /* New node entirely overlapped by 'this' */
 313                        if (!check_tn_node(c, this)) {
 314                                dbg_readinode("Good CRC on old node. Kill new\n");
 315                                jffs2_kill_tn(c, tn);
 316                                return 0;
 317                        }
 318                        /* ... but 'this' was bad. Replace it... */
 319                        dbg_readinode("Bad CRC on old overlapping node. Kill it\n");
 320                        tn_erase(this, &rii->tn_root);
 321                        jffs2_kill_tn(c, this);
 322                        break;
 323                }
 324
 325                this = tn_next(this);
 326        }
 327
 328        /* We neither completely obsoleted nor were completely
 329           obsoleted by an earlier node. Insert into the tree */
 330        {
 331                struct rb_node *parent;
 332                struct rb_node **link = &rii->tn_root.rb_node;
 333                struct jffs2_tmp_dnode_info *insert_point = NULL;
 334
 335                while (*link) {
 336                        parent = *link;
 337                        insert_point = rb_entry(parent, struct jffs2_tmp_dnode_info, rb);
 338                        if (tn->fn->ofs > insert_point->fn->ofs)
 339                                link = &insert_point->rb.rb_right;
 340                        else if (tn->fn->ofs < insert_point->fn->ofs ||
 341                                 tn->fn->size < insert_point->fn->size)
 342                                link = &insert_point->rb.rb_left;
 343                        else
 344                                link = &insert_point->rb.rb_right;
 345                }
 346                rb_link_node(&tn->rb, &insert_point->rb, link);
 347                rb_insert_color(&tn->rb, &rii->tn_root);
 348        }
 349
 350        /* If there's anything behind that overlaps us, note it */
 351        this = tn_prev(tn);
 352        if (this) {
 353                while (1) {
 354                        if (this->fn->ofs + this->fn->size > tn->fn->ofs) {
 355                                dbg_readinode("Node is overlapped by %p (v %d, 0x%x-0x%x)\n",
 356                                              this, this->version, this->fn->ofs,
 357                                              this->fn->ofs+this->fn->size);
 358                                tn->overlapped = 1;
 359                                break;
 360                        }
 361                        if (!this->overlapped)
 362                                break;
 363                        this = tn_prev(this);
 364                }
 365        }
 366
 367        /* If the new node overlaps anything ahead, note it */
 368        this = tn_next(tn);
 369        while (this && this->fn->ofs < fn_end) {
 370                this->overlapped = 1;
 371                dbg_readinode("Node ver %d, 0x%x-0x%x is overlapped\n",
 372                              this->version, this->fn->ofs,
 373                              this->fn->ofs+this->fn->size);
 374                this = tn_next(this);
 375        }
 376        return 0;
 377}
 378
 379/* Trivial function to remove the last node in the tree. Which by definition
 380   has no right-hand -- so can be removed just by making its only child (if
 381   any) take its place under its parent. */
 382static void eat_last(struct rb_root *root, struct rb_node *node)
 383{
 384        struct rb_node *parent = rb_parent(node);
 385        struct rb_node **link;
 386
 387        /* LAST! */
 388        BUG_ON(node->rb_right);
 389
 390        if (!parent)
 391                link = &root->rb_node;
 392        else if (node == parent->rb_left)
 393                link = &parent->rb_left;
 394        else
 395                link = &parent->rb_right;
 396
 397        *link = node->rb_left;
 398        /* Colour doesn't matter now. Only the parent pointer. */
 399        if (node->rb_left)
 400                node->rb_left->rb_parent_color = node->rb_parent_color;
 401}
 402
 403/* We put this in reverse order, so we can just use eat_last */
 404static void ver_insert(struct rb_root *ver_root, struct jffs2_tmp_dnode_info *tn)
 405{
 406        struct rb_node **link = &ver_root->rb_node;
 407        struct rb_node *parent = NULL;
 408        struct jffs2_tmp_dnode_info *this_tn;
 409
 410        while (*link) {
 411                parent = *link;
 412                this_tn = rb_entry(parent, struct jffs2_tmp_dnode_info, rb);
 413
 414                if (tn->version > this_tn->version)
 415                        link = &parent->rb_left;
 416                else
 417                        link = &parent->rb_right;
 418        }
 419        dbg_readinode("Link new node at %p (root is %p)\n", link, ver_root);
 420        rb_link_node(&tn->rb, parent, link);
 421        rb_insert_color(&tn->rb, ver_root);
 422}
 423
 424/* Build final, normal fragtree from tn tree. It doesn't matter which order
 425   we add nodes to the real fragtree, as long as they don't overlap. And
 426   having thrown away the majority of overlapped nodes as we went, there
 427   really shouldn't be many sets of nodes which do overlap. If we start at
 428   the end, we can use the overlap markers -- we can just eat nodes which
 429   aren't overlapped, and when we encounter nodes which _do_ overlap we
 430   sort them all into a temporary tree in version order before replaying them. */
 431static int jffs2_build_inode_fragtree(struct jffs2_sb_info *c,
 432                                      struct jffs2_inode_info *f,
 433                                      struct jffs2_readinode_info *rii)
 434{
 435        struct jffs2_tmp_dnode_info *pen, *last, *this;
 436        struct rb_root ver_root = RB_ROOT;
 437        uint32_t high_ver = 0;
 438
 439        if (rii->mdata_tn) {
 440                dbg_readinode("potential mdata is ver %d at %p\n", rii->mdata_tn->version, rii->mdata_tn);
 441                high_ver = rii->mdata_tn->version;
 442                rii->latest_ref = rii->mdata_tn->fn->raw;
 443        }
 444#ifdef JFFS2_DBG_READINODE_MESSAGES
 445        this = tn_last(&rii->tn_root);
 446        while (this) {
 447                dbg_readinode("tn %p ver %d range 0x%x-0x%x ov %d\n", this, this->version, this->fn->ofs,
 448                              this->fn->ofs+this->fn->size, this->overlapped);
 449                this = tn_prev(this);
 450        }
 451#endif
 452        pen = tn_last(&rii->tn_root);
 453        while ((last = pen)) {
 454                pen = tn_prev(last);
 455
 456                eat_last(&rii->tn_root, &last->rb);
 457                ver_insert(&ver_root, last);
 458
 459                if (unlikely(last->overlapped))
 460                        continue;
 461
 462                /* Now we have a bunch of nodes in reverse version
 463                   order, in the tree at ver_root. Most of the time,
 464                   there'll actually be only one node in the 'tree',
 465                   in fact. */
 466                this = tn_last(&ver_root);
 467
 468                while (this) {
 469                        struct jffs2_tmp_dnode_info *vers_next;
 470                        int ret;
 471                        vers_next = tn_prev(this);
 472                        eat_last(&ver_root, &this->rb);
 473                        if (check_tn_node(c, this)) {
 474                                dbg_readinode("node ver %d, 0x%x-0x%x failed CRC\n",
 475                                             this->version, this->fn->ofs,
 476                                             this->fn->ofs+this->fn->size);
 477                                jffs2_kill_tn(c, this);
 478                        } else {
 479                                if (this->version > high_ver) {
 480                                        /* Note that this is different from the other
 481                                           highest_version, because this one is only
 482                                           counting _valid_ nodes which could give the
 483                                           latest inode metadata */
 484                                        high_ver = this->version;
 485                                        rii->latest_ref = this->fn->raw;
 486                                }
 487                                dbg_readinode("Add %p (v %d, 0x%x-0x%x, ov %d) to fragtree\n",
 488                                             this, this->version, this->fn->ofs,
 489                                             this->fn->ofs+this->fn->size, this->overlapped);
 490
 491                                ret = jffs2_add_full_dnode_to_inode(c, f, this->fn);
 492                                if (ret) {
 493                                        /* Free the nodes in vers_root; let the caller
 494                                           deal with the rest */
 495                                        JFFS2_ERROR("Add node to tree failed %d\n", ret);
 496                                        while (1) {
 497                                                vers_next = tn_prev(this);
 498                                                if (check_tn_node(c, this))
 499                                                        jffs2_mark_node_obsolete(c, this->fn->raw);
 500                                                jffs2_free_full_dnode(this->fn);
 501                                                jffs2_free_tmp_dnode_info(this);
 502                                                this = vers_next;
 503                                                if (!this)
 504                                                        break;
 505                                                eat_last(&ver_root, &vers_next->rb);
 506                                        }
 507                                        return ret;
 508                                }
 509                                jffs2_free_tmp_dnode_info(this);
 510                        }
 511                        this = vers_next;
 512                }
 513        }
 514        return 0;
 515}
 516
 517static void jffs2_free_tmp_dnode_info_list(struct rb_root *list)
 518{
 519        struct rb_node *this;
 520        struct jffs2_tmp_dnode_info *tn;
 521
 522        this = list->rb_node;
 523
 524        /* Now at bottom of tree */
 525        while (this) {
 526                if (this->rb_left)
 527                        this = this->rb_left;
 528                else if (this->rb_right)
 529                        this = this->rb_right;
 530                else {
 531                        tn = rb_entry(this, struct jffs2_tmp_dnode_info, rb);
 532                        jffs2_free_full_dnode(tn->fn);
 533                        jffs2_free_tmp_dnode_info(tn);
 534
 535                        this = rb_parent(this);
 536                        if (!this)
 537                                break;
 538
 539                        if (this->rb_left == &tn->rb)
 540                                this->rb_left = NULL;
 541                        else if (this->rb_right == &tn->rb)
 542                                this->rb_right = NULL;
 543                        else BUG();
 544                }
 545        }
 546        list->rb_node = NULL;
 547}
 548
 549static void jffs2_free_full_dirent_list(struct jffs2_full_dirent *fd)
 550{
 551        struct jffs2_full_dirent *next;
 552
 553        while (fd) {
 554                next = fd->next;
 555                jffs2_free_full_dirent(fd);
 556                fd = next;
 557        }
 558}
 559
 560/* Returns first valid node after 'ref'. May return 'ref' */
 561static struct jffs2_raw_node_ref *jffs2_first_valid_node(struct jffs2_raw_node_ref *ref)
 562{
 563        while (ref && ref->next_in_ino) {
 564                if (!ref_obsolete(ref))
 565                        return ref;
 566                dbg_noderef("node at 0x%08x is obsoleted. Ignoring.\n", ref_offset(ref));
 567                ref = ref->next_in_ino;
 568        }
 569        return NULL;
 570}
 571
 572/*
 573 * Helper function for jffs2_get_inode_nodes().
 574 * It is called every time an directory entry node is found.
 575 *
 576 * Returns: 0 on success;
 577 *             negative error code on failure.
 578 */
 579static inline int read_direntry(struct jffs2_sb_info *c, struct jffs2_raw_node_ref *ref,
 580                                struct jffs2_raw_dirent *rd, size_t read,
 581                                struct jffs2_readinode_info *rii)
 582{
 583        struct jffs2_full_dirent *fd;
 584        uint32_t crc;
 585
 586        /* Obsoleted. This cannot happen, surely? dwmw2 20020308 */
 587        BUG_ON(ref_obsolete(ref));
 588
 589        crc = crc32(0, rd, sizeof(*rd) - 8);
 590        if (unlikely(crc != je32_to_cpu(rd->node_crc))) {
 591                JFFS2_NOTICE("header CRC failed on dirent node at %#08x: read %#08x, calculated %#08x\n",
 592                             ref_offset(ref), je32_to_cpu(rd->node_crc), crc);
 593                jffs2_mark_node_obsolete(c, ref);
 594                return 0;
 595        }
 596
 597        /* If we've never checked the CRCs on this node, check them now */
 598        if (ref_flags(ref) == REF_UNCHECKED) {
 599                struct jffs2_eraseblock *jeb;
 600                int len;
 601
 602                /* Sanity check */
 603                if (unlikely(PAD((rd->nsize + sizeof(*rd))) != PAD(je32_to_cpu(rd->totlen)))) {
 604                        JFFS2_ERROR("illegal nsize in node at %#08x: nsize %#02x, totlen %#04x\n",
 605                                    ref_offset(ref), rd->nsize, je32_to_cpu(rd->totlen));
 606                        jffs2_mark_node_obsolete(c, ref);
 607                        return 0;
 608                }
 609
 610                jeb = &c->blocks[ref->flash_offset / c->sector_size];
 611                len = ref_totlen(c, jeb, ref);
 612
 613                spin_lock(&c->erase_completion_lock);
 614                jeb->used_size += len;
 615                jeb->unchecked_size -= len;
 616                c->used_size += len;
 617                c->unchecked_size -= len;
 618                ref->flash_offset = ref_offset(ref) | dirent_node_state(rd);
 619                spin_unlock(&c->erase_completion_lock);
 620        }
 621
 622        fd = jffs2_alloc_full_dirent(rd->nsize + 1);
 623        if (unlikely(!fd))
 624                return -ENOMEM;
 625
 626        fd->raw = ref;
 627        fd->version = je32_to_cpu(rd->version);
 628        fd->ino = je32_to_cpu(rd->ino);
 629        fd->type = rd->type;
 630
 631        if (fd->version > rii->highest_version)
 632                rii->highest_version = fd->version;
 633
 634        /* Pick out the mctime of the latest dirent */
 635        if(fd->version > rii->mctime_ver && je32_to_cpu(rd->mctime)) {
 636                rii->mctime_ver = fd->version;
 637                rii->latest_mctime = je32_to_cpu(rd->mctime);
 638        }
 639
 640        /*
 641         * Copy as much of the name as possible from the raw
 642         * dirent we've already read from the flash.
 643         */
 644        if (read > sizeof(*rd))
 645                memcpy(&fd->name[0], &rd->name[0],
 646                       min_t(uint32_t, rd->nsize, (read - sizeof(*rd)) ));
 647
 648        /* Do we need to copy any more of the name directly from the flash? */
 649        if (rd->nsize + sizeof(*rd) > read) {
 650                /* FIXME: point() */
 651                int err;
 652                int already = read - sizeof(*rd);
 653
 654                err = jffs2_flash_read(c, (ref_offset(ref)) + read,
 655                                rd->nsize - already, &read, &fd->name[already]);
 656                if (unlikely(read != rd->nsize - already) && likely(!err))
 657                        return -EIO;
 658
 659                if (unlikely(err)) {
 660                        JFFS2_ERROR("read remainder of name: error %d\n", err);
 661                        jffs2_free_full_dirent(fd);
 662                        return -EIO;
 663                }
 664        }
 665
 666        fd->nhash = full_name_hash(fd->name, rd->nsize);
 667        fd->next = NULL;
 668        fd->name[rd->nsize] = '\0';
 669
 670        /*
 671         * Wheee. We now have a complete jffs2_full_dirent structure, with
 672         * the name in it and everything. Link it into the list
 673         */
 674        jffs2_add_fd_to_list(c, fd, &rii->fds);
 675
 676        return 0;
 677}
 678
 679/*
 680 * Helper function for jffs2_get_inode_nodes().
 681 * It is called every time an inode node is found.
 682 *
 683 * Returns: 0 on success (possibly after marking a bad node obsolete);
 684 *             negative error code on failure.
 685 */
 686static inline int read_dnode(struct jffs2_sb_info *c, struct jffs2_raw_node_ref *ref,
 687                             struct jffs2_raw_inode *rd, int rdlen,
 688                             struct jffs2_readinode_info *rii)
 689{
 690        struct jffs2_tmp_dnode_info *tn;
 691        uint32_t len, csize;
 692        int ret = 0;
 693        uint32_t crc;
 694
 695        /* Obsoleted. This cannot happen, surely? dwmw2 20020308 */
 696        BUG_ON(ref_obsolete(ref));
 697
 698        crc = crc32(0, rd, sizeof(*rd) - 8);
 699        if (unlikely(crc != je32_to_cpu(rd->node_crc))) {
 700                JFFS2_NOTICE("node CRC failed on dnode at %#08x: read %#08x, calculated %#08x\n",
 701                             ref_offset(ref), je32_to_cpu(rd->node_crc), crc);
 702                jffs2_mark_node_obsolete(c, ref);
 703                return 0;
 704        }
 705
 706        tn = jffs2_alloc_tmp_dnode_info();
 707        if (!tn) {
 708                JFFS2_ERROR("failed to allocate tn (%zu bytes).\n", sizeof(*tn));
 709                return -ENOMEM;
 710        }
 711
 712        tn->partial_crc = 0;
 713        csize = je32_to_cpu(rd->csize);
 714
 715        /* If we've never checked the CRCs on this node, check them now */
 716        if (ref_flags(ref) == REF_UNCHECKED) {
 717
 718                /* Sanity checks */
 719                if (unlikely(je32_to_cpu(rd->offset) > je32_to_cpu(rd->isize)) ||
 720                    unlikely(PAD(je32_to_cpu(rd->csize) + sizeof(*rd)) != PAD(je32_to_cpu(rd->totlen)))) {
 721                        JFFS2_WARNING("inode node header CRC is corrupted at %#08x\n", ref_offset(ref));
 722                        jffs2_dbg_dump_node(c, ref_offset(ref));
 723                        jffs2_mark_node_obsolete(c, ref);
 724                        goto free_out;
 725                }
 726
 727                if (jffs2_is_writebuffered(c) && csize != 0) {
 728                        /* At this point we are supposed to check the data CRC
 729                         * of our unchecked node. But thus far, we do not
 730                         * know whether the node is valid or obsolete. To
 731                         * figure this out, we need to walk all the nodes of
 732                         * the inode and build the inode fragtree. We don't
 733                         * want to spend time checking data of nodes which may
 734                         * later be found to be obsolete. So we put off the full
 735                         * data CRC checking until we have read all the inode
 736                         * nodes and have started building the fragtree.
 737                         *
 738                         * The fragtree is being built starting with nodes
 739                         * having the highest version number, so we'll be able
 740                         * to detect whether a node is valid (i.e., it is not
 741                         * overlapped by a node with higher version) or not.
 742                         * And we'll be able to check only those nodes, which
 743                         * are not obsolete.
 744                         *
 745                         * Of course, this optimization only makes sense in case
 746                         * of NAND flashes (or other flashes with
 747                         * !jffs2_can_mark_obsolete()), since on NOR flashes
 748                         * nodes are marked obsolete physically.
 749                         *
 750                         * Since NAND flashes (or other flashes with
 751                         * jffs2_is_writebuffered(c)) are anyway read by
 752                         * fractions of c->wbuf_pagesize, and we have just read
 753                         * the node header, it is likely that the starting part
 754                         * of the node data is also read when we read the
 755                         * header. So we don't mind to check the CRC of the
 756                         * starting part of the data of the node now, and check
 757                         * the second part later (in jffs2_check_node_data()).
 758                         * Of course, we will not need to re-read and re-check
 759                         * the NAND page which we have just read. This is why we
 760                         * read the whole NAND page at jffs2_get_inode_nodes(),
 761                         * while we needed only the node header.
 762                         */
 763                        unsigned char *buf;
 764
 765                        /* 'buf' will point to the start of data */
 766                        buf = (unsigned char *)rd + sizeof(*rd);
 767                        /* len will be the read data length */
 768                        len = min_t(uint32_t, rdlen - sizeof(*rd), csize);
 769                        tn->partial_crc = crc32(0, buf, len);
 770
 771                        dbg_readinode("Calculates CRC (%#08x) for %d bytes, csize %d\n", tn->partial_crc, len, csize);
 772
 773                        /* If we actually calculated the whole data CRC
 774                         * and it is wrong, drop the node. */
 775                        if (len >= csize && unlikely(tn->partial_crc != je32_to_cpu(rd->data_crc))) {
 776                                JFFS2_NOTICE("wrong data CRC in data node at 0x%08x: read %#08x, calculated %#08x.\n",
 777                                        ref_offset(ref), tn->partial_crc, je32_to_cpu(rd->data_crc));
 778                                jffs2_mark_node_obsolete(c, ref);
 779                                goto free_out;
 780                        }
 781
 782                } else if (csize == 0) {
 783                        /*
 784                         * We checked the header CRC. If the node has no data, adjust
 785                         * the space accounting now. For other nodes this will be done
 786                         * later either when the node is marked obsolete or when its
 787                         * data is checked.
 788                         */
 789                        struct jffs2_eraseblock *jeb;
 790
 791                        dbg_readinode("the node has no data.\n");
 792                        jeb = &c->blocks[ref->flash_offset / c->sector_size];
 793                        len = ref_totlen(c, jeb, ref);
 794
 795                        spin_lock(&c->erase_completion_lock);
 796                        jeb->used_size += len;
 797                        jeb->unchecked_size -= len;
 798                        c->used_size += len;
 799                        c->unchecked_size -= len;
 800                        ref->flash_offset = ref_offset(ref) | REF_NORMAL;
 801                        spin_unlock(&c->erase_completion_lock);
 802                }
 803        }
 804
 805        tn->fn = jffs2_alloc_full_dnode();
 806        if (!tn->fn) {
 807                JFFS2_ERROR("alloc fn failed\n");
 808                ret = -ENOMEM;
 809                goto free_out;
 810        }
 811
 812        tn->version = je32_to_cpu(rd->version);
 813        tn->fn->ofs = je32_to_cpu(rd->offset);
 814        tn->data_crc = je32_to_cpu(rd->data_crc);
 815        tn->csize = csize;
 816        tn->fn->raw = ref;
 817        tn->overlapped = 0;
 818
 819        if (tn->version > rii->highest_version)
 820                rii->highest_version = tn->version;
 821
 822        /* There was a bug where we wrote hole nodes out with
 823           csize/dsize swapped. Deal with it */
 824        if (rd->compr == JFFS2_COMPR_ZERO && !je32_to_cpu(rd->dsize) && csize)
 825                tn->fn->size = csize;
 826        else // normal case...
 827                tn->fn->size = je32_to_cpu(rd->dsize);
 828
 829        dbg_readinode2("dnode @%08x: ver %u, offset %#04x, dsize %#04x, csize %#04x\n",
 830                       ref_offset(ref), je32_to_cpu(rd->version),
 831                       je32_to_cpu(rd->offset), je32_to_cpu(rd->dsize), csize);
 832
 833        ret = jffs2_add_tn_to_tree(c, rii, tn);
 834
 835        if (ret) {
 836                jffs2_free_full_dnode(tn->fn);
 837        free_out:
 838                jffs2_free_tmp_dnode_info(tn);
 839                return ret;
 840        }
 841#ifdef JFFS2_DBG_READINODE2_MESSAGES
 842        dbg_readinode2("After adding ver %d:\n", je32_to_cpu(rd->version));
 843        tn = tn_first(&rii->tn_root);
 844        while (tn) {
 845                dbg_readinode2("%p: v %d r 0x%x-0x%x ov %d\n",
 846                               tn, tn->version, tn->fn->ofs,
 847                               tn->fn->ofs+tn->fn->size, tn->overlapped);
 848                tn = tn_next(tn);
 849        }
 850#endif
 851        return 0;
 852}
 853
 854/*
 855 * Helper function for jffs2_get_inode_nodes().
 856 * It is called every time an unknown node is found.
 857 *
 858 * Returns: 0 on success;
 859 *             negative error code on failure.
 860 */
 861static inline int read_unknown(struct jffs2_sb_info *c, struct jffs2_raw_node_ref *ref, struct jffs2_unknown_node *un)
 862{
 863        /* We don't mark unknown nodes as REF_UNCHECKED */
 864        if (ref_flags(ref) == REF_UNCHECKED) {
 865                JFFS2_ERROR("REF_UNCHECKED but unknown node at %#08x\n",
 866                            ref_offset(ref));
 867                JFFS2_ERROR("Node is {%04x,%04x,%08x,%08x}. Please report this error.\n",
 868                            je16_to_cpu(un->magic), je16_to_cpu(un->nodetype),
 869                            je32_to_cpu(un->totlen), je32_to_cpu(un->hdr_crc));
 870                jffs2_mark_node_obsolete(c, ref);
 871                return 0;
 872        }
 873
 874        un->nodetype = cpu_to_je16(JFFS2_NODE_ACCURATE | je16_to_cpu(un->nodetype));
 875
 876        switch(je16_to_cpu(un->nodetype) & JFFS2_COMPAT_MASK) {
 877
 878        case JFFS2_FEATURE_INCOMPAT:
 879                JFFS2_ERROR("unknown INCOMPAT nodetype %#04X at %#08x\n",
 880                            je16_to_cpu(un->nodetype), ref_offset(ref));
 881                /* EEP */
 882                BUG();
 883                break;
 884
 885        case JFFS2_FEATURE_ROCOMPAT:
 886                JFFS2_ERROR("unknown ROCOMPAT nodetype %#04X at %#08x\n",
 887                            je16_to_cpu(un->nodetype), ref_offset(ref));
 888                BUG_ON(!(c->flags & JFFS2_SB_FLAG_RO));
 889                break;
 890
 891        case JFFS2_FEATURE_RWCOMPAT_COPY:
 892                JFFS2_NOTICE("unknown RWCOMPAT_COPY nodetype %#04X at %#08x\n",
 893                             je16_to_cpu(un->nodetype), ref_offset(ref));
 894                break;
 895
 896        case JFFS2_FEATURE_RWCOMPAT_DELETE:
 897                JFFS2_NOTICE("unknown RWCOMPAT_DELETE nodetype %#04X at %#08x\n",
 898                             je16_to_cpu(un->nodetype), ref_offset(ref));
 899                jffs2_mark_node_obsolete(c, ref);
 900                return 0;
 901        }
 902
 903        return 0;
 904}
 905
 906/*
 907 * Helper function for jffs2_get_inode_nodes().
 908 * The function detects whether more data should be read and reads it if yes.
 909 *
 910 * Returns: 0 on succes;
 911 *             negative error code on failure.
 912 */
 913static int read_more(struct jffs2_sb_info *c, struct jffs2_raw_node_ref *ref,
 914                     int needed_len, int *rdlen, unsigned char *buf)
 915{
 916        int err, to_read = needed_len - *rdlen;
 917        size_t retlen;
 918        uint32_t offs;
 919
 920        if (jffs2_is_writebuffered(c)) {
 921                int rem = to_read % c->wbuf_pagesize;
 922
 923                if (rem)
 924                        to_read += c->wbuf_pagesize - rem;
 925        }
 926
 927        /* We need to read more data */
 928        offs = ref_offset(ref) + *rdlen;
 929
 930        dbg_readinode("read more %d bytes\n", to_read);
 931
 932        err = jffs2_flash_read(c, offs, to_read, &retlen, buf + *rdlen);
 933        if (err) {
 934                JFFS2_ERROR("can not read %d bytes from 0x%08x, "
 935                        "error code: %d.\n", to_read, offs, err);
 936                return err;
 937        }
 938
 939        if (retlen < to_read) {
 940                JFFS2_ERROR("short read at %#08x: %zu instead of %d.\n",
 941                                offs, retlen, to_read);
 942                return -EIO;
 943        }
 944
 945        *rdlen += to_read;
 946        return 0;
 947}
 948
 949/* Get tmp_dnode_info and full_dirent for all non-obsolete nodes associated
 950   with this ino. Perform a preliminary ordering on data nodes, throwing away
 951   those which are completely obsoleted by newer ones. The na��ve approach we
 952   use to take of just returning them _all_ in version order will cause us to
 953   run out of memory in certain degenerate cases. */
 954static int jffs2_get_inode_nodes(struct jffs2_sb_info *c, struct jffs2_inode_info *f,
 955                                 struct jffs2_readinode_info *rii)
 956{
 957        struct jffs2_raw_node_ref *ref, *valid_ref;
 958        unsigned char *buf = NULL;
 959        union jffs2_node_union *node;
 960        size_t retlen;
 961        int len, err;
 962
 963        rii->mctime_ver = 0;
 964
 965        dbg_readinode("ino #%u\n", f->inocache->ino);
 966
 967        /* FIXME: in case of NOR and available ->point() this
 968         * needs to be fixed. */
 969        len = sizeof(union jffs2_node_union) + c->wbuf_pagesize;
 970        buf = kmalloc(len, GFP_KERNEL);
 971        if (!buf)
 972                return -ENOMEM;
 973
 974        spin_lock(&c->erase_completion_lock);
 975        valid_ref = jffs2_first_valid_node(f->inocache->nodes);
 976        if (!valid_ref && f->inocache->ino != 1)
 977                JFFS2_WARNING("Eep. No valid nodes for ino #%u.\n", f->inocache->ino);
 978        while (valid_ref) {
 979                /* We can hold a pointer to a non-obsolete node without the spinlock,
 980                   but _obsolete_ nodes may disappear at any time, if the block
 981                   they're in gets erased. So if we mark 'ref' obsolete while we're
 982                   not holding the lock, it can go away immediately. For that reason,
 983                   we find the next valid node first, before processing 'ref'.
 984                */
 985                ref = valid_ref;
 986                valid_ref = jffs2_first_valid_node(ref->next_in_ino);
 987                spin_unlock(&c->erase_completion_lock);
 988
 989                cond_resched();
 990
 991                /*
 992                 * At this point we don't know the type of the node we're going
 993                 * to read, so we do not know the size of its header. In order
 994                 * to minimize the amount of flash IO we assume the header is
 995                 * of size = JFFS2_MIN_NODE_HEADER.
 996                 */
 997                len = JFFS2_MIN_NODE_HEADER;
 998                if (jffs2_is_writebuffered(c)) {
 999                        int end, rem;
1000
1001                        /*
1002                         * We are about to read JFFS2_MIN_NODE_HEADER bytes,
1003                         * but this flash has some minimal I/O unit. It is
1004                         * possible that we'll need to read more soon, so read
1005                         * up to the next min. I/O unit, in order not to
1006                         * re-read the same min. I/O unit twice.
1007                         */
1008                        end = ref_offset(ref) + len;
1009                        rem = end % c->wbuf_pagesize;
1010                        if (rem)
1011                                end += c->wbuf_pagesize - rem;
1012                        len = end - ref_offset(ref);
1013                }
1014
1015                dbg_readinode("read %d bytes at %#08x(%d).\n", len, ref_offset(ref), ref_flags(ref));
1016
1017                /* FIXME: point() */
1018                err = jffs2_flash_read(c, ref_offset(ref), len, &retlen, buf);
1019                if (err) {
1020                        JFFS2_ERROR("can not read %d bytes from 0x%08x, " "error code: %d.\n", len, ref_offset(ref), err);
1021                        goto free_out;
1022                }
1023
1024                if (retlen < len) {
1025                        JFFS2_ERROR("short read at %#08x: %zu instead of %d.\n", ref_offset(ref), retlen, len);
1026                        err = -EIO;
1027                        goto free_out;
1028                }
1029
1030                node = (union jffs2_node_union *)buf;
1031
1032                /* No need to mask in the valid bit; it shouldn't be invalid */
1033                if (je32_to_cpu(node->u.hdr_crc) != crc32(0, node, sizeof(node->u)-4)) {
1034                        JFFS2_NOTICE("Node header CRC failed at %#08x. {%04x,%04x,%08x,%08x}\n",
1035                                     ref_offset(ref), je16_to_cpu(node->u.magic),
1036                                     je16_to_cpu(node->u.nodetype),
1037                                     je32_to_cpu(node->u.totlen),
1038                                     je32_to_cpu(node->u.hdr_crc));
1039                        jffs2_dbg_dump_node(c, ref_offset(ref));
1040                        jffs2_mark_node_obsolete(c, ref);
1041                        goto cont;
1042                }
1043                if (je16_to_cpu(node->u.magic) != JFFS2_MAGIC_BITMASK) {
1044                        /* Not a JFFS2 node, whinge and move on */
1045                        JFFS2_NOTICE("Wrong magic bitmask 0x%04x in node header at %#08x.\n",
1046                                     je16_to_cpu(node->u.magic), ref_offset(ref));
1047                        jffs2_mark_node_obsolete(c, ref);
1048                        goto cont;
1049                }
1050
1051                switch (je16_to_cpu(node->u.nodetype)) {
1052
1053                case JFFS2_NODETYPE_DIRENT:
1054
1055                        if (JFFS2_MIN_NODE_HEADER < sizeof(struct jffs2_raw_dirent) &&
1056                            len < sizeof(struct jffs2_raw_dirent)) {
1057                                err = read_more(c, ref, sizeof(struct jffs2_raw_dirent), &len, buf);
1058                                if (unlikely(err))
1059                                        goto free_out;
1060                        }
1061
1062                        err = read_direntry(c, ref, &node->d, retlen, rii);
1063                        if (unlikely(err))
1064                                goto free_out;
1065
1066                        break;
1067
1068                case JFFS2_NODETYPE_INODE:
1069
1070                        if (JFFS2_MIN_NODE_HEADER < sizeof(struct jffs2_raw_inode) &&
1071                            len < sizeof(struct jffs2_raw_inode)) {
1072                                err = read_more(c, ref, sizeof(struct jffs2_raw_inode), &len, buf);
1073                                if (unlikely(err))
1074                                        goto free_out;
1075                        }
1076
1077                        err = read_dnode(c, ref, &node->i, len, rii);
1078                        if (unlikely(err))
1079                                goto free_out;
1080
1081                        break;
1082
1083                default:
1084                        if (JFFS2_MIN_NODE_HEADER < sizeof(struct jffs2_unknown_node) &&
1085                            len < sizeof(struct jffs2_unknown_node)) {
1086                                err = read_more(c, ref, sizeof(struct jffs2_unknown_node), &len, buf);
1087                                if (unlikely(err))
1088                                        goto free_out;
1089                        }
1090
1091                        err = read_unknown(c, ref, &node->u);
1092                        if (unlikely(err))
1093                                goto free_out;
1094
1095                }
1096        cont:
1097                spin_lock(&c->erase_completion_lock);
1098        }
1099
1100        spin_unlock(&c->erase_completion_lock);
1101        kfree(buf);
1102
1103        f->highest_version = rii->highest_version;
1104
1105        dbg_readinode("nodes of inode #%u were read, the highest version is %u, latest_mctime %u, mctime_ver %u.\n",
1106                      f->inocache->ino, rii->highest_version, rii->latest_mctime,
1107                      rii->mctime_ver);
1108        return 0;
1109
1110 free_out:
1111        jffs2_free_tmp_dnode_info_list(&rii->tn_root);
1112        jffs2_free_full_dirent_list(rii->fds);
1113        rii->fds = NULL;
1114        kfree(buf);
1115        return err;
1116}
1117
1118static int jffs2_do_read_inode_internal(struct jffs2_sb_info *c,
1119                                        struct jffs2_inode_info *f,
1120                                        struct jffs2_raw_inode *latest_node)
1121{
1122        struct jffs2_readinode_info rii;
1123        uint32_t crc, new_size;
1124        size_t retlen;
1125        int ret;
1126
1127        dbg_readinode("ino #%u pino/nlink is %d\n", f->inocache->ino,
1128                      f->inocache->pino_nlink);
1129
1130        memset(&rii, 0, sizeof(rii));
1131
1132        /* Grab all nodes relevant to this ino */
1133        ret = jffs2_get_inode_nodes(c, f, &rii);
1134
1135        if (ret) {
1136                JFFS2_ERROR("cannot read nodes for ino %u, returned error is %d\n", f->inocache->ino, ret);
1137                if (f->inocache->state == INO_STATE_READING)
1138                        jffs2_set_inocache_state(c, f->inocache, INO_STATE_CHECKEDABSENT);
1139                return ret;
1140        }
1141
1142        ret = jffs2_build_inode_fragtree(c, f, &rii);
1143        if (ret) {
1144                JFFS2_ERROR("Failed to build final fragtree for inode #%u: error %d\n",
1145                            f->inocache->ino, ret);
1146                if (f->inocache->state == INO_STATE_READING)
1147                        jffs2_set_inocache_state(c, f->inocache, INO_STATE_CHECKEDABSENT);
1148                jffs2_free_tmp_dnode_info_list(&rii.tn_root);
1149                /* FIXME: We could at least crc-check them all */
1150                if (rii.mdata_tn) {
1151                        jffs2_free_full_dnode(rii.mdata_tn->fn);
1152                        jffs2_free_tmp_dnode_info(rii.mdata_tn);
1153                        rii.mdata_tn = NULL;
1154                }
1155                return ret;
1156        }
1157
1158        if (rii.mdata_tn) {
1159                if (rii.mdata_tn->fn->raw == rii.latest_ref) {
1160                        f->metadata = rii.mdata_tn->fn;
1161                        jffs2_free_tmp_dnode_info(rii.mdata_tn);
1162                } else {
1163                        jffs2_kill_tn(c, rii.mdata_tn);
1164                }
1165                rii.mdata_tn = NULL;
1166        }
1167
1168        f->dents = rii.fds;
1169
1170        jffs2_dbg_fragtree_paranoia_check_nolock(f);
1171
1172        if (unlikely(!rii.latest_ref)) {
1173                /* No data nodes for this inode. */
1174                if (f->inocache->ino != 1) {
1175                        JFFS2_WARNING("no data nodes found for ino #%u\n", f->inocache->ino);
1176                        if (!rii.fds) {
1177                                if (f->inocache->state == INO_STATE_READING)
1178                                        jffs2_set_inocache_state(c, f->inocache, INO_STATE_CHECKEDABSENT);
1179                                return -EIO;
1180                        }
1181                        JFFS2_NOTICE("but it has children so we fake some modes for it\n");
1182                }
1183                latest_node->mode = cpu_to_jemode(S_IFDIR|S_IRUGO|S_IWUSR|S_IXUGO);
1184                latest_node->version = cpu_to_je32(0);
1185                latest_node->atime = latest_node->ctime = latest_node->mtime = cpu_to_je32(0);
1186                latest_node->isize = cpu_to_je32(0);
1187                latest_node->gid = cpu_to_je16(0);
1188                latest_node->uid = cpu_to_je16(0);
1189                if (f->inocache->state == INO_STATE_READING)
1190                        jffs2_set_inocache_state(c, f->inocache, INO_STATE_PRESENT);
1191                return 0;
1192        }
1193
1194        ret = jffs2_flash_read(c, ref_offset(rii.latest_ref), sizeof(*latest_node), &retlen, (void *)latest_node);
1195        if (ret || retlen != sizeof(*latest_node)) {
1196                JFFS2_ERROR("failed to read from flash: error %d, %zd of %zd bytes read\n",
1197                        ret, retlen, sizeof(*latest_node));
1198                /* FIXME: If this fails, there seems to be a memory leak. Find it. */
1199                mutex_unlock(&f->sem);
1200                jffs2_do_clear_inode(c, f);
1201                return ret?ret:-EIO;
1202        }
1203
1204        crc = crc32(0, latest_node, sizeof(*latest_node)-8);
1205        if (crc != je32_to_cpu(latest_node->node_crc)) {
1206                JFFS2_ERROR("CRC failed for read_inode of inode %u at physical location 0x%x\n",
1207                        f->inocache->ino, ref_offset(rii.latest_ref));
1208                mutex_unlock(&f->sem);
1209                jffs2_do_clear_inode(c, f);
1210                return -EIO;
1211        }
1212
1213        switch(jemode_to_cpu(latest_node->mode) & S_IFMT) {
1214        case S_IFDIR:
1215                if (rii.mctime_ver > je32_to_cpu(latest_node->version)) {
1216                        /* The times in the latest_node are actually older than
1217                           mctime in the latest dirent. Cheat. */
1218                        latest_node->ctime = latest_node->mtime = cpu_to_je32(rii.latest_mctime);
1219                }
1220                break;
1221
1222
1223        case S_IFREG:
1224                /* If it was a regular file, truncate it to the latest node's isize */
1225                new_size = jffs2_truncate_fragtree(c, &f->fragtree, je32_to_cpu(latest_node->isize));
1226                if (new_size != je32_to_cpu(latest_node->isize)) {
1227                        JFFS2_WARNING("Truncating ino #%u to %d bytes failed because it only had %d bytes to start with!\n",
1228                                      f->inocache->ino, je32_to_cpu(latest_node->isize), new_size);
1229                        latest_node->isize = cpu_to_je32(new_size);
1230                }
1231                break;
1232
1233        case S_IFLNK:
1234                /* Hack to work around broken isize in old symlink code.
1235                   Remove this when dwmw2 comes to his senses and stops
1236                   symlinks from being an entirely gratuitous special
1237                   case. */
1238                if (!je32_to_cpu(latest_node->isize))
1239                        latest_node->isize = latest_node->dsize;
1240
1241                if (f->inocache->state != INO_STATE_CHECKING) {
1242                        /* Symlink's inode data is the target path. Read it and
1243                         * keep in RAM to facilitate quick follow symlink
1244                         * operation. */
1245                        f->target = kmalloc(je32_to_cpu(latest_node->csize) + 1, GFP_KERNEL);
1246                        if (!f->target) {
1247                                JFFS2_ERROR("can't allocate %d bytes of memory for the symlink target path cache\n", je32_to_cpu(latest_node->csize));
1248                                mutex_unlock(&f->sem);
1249                                jffs2_do_clear_inode(c, f);
1250                                return -ENOMEM;
1251                        }
1252
1253                        ret = jffs2_flash_read(c, ref_offset(rii.latest_ref) + sizeof(*latest_node),
1254                                                je32_to_cpu(latest_node->csize), &retlen, (char *)f->target);
1255
1256                        if (ret  || retlen != je32_to_cpu(latest_node->csize)) {
1257                                if (retlen != je32_to_cpu(latest_node->csize))
1258                                        ret = -EIO;
1259                                kfree(f->target);
1260                                f->target = NULL;
1261                                mutex_unlock(&f->sem);
1262                                jffs2_do_clear_inode(c, f);
1263                                return -ret;
1264                        }
1265
1266                        f->target[je32_to_cpu(latest_node->csize)] = '\0';
1267                        dbg_readinode("symlink's target '%s' cached\n", f->target);
1268                }
1269
1270                /* fall through... */
1271
1272        case S_IFBLK:
1273        case S_IFCHR:
1274                /* Certain inode types should have only one data node, and it's
1275                   kept as the metadata node */
1276                if (f->metadata) {
1277                        JFFS2_ERROR("Argh. Special inode #%u with mode 0%o had metadata node\n",
1278                               f->inocache->ino, jemode_to_cpu(latest_node->mode));
1279                        mutex_unlock(&f->sem);
1280                        jffs2_do_clear_inode(c, f);
1281                        return -EIO;
1282                }
1283                if (!frag_first(&f->fragtree)) {
1284                        JFFS2_ERROR("Argh. Special inode #%u with mode 0%o has no fragments\n",
1285                               f->inocache->ino, jemode_to_cpu(latest_node->mode));
1286                        mutex_unlock(&f->sem);
1287                        jffs2_do_clear_inode(c, f);
1288                        return -EIO;
1289                }
1290                /* ASSERT: f->fraglist != NULL */
1291                if (frag_next(frag_first(&f->fragtree))) {
1292                        JFFS2_ERROR("Argh. Special inode #%u with mode 0x%x had more than one node\n",
1293                               f->inocache->ino, jemode_to_cpu(latest_node->mode));
1294                        /* FIXME: Deal with it - check crc32, check for duplicate node, check times and discard the older one */
1295                        mutex_unlock(&f->sem);
1296                        jffs2_do_clear_inode(c, f);
1297                        return -EIO;
1298                }
1299                /* OK. We're happy */
1300                f->metadata = frag_first(&f->fragtree)->node;
1301                jffs2_free_node_frag(frag_first(&f->fragtree));
1302                f->fragtree = RB_ROOT;
1303                break;
1304        }
1305        if (f->inocache->state == INO_STATE_READING)
1306                jffs2_set_inocache_state(c, f->inocache, INO_STATE_PRESENT);
1307
1308        return 0;
1309}
1310
1311/* Scan the list of all nodes present for this ino, build map of versions, etc. */
1312int jffs2_do_read_inode(struct jffs2_sb_info *c, struct jffs2_inode_info *f,
1313                        uint32_t ino, struct jffs2_raw_inode *latest_node)
1314{
1315        dbg_readinode("read inode #%u\n", ino);
1316
1317 retry_inocache:
1318        spin_lock(&c->inocache_lock);
1319        f->inocache = jffs2_get_ino_cache(c, ino);
1320
1321        if (f->inocache) {
1322                /* Check its state. We may need to wait before we can use it */
1323                switch(f->inocache->state) {
1324                case INO_STATE_UNCHECKED:
1325                case INO_STATE_CHECKEDABSENT:
1326                        f->inocache->state = INO_STATE_READING;
1327                        break;
1328
1329                case INO_STATE_CHECKING:
1330                case INO_STATE_GC:
1331                        /* If it's in either of these states, we need
1332                           to wait for whoever's got it to finish and
1333                           put it back. */
1334                        dbg_readinode("waiting for ino #%u in state %d\n", ino, f->inocache->state);
1335                        sleep_on_spinunlock(&c->inocache_wq, &c->inocache_lock);
1336                        goto retry_inocache;
1337
1338                case INO_STATE_READING:
1339                case INO_STATE_PRESENT:
1340                        /* Eep. This should never happen. It can
1341                        happen if Linux calls read_inode() again
1342                        before clear_inode() has finished though. */
1343                        JFFS2_ERROR("Eep. Trying to read_inode #%u when it's already in state %d!\n", ino, f->inocache->state);
1344                        /* Fail. That's probably better than allowing it to succeed */
1345                        f->inocache = NULL;
1346                        break;
1347
1348                default:
1349                        BUG();
1350                }
1351        }
1352        spin_unlock(&c->inocache_lock);
1353
1354        if (!f->inocache && ino == 1) {
1355                /* Special case - no root inode on medium */
1356                f->inocache = jffs2_alloc_inode_cache();
1357                if (!f->inocache) {
1358                        JFFS2_ERROR("cannot allocate inocache for root inode\n");
1359                        return -ENOMEM;
1360                }
1361                dbg_readinode("creating inocache for root inode\n");
1362                memset(f->inocache, 0, sizeof(struct jffs2_inode_cache));
1363                f->inocache->ino = f->inocache->pino_nlink = 1;
1364                f->inocache->nodes = (struct jffs2_raw_node_ref *)f->inocache;
1365                f->inocache->state = INO_STATE_READING;
1366                jffs2_add_ino_cache(c, f->inocache);
1367        }
1368        if (!f->inocache) {
1369                JFFS2_ERROR("requestied to read an nonexistent ino %u\n", ino);
1370                return -ENOENT;
1371        }
1372
1373        return jffs2_do_read_inode_internal(c, f, latest_node);
1374}
1375
1376int jffs2_do_crccheck_inode(struct jffs2_sb_info *c, struct jffs2_inode_cache *ic)
1377{
1378        struct jffs2_raw_inode n;
1379        struct jffs2_inode_info *f = kzalloc(sizeof(*f), GFP_KERNEL);
1380        int ret;
1381
1382        if (!f)
1383                return -ENOMEM;
1384
1385        mutex_init(&f->sem);
1386        mutex_lock(&f->sem);
1387        f->inocache = ic;
1388
1389        ret = jffs2_do_read_inode_internal(c, f, &n);
1390        if (!ret) {
1391                mutex_unlock(&f->sem);
1392                jffs2_do_clear_inode(c, f);
1393        }
1394        kfree (f);
1395        return ret;
1396}
1397
1398void jffs2_do_clear_inode(struct jffs2_sb_info *c, struct jffs2_inode_info *f)
1399{
1400        struct jffs2_full_dirent *fd, *fds;
1401        int deleted;
1402
1403        jffs2_clear_acl(f);
1404        jffs2_xattr_delete_inode(c, f->inocache);
1405        mutex_lock(&f->sem);
1406        deleted = f->inocache && !f->inocache->pino_nlink;
1407
1408        if (f->inocache && f->inocache->state != INO_STATE_CHECKING)
1409                jffs2_set_inocache_state(c, f->inocache, INO_STATE_CLEARING);
1410
1411        if (f->metadata) {
1412                if (deleted)
1413                        jffs2_mark_node_obsolete(c, f->metadata->raw);
1414                jffs2_free_full_dnode(f->metadata);
1415        }
1416
1417        jffs2_kill_fragtree(&f->fragtree, deleted?c:NULL);
1418
1419        if (f->target) {
1420                kfree(f->target);
1421                f->target = NULL;
1422        }
1423
1424        fds = f->dents;
1425        while(fds) {
1426                fd = fds;
1427                fds = fd->next;
1428                jffs2_free_full_dirent(fd);
1429        }
1430
1431        if (f->inocache && f->inocache->state != INO_STATE_CHECKING) {
1432                jffs2_set_inocache_state(c, f->inocache, INO_STATE_CHECKEDABSENT);
1433                if (f->inocache->nodes == (void *)f->inocache)
1434                        jffs2_del_ino_cache(c, f->inocache);
1435        }
1436
1437        mutex_unlock(&f->sem);
1438}