Loading...
1/*
2 * JFFS2 -- Journalling Flash File System, Version 2.
3 *
4 * Copyright © 2001-2007 Red Hat, Inc.
5 * Copyright © 2004 Thomas Gleixner <tglx@linutronix.de>
6 *
7 * Created by David Woodhouse <dwmw2@infradead.org>
8 * Modified debugged and enhanced by Thomas Gleixner <tglx@linutronix.de>
9 *
10 * For licensing information, see the file 'LICENCE' in this directory.
11 *
12 */
13
14#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15
16#include <linux/kernel.h>
17#include <linux/slab.h>
18#include <linux/mtd/mtd.h>
19#include <linux/crc32.h>
20#include <linux/mtd/rawnand.h>
21#include <linux/jiffies.h>
22#include <linux/sched.h>
23#include <linux/writeback.h>
24
25#include "nodelist.h"
26
27/* For testing write failures */
28#undef BREAKME
29#undef BREAKMEHEADER
30
31#ifdef BREAKME
32static unsigned char *brokenbuf;
33#endif
34
35#define PAGE_DIV(x) ( ((unsigned long)(x) / (unsigned long)(c->wbuf_pagesize)) * (unsigned long)(c->wbuf_pagesize) )
36#define PAGE_MOD(x) ( (unsigned long)(x) % (unsigned long)(c->wbuf_pagesize) )
37
38/* max. erase failures before we mark a block bad */
39#define MAX_ERASE_FAILURES 2
40
41struct jffs2_inodirty {
42 uint32_t ino;
43 struct jffs2_inodirty *next;
44};
45
46static struct jffs2_inodirty inodirty_nomem;
47
48static int jffs2_wbuf_pending_for_ino(struct jffs2_sb_info *c, uint32_t ino)
49{
50 struct jffs2_inodirty *this = c->wbuf_inodes;
51
52 /* If a malloc failed, consider _everything_ dirty */
53 if (this == &inodirty_nomem)
54 return 1;
55
56 /* If ino == 0, _any_ non-GC writes mean 'yes' */
57 if (this && !ino)
58 return 1;
59
60 /* Look to see if the inode in question is pending in the wbuf */
61 while (this) {
62 if (this->ino == ino)
63 return 1;
64 this = this->next;
65 }
66 return 0;
67}
68
69static void jffs2_clear_wbuf_ino_list(struct jffs2_sb_info *c)
70{
71 struct jffs2_inodirty *this;
72
73 this = c->wbuf_inodes;
74
75 if (this != &inodirty_nomem) {
76 while (this) {
77 struct jffs2_inodirty *next = this->next;
78 kfree(this);
79 this = next;
80 }
81 }
82 c->wbuf_inodes = NULL;
83}
84
85static void jffs2_wbuf_dirties_inode(struct jffs2_sb_info *c, uint32_t ino)
86{
87 struct jffs2_inodirty *new;
88
89 /* Schedule delayed write-buffer write-out */
90 jffs2_dirty_trigger(c);
91
92 if (jffs2_wbuf_pending_for_ino(c, ino))
93 return;
94
95 new = kmalloc(sizeof(*new), GFP_KERNEL);
96 if (!new) {
97 jffs2_dbg(1, "No memory to allocate inodirty. Fallback to all considered dirty\n");
98 jffs2_clear_wbuf_ino_list(c);
99 c->wbuf_inodes = &inodirty_nomem;
100 return;
101 }
102 new->ino = ino;
103 new->next = c->wbuf_inodes;
104 c->wbuf_inodes = new;
105 return;
106}
107
108static inline void jffs2_refile_wbuf_blocks(struct jffs2_sb_info *c)
109{
110 struct list_head *this, *next;
111 static int n;
112
113 if (list_empty(&c->erasable_pending_wbuf_list))
114 return;
115
116 list_for_each_safe(this, next, &c->erasable_pending_wbuf_list) {
117 struct jffs2_eraseblock *jeb = list_entry(this, struct jffs2_eraseblock, list);
118
119 jffs2_dbg(1, "Removing eraseblock at 0x%08x from erasable_pending_wbuf_list...\n",
120 jeb->offset);
121 list_del(this);
122 if ((jiffies + (n++)) & 127) {
123 /* Most of the time, we just erase it immediately. Otherwise we
124 spend ages scanning it on mount, etc. */
125 jffs2_dbg(1, "...and adding to erase_pending_list\n");
126 list_add_tail(&jeb->list, &c->erase_pending_list);
127 c->nr_erasing_blocks++;
128 jffs2_garbage_collect_trigger(c);
129 } else {
130 /* Sometimes, however, we leave it elsewhere so it doesn't get
131 immediately reused, and we spread the load a bit. */
132 jffs2_dbg(1, "...and adding to erasable_list\n");
133 list_add_tail(&jeb->list, &c->erasable_list);
134 }
135 }
136}
137
138#define REFILE_NOTEMPTY 0
139#define REFILE_ANYWAY 1
140
141static void jffs2_block_refile(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, int allow_empty)
142{
143 jffs2_dbg(1, "About to refile bad block at %08x\n", jeb->offset);
144
145 /* File the existing block on the bad_used_list.... */
146 if (c->nextblock == jeb)
147 c->nextblock = NULL;
148 else /* Not sure this should ever happen... need more coffee */
149 list_del(&jeb->list);
150 if (jeb->first_node) {
151 jffs2_dbg(1, "Refiling block at %08x to bad_used_list\n",
152 jeb->offset);
153 list_add(&jeb->list, &c->bad_used_list);
154 } else {
155 BUG_ON(allow_empty == REFILE_NOTEMPTY);
156 /* It has to have had some nodes or we couldn't be here */
157 jffs2_dbg(1, "Refiling block at %08x to erase_pending_list\n",
158 jeb->offset);
159 list_add(&jeb->list, &c->erase_pending_list);
160 c->nr_erasing_blocks++;
161 jffs2_garbage_collect_trigger(c);
162 }
163
164 if (!jffs2_prealloc_raw_node_refs(c, jeb, 1)) {
165 uint32_t oldfree = jeb->free_size;
166
167 jffs2_link_node_ref(c, jeb,
168 (jeb->offset+c->sector_size-oldfree) | REF_OBSOLETE,
169 oldfree, NULL);
170 /* convert to wasted */
171 c->wasted_size += oldfree;
172 jeb->wasted_size += oldfree;
173 c->dirty_size -= oldfree;
174 jeb->dirty_size -= oldfree;
175 }
176
177 jffs2_dbg_dump_block_lists_nolock(c);
178 jffs2_dbg_acct_sanity_check_nolock(c,jeb);
179 jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
180}
181
182static struct jffs2_raw_node_ref **jffs2_incore_replace_raw(struct jffs2_sb_info *c,
183 struct jffs2_inode_info *f,
184 struct jffs2_raw_node_ref *raw,
185 union jffs2_node_union *node)
186{
187 struct jffs2_node_frag *frag;
188 struct jffs2_full_dirent *fd;
189
190 dbg_noderef("incore_replace_raw: node at %p is {%04x,%04x}\n",
191 node, je16_to_cpu(node->u.magic), je16_to_cpu(node->u.nodetype));
192
193 BUG_ON(je16_to_cpu(node->u.magic) != 0x1985 &&
194 je16_to_cpu(node->u.magic) != 0);
195
196 switch (je16_to_cpu(node->u.nodetype)) {
197 case JFFS2_NODETYPE_INODE:
198 if (f->metadata && f->metadata->raw == raw) {
199 dbg_noderef("Will replace ->raw in f->metadata at %p\n", f->metadata);
200 return &f->metadata->raw;
201 }
202 frag = jffs2_lookup_node_frag(&f->fragtree, je32_to_cpu(node->i.offset));
203 BUG_ON(!frag);
204 /* Find a frag which refers to the full_dnode we want to modify */
205 while (!frag->node || frag->node->raw != raw) {
206 frag = frag_next(frag);
207 BUG_ON(!frag);
208 }
209 dbg_noderef("Will replace ->raw in full_dnode at %p\n", frag->node);
210 return &frag->node->raw;
211
212 case JFFS2_NODETYPE_DIRENT:
213 for (fd = f->dents; fd; fd = fd->next) {
214 if (fd->raw == raw) {
215 dbg_noderef("Will replace ->raw in full_dirent at %p\n", fd);
216 return &fd->raw;
217 }
218 }
219 BUG();
220
221 default:
222 dbg_noderef("Don't care about replacing raw for nodetype %x\n",
223 je16_to_cpu(node->u.nodetype));
224 break;
225 }
226 return NULL;
227}
228
229#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
230static int jffs2_verify_write(struct jffs2_sb_info *c, unsigned char *buf,
231 uint32_t ofs)
232{
233 int ret;
234 size_t retlen;
235 char *eccstr;
236
237 ret = mtd_read(c->mtd, ofs, c->wbuf_pagesize, &retlen, c->wbuf_verify);
238 if (ret && ret != -EUCLEAN && ret != -EBADMSG) {
239 pr_warn("%s(): Read back of page at %08x failed: %d\n",
240 __func__, c->wbuf_ofs, ret);
241 return ret;
242 } else if (retlen != c->wbuf_pagesize) {
243 pr_warn("%s(): Read back of page at %08x gave short read: %zd not %d\n",
244 __func__, ofs, retlen, c->wbuf_pagesize);
245 return -EIO;
246 }
247 if (!memcmp(buf, c->wbuf_verify, c->wbuf_pagesize))
248 return 0;
249
250 if (ret == -EUCLEAN)
251 eccstr = "corrected";
252 else if (ret == -EBADMSG)
253 eccstr = "correction failed";
254 else
255 eccstr = "OK or unused";
256
257 pr_warn("Write verify error (ECC %s) at %08x. Wrote:\n",
258 eccstr, c->wbuf_ofs);
259 print_hex_dump(KERN_WARNING, "", DUMP_PREFIX_OFFSET, 16, 1,
260 c->wbuf, c->wbuf_pagesize, 0);
261
262 pr_warn("Read back:\n");
263 print_hex_dump(KERN_WARNING, "", DUMP_PREFIX_OFFSET, 16, 1,
264 c->wbuf_verify, c->wbuf_pagesize, 0);
265
266 return -EIO;
267}
268#else
269#define jffs2_verify_write(c,b,o) (0)
270#endif
271
272/* Recover from failure to write wbuf. Recover the nodes up to the
273 * wbuf, not the one which we were starting to try to write. */
274
275static void jffs2_wbuf_recover(struct jffs2_sb_info *c)
276{
277 struct jffs2_eraseblock *jeb, *new_jeb;
278 struct jffs2_raw_node_ref *raw, *next, *first_raw = NULL;
279 size_t retlen;
280 int ret;
281 int nr_refile = 0;
282 unsigned char *buf;
283 uint32_t start, end, ofs, len;
284
285 jeb = &c->blocks[c->wbuf_ofs / c->sector_size];
286
287 spin_lock(&c->erase_completion_lock);
288 if (c->wbuf_ofs % c->mtd->erasesize)
289 jffs2_block_refile(c, jeb, REFILE_NOTEMPTY);
290 else
291 jffs2_block_refile(c, jeb, REFILE_ANYWAY);
292 spin_unlock(&c->erase_completion_lock);
293
294 BUG_ON(!ref_obsolete(jeb->last_node));
295
296 /* Find the first node to be recovered, by skipping over every
297 node which ends before the wbuf starts, or which is obsolete. */
298 for (next = raw = jeb->first_node; next; raw = next) {
299 next = ref_next(raw);
300
301 if (ref_obsolete(raw) ||
302 (next && ref_offset(next) <= c->wbuf_ofs)) {
303 dbg_noderef("Skipping node at 0x%08x(%d)-0x%08x which is either before 0x%08x or obsolete\n",
304 ref_offset(raw), ref_flags(raw),
305 (ref_offset(raw) + ref_totlen(c, jeb, raw)),
306 c->wbuf_ofs);
307 continue;
308 }
309 dbg_noderef("First node to be recovered is at 0x%08x(%d)-0x%08x\n",
310 ref_offset(raw), ref_flags(raw),
311 (ref_offset(raw) + ref_totlen(c, jeb, raw)));
312
313 first_raw = raw;
314 break;
315 }
316
317 if (!first_raw) {
318 /* All nodes were obsolete. Nothing to recover. */
319 jffs2_dbg(1, "No non-obsolete nodes to be recovered. Just filing block bad\n");
320 c->wbuf_len = 0;
321 return;
322 }
323
324 start = ref_offset(first_raw);
325 end = ref_offset(jeb->last_node);
326 nr_refile = 1;
327
328 /* Count the number of refs which need to be copied */
329 while ((raw = ref_next(raw)) != jeb->last_node)
330 nr_refile++;
331
332 dbg_noderef("wbuf recover %08x-%08x (%d bytes in %d nodes)\n",
333 start, end, end - start, nr_refile);
334
335 buf = NULL;
336 if (start < c->wbuf_ofs) {
337 /* First affected node was already partially written.
338 * Attempt to reread the old data into our buffer. */
339
340 buf = kmalloc(end - start, GFP_KERNEL);
341 if (!buf) {
342 pr_crit("Malloc failure in wbuf recovery. Data loss ensues.\n");
343
344 goto read_failed;
345 }
346
347 /* Do the read... */
348 ret = mtd_read(c->mtd, start, c->wbuf_ofs - start, &retlen,
349 buf);
350
351 /* ECC recovered ? */
352 if ((ret == -EUCLEAN || ret == -EBADMSG) &&
353 (retlen == c->wbuf_ofs - start))
354 ret = 0;
355
356 if (ret || retlen != c->wbuf_ofs - start) {
357 pr_crit("Old data are already lost in wbuf recovery. Data loss ensues.\n");
358
359 kfree(buf);
360 buf = NULL;
361 read_failed:
362 first_raw = ref_next(first_raw);
363 nr_refile--;
364 while (first_raw && ref_obsolete(first_raw)) {
365 first_raw = ref_next(first_raw);
366 nr_refile--;
367 }
368
369 /* If this was the only node to be recovered, give up */
370 if (!first_raw) {
371 c->wbuf_len = 0;
372 return;
373 }
374
375 /* It wasn't. Go on and try to recover nodes complete in the wbuf */
376 start = ref_offset(first_raw);
377 dbg_noderef("wbuf now recover %08x-%08x (%d bytes in %d nodes)\n",
378 start, end, end - start, nr_refile);
379
380 } else {
381 /* Read succeeded. Copy the remaining data from the wbuf */
382 memcpy(buf + (c->wbuf_ofs - start), c->wbuf, end - c->wbuf_ofs);
383 }
384 }
385 /* OK... we're to rewrite (end-start) bytes of data from first_raw onwards.
386 Either 'buf' contains the data, or we find it in the wbuf */
387
388 /* ... and get an allocation of space from a shiny new block instead */
389 ret = jffs2_reserve_space_gc(c, end-start, &len, JFFS2_SUMMARY_NOSUM_SIZE);
390 if (ret) {
391 pr_warn("Failed to allocate space for wbuf recovery. Data loss ensues.\n");
392 kfree(buf);
393 return;
394 }
395
396 /* The summary is not recovered, so it must be disabled for this erase block */
397 jffs2_sum_disable_collecting(c->summary);
398
399 ret = jffs2_prealloc_raw_node_refs(c, c->nextblock, nr_refile);
400 if (ret) {
401 pr_warn("Failed to allocate node refs for wbuf recovery. Data loss ensues.\n");
402 kfree(buf);
403 return;
404 }
405
406 ofs = write_ofs(c);
407
408 if (end-start >= c->wbuf_pagesize) {
409 /* Need to do another write immediately, but it's possible
410 that this is just because the wbuf itself is completely
411 full, and there's nothing earlier read back from the
412 flash. Hence 'buf' isn't necessarily what we're writing
413 from. */
414 unsigned char *rewrite_buf = buf?:c->wbuf;
415 uint32_t towrite = (end-start) - ((end-start)%c->wbuf_pagesize);
416
417 jffs2_dbg(1, "Write 0x%x bytes at 0x%08x in wbuf recover\n",
418 towrite, ofs);
419
420#ifdef BREAKMEHEADER
421 static int breakme;
422 if (breakme++ == 20) {
423 pr_notice("Faking write error at 0x%08x\n", ofs);
424 breakme = 0;
425 mtd_write(c->mtd, ofs, towrite, &retlen, brokenbuf);
426 ret = -EIO;
427 } else
428#endif
429 ret = mtd_write(c->mtd, ofs, towrite, &retlen,
430 rewrite_buf);
431
432 if (ret || retlen != towrite || jffs2_verify_write(c, rewrite_buf, ofs)) {
433 /* Argh. We tried. Really we did. */
434 pr_crit("Recovery of wbuf failed due to a second write error\n");
435 kfree(buf);
436
437 if (retlen)
438 jffs2_add_physical_node_ref(c, ofs | REF_OBSOLETE, ref_totlen(c, jeb, first_raw), NULL);
439
440 return;
441 }
442 pr_notice("Recovery of wbuf succeeded to %08x\n", ofs);
443
444 c->wbuf_len = (end - start) - towrite;
445 c->wbuf_ofs = ofs + towrite;
446 memmove(c->wbuf, rewrite_buf + towrite, c->wbuf_len);
447 /* Don't muck about with c->wbuf_inodes. False positives are harmless. */
448 } else {
449 /* OK, now we're left with the dregs in whichever buffer we're using */
450 if (buf) {
451 memcpy(c->wbuf, buf, end-start);
452 } else {
453 memmove(c->wbuf, c->wbuf + (start - c->wbuf_ofs), end - start);
454 }
455 c->wbuf_ofs = ofs;
456 c->wbuf_len = end - start;
457 }
458
459 /* Now sort out the jffs2_raw_node_refs, moving them from the old to the next block */
460 new_jeb = &c->blocks[ofs / c->sector_size];
461
462 spin_lock(&c->erase_completion_lock);
463 for (raw = first_raw; raw != jeb->last_node; raw = ref_next(raw)) {
464 uint32_t rawlen = ref_totlen(c, jeb, raw);
465 struct jffs2_inode_cache *ic;
466 struct jffs2_raw_node_ref *new_ref;
467 struct jffs2_raw_node_ref **adjust_ref = NULL;
468 struct jffs2_inode_info *f = NULL;
469
470 jffs2_dbg(1, "Refiling block of %08x at %08x(%d) to %08x\n",
471 rawlen, ref_offset(raw), ref_flags(raw), ofs);
472
473 ic = jffs2_raw_ref_to_ic(raw);
474
475 /* Ick. This XATTR mess should be fixed shortly... */
476 if (ic && ic->class == RAWNODE_CLASS_XATTR_DATUM) {
477 struct jffs2_xattr_datum *xd = (void *)ic;
478 BUG_ON(xd->node != raw);
479 adjust_ref = &xd->node;
480 raw->next_in_ino = NULL;
481 ic = NULL;
482 } else if (ic && ic->class == RAWNODE_CLASS_XATTR_REF) {
483 struct jffs2_xattr_datum *xr = (void *)ic;
484 BUG_ON(xr->node != raw);
485 adjust_ref = &xr->node;
486 raw->next_in_ino = NULL;
487 ic = NULL;
488 } else if (ic && ic->class == RAWNODE_CLASS_INODE_CACHE) {
489 struct jffs2_raw_node_ref **p = &ic->nodes;
490
491 /* Remove the old node from the per-inode list */
492 while (*p && *p != (void *)ic) {
493 if (*p == raw) {
494 (*p) = (raw->next_in_ino);
495 raw->next_in_ino = NULL;
496 break;
497 }
498 p = &((*p)->next_in_ino);
499 }
500
501 if (ic->state == INO_STATE_PRESENT && !ref_obsolete(raw)) {
502 /* If it's an in-core inode, then we have to adjust any
503 full_dirent or full_dnode structure to point to the
504 new version instead of the old */
505 f = jffs2_gc_fetch_inode(c, ic->ino, !ic->pino_nlink);
506 if (IS_ERR(f)) {
507 /* Should never happen; it _must_ be present */
508 JFFS2_ERROR("Failed to iget() ino #%u, err %ld\n",
509 ic->ino, PTR_ERR(f));
510 BUG();
511 }
512 /* We don't lock f->sem. There's a number of ways we could
513 end up in here with it already being locked, and nobody's
514 going to modify it on us anyway because we hold the
515 alloc_sem. We're only changing one ->raw pointer too,
516 which we can get away with without upsetting readers. */
517 adjust_ref = jffs2_incore_replace_raw(c, f, raw,
518 (void *)(buf?:c->wbuf) + (ref_offset(raw) - start));
519 } else if (unlikely(ic->state != INO_STATE_PRESENT &&
520 ic->state != INO_STATE_CHECKEDABSENT &&
521 ic->state != INO_STATE_GC)) {
522 JFFS2_ERROR("Inode #%u is in strange state %d!\n", ic->ino, ic->state);
523 BUG();
524 }
525 }
526
527 new_ref = jffs2_link_node_ref(c, new_jeb, ofs | ref_flags(raw), rawlen, ic);
528
529 if (adjust_ref) {
530 BUG_ON(*adjust_ref != raw);
531 *adjust_ref = new_ref;
532 }
533 if (f)
534 jffs2_gc_release_inode(c, f);
535
536 if (!ref_obsolete(raw)) {
537 jeb->dirty_size += rawlen;
538 jeb->used_size -= rawlen;
539 c->dirty_size += rawlen;
540 c->used_size -= rawlen;
541 raw->flash_offset = ref_offset(raw) | REF_OBSOLETE;
542 BUG_ON(raw->next_in_ino);
543 }
544 ofs += rawlen;
545 }
546
547 kfree(buf);
548
549 /* Fix up the original jeb now it's on the bad_list */
550 if (first_raw == jeb->first_node) {
551 jffs2_dbg(1, "Failing block at %08x is now empty. Moving to erase_pending_list\n",
552 jeb->offset);
553 list_move(&jeb->list, &c->erase_pending_list);
554 c->nr_erasing_blocks++;
555 jffs2_garbage_collect_trigger(c);
556 }
557
558 jffs2_dbg_acct_sanity_check_nolock(c, jeb);
559 jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
560
561 jffs2_dbg_acct_sanity_check_nolock(c, new_jeb);
562 jffs2_dbg_acct_paranoia_check_nolock(c, new_jeb);
563
564 spin_unlock(&c->erase_completion_lock);
565
566 jffs2_dbg(1, "wbuf recovery completed OK. wbuf_ofs 0x%08x, len 0x%x\n",
567 c->wbuf_ofs, c->wbuf_len);
568
569}
570
571/* Meaning of pad argument:
572 0: Do not pad. Probably pointless - we only ever use this when we can't pad anyway.
573 1: Pad, do not adjust nextblock free_size
574 2: Pad, adjust nextblock free_size
575*/
576#define NOPAD 0
577#define PAD_NOACCOUNT 1
578#define PAD_ACCOUNTING 2
579
580static int __jffs2_flush_wbuf(struct jffs2_sb_info *c, int pad)
581{
582 struct jffs2_eraseblock *wbuf_jeb;
583 int ret;
584 size_t retlen;
585
586 /* Nothing to do if not write-buffering the flash. In particular, we shouldn't
587 del_timer() the timer we never initialised. */
588 if (!jffs2_is_writebuffered(c))
589 return 0;
590
591 if (!mutex_is_locked(&c->alloc_sem)) {
592 pr_crit("jffs2_flush_wbuf() called with alloc_sem not locked!\n");
593 BUG();
594 }
595
596 if (!c->wbuf_len) /* already checked c->wbuf above */
597 return 0;
598
599 wbuf_jeb = &c->blocks[c->wbuf_ofs / c->sector_size];
600 if (jffs2_prealloc_raw_node_refs(c, wbuf_jeb, c->nextblock->allocated_refs + 1))
601 return -ENOMEM;
602
603 /* claim remaining space on the page
604 this happens, if we have a change to a new block,
605 or if fsync forces us to flush the writebuffer.
606 if we have a switch to next page, we will not have
607 enough remaining space for this.
608 */
609 if (pad ) {
610 c->wbuf_len = PAD(c->wbuf_len);
611
612 /* Pad with JFFS2_DIRTY_BITMASK initially. this helps out ECC'd NOR
613 with 8 byte page size */
614 memset(c->wbuf + c->wbuf_len, 0, c->wbuf_pagesize - c->wbuf_len);
615
616 if ( c->wbuf_len + sizeof(struct jffs2_unknown_node) < c->wbuf_pagesize) {
617 struct jffs2_unknown_node *padnode = (void *)(c->wbuf + c->wbuf_len);
618 padnode->magic = cpu_to_je16(JFFS2_MAGIC_BITMASK);
619 padnode->nodetype = cpu_to_je16(JFFS2_NODETYPE_PADDING);
620 padnode->totlen = cpu_to_je32(c->wbuf_pagesize - c->wbuf_len);
621 padnode->hdr_crc = cpu_to_je32(crc32(0, padnode, sizeof(*padnode)-4));
622 }
623 }
624 /* else jffs2_flash_writev has actually filled in the rest of the
625 buffer for us, and will deal with the node refs etc. later. */
626
627#ifdef BREAKME
628 static int breakme;
629 if (breakme++ == 20) {
630 pr_notice("Faking write error at 0x%08x\n", c->wbuf_ofs);
631 breakme = 0;
632 mtd_write(c->mtd, c->wbuf_ofs, c->wbuf_pagesize, &retlen,
633 brokenbuf);
634 ret = -EIO;
635 } else
636#endif
637
638 ret = mtd_write(c->mtd, c->wbuf_ofs, c->wbuf_pagesize,
639 &retlen, c->wbuf);
640
641 if (ret) {
642 pr_warn("jffs2_flush_wbuf(): Write failed with %d\n", ret);
643 goto wfail;
644 } else if (retlen != c->wbuf_pagesize) {
645 pr_warn("jffs2_flush_wbuf(): Write was short: %zd instead of %d\n",
646 retlen, c->wbuf_pagesize);
647 ret = -EIO;
648 goto wfail;
649 } else if ((ret = jffs2_verify_write(c, c->wbuf, c->wbuf_ofs))) {
650 wfail:
651 jffs2_wbuf_recover(c);
652
653 return ret;
654 }
655
656 /* Adjust free size of the block if we padded. */
657 if (pad) {
658 uint32_t waste = c->wbuf_pagesize - c->wbuf_len;
659
660 jffs2_dbg(1, "jffs2_flush_wbuf() adjusting free_size of %sblock at %08x\n",
661 (wbuf_jeb == c->nextblock) ? "next" : "",
662 wbuf_jeb->offset);
663
664 /* wbuf_pagesize - wbuf_len is the amount of space that's to be
665 padded. If there is less free space in the block than that,
666 something screwed up */
667 if (wbuf_jeb->free_size < waste) {
668 pr_crit("jffs2_flush_wbuf(): Accounting error. wbuf at 0x%08x has 0x%03x bytes, 0x%03x left.\n",
669 c->wbuf_ofs, c->wbuf_len, waste);
670 pr_crit("jffs2_flush_wbuf(): But free_size for block at 0x%08x is only 0x%08x\n",
671 wbuf_jeb->offset, wbuf_jeb->free_size);
672 BUG();
673 }
674
675 spin_lock(&c->erase_completion_lock);
676
677 jffs2_link_node_ref(c, wbuf_jeb, (c->wbuf_ofs + c->wbuf_len) | REF_OBSOLETE, waste, NULL);
678 /* FIXME: that made it count as dirty. Convert to wasted */
679 wbuf_jeb->dirty_size -= waste;
680 c->dirty_size -= waste;
681 wbuf_jeb->wasted_size += waste;
682 c->wasted_size += waste;
683 } else
684 spin_lock(&c->erase_completion_lock);
685
686 /* Stick any now-obsoleted blocks on the erase_pending_list */
687 jffs2_refile_wbuf_blocks(c);
688 jffs2_clear_wbuf_ino_list(c);
689 spin_unlock(&c->erase_completion_lock);
690
691 memset(c->wbuf,0xff,c->wbuf_pagesize);
692 /* adjust write buffer offset, else we get a non contiguous write bug */
693 c->wbuf_ofs += c->wbuf_pagesize;
694 c->wbuf_len = 0;
695 return 0;
696}
697
698/* Trigger garbage collection to flush the write-buffer.
699 If ino arg is zero, do it if _any_ real (i.e. not GC) writes are
700 outstanding. If ino arg non-zero, do it only if a write for the
701 given inode is outstanding. */
702int jffs2_flush_wbuf_gc(struct jffs2_sb_info *c, uint32_t ino)
703{
704 uint32_t old_wbuf_ofs;
705 uint32_t old_wbuf_len;
706 int ret = 0;
707
708 jffs2_dbg(1, "jffs2_flush_wbuf_gc() called for ino #%u...\n", ino);
709
710 if (!c->wbuf)
711 return 0;
712
713 mutex_lock(&c->alloc_sem);
714 if (!jffs2_wbuf_pending_for_ino(c, ino)) {
715 jffs2_dbg(1, "Ino #%d not pending in wbuf. Returning\n", ino);
716 mutex_unlock(&c->alloc_sem);
717 return 0;
718 }
719
720 old_wbuf_ofs = c->wbuf_ofs;
721 old_wbuf_len = c->wbuf_len;
722
723 if (c->unchecked_size) {
724 /* GC won't make any progress for a while */
725 jffs2_dbg(1, "%s(): padding. Not finished checking\n",
726 __func__);
727 down_write(&c->wbuf_sem);
728 ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
729 /* retry flushing wbuf in case jffs2_wbuf_recover
730 left some data in the wbuf */
731 if (ret)
732 ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
733 up_write(&c->wbuf_sem);
734 } else while (old_wbuf_len &&
735 old_wbuf_ofs == c->wbuf_ofs) {
736
737 mutex_unlock(&c->alloc_sem);
738
739 jffs2_dbg(1, "%s(): calls gc pass\n", __func__);
740
741 ret = jffs2_garbage_collect_pass(c);
742 if (ret) {
743 /* GC failed. Flush it with padding instead */
744 mutex_lock(&c->alloc_sem);
745 down_write(&c->wbuf_sem);
746 ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
747 /* retry flushing wbuf in case jffs2_wbuf_recover
748 left some data in the wbuf */
749 if (ret)
750 ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
751 up_write(&c->wbuf_sem);
752 break;
753 }
754 mutex_lock(&c->alloc_sem);
755 }
756
757 jffs2_dbg(1, "%s(): ends...\n", __func__);
758
759 mutex_unlock(&c->alloc_sem);
760 return ret;
761}
762
763/* Pad write-buffer to end and write it, wasting space. */
764int jffs2_flush_wbuf_pad(struct jffs2_sb_info *c)
765{
766 int ret;
767
768 if (!c->wbuf)
769 return 0;
770
771 down_write(&c->wbuf_sem);
772 ret = __jffs2_flush_wbuf(c, PAD_NOACCOUNT);
773 /* retry - maybe wbuf recover left some data in wbuf. */
774 if (ret)
775 ret = __jffs2_flush_wbuf(c, PAD_NOACCOUNT);
776 up_write(&c->wbuf_sem);
777
778 return ret;
779}
780
781static size_t jffs2_fill_wbuf(struct jffs2_sb_info *c, const uint8_t *buf,
782 size_t len)
783{
784 if (len && !c->wbuf_len && (len >= c->wbuf_pagesize))
785 return 0;
786
787 if (len > (c->wbuf_pagesize - c->wbuf_len))
788 len = c->wbuf_pagesize - c->wbuf_len;
789 memcpy(c->wbuf + c->wbuf_len, buf, len);
790 c->wbuf_len += (uint32_t) len;
791 return len;
792}
793
794int jffs2_flash_writev(struct jffs2_sb_info *c, const struct kvec *invecs,
795 unsigned long count, loff_t to, size_t *retlen,
796 uint32_t ino)
797{
798 struct jffs2_eraseblock *jeb;
799 size_t wbuf_retlen, donelen = 0;
800 uint32_t outvec_to = to;
801 int ret, invec;
802
803 /* If not writebuffered flash, don't bother */
804 if (!jffs2_is_writebuffered(c))
805 return jffs2_flash_direct_writev(c, invecs, count, to, retlen);
806
807 down_write(&c->wbuf_sem);
808
809 /* If wbuf_ofs is not initialized, set it to target address */
810 if (c->wbuf_ofs == 0xFFFFFFFF) {
811 c->wbuf_ofs = PAGE_DIV(to);
812 c->wbuf_len = PAGE_MOD(to);
813 memset(c->wbuf,0xff,c->wbuf_pagesize);
814 }
815
816 /*
817 * Sanity checks on target address. It's permitted to write
818 * at PAD(c->wbuf_len+c->wbuf_ofs), and it's permitted to
819 * write at the beginning of a new erase block. Anything else,
820 * and you die. New block starts at xxx000c (0-b = block
821 * header)
822 */
823 if (SECTOR_ADDR(to) != SECTOR_ADDR(c->wbuf_ofs)) {
824 /* It's a write to a new block */
825 if (c->wbuf_len) {
826 jffs2_dbg(1, "%s(): to 0x%lx causes flush of wbuf at 0x%08x\n",
827 __func__, (unsigned long)to, c->wbuf_ofs);
828 ret = __jffs2_flush_wbuf(c, PAD_NOACCOUNT);
829 if (ret)
830 goto outerr;
831 }
832 /* set pointer to new block */
833 c->wbuf_ofs = PAGE_DIV(to);
834 c->wbuf_len = PAGE_MOD(to);
835 }
836
837 if (to != PAD(c->wbuf_ofs + c->wbuf_len)) {
838 /* We're not writing immediately after the writebuffer. Bad. */
839 pr_crit("%s(): Non-contiguous write to %08lx\n",
840 __func__, (unsigned long)to);
841 if (c->wbuf_len)
842 pr_crit("wbuf was previously %08x-%08x\n",
843 c->wbuf_ofs, c->wbuf_ofs + c->wbuf_len);
844 BUG();
845 }
846
847 /* adjust alignment offset */
848 if (c->wbuf_len != PAGE_MOD(to)) {
849 c->wbuf_len = PAGE_MOD(to);
850 /* take care of alignment to next page */
851 if (!c->wbuf_len) {
852 c->wbuf_len = c->wbuf_pagesize;
853 ret = __jffs2_flush_wbuf(c, NOPAD);
854 if (ret)
855 goto outerr;
856 }
857 }
858
859 for (invec = 0; invec < count; invec++) {
860 int vlen = invecs[invec].iov_len;
861 uint8_t *v = invecs[invec].iov_base;
862
863 wbuf_retlen = jffs2_fill_wbuf(c, v, vlen);
864
865 if (c->wbuf_len == c->wbuf_pagesize) {
866 ret = __jffs2_flush_wbuf(c, NOPAD);
867 if (ret)
868 goto outerr;
869 }
870 vlen -= wbuf_retlen;
871 outvec_to += wbuf_retlen;
872 donelen += wbuf_retlen;
873 v += wbuf_retlen;
874
875 if (vlen >= c->wbuf_pagesize) {
876 ret = mtd_write(c->mtd, outvec_to, PAGE_DIV(vlen),
877 &wbuf_retlen, v);
878 if (ret < 0 || wbuf_retlen != PAGE_DIV(vlen))
879 goto outfile;
880
881 vlen -= wbuf_retlen;
882 outvec_to += wbuf_retlen;
883 c->wbuf_ofs = outvec_to;
884 donelen += wbuf_retlen;
885 v += wbuf_retlen;
886 }
887
888 wbuf_retlen = jffs2_fill_wbuf(c, v, vlen);
889 if (c->wbuf_len == c->wbuf_pagesize) {
890 ret = __jffs2_flush_wbuf(c, NOPAD);
891 if (ret)
892 goto outerr;
893 }
894
895 outvec_to += wbuf_retlen;
896 donelen += wbuf_retlen;
897 }
898
899 /*
900 * If there's a remainder in the wbuf and it's a non-GC write,
901 * remember that the wbuf affects this ino
902 */
903 *retlen = donelen;
904
905 if (jffs2_sum_active()) {
906 int res = jffs2_sum_add_kvec(c, invecs, count, (uint32_t) to);
907 if (res)
908 return res;
909 }
910
911 if (c->wbuf_len && ino)
912 jffs2_wbuf_dirties_inode(c, ino);
913
914 ret = 0;
915 up_write(&c->wbuf_sem);
916 return ret;
917
918outfile:
919 /*
920 * At this point we have no problem, c->wbuf is empty. However
921 * refile nextblock to avoid writing again to same address.
922 */
923
924 spin_lock(&c->erase_completion_lock);
925
926 jeb = &c->blocks[outvec_to / c->sector_size];
927 jffs2_block_refile(c, jeb, REFILE_ANYWAY);
928
929 spin_unlock(&c->erase_completion_lock);
930
931outerr:
932 *retlen = 0;
933 up_write(&c->wbuf_sem);
934 return ret;
935}
936
937/*
938 * This is the entry for flash write.
939 * Check, if we work on NAND FLASH, if so build an kvec and write it via vritev
940*/
941int jffs2_flash_write(struct jffs2_sb_info *c, loff_t ofs, size_t len,
942 size_t *retlen, const u_char *buf)
943{
944 struct kvec vecs[1];
945
946 if (!jffs2_is_writebuffered(c))
947 return jffs2_flash_direct_write(c, ofs, len, retlen, buf);
948
949 vecs[0].iov_base = (unsigned char *) buf;
950 vecs[0].iov_len = len;
951 return jffs2_flash_writev(c, vecs, 1, ofs, retlen, 0);
952}
953
954/*
955 Handle readback from writebuffer and ECC failure return
956*/
957int jffs2_flash_read(struct jffs2_sb_info *c, loff_t ofs, size_t len, size_t *retlen, u_char *buf)
958{
959 loff_t orbf = 0, owbf = 0, lwbf = 0;
960 int ret;
961
962 if (!jffs2_is_writebuffered(c))
963 return mtd_read(c->mtd, ofs, len, retlen, buf);
964
965 /* Read flash */
966 down_read(&c->wbuf_sem);
967 ret = mtd_read(c->mtd, ofs, len, retlen, buf);
968
969 if ( (ret == -EBADMSG || ret == -EUCLEAN) && (*retlen == len) ) {
970 if (ret == -EBADMSG)
971 pr_warn("mtd->read(0x%zx bytes from 0x%llx) returned ECC error\n",
972 len, ofs);
973 /*
974 * We have the raw data without ECC correction in the buffer,
975 * maybe we are lucky and all data or parts are correct. We
976 * check the node. If data are corrupted node check will sort
977 * it out. We keep this block, it will fail on write or erase
978 * and the we mark it bad. Or should we do that now? But we
979 * should give him a chance. Maybe we had a system crash or
980 * power loss before the ecc write or a erase was completed.
981 * So we return success. :)
982 */
983 ret = 0;
984 }
985
986 /* if no writebuffer available or write buffer empty, return */
987 if (!c->wbuf_pagesize || !c->wbuf_len)
988 goto exit;
989
990 /* if we read in a different block, return */
991 if (SECTOR_ADDR(ofs) != SECTOR_ADDR(c->wbuf_ofs))
992 goto exit;
993
994 if (ofs >= c->wbuf_ofs) {
995 owbf = (ofs - c->wbuf_ofs); /* offset in write buffer */
996 if (owbf > c->wbuf_len) /* is read beyond write buffer ? */
997 goto exit;
998 lwbf = c->wbuf_len - owbf; /* number of bytes to copy */
999 if (lwbf > len)
1000 lwbf = len;
1001 } else {
1002 orbf = (c->wbuf_ofs - ofs); /* offset in read buffer */
1003 if (orbf > len) /* is write beyond write buffer ? */
1004 goto exit;
1005 lwbf = len - orbf; /* number of bytes to copy */
1006 if (lwbf > c->wbuf_len)
1007 lwbf = c->wbuf_len;
1008 }
1009 if (lwbf > 0)
1010 memcpy(buf+orbf,c->wbuf+owbf,lwbf);
1011
1012exit:
1013 up_read(&c->wbuf_sem);
1014 return ret;
1015}
1016
1017#define NR_OOB_SCAN_PAGES 4
1018
1019/* For historical reasons we use only 8 bytes for OOB clean marker */
1020#define OOB_CM_SIZE 8
1021
1022static const struct jffs2_unknown_node oob_cleanmarker =
1023{
1024 .magic = constant_cpu_to_je16(JFFS2_MAGIC_BITMASK),
1025 .nodetype = constant_cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER),
1026 .totlen = constant_cpu_to_je32(8)
1027};
1028
1029/*
1030 * Check, if the out of band area is empty. This function knows about the clean
1031 * marker and if it is present in OOB, treats the OOB as empty anyway.
1032 */
1033int jffs2_check_oob_empty(struct jffs2_sb_info *c,
1034 struct jffs2_eraseblock *jeb, int mode)
1035{
1036 int i, ret;
1037 int cmlen = min_t(int, c->oobavail, OOB_CM_SIZE);
1038 struct mtd_oob_ops ops = { };
1039
1040 ops.mode = MTD_OPS_AUTO_OOB;
1041 ops.ooblen = NR_OOB_SCAN_PAGES * c->oobavail;
1042 ops.oobbuf = c->oobbuf;
1043 ops.len = ops.ooboffs = ops.retlen = ops.oobretlen = 0;
1044 ops.datbuf = NULL;
1045
1046 ret = mtd_read_oob(c->mtd, jeb->offset, &ops);
1047 if ((ret && !mtd_is_bitflip(ret)) || ops.oobretlen != ops.ooblen) {
1048 pr_err("cannot read OOB for EB at %08x, requested %zd bytes, read %zd bytes, error %d\n",
1049 jeb->offset, ops.ooblen, ops.oobretlen, ret);
1050 if (!ret || mtd_is_bitflip(ret))
1051 ret = -EIO;
1052 return ret;
1053 }
1054
1055 for(i = 0; i < ops.ooblen; i++) {
1056 if (mode && i < cmlen)
1057 /* Yeah, we know about the cleanmarker */
1058 continue;
1059
1060 if (ops.oobbuf[i] != 0xFF) {
1061 jffs2_dbg(2, "Found %02x at %x in OOB for "
1062 "%08x\n", ops.oobbuf[i], i, jeb->offset);
1063 return 1;
1064 }
1065 }
1066
1067 return 0;
1068}
1069
1070/*
1071 * Check for a valid cleanmarker.
1072 * Returns: 0 if a valid cleanmarker was found
1073 * 1 if no cleanmarker was found
1074 * negative error code if an error occurred
1075 */
1076int jffs2_check_nand_cleanmarker(struct jffs2_sb_info *c,
1077 struct jffs2_eraseblock *jeb)
1078{
1079 struct mtd_oob_ops ops = { };
1080 int ret, cmlen = min_t(int, c->oobavail, OOB_CM_SIZE);
1081
1082 ops.mode = MTD_OPS_AUTO_OOB;
1083 ops.ooblen = cmlen;
1084 ops.oobbuf = c->oobbuf;
1085 ops.len = ops.ooboffs = ops.retlen = ops.oobretlen = 0;
1086 ops.datbuf = NULL;
1087
1088 ret = mtd_read_oob(c->mtd, jeb->offset, &ops);
1089 if ((ret && !mtd_is_bitflip(ret)) || ops.oobretlen != ops.ooblen) {
1090 pr_err("cannot read OOB for EB at %08x, requested %zd bytes, read %zd bytes, error %d\n",
1091 jeb->offset, ops.ooblen, ops.oobretlen, ret);
1092 if (!ret || mtd_is_bitflip(ret))
1093 ret = -EIO;
1094 return ret;
1095 }
1096
1097 return !!memcmp(&oob_cleanmarker, c->oobbuf, cmlen);
1098}
1099
1100int jffs2_write_nand_cleanmarker(struct jffs2_sb_info *c,
1101 struct jffs2_eraseblock *jeb)
1102{
1103 int ret;
1104 struct mtd_oob_ops ops = { };
1105 int cmlen = min_t(int, c->oobavail, OOB_CM_SIZE);
1106
1107 ops.mode = MTD_OPS_AUTO_OOB;
1108 ops.ooblen = cmlen;
1109 ops.oobbuf = (uint8_t *)&oob_cleanmarker;
1110 ops.len = ops.ooboffs = ops.retlen = ops.oobretlen = 0;
1111 ops.datbuf = NULL;
1112
1113 ret = mtd_write_oob(c->mtd, jeb->offset, &ops);
1114 if (ret || ops.oobretlen != ops.ooblen) {
1115 pr_err("cannot write OOB for EB at %08x, requested %zd bytes, read %zd bytes, error %d\n",
1116 jeb->offset, ops.ooblen, ops.oobretlen, ret);
1117 if (!ret)
1118 ret = -EIO;
1119 return ret;
1120 }
1121
1122 return 0;
1123}
1124
1125/*
1126 * On NAND we try to mark this block bad. If the block was erased more
1127 * than MAX_ERASE_FAILURES we mark it finally bad.
1128 * Don't care about failures. This block remains on the erase-pending
1129 * or badblock list as long as nobody manipulates the flash with
1130 * a bootloader or something like that.
1131 */
1132
1133int jffs2_write_nand_badblock(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, uint32_t bad_offset)
1134{
1135 int ret;
1136
1137 /* if the count is < max, we try to write the counter to the 2nd page oob area */
1138 if( ++jeb->bad_count < MAX_ERASE_FAILURES)
1139 return 0;
1140
1141 pr_warn("marking eraseblock at %08x as bad\n", bad_offset);
1142 ret = mtd_block_markbad(c->mtd, bad_offset);
1143
1144 if (ret) {
1145 jffs2_dbg(1, "%s(): Write failed for block at %08x: error %d\n",
1146 __func__, jeb->offset, ret);
1147 return ret;
1148 }
1149 return 1;
1150}
1151
1152static struct jffs2_sb_info *work_to_sb(struct work_struct *work)
1153{
1154 struct delayed_work *dwork;
1155
1156 dwork = to_delayed_work(work);
1157 return container_of(dwork, struct jffs2_sb_info, wbuf_dwork);
1158}
1159
1160static void delayed_wbuf_sync(struct work_struct *work)
1161{
1162 struct jffs2_sb_info *c = work_to_sb(work);
1163 struct super_block *sb = OFNI_BS_2SFFJ(c);
1164
1165 if (!sb_rdonly(sb)) {
1166 jffs2_dbg(1, "%s()\n", __func__);
1167 jffs2_flush_wbuf_gc(c, 0);
1168 }
1169}
1170
1171void jffs2_dirty_trigger(struct jffs2_sb_info *c)
1172{
1173 struct super_block *sb = OFNI_BS_2SFFJ(c);
1174 unsigned long delay;
1175
1176 if (sb_rdonly(sb))
1177 return;
1178
1179 delay = msecs_to_jiffies(dirty_writeback_interval * 10);
1180 if (queue_delayed_work(system_long_wq, &c->wbuf_dwork, delay))
1181 jffs2_dbg(1, "%s()\n", __func__);
1182}
1183
1184int jffs2_nand_flash_setup(struct jffs2_sb_info *c)
1185{
1186 if (!c->mtd->oobsize)
1187 return 0;
1188
1189 /* Cleanmarker is out-of-band, so inline size zero */
1190 c->cleanmarker_size = 0;
1191
1192 if (c->mtd->oobavail == 0) {
1193 pr_err("inconsistent device description\n");
1194 return -EINVAL;
1195 }
1196
1197 jffs2_dbg(1, "using OOB on NAND\n");
1198
1199 c->oobavail = c->mtd->oobavail;
1200
1201 /* Initialise write buffer */
1202 init_rwsem(&c->wbuf_sem);
1203 INIT_DELAYED_WORK(&c->wbuf_dwork, delayed_wbuf_sync);
1204 c->wbuf_pagesize = c->mtd->writesize;
1205 c->wbuf_ofs = 0xFFFFFFFF;
1206
1207 c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1208 if (!c->wbuf)
1209 return -ENOMEM;
1210
1211 c->oobbuf = kmalloc_array(NR_OOB_SCAN_PAGES, c->oobavail, GFP_KERNEL);
1212 if (!c->oobbuf) {
1213 kfree(c->wbuf);
1214 return -ENOMEM;
1215 }
1216
1217#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1218 c->wbuf_verify = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1219 if (!c->wbuf_verify) {
1220 kfree(c->oobbuf);
1221 kfree(c->wbuf);
1222 return -ENOMEM;
1223 }
1224#endif
1225 return 0;
1226}
1227
1228void jffs2_nand_flash_cleanup(struct jffs2_sb_info *c)
1229{
1230#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1231 kfree(c->wbuf_verify);
1232#endif
1233 kfree(c->wbuf);
1234 kfree(c->oobbuf);
1235}
1236
1237int jffs2_dataflash_setup(struct jffs2_sb_info *c) {
1238 c->cleanmarker_size = 0; /* No cleanmarkers needed */
1239
1240 /* Initialize write buffer */
1241 init_rwsem(&c->wbuf_sem);
1242 INIT_DELAYED_WORK(&c->wbuf_dwork, delayed_wbuf_sync);
1243 c->wbuf_pagesize = c->mtd->erasesize;
1244
1245 /* Find a suitable c->sector_size
1246 * - Not too much sectors
1247 * - Sectors have to be at least 4 K + some bytes
1248 * - All known dataflashes have erase sizes of 528 or 1056
1249 * - we take at least 8 eraseblocks and want to have at least 8K size
1250 * - The concatenation should be a power of 2
1251 */
1252
1253 c->sector_size = 8 * c->mtd->erasesize;
1254
1255 while (c->sector_size < 8192) {
1256 c->sector_size *= 2;
1257 }
1258
1259 /* It may be necessary to adjust the flash size */
1260 c->flash_size = c->mtd->size;
1261
1262 if ((c->flash_size % c->sector_size) != 0) {
1263 c->flash_size = (c->flash_size / c->sector_size) * c->sector_size;
1264 pr_warn("flash size adjusted to %dKiB\n", c->flash_size);
1265 }
1266
1267 c->wbuf_ofs = 0xFFFFFFFF;
1268 c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1269 if (!c->wbuf)
1270 return -ENOMEM;
1271
1272#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1273 c->wbuf_verify = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1274 if (!c->wbuf_verify) {
1275 kfree(c->wbuf);
1276 return -ENOMEM;
1277 }
1278#endif
1279
1280 pr_info("write-buffering enabled buffer (%d) erasesize (%d)\n",
1281 c->wbuf_pagesize, c->sector_size);
1282
1283 return 0;
1284}
1285
1286void jffs2_dataflash_cleanup(struct jffs2_sb_info *c) {
1287#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1288 kfree(c->wbuf_verify);
1289#endif
1290 kfree(c->wbuf);
1291}
1292
1293int jffs2_nor_wbuf_flash_setup(struct jffs2_sb_info *c) {
1294 /* Cleanmarker currently occupies whole programming regions,
1295 * either one or 2 for 8Byte STMicro flashes. */
1296 c->cleanmarker_size = max(16u, c->mtd->writesize);
1297
1298 /* Initialize write buffer */
1299 init_rwsem(&c->wbuf_sem);
1300 INIT_DELAYED_WORK(&c->wbuf_dwork, delayed_wbuf_sync);
1301
1302 c->wbuf_pagesize = c->mtd->writesize;
1303 c->wbuf_ofs = 0xFFFFFFFF;
1304
1305 c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1306 if (!c->wbuf)
1307 return -ENOMEM;
1308
1309#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1310 c->wbuf_verify = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1311 if (!c->wbuf_verify) {
1312 kfree(c->wbuf);
1313 return -ENOMEM;
1314 }
1315#endif
1316 return 0;
1317}
1318
1319void jffs2_nor_wbuf_flash_cleanup(struct jffs2_sb_info *c) {
1320#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1321 kfree(c->wbuf_verify);
1322#endif
1323 kfree(c->wbuf);
1324}
1325
1326int jffs2_ubivol_setup(struct jffs2_sb_info *c) {
1327 c->cleanmarker_size = 0;
1328
1329 if (c->mtd->writesize == 1)
1330 /* We do not need write-buffer */
1331 return 0;
1332
1333 init_rwsem(&c->wbuf_sem);
1334 INIT_DELAYED_WORK(&c->wbuf_dwork, delayed_wbuf_sync);
1335
1336 c->wbuf_pagesize = c->mtd->writesize;
1337 c->wbuf_ofs = 0xFFFFFFFF;
1338 c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1339 if (!c->wbuf)
1340 return -ENOMEM;
1341
1342 pr_info("write-buffering enabled buffer (%d) erasesize (%d)\n",
1343 c->wbuf_pagesize, c->sector_size);
1344
1345 return 0;
1346}
1347
1348void jffs2_ubivol_cleanup(struct jffs2_sb_info *c) {
1349 kfree(c->wbuf);
1350}
1/*
2 * JFFS2 -- Journalling Flash File System, Version 2.
3 *
4 * Copyright © 2001-2007 Red Hat, Inc.
5 * Copyright © 2004 Thomas Gleixner <tglx@linutronix.de>
6 *
7 * Created by David Woodhouse <dwmw2@infradead.org>
8 * Modified debugged and enhanced by Thomas Gleixner <tglx@linutronix.de>
9 *
10 * For licensing information, see the file 'LICENCE' in this directory.
11 *
12 */
13
14#include <linux/kernel.h>
15#include <linux/slab.h>
16#include <linux/mtd/mtd.h>
17#include <linux/crc32.h>
18#include <linux/mtd/nand.h>
19#include <linux/jiffies.h>
20#include <linux/sched.h>
21
22#include "nodelist.h"
23
24/* For testing write failures */
25#undef BREAKME
26#undef BREAKMEHEADER
27
28#ifdef BREAKME
29static unsigned char *brokenbuf;
30#endif
31
32#define PAGE_DIV(x) ( ((unsigned long)(x) / (unsigned long)(c->wbuf_pagesize)) * (unsigned long)(c->wbuf_pagesize) )
33#define PAGE_MOD(x) ( (unsigned long)(x) % (unsigned long)(c->wbuf_pagesize) )
34
35/* max. erase failures before we mark a block bad */
36#define MAX_ERASE_FAILURES 2
37
38struct jffs2_inodirty {
39 uint32_t ino;
40 struct jffs2_inodirty *next;
41};
42
43static struct jffs2_inodirty inodirty_nomem;
44
45static int jffs2_wbuf_pending_for_ino(struct jffs2_sb_info *c, uint32_t ino)
46{
47 struct jffs2_inodirty *this = c->wbuf_inodes;
48
49 /* If a malloc failed, consider _everything_ dirty */
50 if (this == &inodirty_nomem)
51 return 1;
52
53 /* If ino == 0, _any_ non-GC writes mean 'yes' */
54 if (this && !ino)
55 return 1;
56
57 /* Look to see if the inode in question is pending in the wbuf */
58 while (this) {
59 if (this->ino == ino)
60 return 1;
61 this = this->next;
62 }
63 return 0;
64}
65
66static void jffs2_clear_wbuf_ino_list(struct jffs2_sb_info *c)
67{
68 struct jffs2_inodirty *this;
69
70 this = c->wbuf_inodes;
71
72 if (this != &inodirty_nomem) {
73 while (this) {
74 struct jffs2_inodirty *next = this->next;
75 kfree(this);
76 this = next;
77 }
78 }
79 c->wbuf_inodes = NULL;
80}
81
82static void jffs2_wbuf_dirties_inode(struct jffs2_sb_info *c, uint32_t ino)
83{
84 struct jffs2_inodirty *new;
85
86 /* Mark the superblock dirty so that kupdated will flush... */
87 jffs2_dirty_trigger(c);
88
89 if (jffs2_wbuf_pending_for_ino(c, ino))
90 return;
91
92 new = kmalloc(sizeof(*new), GFP_KERNEL);
93 if (!new) {
94 D1(printk(KERN_DEBUG "No memory to allocate inodirty. Fallback to all considered dirty\n"));
95 jffs2_clear_wbuf_ino_list(c);
96 c->wbuf_inodes = &inodirty_nomem;
97 return;
98 }
99 new->ino = ino;
100 new->next = c->wbuf_inodes;
101 c->wbuf_inodes = new;
102 return;
103}
104
105static inline void jffs2_refile_wbuf_blocks(struct jffs2_sb_info *c)
106{
107 struct list_head *this, *next;
108 static int n;
109
110 if (list_empty(&c->erasable_pending_wbuf_list))
111 return;
112
113 list_for_each_safe(this, next, &c->erasable_pending_wbuf_list) {
114 struct jffs2_eraseblock *jeb = list_entry(this, struct jffs2_eraseblock, list);
115
116 D1(printk(KERN_DEBUG "Removing eraseblock at 0x%08x from erasable_pending_wbuf_list...\n", jeb->offset));
117 list_del(this);
118 if ((jiffies + (n++)) & 127) {
119 /* Most of the time, we just erase it immediately. Otherwise we
120 spend ages scanning it on mount, etc. */
121 D1(printk(KERN_DEBUG "...and adding to erase_pending_list\n"));
122 list_add_tail(&jeb->list, &c->erase_pending_list);
123 c->nr_erasing_blocks++;
124 jffs2_garbage_collect_trigger(c);
125 } else {
126 /* Sometimes, however, we leave it elsewhere so it doesn't get
127 immediately reused, and we spread the load a bit. */
128 D1(printk(KERN_DEBUG "...and adding to erasable_list\n"));
129 list_add_tail(&jeb->list, &c->erasable_list);
130 }
131 }
132}
133
134#define REFILE_NOTEMPTY 0
135#define REFILE_ANYWAY 1
136
137static void jffs2_block_refile(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, int allow_empty)
138{
139 D1(printk("About to refile bad block at %08x\n", jeb->offset));
140
141 /* File the existing block on the bad_used_list.... */
142 if (c->nextblock == jeb)
143 c->nextblock = NULL;
144 else /* Not sure this should ever happen... need more coffee */
145 list_del(&jeb->list);
146 if (jeb->first_node) {
147 D1(printk("Refiling block at %08x to bad_used_list\n", jeb->offset));
148 list_add(&jeb->list, &c->bad_used_list);
149 } else {
150 BUG_ON(allow_empty == REFILE_NOTEMPTY);
151 /* It has to have had some nodes or we couldn't be here */
152 D1(printk("Refiling block at %08x to erase_pending_list\n", jeb->offset));
153 list_add(&jeb->list, &c->erase_pending_list);
154 c->nr_erasing_blocks++;
155 jffs2_garbage_collect_trigger(c);
156 }
157
158 if (!jffs2_prealloc_raw_node_refs(c, jeb, 1)) {
159 uint32_t oldfree = jeb->free_size;
160
161 jffs2_link_node_ref(c, jeb,
162 (jeb->offset+c->sector_size-oldfree) | REF_OBSOLETE,
163 oldfree, NULL);
164 /* convert to wasted */
165 c->wasted_size += oldfree;
166 jeb->wasted_size += oldfree;
167 c->dirty_size -= oldfree;
168 jeb->dirty_size -= oldfree;
169 }
170
171 jffs2_dbg_dump_block_lists_nolock(c);
172 jffs2_dbg_acct_sanity_check_nolock(c,jeb);
173 jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
174}
175
176static struct jffs2_raw_node_ref **jffs2_incore_replace_raw(struct jffs2_sb_info *c,
177 struct jffs2_inode_info *f,
178 struct jffs2_raw_node_ref *raw,
179 union jffs2_node_union *node)
180{
181 struct jffs2_node_frag *frag;
182 struct jffs2_full_dirent *fd;
183
184 dbg_noderef("incore_replace_raw: node at %p is {%04x,%04x}\n",
185 node, je16_to_cpu(node->u.magic), je16_to_cpu(node->u.nodetype));
186
187 BUG_ON(je16_to_cpu(node->u.magic) != 0x1985 &&
188 je16_to_cpu(node->u.magic) != 0);
189
190 switch (je16_to_cpu(node->u.nodetype)) {
191 case JFFS2_NODETYPE_INODE:
192 if (f->metadata && f->metadata->raw == raw) {
193 dbg_noderef("Will replace ->raw in f->metadata at %p\n", f->metadata);
194 return &f->metadata->raw;
195 }
196 frag = jffs2_lookup_node_frag(&f->fragtree, je32_to_cpu(node->i.offset));
197 BUG_ON(!frag);
198 /* Find a frag which refers to the full_dnode we want to modify */
199 while (!frag->node || frag->node->raw != raw) {
200 frag = frag_next(frag);
201 BUG_ON(!frag);
202 }
203 dbg_noderef("Will replace ->raw in full_dnode at %p\n", frag->node);
204 return &frag->node->raw;
205
206 case JFFS2_NODETYPE_DIRENT:
207 for (fd = f->dents; fd; fd = fd->next) {
208 if (fd->raw == raw) {
209 dbg_noderef("Will replace ->raw in full_dirent at %p\n", fd);
210 return &fd->raw;
211 }
212 }
213 BUG();
214
215 default:
216 dbg_noderef("Don't care about replacing raw for nodetype %x\n",
217 je16_to_cpu(node->u.nodetype));
218 break;
219 }
220 return NULL;
221}
222
223#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
224static int jffs2_verify_write(struct jffs2_sb_info *c, unsigned char *buf,
225 uint32_t ofs)
226{
227 int ret;
228 size_t retlen;
229 char *eccstr;
230
231 ret = c->mtd->read(c->mtd, ofs, c->wbuf_pagesize, &retlen, c->wbuf_verify);
232 if (ret && ret != -EUCLEAN && ret != -EBADMSG) {
233 printk(KERN_WARNING "jffs2_verify_write(): Read back of page at %08x failed: %d\n", c->wbuf_ofs, ret);
234 return ret;
235 } else if (retlen != c->wbuf_pagesize) {
236 printk(KERN_WARNING "jffs2_verify_write(): Read back of page at %08x gave short read: %zd not %d.\n", ofs, retlen, c->wbuf_pagesize);
237 return -EIO;
238 }
239 if (!memcmp(buf, c->wbuf_verify, c->wbuf_pagesize))
240 return 0;
241
242 if (ret == -EUCLEAN)
243 eccstr = "corrected";
244 else if (ret == -EBADMSG)
245 eccstr = "correction failed";
246 else
247 eccstr = "OK or unused";
248
249 printk(KERN_WARNING "Write verify error (ECC %s) at %08x. Wrote:\n",
250 eccstr, c->wbuf_ofs);
251 print_hex_dump(KERN_WARNING, "", DUMP_PREFIX_OFFSET, 16, 1,
252 c->wbuf, c->wbuf_pagesize, 0);
253
254 printk(KERN_WARNING "Read back:\n");
255 print_hex_dump(KERN_WARNING, "", DUMP_PREFIX_OFFSET, 16, 1,
256 c->wbuf_verify, c->wbuf_pagesize, 0);
257
258 return -EIO;
259}
260#else
261#define jffs2_verify_write(c,b,o) (0)
262#endif
263
264/* Recover from failure to write wbuf. Recover the nodes up to the
265 * wbuf, not the one which we were starting to try to write. */
266
267static void jffs2_wbuf_recover(struct jffs2_sb_info *c)
268{
269 struct jffs2_eraseblock *jeb, *new_jeb;
270 struct jffs2_raw_node_ref *raw, *next, *first_raw = NULL;
271 size_t retlen;
272 int ret;
273 int nr_refile = 0;
274 unsigned char *buf;
275 uint32_t start, end, ofs, len;
276
277 jeb = &c->blocks[c->wbuf_ofs / c->sector_size];
278
279 spin_lock(&c->erase_completion_lock);
280 if (c->wbuf_ofs % c->mtd->erasesize)
281 jffs2_block_refile(c, jeb, REFILE_NOTEMPTY);
282 else
283 jffs2_block_refile(c, jeb, REFILE_ANYWAY);
284 spin_unlock(&c->erase_completion_lock);
285
286 BUG_ON(!ref_obsolete(jeb->last_node));
287
288 /* Find the first node to be recovered, by skipping over every
289 node which ends before the wbuf starts, or which is obsolete. */
290 for (next = raw = jeb->first_node; next; raw = next) {
291 next = ref_next(raw);
292
293 if (ref_obsolete(raw) ||
294 (next && ref_offset(next) <= c->wbuf_ofs)) {
295 dbg_noderef("Skipping node at 0x%08x(%d)-0x%08x which is either before 0x%08x or obsolete\n",
296 ref_offset(raw), ref_flags(raw),
297 (ref_offset(raw) + ref_totlen(c, jeb, raw)),
298 c->wbuf_ofs);
299 continue;
300 }
301 dbg_noderef("First node to be recovered is at 0x%08x(%d)-0x%08x\n",
302 ref_offset(raw), ref_flags(raw),
303 (ref_offset(raw) + ref_totlen(c, jeb, raw)));
304
305 first_raw = raw;
306 break;
307 }
308
309 if (!first_raw) {
310 /* All nodes were obsolete. Nothing to recover. */
311 D1(printk(KERN_DEBUG "No non-obsolete nodes to be recovered. Just filing block bad\n"));
312 c->wbuf_len = 0;
313 return;
314 }
315
316 start = ref_offset(first_raw);
317 end = ref_offset(jeb->last_node);
318 nr_refile = 1;
319
320 /* Count the number of refs which need to be copied */
321 while ((raw = ref_next(raw)) != jeb->last_node)
322 nr_refile++;
323
324 dbg_noderef("wbuf recover %08x-%08x (%d bytes in %d nodes)\n",
325 start, end, end - start, nr_refile);
326
327 buf = NULL;
328 if (start < c->wbuf_ofs) {
329 /* First affected node was already partially written.
330 * Attempt to reread the old data into our buffer. */
331
332 buf = kmalloc(end - start, GFP_KERNEL);
333 if (!buf) {
334 printk(KERN_CRIT "Malloc failure in wbuf recovery. Data loss ensues.\n");
335
336 goto read_failed;
337 }
338
339 /* Do the read... */
340 ret = c->mtd->read(c->mtd, start, c->wbuf_ofs - start, &retlen, buf);
341
342 /* ECC recovered ? */
343 if ((ret == -EUCLEAN || ret == -EBADMSG) &&
344 (retlen == c->wbuf_ofs - start))
345 ret = 0;
346
347 if (ret || retlen != c->wbuf_ofs - start) {
348 printk(KERN_CRIT "Old data are already lost in wbuf recovery. Data loss ensues.\n");
349
350 kfree(buf);
351 buf = NULL;
352 read_failed:
353 first_raw = ref_next(first_raw);
354 nr_refile--;
355 while (first_raw && ref_obsolete(first_raw)) {
356 first_raw = ref_next(first_raw);
357 nr_refile--;
358 }
359
360 /* If this was the only node to be recovered, give up */
361 if (!first_raw) {
362 c->wbuf_len = 0;
363 return;
364 }
365
366 /* It wasn't. Go on and try to recover nodes complete in the wbuf */
367 start = ref_offset(first_raw);
368 dbg_noderef("wbuf now recover %08x-%08x (%d bytes in %d nodes)\n",
369 start, end, end - start, nr_refile);
370
371 } else {
372 /* Read succeeded. Copy the remaining data from the wbuf */
373 memcpy(buf + (c->wbuf_ofs - start), c->wbuf, end - c->wbuf_ofs);
374 }
375 }
376 /* OK... we're to rewrite (end-start) bytes of data from first_raw onwards.
377 Either 'buf' contains the data, or we find it in the wbuf */
378
379 /* ... and get an allocation of space from a shiny new block instead */
380 ret = jffs2_reserve_space_gc(c, end-start, &len, JFFS2_SUMMARY_NOSUM_SIZE);
381 if (ret) {
382 printk(KERN_WARNING "Failed to allocate space for wbuf recovery. Data loss ensues.\n");
383 kfree(buf);
384 return;
385 }
386
387 /* The summary is not recovered, so it must be disabled for this erase block */
388 jffs2_sum_disable_collecting(c->summary);
389
390 ret = jffs2_prealloc_raw_node_refs(c, c->nextblock, nr_refile);
391 if (ret) {
392 printk(KERN_WARNING "Failed to allocate node refs for wbuf recovery. Data loss ensues.\n");
393 kfree(buf);
394 return;
395 }
396
397 ofs = write_ofs(c);
398
399 if (end-start >= c->wbuf_pagesize) {
400 /* Need to do another write immediately, but it's possible
401 that this is just because the wbuf itself is completely
402 full, and there's nothing earlier read back from the
403 flash. Hence 'buf' isn't necessarily what we're writing
404 from. */
405 unsigned char *rewrite_buf = buf?:c->wbuf;
406 uint32_t towrite = (end-start) - ((end-start)%c->wbuf_pagesize);
407
408 D1(printk(KERN_DEBUG "Write 0x%x bytes at 0x%08x in wbuf recover\n",
409 towrite, ofs));
410
411#ifdef BREAKMEHEADER
412 static int breakme;
413 if (breakme++ == 20) {
414 printk(KERN_NOTICE "Faking write error at 0x%08x\n", ofs);
415 breakme = 0;
416 c->mtd->write(c->mtd, ofs, towrite, &retlen,
417 brokenbuf);
418 ret = -EIO;
419 } else
420#endif
421 ret = c->mtd->write(c->mtd, ofs, towrite, &retlen,
422 rewrite_buf);
423
424 if (ret || retlen != towrite || jffs2_verify_write(c, rewrite_buf, ofs)) {
425 /* Argh. We tried. Really we did. */
426 printk(KERN_CRIT "Recovery of wbuf failed due to a second write error\n");
427 kfree(buf);
428
429 if (retlen)
430 jffs2_add_physical_node_ref(c, ofs | REF_OBSOLETE, ref_totlen(c, jeb, first_raw), NULL);
431
432 return;
433 }
434 printk(KERN_NOTICE "Recovery of wbuf succeeded to %08x\n", ofs);
435
436 c->wbuf_len = (end - start) - towrite;
437 c->wbuf_ofs = ofs + towrite;
438 memmove(c->wbuf, rewrite_buf + towrite, c->wbuf_len);
439 /* Don't muck about with c->wbuf_inodes. False positives are harmless. */
440 } else {
441 /* OK, now we're left with the dregs in whichever buffer we're using */
442 if (buf) {
443 memcpy(c->wbuf, buf, end-start);
444 } else {
445 memmove(c->wbuf, c->wbuf + (start - c->wbuf_ofs), end - start);
446 }
447 c->wbuf_ofs = ofs;
448 c->wbuf_len = end - start;
449 }
450
451 /* Now sort out the jffs2_raw_node_refs, moving them from the old to the next block */
452 new_jeb = &c->blocks[ofs / c->sector_size];
453
454 spin_lock(&c->erase_completion_lock);
455 for (raw = first_raw; raw != jeb->last_node; raw = ref_next(raw)) {
456 uint32_t rawlen = ref_totlen(c, jeb, raw);
457 struct jffs2_inode_cache *ic;
458 struct jffs2_raw_node_ref *new_ref;
459 struct jffs2_raw_node_ref **adjust_ref = NULL;
460 struct jffs2_inode_info *f = NULL;
461
462 D1(printk(KERN_DEBUG "Refiling block of %08x at %08x(%d) to %08x\n",
463 rawlen, ref_offset(raw), ref_flags(raw), ofs));
464
465 ic = jffs2_raw_ref_to_ic(raw);
466
467 /* Ick. This XATTR mess should be fixed shortly... */
468 if (ic && ic->class == RAWNODE_CLASS_XATTR_DATUM) {
469 struct jffs2_xattr_datum *xd = (void *)ic;
470 BUG_ON(xd->node != raw);
471 adjust_ref = &xd->node;
472 raw->next_in_ino = NULL;
473 ic = NULL;
474 } else if (ic && ic->class == RAWNODE_CLASS_XATTR_REF) {
475 struct jffs2_xattr_datum *xr = (void *)ic;
476 BUG_ON(xr->node != raw);
477 adjust_ref = &xr->node;
478 raw->next_in_ino = NULL;
479 ic = NULL;
480 } else if (ic && ic->class == RAWNODE_CLASS_INODE_CACHE) {
481 struct jffs2_raw_node_ref **p = &ic->nodes;
482
483 /* Remove the old node from the per-inode list */
484 while (*p && *p != (void *)ic) {
485 if (*p == raw) {
486 (*p) = (raw->next_in_ino);
487 raw->next_in_ino = NULL;
488 break;
489 }
490 p = &((*p)->next_in_ino);
491 }
492
493 if (ic->state == INO_STATE_PRESENT && !ref_obsolete(raw)) {
494 /* If it's an in-core inode, then we have to adjust any
495 full_dirent or full_dnode structure to point to the
496 new version instead of the old */
497 f = jffs2_gc_fetch_inode(c, ic->ino, !ic->pino_nlink);
498 if (IS_ERR(f)) {
499 /* Should never happen; it _must_ be present */
500 JFFS2_ERROR("Failed to iget() ino #%u, err %ld\n",
501 ic->ino, PTR_ERR(f));
502 BUG();
503 }
504 /* We don't lock f->sem. There's a number of ways we could
505 end up in here with it already being locked, and nobody's
506 going to modify it on us anyway because we hold the
507 alloc_sem. We're only changing one ->raw pointer too,
508 which we can get away with without upsetting readers. */
509 adjust_ref = jffs2_incore_replace_raw(c, f, raw,
510 (void *)(buf?:c->wbuf) + (ref_offset(raw) - start));
511 } else if (unlikely(ic->state != INO_STATE_PRESENT &&
512 ic->state != INO_STATE_CHECKEDABSENT &&
513 ic->state != INO_STATE_GC)) {
514 JFFS2_ERROR("Inode #%u is in strange state %d!\n", ic->ino, ic->state);
515 BUG();
516 }
517 }
518
519 new_ref = jffs2_link_node_ref(c, new_jeb, ofs | ref_flags(raw), rawlen, ic);
520
521 if (adjust_ref) {
522 BUG_ON(*adjust_ref != raw);
523 *adjust_ref = new_ref;
524 }
525 if (f)
526 jffs2_gc_release_inode(c, f);
527
528 if (!ref_obsolete(raw)) {
529 jeb->dirty_size += rawlen;
530 jeb->used_size -= rawlen;
531 c->dirty_size += rawlen;
532 c->used_size -= rawlen;
533 raw->flash_offset = ref_offset(raw) | REF_OBSOLETE;
534 BUG_ON(raw->next_in_ino);
535 }
536 ofs += rawlen;
537 }
538
539 kfree(buf);
540
541 /* Fix up the original jeb now it's on the bad_list */
542 if (first_raw == jeb->first_node) {
543 D1(printk(KERN_DEBUG "Failing block at %08x is now empty. Moving to erase_pending_list\n", jeb->offset));
544 list_move(&jeb->list, &c->erase_pending_list);
545 c->nr_erasing_blocks++;
546 jffs2_garbage_collect_trigger(c);
547 }
548
549 jffs2_dbg_acct_sanity_check_nolock(c, jeb);
550 jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
551
552 jffs2_dbg_acct_sanity_check_nolock(c, new_jeb);
553 jffs2_dbg_acct_paranoia_check_nolock(c, new_jeb);
554
555 spin_unlock(&c->erase_completion_lock);
556
557 D1(printk(KERN_DEBUG "wbuf recovery completed OK. wbuf_ofs 0x%08x, len 0x%x\n", c->wbuf_ofs, c->wbuf_len));
558
559}
560
561/* Meaning of pad argument:
562 0: Do not pad. Probably pointless - we only ever use this when we can't pad anyway.
563 1: Pad, do not adjust nextblock free_size
564 2: Pad, adjust nextblock free_size
565*/
566#define NOPAD 0
567#define PAD_NOACCOUNT 1
568#define PAD_ACCOUNTING 2
569
570static int __jffs2_flush_wbuf(struct jffs2_sb_info *c, int pad)
571{
572 struct jffs2_eraseblock *wbuf_jeb;
573 int ret;
574 size_t retlen;
575
576 /* Nothing to do if not write-buffering the flash. In particular, we shouldn't
577 del_timer() the timer we never initialised. */
578 if (!jffs2_is_writebuffered(c))
579 return 0;
580
581 if (mutex_trylock(&c->alloc_sem)) {
582 mutex_unlock(&c->alloc_sem);
583 printk(KERN_CRIT "jffs2_flush_wbuf() called with alloc_sem not locked!\n");
584 BUG();
585 }
586
587 if (!c->wbuf_len) /* already checked c->wbuf above */
588 return 0;
589
590 wbuf_jeb = &c->blocks[c->wbuf_ofs / c->sector_size];
591 if (jffs2_prealloc_raw_node_refs(c, wbuf_jeb, c->nextblock->allocated_refs + 1))
592 return -ENOMEM;
593
594 /* claim remaining space on the page
595 this happens, if we have a change to a new block,
596 or if fsync forces us to flush the writebuffer.
597 if we have a switch to next page, we will not have
598 enough remaining space for this.
599 */
600 if (pad ) {
601 c->wbuf_len = PAD(c->wbuf_len);
602
603 /* Pad with JFFS2_DIRTY_BITMASK initially. this helps out ECC'd NOR
604 with 8 byte page size */
605 memset(c->wbuf + c->wbuf_len, 0, c->wbuf_pagesize - c->wbuf_len);
606
607 if ( c->wbuf_len + sizeof(struct jffs2_unknown_node) < c->wbuf_pagesize) {
608 struct jffs2_unknown_node *padnode = (void *)(c->wbuf + c->wbuf_len);
609 padnode->magic = cpu_to_je16(JFFS2_MAGIC_BITMASK);
610 padnode->nodetype = cpu_to_je16(JFFS2_NODETYPE_PADDING);
611 padnode->totlen = cpu_to_je32(c->wbuf_pagesize - c->wbuf_len);
612 padnode->hdr_crc = cpu_to_je32(crc32(0, padnode, sizeof(*padnode)-4));
613 }
614 }
615 /* else jffs2_flash_writev has actually filled in the rest of the
616 buffer for us, and will deal with the node refs etc. later. */
617
618#ifdef BREAKME
619 static int breakme;
620 if (breakme++ == 20) {
621 printk(KERN_NOTICE "Faking write error at 0x%08x\n", c->wbuf_ofs);
622 breakme = 0;
623 c->mtd->write(c->mtd, c->wbuf_ofs, c->wbuf_pagesize, &retlen,
624 brokenbuf);
625 ret = -EIO;
626 } else
627#endif
628
629 ret = c->mtd->write(c->mtd, c->wbuf_ofs, c->wbuf_pagesize, &retlen, c->wbuf);
630
631 if (ret) {
632 printk(KERN_WARNING "jffs2_flush_wbuf(): Write failed with %d\n", ret);
633 goto wfail;
634 } else if (retlen != c->wbuf_pagesize) {
635 printk(KERN_WARNING "jffs2_flush_wbuf(): Write was short: %zd instead of %d\n",
636 retlen, c->wbuf_pagesize);
637 ret = -EIO;
638 goto wfail;
639 } else if ((ret = jffs2_verify_write(c, c->wbuf, c->wbuf_ofs))) {
640 wfail:
641 jffs2_wbuf_recover(c);
642
643 return ret;
644 }
645
646 /* Adjust free size of the block if we padded. */
647 if (pad) {
648 uint32_t waste = c->wbuf_pagesize - c->wbuf_len;
649
650 D1(printk(KERN_DEBUG "jffs2_flush_wbuf() adjusting free_size of %sblock at %08x\n",
651 (wbuf_jeb==c->nextblock)?"next":"", wbuf_jeb->offset));
652
653 /* wbuf_pagesize - wbuf_len is the amount of space that's to be
654 padded. If there is less free space in the block than that,
655 something screwed up */
656 if (wbuf_jeb->free_size < waste) {
657 printk(KERN_CRIT "jffs2_flush_wbuf(): Accounting error. wbuf at 0x%08x has 0x%03x bytes, 0x%03x left.\n",
658 c->wbuf_ofs, c->wbuf_len, waste);
659 printk(KERN_CRIT "jffs2_flush_wbuf(): But free_size for block at 0x%08x is only 0x%08x\n",
660 wbuf_jeb->offset, wbuf_jeb->free_size);
661 BUG();
662 }
663
664 spin_lock(&c->erase_completion_lock);
665
666 jffs2_link_node_ref(c, wbuf_jeb, (c->wbuf_ofs + c->wbuf_len) | REF_OBSOLETE, waste, NULL);
667 /* FIXME: that made it count as dirty. Convert to wasted */
668 wbuf_jeb->dirty_size -= waste;
669 c->dirty_size -= waste;
670 wbuf_jeb->wasted_size += waste;
671 c->wasted_size += waste;
672 } else
673 spin_lock(&c->erase_completion_lock);
674
675 /* Stick any now-obsoleted blocks on the erase_pending_list */
676 jffs2_refile_wbuf_blocks(c);
677 jffs2_clear_wbuf_ino_list(c);
678 spin_unlock(&c->erase_completion_lock);
679
680 memset(c->wbuf,0xff,c->wbuf_pagesize);
681 /* adjust write buffer offset, else we get a non contiguous write bug */
682 c->wbuf_ofs += c->wbuf_pagesize;
683 c->wbuf_len = 0;
684 return 0;
685}
686
687/* Trigger garbage collection to flush the write-buffer.
688 If ino arg is zero, do it if _any_ real (i.e. not GC) writes are
689 outstanding. If ino arg non-zero, do it only if a write for the
690 given inode is outstanding. */
691int jffs2_flush_wbuf_gc(struct jffs2_sb_info *c, uint32_t ino)
692{
693 uint32_t old_wbuf_ofs;
694 uint32_t old_wbuf_len;
695 int ret = 0;
696
697 D1(printk(KERN_DEBUG "jffs2_flush_wbuf_gc() called for ino #%u...\n", ino));
698
699 if (!c->wbuf)
700 return 0;
701
702 mutex_lock(&c->alloc_sem);
703 if (!jffs2_wbuf_pending_for_ino(c, ino)) {
704 D1(printk(KERN_DEBUG "Ino #%d not pending in wbuf. Returning\n", ino));
705 mutex_unlock(&c->alloc_sem);
706 return 0;
707 }
708
709 old_wbuf_ofs = c->wbuf_ofs;
710 old_wbuf_len = c->wbuf_len;
711
712 if (c->unchecked_size) {
713 /* GC won't make any progress for a while */
714 D1(printk(KERN_DEBUG "jffs2_flush_wbuf_gc() padding. Not finished checking\n"));
715 down_write(&c->wbuf_sem);
716 ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
717 /* retry flushing wbuf in case jffs2_wbuf_recover
718 left some data in the wbuf */
719 if (ret)
720 ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
721 up_write(&c->wbuf_sem);
722 } else while (old_wbuf_len &&
723 old_wbuf_ofs == c->wbuf_ofs) {
724
725 mutex_unlock(&c->alloc_sem);
726
727 D1(printk(KERN_DEBUG "jffs2_flush_wbuf_gc() calls gc pass\n"));
728
729 ret = jffs2_garbage_collect_pass(c);
730 if (ret) {
731 /* GC failed. Flush it with padding instead */
732 mutex_lock(&c->alloc_sem);
733 down_write(&c->wbuf_sem);
734 ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
735 /* retry flushing wbuf in case jffs2_wbuf_recover
736 left some data in the wbuf */
737 if (ret)
738 ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
739 up_write(&c->wbuf_sem);
740 break;
741 }
742 mutex_lock(&c->alloc_sem);
743 }
744
745 D1(printk(KERN_DEBUG "jffs2_flush_wbuf_gc() ends...\n"));
746
747 mutex_unlock(&c->alloc_sem);
748 return ret;
749}
750
751/* Pad write-buffer to end and write it, wasting space. */
752int jffs2_flush_wbuf_pad(struct jffs2_sb_info *c)
753{
754 int ret;
755
756 if (!c->wbuf)
757 return 0;
758
759 down_write(&c->wbuf_sem);
760 ret = __jffs2_flush_wbuf(c, PAD_NOACCOUNT);
761 /* retry - maybe wbuf recover left some data in wbuf. */
762 if (ret)
763 ret = __jffs2_flush_wbuf(c, PAD_NOACCOUNT);
764 up_write(&c->wbuf_sem);
765
766 return ret;
767}
768
769static size_t jffs2_fill_wbuf(struct jffs2_sb_info *c, const uint8_t *buf,
770 size_t len)
771{
772 if (len && !c->wbuf_len && (len >= c->wbuf_pagesize))
773 return 0;
774
775 if (len > (c->wbuf_pagesize - c->wbuf_len))
776 len = c->wbuf_pagesize - c->wbuf_len;
777 memcpy(c->wbuf + c->wbuf_len, buf, len);
778 c->wbuf_len += (uint32_t) len;
779 return len;
780}
781
782int jffs2_flash_writev(struct jffs2_sb_info *c, const struct kvec *invecs,
783 unsigned long count, loff_t to, size_t *retlen,
784 uint32_t ino)
785{
786 struct jffs2_eraseblock *jeb;
787 size_t wbuf_retlen, donelen = 0;
788 uint32_t outvec_to = to;
789 int ret, invec;
790
791 /* If not writebuffered flash, don't bother */
792 if (!jffs2_is_writebuffered(c))
793 return jffs2_flash_direct_writev(c, invecs, count, to, retlen);
794
795 down_write(&c->wbuf_sem);
796
797 /* If wbuf_ofs is not initialized, set it to target address */
798 if (c->wbuf_ofs == 0xFFFFFFFF) {
799 c->wbuf_ofs = PAGE_DIV(to);
800 c->wbuf_len = PAGE_MOD(to);
801 memset(c->wbuf,0xff,c->wbuf_pagesize);
802 }
803
804 /*
805 * Sanity checks on target address. It's permitted to write
806 * at PAD(c->wbuf_len+c->wbuf_ofs), and it's permitted to
807 * write at the beginning of a new erase block. Anything else,
808 * and you die. New block starts at xxx000c (0-b = block
809 * header)
810 */
811 if (SECTOR_ADDR(to) != SECTOR_ADDR(c->wbuf_ofs)) {
812 /* It's a write to a new block */
813 if (c->wbuf_len) {
814 D1(printk(KERN_DEBUG "jffs2_flash_writev() to 0x%lx "
815 "causes flush of wbuf at 0x%08x\n",
816 (unsigned long)to, c->wbuf_ofs));
817 ret = __jffs2_flush_wbuf(c, PAD_NOACCOUNT);
818 if (ret)
819 goto outerr;
820 }
821 /* set pointer to new block */
822 c->wbuf_ofs = PAGE_DIV(to);
823 c->wbuf_len = PAGE_MOD(to);
824 }
825
826 if (to != PAD(c->wbuf_ofs + c->wbuf_len)) {
827 /* We're not writing immediately after the writebuffer. Bad. */
828 printk(KERN_CRIT "jffs2_flash_writev(): Non-contiguous write "
829 "to %08lx\n", (unsigned long)to);
830 if (c->wbuf_len)
831 printk(KERN_CRIT "wbuf was previously %08x-%08x\n",
832 c->wbuf_ofs, c->wbuf_ofs+c->wbuf_len);
833 BUG();
834 }
835
836 /* adjust alignment offset */
837 if (c->wbuf_len != PAGE_MOD(to)) {
838 c->wbuf_len = PAGE_MOD(to);
839 /* take care of alignment to next page */
840 if (!c->wbuf_len) {
841 c->wbuf_len = c->wbuf_pagesize;
842 ret = __jffs2_flush_wbuf(c, NOPAD);
843 if (ret)
844 goto outerr;
845 }
846 }
847
848 for (invec = 0; invec < count; invec++) {
849 int vlen = invecs[invec].iov_len;
850 uint8_t *v = invecs[invec].iov_base;
851
852 wbuf_retlen = jffs2_fill_wbuf(c, v, vlen);
853
854 if (c->wbuf_len == c->wbuf_pagesize) {
855 ret = __jffs2_flush_wbuf(c, NOPAD);
856 if (ret)
857 goto outerr;
858 }
859 vlen -= wbuf_retlen;
860 outvec_to += wbuf_retlen;
861 donelen += wbuf_retlen;
862 v += wbuf_retlen;
863
864 if (vlen >= c->wbuf_pagesize) {
865 ret = c->mtd->write(c->mtd, outvec_to, PAGE_DIV(vlen),
866 &wbuf_retlen, v);
867 if (ret < 0 || wbuf_retlen != PAGE_DIV(vlen))
868 goto outfile;
869
870 vlen -= wbuf_retlen;
871 outvec_to += wbuf_retlen;
872 c->wbuf_ofs = outvec_to;
873 donelen += wbuf_retlen;
874 v += wbuf_retlen;
875 }
876
877 wbuf_retlen = jffs2_fill_wbuf(c, v, vlen);
878 if (c->wbuf_len == c->wbuf_pagesize) {
879 ret = __jffs2_flush_wbuf(c, NOPAD);
880 if (ret)
881 goto outerr;
882 }
883
884 outvec_to += wbuf_retlen;
885 donelen += wbuf_retlen;
886 }
887
888 /*
889 * If there's a remainder in the wbuf and it's a non-GC write,
890 * remember that the wbuf affects this ino
891 */
892 *retlen = donelen;
893
894 if (jffs2_sum_active()) {
895 int res = jffs2_sum_add_kvec(c, invecs, count, (uint32_t) to);
896 if (res)
897 return res;
898 }
899
900 if (c->wbuf_len && ino)
901 jffs2_wbuf_dirties_inode(c, ino);
902
903 ret = 0;
904 up_write(&c->wbuf_sem);
905 return ret;
906
907outfile:
908 /*
909 * At this point we have no problem, c->wbuf is empty. However
910 * refile nextblock to avoid writing again to same address.
911 */
912
913 spin_lock(&c->erase_completion_lock);
914
915 jeb = &c->blocks[outvec_to / c->sector_size];
916 jffs2_block_refile(c, jeb, REFILE_ANYWAY);
917
918 spin_unlock(&c->erase_completion_lock);
919
920outerr:
921 *retlen = 0;
922 up_write(&c->wbuf_sem);
923 return ret;
924}
925
926/*
927 * This is the entry for flash write.
928 * Check, if we work on NAND FLASH, if so build an kvec and write it via vritev
929*/
930int jffs2_flash_write(struct jffs2_sb_info *c, loff_t ofs, size_t len,
931 size_t *retlen, const u_char *buf)
932{
933 struct kvec vecs[1];
934
935 if (!jffs2_is_writebuffered(c))
936 return jffs2_flash_direct_write(c, ofs, len, retlen, buf);
937
938 vecs[0].iov_base = (unsigned char *) buf;
939 vecs[0].iov_len = len;
940 return jffs2_flash_writev(c, vecs, 1, ofs, retlen, 0);
941}
942
943/*
944 Handle readback from writebuffer and ECC failure return
945*/
946int jffs2_flash_read(struct jffs2_sb_info *c, loff_t ofs, size_t len, size_t *retlen, u_char *buf)
947{
948 loff_t orbf = 0, owbf = 0, lwbf = 0;
949 int ret;
950
951 if (!jffs2_is_writebuffered(c))
952 return c->mtd->read(c->mtd, ofs, len, retlen, buf);
953
954 /* Read flash */
955 down_read(&c->wbuf_sem);
956 ret = c->mtd->read(c->mtd, ofs, len, retlen, buf);
957
958 if ( (ret == -EBADMSG || ret == -EUCLEAN) && (*retlen == len) ) {
959 if (ret == -EBADMSG)
960 printk(KERN_WARNING "mtd->read(0x%zx bytes from 0x%llx)"
961 " returned ECC error\n", len, ofs);
962 /*
963 * We have the raw data without ECC correction in the buffer,
964 * maybe we are lucky and all data or parts are correct. We
965 * check the node. If data are corrupted node check will sort
966 * it out. We keep this block, it will fail on write or erase
967 * and the we mark it bad. Or should we do that now? But we
968 * should give him a chance. Maybe we had a system crash or
969 * power loss before the ecc write or a erase was completed.
970 * So we return success. :)
971 */
972 ret = 0;
973 }
974
975 /* if no writebuffer available or write buffer empty, return */
976 if (!c->wbuf_pagesize || !c->wbuf_len)
977 goto exit;
978
979 /* if we read in a different block, return */
980 if (SECTOR_ADDR(ofs) != SECTOR_ADDR(c->wbuf_ofs))
981 goto exit;
982
983 if (ofs >= c->wbuf_ofs) {
984 owbf = (ofs - c->wbuf_ofs); /* offset in write buffer */
985 if (owbf > c->wbuf_len) /* is read beyond write buffer ? */
986 goto exit;
987 lwbf = c->wbuf_len - owbf; /* number of bytes to copy */
988 if (lwbf > len)
989 lwbf = len;
990 } else {
991 orbf = (c->wbuf_ofs - ofs); /* offset in read buffer */
992 if (orbf > len) /* is write beyond write buffer ? */
993 goto exit;
994 lwbf = len - orbf; /* number of bytes to copy */
995 if (lwbf > c->wbuf_len)
996 lwbf = c->wbuf_len;
997 }
998 if (lwbf > 0)
999 memcpy(buf+orbf,c->wbuf+owbf,lwbf);
1000
1001exit:
1002 up_read(&c->wbuf_sem);
1003 return ret;
1004}
1005
1006#define NR_OOB_SCAN_PAGES 4
1007
1008/* For historical reasons we use only 8 bytes for OOB clean marker */
1009#define OOB_CM_SIZE 8
1010
1011static const struct jffs2_unknown_node oob_cleanmarker =
1012{
1013 .magic = constant_cpu_to_je16(JFFS2_MAGIC_BITMASK),
1014 .nodetype = constant_cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER),
1015 .totlen = constant_cpu_to_je32(8)
1016};
1017
1018/*
1019 * Check, if the out of band area is empty. This function knows about the clean
1020 * marker and if it is present in OOB, treats the OOB as empty anyway.
1021 */
1022int jffs2_check_oob_empty(struct jffs2_sb_info *c,
1023 struct jffs2_eraseblock *jeb, int mode)
1024{
1025 int i, ret;
1026 int cmlen = min_t(int, c->oobavail, OOB_CM_SIZE);
1027 struct mtd_oob_ops ops;
1028
1029 ops.mode = MTD_OOB_AUTO;
1030 ops.ooblen = NR_OOB_SCAN_PAGES * c->oobavail;
1031 ops.oobbuf = c->oobbuf;
1032 ops.len = ops.ooboffs = ops.retlen = ops.oobretlen = 0;
1033 ops.datbuf = NULL;
1034
1035 ret = c->mtd->read_oob(c->mtd, jeb->offset, &ops);
1036 if (ret || ops.oobretlen != ops.ooblen) {
1037 printk(KERN_ERR "cannot read OOB for EB at %08x, requested %zd"
1038 " bytes, read %zd bytes, error %d\n",
1039 jeb->offset, ops.ooblen, ops.oobretlen, ret);
1040 if (!ret)
1041 ret = -EIO;
1042 return ret;
1043 }
1044
1045 for(i = 0; i < ops.ooblen; i++) {
1046 if (mode && i < cmlen)
1047 /* Yeah, we know about the cleanmarker */
1048 continue;
1049
1050 if (ops.oobbuf[i] != 0xFF) {
1051 D2(printk(KERN_DEBUG "Found %02x at %x in OOB for "
1052 "%08x\n", ops.oobbuf[i], i, jeb->offset));
1053 return 1;
1054 }
1055 }
1056
1057 return 0;
1058}
1059
1060/*
1061 * Check for a valid cleanmarker.
1062 * Returns: 0 if a valid cleanmarker was found
1063 * 1 if no cleanmarker was found
1064 * negative error code if an error occurred
1065 */
1066int jffs2_check_nand_cleanmarker(struct jffs2_sb_info *c,
1067 struct jffs2_eraseblock *jeb)
1068{
1069 struct mtd_oob_ops ops;
1070 int ret, cmlen = min_t(int, c->oobavail, OOB_CM_SIZE);
1071
1072 ops.mode = MTD_OOB_AUTO;
1073 ops.ooblen = cmlen;
1074 ops.oobbuf = c->oobbuf;
1075 ops.len = ops.ooboffs = ops.retlen = ops.oobretlen = 0;
1076 ops.datbuf = NULL;
1077
1078 ret = c->mtd->read_oob(c->mtd, jeb->offset, &ops);
1079 if (ret || ops.oobretlen != ops.ooblen) {
1080 printk(KERN_ERR "cannot read OOB for EB at %08x, requested %zd"
1081 " bytes, read %zd bytes, error %d\n",
1082 jeb->offset, ops.ooblen, ops.oobretlen, ret);
1083 if (!ret)
1084 ret = -EIO;
1085 return ret;
1086 }
1087
1088 return !!memcmp(&oob_cleanmarker, c->oobbuf, cmlen);
1089}
1090
1091int jffs2_write_nand_cleanmarker(struct jffs2_sb_info *c,
1092 struct jffs2_eraseblock *jeb)
1093{
1094 int ret;
1095 struct mtd_oob_ops ops;
1096 int cmlen = min_t(int, c->oobavail, OOB_CM_SIZE);
1097
1098 ops.mode = MTD_OOB_AUTO;
1099 ops.ooblen = cmlen;
1100 ops.oobbuf = (uint8_t *)&oob_cleanmarker;
1101 ops.len = ops.ooboffs = ops.retlen = ops.oobretlen = 0;
1102 ops.datbuf = NULL;
1103
1104 ret = c->mtd->write_oob(c->mtd, jeb->offset, &ops);
1105 if (ret || ops.oobretlen != ops.ooblen) {
1106 printk(KERN_ERR "cannot write OOB for EB at %08x, requested %zd"
1107 " bytes, read %zd bytes, error %d\n",
1108 jeb->offset, ops.ooblen, ops.oobretlen, ret);
1109 if (!ret)
1110 ret = -EIO;
1111 return ret;
1112 }
1113
1114 return 0;
1115}
1116
1117/*
1118 * On NAND we try to mark this block bad. If the block was erased more
1119 * than MAX_ERASE_FAILURES we mark it finally bad.
1120 * Don't care about failures. This block remains on the erase-pending
1121 * or badblock list as long as nobody manipulates the flash with
1122 * a bootloader or something like that.
1123 */
1124
1125int jffs2_write_nand_badblock(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, uint32_t bad_offset)
1126{
1127 int ret;
1128
1129 /* if the count is < max, we try to write the counter to the 2nd page oob area */
1130 if( ++jeb->bad_count < MAX_ERASE_FAILURES)
1131 return 0;
1132
1133 if (!c->mtd->block_markbad)
1134 return 1; // What else can we do?
1135
1136 printk(KERN_WARNING "JFFS2: marking eraseblock at %08x\n as bad", bad_offset);
1137 ret = c->mtd->block_markbad(c->mtd, bad_offset);
1138
1139 if (ret) {
1140 D1(printk(KERN_WARNING "jffs2_write_nand_badblock(): Write failed for block at %08x: error %d\n", jeb->offset, ret));
1141 return ret;
1142 }
1143 return 1;
1144}
1145
1146int jffs2_nand_flash_setup(struct jffs2_sb_info *c)
1147{
1148 struct nand_ecclayout *oinfo = c->mtd->ecclayout;
1149
1150 if (!c->mtd->oobsize)
1151 return 0;
1152
1153 /* Cleanmarker is out-of-band, so inline size zero */
1154 c->cleanmarker_size = 0;
1155
1156 if (!oinfo || oinfo->oobavail == 0) {
1157 printk(KERN_ERR "inconsistent device description\n");
1158 return -EINVAL;
1159 }
1160
1161 D1(printk(KERN_DEBUG "JFFS2 using OOB on NAND\n"));
1162
1163 c->oobavail = oinfo->oobavail;
1164
1165 /* Initialise write buffer */
1166 init_rwsem(&c->wbuf_sem);
1167 c->wbuf_pagesize = c->mtd->writesize;
1168 c->wbuf_ofs = 0xFFFFFFFF;
1169
1170 c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1171 if (!c->wbuf)
1172 return -ENOMEM;
1173
1174 c->oobbuf = kmalloc(NR_OOB_SCAN_PAGES * c->oobavail, GFP_KERNEL);
1175 if (!c->oobbuf) {
1176 kfree(c->wbuf);
1177 return -ENOMEM;
1178 }
1179
1180#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1181 c->wbuf_verify = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1182 if (!c->wbuf_verify) {
1183 kfree(c->oobbuf);
1184 kfree(c->wbuf);
1185 return -ENOMEM;
1186 }
1187#endif
1188 return 0;
1189}
1190
1191void jffs2_nand_flash_cleanup(struct jffs2_sb_info *c)
1192{
1193#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1194 kfree(c->wbuf_verify);
1195#endif
1196 kfree(c->wbuf);
1197 kfree(c->oobbuf);
1198}
1199
1200int jffs2_dataflash_setup(struct jffs2_sb_info *c) {
1201 c->cleanmarker_size = 0; /* No cleanmarkers needed */
1202
1203 /* Initialize write buffer */
1204 init_rwsem(&c->wbuf_sem);
1205
1206
1207 c->wbuf_pagesize = c->mtd->erasesize;
1208
1209 /* Find a suitable c->sector_size
1210 * - Not too much sectors
1211 * - Sectors have to be at least 4 K + some bytes
1212 * - All known dataflashes have erase sizes of 528 or 1056
1213 * - we take at least 8 eraseblocks and want to have at least 8K size
1214 * - The concatenation should be a power of 2
1215 */
1216
1217 c->sector_size = 8 * c->mtd->erasesize;
1218
1219 while (c->sector_size < 8192) {
1220 c->sector_size *= 2;
1221 }
1222
1223 /* It may be necessary to adjust the flash size */
1224 c->flash_size = c->mtd->size;
1225
1226 if ((c->flash_size % c->sector_size) != 0) {
1227 c->flash_size = (c->flash_size / c->sector_size) * c->sector_size;
1228 printk(KERN_WARNING "JFFS2 flash size adjusted to %dKiB\n", c->flash_size);
1229 };
1230
1231 c->wbuf_ofs = 0xFFFFFFFF;
1232 c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1233 if (!c->wbuf)
1234 return -ENOMEM;
1235
1236#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1237 c->wbuf_verify = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1238 if (!c->wbuf_verify) {
1239 kfree(c->oobbuf);
1240 kfree(c->wbuf);
1241 return -ENOMEM;
1242 }
1243#endif
1244
1245 printk(KERN_INFO "JFFS2 write-buffering enabled buffer (%d) erasesize (%d)\n", c->wbuf_pagesize, c->sector_size);
1246
1247 return 0;
1248}
1249
1250void jffs2_dataflash_cleanup(struct jffs2_sb_info *c) {
1251#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1252 kfree(c->wbuf_verify);
1253#endif
1254 kfree(c->wbuf);
1255}
1256
1257int jffs2_nor_wbuf_flash_setup(struct jffs2_sb_info *c) {
1258 /* Cleanmarker currently occupies whole programming regions,
1259 * either one or 2 for 8Byte STMicro flashes. */
1260 c->cleanmarker_size = max(16u, c->mtd->writesize);
1261
1262 /* Initialize write buffer */
1263 init_rwsem(&c->wbuf_sem);
1264 c->wbuf_pagesize = c->mtd->writesize;
1265 c->wbuf_ofs = 0xFFFFFFFF;
1266
1267 c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1268 if (!c->wbuf)
1269 return -ENOMEM;
1270
1271#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1272 c->wbuf_verify = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1273 if (!c->wbuf_verify) {
1274 kfree(c->wbuf);
1275 return -ENOMEM;
1276 }
1277#endif
1278 return 0;
1279}
1280
1281void jffs2_nor_wbuf_flash_cleanup(struct jffs2_sb_info *c) {
1282#ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1283 kfree(c->wbuf_verify);
1284#endif
1285 kfree(c->wbuf);
1286}
1287
1288int jffs2_ubivol_setup(struct jffs2_sb_info *c) {
1289 c->cleanmarker_size = 0;
1290
1291 if (c->mtd->writesize == 1)
1292 /* We do not need write-buffer */
1293 return 0;
1294
1295 init_rwsem(&c->wbuf_sem);
1296
1297 c->wbuf_pagesize = c->mtd->writesize;
1298 c->wbuf_ofs = 0xFFFFFFFF;
1299 c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1300 if (!c->wbuf)
1301 return -ENOMEM;
1302
1303 printk(KERN_INFO "JFFS2 write-buffering enabled buffer (%d) erasesize (%d)\n", c->wbuf_pagesize, c->sector_size);
1304
1305 return 0;
1306}
1307
1308void jffs2_ubivol_cleanup(struct jffs2_sb_info *c) {
1309 kfree(c->wbuf);
1310}