[PATCH] Fix potential OOPs in blkdev_open()
[linux-2.6] / fs / jffs2 / summary.c
1 /*
2  * JFFS2 -- Journalling Flash File System, Version 2.
3  *
4  * Copyright (C) 2004  Ferenc Havasi <havasi@inf.u-szeged.hu>,
5  *                     Zoltan Sogor <weth@inf.u-szeged.hu>,
6  *                     Patrik Kluba <pajko@halom.u-szeged.hu>,
7  *                     University of Szeged, Hungary
8  *               2006  KaiGai Kohei <kaigai@ak.jp.nec.com>
9  *
10  * For licensing information, see the file 'LICENCE' in this directory.
11  *
12  * $Id: summary.c,v 1.4 2005/09/26 11:37:21 havasi Exp $
13  *
14  */
15
16 #include <linux/kernel.h>
17 #include <linux/sched.h>
18 #include <linux/slab.h>
19 #include <linux/mtd/mtd.h>
20 #include <linux/pagemap.h>
21 #include <linux/crc32.h>
22 #include <linux/compiler.h>
23 #include <linux/vmalloc.h>
24 #include "nodelist.h"
25 #include "debug.h"
26
27 int jffs2_sum_init(struct jffs2_sb_info *c)
28 {
29         c->summary = kmalloc(sizeof(struct jffs2_summary), GFP_KERNEL);
30
31         if (!c->summary) {
32                 JFFS2_WARNING("Can't allocate memory for summary information!\n");
33                 return -ENOMEM;
34         }
35
36         memset(c->summary, 0, sizeof(struct jffs2_summary));
37
38         c->summary->sum_buf = vmalloc(c->sector_size);
39
40         if (!c->summary->sum_buf) {
41                 JFFS2_WARNING("Can't allocate buffer for writing out summary information!\n");
42                 kfree(c->summary);
43                 return -ENOMEM;
44         }
45
46         dbg_summary("returned successfully\n");
47
48         return 0;
49 }
50
51 void jffs2_sum_exit(struct jffs2_sb_info *c)
52 {
53         dbg_summary("called\n");
54
55         jffs2_sum_disable_collecting(c->summary);
56
57         vfree(c->summary->sum_buf);
58         c->summary->sum_buf = NULL;
59
60         kfree(c->summary);
61         c->summary = NULL;
62 }
63
64 static int jffs2_sum_add_mem(struct jffs2_summary *s, union jffs2_sum_mem *item)
65 {
66         if (!s->sum_list_head)
67                 s->sum_list_head = (union jffs2_sum_mem *) item;
68         if (s->sum_list_tail)
69                 s->sum_list_tail->u.next = (union jffs2_sum_mem *) item;
70         s->sum_list_tail = (union jffs2_sum_mem *) item;
71
72         switch (je16_to_cpu(item->u.nodetype)) {
73                 case JFFS2_NODETYPE_INODE:
74                         s->sum_size += JFFS2_SUMMARY_INODE_SIZE;
75                         s->sum_num++;
76                         dbg_summary("inode (%u) added to summary\n",
77                                                 je32_to_cpu(item->i.inode));
78                         break;
79                 case JFFS2_NODETYPE_DIRENT:
80                         s->sum_size += JFFS2_SUMMARY_DIRENT_SIZE(item->d.nsize);
81                         s->sum_num++;
82                         dbg_summary("dirent (%u) added to summary\n",
83                                                 je32_to_cpu(item->d.ino));
84                         break;
85 #ifdef CONFIG_JFFS2_FS_XATTR
86                 case JFFS2_NODETYPE_XATTR:
87                         s->sum_size += JFFS2_SUMMARY_XATTR_SIZE;
88                         s->sum_num++;
89                         dbg_summary("xattr (xid=%u, version=%u) added to summary\n",
90                                     je32_to_cpu(item->x.xid), je32_to_cpu(item->x.version));
91                         break;
92                 case JFFS2_NODETYPE_XREF:
93                         s->sum_size += JFFS2_SUMMARY_XREF_SIZE;
94                         s->sum_num++;
95                         dbg_summary("xref added to summary\n");
96                         break;
97 #endif
98                 default:
99                         JFFS2_WARNING("UNKNOWN node type %u\n",
100                                             je16_to_cpu(item->u.nodetype));
101                         return 1;
102         }
103         return 0;
104 }
105
106
107 /* The following 3 functions are called from scan.c to collect summary info for not closed jeb */
108
109 int jffs2_sum_add_padding_mem(struct jffs2_summary *s, uint32_t size)
110 {
111         dbg_summary("called with %u\n", size);
112         s->sum_padded += size;
113         return 0;
114 }
115
116 int jffs2_sum_add_inode_mem(struct jffs2_summary *s, struct jffs2_raw_inode *ri,
117                                 uint32_t ofs)
118 {
119         struct jffs2_sum_inode_mem *temp = kmalloc(sizeof(struct jffs2_sum_inode_mem), GFP_KERNEL);
120
121         if (!temp)
122                 return -ENOMEM;
123
124         temp->nodetype = ri->nodetype;
125         temp->inode = ri->ino;
126         temp->version = ri->version;
127         temp->offset = cpu_to_je32(ofs); /* relative offset from the begining of the jeb */
128         temp->totlen = ri->totlen;
129         temp->next = NULL;
130
131         return jffs2_sum_add_mem(s, (union jffs2_sum_mem *)temp);
132 }
133
134 int jffs2_sum_add_dirent_mem(struct jffs2_summary *s, struct jffs2_raw_dirent *rd,
135                                 uint32_t ofs)
136 {
137         struct jffs2_sum_dirent_mem *temp =
138                 kmalloc(sizeof(struct jffs2_sum_dirent_mem) + rd->nsize, GFP_KERNEL);
139
140         if (!temp)
141                 return -ENOMEM;
142
143         temp->nodetype = rd->nodetype;
144         temp->totlen = rd->totlen;
145         temp->offset = cpu_to_je32(ofs);        /* relative from the begining of the jeb */
146         temp->pino = rd->pino;
147         temp->version = rd->version;
148         temp->ino = rd->ino;
149         temp->nsize = rd->nsize;
150         temp->type = rd->type;
151         temp->next = NULL;
152
153         memcpy(temp->name, rd->name, rd->nsize);
154
155         return jffs2_sum_add_mem(s, (union jffs2_sum_mem *)temp);
156 }
157
158 #ifdef CONFIG_JFFS2_FS_XATTR
159 int jffs2_sum_add_xattr_mem(struct jffs2_summary *s, struct jffs2_raw_xattr *rx, uint32_t ofs)
160 {
161         struct jffs2_sum_xattr_mem *temp;
162
163         temp = kmalloc(sizeof(struct jffs2_sum_xattr_mem), GFP_KERNEL);
164         if (!temp)
165                 return -ENOMEM;
166
167         temp->nodetype = rx->nodetype;
168         temp->xid = rx->xid;
169         temp->version = rx->version;
170         temp->offset = cpu_to_je32(ofs);
171         temp->totlen = rx->totlen;
172         temp->next = NULL;
173
174         return jffs2_sum_add_mem(s, (union jffs2_sum_mem *)temp);
175 }
176
177 int jffs2_sum_add_xref_mem(struct jffs2_summary *s, struct jffs2_raw_xref *rr, uint32_t ofs)
178 {
179         struct jffs2_sum_xref_mem *temp;
180
181         temp = kmalloc(sizeof(struct jffs2_sum_xref_mem), GFP_KERNEL);
182         if (!temp)
183                 return -ENOMEM;
184
185         temp->nodetype = rr->nodetype;
186         temp->offset = cpu_to_je32(ofs);
187         temp->next = NULL;
188
189         return jffs2_sum_add_mem(s, (union jffs2_sum_mem *)temp);
190 }
191 #endif
192 /* Cleanup every collected summary information */
193
194 static void jffs2_sum_clean_collected(struct jffs2_summary *s)
195 {
196         union jffs2_sum_mem *temp;
197
198         if (!s->sum_list_head) {
199                 dbg_summary("already empty\n");
200         }
201         while (s->sum_list_head) {
202                 temp = s->sum_list_head;
203                 s->sum_list_head = s->sum_list_head->u.next;
204                 kfree(temp);
205         }
206         s->sum_list_tail = NULL;
207         s->sum_padded = 0;
208         s->sum_num = 0;
209 }
210
211 void jffs2_sum_reset_collected(struct jffs2_summary *s)
212 {
213         dbg_summary("called\n");
214         jffs2_sum_clean_collected(s);
215         s->sum_size = 0;
216 }
217
218 void jffs2_sum_disable_collecting(struct jffs2_summary *s)
219 {
220         dbg_summary("called\n");
221         jffs2_sum_clean_collected(s);
222         s->sum_size = JFFS2_SUMMARY_NOSUM_SIZE;
223 }
224
225 int jffs2_sum_is_disabled(struct jffs2_summary *s)
226 {
227         return (s->sum_size == JFFS2_SUMMARY_NOSUM_SIZE);
228 }
229
230 /* Move the collected summary information into sb (called from scan.c) */
231
232 void jffs2_sum_move_collected(struct jffs2_sb_info *c, struct jffs2_summary *s)
233 {
234         dbg_summary("oldsize=0x%x oldnum=%u => newsize=0x%x newnum=%u\n",
235                                 c->summary->sum_size, c->summary->sum_num,
236                                 s->sum_size, s->sum_num);
237
238         c->summary->sum_size = s->sum_size;
239         c->summary->sum_num = s->sum_num;
240         c->summary->sum_padded = s->sum_padded;
241         c->summary->sum_list_head = s->sum_list_head;
242         c->summary->sum_list_tail = s->sum_list_tail;
243
244         s->sum_list_head = s->sum_list_tail = NULL;
245 }
246
247 /* Called from wbuf.c to collect writed node info */
248
249 int jffs2_sum_add_kvec(struct jffs2_sb_info *c, const struct kvec *invecs,
250                                 unsigned long count, uint32_t ofs)
251 {
252         union jffs2_node_union *node;
253         struct jffs2_eraseblock *jeb;
254
255         if (c->summary->sum_size == JFFS2_SUMMARY_NOSUM_SIZE) {
256                 dbg_summary("Summary is disabled for this jeb! Skipping summary info!\n");
257                 return 0;
258         }
259
260         node = invecs[0].iov_base;
261         jeb = &c->blocks[ofs / c->sector_size];
262         ofs -= jeb->offset;
263
264         switch (je16_to_cpu(node->u.nodetype)) {
265                 case JFFS2_NODETYPE_INODE: {
266                         struct jffs2_sum_inode_mem *temp =
267                                 kmalloc(sizeof(struct jffs2_sum_inode_mem), GFP_KERNEL);
268
269                         if (!temp)
270                                 goto no_mem;
271
272                         temp->nodetype = node->i.nodetype;
273                         temp->inode = node->i.ino;
274                         temp->version = node->i.version;
275                         temp->offset = cpu_to_je32(ofs);
276                         temp->totlen = node->i.totlen;
277                         temp->next = NULL;
278
279                         return jffs2_sum_add_mem(c->summary, (union jffs2_sum_mem *)temp);
280                 }
281
282                 case JFFS2_NODETYPE_DIRENT: {
283                         struct jffs2_sum_dirent_mem *temp =
284                                 kmalloc(sizeof(struct jffs2_sum_dirent_mem) + node->d.nsize, GFP_KERNEL);
285
286                         if (!temp)
287                                 goto no_mem;
288
289                         temp->nodetype = node->d.nodetype;
290                         temp->totlen = node->d.totlen;
291                         temp->offset = cpu_to_je32(ofs);
292                         temp->pino = node->d.pino;
293                         temp->version = node->d.version;
294                         temp->ino = node->d.ino;
295                         temp->nsize = node->d.nsize;
296                         temp->type = node->d.type;
297                         temp->next = NULL;
298
299                         switch (count) {
300                                 case 1:
301                                         memcpy(temp->name,node->d.name,node->d.nsize);
302                                         break;
303
304                                 case 2:
305                                         memcpy(temp->name,invecs[1].iov_base,node->d.nsize);
306                                         break;
307
308                                 default:
309                                         BUG();  /* impossible count value */
310                                         break;
311                         }
312
313                         return jffs2_sum_add_mem(c->summary, (union jffs2_sum_mem *)temp);
314                 }
315 #ifdef CONFIG_JFFS2_FS_XATTR
316                 case JFFS2_NODETYPE_XATTR: {
317                         struct jffs2_sum_xattr_mem *temp;
318                         temp = kmalloc(sizeof(struct jffs2_sum_xattr_mem), GFP_KERNEL);
319                         if (!temp)
320                                 goto no_mem;
321
322                         temp->nodetype = node->x.nodetype;
323                         temp->xid = node->x.xid;
324                         temp->version = node->x.version;
325                         temp->totlen = node->x.totlen;
326                         temp->offset = cpu_to_je32(ofs);
327                         temp->next = NULL;
328
329                         return jffs2_sum_add_mem(c->summary, (union jffs2_sum_mem *)temp);
330                 }
331                 case JFFS2_NODETYPE_XREF: {
332                         struct jffs2_sum_xref_mem *temp;
333                         temp = kmalloc(sizeof(struct jffs2_sum_xref_mem), GFP_KERNEL);
334                         if (!temp)
335                                 goto no_mem;
336                         temp->nodetype = node->r.nodetype;
337                         temp->offset = cpu_to_je32(ofs);
338                         temp->next = NULL;
339
340                         return jffs2_sum_add_mem(c->summary, (union jffs2_sum_mem *)temp);
341                 }
342 #endif
343                 case JFFS2_NODETYPE_PADDING:
344                         dbg_summary("node PADDING\n");
345                         c->summary->sum_padded += je32_to_cpu(node->u.totlen);
346                         break;
347
348                 case JFFS2_NODETYPE_CLEANMARKER:
349                         dbg_summary("node CLEANMARKER\n");
350                         break;
351
352                 case JFFS2_NODETYPE_SUMMARY:
353                         dbg_summary("node SUMMARY\n");
354                         break;
355
356                 default:
357                         /* If you implement a new node type you should also implement
358                            summary support for it or disable summary.
359                         */
360                         BUG();
361                         break;
362         }
363
364         return 0;
365
366 no_mem:
367         JFFS2_WARNING("MEMORY ALLOCATION ERROR!");
368         return -ENOMEM;
369 }
370
371 static struct jffs2_raw_node_ref *sum_link_node_ref(struct jffs2_sb_info *c,
372                                                     struct jffs2_eraseblock *jeb,
373                                                     uint32_t ofs, uint32_t len,
374                                                     struct jffs2_inode_cache *ic)
375 {
376         /* If there was a gap, mark it dirty */
377         if ((ofs & ~3) > c->sector_size - jeb->free_size) {
378                 /* Ew. Summary doesn't actually tell us explicitly about dirty space */
379                 jffs2_scan_dirty_space(c, jeb, (ofs & ~3) - (c->sector_size - jeb->free_size));
380         }
381
382         return jffs2_link_node_ref(c, jeb, jeb->offset + ofs, len, ic);
383 }
384
385 /* Process the stored summary information - helper function for jffs2_sum_scan_sumnode() */
386
387 static int jffs2_sum_process_sum_data(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb,
388                                 struct jffs2_raw_summary *summary, uint32_t *pseudo_random)
389 {
390         struct jffs2_inode_cache *ic;
391         struct jffs2_full_dirent *fd;
392         void *sp;
393         int i, ino;
394         int err;
395
396         sp = summary->sum;
397
398         for (i=0; i<je32_to_cpu(summary->sum_num); i++) {
399                 dbg_summary("processing summary index %d\n", i);
400
401                 /* Make sure there's a spare ref for dirty space */
402                 err = jffs2_prealloc_raw_node_refs(c, jeb, 2);
403                 if (err)
404                         return err;
405
406                 switch (je16_to_cpu(((struct jffs2_sum_unknown_flash *)sp)->nodetype)) {
407                         case JFFS2_NODETYPE_INODE: {
408                                 struct jffs2_sum_inode_flash *spi;
409                                 spi = sp;
410
411                                 ino = je32_to_cpu(spi->inode);
412
413                                 dbg_summary("Inode at 0x%08x-0x%08x\n",
414                                             jeb->offset + je32_to_cpu(spi->offset),
415                                             jeb->offset + je32_to_cpu(spi->offset) + je32_to_cpu(spi->totlen));
416
417                                 ic = jffs2_scan_make_ino_cache(c, ino);
418                                 if (!ic) {
419                                         JFFS2_NOTICE("scan_make_ino_cache failed\n");
420                                         return -ENOMEM;
421                                 }
422
423                                 sum_link_node_ref(c, jeb, je32_to_cpu(spi->offset) | REF_UNCHECKED,
424                                                   PAD(je32_to_cpu(spi->totlen)), ic);
425
426                                 *pseudo_random += je32_to_cpu(spi->version);
427
428                                 sp += JFFS2_SUMMARY_INODE_SIZE;
429
430                                 break;
431                         }
432
433                         case JFFS2_NODETYPE_DIRENT: {
434                                 struct jffs2_sum_dirent_flash *spd;
435                                 spd = sp;
436
437                                 dbg_summary("Dirent at 0x%08x-0x%08x\n",
438                                             jeb->offset + je32_to_cpu(spd->offset),
439                                             jeb->offset + je32_to_cpu(spd->offset) + je32_to_cpu(spd->totlen));
440
441
442                                 fd = jffs2_alloc_full_dirent(spd->nsize+1);
443                                 if (!fd)
444                                         return -ENOMEM;
445
446                                 memcpy(&fd->name, spd->name, spd->nsize);
447                                 fd->name[spd->nsize] = 0;
448
449                                 ic = jffs2_scan_make_ino_cache(c, je32_to_cpu(spd->pino));
450                                 if (!ic) {
451                                         jffs2_free_full_dirent(fd);
452                                         return -ENOMEM;
453                                 }
454
455                                 fd->raw = sum_link_node_ref(c, jeb,  je32_to_cpu(spd->offset) | REF_UNCHECKED,
456                                                             PAD(je32_to_cpu(spd->totlen)), ic);
457
458                                 fd->next = NULL;
459                                 fd->version = je32_to_cpu(spd->version);
460                                 fd->ino = je32_to_cpu(spd->ino);
461                                 fd->nhash = full_name_hash(fd->name, spd->nsize);
462                                 fd->type = spd->type;
463
464                                 jffs2_add_fd_to_list(c, fd, &ic->scan_dents);
465
466                                 *pseudo_random += je32_to_cpu(spd->version);
467
468                                 sp += JFFS2_SUMMARY_DIRENT_SIZE(spd->nsize);
469
470                                 break;
471                         }
472 #ifdef CONFIG_JFFS2_FS_XATTR
473                         case JFFS2_NODETYPE_XATTR: {
474                                 struct jffs2_xattr_datum *xd;
475                                 struct jffs2_sum_xattr_flash *spx;
476
477                                 spx = (struct jffs2_sum_xattr_flash *)sp;
478                                 dbg_summary("xattr at %#08x-%#08x (xid=%u, version=%u)\n", 
479                                             jeb->offset + je32_to_cpu(spx->offset),
480                                             jeb->offset + je32_to_cpu(spx->offset) + je32_to_cpu(spx->totlen),
481                                             je32_to_cpu(spx->xid), je32_to_cpu(spx->version));
482
483                                 xd = jffs2_setup_xattr_datum(c, je32_to_cpu(spx->xid),
484                                                                 je32_to_cpu(spx->version));
485                                 if (IS_ERR(xd))
486                                         return PTR_ERR(xd);
487                                 if (xd->version > je32_to_cpu(spx->version)) {
488                                         /* node is not the newest one */
489                                         struct jffs2_raw_node_ref *raw
490                                                 = sum_link_node_ref(c, jeb, je32_to_cpu(spx->offset) | REF_UNCHECKED,
491                                                                     PAD(je32_to_cpu(spx->totlen)), NULL);
492                                         raw->next_in_ino = xd->node->next_in_ino;
493                                         xd->node->next_in_ino = raw;
494                                 } else {
495                                         xd->version = je32_to_cpu(spx->version);
496                                         sum_link_node_ref(c, jeb, je32_to_cpu(spx->offset) | REF_UNCHECKED,
497                                                           PAD(je32_to_cpu(spx->totlen)), (void *)xd);
498                                 }
499                                 *pseudo_random += je32_to_cpu(spx->xid);
500                                 sp += JFFS2_SUMMARY_XATTR_SIZE;
501
502                                 break;
503                         }
504                         case JFFS2_NODETYPE_XREF: {
505                                 struct jffs2_xattr_ref *ref;
506                                 struct jffs2_sum_xref_flash *spr;
507
508                                 spr = (struct jffs2_sum_xref_flash *)sp;
509                                 dbg_summary("xref at %#08x-%#08x\n",
510                                             jeb->offset + je32_to_cpu(spr->offset),
511                                             jeb->offset + je32_to_cpu(spr->offset) + 
512                                             (uint32_t)PAD(sizeof(struct jffs2_raw_xref)));
513
514                                 ref = jffs2_alloc_xattr_ref();
515                                 if (!ref) {
516                                         JFFS2_NOTICE("allocation of xattr_datum failed\n");
517                                         return -ENOMEM;
518                                 }
519                                 ref->next = c->xref_temp;
520                                 c->xref_temp = ref;
521
522                                 sum_link_node_ref(c, jeb, je32_to_cpu(spr->offset) | REF_UNCHECKED,
523                                                   PAD(sizeof(struct jffs2_raw_xref)), (void *)ref);
524
525                                 *pseudo_random += ref->node->flash_offset;
526                                 sp += JFFS2_SUMMARY_XREF_SIZE;
527
528                                 break;
529                         }
530 #endif
531                         default : {
532                                 uint16_t nodetype = je16_to_cpu(((struct jffs2_sum_unknown_flash *)sp)->nodetype);
533                                 JFFS2_WARNING("Unsupported node type %x found in summary! Exiting...\n", nodetype);
534                                 if ((nodetype & JFFS2_COMPAT_MASK) == JFFS2_FEATURE_INCOMPAT)
535                                         return -EIO;
536
537                                 /* For compatible node types, just fall back to the full scan */
538                                 c->wasted_size -= jeb->wasted_size;
539                                 c->free_size += c->sector_size - jeb->free_size;
540                                 c->used_size -= jeb->used_size;
541                                 c->dirty_size -= jeb->dirty_size;
542                                 jeb->wasted_size = jeb->used_size = jeb->dirty_size = 0;
543                                 jeb->free_size = c->sector_size;
544
545                                 jffs2_free_jeb_node_refs(c, jeb);
546                                 return -ENOTRECOVERABLE;
547                         }
548                 }
549         }
550         return 0;
551 }
552
553 /* Process the summary node - called from jffs2_scan_eraseblock() */
554 int jffs2_sum_scan_sumnode(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb,
555                            struct jffs2_raw_summary *summary, uint32_t sumsize,
556                            uint32_t *pseudo_random)
557 {
558         struct jffs2_unknown_node crcnode;
559         int ret, ofs;
560         uint32_t crc;
561
562         ofs = c->sector_size - sumsize;
563
564         dbg_summary("summary found for 0x%08x at 0x%08x (0x%x bytes)\n",
565                     jeb->offset, jeb->offset + ofs, sumsize);
566
567         /* OK, now check for node validity and CRC */
568         crcnode.magic = cpu_to_je16(JFFS2_MAGIC_BITMASK);
569         crcnode.nodetype = cpu_to_je16(JFFS2_NODETYPE_SUMMARY);
570         crcnode.totlen = summary->totlen;
571         crc = crc32(0, &crcnode, sizeof(crcnode)-4);
572
573         if (je32_to_cpu(summary->hdr_crc) != crc) {
574                 dbg_summary("Summary node header is corrupt (bad CRC or "
575                                 "no summary at all)\n");
576                 goto crc_err;
577         }
578
579         if (je32_to_cpu(summary->totlen) != sumsize) {
580                 dbg_summary("Summary node is corrupt (wrong erasesize?)\n");
581                 goto crc_err;
582         }
583
584         crc = crc32(0, summary, sizeof(struct jffs2_raw_summary)-8);
585
586         if (je32_to_cpu(summary->node_crc) != crc) {
587                 dbg_summary("Summary node is corrupt (bad CRC)\n");
588                 goto crc_err;
589         }
590
591         crc = crc32(0, summary->sum, sumsize - sizeof(struct jffs2_raw_summary));
592
593         if (je32_to_cpu(summary->sum_crc) != crc) {
594                 dbg_summary("Summary node data is corrupt (bad CRC)\n");
595                 goto crc_err;
596         }
597
598         if ( je32_to_cpu(summary->cln_mkr) ) {
599
600                 dbg_summary("Summary : CLEANMARKER node \n");
601
602                 ret = jffs2_prealloc_raw_node_refs(c, jeb, 1);
603                 if (ret)
604                         return ret;
605
606                 if (je32_to_cpu(summary->cln_mkr) != c->cleanmarker_size) {
607                         dbg_summary("CLEANMARKER node has totlen 0x%x != normal 0x%x\n",
608                                 je32_to_cpu(summary->cln_mkr), c->cleanmarker_size);
609                         if ((ret = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(summary->cln_mkr)))))
610                                 return ret;
611                 } else if (jeb->first_node) {
612                         dbg_summary("CLEANMARKER node not first node in block "
613                                         "(0x%08x)\n", jeb->offset);
614                         if ((ret = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(summary->cln_mkr)))))
615                                 return ret;
616                 } else {
617                         jffs2_link_node_ref(c, jeb, jeb->offset | REF_NORMAL,
618                                             je32_to_cpu(summary->cln_mkr), NULL);
619                 }
620         }
621
622         ret = jffs2_sum_process_sum_data(c, jeb, summary, pseudo_random);
623         /* -ENOTRECOVERABLE isn't a fatal error -- it means we should do a full
624            scan of this eraseblock. So return zero */
625         if (ret == -ENOTRECOVERABLE)
626                 return 0;
627         if (ret)
628                 return ret;             /* real error */
629
630         /* for PARANOIA_CHECK */
631         ret = jffs2_prealloc_raw_node_refs(c, jeb, 2);
632         if (ret)
633                 return ret;
634
635         sum_link_node_ref(c, jeb, ofs | REF_NORMAL, sumsize, NULL);
636
637         if (unlikely(jeb->free_size)) {
638                 JFFS2_WARNING("Free size 0x%x bytes in eraseblock @0x%08x with summary?\n",
639                               jeb->free_size, jeb->offset);
640                 jeb->wasted_size += jeb->free_size;
641                 c->wasted_size += jeb->free_size;
642                 c->free_size -= jeb->free_size;
643                 jeb->free_size = 0;
644         }
645
646         return jffs2_scan_classify_jeb(c, jeb);
647
648 crc_err:
649         JFFS2_WARNING("Summary node crc error, skipping summary information.\n");
650
651         return 0;
652 }
653
654 /* Write summary data to flash - helper function for jffs2_sum_write_sumnode() */
655
656 static int jffs2_sum_write_data(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb,
657                                         uint32_t infosize, uint32_t datasize, int padsize)
658 {
659         struct jffs2_raw_summary isum;
660         union jffs2_sum_mem *temp;
661         struct jffs2_sum_marker *sm;
662         struct kvec vecs[2];
663         uint32_t sum_ofs;
664         void *wpage;
665         int ret;
666         size_t retlen;
667
668         memset(c->summary->sum_buf, 0xff, datasize);
669         memset(&isum, 0, sizeof(isum));
670
671         isum.magic = cpu_to_je16(JFFS2_MAGIC_BITMASK);
672         isum.nodetype = cpu_to_je16(JFFS2_NODETYPE_SUMMARY);
673         isum.totlen = cpu_to_je32(infosize);
674         isum.hdr_crc = cpu_to_je32(crc32(0, &isum, sizeof(struct jffs2_unknown_node) - 4));
675         isum.padded = cpu_to_je32(c->summary->sum_padded);
676         isum.cln_mkr = cpu_to_je32(c->cleanmarker_size);
677         isum.sum_num = cpu_to_je32(c->summary->sum_num);
678         wpage = c->summary->sum_buf;
679
680         while (c->summary->sum_num) {
681                 temp = c->summary->sum_list_head;
682
683                 switch (je16_to_cpu(temp->u.nodetype)) {
684                         case JFFS2_NODETYPE_INODE: {
685                                 struct jffs2_sum_inode_flash *sino_ptr = wpage;
686
687                                 sino_ptr->nodetype = temp->i.nodetype;
688                                 sino_ptr->inode = temp->i.inode;
689                                 sino_ptr->version = temp->i.version;
690                                 sino_ptr->offset = temp->i.offset;
691                                 sino_ptr->totlen = temp->i.totlen;
692
693                                 wpage += JFFS2_SUMMARY_INODE_SIZE;
694
695                                 break;
696                         }
697
698                         case JFFS2_NODETYPE_DIRENT: {
699                                 struct jffs2_sum_dirent_flash *sdrnt_ptr = wpage;
700
701                                 sdrnt_ptr->nodetype = temp->d.nodetype;
702                                 sdrnt_ptr->totlen = temp->d.totlen;
703                                 sdrnt_ptr->offset = temp->d.offset;
704                                 sdrnt_ptr->pino = temp->d.pino;
705                                 sdrnt_ptr->version = temp->d.version;
706                                 sdrnt_ptr->ino = temp->d.ino;
707                                 sdrnt_ptr->nsize = temp->d.nsize;
708                                 sdrnt_ptr->type = temp->d.type;
709
710                                 memcpy(sdrnt_ptr->name, temp->d.name,
711                                                         temp->d.nsize);
712
713                                 wpage += JFFS2_SUMMARY_DIRENT_SIZE(temp->d.nsize);
714
715                                 break;
716                         }
717 #ifdef CONFIG_JFFS2_FS_XATTR
718                         case JFFS2_NODETYPE_XATTR: {
719                                 struct jffs2_sum_xattr_flash *sxattr_ptr = wpage;
720
721                                 temp = c->summary->sum_list_head;
722                                 sxattr_ptr->nodetype = temp->x.nodetype;
723                                 sxattr_ptr->xid = temp->x.xid;
724                                 sxattr_ptr->version = temp->x.version;
725                                 sxattr_ptr->offset = temp->x.offset;
726                                 sxattr_ptr->totlen = temp->x.totlen;
727
728                                 wpage += JFFS2_SUMMARY_XATTR_SIZE;
729                                 break;
730                         }
731                         case JFFS2_NODETYPE_XREF: {
732                                 struct jffs2_sum_xref_flash *sxref_ptr = wpage;
733
734                                 temp = c->summary->sum_list_head;
735                                 sxref_ptr->nodetype = temp->r.nodetype;
736                                 sxref_ptr->offset = temp->r.offset;
737
738                                 wpage += JFFS2_SUMMARY_XREF_SIZE;
739                                 break;
740                         }
741 #endif
742                         default : {
743                                 if ((je16_to_cpu(temp->u.nodetype) & JFFS2_COMPAT_MASK)
744                                     == JFFS2_FEATURE_RWCOMPAT_COPY) {
745                                         dbg_summary("Writing unknown RWCOMPAT_COPY node type %x\n",
746                                                     je16_to_cpu(temp->u.nodetype));
747                                         jffs2_sum_disable_collecting(c->summary);
748                                 } else {
749                                         BUG();  /* unknown node in summary information */
750                                 }
751                         }
752                 }
753
754                 c->summary->sum_list_head = temp->u.next;
755                 kfree(temp);
756
757                 c->summary->sum_num--;
758         }
759
760         jffs2_sum_reset_collected(c->summary);
761
762         wpage += padsize;
763
764         sm = wpage;
765         sm->offset = cpu_to_je32(c->sector_size - jeb->free_size);
766         sm->magic = cpu_to_je32(JFFS2_SUM_MAGIC);
767
768         isum.sum_crc = cpu_to_je32(crc32(0, c->summary->sum_buf, datasize));
769         isum.node_crc = cpu_to_je32(crc32(0, &isum, sizeof(isum) - 8));
770
771         vecs[0].iov_base = &isum;
772         vecs[0].iov_len = sizeof(isum);
773         vecs[1].iov_base = c->summary->sum_buf;
774         vecs[1].iov_len = datasize;
775
776         sum_ofs = jeb->offset + c->sector_size - jeb->free_size;
777
778         dbg_summary("JFFS2: writing out data to flash to pos : 0x%08x\n",
779                     sum_ofs);
780
781         ret = jffs2_flash_writev(c, vecs, 2, sum_ofs, &retlen, 0);
782
783         if (ret || (retlen != infosize)) {
784
785                 JFFS2_WARNING("Write of %u bytes at 0x%08x failed. returned %d, retlen %zd\n",
786                               infosize, sum_ofs, ret, retlen);
787
788                 if (retlen) {
789                         /* Waste remaining space */
790                         spin_lock(&c->erase_completion_lock);
791                         jffs2_link_node_ref(c, jeb, sum_ofs | REF_OBSOLETE, infosize, NULL);
792                         spin_unlock(&c->erase_completion_lock);
793                 }
794
795                 c->summary->sum_size = JFFS2_SUMMARY_NOSUM_SIZE;
796
797                 return 0;
798         }
799
800         spin_lock(&c->erase_completion_lock);
801         jffs2_link_node_ref(c, jeb, sum_ofs | REF_NORMAL, infosize, NULL);
802         spin_unlock(&c->erase_completion_lock);
803
804         return 0;
805 }
806
807 /* Write out summary information - called from jffs2_do_reserve_space */
808
809 int jffs2_sum_write_sumnode(struct jffs2_sb_info *c)
810 {
811         int datasize, infosize, padsize;
812         struct jffs2_eraseblock *jeb;
813         int ret;
814
815         dbg_summary("called\n");
816
817         spin_unlock(&c->erase_completion_lock);
818
819         jeb = c->nextblock;
820         jffs2_prealloc_raw_node_refs(c, jeb, 1);
821
822         if (!c->summary->sum_num || !c->summary->sum_list_head) {
823                 JFFS2_WARNING("Empty summary info!!!\n");
824                 BUG();
825         }
826
827         datasize = c->summary->sum_size + sizeof(struct jffs2_sum_marker);
828         infosize = sizeof(struct jffs2_raw_summary) + datasize;
829         padsize = jeb->free_size - infosize;
830         infosize += padsize;
831         datasize += padsize;
832
833         /* Is there enough space for summary? */
834         if (padsize < 0) {
835                 /* don't try to write out summary for this jeb */
836                 jffs2_sum_disable_collecting(c->summary);
837
838                 JFFS2_WARNING("Not enough space for summary, padsize = %d\n", padsize);
839                 spin_lock(&c->erase_completion_lock);
840                 return 0;
841         }
842
843         ret = jffs2_sum_write_data(c, jeb, infosize, datasize, padsize);
844         spin_lock(&c->erase_completion_lock);
845         return ret;
846 }