Loading...
1/*
2 * JFFS2 -- Journalling Flash File System, Version 2.
3 *
4 * Copyright © 2001-2007 Red Hat, Inc.
5 * Copyright © 2004 Thomas Gleixner <tglx@linutronix.de>
6 *
7 * Created by David Woodhouse <dwmw2@infradead.org>
8 * Modified debugged and enhanced by Thomas Gleixner <tglx@linutronix.de>
9 *
10 * For licensing information, see the file 'LICENCE' in this directory.
11 *
12 */
13
14#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15
16#include <linux/kernel.h>
17#include <linux/slab.h>
18#include <linux/mtd/mtd.h>
19#include <linux/crc32.h>
20#include <linux/mtd/rawnand.h>
21#include <linux/jiffies.h>
22#include <linux/sched.h>
23#include <linux/writeback.h>
24
25#include "nodelist.h"
26
27/* For testing write failures */
28#undef BREAKME
29#undef BREAKMEHEADER
30
31#ifdef BREAKME
32static unsigned char *brokenbuf;
33#endif
34
35#define PAGE_DIV(x) ( ((unsigned long)(x) / (unsigned long)(c->wbuf_pagesize)) * (unsigned long)(c->wbuf_pagesize) )
36#define PAGE_MOD(x) ( (unsigned long)(x) % (unsigned long)(c->wbuf_pagesize) )
37
38/* max. erase failures before we mark a block bad */
39#define MAX_ERASE_FAILURES 2
40
41struct jffs2_inodirty {
42 uint32_t ino;
43 struct jffs2_inodirty *next;
44};
45
46static struct jffs2_inodirty inodirty_nomem;
47
48static int jffs2_wbuf_pending_for_ino(struct jffs2_sb_info *c, uint32_t ino)
49{
50 struct jffs2_inodirty *this = c->wbuf_inodes;
51
52 /* If a malloc failed, consider _everything_ dirty */
53 if (this == &inodirty_nomem)
54 return 1;
55
56 /* If ino == 0, _any_ non-GC writes mean 'yes' */
57 if (this && !ino)
58 return 1;
59
60 /* Look to see if the inode in question is pending in the wbuf */
61 while (this) {
62 if (this->ino == ino)
63 return 1;
64 this = this->next;
65 }
66 return 0;
67}
68
69static void jffs2_clear_wbuf_ino_list(struct jffs2_sb_info *c)
70{
71 struct jffs2_inodirty *this;
72
73 this = c->wbuf_inodes;
74
75 if (this != &inodirty_nomem) {
76 while (this) {
77 struct jffs2_inodirty *next = this->next;
78 kfree(this);
79 this = next;
80 }
81 }
82 c->wbuf_inodes = NULL;
83}
84
85static void jffs2_wbuf_dirties_inode(struct jffs2_sb_info *c, uint32_t ino)
86{
87 struct jffs2_inodirty *new;
88
89 /* Schedule delayed write-buffer write-out */
90 jffs2_dirty_trigger(c);
91
92 if (jffs2_wbuf_pending_for_ino(c, ino))
93 return;
94
95 new = kmalloc(sizeof(*new), GFP_KERNEL);
96 if (!new) {
97 jffs2_dbg(1, "No memory to allocate inodirty. Fallback to all considered dirty\n");
98 jffs2_clear_wbuf_ino_list(c);
99 c->wbuf_inodes = &inodirty_nomem;
100 return;
101 }
102 new->ino = ino;
103 new->next = c->wbuf_inodes;
104 c->wbuf_inodes = new;
105 return;
106}
107
108static inline void jffs2_refile_wbuf_blocks(struct jffs2_sb_info *c)
109{
110 struct list_head *this, *next;
111 static int n;
112
113 if (list_empty(&c->erasable_pending_wbuf_list))
114 return;
115
116 list_for_each_safe(this, next, &c->erasable_pending_wbuf_list) {
117 struct jffs2_eraseblock *jeb = list_entry(this, struct jffs2_eraseblock, list);
118
119 jffs2_dbg(1, "Removing eraseblock at 0x%08x from erasable_pending_wbuf_list...\n",
120 jeb->offset);
121 list_del(this);
122 if ((jiffies + (n++)) & 127) {
123 /* Most of the time, we just erase it immediately. Otherwise we
124 spend ages scanning it on mount, etc. */
125 jffs2_dbg(1, "...and adding to erase_pending_list\n");
126 list_add_tail(&jeb->list, &c->erase_pending_list);
127 c->nr_erasing_blocks++;
128 jffs2_garbage_collect_trigger(c);
129 } else {
130 /* Sometimes, however, we leave it elsewhere so it doesn't get
131 immediately reused, and we spread the load a bit. */
132 jffs2_dbg(1, "...and adding to erasable_list\n");
133 list_add_tail(&jeb->list, &c->erasable_list);
134 }
135 }
136}
137
138#define REFILE_NOTEMPTY 0
139#define REFILE_ANYWAY 1
140
141static void jffs2_block_refile(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, int allow_empty)
142{
143 jffs2_dbg(1, "About to refile bad block at %08x\n", jeb->offset);
144
145 /* File the existing block on the bad_used_list.... */
146 if (c->nextblock == jeb)
147 c->nextblock = NULL;
148 else /* Not sure this should ever happen... need more coffee */
149 list_del(&jeb->list);
150 if (jeb->first_node) {
151 jffs2_dbg(1, "Refiling block at %08x to bad_used_list\n",
152 jeb->offset);
153 list_add(&jeb->list, &c->bad_used_list);
154 } else {
155 BUG_ON(allow_empty == REFILE_NOTEMPTY);
156 /* It has to have had some nodes or we couldn't be here */
157 jffs2_dbg(1, "Refiling block at %08x to erase_pending_list\n",
158 jeb->offset);
159 list_add(&jeb->list, &c->erase_pending_list);
160 c->nr_erasing_blocks++;
161 jffs2_garbage_collect_trigger(c);
162 }
163
164 if (!jffs2_prealloc_raw_node_refs(c, jeb, 1)) {
165 uint32_t oldfree = jeb->free_size;
166
167 jffs2_link_node_ref(c, jeb,
168 (jeb->offset+c->sector_size-oldfree) | REF_OBSOLETE,
169 oldfree, NULL);
170 /* convert to wasted */
171 c->wasted_size += oldfree;
172 jeb->wasted_size += oldfree;
173 c->dirty_size -= oldfree;
174 jeb->dirty_size -= oldfree;
175 }
176
177 jffs2_dbg_dump_block_lists_nolock(c);
178 jffs2_dbg_acct_sanity_check_nolock(c,jeb);
179 jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
180}
181
182static struct jffs2_raw_node_ref **jffs2_incore_replace_raw(struct jffs2_sb_info *c,
183 struct jffs2_inode_info *f,
184 struct jffs2_raw_node_ref *raw,
185 union jffs2_node_union *node)
186{
187 struct jffs2_node_frag *frag;
188 struct jffs2_full_dirent *fd;
189
190 dbg_noderef("incore_replace_raw: node at %p is {%04x,%04x}\n",
191 node, je16_to_cpu(node->u.magic), je16_to_cpu(node->u.nodetype));
192
193 BUG_ON(je16_to_cpu(node->u.magic) != 0x1985 &&
194 je16_to_cpu(node->u.magic) != 0);
195
196 switch (je16_to_cpu(node->u.nodetype)) {
197 case JFFS2_NODETYPE_INODE:
198 if (f->metadata && f->metadata->raw == raw) {
199 dbg_noderef("Will replace ->raw in f->metadata at %p\n", f->metadata);
200 return &f->metadata->raw;
201 }
202 frag = jffs2_lookup_node_frag(&f->fragtree, je32_to_cpu(node->i.offset));
203 BUG_ON(!frag);
204 /* Find a frag which refers to the full_dnode we want to modify */
205 while (!frag->node || frag->node->raw != raw) {
206 frag = frag_next(frag);
207 BUG_ON(!frag);
208 }
209 dbg_noderef("Will replace ->raw in full_dnode at %p\n", frag->node);
210 return &frag->node->raw;
211
212 case JFFS2_NODETYPE_DIRENT:
213 for (fd = f->dents; fd; fd = fd->next) {
214 if (fd->raw == raw) {
215 dbg_noderef("Will replace ->raw in full_dirent at %p\n", fd);
216 return &fd->raw;
217 }
218 }
219 BUG();
220
221 default:
222 dbg_noderef("Don't care about replacing raw for nodetype %x\n",
223 je16_to_cpu(node->u.nodetype));
224 break;
225 }
226 return NULL;
227}
228
229#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
230static int jffs2_verify_write(struct jffs2_sb_info *c, unsigned char *buf,
231 uint32_t ofs)
232{
233 int ret;
234 size_t retlen;
235 char *eccstr;
236
237 ret = mtd_read(c->mtd, ofs, c->wbuf_pagesize, &retlen, c->wbuf_verify);
238 if (ret && ret != -EUCLEAN && ret != -EBADMSG) {
239 pr_warn("%s(): Read back of page at %08x failed: %d\n",
240 __func__, c->wbuf_ofs, ret);
241 return ret;
242 } else if (retlen != c->wbuf_pagesize) {
243 pr_warn("%s(): Read back of page at %08x gave short read: %zd not %d\n",
244 __func__, ofs, retlen, c->wbuf_pagesize);
245 return -EIO;
246 }
247 if (!memcmp(buf, c->wbuf_verify, c->wbuf_pagesize))
248 return 0;
249
250 if (ret == -EUCLEAN)
251 eccstr = "corrected";
252 else if (ret == -EBADMSG)
253 eccstr = "correction failed";
254 else
255 eccstr = "OK or unused";
256
257 pr_warn("Write verify error (ECC %s) at %08x. Wrote:\n",
258 eccstr, c->wbuf_ofs);
259 print_hex_dump(KERN_WARNING, "", DUMP_PREFIX_OFFSET, 16, 1,
260 c->wbuf, c->wbuf_pagesize, 0);
261
262 pr_warn("Read back:\n");
263 print_hex_dump(KERN_WARNING, "", DUMP_PREFIX_OFFSET, 16, 1,
264 c->wbuf_verify, c->wbuf_pagesize, 0);
265
266 return -EIO;
267}
268#else
269#define jffs2_verify_write(c,b,o) (0)
270#endif
271
272/* Recover from failure to write wbuf. Recover the nodes up to the
273 * wbuf, not the one which we were starting to try to write. */
274
275static void jffs2_wbuf_recover(struct jffs2_sb_info *c)
276{
277 struct jffs2_eraseblock *jeb, *new_jeb;
278 struct jffs2_raw_node_ref *raw, *next, *first_raw = NULL;
279 size_t retlen;
280 int ret;
281 int nr_refile = 0;
282 unsigned char *buf;
283 uint32_t start, end, ofs, len;
284
285 jeb = &c->blocks[c->wbuf_ofs / c->sector_size];
286
287 spin_lock(&c->erase_completion_lock);
288 if (c->wbuf_ofs % c->mtd->erasesize)
289 jffs2_block_refile(c, jeb, REFILE_NOTEMPTY);
290 else
291 jffs2_block_refile(c, jeb, REFILE_ANYWAY);
292 spin_unlock(&c->erase_completion_lock);
293
294 BUG_ON(!ref_obsolete(jeb->last_node));
295
296 /* Find the first node to be recovered, by skipping over every
297 node which ends before the wbuf starts, or which is obsolete. */
298 for (next = raw = jeb->first_node; next; raw = next) {
299 next = ref_next(raw);
300
301 if (ref_obsolete(raw) ||
302 (next && ref_offset(next) <= c->wbuf_ofs)) {
303 dbg_noderef("Skipping node at 0x%08x(%d)-0x%08x which is either before 0x%08x or obsolete\n",
304 ref_offset(raw), ref_flags(raw),
305 (ref_offset(raw) + ref_totlen(c, jeb, raw)),
306 c->wbuf_ofs);
307 continue;
308 }
309 dbg_noderef("First node to be recovered is at 0x%08x(%d)-0x%08x\n",
310 ref_offset(raw), ref_flags(raw),
311 (ref_offset(raw) + ref_totlen(c, jeb, raw)));
312
313 first_raw = raw;
314 break;
315 }
316
317 if (!first_raw) {
318 /* All nodes were obsolete. Nothing to recover. */
319 jffs2_dbg(1, "No non-obsolete nodes to be recovered. Just filing block bad\n");
320 c->wbuf_len = 0;
321 return;
322 }
323
324 start = ref_offset(first_raw);
325 end = ref_offset(jeb->last_node);
326 nr_refile = 1;
327
328 /* Count the number of refs which need to be copied */
329 while ((raw = ref_next(raw)) != jeb->last_node)
330 nr_refile++;
331
332 dbg_noderef("wbuf recover %08x-%08x (%d bytes in %d nodes)\n",
333 start, end, end - start, nr_refile);
334
335 buf = NULL;
336 if (start < c->wbuf_ofs) {
337 /* First affected node was already partially written.
338 * Attempt to reread the old data into our buffer. */
339
340 buf = kmalloc(end - start, GFP_KERNEL);
341 if (!buf) {
342 pr_crit("Malloc failure in wbuf recovery. Data loss ensues.\n");
343
344 goto read_failed;
345 }
346
347 /* Do the read... */
348 ret = mtd_read(c->mtd, start, c->wbuf_ofs - start, &retlen,
349 buf);
350
351 /* ECC recovered ? */
352 if ((ret == -EUCLEAN || ret == -EBADMSG) &&
353 (retlen == c->wbuf_ofs - start))
354 ret = 0;
355
356 if (ret || retlen != c->wbuf_ofs - start) {
357 pr_crit("Old data are already lost in wbuf recovery. Data loss ensues.\n");
358
359 kfree(buf);
360 buf = NULL;
361 read_failed:
362 first_raw = ref_next(first_raw);
363 nr_refile--;
364 while (first_raw && ref_obsolete(first_raw)) {
365 first_raw = ref_next(first_raw);
366 nr_refile--;
367 }
368
369 /* If this was the only node to be recovered, give up */
370 if (!first_raw) {
371 c->wbuf_len = 0;
372 return;
373 }
374
375 /* It wasn't. Go on and try to recover nodes complete in the wbuf */
376 start = ref_offset(first_raw);
377 dbg_noderef("wbuf now recover %08x-%08x (%d bytes in %d nodes)\n",
378 start, end, end - start, nr_refile);
379
380 } else {
381 /* Read succeeded. Copy the remaining data from the wbuf */
382 memcpy(buf + (c->wbuf_ofs - start), c->wbuf, end - c->wbuf_ofs);
383 }
384 }
385 /* OK... we're to rewrite (end-start) bytes of data from first_raw onwards.
386 Either 'buf' contains the data, or we find it in the wbuf */
387
388 /* ... and get an allocation of space from a shiny new block instead */
389 ret = jffs2_reserve_space_gc(c, end-start, &len, JFFS2_SUMMARY_NOSUM_SIZE);
390 if (ret) {
391 pr_warn("Failed to allocate space for wbuf recovery. Data loss ensues.\n");
392 kfree(buf);
393 return;
394 }
395
396 /* The summary is not recovered, so it must be disabled for this erase block */
397 jffs2_sum_disable_collecting(c->summary);
398
399 ret = jffs2_prealloc_raw_node_refs(c, c->nextblock, nr_refile);
400 if (ret) {
401 pr_warn("Failed to allocate node refs for wbuf recovery. Data loss ensues.\n");
402 kfree(buf);
403 return;
404 }
405
406 ofs = write_ofs(c);
407
408 if (end-start >= c->wbuf_pagesize) {
409 /* Need to do another write immediately, but it's possible
410 that this is just because the wbuf itself is completely
411 full, and there's nothing earlier read back from the
412 flash. Hence 'buf' isn't necessarily what we're writing
413 from. */
414 unsigned char *rewrite_buf = buf?:c->wbuf;
415 uint32_t towrite = (end-start) - ((end-start)%c->wbuf_pagesize);
416
417 jffs2_dbg(1, "Write 0x%x bytes at 0x%08x in wbuf recover\n",
418 towrite, ofs);
419
420#ifdef BREAKMEHEADER
421 static int breakme;
422 if (breakme++ == 20) {
423 pr_notice("Faking write error at 0x%08x\n", ofs);
424 breakme = 0;
425 mtd_write(c->mtd, ofs, towrite, &retlen, brokenbuf);
426 ret = -EIO;
427 } else
428#endif
429 ret = mtd_write(c->mtd, ofs, towrite, &retlen,
430 rewrite_buf);
431
432 if (ret || retlen != towrite || jffs2_verify_write(c, rewrite_buf, ofs)) {
433 /* Argh. We tried. Really we did. */
434 pr_crit("Recovery of wbuf failed due to a second write error\n");
435 kfree(buf);
436
437 if (retlen)
438 jffs2_add_physical_node_ref(c, ofs | REF_OBSOLETE, ref_totlen(c, jeb, first_raw), NULL);
439
440 return;
441 }
442 pr_notice("Recovery of wbuf succeeded to %08x\n", ofs);
443
444 c->wbuf_len = (end - start) - towrite;
445 c->wbuf_ofs = ofs + towrite;
446 memmove(c->wbuf, rewrite_buf + towrite, c->wbuf_len);
447 /* Don't muck about with c->wbuf_inodes. False positives are harmless. */
448 } else {
449 /* OK, now we're left with the dregs in whichever buffer we're using */
450 if (buf) {
451 memcpy(c->wbuf, buf, end-start);
452 } else {
453 memmove(c->wbuf, c->wbuf + (start - c->wbuf_ofs), end - start);
454 }
455 c->wbuf_ofs = ofs;
456 c->wbuf_len = end - start;
457 }
458
459 /* Now sort out the jffs2_raw_node_refs, moving them from the old to the next block */
460 new_jeb = &c->blocks[ofs / c->sector_size];
461
462 spin_lock(&c->erase_completion_lock);
463 for (raw = first_raw; raw != jeb->last_node; raw = ref_next(raw)) {
464 uint32_t rawlen = ref_totlen(c, jeb, raw);
465 struct jffs2_inode_cache *ic;
466 struct jffs2_raw_node_ref *new_ref;
467 struct jffs2_raw_node_ref **adjust_ref = NULL;
468 struct jffs2_inode_info *f = NULL;
469
470 jffs2_dbg(1, "Refiling block of %08x at %08x(%d) to %08x\n",
471 rawlen, ref_offset(raw), ref_flags(raw), ofs);
472
473 ic = jffs2_raw_ref_to_ic(raw);
474
475 /* Ick. This XATTR mess should be fixed shortly... */
476 if (ic && ic->class == RAWNODE_CLASS_XATTR_DATUM) {
477 struct jffs2_xattr_datum *xd = (void *)ic;
478 BUG_ON(xd->node != raw);
479 adjust_ref = &xd->node;
480 raw->next_in_ino = NULL;
481 ic = NULL;
482 } else if (ic && ic->class == RAWNODE_CLASS_XATTR_REF) {
483 struct jffs2_xattr_datum *xr = (void *)ic;
484 BUG_ON(xr->node != raw);
485 adjust_ref = &xr->node;
486 raw->next_in_ino = NULL;
487 ic = NULL;
488 } else if (ic && ic->class == RAWNODE_CLASS_INODE_CACHE) {
489 struct jffs2_raw_node_ref **p = &ic->nodes;
490
491 /* Remove the old node from the per-inode list */
492 while (*p && *p != (void *)ic) {
493 if (*p == raw) {
494 (*p) = (raw->next_in_ino);
495 raw->next_in_ino = NULL;
496 break;
497 }
498 p = &((*p)->next_in_ino);
499 }
500
501 if (ic->state == INO_STATE_PRESENT && !ref_obsolete(raw)) {
502 /* If it's an in-core inode, then we have to adjust any
503 full_dirent or full_dnode structure to point to the
504 new version instead of the old */
505 f = jffs2_gc_fetch_inode(c, ic->ino, !ic->pino_nlink);
506 if (IS_ERR(f)) {
507 /* Should never happen; it _must_ be present */
508 JFFS2_ERROR("Failed to iget() ino #%u, err %ld\n",
509 ic->ino, PTR_ERR(f));
510 BUG();
511 }
512 /* We don't lock f->sem. There's a number of ways we could
513 end up in here with it already being locked, and nobody's
514 going to modify it on us anyway because we hold the
515 alloc_sem. We're only changing one ->raw pointer too,
516 which we can get away with without upsetting readers. */
517 adjust_ref = jffs2_incore_replace_raw(c, f, raw,
518 (void *)(buf?:c->wbuf) + (ref_offset(raw) - start));
519 } else if (unlikely(ic->state != INO_STATE_PRESENT &&
520 ic->state != INO_STATE_CHECKEDABSENT &&
521 ic->state != INO_STATE_GC)) {
522 JFFS2_ERROR("Inode #%u is in strange state %d!\n", ic->ino, ic->state);
523 BUG();
524 }
525 }
526
527 new_ref = jffs2_link_node_ref(c, new_jeb, ofs | ref_flags(raw), rawlen, ic);
528
529 if (adjust_ref) {
530 BUG_ON(*adjust_ref != raw);
531 *adjust_ref = new_ref;
532 }
533 if (f)
534 jffs2_gc_release_inode(c, f);
535
536 if (!ref_obsolete(raw)) {
537 jeb->dirty_size += rawlen;
538 jeb->used_size -= rawlen;
539 c->dirty_size += rawlen;
540 c->used_size -= rawlen;
541 raw->flash_offset = ref_offset(raw) | REF_OBSOLETE;
542 BUG_ON(raw->next_in_ino);
543 }
544 ofs += rawlen;
545 }
546
547 kfree(buf);
548
549 /* Fix up the original jeb now it's on the bad_list */
550 if (first_raw == jeb->first_node) {
551 jffs2_dbg(1, "Failing block at %08x is now empty. Moving to erase_pending_list\n",
552 jeb->offset);
553 list_move(&jeb->list, &c->erase_pending_list);
554 c->nr_erasing_blocks++;
555 jffs2_garbage_collect_trigger(c);
556 }
557
558 jffs2_dbg_acct_sanity_check_nolock(c, jeb);
559 jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
560
561 jffs2_dbg_acct_sanity_check_nolock(c, new_jeb);
562 jffs2_dbg_acct_paranoia_check_nolock(c, new_jeb);
563
564 spin_unlock(&c->erase_completion_lock);
565
566 jffs2_dbg(1, "wbuf recovery completed OK. wbuf_ofs 0x%08x, len 0x%x\n",
567 c->wbuf_ofs, c->wbuf_len);
568
569}
570
571/* Meaning of pad argument:
572 0: Do not pad. Probably pointless - we only ever use this when we can't pad anyway.
573 1: Pad, do not adjust nextblock free_size
574 2: Pad, adjust nextblock free_size
575*/
576#define NOPAD 0
577#define PAD_NOACCOUNT 1
578#define PAD_ACCOUNTING 2
579
580static int __jffs2_flush_wbuf(struct jffs2_sb_info *c, int pad)
581{
582 struct jffs2_eraseblock *wbuf_jeb;
583 int ret;
584 size_t retlen;
585
586 /* Nothing to do if not write-buffering the flash. In particular, we shouldn't
587 del_timer() the timer we never initialised. */
588 if (!jffs2_is_writebuffered(c))
589 return 0;
590
591 if (!mutex_is_locked(&c->alloc_sem)) {
592 pr_crit("jffs2_flush_wbuf() called with alloc_sem not locked!\n");
593 BUG();
594 }
595
596 if (!c->wbuf_len) /* already checked c->wbuf above */
597 return 0;
598
599 wbuf_jeb = &c->blocks[c->wbuf_ofs / c->sector_size];
600 if (jffs2_prealloc_raw_node_refs(c, wbuf_jeb, c->nextblock->allocated_refs + 1))
601 return -ENOMEM;
602
603 /* claim remaining space on the page
604 this happens, if we have a change to a new block,
605 or if fsync forces us to flush the writebuffer.
606 if we have a switch to next page, we will not have
607 enough remaining space for this.
608 */
609 if (pad ) {
610 c->wbuf_len = PAD(c->wbuf_len);
611
612 /* Pad with JFFS2_DIRTY_BITMASK initially. this helps out ECC'd NOR
613 with 8 byte page size */
614 memset(c->wbuf + c->wbuf_len, 0, c->wbuf_pagesize - c->wbuf_len);
615
616 if ( c->wbuf_len + sizeof(struct jffs2_unknown_node) < c->wbuf_pagesize) {
617 struct jffs2_unknown_node *padnode = (void *)(c->wbuf + c->wbuf_len);
618 padnode->magic = cpu_to_je16(JFFS2_MAGIC_BITMASK);
619 padnode->nodetype = cpu_to_je16(JFFS2_NODETYPE_PADDING);
620 padnode->totlen = cpu_to_je32(c->wbuf_pagesize - c->wbuf_len);
621 padnode->hdr_crc = cpu_to_je32(crc32(0, padnode, sizeof(*padnode)-4));
622 }
623 }
624 /* else jffs2_flash_writev has actually filled in the rest of the
625 buffer for us, and will deal with the node refs etc. later. */
626
627#ifdef BREAKME
628 static int breakme;
629 if (breakme++ == 20) {
630 pr_notice("Faking write error at 0x%08x\n", c->wbuf_ofs);
631 breakme = 0;
632 mtd_write(c->mtd, c->wbuf_ofs, c->wbuf_pagesize, &retlen,
633 brokenbuf);
634 ret = -EIO;
635 } else
636#endif
637
638 ret = mtd_write(c->mtd, c->wbuf_ofs, c->wbuf_pagesize,
639 &retlen, c->wbuf);
640
641 if (ret) {
642 pr_warn("jffs2_flush_wbuf(): Write failed with %d\n", ret);
643 goto wfail;
644 } else if (retlen != c->wbuf_pagesize) {
645 pr_warn("jffs2_flush_wbuf(): Write was short: %zd instead of %d\n",
646 retlen, c->wbuf_pagesize);
647 ret = -EIO;
648 goto wfail;
649 } else if ((ret = jffs2_verify_write(c, c->wbuf, c->wbuf_ofs))) {
650 wfail:
651 jffs2_wbuf_recover(c);
652
653 return ret;
654 }
655
656 /* Adjust free size of the block if we padded. */
657 if (pad) {
658 uint32_t waste = c->wbuf_pagesize - c->wbuf_len;
659
660 jffs2_dbg(1, "jffs2_flush_wbuf() adjusting free_size of %sblock at %08x\n",
661 (wbuf_jeb == c->nextblock) ? "next" : "",
662 wbuf_jeb->offset);
663
664 /* wbuf_pagesize - wbuf_len is the amount of space that's to be
665 padded. If there is less free space in the block than that,
666 something screwed up */
667 if (wbuf_jeb->free_size < waste) {
668 pr_crit("jffs2_flush_wbuf(): Accounting error. wbuf at 0x%08x has 0x%03x bytes, 0x%03x left.\n",
669 c->wbuf_ofs, c->wbuf_len, waste);
670 pr_crit("jffs2_flush_wbuf(): But free_size for block at 0x%08x is only 0x%08x\n",
671 wbuf_jeb->offset, wbuf_jeb->free_size);
672 BUG();
673 }
674
675 spin_lock(&c->erase_completion_lock);
676
677 jffs2_link_node_ref(c, wbuf_jeb, (c->wbuf_ofs + c->wbuf_len) | REF_OBSOLETE, waste, NULL);
678 /* FIXME: that made it count as dirty. Convert to wasted */
679 wbuf_jeb->dirty_size -= waste;
680 c->dirty_size -= waste;
681 wbuf_jeb->wasted_size += waste;
682 c->wasted_size += waste;
683 } else
684 spin_lock(&c->erase_completion_lock);
685
686 /* Stick any now-obsoleted blocks on the erase_pending_list */
687 jffs2_refile_wbuf_blocks(c);
688 jffs2_clear_wbuf_ino_list(c);
689 spin_unlock(&c->erase_completion_lock);
690
691 memset(c->wbuf,0xff,c->wbuf_pagesize);
692 /* adjust write buffer offset, else we get a non contiguous write bug */
693 c->wbuf_ofs += c->wbuf_pagesize;
694 c->wbuf_len = 0;
695 return 0;
696}
697
698/* Trigger garbage collection to flush the write-buffer.
699 If ino arg is zero, do it if _any_ real (i.e. not GC) writes are
700 outstanding. If ino arg non-zero, do it only if a write for the
701 given inode is outstanding. */
702int jffs2_flush_wbuf_gc(struct jffs2_sb_info *c, uint32_t ino)
703{
704 uint32_t old_wbuf_ofs;
705 uint32_t old_wbuf_len;
706 int ret = 0;
707
708 jffs2_dbg(1, "jffs2_flush_wbuf_gc() called for ino #%u...\n", ino);
709
710 if (!c->wbuf)
711 return 0;
712
713 mutex_lock(&c->alloc_sem);
714 if (!jffs2_wbuf_pending_for_ino(c, ino)) {
715 jffs2_dbg(1, "Ino #%d not pending in wbuf. Returning\n", ino);
716 mutex_unlock(&c->alloc_sem);
717 return 0;
718 }
719
720 old_wbuf_ofs = c->wbuf_ofs;
721 old_wbuf_len = c->wbuf_len;
722
723 if (c->unchecked_size) {
724 /* GC won't make any progress for a while */
725 jffs2_dbg(1, "%s(): padding. Not finished checking\n",
726 __func__);
727 down_write(&c->wbuf_sem);
728 ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
729 /* retry flushing wbuf in case jffs2_wbuf_recover
730 left some data in the wbuf */
731 if (ret)
732 ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
733 up_write(&c->wbuf_sem);
734 } else while (old_wbuf_len &&
735 old_wbuf_ofs == c->wbuf_ofs) {
736
737 mutex_unlock(&c->alloc_sem);
738
739 jffs2_dbg(1, "%s(): calls gc pass\n", __func__);
740
741 ret = jffs2_garbage_collect_pass(c);
742 if (ret) {
743 /* GC failed. Flush it with padding instead */
744 mutex_lock(&c->alloc_sem);
745 down_write(&c->wbuf_sem);
746 ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
747 /* retry flushing wbuf in case jffs2_wbuf_recover
748 left some data in the wbuf */
749 if (ret)
750 ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
751 up_write(&c->wbuf_sem);
752 break;
753 }
754 mutex_lock(&c->alloc_sem);
755 }
756
757 jffs2_dbg(1, "%s(): ends...\n", __func__);
758
759 mutex_unlock(&c->alloc_sem);
760 return ret;
761}
762
763/* Pad write-buffer to end and write it, wasting space. */
764int jffs2_flush_wbuf_pad(struct jffs2_sb_info *c)
765{
766 int ret;
767
768 if (!c->wbuf)
769 return 0;
770
771 down_write(&c->wbuf_sem);
772 ret = __jffs2_flush_wbuf(c, PAD_NOACCOUNT);
773 /* retry - maybe wbuf recover left some data in wbuf. */
774 if (ret)
775 ret = __jffs2_flush_wbuf(c, PAD_NOACCOUNT);
776 up_write(&c->wbuf_sem);
777
778 return ret;
779}
780
781static size_t jffs2_fill_wbuf(struct jffs2_sb_info *c, const uint8_t *buf,
782 size_t len)
783{
784 if (len && !c->wbuf_len && (len >= c->wbuf_pagesize))
785 return 0;
786
787 if (len > (c->wbuf_pagesize - c->wbuf_len))
788 len = c->wbuf_pagesize - c->wbuf_len;
789 memcpy(c->wbuf + c->wbuf_len, buf, len);
790 c->wbuf_len += (uint32_t) len;
791 return len;
792}
793
794int jffs2_flash_writev(struct jffs2_sb_info *c, const struct kvec *invecs,
795 unsigned long count, loff_t to, size_t *retlen,
796 uint32_t ino)
797{
798 struct jffs2_eraseblock *jeb;
799 size_t wbuf_retlen, donelen = 0;
800 uint32_t outvec_to = to;
801 int ret, invec;
802
803 /* If not writebuffered flash, don't bother */
804 if (!jffs2_is_writebuffered(c))
805 return jffs2_flash_direct_writev(c, invecs, count, to, retlen);
806
807 down_write(&c->wbuf_sem);
808
809 /* If wbuf_ofs is not initialized, set it to target address */
810 if (c->wbuf_ofs == 0xFFFFFFFF) {
811 c->wbuf_ofs = PAGE_DIV(to);
812 c->wbuf_len = PAGE_MOD(to);
813 memset(c->wbuf,0xff,c->wbuf_pagesize);
814 }
815
816 /*
817 * Sanity checks on target address. It's permitted to write
818 * at PAD(c->wbuf_len+c->wbuf_ofs), and it's permitted to
819 * write at the beginning of a new erase block. Anything else,
820 * and you die. New block starts at xxx000c (0-b = block
821 * header)
822 */
823 if (SECTOR_ADDR(to) != SECTOR_ADDR(c->wbuf_ofs)) {
824 /* It's a write to a new block */
825 if (c->wbuf_len) {
826 jffs2_dbg(1, "%s(): to 0x%lx causes flush of wbuf at 0x%08x\n",
827 __func__, (unsigned long)to, c->wbuf_ofs);
828 ret = __jffs2_flush_wbuf(c, PAD_NOACCOUNT);
829 if (ret)
830 goto outerr;
831 }
832 /* set pointer to new block */
833 c->wbuf_ofs = PAGE_DIV(to);
834 c->wbuf_len = PAGE_MOD(to);
835 }
836
837 if (to != PAD(c->wbuf_ofs + c->wbuf_len)) {
838 /* We're not writing immediately after the writebuffer. Bad. */
839 pr_crit("%s(): Non-contiguous write to %08lx\n",
840 __func__, (unsigned long)to);
841 if (c->wbuf_len)
842 pr_crit("wbuf was previously %08x-%08x\n",
843 c->wbuf_ofs, c->wbuf_ofs + c->wbuf_len);
844 BUG();
845 }
846
847 /* adjust alignment offset */
848 if (c->wbuf_len != PAGE_MOD(to)) {
849 c->wbuf_len = PAGE_MOD(to);
850 /* take care of alignment to next page */
851 if (!c->wbuf_len) {
852 c->wbuf_len = c->wbuf_pagesize;
853 ret = __jffs2_flush_wbuf(c, NOPAD);
854 if (ret)
855 goto outerr;
856 }
857 }
858
859 for (invec = 0; invec < count; invec++) {
860 int vlen = invecs[invec].iov_len;
861 uint8_t *v = invecs[invec].iov_base;
862
863 wbuf_retlen = jffs2_fill_wbuf(c, v, vlen);
864
865 if (c->wbuf_len == c->wbuf_pagesize) {
866 ret = __jffs2_flush_wbuf(c, NOPAD);
867 if (ret)
868 goto outerr;
869 }
870 vlen -= wbuf_retlen;
871 outvec_to += wbuf_retlen;
872 donelen += wbuf_retlen;
873 v += wbuf_retlen;
874
875 if (vlen >= c->wbuf_pagesize) {
876 ret = mtd_write(c->mtd, outvec_to, PAGE_DIV(vlen),
877 &wbuf_retlen, v);
878 if (ret < 0 || wbuf_retlen != PAGE_DIV(vlen))
879 goto outfile;
880
881 vlen -= wbuf_retlen;
882 outvec_to += wbuf_retlen;
883 c->wbuf_ofs = outvec_to;
884 donelen += wbuf_retlen;
885 v += wbuf_retlen;
886 }
887
888 wbuf_retlen = jffs2_fill_wbuf(c, v, vlen);
889 if (c->wbuf_len == c->wbuf_pagesize) {
890 ret = __jffs2_flush_wbuf(c, NOPAD);
891 if (ret)
892 goto outerr;
893 }
894
895 outvec_to += wbuf_retlen;
896 donelen += wbuf_retlen;
897 }
898
899 /*
900 * If there's a remainder in the wbuf and it's a non-GC write,
901 * remember that the wbuf affects this ino
902 */
903 *retlen = donelen;
904
905 if (jffs2_sum_active()) {
906 int res = jffs2_sum_add_kvec(c, invecs, count, (uint32_t) to);
907 if (res)
908 return res;
909 }
910
911 if (c->wbuf_len && ino)
912 jffs2_wbuf_dirties_inode(c, ino);
913
914 ret = 0;
915 up_write(&c->wbuf_sem);
916 return ret;
917
918outfile:
919 /*
920 * At this point we have no problem, c->wbuf is empty. However
921 * refile nextblock to avoid writing again to same address.
922 */
923
924 spin_lock(&c->erase_completion_lock);
925
926 jeb = &c->blocks[outvec_to / c->sector_size];
927 jffs2_block_refile(c, jeb, REFILE_ANYWAY);
928
929 spin_unlock(&c->erase_completion_lock);
930
931outerr:
932 *retlen = 0;
933 up_write(&c->wbuf_sem);
934 return ret;
935}
936
937/*
938 * This is the entry for flash write.
939 * Check, if we work on NAND FLASH, if so build an kvec and write it via vritev
940*/
941int jffs2_flash_write(struct jffs2_sb_info *c, loff_t ofs, size_t len,
942 size_t *retlen, const u_char *buf)
943{
944 struct kvec vecs[1];
945
946 if (!jffs2_is_writebuffered(c))
947 return jffs2_flash_direct_write(c, ofs, len, retlen, buf);
948
949 vecs[0].iov_base = (unsigned char *) buf;
950 vecs[0].iov_len = len;
951 return jffs2_flash_writev(c, vecs, 1, ofs, retlen, 0);
952}
953
954/*
955 Handle readback from writebuffer and ECC failure return
956*/
957int jffs2_flash_read(struct jffs2_sb_info *c, loff_t ofs, size_t len, size_t *retlen, u_char *buf)
958{
959 loff_t orbf = 0, owbf = 0, lwbf = 0;
960 int ret;
961
962 if (!jffs2_is_writebuffered(c))
963 return mtd_read(c->mtd, ofs, len, retlen, buf);
964
965 /* Read flash */
966 down_read(&c->wbuf_sem);
967 ret = mtd_read(c->mtd, ofs, len, retlen, buf);
968
969 if ( (ret == -EBADMSG || ret == -EUCLEAN) && (*retlen == len) ) {
970 if (ret == -EBADMSG)
971 pr_warn("mtd->read(0x%zx bytes from 0x%llx) returned ECC error\n",
972 len, ofs);
973 /*
974 * We have the raw data without ECC correction in the buffer,
975 * maybe we are lucky and all data or parts are correct. We
976 * check the node. If data are corrupted node check will sort
977 * it out. We keep this block, it will fail on write or erase
978 * and the we mark it bad. Or should we do that now? But we
979 * should give him a chance. Maybe we had a system crash or
980 * power loss before the ecc write or a erase was completed.
981 * So we return success. :)
982 */
983 ret = 0;
984 }
985
986 /* if no writebuffer available or write buffer empty, return */
987 if (!c->wbuf_pagesize || !c->wbuf_len)
988 goto exit;
989
990 /* if we read in a different block, return */
991 if (SECTOR_ADDR(ofs) != SECTOR_ADDR(c->wbuf_ofs))
992 goto exit;
993
994 if (ofs >= c->wbuf_ofs) {
995 owbf = (ofs - c->wbuf_ofs); /* offset in write buffer */
996 if (owbf > c->wbuf_len) /* is read beyond write buffer ? */
997 goto exit;
998 lwbf = c->wbuf_len - owbf; /* number of bytes to copy */
999 if (lwbf > len)
1000 lwbf = len;
1001 } else {
1002 orbf = (c->wbuf_ofs - ofs); /* offset in read buffer */
1003 if (orbf > len) /* is write beyond write buffer ? */
1004 goto exit;
1005 lwbf = len - orbf; /* number of bytes to copy */
1006 if (lwbf > c->wbuf_len)
1007 lwbf = c->wbuf_len;
1008 }
1009 if (lwbf > 0)
1010 memcpy(buf+orbf,c->wbuf+owbf,lwbf);
1011
1012exit:
1013 up_read(&c->wbuf_sem);
1014 return ret;
1015}
1016
1017#define NR_OOB_SCAN_PAGES 4
1018
1019/* For historical reasons we use only 8 bytes for OOB clean marker */
1020#define OOB_CM_SIZE 8
1021
1022static const struct jffs2_unknown_node oob_cleanmarker =
1023{
1024 .magic = constant_cpu_to_je16(JFFS2_MAGIC_BITMASK),
1025 .nodetype = constant_cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER),
1026 .totlen = constant_cpu_to_je32(8)
1027};
1028
1029/*
1030 * Check, if the out of band area is empty. This function knows about the clean
1031 * marker and if it is present in OOB, treats the OOB as empty anyway.
1032 */
1033int jffs2_check_oob_empty(struct jffs2_sb_info *c,
1034 struct jffs2_eraseblock *jeb, int mode)
1035{
1036 int i, ret;
1037 int cmlen = min_t(int, c->oobavail, OOB_CM_SIZE);
1038 struct mtd_oob_ops ops;
1039
1040 ops.mode = MTD_OPS_AUTO_OOB;
1041 ops.ooblen = NR_OOB_SCAN_PAGES * c->oobavail;
1042 ops.oobbuf = c->oobbuf;
1043 ops.len = ops.ooboffs = ops.retlen = ops.oobretlen = 0;
1044 ops.datbuf = NULL;
1045
1046 ret = mtd_read_oob(c->mtd, jeb->offset, &ops);
1047 if ((ret && !mtd_is_bitflip(ret)) || ops.oobretlen != ops.ooblen) {
1048 pr_err("cannot read OOB for EB at %08x, requested %zd bytes, read %zd bytes, error %d\n",
1049 jeb->offset, ops.ooblen, ops.oobretlen, ret);
1050 if (!ret || mtd_is_bitflip(ret))
1051 ret = -EIO;
1052 return ret;
1053 }
1054
1055 for(i = 0; i < ops.ooblen; i++) {
1056 if (mode && i < cmlen)
1057 /* Yeah, we know about the cleanmarker */
1058 continue;
1059
1060 if (ops.oobbuf[i] != 0xFF) {
1061 jffs2_dbg(2, "Found %02x at %x in OOB for "
1062 "%08x\n", ops.oobbuf[i], i, jeb->offset);
1063 return 1;
1064 }
1065 }
1066
1067 return 0;
1068}
1069
1070/*
1071 * Check for a valid cleanmarker.
1072 * Returns: 0 if a valid cleanmarker was found
1073 * 1 if no cleanmarker was found
1074 * negative error code if an error occurred
1075 */
1076int jffs2_check_nand_cleanmarker(struct jffs2_sb_info *c,
1077 struct jffs2_eraseblock *jeb)
1078{
1079 struct mtd_oob_ops ops;
1080 int ret, cmlen = min_t(int, c->oobavail, OOB_CM_SIZE);
1081
1082 ops.mode = MTD_OPS_AUTO_OOB;
1083 ops.ooblen = cmlen;
1084 ops.oobbuf = c->oobbuf;
1085 ops.len = ops.ooboffs = ops.retlen = ops.oobretlen = 0;
1086 ops.datbuf = NULL;
1087
1088 ret = mtd_read_oob(c->mtd, jeb->offset, &ops);
1089 if ((ret && !mtd_is_bitflip(ret)) || ops.oobretlen != ops.ooblen) {
1090 pr_err("cannot read OOB for EB at %08x, requested %zd bytes, read %zd bytes, error %d\n",
1091 jeb->offset, ops.ooblen, ops.oobretlen, ret);
1092 if (!ret || mtd_is_bitflip(ret))
1093 ret = -EIO;
1094 return ret;
1095 }
1096
1097 return !!memcmp(&oob_cleanmarker, c->oobbuf, cmlen);
1098}
1099
1100int jffs2_write_nand_cleanmarker(struct jffs2_sb_info *c,
1101 struct jffs2_eraseblock *jeb)
1102{
1103 int ret;
1104 struct mtd_oob_ops ops;
1105 int cmlen = min_t(int, c->oobavail, OOB_CM_SIZE);
1106
1107 ops.mode = MTD_OPS_AUTO_OOB;
1108 ops.ooblen = cmlen;
1109 ops.oobbuf = (uint8_t *)&oob_cleanmarker;
1110 ops.len = ops.ooboffs = ops.retlen = ops.oobretlen = 0;
1111 ops.datbuf = NULL;
1112
1113 ret = mtd_write_oob(c->mtd, jeb->offset, &ops);
1114 if (ret || ops.oobretlen != ops.ooblen) {
1115 pr_err("cannot write OOB for EB at %08x, requested %zd bytes, read %zd bytes, error %d\n",
1116 jeb->offset, ops.ooblen, ops.oobretlen, ret);
1117 if (!ret)
1118 ret = -EIO;
1119 return ret;
1120 }
1121
1122 return 0;
1123}
1124
1125/*
1126 * On NAND we try to mark this block bad. If the block was erased more
1127 * than MAX_ERASE_FAILURES we mark it finally bad.
1128 * Don't care about failures. This block remains on the erase-pending
1129 * or badblock list as long as nobody manipulates the flash with
1130 * a bootloader or something like that.
1131 */
1132
1133int jffs2_write_nand_badblock(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, uint32_t bad_offset)
1134{
1135 int ret;
1136
1137 /* if the count is < max, we try to write the counter to the 2nd page oob area */
1138 if( ++jeb->bad_count < MAX_ERASE_FAILURES)
1139 return 0;
1140
1141 pr_warn("marking eraseblock at %08x as bad\n", bad_offset);
1142 ret = mtd_block_markbad(c->mtd, bad_offset);
1143
1144 if (ret) {
1145 jffs2_dbg(1, "%s(): Write failed for block at %08x: error %d\n",
1146 __func__, jeb->offset, ret);
1147 return ret;
1148 }
1149 return 1;
1150}
1151
1152static struct jffs2_sb_info *work_to_sb(struct work_struct *work)
1153{
1154 struct delayed_work *dwork;
1155
1156 dwork = to_delayed_work(work);
1157 return container_of(dwork, struct jffs2_sb_info, wbuf_dwork);
1158}
1159
1160static void delayed_wbuf_sync(struct work_struct *work)
1161{
1162 struct jffs2_sb_info *c = work_to_sb(work);
1163 struct super_block *sb = OFNI_BS_2SFFJ(c);
1164
1165 if (!sb_rdonly(sb)) {
1166 jffs2_dbg(1, "%s()\n", __func__);
1167 jffs2_flush_wbuf_gc(c, 0);
1168 }
1169}
1170
1171void jffs2_dirty_trigger(struct jffs2_sb_info *c)
1172{
1173 struct super_block *sb = OFNI_BS_2SFFJ(c);
1174 unsigned long delay;
1175
1176 if (sb_rdonly(sb))
1177 return;
1178
1179 delay = msecs_to_jiffies(dirty_writeback_interval * 10);
1180 if (queue_delayed_work(system_long_wq, &c->wbuf_dwork, delay))
1181 jffs2_dbg(1, "%s()\n", __func__);
1182}
1183
1184int jffs2_nand_flash_setup(struct jffs2_sb_info *c)
1185{
1186 if (!c->mtd->oobsize)
1187 return 0;
1188
1189 /* Cleanmarker is out-of-band, so inline size zero */
1190 c->cleanmarker_size = 0;
1191
1192 if (c->mtd->oobavail == 0) {
1193 pr_err("inconsistent device description\n");
1194 return -EINVAL;
1195 }
1196
1197 jffs2_dbg(1, "using OOB on NAND\n");
1198
1199 c->oobavail = c->mtd->oobavail;
1200
1201 /* Initialise write buffer */
1202 init_rwsem(&c->wbuf_sem);
1203 INIT_DELAYED_WORK(&c->wbuf_dwork, delayed_wbuf_sync);
1204 c->wbuf_pagesize = c->mtd->writesize;
1205 c->wbuf_ofs = 0xFFFFFFFF;
1206
1207 c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1208 if (!c->wbuf)
1209 return -ENOMEM;
1210
1211 c->oobbuf = kmalloc_array(NR_OOB_SCAN_PAGES, c->oobavail, GFP_KERNEL);
1212 if (!c->oobbuf) {
1213 kfree(c->wbuf);
1214 return -ENOMEM;
1215 }
1216
1217#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1218 c->wbuf_verify = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1219 if (!c->wbuf_verify) {
1220 kfree(c->oobbuf);
1221 kfree(c->wbuf);
1222 return -ENOMEM;
1223 }
1224#endif
1225 return 0;
1226}
1227
1228void jffs2_nand_flash_cleanup(struct jffs2_sb_info *c)
1229{
1230#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1231 kfree(c->wbuf_verify);
1232#endif
1233 kfree(c->wbuf);
1234 kfree(c->oobbuf);
1235}
1236
1237int jffs2_dataflash_setup(struct jffs2_sb_info *c) {
1238 c->cleanmarker_size = 0; /* No cleanmarkers needed */
1239
1240 /* Initialize write buffer */
1241 init_rwsem(&c->wbuf_sem);
1242 INIT_DELAYED_WORK(&c->wbuf_dwork, delayed_wbuf_sync);
1243 c->wbuf_pagesize = c->mtd->erasesize;
1244
1245 /* Find a suitable c->sector_size
1246 * - Not too much sectors
1247 * - Sectors have to be at least 4 K + some bytes
1248 * - All known dataflashes have erase sizes of 528 or 1056
1249 * - we take at least 8 eraseblocks and want to have at least 8K size
1250 * - The concatenation should be a power of 2
1251 */
1252
1253 c->sector_size = 8 * c->mtd->erasesize;
1254
1255 while (c->sector_size < 8192) {
1256 c->sector_size *= 2;
1257 }
1258
1259 /* It may be necessary to adjust the flash size */
1260 c->flash_size = c->mtd->size;
1261
1262 if ((c->flash_size % c->sector_size) != 0) {
1263 c->flash_size = (c->flash_size / c->sector_size) * c->sector_size;
1264 pr_warn("flash size adjusted to %dKiB\n", c->flash_size);
1265 }
1266
1267 c->wbuf_ofs = 0xFFFFFFFF;
1268 c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1269 if (!c->wbuf)
1270 return -ENOMEM;
1271
1272#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1273 c->wbuf_verify = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1274 if (!c->wbuf_verify) {
1275 kfree(c->wbuf);
1276 return -ENOMEM;
1277 }
1278#endif
1279
1280 pr_info("write-buffering enabled buffer (%d) erasesize (%d)\n",
1281 c->wbuf_pagesize, c->sector_size);
1282
1283 return 0;
1284}
1285
1286void jffs2_dataflash_cleanup(struct jffs2_sb_info *c) {
1287#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1288 kfree(c->wbuf_verify);
1289#endif
1290 kfree(c->wbuf);
1291}
1292
1293int jffs2_nor_wbuf_flash_setup(struct jffs2_sb_info *c) {
1294 /* Cleanmarker currently occupies whole programming regions,
1295 * either one or 2 for 8Byte STMicro flashes. */
1296 c->cleanmarker_size = max(16u, c->mtd->writesize);
1297
1298 /* Initialize write buffer */
1299 init_rwsem(&c->wbuf_sem);
1300 INIT_DELAYED_WORK(&c->wbuf_dwork, delayed_wbuf_sync);
1301
1302 c->wbuf_pagesize = c->mtd->writesize;
1303 c->wbuf_ofs = 0xFFFFFFFF;
1304
1305 c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1306 if (!c->wbuf)
1307 return -ENOMEM;
1308
1309#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1310 c->wbuf_verify = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1311 if (!c->wbuf_verify) {
1312 kfree(c->wbuf);
1313 return -ENOMEM;
1314 }
1315#endif
1316 return 0;
1317}
1318
1319void jffs2_nor_wbuf_flash_cleanup(struct jffs2_sb_info *c) {
1320#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1321 kfree(c->wbuf_verify);
1322#endif
1323 kfree(c->wbuf);
1324}
1325
1326int jffs2_ubivol_setup(struct jffs2_sb_info *c) {
1327 c->cleanmarker_size = 0;
1328
1329 if (c->mtd->writesize == 1)
1330 /* We do not need write-buffer */
1331 return 0;
1332
1333 init_rwsem(&c->wbuf_sem);
1334 INIT_DELAYED_WORK(&c->wbuf_dwork, delayed_wbuf_sync);
1335
1336 c->wbuf_pagesize = c->mtd->writesize;
1337 c->wbuf_ofs = 0xFFFFFFFF;
1338 c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1339 if (!c->wbuf)
1340 return -ENOMEM;
1341
1342 pr_info("write-buffering enabled buffer (%d) erasesize (%d)\n",
1343 c->wbuf_pagesize, c->sector_size);
1344
1345 return 0;
1346}
1347
1348void jffs2_ubivol_cleanup(struct jffs2_sb_info *c) {
1349 kfree(c->wbuf);
1350}
1/*
2 * JFFS2 -- Journalling Flash File System, Version 2.
3 *
4 * Copyright © 2001-2007 Red Hat, Inc.
5 * Copyright © 2004 Thomas Gleixner <tglx@linutronix.de>
6 *
7 * Created by David Woodhouse <dwmw2@infradead.org>
8 * Modified debugged and enhanced by Thomas Gleixner <tglx@linutronix.de>
9 *
10 * For licensing information, see the file 'LICENCE' in this directory.
11 *
12 */
13
14#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15
16#include <linux/kernel.h>
17#include <linux/slab.h>
18#include <linux/mtd/mtd.h>
19#include <linux/crc32.h>
20#include <linux/mtd/nand.h>
21#include <linux/jiffies.h>
22#include <linux/sched.h>
23#include <linux/writeback.h>
24
25#include "nodelist.h"
26
27/* For testing write failures */
28#undef BREAKME
29#undef BREAKMEHEADER
30
31#ifdef BREAKME
32static unsigned char *brokenbuf;
33#endif
34
35#define PAGE_DIV(x) ( ((unsigned long)(x) / (unsigned long)(c->wbuf_pagesize)) * (unsigned long)(c->wbuf_pagesize) )
36#define PAGE_MOD(x) ( (unsigned long)(x) % (unsigned long)(c->wbuf_pagesize) )
37
38/* max. erase failures before we mark a block bad */
39#define MAX_ERASE_FAILURES 2
40
41struct jffs2_inodirty {
42 uint32_t ino;
43 struct jffs2_inodirty *next;
44};
45
46static struct jffs2_inodirty inodirty_nomem;
47
48static int jffs2_wbuf_pending_for_ino(struct jffs2_sb_info *c, uint32_t ino)
49{
50 struct jffs2_inodirty *this = c->wbuf_inodes;
51
52 /* If a malloc failed, consider _everything_ dirty */
53 if (this == &inodirty_nomem)
54 return 1;
55
56 /* If ino == 0, _any_ non-GC writes mean 'yes' */
57 if (this && !ino)
58 return 1;
59
60 /* Look to see if the inode in question is pending in the wbuf */
61 while (this) {
62 if (this->ino == ino)
63 return 1;
64 this = this->next;
65 }
66 return 0;
67}
68
69static void jffs2_clear_wbuf_ino_list(struct jffs2_sb_info *c)
70{
71 struct jffs2_inodirty *this;
72
73 this = c->wbuf_inodes;
74
75 if (this != &inodirty_nomem) {
76 while (this) {
77 struct jffs2_inodirty *next = this->next;
78 kfree(this);
79 this = next;
80 }
81 }
82 c->wbuf_inodes = NULL;
83}
84
85static void jffs2_wbuf_dirties_inode(struct jffs2_sb_info *c, uint32_t ino)
86{
87 struct jffs2_inodirty *new;
88
89 /* Schedule delayed write-buffer write-out */
90 jffs2_dirty_trigger(c);
91
92 if (jffs2_wbuf_pending_for_ino(c, ino))
93 return;
94
95 new = kmalloc(sizeof(*new), GFP_KERNEL);
96 if (!new) {
97 jffs2_dbg(1, "No memory to allocate inodirty. Fallback to all considered dirty\n");
98 jffs2_clear_wbuf_ino_list(c);
99 c->wbuf_inodes = &inodirty_nomem;
100 return;
101 }
102 new->ino = ino;
103 new->next = c->wbuf_inodes;
104 c->wbuf_inodes = new;
105 return;
106}
107
108static inline void jffs2_refile_wbuf_blocks(struct jffs2_sb_info *c)
109{
110 struct list_head *this, *next;
111 static int n;
112
113 if (list_empty(&c->erasable_pending_wbuf_list))
114 return;
115
116 list_for_each_safe(this, next, &c->erasable_pending_wbuf_list) {
117 struct jffs2_eraseblock *jeb = list_entry(this, struct jffs2_eraseblock, list);
118
119 jffs2_dbg(1, "Removing eraseblock at 0x%08x from erasable_pending_wbuf_list...\n",
120 jeb->offset);
121 list_del(this);
122 if ((jiffies + (n++)) & 127) {
123 /* Most of the time, we just erase it immediately. Otherwise we
124 spend ages scanning it on mount, etc. */
125 jffs2_dbg(1, "...and adding to erase_pending_list\n");
126 list_add_tail(&jeb->list, &c->erase_pending_list);
127 c->nr_erasing_blocks++;
128 jffs2_garbage_collect_trigger(c);
129 } else {
130 /* Sometimes, however, we leave it elsewhere so it doesn't get
131 immediately reused, and we spread the load a bit. */
132 jffs2_dbg(1, "...and adding to erasable_list\n");
133 list_add_tail(&jeb->list, &c->erasable_list);
134 }
135 }
136}
137
138#define REFILE_NOTEMPTY 0
139#define REFILE_ANYWAY 1
140
141static void jffs2_block_refile(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, int allow_empty)
142{
143 jffs2_dbg(1, "About to refile bad block at %08x\n", jeb->offset);
144
145 /* File the existing block on the bad_used_list.... */
146 if (c->nextblock == jeb)
147 c->nextblock = NULL;
148 else /* Not sure this should ever happen... need more coffee */
149 list_del(&jeb->list);
150 if (jeb->first_node) {
151 jffs2_dbg(1, "Refiling block at %08x to bad_used_list\n",
152 jeb->offset);
153 list_add(&jeb->list, &c->bad_used_list);
154 } else {
155 BUG_ON(allow_empty == REFILE_NOTEMPTY);
156 /* It has to have had some nodes or we couldn't be here */
157 jffs2_dbg(1, "Refiling block at %08x to erase_pending_list\n",
158 jeb->offset);
159 list_add(&jeb->list, &c->erase_pending_list);
160 c->nr_erasing_blocks++;
161 jffs2_garbage_collect_trigger(c);
162 }
163
164 if (!jffs2_prealloc_raw_node_refs(c, jeb, 1)) {
165 uint32_t oldfree = jeb->free_size;
166
167 jffs2_link_node_ref(c, jeb,
168 (jeb->offset+c->sector_size-oldfree) | REF_OBSOLETE,
169 oldfree, NULL);
170 /* convert to wasted */
171 c->wasted_size += oldfree;
172 jeb->wasted_size += oldfree;
173 c->dirty_size -= oldfree;
174 jeb->dirty_size -= oldfree;
175 }
176
177 jffs2_dbg_dump_block_lists_nolock(c);
178 jffs2_dbg_acct_sanity_check_nolock(c,jeb);
179 jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
180}
181
182static struct jffs2_raw_node_ref **jffs2_incore_replace_raw(struct jffs2_sb_info *c,
183 struct jffs2_inode_info *f,
184 struct jffs2_raw_node_ref *raw,
185 union jffs2_node_union *node)
186{
187 struct jffs2_node_frag *frag;
188 struct jffs2_full_dirent *fd;
189
190 dbg_noderef("incore_replace_raw: node at %p is {%04x,%04x}\n",
191 node, je16_to_cpu(node->u.magic), je16_to_cpu(node->u.nodetype));
192
193 BUG_ON(je16_to_cpu(node->u.magic) != 0x1985 &&
194 je16_to_cpu(node->u.magic) != 0);
195
196 switch (je16_to_cpu(node->u.nodetype)) {
197 case JFFS2_NODETYPE_INODE:
198 if (f->metadata && f->metadata->raw == raw) {
199 dbg_noderef("Will replace ->raw in f->metadata at %p\n", f->metadata);
200 return &f->metadata->raw;
201 }
202 frag = jffs2_lookup_node_frag(&f->fragtree, je32_to_cpu(node->i.offset));
203 BUG_ON(!frag);
204 /* Find a frag which refers to the full_dnode we want to modify */
205 while (!frag->node || frag->node->raw != raw) {
206 frag = frag_next(frag);
207 BUG_ON(!frag);
208 }
209 dbg_noderef("Will replace ->raw in full_dnode at %p\n", frag->node);
210 return &frag->node->raw;
211
212 case JFFS2_NODETYPE_DIRENT:
213 for (fd = f->dents; fd; fd = fd->next) {
214 if (fd->raw == raw) {
215 dbg_noderef("Will replace ->raw in full_dirent at %p\n", fd);
216 return &fd->raw;
217 }
218 }
219 BUG();
220
221 default:
222 dbg_noderef("Don't care about replacing raw for nodetype %x\n",
223 je16_to_cpu(node->u.nodetype));
224 break;
225 }
226 return NULL;
227}
228
229#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
230static int jffs2_verify_write(struct jffs2_sb_info *c, unsigned char *buf,
231 uint32_t ofs)
232{
233 int ret;
234 size_t retlen;
235 char *eccstr;
236
237 ret = mtd_read(c->mtd, ofs, c->wbuf_pagesize, &retlen, c->wbuf_verify);
238 if (ret && ret != -EUCLEAN && ret != -EBADMSG) {
239 pr_warn("%s(): Read back of page at %08x failed: %d\n",
240 __func__, c->wbuf_ofs, ret);
241 return ret;
242 } else if (retlen != c->wbuf_pagesize) {
243 pr_warn("%s(): Read back of page at %08x gave short read: %zd not %d\n",
244 __func__, ofs, retlen, c->wbuf_pagesize);
245 return -EIO;
246 }
247 if (!memcmp(buf, c->wbuf_verify, c->wbuf_pagesize))
248 return 0;
249
250 if (ret == -EUCLEAN)
251 eccstr = "corrected";
252 else if (ret == -EBADMSG)
253 eccstr = "correction failed";
254 else
255 eccstr = "OK or unused";
256
257 pr_warn("Write verify error (ECC %s) at %08x. Wrote:\n",
258 eccstr, c->wbuf_ofs);
259 print_hex_dump(KERN_WARNING, "", DUMP_PREFIX_OFFSET, 16, 1,
260 c->wbuf, c->wbuf_pagesize, 0);
261
262 pr_warn("Read back:\n");
263 print_hex_dump(KERN_WARNING, "", DUMP_PREFIX_OFFSET, 16, 1,
264 c->wbuf_verify, c->wbuf_pagesize, 0);
265
266 return -EIO;
267}
268#else
269#define jffs2_verify_write(c,b,o) (0)
270#endif
271
272/* Recover from failure to write wbuf. Recover the nodes up to the
273 * wbuf, not the one which we were starting to try to write. */
274
275static void jffs2_wbuf_recover(struct jffs2_sb_info *c)
276{
277 struct jffs2_eraseblock *jeb, *new_jeb;
278 struct jffs2_raw_node_ref *raw, *next, *first_raw = NULL;
279 size_t retlen;
280 int ret;
281 int nr_refile = 0;
282 unsigned char *buf;
283 uint32_t start, end, ofs, len;
284
285 jeb = &c->blocks[c->wbuf_ofs / c->sector_size];
286
287 spin_lock(&c->erase_completion_lock);
288 if (c->wbuf_ofs % c->mtd->erasesize)
289 jffs2_block_refile(c, jeb, REFILE_NOTEMPTY);
290 else
291 jffs2_block_refile(c, jeb, REFILE_ANYWAY);
292 spin_unlock(&c->erase_completion_lock);
293
294 BUG_ON(!ref_obsolete(jeb->last_node));
295
296 /* Find the first node to be recovered, by skipping over every
297 node which ends before the wbuf starts, or which is obsolete. */
298 for (next = raw = jeb->first_node; next; raw = next) {
299 next = ref_next(raw);
300
301 if (ref_obsolete(raw) ||
302 (next && ref_offset(next) <= c->wbuf_ofs)) {
303 dbg_noderef("Skipping node at 0x%08x(%d)-0x%08x which is either before 0x%08x or obsolete\n",
304 ref_offset(raw), ref_flags(raw),
305 (ref_offset(raw) + ref_totlen(c, jeb, raw)),
306 c->wbuf_ofs);
307 continue;
308 }
309 dbg_noderef("First node to be recovered is at 0x%08x(%d)-0x%08x\n",
310 ref_offset(raw), ref_flags(raw),
311 (ref_offset(raw) + ref_totlen(c, jeb, raw)));
312
313 first_raw = raw;
314 break;
315 }
316
317 if (!first_raw) {
318 /* All nodes were obsolete. Nothing to recover. */
319 jffs2_dbg(1, "No non-obsolete nodes to be recovered. Just filing block bad\n");
320 c->wbuf_len = 0;
321 return;
322 }
323
324 start = ref_offset(first_raw);
325 end = ref_offset(jeb->last_node);
326 nr_refile = 1;
327
328 /* Count the number of refs which need to be copied */
329 while ((raw = ref_next(raw)) != jeb->last_node)
330 nr_refile++;
331
332 dbg_noderef("wbuf recover %08x-%08x (%d bytes in %d nodes)\n",
333 start, end, end - start, nr_refile);
334
335 buf = NULL;
336 if (start < c->wbuf_ofs) {
337 /* First affected node was already partially written.
338 * Attempt to reread the old data into our buffer. */
339
340 buf = kmalloc(end - start, GFP_KERNEL);
341 if (!buf) {
342 pr_crit("Malloc failure in wbuf recovery. Data loss ensues.\n");
343
344 goto read_failed;
345 }
346
347 /* Do the read... */
348 ret = mtd_read(c->mtd, start, c->wbuf_ofs - start, &retlen,
349 buf);
350
351 /* ECC recovered ? */
352 if ((ret == -EUCLEAN || ret == -EBADMSG) &&
353 (retlen == c->wbuf_ofs - start))
354 ret = 0;
355
356 if (ret || retlen != c->wbuf_ofs - start) {
357 pr_crit("Old data are already lost in wbuf recovery. Data loss ensues.\n");
358
359 kfree(buf);
360 buf = NULL;
361 read_failed:
362 first_raw = ref_next(first_raw);
363 nr_refile--;
364 while (first_raw && ref_obsolete(first_raw)) {
365 first_raw = ref_next(first_raw);
366 nr_refile--;
367 }
368
369 /* If this was the only node to be recovered, give up */
370 if (!first_raw) {
371 c->wbuf_len = 0;
372 return;
373 }
374
375 /* It wasn't. Go on and try to recover nodes complete in the wbuf */
376 start = ref_offset(first_raw);
377 dbg_noderef("wbuf now recover %08x-%08x (%d bytes in %d nodes)\n",
378 start, end, end - start, nr_refile);
379
380 } else {
381 /* Read succeeded. Copy the remaining data from the wbuf */
382 memcpy(buf + (c->wbuf_ofs - start), c->wbuf, end - c->wbuf_ofs);
383 }
384 }
385 /* OK... we're to rewrite (end-start) bytes of data from first_raw onwards.
386 Either 'buf' contains the data, or we find it in the wbuf */
387
388 /* ... and get an allocation of space from a shiny new block instead */
389 ret = jffs2_reserve_space_gc(c, end-start, &len, JFFS2_SUMMARY_NOSUM_SIZE);
390 if (ret) {
391 pr_warn("Failed to allocate space for wbuf recovery. Data loss ensues.\n");
392 kfree(buf);
393 return;
394 }
395
396 /* The summary is not recovered, so it must be disabled for this erase block */
397 jffs2_sum_disable_collecting(c->summary);
398
399 ret = jffs2_prealloc_raw_node_refs(c, c->nextblock, nr_refile);
400 if (ret) {
401 pr_warn("Failed to allocate node refs for wbuf recovery. Data loss ensues.\n");
402 kfree(buf);
403 return;
404 }
405
406 ofs = write_ofs(c);
407
408 if (end-start >= c->wbuf_pagesize) {
409 /* Need to do another write immediately, but it's possible
410 that this is just because the wbuf itself is completely
411 full, and there's nothing earlier read back from the
412 flash. Hence 'buf' isn't necessarily what we're writing
413 from. */
414 unsigned char *rewrite_buf = buf?:c->wbuf;
415 uint32_t towrite = (end-start) - ((end-start)%c->wbuf_pagesize);
416
417 jffs2_dbg(1, "Write 0x%x bytes at 0x%08x in wbuf recover\n",
418 towrite, ofs);
419
420#ifdef BREAKMEHEADER
421 static int breakme;
422 if (breakme++ == 20) {
423 pr_notice("Faking write error at 0x%08x\n", ofs);
424 breakme = 0;
425 mtd_write(c->mtd, ofs, towrite, &retlen, brokenbuf);
426 ret = -EIO;
427 } else
428#endif
429 ret = mtd_write(c->mtd, ofs, towrite, &retlen,
430 rewrite_buf);
431
432 if (ret || retlen != towrite || jffs2_verify_write(c, rewrite_buf, ofs)) {
433 /* Argh. We tried. Really we did. */
434 pr_crit("Recovery of wbuf failed due to a second write error\n");
435 kfree(buf);
436
437 if (retlen)
438 jffs2_add_physical_node_ref(c, ofs | REF_OBSOLETE, ref_totlen(c, jeb, first_raw), NULL);
439
440 return;
441 }
442 pr_notice("Recovery of wbuf succeeded to %08x\n", ofs);
443
444 c->wbuf_len = (end - start) - towrite;
445 c->wbuf_ofs = ofs + towrite;
446 memmove(c->wbuf, rewrite_buf + towrite, c->wbuf_len);
447 /* Don't muck about with c->wbuf_inodes. False positives are harmless. */
448 } else {
449 /* OK, now we're left with the dregs in whichever buffer we're using */
450 if (buf) {
451 memcpy(c->wbuf, buf, end-start);
452 } else {
453 memmove(c->wbuf, c->wbuf + (start - c->wbuf_ofs), end - start);
454 }
455 c->wbuf_ofs = ofs;
456 c->wbuf_len = end - start;
457 }
458
459 /* Now sort out the jffs2_raw_node_refs, moving them from the old to the next block */
460 new_jeb = &c->blocks[ofs / c->sector_size];
461
462 spin_lock(&c->erase_completion_lock);
463 for (raw = first_raw; raw != jeb->last_node; raw = ref_next(raw)) {
464 uint32_t rawlen = ref_totlen(c, jeb, raw);
465 struct jffs2_inode_cache *ic;
466 struct jffs2_raw_node_ref *new_ref;
467 struct jffs2_raw_node_ref **adjust_ref = NULL;
468 struct jffs2_inode_info *f = NULL;
469
470 jffs2_dbg(1, "Refiling block of %08x at %08x(%d) to %08x\n",
471 rawlen, ref_offset(raw), ref_flags(raw), ofs);
472
473 ic = jffs2_raw_ref_to_ic(raw);
474
475 /* Ick. This XATTR mess should be fixed shortly... */
476 if (ic && ic->class == RAWNODE_CLASS_XATTR_DATUM) {
477 struct jffs2_xattr_datum *xd = (void *)ic;
478 BUG_ON(xd->node != raw);
479 adjust_ref = &xd->node;
480 raw->next_in_ino = NULL;
481 ic = NULL;
482 } else if (ic && ic->class == RAWNODE_CLASS_XATTR_REF) {
483 struct jffs2_xattr_datum *xr = (void *)ic;
484 BUG_ON(xr->node != raw);
485 adjust_ref = &xr->node;
486 raw->next_in_ino = NULL;
487 ic = NULL;
488 } else if (ic && ic->class == RAWNODE_CLASS_INODE_CACHE) {
489 struct jffs2_raw_node_ref **p = &ic->nodes;
490
491 /* Remove the old node from the per-inode list */
492 while (*p && *p != (void *)ic) {
493 if (*p == raw) {
494 (*p) = (raw->next_in_ino);
495 raw->next_in_ino = NULL;
496 break;
497 }
498 p = &((*p)->next_in_ino);
499 }
500
501 if (ic->state == INO_STATE_PRESENT && !ref_obsolete(raw)) {
502 /* If it's an in-core inode, then we have to adjust any
503 full_dirent or full_dnode structure to point to the
504 new version instead of the old */
505 f = jffs2_gc_fetch_inode(c, ic->ino, !ic->pino_nlink);
506 if (IS_ERR(f)) {
507 /* Should never happen; it _must_ be present */
508 JFFS2_ERROR("Failed to iget() ino #%u, err %ld\n",
509 ic->ino, PTR_ERR(f));
510 BUG();
511 }
512 /* We don't lock f->sem. There's a number of ways we could
513 end up in here with it already being locked, and nobody's
514 going to modify it on us anyway because we hold the
515 alloc_sem. We're only changing one ->raw pointer too,
516 which we can get away with without upsetting readers. */
517 adjust_ref = jffs2_incore_replace_raw(c, f, raw,
518 (void *)(buf?:c->wbuf) + (ref_offset(raw) - start));
519 } else if (unlikely(ic->state != INO_STATE_PRESENT &&
520 ic->state != INO_STATE_CHECKEDABSENT &&
521 ic->state != INO_STATE_GC)) {
522 JFFS2_ERROR("Inode #%u is in strange state %d!\n", ic->ino, ic->state);
523 BUG();
524 }
525 }
526
527 new_ref = jffs2_link_node_ref(c, new_jeb, ofs | ref_flags(raw), rawlen, ic);
528
529 if (adjust_ref) {
530 BUG_ON(*adjust_ref != raw);
531 *adjust_ref = new_ref;
532 }
533 if (f)
534 jffs2_gc_release_inode(c, f);
535
536 if (!ref_obsolete(raw)) {
537 jeb->dirty_size += rawlen;
538 jeb->used_size -= rawlen;
539 c->dirty_size += rawlen;
540 c->used_size -= rawlen;
541 raw->flash_offset = ref_offset(raw) | REF_OBSOLETE;
542 BUG_ON(raw->next_in_ino);
543 }
544 ofs += rawlen;
545 }
546
547 kfree(buf);
548
549 /* Fix up the original jeb now it's on the bad_list */
550 if (first_raw == jeb->first_node) {
551 jffs2_dbg(1, "Failing block at %08x is now empty. Moving to erase_pending_list\n",
552 jeb->offset);
553 list_move(&jeb->list, &c->erase_pending_list);
554 c->nr_erasing_blocks++;
555 jffs2_garbage_collect_trigger(c);
556 }
557
558 jffs2_dbg_acct_sanity_check_nolock(c, jeb);
559 jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
560
561 jffs2_dbg_acct_sanity_check_nolock(c, new_jeb);
562 jffs2_dbg_acct_paranoia_check_nolock(c, new_jeb);
563
564 spin_unlock(&c->erase_completion_lock);
565
566 jffs2_dbg(1, "wbuf recovery completed OK. wbuf_ofs 0x%08x, len 0x%x\n",
567 c->wbuf_ofs, c->wbuf_len);
568
569}
570
571/* Meaning of pad argument:
572 0: Do not pad. Probably pointless - we only ever use this when we can't pad anyway.
573 1: Pad, do not adjust nextblock free_size
574 2: Pad, adjust nextblock free_size
575*/
576#define NOPAD 0
577#define PAD_NOACCOUNT 1
578#define PAD_ACCOUNTING 2
579
580static int __jffs2_flush_wbuf(struct jffs2_sb_info *c, int pad)
581{
582 struct jffs2_eraseblock *wbuf_jeb;
583 int ret;
584 size_t retlen;
585
586 /* Nothing to do if not write-buffering the flash. In particular, we shouldn't
587 del_timer() the timer we never initialised. */
588 if (!jffs2_is_writebuffered(c))
589 return 0;
590
591 if (!mutex_is_locked(&c->alloc_sem)) {
592 pr_crit("jffs2_flush_wbuf() called with alloc_sem not locked!\n");
593 BUG();
594 }
595
596 if (!c->wbuf_len) /* already checked c->wbuf above */
597 return 0;
598
599 wbuf_jeb = &c->blocks[c->wbuf_ofs / c->sector_size];
600 if (jffs2_prealloc_raw_node_refs(c, wbuf_jeb, c->nextblock->allocated_refs + 1))
601 return -ENOMEM;
602
603 /* claim remaining space on the page
604 this happens, if we have a change to a new block,
605 or if fsync forces us to flush the writebuffer.
606 if we have a switch to next page, we will not have
607 enough remaining space for this.
608 */
609 if (pad ) {
610 c->wbuf_len = PAD(c->wbuf_len);
611
612 /* Pad with JFFS2_DIRTY_BITMASK initially. this helps out ECC'd NOR
613 with 8 byte page size */
614 memset(c->wbuf + c->wbuf_len, 0, c->wbuf_pagesize - c->wbuf_len);
615
616 if ( c->wbuf_len + sizeof(struct jffs2_unknown_node) < c->wbuf_pagesize) {
617 struct jffs2_unknown_node *padnode = (void *)(c->wbuf + c->wbuf_len);
618 padnode->magic = cpu_to_je16(JFFS2_MAGIC_BITMASK);
619 padnode->nodetype = cpu_to_je16(JFFS2_NODETYPE_PADDING);
620 padnode->totlen = cpu_to_je32(c->wbuf_pagesize - c->wbuf_len);
621 padnode->hdr_crc = cpu_to_je32(crc32(0, padnode, sizeof(*padnode)-4));
622 }
623 }
624 /* else jffs2_flash_writev has actually filled in the rest of the
625 buffer for us, and will deal with the node refs etc. later. */
626
627#ifdef BREAKME
628 static int breakme;
629 if (breakme++ == 20) {
630 pr_notice("Faking write error at 0x%08x\n", c->wbuf_ofs);
631 breakme = 0;
632 mtd_write(c->mtd, c->wbuf_ofs, c->wbuf_pagesize, &retlen,
633 brokenbuf);
634 ret = -EIO;
635 } else
636#endif
637
638 ret = mtd_write(c->mtd, c->wbuf_ofs, c->wbuf_pagesize,
639 &retlen, c->wbuf);
640
641 if (ret) {
642 pr_warn("jffs2_flush_wbuf(): Write failed with %d\n", ret);
643 goto wfail;
644 } else if (retlen != c->wbuf_pagesize) {
645 pr_warn("jffs2_flush_wbuf(): Write was short: %zd instead of %d\n",
646 retlen, c->wbuf_pagesize);
647 ret = -EIO;
648 goto wfail;
649 } else if ((ret = jffs2_verify_write(c, c->wbuf, c->wbuf_ofs))) {
650 wfail:
651 jffs2_wbuf_recover(c);
652
653 return ret;
654 }
655
656 /* Adjust free size of the block if we padded. */
657 if (pad) {
658 uint32_t waste = c->wbuf_pagesize - c->wbuf_len;
659
660 jffs2_dbg(1, "jffs2_flush_wbuf() adjusting free_size of %sblock at %08x\n",
661 (wbuf_jeb == c->nextblock) ? "next" : "",
662 wbuf_jeb->offset);
663
664 /* wbuf_pagesize - wbuf_len is the amount of space that's to be
665 padded. If there is less free space in the block than that,
666 something screwed up */
667 if (wbuf_jeb->free_size < waste) {
668 pr_crit("jffs2_flush_wbuf(): Accounting error. wbuf at 0x%08x has 0x%03x bytes, 0x%03x left.\n",
669 c->wbuf_ofs, c->wbuf_len, waste);
670 pr_crit("jffs2_flush_wbuf(): But free_size for block at 0x%08x is only 0x%08x\n",
671 wbuf_jeb->offset, wbuf_jeb->free_size);
672 BUG();
673 }
674
675 spin_lock(&c->erase_completion_lock);
676
677 jffs2_link_node_ref(c, wbuf_jeb, (c->wbuf_ofs + c->wbuf_len) | REF_OBSOLETE, waste, NULL);
678 /* FIXME: that made it count as dirty. Convert to wasted */
679 wbuf_jeb->dirty_size -= waste;
680 c->dirty_size -= waste;
681 wbuf_jeb->wasted_size += waste;
682 c->wasted_size += waste;
683 } else
684 spin_lock(&c->erase_completion_lock);
685
686 /* Stick any now-obsoleted blocks on the erase_pending_list */
687 jffs2_refile_wbuf_blocks(c);
688 jffs2_clear_wbuf_ino_list(c);
689 spin_unlock(&c->erase_completion_lock);
690
691 memset(c->wbuf,0xff,c->wbuf_pagesize);
692 /* adjust write buffer offset, else we get a non contiguous write bug */
693 c->wbuf_ofs += c->wbuf_pagesize;
694 c->wbuf_len = 0;
695 return 0;
696}
697
698/* Trigger garbage collection to flush the write-buffer.
699 If ino arg is zero, do it if _any_ real (i.e. not GC) writes are
700 outstanding. If ino arg non-zero, do it only if a write for the
701 given inode is outstanding. */
702int jffs2_flush_wbuf_gc(struct jffs2_sb_info *c, uint32_t ino)
703{
704 uint32_t old_wbuf_ofs;
705 uint32_t old_wbuf_len;
706 int ret = 0;
707
708 jffs2_dbg(1, "jffs2_flush_wbuf_gc() called for ino #%u...\n", ino);
709
710 if (!c->wbuf)
711 return 0;
712
713 mutex_lock(&c->alloc_sem);
714 if (!jffs2_wbuf_pending_for_ino(c, ino)) {
715 jffs2_dbg(1, "Ino #%d not pending in wbuf. Returning\n", ino);
716 mutex_unlock(&c->alloc_sem);
717 return 0;
718 }
719
720 old_wbuf_ofs = c->wbuf_ofs;
721 old_wbuf_len = c->wbuf_len;
722
723 if (c->unchecked_size) {
724 /* GC won't make any progress for a while */
725 jffs2_dbg(1, "%s(): padding. Not finished checking\n",
726 __func__);
727 down_write(&c->wbuf_sem);
728 ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
729 /* retry flushing wbuf in case jffs2_wbuf_recover
730 left some data in the wbuf */
731 if (ret)
732 ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
733 up_write(&c->wbuf_sem);
734 } else while (old_wbuf_len &&
735 old_wbuf_ofs == c->wbuf_ofs) {
736
737 mutex_unlock(&c->alloc_sem);
738
739 jffs2_dbg(1, "%s(): calls gc pass\n", __func__);
740
741 ret = jffs2_garbage_collect_pass(c);
742 if (ret) {
743 /* GC failed. Flush it with padding instead */
744 mutex_lock(&c->alloc_sem);
745 down_write(&c->wbuf_sem);
746 ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
747 /* retry flushing wbuf in case jffs2_wbuf_recover
748 left some data in the wbuf */
749 if (ret)
750 ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
751 up_write(&c->wbuf_sem);
752 break;
753 }
754 mutex_lock(&c->alloc_sem);
755 }
756
757 jffs2_dbg(1, "%s(): ends...\n", __func__);
758
759 mutex_unlock(&c->alloc_sem);
760 return ret;
761}
762
763/* Pad write-buffer to end and write it, wasting space. */
764int jffs2_flush_wbuf_pad(struct jffs2_sb_info *c)
765{
766 int ret;
767
768 if (!c->wbuf)
769 return 0;
770
771 down_write(&c->wbuf_sem);
772 ret = __jffs2_flush_wbuf(c, PAD_NOACCOUNT);
773 /* retry - maybe wbuf recover left some data in wbuf. */
774 if (ret)
775 ret = __jffs2_flush_wbuf(c, PAD_NOACCOUNT);
776 up_write(&c->wbuf_sem);
777
778 return ret;
779}
780
781static size_t jffs2_fill_wbuf(struct jffs2_sb_info *c, const uint8_t *buf,
782 size_t len)
783{
784 if (len && !c->wbuf_len && (len >= c->wbuf_pagesize))
785 return 0;
786
787 if (len > (c->wbuf_pagesize - c->wbuf_len))
788 len = c->wbuf_pagesize - c->wbuf_len;
789 memcpy(c->wbuf + c->wbuf_len, buf, len);
790 c->wbuf_len += (uint32_t) len;
791 return len;
792}
793
794int jffs2_flash_writev(struct jffs2_sb_info *c, const struct kvec *invecs,
795 unsigned long count, loff_t to, size_t *retlen,
796 uint32_t ino)
797{
798 struct jffs2_eraseblock *jeb;
799 size_t wbuf_retlen, donelen = 0;
800 uint32_t outvec_to = to;
801 int ret, invec;
802
803 /* If not writebuffered flash, don't bother */
804 if (!jffs2_is_writebuffered(c))
805 return jffs2_flash_direct_writev(c, invecs, count, to, retlen);
806
807 down_write(&c->wbuf_sem);
808
809 /* If wbuf_ofs is not initialized, set it to target address */
810 if (c->wbuf_ofs == 0xFFFFFFFF) {
811 c->wbuf_ofs = PAGE_DIV(to);
812 c->wbuf_len = PAGE_MOD(to);
813 memset(c->wbuf,0xff,c->wbuf_pagesize);
814 }
815
816 /*
817 * Sanity checks on target address. It's permitted to write
818 * at PAD(c->wbuf_len+c->wbuf_ofs), and it's permitted to
819 * write at the beginning of a new erase block. Anything else,
820 * and you die. New block starts at xxx000c (0-b = block
821 * header)
822 */
823 if (SECTOR_ADDR(to) != SECTOR_ADDR(c->wbuf_ofs)) {
824 /* It's a write to a new block */
825 if (c->wbuf_len) {
826 jffs2_dbg(1, "%s(): to 0x%lx causes flush of wbuf at 0x%08x\n",
827 __func__, (unsigned long)to, c->wbuf_ofs);
828 ret = __jffs2_flush_wbuf(c, PAD_NOACCOUNT);
829 if (ret)
830 goto outerr;
831 }
832 /* set pointer to new block */
833 c->wbuf_ofs = PAGE_DIV(to);
834 c->wbuf_len = PAGE_MOD(to);
835 }
836
837 if (to != PAD(c->wbuf_ofs + c->wbuf_len)) {
838 /* We're not writing immediately after the writebuffer. Bad. */
839 pr_crit("%s(): Non-contiguous write to %08lx\n",
840 __func__, (unsigned long)to);
841 if (c->wbuf_len)
842 pr_crit("wbuf was previously %08x-%08x\n",
843 c->wbuf_ofs, c->wbuf_ofs + c->wbuf_len);
844 BUG();
845 }
846
847 /* adjust alignment offset */
848 if (c->wbuf_len != PAGE_MOD(to)) {
849 c->wbuf_len = PAGE_MOD(to);
850 /* take care of alignment to next page */
851 if (!c->wbuf_len) {
852 c->wbuf_len = c->wbuf_pagesize;
853 ret = __jffs2_flush_wbuf(c, NOPAD);
854 if (ret)
855 goto outerr;
856 }
857 }
858
859 for (invec = 0; invec < count; invec++) {
860 int vlen = invecs[invec].iov_len;
861 uint8_t *v = invecs[invec].iov_base;
862
863 wbuf_retlen = jffs2_fill_wbuf(c, v, vlen);
864
865 if (c->wbuf_len == c->wbuf_pagesize) {
866 ret = __jffs2_flush_wbuf(c, NOPAD);
867 if (ret)
868 goto outerr;
869 }
870 vlen -= wbuf_retlen;
871 outvec_to += wbuf_retlen;
872 donelen += wbuf_retlen;
873 v += wbuf_retlen;
874
875 if (vlen >= c->wbuf_pagesize) {
876 ret = mtd_write(c->mtd, outvec_to, PAGE_DIV(vlen),
877 &wbuf_retlen, v);
878 if (ret < 0 || wbuf_retlen != PAGE_DIV(vlen))
879 goto outfile;
880
881 vlen -= wbuf_retlen;
882 outvec_to += wbuf_retlen;
883 c->wbuf_ofs = outvec_to;
884 donelen += wbuf_retlen;
885 v += wbuf_retlen;
886 }
887
888 wbuf_retlen = jffs2_fill_wbuf(c, v, vlen);
889 if (c->wbuf_len == c->wbuf_pagesize) {
890 ret = __jffs2_flush_wbuf(c, NOPAD);
891 if (ret)
892 goto outerr;
893 }
894
895 outvec_to += wbuf_retlen;
896 donelen += wbuf_retlen;
897 }
898
899 /*
900 * If there's a remainder in the wbuf and it's a non-GC write,
901 * remember that the wbuf affects this ino
902 */
903 *retlen = donelen;
904
905 if (jffs2_sum_active()) {
906 int res = jffs2_sum_add_kvec(c, invecs, count, (uint32_t) to);
907 if (res)
908 return res;
909 }
910
911 if (c->wbuf_len && ino)
912 jffs2_wbuf_dirties_inode(c, ino);
913
914 ret = 0;
915 up_write(&c->wbuf_sem);
916 return ret;
917
918outfile:
919 /*
920 * At this point we have no problem, c->wbuf is empty. However
921 * refile nextblock to avoid writing again to same address.
922 */
923
924 spin_lock(&c->erase_completion_lock);
925
926 jeb = &c->blocks[outvec_to / c->sector_size];
927 jffs2_block_refile(c, jeb, REFILE_ANYWAY);
928
929 spin_unlock(&c->erase_completion_lock);
930
931outerr:
932 *retlen = 0;
933 up_write(&c->wbuf_sem);
934 return ret;
935}
936
937/*
938 * This is the entry for flash write.
939 * Check, if we work on NAND FLASH, if so build an kvec and write it via vritev
940*/
941int jffs2_flash_write(struct jffs2_sb_info *c, loff_t ofs, size_t len,
942 size_t *retlen, const u_char *buf)
943{
944 struct kvec vecs[1];
945
946 if (!jffs2_is_writebuffered(c))
947 return jffs2_flash_direct_write(c, ofs, len, retlen, buf);
948
949 vecs[0].iov_base = (unsigned char *) buf;
950 vecs[0].iov_len = len;
951 return jffs2_flash_writev(c, vecs, 1, ofs, retlen, 0);
952}
953
954/*
955 Handle readback from writebuffer and ECC failure return
956*/
957int jffs2_flash_read(struct jffs2_sb_info *c, loff_t ofs, size_t len, size_t *retlen, u_char *buf)
958{
959 loff_t orbf = 0, owbf = 0, lwbf = 0;
960 int ret;
961
962 if (!jffs2_is_writebuffered(c))
963 return mtd_read(c->mtd, ofs, len, retlen, buf);
964
965 /* Read flash */
966 down_read(&c->wbuf_sem);
967 ret = mtd_read(c->mtd, ofs, len, retlen, buf);
968
969 if ( (ret == -EBADMSG || ret == -EUCLEAN) && (*retlen == len) ) {
970 if (ret == -EBADMSG)
971 pr_warn("mtd->read(0x%zx bytes from 0x%llx) returned ECC error\n",
972 len, ofs);
973 /*
974 * We have the raw data without ECC correction in the buffer,
975 * maybe we are lucky and all data or parts are correct. We
976 * check the node. If data are corrupted node check will sort
977 * it out. We keep this block, it will fail on write or erase
978 * and the we mark it bad. Or should we do that now? But we
979 * should give him a chance. Maybe we had a system crash or
980 * power loss before the ecc write or a erase was completed.
981 * So we return success. :)
982 */
983 ret = 0;
984 }
985
986 /* if no writebuffer available or write buffer empty, return */
987 if (!c->wbuf_pagesize || !c->wbuf_len)
988 goto exit;
989
990 /* if we read in a different block, return */
991 if (SECTOR_ADDR(ofs) != SECTOR_ADDR(c->wbuf_ofs))
992 goto exit;
993
994 if (ofs >= c->wbuf_ofs) {
995 owbf = (ofs - c->wbuf_ofs); /* offset in write buffer */
996 if (owbf > c->wbuf_len) /* is read beyond write buffer ? */
997 goto exit;
998 lwbf = c->wbuf_len - owbf; /* number of bytes to copy */
999 if (lwbf > len)
1000 lwbf = len;
1001 } else {
1002 orbf = (c->wbuf_ofs - ofs); /* offset in read buffer */
1003 if (orbf > len) /* is write beyond write buffer ? */
1004 goto exit;
1005 lwbf = len - orbf; /* number of bytes to copy */
1006 if (lwbf > c->wbuf_len)
1007 lwbf = c->wbuf_len;
1008 }
1009 if (lwbf > 0)
1010 memcpy(buf+orbf,c->wbuf+owbf,lwbf);
1011
1012exit:
1013 up_read(&c->wbuf_sem);
1014 return ret;
1015}
1016
1017#define NR_OOB_SCAN_PAGES 4
1018
1019/* For historical reasons we use only 8 bytes for OOB clean marker */
1020#define OOB_CM_SIZE 8
1021
1022static const struct jffs2_unknown_node oob_cleanmarker =
1023{
1024 .magic = constant_cpu_to_je16(JFFS2_MAGIC_BITMASK),
1025 .nodetype = constant_cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER),
1026 .totlen = constant_cpu_to_je32(8)
1027};
1028
1029/*
1030 * Check, if the out of band area is empty. This function knows about the clean
1031 * marker and if it is present in OOB, treats the OOB as empty anyway.
1032 */
1033int jffs2_check_oob_empty(struct jffs2_sb_info *c,
1034 struct jffs2_eraseblock *jeb, int mode)
1035{
1036 int i, ret;
1037 int cmlen = min_t(int, c->oobavail, OOB_CM_SIZE);
1038 struct mtd_oob_ops ops;
1039
1040 ops.mode = MTD_OPS_AUTO_OOB;
1041 ops.ooblen = NR_OOB_SCAN_PAGES * c->oobavail;
1042 ops.oobbuf = c->oobbuf;
1043 ops.len = ops.ooboffs = ops.retlen = ops.oobretlen = 0;
1044 ops.datbuf = NULL;
1045
1046 ret = mtd_read_oob(c->mtd, jeb->offset, &ops);
1047 if (ret || ops.oobretlen != ops.ooblen) {
1048 pr_err("cannot read OOB for EB at %08x, requested %zd bytes, read %zd bytes, error %d\n",
1049 jeb->offset, ops.ooblen, ops.oobretlen, ret);
1050 if (!ret)
1051 ret = -EIO;
1052 return ret;
1053 }
1054
1055 for(i = 0; i < ops.ooblen; i++) {
1056 if (mode && i < cmlen)
1057 /* Yeah, we know about the cleanmarker */
1058 continue;
1059
1060 if (ops.oobbuf[i] != 0xFF) {
1061 jffs2_dbg(2, "Found %02x at %x in OOB for "
1062 "%08x\n", ops.oobbuf[i], i, jeb->offset);
1063 return 1;
1064 }
1065 }
1066
1067 return 0;
1068}
1069
1070/*
1071 * Check for a valid cleanmarker.
1072 * Returns: 0 if a valid cleanmarker was found
1073 * 1 if no cleanmarker was found
1074 * negative error code if an error occurred
1075 */
1076int jffs2_check_nand_cleanmarker(struct jffs2_sb_info *c,
1077 struct jffs2_eraseblock *jeb)
1078{
1079 struct mtd_oob_ops ops;
1080 int ret, cmlen = min_t(int, c->oobavail, OOB_CM_SIZE);
1081
1082 ops.mode = MTD_OPS_AUTO_OOB;
1083 ops.ooblen = cmlen;
1084 ops.oobbuf = c->oobbuf;
1085 ops.len = ops.ooboffs = ops.retlen = ops.oobretlen = 0;
1086 ops.datbuf = NULL;
1087
1088 ret = mtd_read_oob(c->mtd, jeb->offset, &ops);
1089 if (ret || ops.oobretlen != ops.ooblen) {
1090 pr_err("cannot read OOB for EB at %08x, requested %zd bytes, read %zd bytes, error %d\n",
1091 jeb->offset, ops.ooblen, ops.oobretlen, ret);
1092 if (!ret)
1093 ret = -EIO;
1094 return ret;
1095 }
1096
1097 return !!memcmp(&oob_cleanmarker, c->oobbuf, cmlen);
1098}
1099
1100int jffs2_write_nand_cleanmarker(struct jffs2_sb_info *c,
1101 struct jffs2_eraseblock *jeb)
1102{
1103 int ret;
1104 struct mtd_oob_ops ops;
1105 int cmlen = min_t(int, c->oobavail, OOB_CM_SIZE);
1106
1107 ops.mode = MTD_OPS_AUTO_OOB;
1108 ops.ooblen = cmlen;
1109 ops.oobbuf = (uint8_t *)&oob_cleanmarker;
1110 ops.len = ops.ooboffs = ops.retlen = ops.oobretlen = 0;
1111 ops.datbuf = NULL;
1112
1113 ret = mtd_write_oob(c->mtd, jeb->offset, &ops);
1114 if (ret || ops.oobretlen != ops.ooblen) {
1115 pr_err("cannot write OOB for EB at %08x, requested %zd bytes, read %zd bytes, error %d\n",
1116 jeb->offset, ops.ooblen, ops.oobretlen, ret);
1117 if (!ret)
1118 ret = -EIO;
1119 return ret;
1120 }
1121
1122 return 0;
1123}
1124
1125/*
1126 * On NAND we try to mark this block bad. If the block was erased more
1127 * than MAX_ERASE_FAILURES we mark it finally bad.
1128 * Don't care about failures. This block remains on the erase-pending
1129 * or badblock list as long as nobody manipulates the flash with
1130 * a bootloader or something like that.
1131 */
1132
1133int jffs2_write_nand_badblock(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, uint32_t bad_offset)
1134{
1135 int ret;
1136
1137 /* if the count is < max, we try to write the counter to the 2nd page oob area */
1138 if( ++jeb->bad_count < MAX_ERASE_FAILURES)
1139 return 0;
1140
1141 pr_warn("marking eraseblock at %08x as bad\n", bad_offset);
1142 ret = mtd_block_markbad(c->mtd, bad_offset);
1143
1144 if (ret) {
1145 jffs2_dbg(1, "%s(): Write failed for block at %08x: error %d\n",
1146 __func__, jeb->offset, ret);
1147 return ret;
1148 }
1149 return 1;
1150}
1151
1152static struct jffs2_sb_info *work_to_sb(struct work_struct *work)
1153{
1154 struct delayed_work *dwork;
1155
1156 dwork = container_of(work, struct delayed_work, work);
1157 return container_of(dwork, struct jffs2_sb_info, wbuf_dwork);
1158}
1159
1160static void delayed_wbuf_sync(struct work_struct *work)
1161{
1162 struct jffs2_sb_info *c = work_to_sb(work);
1163 struct super_block *sb = OFNI_BS_2SFFJ(c);
1164
1165 spin_lock(&c->wbuf_dwork_lock);
1166 c->wbuf_queued = 0;
1167 spin_unlock(&c->wbuf_dwork_lock);
1168
1169 if (!(sb->s_flags & MS_RDONLY)) {
1170 jffs2_dbg(1, "%s()\n", __func__);
1171 jffs2_flush_wbuf_gc(c, 0);
1172 }
1173}
1174
1175void jffs2_dirty_trigger(struct jffs2_sb_info *c)
1176{
1177 struct super_block *sb = OFNI_BS_2SFFJ(c);
1178 unsigned long delay;
1179
1180 if (sb->s_flags & MS_RDONLY)
1181 return;
1182
1183 spin_lock(&c->wbuf_dwork_lock);
1184 if (!c->wbuf_queued) {
1185 jffs2_dbg(1, "%s()\n", __func__);
1186 delay = msecs_to_jiffies(dirty_writeback_interval * 10);
1187 queue_delayed_work(system_long_wq, &c->wbuf_dwork, delay);
1188 c->wbuf_queued = 1;
1189 }
1190 spin_unlock(&c->wbuf_dwork_lock);
1191}
1192
1193int jffs2_nand_flash_setup(struct jffs2_sb_info *c)
1194{
1195 struct nand_ecclayout *oinfo = c->mtd->ecclayout;
1196
1197 if (!c->mtd->oobsize)
1198 return 0;
1199
1200 /* Cleanmarker is out-of-band, so inline size zero */
1201 c->cleanmarker_size = 0;
1202
1203 if (!oinfo || oinfo->oobavail == 0) {
1204 pr_err("inconsistent device description\n");
1205 return -EINVAL;
1206 }
1207
1208 jffs2_dbg(1, "using OOB on NAND\n");
1209
1210 c->oobavail = oinfo->oobavail;
1211
1212 /* Initialise write buffer */
1213 init_rwsem(&c->wbuf_sem);
1214 spin_lock_init(&c->wbuf_dwork_lock);
1215 INIT_DELAYED_WORK(&c->wbuf_dwork, delayed_wbuf_sync);
1216 c->wbuf_pagesize = c->mtd->writesize;
1217 c->wbuf_ofs = 0xFFFFFFFF;
1218
1219 c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1220 if (!c->wbuf)
1221 return -ENOMEM;
1222
1223 c->oobbuf = kmalloc(NR_OOB_SCAN_PAGES * c->oobavail, GFP_KERNEL);
1224 if (!c->oobbuf) {
1225 kfree(c->wbuf);
1226 return -ENOMEM;
1227 }
1228
1229#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1230 c->wbuf_verify = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1231 if (!c->wbuf_verify) {
1232 kfree(c->oobbuf);
1233 kfree(c->wbuf);
1234 return -ENOMEM;
1235 }
1236#endif
1237 return 0;
1238}
1239
1240void jffs2_nand_flash_cleanup(struct jffs2_sb_info *c)
1241{
1242#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1243 kfree(c->wbuf_verify);
1244#endif
1245 kfree(c->wbuf);
1246 kfree(c->oobbuf);
1247}
1248
1249int jffs2_dataflash_setup(struct jffs2_sb_info *c) {
1250 c->cleanmarker_size = 0; /* No cleanmarkers needed */
1251
1252 /* Initialize write buffer */
1253 init_rwsem(&c->wbuf_sem);
1254 spin_lock_init(&c->wbuf_dwork_lock);
1255 INIT_DELAYED_WORK(&c->wbuf_dwork, delayed_wbuf_sync);
1256 c->wbuf_pagesize = c->mtd->erasesize;
1257
1258 /* Find a suitable c->sector_size
1259 * - Not too much sectors
1260 * - Sectors have to be at least 4 K + some bytes
1261 * - All known dataflashes have erase sizes of 528 or 1056
1262 * - we take at least 8 eraseblocks and want to have at least 8K size
1263 * - The concatenation should be a power of 2
1264 */
1265
1266 c->sector_size = 8 * c->mtd->erasesize;
1267
1268 while (c->sector_size < 8192) {
1269 c->sector_size *= 2;
1270 }
1271
1272 /* It may be necessary to adjust the flash size */
1273 c->flash_size = c->mtd->size;
1274
1275 if ((c->flash_size % c->sector_size) != 0) {
1276 c->flash_size = (c->flash_size / c->sector_size) * c->sector_size;
1277 pr_warn("flash size adjusted to %dKiB\n", c->flash_size);
1278 };
1279
1280 c->wbuf_ofs = 0xFFFFFFFF;
1281 c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1282 if (!c->wbuf)
1283 return -ENOMEM;
1284
1285#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1286 c->wbuf_verify = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1287 if (!c->wbuf_verify) {
1288 kfree(c->oobbuf);
1289 kfree(c->wbuf);
1290 return -ENOMEM;
1291 }
1292#endif
1293
1294 pr_info("write-buffering enabled buffer (%d) erasesize (%d)\n",
1295 c->wbuf_pagesize, c->sector_size);
1296
1297 return 0;
1298}
1299
1300void jffs2_dataflash_cleanup(struct jffs2_sb_info *c) {
1301#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1302 kfree(c->wbuf_verify);
1303#endif
1304 kfree(c->wbuf);
1305}
1306
1307int jffs2_nor_wbuf_flash_setup(struct jffs2_sb_info *c) {
1308 /* Cleanmarker currently occupies whole programming regions,
1309 * either one or 2 for 8Byte STMicro flashes. */
1310 c->cleanmarker_size = max(16u, c->mtd->writesize);
1311
1312 /* Initialize write buffer */
1313 init_rwsem(&c->wbuf_sem);
1314 spin_lock_init(&c->wbuf_dwork_lock);
1315 INIT_DELAYED_WORK(&c->wbuf_dwork, delayed_wbuf_sync);
1316
1317 c->wbuf_pagesize = c->mtd->writesize;
1318 c->wbuf_ofs = 0xFFFFFFFF;
1319
1320 c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1321 if (!c->wbuf)
1322 return -ENOMEM;
1323
1324#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1325 c->wbuf_verify = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1326 if (!c->wbuf_verify) {
1327 kfree(c->wbuf);
1328 return -ENOMEM;
1329 }
1330#endif
1331 return 0;
1332}
1333
1334void jffs2_nor_wbuf_flash_cleanup(struct jffs2_sb_info *c) {
1335#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1336 kfree(c->wbuf_verify);
1337#endif
1338 kfree(c->wbuf);
1339}
1340
1341int jffs2_ubivol_setup(struct jffs2_sb_info *c) {
1342 c->cleanmarker_size = 0;
1343
1344 if (c->mtd->writesize == 1)
1345 /* We do not need write-buffer */
1346 return 0;
1347
1348 init_rwsem(&c->wbuf_sem);
1349 spin_lock_init(&c->wbuf_dwork_lock);
1350 INIT_DELAYED_WORK(&c->wbuf_dwork, delayed_wbuf_sync);
1351
1352 c->wbuf_pagesize = c->mtd->writesize;
1353 c->wbuf_ofs = 0xFFFFFFFF;
1354 c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1355 if (!c->wbuf)
1356 return -ENOMEM;
1357
1358 pr_info("write-buffering enabled buffer (%d) erasesize (%d)\n",
1359 c->wbuf_pagesize, c->sector_size);
1360
1361 return 0;
1362}
1363
1364void jffs2_ubivol_cleanup(struct jffs2_sb_info *c) {
1365 kfree(c->wbuf);
1366}