ClabureDB: Classified Bug-Reports Database

Project: Linux Kernel

Showing error 1197

User:	Jiri Slaby
Error type:	Double Unlock
Error type description:	Some lock is unlocked twice unintentionally in a sequence
File location:	fs/jffs2/wbuf.c
Line in file:	747
Project:	Linux Kernel
Project version:	2.6.28
Tools:	Stanse (1.2)
Entered:	2012-04-30 10:52:00 UTC
Source:

   1/*
   2 * JFFS2 -- Journalling Flash File System, Version 2.
   3 *
   4 * Copyright �� 2001-2007 Red Hat, Inc.
   5 * Copyright �� 2004 Thomas Gleixner <tglx@linutronix.de>
   6 *
   7 * Created by David Woodhouse <dwmw2@infradead.org>
   8 * Modified debugged and enhanced by Thomas Gleixner <tglx@linutronix.de>
   9 *
  10 * For licensing information, see the file 'LICENCE' in this directory.
  11 *
  12 */
  13
  14#include <linux/kernel.h>
  15#include <linux/slab.h>
  16#include <linux/mtd/mtd.h>
  17#include <linux/crc32.h>
  18#include <linux/mtd/nand.h>
  19#include <linux/jiffies.h>
  20#include <linux/sched.h>
  21
  22#include "nodelist.h"
  23
  24/* For testing write failures */
  25#undef BREAKME
  26#undef BREAKMEHEADER
  27
  28#ifdef BREAKME
  29static unsigned char *brokenbuf;
  30#endif
  31
  32#define PAGE_DIV(x) ( ((unsigned long)(x) / (unsigned long)(c->wbuf_pagesize)) * (unsigned long)(c->wbuf_pagesize) )
  33#define PAGE_MOD(x) ( (unsigned long)(x) % (unsigned long)(c->wbuf_pagesize) )
  34
  35/* max. erase failures before we mark a block bad */
  36#define MAX_ERASE_FAILURES         2
  37
  38struct jffs2_inodirty {
  39        uint32_t ino;
  40        struct jffs2_inodirty *next;
  41};
  42
  43static struct jffs2_inodirty inodirty_nomem;
  44
  45static int jffs2_wbuf_pending_for_ino(struct jffs2_sb_info *c, uint32_t ino)
  46{
  47        struct jffs2_inodirty *this = c->wbuf_inodes;
  48
  49        /* If a malloc failed, consider _everything_ dirty */
  50        if (this == &inodirty_nomem)
  51                return 1;
  52
  53        /* If ino == 0, _any_ non-GC writes mean 'yes' */
  54        if (this && !ino)
  55                return 1;
  56
  57        /* Look to see if the inode in question is pending in the wbuf */
  58        while (this) {
  59                if (this->ino == ino)
  60                        return 1;
  61                this = this->next;
  62        }
  63        return 0;
  64}
  65
  66static void jffs2_clear_wbuf_ino_list(struct jffs2_sb_info *c)
  67{
  68        struct jffs2_inodirty *this;
  69
  70        this = c->wbuf_inodes;
  71
  72        if (this != &inodirty_nomem) {
  73                while (this) {
  74                        struct jffs2_inodirty *next = this->next;
  75                        kfree(this);
  76                        this = next;
  77                }
  78        }
  79        c->wbuf_inodes = NULL;
  80}
  81
  82static void jffs2_wbuf_dirties_inode(struct jffs2_sb_info *c, uint32_t ino)
  83{
  84        struct jffs2_inodirty *new;
  85
  86        /* Mark the superblock dirty so that kupdated will flush... */
  87        jffs2_erase_pending_trigger(c);
  88
  89        if (jffs2_wbuf_pending_for_ino(c, ino))
  90                return;
  91
  92        new = kmalloc(sizeof(*new), GFP_KERNEL);
  93        if (!new) {
  94                D1(printk(KERN_DEBUG "No memory to allocate inodirty. Fallback to all considered dirty\n"));
  95                jffs2_clear_wbuf_ino_list(c);
  96                c->wbuf_inodes = &inodirty_nomem;
  97                return;
  98        }
  99        new->ino = ino;
 100        new->next = c->wbuf_inodes;
 101        c->wbuf_inodes = new;
 102        return;
 103}
 104
 105static inline void jffs2_refile_wbuf_blocks(struct jffs2_sb_info *c)
 106{
 107        struct list_head *this, *next;
 108        static int n;
 109
 110        if (list_empty(&c->erasable_pending_wbuf_list))
 111                return;
 112
 113        list_for_each_safe(this, next, &c->erasable_pending_wbuf_list) {
 114                struct jffs2_eraseblock *jeb = list_entry(this, struct jffs2_eraseblock, list);
 115
 116                D1(printk(KERN_DEBUG "Removing eraseblock at 0x%08x from erasable_pending_wbuf_list...\n", jeb->offset));
 117                list_del(this);
 118                if ((jiffies + (n++)) & 127) {
 119                        /* Most of the time, we just erase it immediately. Otherwise we
 120                           spend ages scanning it on mount, etc. */
 121                        D1(printk(KERN_DEBUG "...and adding to erase_pending_list\n"));
 122                        list_add_tail(&jeb->list, &c->erase_pending_list);
 123                        c->nr_erasing_blocks++;
 124                        jffs2_erase_pending_trigger(c);
 125                } else {
 126                        /* Sometimes, however, we leave it elsewhere so it doesn't get
 127                           immediately reused, and we spread the load a bit. */
 128                        D1(printk(KERN_DEBUG "...and adding to erasable_list\n"));
 129                        list_add_tail(&jeb->list, &c->erasable_list);
 130                }
 131        }
 132}
 133
 134#define REFILE_NOTEMPTY 0
 135#define REFILE_ANYWAY   1
 136
 137static void jffs2_block_refile(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, int allow_empty)
 138{
 139        D1(printk("About to refile bad block at %08x\n", jeb->offset));
 140
 141        /* File the existing block on the bad_used_list.... */
 142        if (c->nextblock == jeb)
 143                c->nextblock = NULL;
 144        else /* Not sure this should ever happen... need more coffee */
 145                list_del(&jeb->list);
 146        if (jeb->first_node) {
 147                D1(printk("Refiling block at %08x to bad_used_list\n", jeb->offset));
 148                list_add(&jeb->list, &c->bad_used_list);
 149        } else {
 150                BUG_ON(allow_empty == REFILE_NOTEMPTY);
 151                /* It has to have had some nodes or we couldn't be here */
 152                D1(printk("Refiling block at %08x to erase_pending_list\n", jeb->offset));
 153                list_add(&jeb->list, &c->erase_pending_list);
 154                c->nr_erasing_blocks++;
 155                jffs2_erase_pending_trigger(c);
 156        }
 157
 158        if (!jffs2_prealloc_raw_node_refs(c, jeb, 1)) {
 159                uint32_t oldfree = jeb->free_size;
 160
 161                jffs2_link_node_ref(c, jeb, 
 162                                    (jeb->offset+c->sector_size-oldfree) | REF_OBSOLETE,
 163                                    oldfree, NULL);
 164                /* convert to wasted */
 165                c->wasted_size += oldfree;
 166                jeb->wasted_size += oldfree;
 167                c->dirty_size -= oldfree;
 168                jeb->dirty_size -= oldfree;
 169        }
 170
 171        jffs2_dbg_dump_block_lists_nolock(c);
 172        jffs2_dbg_acct_sanity_check_nolock(c,jeb);
 173        jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
 174}
 175
 176static struct jffs2_raw_node_ref **jffs2_incore_replace_raw(struct jffs2_sb_info *c,
 177                                                            struct jffs2_inode_info *f,
 178                                                            struct jffs2_raw_node_ref *raw,
 179                                                            union jffs2_node_union *node)
 180{
 181        struct jffs2_node_frag *frag;
 182        struct jffs2_full_dirent *fd;
 183
 184        dbg_noderef("incore_replace_raw: node at %p is {%04x,%04x}\n",
 185                    node, je16_to_cpu(node->u.magic), je16_to_cpu(node->u.nodetype));
 186
 187        BUG_ON(je16_to_cpu(node->u.magic) != 0x1985 &&
 188               je16_to_cpu(node->u.magic) != 0);
 189
 190        switch (je16_to_cpu(node->u.nodetype)) {
 191        case JFFS2_NODETYPE_INODE:
 192                if (f->metadata && f->metadata->raw == raw) {
 193                        dbg_noderef("Will replace ->raw in f->metadata at %p\n", f->metadata);
 194                        return &f->metadata->raw;
 195                }
 196                frag = jffs2_lookup_node_frag(&f->fragtree, je32_to_cpu(node->i.offset));
 197                BUG_ON(!frag);
 198                /* Find a frag which refers to the full_dnode we want to modify */
 199                while (!frag->node || frag->node->raw != raw) {
 200                        frag = frag_next(frag);
 201                        BUG_ON(!frag);
 202                }
 203                dbg_noderef("Will replace ->raw in full_dnode at %p\n", frag->node);
 204                return &frag->node->raw;
 205
 206        case JFFS2_NODETYPE_DIRENT:
 207                for (fd = f->dents; fd; fd = fd->next) {
 208                        if (fd->raw == raw) {
 209                                dbg_noderef("Will replace ->raw in full_dirent at %p\n", fd);
 210                                return &fd->raw;
 211                        }
 212                }
 213                BUG();
 214
 215        default:
 216                dbg_noderef("Don't care about replacing raw for nodetype %x\n",
 217                            je16_to_cpu(node->u.nodetype));
 218                break;
 219        }
 220        return NULL;
 221}
 222
 223#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
 224static int jffs2_verify_write(struct jffs2_sb_info *c, unsigned char *buf,
 225                              uint32_t ofs)
 226{
 227        int ret;
 228        size_t retlen;
 229        char *eccstr;
 230
 231        ret = c->mtd->read(c->mtd, ofs, c->wbuf_pagesize, &retlen, c->wbuf_verify);
 232        if (ret && ret != -EUCLEAN && ret != -EBADMSG) {
 233                printk(KERN_WARNING "jffs2_verify_write(): Read back of page at %08x failed: %d\n", c->wbuf_ofs, ret);
 234                return ret;
 235        } else if (retlen != c->wbuf_pagesize) {
 236                printk(KERN_WARNING "jffs2_verify_write(): Read back of page at %08x gave short read: %zd not %d.\n", ofs, retlen, c->wbuf_pagesize);
 237                return -EIO;
 238        }
 239        if (!memcmp(buf, c->wbuf_verify, c->wbuf_pagesize))
 240                return 0;
 241
 242        if (ret == -EUCLEAN)
 243                eccstr = "corrected";
 244        else if (ret == -EBADMSG)
 245                eccstr = "correction failed";
 246        else
 247                eccstr = "OK or unused";
 248
 249        printk(KERN_WARNING "Write verify error (ECC %s) at %08x. Wrote:\n",
 250               eccstr, c->wbuf_ofs);
 251        print_hex_dump(KERN_WARNING, "", DUMP_PREFIX_OFFSET, 16, 1,
 252                       c->wbuf, c->wbuf_pagesize, 0);
 253
 254        printk(KERN_WARNING "Read back:\n");
 255        print_hex_dump(KERN_WARNING, "", DUMP_PREFIX_OFFSET, 16, 1,
 256                       c->wbuf_verify, c->wbuf_pagesize, 0);
 257
 258        return -EIO;
 259}
 260#else
 261#define jffs2_verify_write(c,b,o) (0)
 262#endif
 263
 264/* Recover from failure to write wbuf. Recover the nodes up to the
 265 * wbuf, not the one which we were starting to try to write. */
 266
 267static void jffs2_wbuf_recover(struct jffs2_sb_info *c)
 268{
 269        struct jffs2_eraseblock *jeb, *new_jeb;
 270        struct jffs2_raw_node_ref *raw, *next, *first_raw = NULL;
 271        size_t retlen;
 272        int ret;
 273        int nr_refile = 0;
 274        unsigned char *buf;
 275        uint32_t start, end, ofs, len;
 276
 277        jeb = &c->blocks[c->wbuf_ofs / c->sector_size];
 278
 279        spin_lock(&c->erase_completion_lock);
 280        if (c->wbuf_ofs % c->mtd->erasesize)
 281                jffs2_block_refile(c, jeb, REFILE_NOTEMPTY);
 282        else
 283                jffs2_block_refile(c, jeb, REFILE_ANYWAY);
 284        spin_unlock(&c->erase_completion_lock);
 285
 286        BUG_ON(!ref_obsolete(jeb->last_node));
 287
 288        /* Find the first node to be recovered, by skipping over every
 289           node which ends before the wbuf starts, or which is obsolete. */
 290        for (next = raw = jeb->first_node; next; raw = next) {
 291                next = ref_next(raw);
 292
 293                if (ref_obsolete(raw) || 
 294                    (next && ref_offset(next) <= c->wbuf_ofs)) {
 295                        dbg_noderef("Skipping node at 0x%08x(%d)-0x%08x which is either before 0x%08x or obsolete\n",
 296                                    ref_offset(raw), ref_flags(raw),
 297                                    (ref_offset(raw) + ref_totlen(c, jeb, raw)),
 298                                    c->wbuf_ofs);
 299                        continue;
 300                }
 301                dbg_noderef("First node to be recovered is at 0x%08x(%d)-0x%08x\n",
 302                            ref_offset(raw), ref_flags(raw),
 303                            (ref_offset(raw) + ref_totlen(c, jeb, raw)));
 304
 305                first_raw = raw;
 306                break;
 307        }
 308
 309        if (!first_raw) {
 310                /* All nodes were obsolete. Nothing to recover. */
 311                D1(printk(KERN_DEBUG "No non-obsolete nodes to be recovered. Just filing block bad\n"));
 312                c->wbuf_len = 0;
 313                return;
 314        }
 315
 316        start = ref_offset(first_raw);
 317        end = ref_offset(jeb->last_node);
 318        nr_refile = 1;
 319
 320        /* Count the number of refs which need to be copied */
 321        while ((raw = ref_next(raw)) != jeb->last_node)
 322                nr_refile++;
 323
 324        dbg_noderef("wbuf recover %08x-%08x (%d bytes in %d nodes)\n",
 325                    start, end, end - start, nr_refile);
 326
 327        buf = NULL;
 328        if (start < c->wbuf_ofs) {
 329                /* First affected node was already partially written.
 330                 * Attempt to reread the old data into our buffer. */
 331
 332                buf = kmalloc(end - start, GFP_KERNEL);
 333                if (!buf) {
 334                        printk(KERN_CRIT "Malloc failure in wbuf recovery. Data loss ensues.\n");
 335
 336                        goto read_failed;
 337                }
 338
 339                /* Do the read... */
 340                ret = c->mtd->read(c->mtd, start, c->wbuf_ofs - start, &retlen, buf);
 341
 342                /* ECC recovered ? */
 343                if ((ret == -EUCLEAN || ret == -EBADMSG) &&
 344                    (retlen == c->wbuf_ofs - start))
 345                        ret = 0;
 346
 347                if (ret || retlen != c->wbuf_ofs - start) {
 348                        printk(KERN_CRIT "Old data are already lost in wbuf recovery. Data loss ensues.\n");
 349
 350                        kfree(buf);
 351                        buf = NULL;
 352                read_failed:
 353                        first_raw = ref_next(first_raw);
 354                        nr_refile--;
 355                        while (first_raw && ref_obsolete(first_raw)) {
 356                                first_raw = ref_next(first_raw);
 357                                nr_refile--;
 358                        }
 359
 360                        /* If this was the only node to be recovered, give up */
 361                        if (!first_raw) {
 362                                c->wbuf_len = 0;
 363                                return;
 364                        }
 365
 366                        /* It wasn't. Go on and try to recover nodes complete in the wbuf */
 367                        start = ref_offset(first_raw);
 368                        dbg_noderef("wbuf now recover %08x-%08x (%d bytes in %d nodes)\n",
 369                                    start, end, end - start, nr_refile);
 370
 371                } else {
 372                        /* Read succeeded. Copy the remaining data from the wbuf */
 373                        memcpy(buf + (c->wbuf_ofs - start), c->wbuf, end - c->wbuf_ofs);
 374                }
 375        }
 376        /* OK... we're to rewrite (end-start) bytes of data from first_raw onwards.
 377           Either 'buf' contains the data, or we find it in the wbuf */
 378
 379        /* ... and get an allocation of space from a shiny new block instead */
 380        ret = jffs2_reserve_space_gc(c, end-start, &len, JFFS2_SUMMARY_NOSUM_SIZE);
 381        if (ret) {
 382                printk(KERN_WARNING "Failed to allocate space for wbuf recovery. Data loss ensues.\n");
 383                kfree(buf);
 384                return;
 385        }
 386
 387        /* The summary is not recovered, so it must be disabled for this erase block */
 388        jffs2_sum_disable_collecting(c->summary);
 389
 390        ret = jffs2_prealloc_raw_node_refs(c, c->nextblock, nr_refile);
 391        if (ret) {
 392                printk(KERN_WARNING "Failed to allocate node refs for wbuf recovery. Data loss ensues.\n");
 393                kfree(buf);
 394                return;
 395        }
 396
 397        ofs = write_ofs(c);
 398
 399        if (end-start >= c->wbuf_pagesize) {
 400                /* Need to do another write immediately, but it's possible
 401                   that this is just because the wbuf itself is completely
 402                   full, and there's nothing earlier read back from the
 403                   flash. Hence 'buf' isn't necessarily what we're writing
 404                   from. */
 405                unsigned char *rewrite_buf = buf?:c->wbuf;
 406                uint32_t towrite = (end-start) - ((end-start)%c->wbuf_pagesize);
 407
 408                D1(printk(KERN_DEBUG "Write 0x%x bytes at 0x%08x in wbuf recover\n",
 409                          towrite, ofs));
 410
 411#ifdef BREAKMEHEADER
 412                static int breakme;
 413                if (breakme++ == 20) {
 414                        printk(KERN_NOTICE "Faking write error at 0x%08x\n", ofs);
 415                        breakme = 0;
 416                        c->mtd->write(c->mtd, ofs, towrite, &retlen,
 417                                      brokenbuf);
 418                        ret = -EIO;
 419                } else
 420#endif
 421                        ret = c->mtd->write(c->mtd, ofs, towrite, &retlen,
 422                                            rewrite_buf);
 423
 424                if (ret || retlen != towrite || jffs2_verify_write(c, rewrite_buf, ofs)) {
 425                        /* Argh. We tried. Really we did. */
 426                        printk(KERN_CRIT "Recovery of wbuf failed due to a second write error\n");
 427                        kfree(buf);
 428
 429                        if (retlen)
 430                                jffs2_add_physical_node_ref(c, ofs | REF_OBSOLETE, ref_totlen(c, jeb, first_raw), NULL);
 431
 432                        return;
 433                }
 434                printk(KERN_NOTICE "Recovery of wbuf succeeded to %08x\n", ofs);
 435
 436                c->wbuf_len = (end - start) - towrite;
 437                c->wbuf_ofs = ofs + towrite;
 438                memmove(c->wbuf, rewrite_buf + towrite, c->wbuf_len);
 439                /* Don't muck about with c->wbuf_inodes. False positives are harmless. */
 440        } else {
 441                /* OK, now we're left with the dregs in whichever buffer we're using */
 442                if (buf) {
 443                        memcpy(c->wbuf, buf, end-start);
 444                } else {
 445                        memmove(c->wbuf, c->wbuf + (start - c->wbuf_ofs), end - start);
 446                }
 447                c->wbuf_ofs = ofs;
 448                c->wbuf_len = end - start;
 449        }
 450
 451        /* Now sort out the jffs2_raw_node_refs, moving them from the old to the next block */
 452        new_jeb = &c->blocks[ofs / c->sector_size];
 453
 454        spin_lock(&c->erase_completion_lock);
 455        for (raw = first_raw; raw != jeb->last_node; raw = ref_next(raw)) {
 456                uint32_t rawlen = ref_totlen(c, jeb, raw);
 457                struct jffs2_inode_cache *ic;
 458                struct jffs2_raw_node_ref *new_ref;
 459                struct jffs2_raw_node_ref **adjust_ref = NULL;
 460                struct jffs2_inode_info *f = NULL;
 461
 462                D1(printk(KERN_DEBUG "Refiling block of %08x at %08x(%d) to %08x\n",
 463                          rawlen, ref_offset(raw), ref_flags(raw), ofs));
 464
 465                ic = jffs2_raw_ref_to_ic(raw);
 466
 467                /* Ick. This XATTR mess should be fixed shortly... */
 468                if (ic && ic->class == RAWNODE_CLASS_XATTR_DATUM) {
 469                        struct jffs2_xattr_datum *xd = (void *)ic;
 470                        BUG_ON(xd->node != raw);
 471                        adjust_ref = &xd->node;
 472                        raw->next_in_ino = NULL;
 473                        ic = NULL;
 474                } else if (ic && ic->class == RAWNODE_CLASS_XATTR_REF) {
 475                        struct jffs2_xattr_datum *xr = (void *)ic;
 476                        BUG_ON(xr->node != raw);
 477                        adjust_ref = &xr->node;
 478                        raw->next_in_ino = NULL;
 479                        ic = NULL;
 480                } else if (ic && ic->class == RAWNODE_CLASS_INODE_CACHE) {
 481                        struct jffs2_raw_node_ref **p = &ic->nodes;
 482
 483                        /* Remove the old node from the per-inode list */
 484                        while (*p && *p != (void *)ic) {
 485                                if (*p == raw) {
 486                                        (*p) = (raw->next_in_ino);
 487                                        raw->next_in_ino = NULL;
 488                                        break;
 489                                }
 490                                p = &((*p)->next_in_ino);
 491                        }
 492
 493                        if (ic->state == INO_STATE_PRESENT && !ref_obsolete(raw)) {
 494                                /* If it's an in-core inode, then we have to adjust any
 495                                   full_dirent or full_dnode structure to point to the
 496                                   new version instead of the old */
 497                                f = jffs2_gc_fetch_inode(c, ic->ino, !ic->pino_nlink);
 498                                if (IS_ERR(f)) {
 499                                        /* Should never happen; it _must_ be present */
 500                                        JFFS2_ERROR("Failed to iget() ino #%u, err %ld\n",
 501                                                    ic->ino, PTR_ERR(f));
 502                                        BUG();
 503                                }
 504                                /* We don't lock f->sem. There's a number of ways we could
 505                                   end up in here with it already being locked, and nobody's
 506                                   going to modify it on us anyway because we hold the
 507                                   alloc_sem. We're only changing one ->raw pointer too,
 508                                   which we can get away with without upsetting readers. */
 509                                adjust_ref = jffs2_incore_replace_raw(c, f, raw,
 510                                                                      (void *)(buf?:c->wbuf) + (ref_offset(raw) - start));
 511                        } else if (unlikely(ic->state != INO_STATE_PRESENT &&
 512                                            ic->state != INO_STATE_CHECKEDABSENT &&
 513                                            ic->state != INO_STATE_GC)) {
 514                                JFFS2_ERROR("Inode #%u is in strange state %d!\n", ic->ino, ic->state);
 515                                BUG();
 516                        }
 517                }
 518
 519                new_ref = jffs2_link_node_ref(c, new_jeb, ofs | ref_flags(raw), rawlen, ic);
 520
 521                if (adjust_ref) {
 522                        BUG_ON(*adjust_ref != raw);
 523                        *adjust_ref = new_ref;
 524                }
 525                if (f)
 526                        jffs2_gc_release_inode(c, f);
 527
 528                if (!ref_obsolete(raw)) {
 529                        jeb->dirty_size += rawlen;
 530                        jeb->used_size  -= rawlen;
 531                        c->dirty_size += rawlen;
 532                        c->used_size -= rawlen;
 533                        raw->flash_offset = ref_offset(raw) | REF_OBSOLETE;
 534                        BUG_ON(raw->next_in_ino);
 535                }
 536                ofs += rawlen;
 537        }
 538
 539        kfree(buf);
 540
 541        /* Fix up the original jeb now it's on the bad_list */
 542        if (first_raw == jeb->first_node) {
 543                D1(printk(KERN_DEBUG "Failing block at %08x is now empty. Moving to erase_pending_list\n", jeb->offset));
 544                list_move(&jeb->list, &c->erase_pending_list);
 545                c->nr_erasing_blocks++;
 546                jffs2_erase_pending_trigger(c);
 547        }
 548
 549        jffs2_dbg_acct_sanity_check_nolock(c, jeb);
 550        jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
 551
 552        jffs2_dbg_acct_sanity_check_nolock(c, new_jeb);
 553        jffs2_dbg_acct_paranoia_check_nolock(c, new_jeb);
 554
 555        spin_unlock(&c->erase_completion_lock);
 556
 557        D1(printk(KERN_DEBUG "wbuf recovery completed OK. wbuf_ofs 0x%08x, len 0x%x\n", c->wbuf_ofs, c->wbuf_len));
 558
 559}
 560
 561/* Meaning of pad argument:
 562   0: Do not pad. Probably pointless - we only ever use this when we can't pad anyway.
 563   1: Pad, do not adjust nextblock free_size
 564   2: Pad, adjust nextblock free_size
 565*/
 566#define NOPAD                0
 567#define PAD_NOACCOUNT        1
 568#define PAD_ACCOUNTING        2
 569
 570static int __jffs2_flush_wbuf(struct jffs2_sb_info *c, int pad)
 571{
 572        struct jffs2_eraseblock *wbuf_jeb;
 573        int ret;
 574        size_t retlen;
 575
 576        /* Nothing to do if not write-buffering the flash. In particular, we shouldn't
 577           del_timer() the timer we never initialised. */
 578        if (!jffs2_is_writebuffered(c))
 579                return 0;
 580
 581        if (mutex_trylock(&c->alloc_sem)) {
 582                mutex_unlock(&c->alloc_sem);
 583                printk(KERN_CRIT "jffs2_flush_wbuf() called with alloc_sem not locked!\n");
 584                BUG();
 585        }
 586
 587        if (!c->wbuf_len)        /* already checked c->wbuf above */
 588                return 0;
 589
 590        wbuf_jeb = &c->blocks[c->wbuf_ofs / c->sector_size];
 591        if (jffs2_prealloc_raw_node_refs(c, wbuf_jeb, c->nextblock->allocated_refs + 1))
 592                return -ENOMEM;
 593
 594        /* claim remaining space on the page
 595           this happens, if we have a change to a new block,
 596           or if fsync forces us to flush the writebuffer.
 597           if we have a switch to next page, we will not have
 598           enough remaining space for this.
 599        */
 600        if (pad ) {
 601                c->wbuf_len = PAD(c->wbuf_len);
 602
 603                /* Pad with JFFS2_DIRTY_BITMASK initially.  this helps out ECC'd NOR
 604                   with 8 byte page size */
 605                memset(c->wbuf + c->wbuf_len, 0, c->wbuf_pagesize - c->wbuf_len);
 606
 607                if ( c->wbuf_len + sizeof(struct jffs2_unknown_node) < c->wbuf_pagesize) {
 608                        struct jffs2_unknown_node *padnode = (void *)(c->wbuf + c->wbuf_len);
 609                        padnode->magic = cpu_to_je16(JFFS2_MAGIC_BITMASK);
 610                        padnode->nodetype = cpu_to_je16(JFFS2_NODETYPE_PADDING);
 611                        padnode->totlen = cpu_to_je32(c->wbuf_pagesize - c->wbuf_len);
 612                        padnode->hdr_crc = cpu_to_je32(crc32(0, padnode, sizeof(*padnode)-4));
 613                }
 614        }
 615        /* else jffs2_flash_writev has actually filled in the rest of the
 616           buffer for us, and will deal with the node refs etc. later. */
 617
 618#ifdef BREAKME
 619        static int breakme;
 620        if (breakme++ == 20) {
 621                printk(KERN_NOTICE "Faking write error at 0x%08x\n", c->wbuf_ofs);
 622                breakme = 0;
 623                c->mtd->write(c->mtd, c->wbuf_ofs, c->wbuf_pagesize, &retlen,
 624                              brokenbuf);
 625                ret = -EIO;
 626        } else
 627#endif
 628
 629                ret = c->mtd->write(c->mtd, c->wbuf_ofs, c->wbuf_pagesize, &retlen, c->wbuf);
 630
 631        if (ret) {
 632                printk(KERN_WARNING "jffs2_flush_wbuf(): Write failed with %d\n", ret);
 633                goto wfail;
 634        } else if (retlen != c->wbuf_pagesize) {
 635                printk(KERN_WARNING "jffs2_flush_wbuf(): Write was short: %zd instead of %d\n",
 636                       retlen, c->wbuf_pagesize);
 637                ret = -EIO;
 638                goto wfail;
 639        } else if ((ret = jffs2_verify_write(c, c->wbuf, c->wbuf_ofs))) {
 640        wfail:
 641                jffs2_wbuf_recover(c);
 642
 643                return ret;
 644        }
 645
 646        /* Adjust free size of the block if we padded. */
 647        if (pad) {
 648                uint32_t waste = c->wbuf_pagesize - c->wbuf_len;
 649
 650                D1(printk(KERN_DEBUG "jffs2_flush_wbuf() adjusting free_size of %sblock at %08x\n",
 651                          (wbuf_jeb==c->nextblock)?"next":"", wbuf_jeb->offset));
 652
 653                /* wbuf_pagesize - wbuf_len is the amount of space that's to be
 654                   padded. If there is less free space in the block than that,
 655                   something screwed up */
 656                if (wbuf_jeb->free_size < waste) {
 657                        printk(KERN_CRIT "jffs2_flush_wbuf(): Accounting error. wbuf at 0x%08x has 0x%03x bytes, 0x%03x left.\n",
 658                               c->wbuf_ofs, c->wbuf_len, waste);
 659                        printk(KERN_CRIT "jffs2_flush_wbuf(): But free_size for block at 0x%08x is only 0x%08x\n",
 660                               wbuf_jeb->offset, wbuf_jeb->free_size);
 661                        BUG();
 662                }
 663
 664                spin_lock(&c->erase_completion_lock);
 665
 666                jffs2_link_node_ref(c, wbuf_jeb, (c->wbuf_ofs + c->wbuf_len) | REF_OBSOLETE, waste, NULL);
 667                /* FIXME: that made it count as dirty. Convert to wasted */
 668                wbuf_jeb->dirty_size -= waste;
 669                c->dirty_size -= waste;
 670                wbuf_jeb->wasted_size += waste;
 671                c->wasted_size += waste;
 672        } else
 673                spin_lock(&c->erase_completion_lock);
 674
 675        /* Stick any now-obsoleted blocks on the erase_pending_list */
 676        jffs2_refile_wbuf_blocks(c);
 677        jffs2_clear_wbuf_ino_list(c);
 678        spin_unlock(&c->erase_completion_lock);
 679
 680        memset(c->wbuf,0xff,c->wbuf_pagesize);
 681        /* adjust write buffer offset, else we get a non contiguous write bug */
 682        c->wbuf_ofs += c->wbuf_pagesize;
 683        c->wbuf_len = 0;
 684        return 0;
 685}
 686
 687/* Trigger garbage collection to flush the write-buffer.
 688   If ino arg is zero, do it if _any_ real (i.e. not GC) writes are
 689   outstanding. If ino arg non-zero, do it only if a write for the
 690   given inode is outstanding. */
 691int jffs2_flush_wbuf_gc(struct jffs2_sb_info *c, uint32_t ino)
 692{
 693        uint32_t old_wbuf_ofs;
 694        uint32_t old_wbuf_len;
 695        int ret = 0;
 696
 697        D1(printk(KERN_DEBUG "jffs2_flush_wbuf_gc() called for ino #%u...\n", ino));
 698
 699        if (!c->wbuf)
 700                return 0;
 701
 702        mutex_lock(&c->alloc_sem);
 703        if (!jffs2_wbuf_pending_for_ino(c, ino)) {
 704                D1(printk(KERN_DEBUG "Ino #%d not pending in wbuf. Returning\n", ino));
 705                mutex_unlock(&c->alloc_sem);
 706                return 0;
 707        }
 708
 709        old_wbuf_ofs = c->wbuf_ofs;
 710        old_wbuf_len = c->wbuf_len;
 711
 712        if (c->unchecked_size) {
 713                /* GC won't make any progress for a while */
 714                D1(printk(KERN_DEBUG "jffs2_flush_wbuf_gc() padding. Not finished checking\n"));
 715                down_write(&c->wbuf_sem);
 716                ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
 717                /* retry flushing wbuf in case jffs2_wbuf_recover
 718                   left some data in the wbuf */
 719                if (ret)
 720                        ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
 721                up_write(&c->wbuf_sem);
 722        } else while (old_wbuf_len &&
 723                      old_wbuf_ofs == c->wbuf_ofs) {
 724
 725                mutex_unlock(&c->alloc_sem);
 726
 727                D1(printk(KERN_DEBUG "jffs2_flush_wbuf_gc() calls gc pass\n"));
 728
 729                ret = jffs2_garbage_collect_pass(c);
 730                if (ret) {
 731                        /* GC failed. Flush it with padding instead */
 732                        mutex_lock(&c->alloc_sem);
 733                        down_write(&c->wbuf_sem);
 734                        ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
 735                        /* retry flushing wbuf in case jffs2_wbuf_recover
 736                           left some data in the wbuf */
 737                        if (ret)
 738                                ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
 739                        up_write(&c->wbuf_sem);
 740                        break;
 741                }
 742                mutex_lock(&c->alloc_sem);
 743        }
 744
 745        D1(printk(KERN_DEBUG "jffs2_flush_wbuf_gc() ends...\n"));
 746
 747        mutex_unlock(&c->alloc_sem);
 748        return ret;
 749}
 750
 751/* Pad write-buffer to end and write it, wasting space. */
 752int jffs2_flush_wbuf_pad(struct jffs2_sb_info *c)
 753{
 754        int ret;
 755
 756        if (!c->wbuf)
 757                return 0;
 758
 759        down_write(&c->wbuf_sem);
 760        ret = __jffs2_flush_wbuf(c, PAD_NOACCOUNT);
 761        /* retry - maybe wbuf recover left some data in wbuf. */
 762        if (ret)
 763                ret = __jffs2_flush_wbuf(c, PAD_NOACCOUNT);
 764        up_write(&c->wbuf_sem);
 765
 766        return ret;
 767}
 768
 769static size_t jffs2_fill_wbuf(struct jffs2_sb_info *c, const uint8_t *buf,
 770                              size_t len)
 771{
 772        if (len && !c->wbuf_len && (len >= c->wbuf_pagesize))
 773                return 0;
 774
 775        if (len > (c->wbuf_pagesize - c->wbuf_len))
 776                len = c->wbuf_pagesize - c->wbuf_len;
 777        memcpy(c->wbuf + c->wbuf_len, buf, len);
 778        c->wbuf_len += (uint32_t) len;
 779        return len;
 780}
 781
 782int jffs2_flash_writev(struct jffs2_sb_info *c, const struct kvec *invecs,
 783                       unsigned long count, loff_t to, size_t *retlen,
 784                       uint32_t ino)
 785{
 786        struct jffs2_eraseblock *jeb;
 787        size_t wbuf_retlen, donelen = 0;
 788        uint32_t outvec_to = to;
 789        int ret, invec;
 790
 791        /* If not writebuffered flash, don't bother */
 792        if (!jffs2_is_writebuffered(c))
 793                return jffs2_flash_direct_writev(c, invecs, count, to, retlen);
 794
 795        down_write(&c->wbuf_sem);
 796
 797        /* If wbuf_ofs is not initialized, set it to target address */
 798        if (c->wbuf_ofs == 0xFFFFFFFF) {
 799                c->wbuf_ofs = PAGE_DIV(to);
 800                c->wbuf_len = PAGE_MOD(to);
 801                memset(c->wbuf,0xff,c->wbuf_pagesize);
 802        }
 803
 804        /*
 805         * Sanity checks on target address.  It's permitted to write
 806         * at PAD(c->wbuf_len+c->wbuf_ofs), and it's permitted to
 807         * write at the beginning of a new erase block. Anything else,
 808         * and you die.  New block starts at xxx000c (0-b = block
 809         * header)
 810         */
 811        if (SECTOR_ADDR(to) != SECTOR_ADDR(c->wbuf_ofs)) {
 812                /* It's a write to a new block */
 813                if (c->wbuf_len) {
 814                        D1(printk(KERN_DEBUG "jffs2_flash_writev() to 0x%lx "
 815                                  "causes flush of wbuf at 0x%08x\n",
 816                                  (unsigned long)to, c->wbuf_ofs));
 817                        ret = __jffs2_flush_wbuf(c, PAD_NOACCOUNT);
 818                        if (ret)
 819                                goto outerr;
 820                }
 821                /* set pointer to new block */
 822                c->wbuf_ofs = PAGE_DIV(to);
 823                c->wbuf_len = PAGE_MOD(to);
 824        }
 825
 826        if (to != PAD(c->wbuf_ofs + c->wbuf_len)) {
 827                /* We're not writing immediately after the writebuffer. Bad. */
 828                printk(KERN_CRIT "jffs2_flash_writev(): Non-contiguous write "
 829                       "to %08lx\n", (unsigned long)to);
 830                if (c->wbuf_len)
 831                        printk(KERN_CRIT "wbuf was previously %08x-%08x\n",
 832                               c->wbuf_ofs, c->wbuf_ofs+c->wbuf_len);
 833                BUG();
 834        }
 835
 836        /* adjust alignment offset */
 837        if (c->wbuf_len != PAGE_MOD(to)) {
 838                c->wbuf_len = PAGE_MOD(to);
 839                /* take care of alignment to next page */
 840                if (!c->wbuf_len) {
 841                        c->wbuf_len = c->wbuf_pagesize;
 842                        ret = __jffs2_flush_wbuf(c, NOPAD);
 843                        if (ret)
 844                                goto outerr;
 845                }
 846        }
 847
 848        for (invec = 0; invec < count; invec++) {
 849                int vlen = invecs[invec].iov_len;
 850                uint8_t *v = invecs[invec].iov_base;
 851
 852                wbuf_retlen = jffs2_fill_wbuf(c, v, vlen);
 853
 854                if (c->wbuf_len == c->wbuf_pagesize) {
 855                        ret = __jffs2_flush_wbuf(c, NOPAD);
 856                        if (ret)
 857                                goto outerr;
 858                }
 859                vlen -= wbuf_retlen;
 860                outvec_to += wbuf_retlen;
 861                donelen += wbuf_retlen;
 862                v += wbuf_retlen;
 863
 864                if (vlen >= c->wbuf_pagesize) {
 865                        ret = c->mtd->write(c->mtd, outvec_to, PAGE_DIV(vlen),
 866                                            &wbuf_retlen, v);
 867                        if (ret < 0 || wbuf_retlen != PAGE_DIV(vlen))
 868                                goto outfile;
 869
 870                        vlen -= wbuf_retlen;
 871                        outvec_to += wbuf_retlen;
 872                        c->wbuf_ofs = outvec_to;
 873                        donelen += wbuf_retlen;
 874                        v += wbuf_retlen;
 875                }
 876
 877                wbuf_retlen = jffs2_fill_wbuf(c, v, vlen);
 878                if (c->wbuf_len == c->wbuf_pagesize) {
 879                        ret = __jffs2_flush_wbuf(c, NOPAD);
 880                        if (ret)
 881                                goto outerr;
 882                }
 883
 884                outvec_to += wbuf_retlen;
 885                donelen += wbuf_retlen;
 886        }
 887
 888        /*
 889         * If there's a remainder in the wbuf and it's a non-GC write,
 890         * remember that the wbuf affects this ino
 891         */
 892        *retlen = donelen;
 893
 894        if (jffs2_sum_active()) {
 895                int res = jffs2_sum_add_kvec(c, invecs, count, (uint32_t) to);
 896                if (res)
 897                        return res;
 898        }
 899
 900        if (c->wbuf_len && ino)
 901                jffs2_wbuf_dirties_inode(c, ino);
 902
 903        ret = 0;
 904        up_write(&c->wbuf_sem);
 905        return ret;
 906
 907outfile:
 908        /*
 909         * At this point we have no problem, c->wbuf is empty. However
 910         * refile nextblock to avoid writing again to same address.
 911         */
 912
 913        spin_lock(&c->erase_completion_lock);
 914
 915        jeb = &c->blocks[outvec_to / c->sector_size];
 916        jffs2_block_refile(c, jeb, REFILE_ANYWAY);
 917
 918        spin_unlock(&c->erase_completion_lock);
 919
 920outerr:
 921        *retlen = 0;
 922        up_write(&c->wbuf_sem);
 923        return ret;
 924}
 925
 926/*
 927 *        This is the entry for flash write.
 928 *        Check, if we work on NAND FLASH, if so build an kvec and write it via vritev
 929*/
 930int jffs2_flash_write(struct jffs2_sb_info *c, loff_t ofs, size_t len,
 931                      size_t *retlen, const u_char *buf)
 932{
 933        struct kvec vecs[1];
 934
 935        if (!jffs2_is_writebuffered(c))
 936                return jffs2_flash_direct_write(c, ofs, len, retlen, buf);
 937
 938        vecs[0].iov_base = (unsigned char *) buf;
 939        vecs[0].iov_len = len;
 940        return jffs2_flash_writev(c, vecs, 1, ofs, retlen, 0);
 941}
 942
 943/*
 944        Handle readback from writebuffer and ECC failure return
 945*/
 946int jffs2_flash_read(struct jffs2_sb_info *c, loff_t ofs, size_t len, size_t *retlen, u_char *buf)
 947{
 948        loff_t        orbf = 0, owbf = 0, lwbf = 0;
 949        int        ret;
 950
 951        if (!jffs2_is_writebuffered(c))
 952                return c->mtd->read(c->mtd, ofs, len, retlen, buf);
 953
 954        /* Read flash */
 955        down_read(&c->wbuf_sem);
 956        ret = c->mtd->read(c->mtd, ofs, len, retlen, buf);
 957
 958        if ( (ret == -EBADMSG || ret == -EUCLEAN) && (*retlen == len) ) {
 959                if (ret == -EBADMSG)
 960                        printk(KERN_WARNING "mtd->read(0x%zx bytes from 0x%llx)"
 961                               " returned ECC error\n", len, ofs);
 962                /*
 963                 * We have the raw data without ECC correction in the buffer,
 964                 * maybe we are lucky and all data or parts are correct. We
 965                 * check the node.  If data are corrupted node check will sort
 966                 * it out.  We keep this block, it will fail on write or erase
 967                 * and the we mark it bad. Or should we do that now? But we
 968                 * should give him a chance.  Maybe we had a system crash or
 969                 * power loss before the ecc write or a erase was completed.
 970                 * So we return success. :)
 971                 */
 972                ret = 0;
 973        }
 974
 975        /* if no writebuffer available or write buffer empty, return */
 976        if (!c->wbuf_pagesize || !c->wbuf_len)
 977                goto exit;
 978
 979        /* if we read in a different block, return */
 980        if (SECTOR_ADDR(ofs) != SECTOR_ADDR(c->wbuf_ofs))
 981                goto exit;
 982
 983        if (ofs >= c->wbuf_ofs) {
 984                owbf = (ofs - c->wbuf_ofs);        /* offset in write buffer */
 985                if (owbf > c->wbuf_len)                /* is read beyond write buffer ? */
 986                        goto exit;
 987                lwbf = c->wbuf_len - owbf;        /* number of bytes to copy */
 988                if (lwbf > len)
 989                        lwbf = len;
 990        } else {
 991                orbf = (c->wbuf_ofs - ofs);        /* offset in read buffer */
 992                if (orbf > len)                        /* is write beyond write buffer ? */
 993                        goto exit;
 994                lwbf = len - orbf;                /* number of bytes to copy */
 995                if (lwbf > c->wbuf_len)
 996                        lwbf = c->wbuf_len;
 997        }
 998        if (lwbf > 0)
 999                memcpy(buf+orbf,c->wbuf+owbf,lwbf);
1000
1001exit:
1002        up_read(&c->wbuf_sem);
1003        return ret;
1004}
1005
1006#define NR_OOB_SCAN_PAGES 4
1007
1008/* For historical reasons we use only 8 bytes for OOB clean marker */
1009#define OOB_CM_SIZE 8
1010
1011static const struct jffs2_unknown_node oob_cleanmarker =
1012{
1013        .magic = constant_cpu_to_je16(JFFS2_MAGIC_BITMASK),
1014        .nodetype = constant_cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER),
1015        .totlen = constant_cpu_to_je32(8)
1016};
1017
1018/*
1019 * Check, if the out of band area is empty. This function knows about the clean
1020 * marker and if it is present in OOB, treats the OOB as empty anyway.
1021 */
1022int jffs2_check_oob_empty(struct jffs2_sb_info *c,
1023                          struct jffs2_eraseblock *jeb, int mode)
1024{
1025        int i, ret;
1026        int cmlen = min_t(int, c->oobavail, OOB_CM_SIZE);
1027        struct mtd_oob_ops ops;
1028
1029        ops.mode = MTD_OOB_AUTO;
1030        ops.ooblen = NR_OOB_SCAN_PAGES * c->oobavail;
1031        ops.oobbuf = c->oobbuf;
1032        ops.len = ops.ooboffs = ops.retlen = ops.oobretlen = 0;
1033        ops.datbuf = NULL;
1034
1035        ret = c->mtd->read_oob(c->mtd, jeb->offset, &ops);
1036        if (ret || ops.oobretlen != ops.ooblen) {
1037                printk(KERN_ERR "cannot read OOB for EB at %08x, requested %zd"
1038                                " bytes, read %zd bytes, error %d\n",
1039                                jeb->offset, ops.ooblen, ops.oobretlen, ret);
1040                if (!ret)
1041                        ret = -EIO;
1042                return ret;
1043        }
1044
1045        for(i = 0; i < ops.ooblen; i++) {
1046                if (mode && i < cmlen)
1047                        /* Yeah, we know about the cleanmarker */
1048                        continue;
1049
1050                if (ops.oobbuf[i] != 0xFF) {
1051                        D2(printk(KERN_DEBUG "Found %02x at %x in OOB for "
1052                                  "%08x\n", ops.oobbuf[i], i, jeb->offset));
1053                        return 1;
1054                }
1055        }
1056
1057        return 0;
1058}
1059
1060/*
1061 * Check for a valid cleanmarker.
1062 * Returns: 0 if a valid cleanmarker was found
1063 *            1 if no cleanmarker was found
1064 *            negative error code if an error occurred
1065 */
1066int jffs2_check_nand_cleanmarker(struct jffs2_sb_info *c,
1067                                 struct jffs2_eraseblock *jeb)
1068{
1069        struct mtd_oob_ops ops;
1070        int ret, cmlen = min_t(int, c->oobavail, OOB_CM_SIZE);
1071
1072        ops.mode = MTD_OOB_AUTO;
1073        ops.ooblen = cmlen;
1074        ops.oobbuf = c->oobbuf;
1075        ops.len = ops.ooboffs = ops.retlen = ops.oobretlen = 0;
1076        ops.datbuf = NULL;
1077
1078        ret = c->mtd->read_oob(c->mtd, jeb->offset, &ops);
1079        if (ret || ops.oobretlen != ops.ooblen) {
1080                printk(KERN_ERR "cannot read OOB for EB at %08x, requested %zd"
1081                                " bytes, read %zd bytes, error %d\n",
1082                                jeb->offset, ops.ooblen, ops.oobretlen, ret);
1083                if (!ret)
1084                        ret = -EIO;
1085                return ret;
1086        }
1087
1088        return !!memcmp(&oob_cleanmarker, c->oobbuf, cmlen);
1089}
1090
1091int jffs2_write_nand_cleanmarker(struct jffs2_sb_info *c,
1092                                 struct jffs2_eraseblock *jeb)
1093{
1094        int ret;
1095        struct mtd_oob_ops ops;
1096        int cmlen = min_t(int, c->oobavail, OOB_CM_SIZE);
1097
1098        ops.mode = MTD_OOB_AUTO;
1099        ops.ooblen = cmlen;
1100        ops.oobbuf = (uint8_t *)&oob_cleanmarker;
1101        ops.len = ops.ooboffs = ops.retlen = ops.oobretlen = 0;
1102        ops.datbuf = NULL;
1103
1104        ret = c->mtd->write_oob(c->mtd, jeb->offset, &ops);
1105        if (ret || ops.oobretlen != ops.ooblen) {
1106                printk(KERN_ERR "cannot write OOB for EB at %08x, requested %zd"
1107                                " bytes, read %zd bytes, error %d\n",
1108                                jeb->offset, ops.ooblen, ops.oobretlen, ret);
1109                if (!ret)
1110                        ret = -EIO;
1111                return ret;
1112        }
1113
1114        return 0;
1115}
1116
1117/*
1118 * On NAND we try to mark this block bad. If the block was erased more
1119 * than MAX_ERASE_FAILURES we mark it finaly bad.
1120 * Don't care about failures. This block remains on the erase-pending
1121 * or badblock list as long as nobody manipulates the flash with
1122 * a bootloader or something like that.
1123 */
1124
1125int jffs2_write_nand_badblock(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, uint32_t bad_offset)
1126{
1127        int         ret;
1128
1129        /* if the count is < max, we try to write the counter to the 2nd page oob area */
1130        if( ++jeb->bad_count < MAX_ERASE_FAILURES)
1131                return 0;
1132
1133        if (!c->mtd->block_markbad)
1134                return 1; // What else can we do?
1135
1136        printk(KERN_WARNING "JFFS2: marking eraseblock at %08x\n as bad", bad_offset);
1137        ret = c->mtd->block_markbad(c->mtd, bad_offset);
1138
1139        if (ret) {
1140                D1(printk(KERN_WARNING "jffs2_write_nand_badblock(): Write failed for block at %08x: error %d\n", jeb->offset, ret));
1141                return ret;
1142        }
1143        return 1;
1144}
1145
1146int jffs2_nand_flash_setup(struct jffs2_sb_info *c)
1147{
1148        struct nand_ecclayout *oinfo = c->mtd->ecclayout;
1149
1150        if (!c->mtd->oobsize)
1151                return 0;
1152
1153        /* Cleanmarker is out-of-band, so inline size zero */
1154        c->cleanmarker_size = 0;
1155
1156        if (!oinfo || oinfo->oobavail == 0) {
1157                printk(KERN_ERR "inconsistent device description\n");
1158                return -EINVAL;
1159        }
1160
1161        D1(printk(KERN_DEBUG "JFFS2 using OOB on NAND\n"));
1162
1163        c->oobavail = oinfo->oobavail;
1164
1165        /* Initialise write buffer */
1166        init_rwsem(&c->wbuf_sem);
1167        c->wbuf_pagesize = c->mtd->writesize;
1168        c->wbuf_ofs = 0xFFFFFFFF;
1169
1170        c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1171        if (!c->wbuf)
1172                return -ENOMEM;
1173
1174        c->oobbuf = kmalloc(NR_OOB_SCAN_PAGES * c->oobavail, GFP_KERNEL);
1175        if (!c->oobbuf) {
1176                kfree(c->wbuf);
1177                return -ENOMEM;
1178        }
1179
1180#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1181        c->wbuf_verify = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1182        if (!c->wbuf_verify) {
1183                kfree(c->oobbuf);
1184                kfree(c->wbuf);
1185                return -ENOMEM;
1186        }
1187#endif
1188        return 0;
1189}
1190
1191void jffs2_nand_flash_cleanup(struct jffs2_sb_info *c)
1192{
1193#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1194        kfree(c->wbuf_verify);
1195#endif
1196        kfree(c->wbuf);
1197        kfree(c->oobbuf);
1198}
1199
1200int jffs2_dataflash_setup(struct jffs2_sb_info *c) {
1201        c->cleanmarker_size = 0;                /* No cleanmarkers needed */
1202
1203        /* Initialize write buffer */
1204        init_rwsem(&c->wbuf_sem);
1205
1206
1207        c->wbuf_pagesize =  c->mtd->erasesize;
1208
1209        /* Find a suitable c->sector_size
1210         * - Not too much sectors
1211         * - Sectors have to be at least 4 K + some bytes
1212         * - All known dataflashes have erase sizes of 528 or 1056
1213         * - we take at least 8 eraseblocks and want to have at least 8K size
1214         * - The concatenation should be a power of 2
1215        */
1216
1217        c->sector_size = 8 * c->mtd->erasesize;
1218
1219        while (c->sector_size < 8192) {
1220                c->sector_size *= 2;
1221        }
1222
1223        /* It may be necessary to adjust the flash size */
1224        c->flash_size = c->mtd->size;
1225
1226        if ((c->flash_size % c->sector_size) != 0) {
1227                c->flash_size = (c->flash_size / c->sector_size) * c->sector_size;
1228                printk(KERN_WARNING "JFFS2 flash size adjusted to %dKiB\n", c->flash_size);
1229        };
1230
1231        c->wbuf_ofs = 0xFFFFFFFF;
1232        c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1233        if (!c->wbuf)
1234                return -ENOMEM;
1235
1236#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1237        c->wbuf_verify = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1238        if (!c->wbuf_verify) {
1239                kfree(c->oobbuf);
1240                kfree(c->wbuf);
1241                return -ENOMEM;
1242        }
1243#endif
1244
1245        printk(KERN_INFO "JFFS2 write-buffering enabled buffer (%d) erasesize (%d)\n", c->wbuf_pagesize, c->sector_size);
1246
1247        return 0;
1248}
1249
1250void jffs2_dataflash_cleanup(struct jffs2_sb_info *c) {
1251#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1252        kfree(c->wbuf_verify);
1253#endif
1254        kfree(c->wbuf);
1255}
1256
1257int jffs2_nor_wbuf_flash_setup(struct jffs2_sb_info *c) {
1258        /* Cleanmarker currently occupies whole programming regions,
1259         * either one or 2 for 8Byte STMicro flashes. */
1260        c->cleanmarker_size = max(16u, c->mtd->writesize);
1261
1262        /* Initialize write buffer */
1263        init_rwsem(&c->wbuf_sem);
1264        c->wbuf_pagesize = c->mtd->writesize;
1265        c->wbuf_ofs = 0xFFFFFFFF;
1266
1267        c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1268        if (!c->wbuf)
1269                return -ENOMEM;
1270
1271        return 0;
1272}
1273
1274void jffs2_nor_wbuf_flash_cleanup(struct jffs2_sb_info *c) {
1275        kfree(c->wbuf);
1276}
1277
1278int jffs2_ubivol_setup(struct jffs2_sb_info *c) {
1279        c->cleanmarker_size = 0;
1280
1281        if (c->mtd->writesize == 1)
1282                /* We do not need write-buffer */
1283                return 0;
1284
1285        init_rwsem(&c->wbuf_sem);
1286
1287        c->wbuf_pagesize =  c->mtd->writesize;
1288        c->wbuf_ofs = 0xFFFFFFFF;
1289        c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1290        if (!c->wbuf)
1291                return -ENOMEM;
1292
1293        printk(KERN_INFO "JFFS2 write-buffering enabled buffer (%d) erasesize (%d)\n", c->wbuf_pagesize, c->sector_size);
1294
1295        return 0;
1296}
1297
1298void jffs2_ubivol_cleanup(struct jffs2_sb_info *c) {
1299        kfree(c->wbuf);
1300}