Merge branch 'for-linus' of git://oss.sgi.com/xfs/xfs
[linux-2.6] / fs / jffs2 / wbuf.c
1 /*
2  * JFFS2 -- Journalling Flash File System, Version 2.
3  *
4  * Copyright © 2001-2007 Red Hat, Inc.
5  * Copyright © 2004 Thomas Gleixner <tglx@linutronix.de>
6  *
7  * Created by David Woodhouse <dwmw2@infradead.org>
8  * Modified debugged and enhanced by Thomas Gleixner <tglx@linutronix.de>
9  *
10  * For licensing information, see the file 'LICENCE' in this directory.
11  *
12  */
13
14 #include <linux/kernel.h>
15 #include <linux/slab.h>
16 #include <linux/mtd/mtd.h>
17 #include <linux/crc32.h>
18 #include <linux/mtd/nand.h>
19 #include <linux/jiffies.h>
20 #include <linux/sched.h>
21
22 #include "nodelist.h"
23
24 /* For testing write failures */
25 #undef BREAKME
26 #undef BREAKMEHEADER
27
28 #ifdef BREAKME
29 static unsigned char *brokenbuf;
30 #endif
31
32 #define PAGE_DIV(x) ( ((unsigned long)(x) / (unsigned long)(c->wbuf_pagesize)) * (unsigned long)(c->wbuf_pagesize) )
33 #define PAGE_MOD(x) ( (unsigned long)(x) % (unsigned long)(c->wbuf_pagesize) )
34
35 /* max. erase failures before we mark a block bad */
36 #define MAX_ERASE_FAILURES      2
37
38 struct jffs2_inodirty {
39         uint32_t ino;
40         struct jffs2_inodirty *next;
41 };
42
43 static struct jffs2_inodirty inodirty_nomem;
44
45 static int jffs2_wbuf_pending_for_ino(struct jffs2_sb_info *c, uint32_t ino)
46 {
47         struct jffs2_inodirty *this = c->wbuf_inodes;
48
49         /* If a malloc failed, consider _everything_ dirty */
50         if (this == &inodirty_nomem)
51                 return 1;
52
53         /* If ino == 0, _any_ non-GC writes mean 'yes' */
54         if (this && !ino)
55                 return 1;
56
57         /* Look to see if the inode in question is pending in the wbuf */
58         while (this) {
59                 if (this->ino == ino)
60                         return 1;
61                 this = this->next;
62         }
63         return 0;
64 }
65
66 static void jffs2_clear_wbuf_ino_list(struct jffs2_sb_info *c)
67 {
68         struct jffs2_inodirty *this;
69
70         this = c->wbuf_inodes;
71
72         if (this != &inodirty_nomem) {
73                 while (this) {
74                         struct jffs2_inodirty *next = this->next;
75                         kfree(this);
76                         this = next;
77                 }
78         }
79         c->wbuf_inodes = NULL;
80 }
81
82 static void jffs2_wbuf_dirties_inode(struct jffs2_sb_info *c, uint32_t ino)
83 {
84         struct jffs2_inodirty *new;
85
86         /* Mark the superblock dirty so that kupdated will flush... */
87         jffs2_erase_pending_trigger(c);
88
89         if (jffs2_wbuf_pending_for_ino(c, ino))
90                 return;
91
92         new = kmalloc(sizeof(*new), GFP_KERNEL);
93         if (!new) {
94                 D1(printk(KERN_DEBUG "No memory to allocate inodirty. Fallback to all considered dirty\n"));
95                 jffs2_clear_wbuf_ino_list(c);
96                 c->wbuf_inodes = &inodirty_nomem;
97                 return;
98         }
99         new->ino = ino;
100         new->next = c->wbuf_inodes;
101         c->wbuf_inodes = new;
102         return;
103 }
104
105 static inline void jffs2_refile_wbuf_blocks(struct jffs2_sb_info *c)
106 {
107         struct list_head *this, *next;
108         static int n;
109
110         if (list_empty(&c->erasable_pending_wbuf_list))
111                 return;
112
113         list_for_each_safe(this, next, &c->erasable_pending_wbuf_list) {
114                 struct jffs2_eraseblock *jeb = list_entry(this, struct jffs2_eraseblock, list);
115
116                 D1(printk(KERN_DEBUG "Removing eraseblock at 0x%08x from erasable_pending_wbuf_list...\n", jeb->offset));
117                 list_del(this);
118                 if ((jiffies + (n++)) & 127) {
119                         /* Most of the time, we just erase it immediately. Otherwise we
120                            spend ages scanning it on mount, etc. */
121                         D1(printk(KERN_DEBUG "...and adding to erase_pending_list\n"));
122                         list_add_tail(&jeb->list, &c->erase_pending_list);
123                         c->nr_erasing_blocks++;
124                         jffs2_erase_pending_trigger(c);
125                 } else {
126                         /* Sometimes, however, we leave it elsewhere so it doesn't get
127                            immediately reused, and we spread the load a bit. */
128                         D1(printk(KERN_DEBUG "...and adding to erasable_list\n"));
129                         list_add_tail(&jeb->list, &c->erasable_list);
130                 }
131         }
132 }
133
134 #define REFILE_NOTEMPTY 0
135 #define REFILE_ANYWAY   1
136
137 static void jffs2_block_refile(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, int allow_empty)
138 {
139         D1(printk("About to refile bad block at %08x\n", jeb->offset));
140
141         /* File the existing block on the bad_used_list.... */
142         if (c->nextblock == jeb)
143                 c->nextblock = NULL;
144         else /* Not sure this should ever happen... need more coffee */
145                 list_del(&jeb->list);
146         if (jeb->first_node) {
147                 D1(printk("Refiling block at %08x to bad_used_list\n", jeb->offset));
148                 list_add(&jeb->list, &c->bad_used_list);
149         } else {
150                 BUG_ON(allow_empty == REFILE_NOTEMPTY);
151                 /* It has to have had some nodes or we couldn't be here */
152                 D1(printk("Refiling block at %08x to erase_pending_list\n", jeb->offset));
153                 list_add(&jeb->list, &c->erase_pending_list);
154                 c->nr_erasing_blocks++;
155                 jffs2_erase_pending_trigger(c);
156         }
157
158         if (!jffs2_prealloc_raw_node_refs(c, jeb, 1)) {
159                 uint32_t oldfree = jeb->free_size;
160
161                 jffs2_link_node_ref(c, jeb, 
162                                     (jeb->offset+c->sector_size-oldfree) | REF_OBSOLETE,
163                                     oldfree, NULL);
164                 /* convert to wasted */
165                 c->wasted_size += oldfree;
166                 jeb->wasted_size += oldfree;
167                 c->dirty_size -= oldfree;
168                 jeb->dirty_size -= oldfree;
169         }
170
171         jffs2_dbg_dump_block_lists_nolock(c);
172         jffs2_dbg_acct_sanity_check_nolock(c,jeb);
173         jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
174 }
175
176 static struct jffs2_raw_node_ref **jffs2_incore_replace_raw(struct jffs2_sb_info *c,
177                                                             struct jffs2_inode_info *f,
178                                                             struct jffs2_raw_node_ref *raw,
179                                                             union jffs2_node_union *node)
180 {
181         struct jffs2_node_frag *frag;
182         struct jffs2_full_dirent *fd;
183
184         dbg_noderef("incore_replace_raw: node at %p is {%04x,%04x}\n",
185                     node, je16_to_cpu(node->u.magic), je16_to_cpu(node->u.nodetype));
186
187         BUG_ON(je16_to_cpu(node->u.magic) != 0x1985 &&
188                je16_to_cpu(node->u.magic) != 0);
189
190         switch (je16_to_cpu(node->u.nodetype)) {
191         case JFFS2_NODETYPE_INODE:
192                 if (f->metadata && f->metadata->raw == raw) {
193                         dbg_noderef("Will replace ->raw in f->metadata at %p\n", f->metadata);
194                         return &f->metadata->raw;
195                 }
196                 frag = jffs2_lookup_node_frag(&f->fragtree, je32_to_cpu(node->i.offset));
197                 BUG_ON(!frag);
198                 /* Find a frag which refers to the full_dnode we want to modify */
199                 while (!frag->node || frag->node->raw != raw) {
200                         frag = frag_next(frag);
201                         BUG_ON(!frag);
202                 }
203                 dbg_noderef("Will replace ->raw in full_dnode at %p\n", frag->node);
204                 return &frag->node->raw;
205
206         case JFFS2_NODETYPE_DIRENT:
207                 for (fd = f->dents; fd; fd = fd->next) {
208                         if (fd->raw == raw) {
209                                 dbg_noderef("Will replace ->raw in full_dirent at %p\n", fd);
210                                 return &fd->raw;
211                         }
212                 }
213                 BUG();
214
215         default:
216                 dbg_noderef("Don't care about replacing raw for nodetype %x\n",
217                             je16_to_cpu(node->u.nodetype));
218                 break;
219         }
220         return NULL;
221 }
222
223 #ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
224 static int jffs2_verify_write(struct jffs2_sb_info *c, unsigned char *buf,
225                               uint32_t ofs)
226 {
227         int ret;
228         size_t retlen;
229         char *eccstr;
230
231         ret = c->mtd->read(c->mtd, ofs, c->wbuf_pagesize, &retlen, c->wbuf_verify);
232         if (ret && ret != -EUCLEAN && ret != -EBADMSG) {
233                 printk(KERN_WARNING "jffs2_verify_write(): Read back of page at %08x failed: %d\n", c->wbuf_ofs, ret);
234                 return ret;
235         } else if (retlen != c->wbuf_pagesize) {
236                 printk(KERN_WARNING "jffs2_verify_write(): Read back of page at %08x gave short read: %zd not %d.\n", ofs, retlen, c->wbuf_pagesize);
237                 return -EIO;
238         }
239         if (!memcmp(buf, c->wbuf_verify, c->wbuf_pagesize))
240                 return 0;
241
242         if (ret == -EUCLEAN)
243                 eccstr = "corrected";
244         else if (ret == -EBADMSG)
245                 eccstr = "correction failed";
246         else
247                 eccstr = "OK or unused";
248
249         printk(KERN_WARNING "Write verify error (ECC %s) at %08x. Wrote:\n",
250                eccstr, c->wbuf_ofs);
251         print_hex_dump(KERN_WARNING, "", DUMP_PREFIX_OFFSET, 16, 1,
252                        c->wbuf, c->wbuf_pagesize, 0);
253
254         printk(KERN_WARNING "Read back:\n");
255         print_hex_dump(KERN_WARNING, "", DUMP_PREFIX_OFFSET, 16, 1,
256                        c->wbuf_verify, c->wbuf_pagesize, 0);
257
258         return -EIO;
259 }
260 #else
261 #define jffs2_verify_write(c,b,o) (0)
262 #endif
263
264 /* Recover from failure to write wbuf. Recover the nodes up to the
265  * wbuf, not the one which we were starting to try to write. */
266
267 static void jffs2_wbuf_recover(struct jffs2_sb_info *c)
268 {
269         struct jffs2_eraseblock *jeb, *new_jeb;
270         struct jffs2_raw_node_ref *raw, *next, *first_raw = NULL;
271         size_t retlen;
272         int ret;
273         int nr_refile = 0;
274         unsigned char *buf;
275         uint32_t start, end, ofs, len;
276
277         jeb = &c->blocks[c->wbuf_ofs / c->sector_size];
278
279         spin_lock(&c->erase_completion_lock);
280         if (c->wbuf_ofs % c->mtd->erasesize)
281                 jffs2_block_refile(c, jeb, REFILE_NOTEMPTY);
282         else
283                 jffs2_block_refile(c, jeb, REFILE_ANYWAY);
284         spin_unlock(&c->erase_completion_lock);
285
286         BUG_ON(!ref_obsolete(jeb->last_node));
287
288         /* Find the first node to be recovered, by skipping over every
289            node which ends before the wbuf starts, or which is obsolete. */
290         for (next = raw = jeb->first_node; next; raw = next) {
291                 next = ref_next(raw);
292
293                 if (ref_obsolete(raw) || 
294                     (next && ref_offset(next) <= c->wbuf_ofs)) {
295                         dbg_noderef("Skipping node at 0x%08x(%d)-0x%08x which is either before 0x%08x or obsolete\n",
296                                     ref_offset(raw), ref_flags(raw),
297                                     (ref_offset(raw) + ref_totlen(c, jeb, raw)),
298                                     c->wbuf_ofs);
299                         continue;
300                 }
301                 dbg_noderef("First node to be recovered is at 0x%08x(%d)-0x%08x\n",
302                             ref_offset(raw), ref_flags(raw),
303                             (ref_offset(raw) + ref_totlen(c, jeb, raw)));
304
305                 first_raw = raw;
306                 break;
307         }
308
309         if (!first_raw) {
310                 /* All nodes were obsolete. Nothing to recover. */
311                 D1(printk(KERN_DEBUG "No non-obsolete nodes to be recovered. Just filing block bad\n"));
312                 c->wbuf_len = 0;
313                 return;
314         }
315
316         start = ref_offset(first_raw);
317         end = ref_offset(jeb->last_node);
318         nr_refile = 1;
319
320         /* Count the number of refs which need to be copied */
321         while ((raw = ref_next(raw)) != jeb->last_node)
322                 nr_refile++;
323
324         dbg_noderef("wbuf recover %08x-%08x (%d bytes in %d nodes)\n",
325                     start, end, end - start, nr_refile);
326
327         buf = NULL;
328         if (start < c->wbuf_ofs) {
329                 /* First affected node was already partially written.
330                  * Attempt to reread the old data into our buffer. */
331
332                 buf = kmalloc(end - start, GFP_KERNEL);
333                 if (!buf) {
334                         printk(KERN_CRIT "Malloc failure in wbuf recovery. Data loss ensues.\n");
335
336                         goto read_failed;
337                 }
338
339                 /* Do the read... */
340                 ret = c->mtd->read(c->mtd, start, c->wbuf_ofs - start, &retlen, buf);
341
342                 /* ECC recovered ? */
343                 if ((ret == -EUCLEAN || ret == -EBADMSG) &&
344                     (retlen == c->wbuf_ofs - start))
345                         ret = 0;
346
347                 if (ret || retlen != c->wbuf_ofs - start) {
348                         printk(KERN_CRIT "Old data are already lost in wbuf recovery. Data loss ensues.\n");
349
350                         kfree(buf);
351                         buf = NULL;
352                 read_failed:
353                         first_raw = ref_next(first_raw);
354                         nr_refile--;
355                         while (first_raw && ref_obsolete(first_raw)) {
356                                 first_raw = ref_next(first_raw);
357                                 nr_refile--;
358                         }
359
360                         /* If this was the only node to be recovered, give up */
361                         if (!first_raw) {
362                                 c->wbuf_len = 0;
363                                 return;
364                         }
365
366                         /* It wasn't. Go on and try to recover nodes complete in the wbuf */
367                         start = ref_offset(first_raw);
368                         dbg_noderef("wbuf now recover %08x-%08x (%d bytes in %d nodes)\n",
369                                     start, end, end - start, nr_refile);
370
371                 } else {
372                         /* Read succeeded. Copy the remaining data from the wbuf */
373                         memcpy(buf + (c->wbuf_ofs - start), c->wbuf, end - c->wbuf_ofs);
374                 }
375         }
376         /* OK... we're to rewrite (end-start) bytes of data from first_raw onwards.
377            Either 'buf' contains the data, or we find it in the wbuf */
378
379         /* ... and get an allocation of space from a shiny new block instead */
380         ret = jffs2_reserve_space_gc(c, end-start, &len, JFFS2_SUMMARY_NOSUM_SIZE);
381         if (ret) {
382                 printk(KERN_WARNING "Failed to allocate space for wbuf recovery. Data loss ensues.\n");
383                 kfree(buf);
384                 return;
385         }
386
387         /* The summary is not recovered, so it must be disabled for this erase block */
388         jffs2_sum_disable_collecting(c->summary);
389
390         ret = jffs2_prealloc_raw_node_refs(c, c->nextblock, nr_refile);
391         if (ret) {
392                 printk(KERN_WARNING "Failed to allocate node refs for wbuf recovery. Data loss ensues.\n");
393                 kfree(buf);
394                 return;
395         }
396
397         ofs = write_ofs(c);
398
399         if (end-start >= c->wbuf_pagesize) {
400                 /* Need to do another write immediately, but it's possible
401                    that this is just because the wbuf itself is completely
402                    full, and there's nothing earlier read back from the
403                    flash. Hence 'buf' isn't necessarily what we're writing
404                    from. */
405                 unsigned char *rewrite_buf = buf?:c->wbuf;
406                 uint32_t towrite = (end-start) - ((end-start)%c->wbuf_pagesize);
407
408                 D1(printk(KERN_DEBUG "Write 0x%x bytes at 0x%08x in wbuf recover\n",
409                           towrite, ofs));
410
411 #ifdef BREAKMEHEADER
412                 static int breakme;
413                 if (breakme++ == 20) {
414                         printk(KERN_NOTICE "Faking write error at 0x%08x\n", ofs);
415                         breakme = 0;
416                         c->mtd->write(c->mtd, ofs, towrite, &retlen,
417                                       brokenbuf);
418                         ret = -EIO;
419                 } else
420 #endif
421                         ret = c->mtd->write(c->mtd, ofs, towrite, &retlen,
422                                             rewrite_buf);
423
424                 if (ret || retlen != towrite || jffs2_verify_write(c, rewrite_buf, ofs)) {
425                         /* Argh. We tried. Really we did. */
426                         printk(KERN_CRIT "Recovery of wbuf failed due to a second write error\n");
427                         kfree(buf);
428
429                         if (retlen)
430                                 jffs2_add_physical_node_ref(c, ofs | REF_OBSOLETE, ref_totlen(c, jeb, first_raw), NULL);
431
432                         return;
433                 }
434                 printk(KERN_NOTICE "Recovery of wbuf succeeded to %08x\n", ofs);
435
436                 c->wbuf_len = (end - start) - towrite;
437                 c->wbuf_ofs = ofs + towrite;
438                 memmove(c->wbuf, rewrite_buf + towrite, c->wbuf_len);
439                 /* Don't muck about with c->wbuf_inodes. False positives are harmless. */
440         } else {
441                 /* OK, now we're left with the dregs in whichever buffer we're using */
442                 if (buf) {
443                         memcpy(c->wbuf, buf, end-start);
444                 } else {
445                         memmove(c->wbuf, c->wbuf + (start - c->wbuf_ofs), end - start);
446                 }
447                 c->wbuf_ofs = ofs;
448                 c->wbuf_len = end - start;
449         }
450
451         /* Now sort out the jffs2_raw_node_refs, moving them from the old to the next block */
452         new_jeb = &c->blocks[ofs / c->sector_size];
453
454         spin_lock(&c->erase_completion_lock);
455         for (raw = first_raw; raw != jeb->last_node; raw = ref_next(raw)) {
456                 uint32_t rawlen = ref_totlen(c, jeb, raw);
457                 struct jffs2_inode_cache *ic;
458                 struct jffs2_raw_node_ref *new_ref;
459                 struct jffs2_raw_node_ref **adjust_ref = NULL;
460                 struct jffs2_inode_info *f = NULL;
461
462                 D1(printk(KERN_DEBUG "Refiling block of %08x at %08x(%d) to %08x\n",
463                           rawlen, ref_offset(raw), ref_flags(raw), ofs));
464
465                 ic = jffs2_raw_ref_to_ic(raw);
466
467                 /* Ick. This XATTR mess should be fixed shortly... */
468                 if (ic && ic->class == RAWNODE_CLASS_XATTR_DATUM) {
469                         struct jffs2_xattr_datum *xd = (void *)ic;
470                         BUG_ON(xd->node != raw);
471                         adjust_ref = &xd->node;
472                         raw->next_in_ino = NULL;
473                         ic = NULL;
474                 } else if (ic && ic->class == RAWNODE_CLASS_XATTR_REF) {
475                         struct jffs2_xattr_datum *xr = (void *)ic;
476                         BUG_ON(xr->node != raw);
477                         adjust_ref = &xr->node;
478                         raw->next_in_ino = NULL;
479                         ic = NULL;
480                 } else if (ic && ic->class == RAWNODE_CLASS_INODE_CACHE) {
481                         struct jffs2_raw_node_ref **p = &ic->nodes;
482
483                         /* Remove the old node from the per-inode list */
484                         while (*p && *p != (void *)ic) {
485                                 if (*p == raw) {
486                                         (*p) = (raw->next_in_ino);
487                                         raw->next_in_ino = NULL;
488                                         break;
489                                 }
490                                 p = &((*p)->next_in_ino);
491                         }
492
493                         if (ic->state == INO_STATE_PRESENT && !ref_obsolete(raw)) {
494                                 /* If it's an in-core inode, then we have to adjust any
495                                    full_dirent or full_dnode structure to point to the
496                                    new version instead of the old */
497                                 f = jffs2_gc_fetch_inode(c, ic->ino, !ic->pino_nlink);
498                                 if (IS_ERR(f)) {
499                                         /* Should never happen; it _must_ be present */
500                                         JFFS2_ERROR("Failed to iget() ino #%u, err %ld\n",
501                                                     ic->ino, PTR_ERR(f));
502                                         BUG();
503                                 }
504                                 /* We don't lock f->sem. There's a number of ways we could
505                                    end up in here with it already being locked, and nobody's
506                                    going to modify it on us anyway because we hold the
507                                    alloc_sem. We're only changing one ->raw pointer too,
508                                    which we can get away with without upsetting readers. */
509                                 adjust_ref = jffs2_incore_replace_raw(c, f, raw,
510                                                                       (void *)(buf?:c->wbuf) + (ref_offset(raw) - start));
511                         } else if (unlikely(ic->state != INO_STATE_PRESENT &&
512                                             ic->state != INO_STATE_CHECKEDABSENT &&
513                                             ic->state != INO_STATE_GC)) {
514                                 JFFS2_ERROR("Inode #%u is in strange state %d!\n", ic->ino, ic->state);
515                                 BUG();
516                         }
517                 }
518
519                 new_ref = jffs2_link_node_ref(c, new_jeb, ofs | ref_flags(raw), rawlen, ic);
520
521                 if (adjust_ref) {
522                         BUG_ON(*adjust_ref != raw);
523                         *adjust_ref = new_ref;
524                 }
525                 if (f)
526                         jffs2_gc_release_inode(c, f);
527
528                 if (!ref_obsolete(raw)) {
529                         jeb->dirty_size += rawlen;
530                         jeb->used_size  -= rawlen;
531                         c->dirty_size += rawlen;
532                         c->used_size -= rawlen;
533                         raw->flash_offset = ref_offset(raw) | REF_OBSOLETE;
534                         BUG_ON(raw->next_in_ino);
535                 }
536                 ofs += rawlen;
537         }
538
539         kfree(buf);
540
541         /* Fix up the original jeb now it's on the bad_list */
542         if (first_raw == jeb->first_node) {
543                 D1(printk(KERN_DEBUG "Failing block at %08x is now empty. Moving to erase_pending_list\n", jeb->offset));
544                 list_move(&jeb->list, &c->erase_pending_list);
545                 c->nr_erasing_blocks++;
546                 jffs2_erase_pending_trigger(c);
547         }
548
549         jffs2_dbg_acct_sanity_check_nolock(c, jeb);
550         jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
551
552         jffs2_dbg_acct_sanity_check_nolock(c, new_jeb);
553         jffs2_dbg_acct_paranoia_check_nolock(c, new_jeb);
554
555         spin_unlock(&c->erase_completion_lock);
556
557         D1(printk(KERN_DEBUG "wbuf recovery completed OK. wbuf_ofs 0x%08x, len 0x%x\n", c->wbuf_ofs, c->wbuf_len));
558
559 }
560
561 /* Meaning of pad argument:
562    0: Do not pad. Probably pointless - we only ever use this when we can't pad anyway.
563    1: Pad, do not adjust nextblock free_size
564    2: Pad, adjust nextblock free_size
565 */
566 #define NOPAD           0
567 #define PAD_NOACCOUNT   1
568 #define PAD_ACCOUNTING  2
569
570 static int __jffs2_flush_wbuf(struct jffs2_sb_info *c, int pad)
571 {
572         struct jffs2_eraseblock *wbuf_jeb;
573         int ret;
574         size_t retlen;
575
576         /* Nothing to do if not write-buffering the flash. In particular, we shouldn't
577            del_timer() the timer we never initialised. */
578         if (!jffs2_is_writebuffered(c))
579                 return 0;
580
581         if (mutex_trylock(&c->alloc_sem)) {
582                 mutex_unlock(&c->alloc_sem);
583                 printk(KERN_CRIT "jffs2_flush_wbuf() called with alloc_sem not locked!\n");
584                 BUG();
585         }
586
587         if (!c->wbuf_len)       /* already checked c->wbuf above */
588                 return 0;
589
590         wbuf_jeb = &c->blocks[c->wbuf_ofs / c->sector_size];
591         if (jffs2_prealloc_raw_node_refs(c, wbuf_jeb, c->nextblock->allocated_refs + 1))
592                 return -ENOMEM;
593
594         /* claim remaining space on the page
595            this happens, if we have a change to a new block,
596            or if fsync forces us to flush the writebuffer.
597            if we have a switch to next page, we will not have
598            enough remaining space for this.
599         */
600         if (pad ) {
601                 c->wbuf_len = PAD(c->wbuf_len);
602
603                 /* Pad with JFFS2_DIRTY_BITMASK initially.  this helps out ECC'd NOR
604                    with 8 byte page size */
605                 memset(c->wbuf + c->wbuf_len, 0, c->wbuf_pagesize - c->wbuf_len);
606
607                 if ( c->wbuf_len + sizeof(struct jffs2_unknown_node) < c->wbuf_pagesize) {
608                         struct jffs2_unknown_node *padnode = (void *)(c->wbuf + c->wbuf_len);
609                         padnode->magic = cpu_to_je16(JFFS2_MAGIC_BITMASK);
610                         padnode->nodetype = cpu_to_je16(JFFS2_NODETYPE_PADDING);
611                         padnode->totlen = cpu_to_je32(c->wbuf_pagesize - c->wbuf_len);
612                         padnode->hdr_crc = cpu_to_je32(crc32(0, padnode, sizeof(*padnode)-4));
613                 }
614         }
615         /* else jffs2_flash_writev has actually filled in the rest of the
616            buffer for us, and will deal with the node refs etc. later. */
617
618 #ifdef BREAKME
619         static int breakme;
620         if (breakme++ == 20) {
621                 printk(KERN_NOTICE "Faking write error at 0x%08x\n", c->wbuf_ofs);
622                 breakme = 0;
623                 c->mtd->write(c->mtd, c->wbuf_ofs, c->wbuf_pagesize, &retlen,
624                               brokenbuf);
625                 ret = -EIO;
626         } else
627 #endif
628
629                 ret = c->mtd->write(c->mtd, c->wbuf_ofs, c->wbuf_pagesize, &retlen, c->wbuf);
630
631         if (ret) {
632                 printk(KERN_WARNING "jffs2_flush_wbuf(): Write failed with %d\n", ret);
633                 goto wfail;
634         } else if (retlen != c->wbuf_pagesize) {
635                 printk(KERN_WARNING "jffs2_flush_wbuf(): Write was short: %zd instead of %d\n",
636                        retlen, c->wbuf_pagesize);
637                 ret = -EIO;
638                 goto wfail;
639         } else if ((ret = jffs2_verify_write(c, c->wbuf, c->wbuf_ofs))) {
640         wfail:
641                 jffs2_wbuf_recover(c);
642
643                 return ret;
644         }
645
646         /* Adjust free size of the block if we padded. */
647         if (pad) {
648                 uint32_t waste = c->wbuf_pagesize - c->wbuf_len;
649
650                 D1(printk(KERN_DEBUG "jffs2_flush_wbuf() adjusting free_size of %sblock at %08x\n",
651                           (wbuf_jeb==c->nextblock)?"next":"", wbuf_jeb->offset));
652
653                 /* wbuf_pagesize - wbuf_len is the amount of space that's to be
654                    padded. If there is less free space in the block than that,
655                    something screwed up */
656                 if (wbuf_jeb->free_size < waste) {
657                         printk(KERN_CRIT "jffs2_flush_wbuf(): Accounting error. wbuf at 0x%08x has 0x%03x bytes, 0x%03x left.\n",
658                                c->wbuf_ofs, c->wbuf_len, waste);
659                         printk(KERN_CRIT "jffs2_flush_wbuf(): But free_size for block at 0x%08x is only 0x%08x\n",
660                                wbuf_jeb->offset, wbuf_jeb->free_size);
661                         BUG();
662                 }
663
664                 spin_lock(&c->erase_completion_lock);
665
666                 jffs2_link_node_ref(c, wbuf_jeb, (c->wbuf_ofs + c->wbuf_len) | REF_OBSOLETE, waste, NULL);
667                 /* FIXME: that made it count as dirty. Convert to wasted */
668                 wbuf_jeb->dirty_size -= waste;
669                 c->dirty_size -= waste;
670                 wbuf_jeb->wasted_size += waste;
671                 c->wasted_size += waste;
672         } else
673                 spin_lock(&c->erase_completion_lock);
674
675         /* Stick any now-obsoleted blocks on the erase_pending_list */
676         jffs2_refile_wbuf_blocks(c);
677         jffs2_clear_wbuf_ino_list(c);
678         spin_unlock(&c->erase_completion_lock);
679
680         memset(c->wbuf,0xff,c->wbuf_pagesize);
681         /* adjust write buffer offset, else we get a non contiguous write bug */
682         c->wbuf_ofs += c->wbuf_pagesize;
683         c->wbuf_len = 0;
684         return 0;
685 }
686
687 /* Trigger garbage collection to flush the write-buffer.
688    If ino arg is zero, do it if _any_ real (i.e. not GC) writes are
689    outstanding. If ino arg non-zero, do it only if a write for the
690    given inode is outstanding. */
691 int jffs2_flush_wbuf_gc(struct jffs2_sb_info *c, uint32_t ino)
692 {
693         uint32_t old_wbuf_ofs;
694         uint32_t old_wbuf_len;
695         int ret = 0;
696
697         D1(printk(KERN_DEBUG "jffs2_flush_wbuf_gc() called for ino #%u...\n", ino));
698
699         if (!c->wbuf)
700                 return 0;
701
702         mutex_lock(&c->alloc_sem);
703         if (!jffs2_wbuf_pending_for_ino(c, ino)) {
704                 D1(printk(KERN_DEBUG "Ino #%d not pending in wbuf. Returning\n", ino));
705                 mutex_unlock(&c->alloc_sem);
706                 return 0;
707         }
708
709         old_wbuf_ofs = c->wbuf_ofs;
710         old_wbuf_len = c->wbuf_len;
711
712         if (c->unchecked_size) {
713                 /* GC won't make any progress for a while */
714                 D1(printk(KERN_DEBUG "jffs2_flush_wbuf_gc() padding. Not finished checking\n"));
715                 down_write(&c->wbuf_sem);
716                 ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
717                 /* retry flushing wbuf in case jffs2_wbuf_recover
718                    left some data in the wbuf */
719                 if (ret)
720                         ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
721                 up_write(&c->wbuf_sem);
722         } else while (old_wbuf_len &&
723                       old_wbuf_ofs == c->wbuf_ofs) {
724
725                 mutex_unlock(&c->alloc_sem);
726
727                 D1(printk(KERN_DEBUG "jffs2_flush_wbuf_gc() calls gc pass\n"));
728
729                 ret = jffs2_garbage_collect_pass(c);
730                 if (ret) {
731                         /* GC failed. Flush it with padding instead */
732                         mutex_lock(&c->alloc_sem);
733                         down_write(&c->wbuf_sem);
734                         ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
735                         /* retry flushing wbuf in case jffs2_wbuf_recover
736                            left some data in the wbuf */
737                         if (ret)
738                                 ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
739                         up_write(&c->wbuf_sem);
740                         break;
741                 }
742                 mutex_lock(&c->alloc_sem);
743         }
744
745         D1(printk(KERN_DEBUG "jffs2_flush_wbuf_gc() ends...\n"));
746
747         mutex_unlock(&c->alloc_sem);
748         return ret;
749 }
750
751 /* Pad write-buffer to end and write it, wasting space. */
752 int jffs2_flush_wbuf_pad(struct jffs2_sb_info *c)
753 {
754         int ret;
755
756         if (!c->wbuf)
757                 return 0;
758
759         down_write(&c->wbuf_sem);
760         ret = __jffs2_flush_wbuf(c, PAD_NOACCOUNT);
761         /* retry - maybe wbuf recover left some data in wbuf. */
762         if (ret)
763                 ret = __jffs2_flush_wbuf(c, PAD_NOACCOUNT);
764         up_write(&c->wbuf_sem);
765
766         return ret;
767 }
768
769 static size_t jffs2_fill_wbuf(struct jffs2_sb_info *c, const uint8_t *buf,
770                               size_t len)
771 {
772         if (len && !c->wbuf_len && (len >= c->wbuf_pagesize))
773                 return 0;
774
775         if (len > (c->wbuf_pagesize - c->wbuf_len))
776                 len = c->wbuf_pagesize - c->wbuf_len;
777         memcpy(c->wbuf + c->wbuf_len, buf, len);
778         c->wbuf_len += (uint32_t) len;
779         return len;
780 }
781
782 int jffs2_flash_writev(struct jffs2_sb_info *c, const struct kvec *invecs,
783                        unsigned long count, loff_t to, size_t *retlen,
784                        uint32_t ino)
785 {
786         struct jffs2_eraseblock *jeb;
787         size_t wbuf_retlen, donelen = 0;
788         uint32_t outvec_to = to;
789         int ret, invec;
790
791         /* If not writebuffered flash, don't bother */
792         if (!jffs2_is_writebuffered(c))
793                 return jffs2_flash_direct_writev(c, invecs, count, to, retlen);
794
795         down_write(&c->wbuf_sem);
796
797         /* If wbuf_ofs is not initialized, set it to target address */
798         if (c->wbuf_ofs == 0xFFFFFFFF) {
799                 c->wbuf_ofs = PAGE_DIV(to);
800                 c->wbuf_len = PAGE_MOD(to);
801                 memset(c->wbuf,0xff,c->wbuf_pagesize);
802         }
803
804         /*
805          * Sanity checks on target address.  It's permitted to write
806          * at PAD(c->wbuf_len+c->wbuf_ofs), and it's permitted to
807          * write at the beginning of a new erase block. Anything else,
808          * and you die.  New block starts at xxx000c (0-b = block
809          * header)
810          */
811         if (SECTOR_ADDR(to) != SECTOR_ADDR(c->wbuf_ofs)) {
812                 /* It's a write to a new block */
813                 if (c->wbuf_len) {
814                         D1(printk(KERN_DEBUG "jffs2_flash_writev() to 0x%lx "
815                                   "causes flush of wbuf at 0x%08x\n",
816                                   (unsigned long)to, c->wbuf_ofs));
817                         ret = __jffs2_flush_wbuf(c, PAD_NOACCOUNT);
818                         if (ret)
819                                 goto outerr;
820                 }
821                 /* set pointer to new block */
822                 c->wbuf_ofs = PAGE_DIV(to);
823                 c->wbuf_len = PAGE_MOD(to);
824         }
825
826         if (to != PAD(c->wbuf_ofs + c->wbuf_len)) {
827                 /* We're not writing immediately after the writebuffer. Bad. */
828                 printk(KERN_CRIT "jffs2_flash_writev(): Non-contiguous write "
829                        "to %08lx\n", (unsigned long)to);
830                 if (c->wbuf_len)
831                         printk(KERN_CRIT "wbuf was previously %08x-%08x\n",
832                                c->wbuf_ofs, c->wbuf_ofs+c->wbuf_len);
833                 BUG();
834         }
835
836         /* adjust alignment offset */
837         if (c->wbuf_len != PAGE_MOD(to)) {
838                 c->wbuf_len = PAGE_MOD(to);
839                 /* take care of alignment to next page */
840                 if (!c->wbuf_len) {
841                         c->wbuf_len = c->wbuf_pagesize;
842                         ret = __jffs2_flush_wbuf(c, NOPAD);
843                         if (ret)
844                                 goto outerr;
845                 }
846         }
847
848         for (invec = 0; invec < count; invec++) {
849                 int vlen = invecs[invec].iov_len;
850                 uint8_t *v = invecs[invec].iov_base;
851
852                 wbuf_retlen = jffs2_fill_wbuf(c, v, vlen);
853
854                 if (c->wbuf_len == c->wbuf_pagesize) {
855                         ret = __jffs2_flush_wbuf(c, NOPAD);
856                         if (ret)
857                                 goto outerr;
858                 }
859                 vlen -= wbuf_retlen;
860                 outvec_to += wbuf_retlen;
861                 donelen += wbuf_retlen;
862                 v += wbuf_retlen;
863
864                 if (vlen >= c->wbuf_pagesize) {
865                         ret = c->mtd->write(c->mtd, outvec_to, PAGE_DIV(vlen),
866                                             &wbuf_retlen, v);
867                         if (ret < 0 || wbuf_retlen != PAGE_DIV(vlen))
868                                 goto outfile;
869
870                         vlen -= wbuf_retlen;
871                         outvec_to += wbuf_retlen;
872                         c->wbuf_ofs = outvec_to;
873                         donelen += wbuf_retlen;
874                         v += wbuf_retlen;
875                 }
876
877                 wbuf_retlen = jffs2_fill_wbuf(c, v, vlen);
878                 if (c->wbuf_len == c->wbuf_pagesize) {
879                         ret = __jffs2_flush_wbuf(c, NOPAD);
880                         if (ret)
881                                 goto outerr;
882                 }
883
884                 outvec_to += wbuf_retlen;
885                 donelen += wbuf_retlen;
886         }
887
888         /*
889          * If there's a remainder in the wbuf and it's a non-GC write,
890          * remember that the wbuf affects this ino
891          */
892         *retlen = donelen;
893
894         if (jffs2_sum_active()) {
895                 int res = jffs2_sum_add_kvec(c, invecs, count, (uint32_t) to);
896                 if (res)
897                         return res;
898         }
899
900         if (c->wbuf_len && ino)
901                 jffs2_wbuf_dirties_inode(c, ino);
902
903         ret = 0;
904         up_write(&c->wbuf_sem);
905         return ret;
906
907 outfile:
908         /*
909          * At this point we have no problem, c->wbuf is empty. However
910          * refile nextblock to avoid writing again to same address.
911          */
912
913         spin_lock(&c->erase_completion_lock);
914
915         jeb = &c->blocks[outvec_to / c->sector_size];
916         jffs2_block_refile(c, jeb, REFILE_ANYWAY);
917
918         spin_unlock(&c->erase_completion_lock);
919
920 outerr:
921         *retlen = 0;
922         up_write(&c->wbuf_sem);
923         return ret;
924 }
925
926 /*
927  *      This is the entry for flash write.
928  *      Check, if we work on NAND FLASH, if so build an kvec and write it via vritev
929 */
930 int jffs2_flash_write(struct jffs2_sb_info *c, loff_t ofs, size_t len,
931                       size_t *retlen, const u_char *buf)
932 {
933         struct kvec vecs[1];
934
935         if (!jffs2_is_writebuffered(c))
936                 return jffs2_flash_direct_write(c, ofs, len, retlen, buf);
937
938         vecs[0].iov_base = (unsigned char *) buf;
939         vecs[0].iov_len = len;
940         return jffs2_flash_writev(c, vecs, 1, ofs, retlen, 0);
941 }
942
943 /*
944         Handle readback from writebuffer and ECC failure return
945 */
946 int jffs2_flash_read(struct jffs2_sb_info *c, loff_t ofs, size_t len, size_t *retlen, u_char *buf)
947 {
948         loff_t  orbf = 0, owbf = 0, lwbf = 0;
949         int     ret;
950
951         if (!jffs2_is_writebuffered(c))
952                 return c->mtd->read(c->mtd, ofs, len, retlen, buf);
953
954         /* Read flash */
955         down_read(&c->wbuf_sem);
956         ret = c->mtd->read(c->mtd, ofs, len, retlen, buf);
957
958         if ( (ret == -EBADMSG || ret == -EUCLEAN) && (*retlen == len) ) {
959                 if (ret == -EBADMSG)
960                         printk(KERN_WARNING "mtd->read(0x%zx bytes from 0x%llx)"
961                                " returned ECC error\n", len, ofs);
962                 /*
963                  * We have the raw data without ECC correction in the buffer,
964                  * maybe we are lucky and all data or parts are correct. We
965                  * check the node.  If data are corrupted node check will sort
966                  * it out.  We keep this block, it will fail on write or erase
967                  * and the we mark it bad. Or should we do that now? But we
968                  * should give him a chance.  Maybe we had a system crash or
969                  * power loss before the ecc write or a erase was completed.
970                  * So we return success. :)
971                  */
972                 ret = 0;
973         }
974
975         /* if no writebuffer available or write buffer empty, return */
976         if (!c->wbuf_pagesize || !c->wbuf_len)
977                 goto exit;
978
979         /* if we read in a different block, return */
980         if (SECTOR_ADDR(ofs) != SECTOR_ADDR(c->wbuf_ofs))
981                 goto exit;
982
983         if (ofs >= c->wbuf_ofs) {
984                 owbf = (ofs - c->wbuf_ofs);     /* offset in write buffer */
985                 if (owbf > c->wbuf_len)         /* is read beyond write buffer ? */
986                         goto exit;
987                 lwbf = c->wbuf_len - owbf;      /* number of bytes to copy */
988                 if (lwbf > len)
989                         lwbf = len;
990         } else {
991                 orbf = (c->wbuf_ofs - ofs);     /* offset in read buffer */
992                 if (orbf > len)                 /* is write beyond write buffer ? */
993                         goto exit;
994                 lwbf = len - orbf;              /* number of bytes to copy */
995                 if (lwbf > c->wbuf_len)
996                         lwbf = c->wbuf_len;
997         }
998         if (lwbf > 0)
999                 memcpy(buf+orbf,c->wbuf+owbf,lwbf);
1000
1001 exit:
1002         up_read(&c->wbuf_sem);
1003         return ret;
1004 }
1005
1006 #define NR_OOB_SCAN_PAGES 4
1007
1008 /* For historical reasons we use only 8 bytes for OOB clean marker */
1009 #define OOB_CM_SIZE 8
1010
1011 static const struct jffs2_unknown_node oob_cleanmarker =
1012 {
1013         .magic = constant_cpu_to_je16(JFFS2_MAGIC_BITMASK),
1014         .nodetype = constant_cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER),
1015         .totlen = constant_cpu_to_je32(8)
1016 };
1017
1018 /*
1019  * Check, if the out of band area is empty. This function knows about the clean
1020  * marker and if it is present in OOB, treats the OOB as empty anyway.
1021  */
1022 int jffs2_check_oob_empty(struct jffs2_sb_info *c,
1023                           struct jffs2_eraseblock *jeb, int mode)
1024 {
1025         int i, ret;
1026         int cmlen = min_t(int, c->oobavail, OOB_CM_SIZE);
1027         struct mtd_oob_ops ops;
1028
1029         ops.mode = MTD_OOB_AUTO;
1030         ops.ooblen = NR_OOB_SCAN_PAGES * c->oobavail;
1031         ops.oobbuf = c->oobbuf;
1032         ops.len = ops.ooboffs = ops.retlen = ops.oobretlen = 0;
1033         ops.datbuf = NULL;
1034
1035         ret = c->mtd->read_oob(c->mtd, jeb->offset, &ops);
1036         if (ret || ops.oobretlen != ops.ooblen) {
1037                 printk(KERN_ERR "cannot read OOB for EB at %08x, requested %zd"
1038                                 " bytes, read %zd bytes, error %d\n",
1039                                 jeb->offset, ops.ooblen, ops.oobretlen, ret);
1040                 if (!ret)
1041                         ret = -EIO;
1042                 return ret;
1043         }
1044
1045         for(i = 0; i < ops.ooblen; i++) {
1046                 if (mode && i < cmlen)
1047                         /* Yeah, we know about the cleanmarker */
1048                         continue;
1049
1050                 if (ops.oobbuf[i] != 0xFF) {
1051                         D2(printk(KERN_DEBUG "Found %02x at %x in OOB for "
1052                                   "%08x\n", ops.oobbuf[i], i, jeb->offset));
1053                         return 1;
1054                 }
1055         }
1056
1057         return 0;
1058 }
1059
1060 /*
1061  * Check for a valid cleanmarker.
1062  * Returns: 0 if a valid cleanmarker was found
1063  *          1 if no cleanmarker was found
1064  *          negative error code if an error occurred
1065  */
1066 int jffs2_check_nand_cleanmarker(struct jffs2_sb_info *c,
1067                                  struct jffs2_eraseblock *jeb)
1068 {
1069         struct mtd_oob_ops ops;
1070         int ret, cmlen = min_t(int, c->oobavail, OOB_CM_SIZE);
1071
1072         ops.mode = MTD_OOB_AUTO;
1073         ops.ooblen = cmlen;
1074         ops.oobbuf = c->oobbuf;
1075         ops.len = ops.ooboffs = ops.retlen = ops.oobretlen = 0;
1076         ops.datbuf = NULL;
1077
1078         ret = c->mtd->read_oob(c->mtd, jeb->offset, &ops);
1079         if (ret || ops.oobretlen != ops.ooblen) {
1080                 printk(KERN_ERR "cannot read OOB for EB at %08x, requested %zd"
1081                                 " bytes, read %zd bytes, error %d\n",
1082                                 jeb->offset, ops.ooblen, ops.oobretlen, ret);
1083                 if (!ret)
1084                         ret = -EIO;
1085                 return ret;
1086         }
1087
1088         return !!memcmp(&oob_cleanmarker, c->oobbuf, cmlen);
1089 }
1090
1091 int jffs2_write_nand_cleanmarker(struct jffs2_sb_info *c,
1092                                  struct jffs2_eraseblock *jeb)
1093 {
1094         int ret;
1095         struct mtd_oob_ops ops;
1096         int cmlen = min_t(int, c->oobavail, OOB_CM_SIZE);
1097
1098         ops.mode = MTD_OOB_AUTO;
1099         ops.ooblen = cmlen;
1100         ops.oobbuf = (uint8_t *)&oob_cleanmarker;
1101         ops.len = ops.ooboffs = ops.retlen = ops.oobretlen = 0;
1102         ops.datbuf = NULL;
1103
1104         ret = c->mtd->write_oob(c->mtd, jeb->offset, &ops);
1105         if (ret || ops.oobretlen != ops.ooblen) {
1106                 printk(KERN_ERR "cannot write OOB for EB at %08x, requested %zd"
1107                                 " bytes, read %zd bytes, error %d\n",
1108                                 jeb->offset, ops.ooblen, ops.oobretlen, ret);
1109                 if (!ret)
1110                         ret = -EIO;
1111                 return ret;
1112         }
1113
1114         return 0;
1115 }
1116
1117 /*
1118  * On NAND we try to mark this block bad. If the block was erased more
1119  * than MAX_ERASE_FAILURES we mark it finaly bad.
1120  * Don't care about failures. This block remains on the erase-pending
1121  * or badblock list as long as nobody manipulates the flash with
1122  * a bootloader or something like that.
1123  */
1124
1125 int jffs2_write_nand_badblock(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, uint32_t bad_offset)
1126 {
1127         int     ret;
1128
1129         /* if the count is < max, we try to write the counter to the 2nd page oob area */
1130         if( ++jeb->bad_count < MAX_ERASE_FAILURES)
1131                 return 0;
1132
1133         if (!c->mtd->block_markbad)
1134                 return 1; // What else can we do?
1135
1136         printk(KERN_WARNING "JFFS2: marking eraseblock at %08x\n as bad", bad_offset);
1137         ret = c->mtd->block_markbad(c->mtd, bad_offset);
1138
1139         if (ret) {
1140                 D1(printk(KERN_WARNING "jffs2_write_nand_badblock(): Write failed for block at %08x: error %d\n", jeb->offset, ret));
1141                 return ret;
1142         }
1143         return 1;
1144 }
1145
1146 int jffs2_nand_flash_setup(struct jffs2_sb_info *c)
1147 {
1148         struct nand_ecclayout *oinfo = c->mtd->ecclayout;
1149
1150         if (!c->mtd->oobsize)
1151                 return 0;
1152
1153         /* Cleanmarker is out-of-band, so inline size zero */
1154         c->cleanmarker_size = 0;
1155
1156         if (!oinfo || oinfo->oobavail == 0) {
1157                 printk(KERN_ERR "inconsistent device description\n");
1158                 return -EINVAL;
1159         }
1160
1161         D1(printk(KERN_DEBUG "JFFS2 using OOB on NAND\n"));
1162
1163         c->oobavail = oinfo->oobavail;
1164
1165         /* Initialise write buffer */
1166         init_rwsem(&c->wbuf_sem);
1167         c->wbuf_pagesize = c->mtd->writesize;
1168         c->wbuf_ofs = 0xFFFFFFFF;
1169
1170         c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1171         if (!c->wbuf)
1172                 return -ENOMEM;
1173
1174         c->oobbuf = kmalloc(NR_OOB_SCAN_PAGES * c->oobavail, GFP_KERNEL);
1175         if (!c->oobbuf) {
1176                 kfree(c->wbuf);
1177                 return -ENOMEM;
1178         }
1179
1180 #ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1181         c->wbuf_verify = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1182         if (!c->wbuf_verify) {
1183                 kfree(c->oobbuf);
1184                 kfree(c->wbuf);
1185                 return -ENOMEM;
1186         }
1187 #endif
1188         return 0;
1189 }
1190
1191 void jffs2_nand_flash_cleanup(struct jffs2_sb_info *c)
1192 {
1193 #ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1194         kfree(c->wbuf_verify);
1195 #endif
1196         kfree(c->wbuf);
1197         kfree(c->oobbuf);
1198 }
1199
1200 int jffs2_dataflash_setup(struct jffs2_sb_info *c) {
1201         c->cleanmarker_size = 0;                /* No cleanmarkers needed */
1202
1203         /* Initialize write buffer */
1204         init_rwsem(&c->wbuf_sem);
1205
1206
1207         c->wbuf_pagesize =  c->mtd->erasesize;
1208
1209         /* Find a suitable c->sector_size
1210          * - Not too much sectors
1211          * - Sectors have to be at least 4 K + some bytes
1212          * - All known dataflashes have erase sizes of 528 or 1056
1213          * - we take at least 8 eraseblocks and want to have at least 8K size
1214          * - The concatenation should be a power of 2
1215         */
1216
1217         c->sector_size = 8 * c->mtd->erasesize;
1218
1219         while (c->sector_size < 8192) {
1220                 c->sector_size *= 2;
1221         }
1222
1223         /* It may be necessary to adjust the flash size */
1224         c->flash_size = c->mtd->size;
1225
1226         if ((c->flash_size % c->sector_size) != 0) {
1227                 c->flash_size = (c->flash_size / c->sector_size) * c->sector_size;
1228                 printk(KERN_WARNING "JFFS2 flash size adjusted to %dKiB\n", c->flash_size);
1229         };
1230
1231         c->wbuf_ofs = 0xFFFFFFFF;
1232         c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1233         if (!c->wbuf)
1234                 return -ENOMEM;
1235
1236 #ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1237         c->wbuf_verify = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1238         if (!c->wbuf_verify) {
1239                 kfree(c->oobbuf);
1240                 kfree(c->wbuf);
1241                 return -ENOMEM;
1242         }
1243 #endif
1244
1245         printk(KERN_INFO "JFFS2 write-buffering enabled buffer (%d) erasesize (%d)\n", c->wbuf_pagesize, c->sector_size);
1246
1247         return 0;
1248 }
1249
1250 void jffs2_dataflash_cleanup(struct jffs2_sb_info *c) {
1251 #ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1252         kfree(c->wbuf_verify);
1253 #endif
1254         kfree(c->wbuf);
1255 }
1256
1257 int jffs2_nor_wbuf_flash_setup(struct jffs2_sb_info *c) {
1258         /* Cleanmarker currently occupies whole programming regions,
1259          * either one or 2 for 8Byte STMicro flashes. */
1260         c->cleanmarker_size = max(16u, c->mtd->writesize);
1261
1262         /* Initialize write buffer */
1263         init_rwsem(&c->wbuf_sem);
1264         c->wbuf_pagesize = c->mtd->writesize;
1265         c->wbuf_ofs = 0xFFFFFFFF;
1266
1267         c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1268         if (!c->wbuf)
1269                 return -ENOMEM;
1270
1271         return 0;
1272 }
1273
1274 void jffs2_nor_wbuf_flash_cleanup(struct jffs2_sb_info *c) {
1275         kfree(c->wbuf);
1276 }
1277
1278 int jffs2_ubivol_setup(struct jffs2_sb_info *c) {
1279         c->cleanmarker_size = 0;
1280
1281         if (c->mtd->writesize == 1)
1282                 /* We do not need write-buffer */
1283                 return 0;
1284
1285         init_rwsem(&c->wbuf_sem);
1286
1287         c->wbuf_pagesize =  c->mtd->writesize;
1288         c->wbuf_ofs = 0xFFFFFFFF;
1289         c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1290         if (!c->wbuf)
1291                 return -ENOMEM;
1292
1293         printk(KERN_INFO "JFFS2 write-buffering enabled buffer (%d) erasesize (%d)\n", c->wbuf_pagesize, c->sector_size);
1294
1295         return 0;
1296 }
1297
1298 void jffs2_ubivol_cleanup(struct jffs2_sb_info *c) {
1299         kfree(c->wbuf);
1300 }