ALSA: Evaluate condition in snd_BUG_ON() in non-debugging case
[linux-2.6] / fs / jffs2 / wbuf.c
1 /*
2  * JFFS2 -- Journalling Flash File System, Version 2.
3  *
4  * Copyright © 2001-2007 Red Hat, Inc.
5  * Copyright © 2004 Thomas Gleixner <tglx@linutronix.de>
6  *
7  * Created by David Woodhouse <dwmw2@infradead.org>
8  * Modified debugged and enhanced by Thomas Gleixner <tglx@linutronix.de>
9  *
10  * For licensing information, see the file 'LICENCE' in this directory.
11  *
12  */
13
14 #include <linux/kernel.h>
15 #include <linux/slab.h>
16 #include <linux/mtd/mtd.h>
17 #include <linux/crc32.h>
18 #include <linux/mtd/nand.h>
19 #include <linux/jiffies.h>
20 #include <linux/sched.h>
21
22 #include "nodelist.h"
23
24 /* For testing write failures */
25 #undef BREAKME
26 #undef BREAKMEHEADER
27
28 #ifdef BREAKME
29 static unsigned char *brokenbuf;
30 #endif
31
32 #define PAGE_DIV(x) ( ((unsigned long)(x) / (unsigned long)(c->wbuf_pagesize)) * (unsigned long)(c->wbuf_pagesize) )
33 #define PAGE_MOD(x) ( (unsigned long)(x) % (unsigned long)(c->wbuf_pagesize) )
34
35 /* max. erase failures before we mark a block bad */
36 #define MAX_ERASE_FAILURES      2
37
38 struct jffs2_inodirty {
39         uint32_t ino;
40         struct jffs2_inodirty *next;
41 };
42
43 static struct jffs2_inodirty inodirty_nomem;
44
45 static int jffs2_wbuf_pending_for_ino(struct jffs2_sb_info *c, uint32_t ino)
46 {
47         struct jffs2_inodirty *this = c->wbuf_inodes;
48
49         /* If a malloc failed, consider _everything_ dirty */
50         if (this == &inodirty_nomem)
51                 return 1;
52
53         /* If ino == 0, _any_ non-GC writes mean 'yes' */
54         if (this && !ino)
55                 return 1;
56
57         /* Look to see if the inode in question is pending in the wbuf */
58         while (this) {
59                 if (this->ino == ino)
60                         return 1;
61                 this = this->next;
62         }
63         return 0;
64 }
65
66 static void jffs2_clear_wbuf_ino_list(struct jffs2_sb_info *c)
67 {
68         struct jffs2_inodirty *this;
69
70         this = c->wbuf_inodes;
71
72         if (this != &inodirty_nomem) {
73                 while (this) {
74                         struct jffs2_inodirty *next = this->next;
75                         kfree(this);
76                         this = next;
77                 }
78         }
79         c->wbuf_inodes = NULL;
80 }
81
82 static void jffs2_wbuf_dirties_inode(struct jffs2_sb_info *c, uint32_t ino)
83 {
84         struct jffs2_inodirty *new;
85
86         /* Mark the superblock dirty so that kupdated will flush... */
87         jffs2_erase_pending_trigger(c);
88
89         if (jffs2_wbuf_pending_for_ino(c, ino))
90                 return;
91
92         new = kmalloc(sizeof(*new), GFP_KERNEL);
93         if (!new) {
94                 D1(printk(KERN_DEBUG "No memory to allocate inodirty. Fallback to all considered dirty\n"));
95                 jffs2_clear_wbuf_ino_list(c);
96                 c->wbuf_inodes = &inodirty_nomem;
97                 return;
98         }
99         new->ino = ino;
100         new->next = c->wbuf_inodes;
101         c->wbuf_inodes = new;
102         return;
103 }
104
105 static inline void jffs2_refile_wbuf_blocks(struct jffs2_sb_info *c)
106 {
107         struct list_head *this, *next;
108         static int n;
109
110         if (list_empty(&c->erasable_pending_wbuf_list))
111                 return;
112
113         list_for_each_safe(this, next, &c->erasable_pending_wbuf_list) {
114                 struct jffs2_eraseblock *jeb = list_entry(this, struct jffs2_eraseblock, list);
115
116                 D1(printk(KERN_DEBUG "Removing eraseblock at 0x%08x from erasable_pending_wbuf_list...\n", jeb->offset));
117                 list_del(this);
118                 if ((jiffies + (n++)) & 127) {
119                         /* Most of the time, we just erase it immediately. Otherwise we
120                            spend ages scanning it on mount, etc. */
121                         D1(printk(KERN_DEBUG "...and adding to erase_pending_list\n"));
122                         list_add_tail(&jeb->list, &c->erase_pending_list);
123                         c->nr_erasing_blocks++;
124                         jffs2_erase_pending_trigger(c);
125                 } else {
126                         /* Sometimes, however, we leave it elsewhere so it doesn't get
127                            immediately reused, and we spread the load a bit. */
128                         D1(printk(KERN_DEBUG "...and adding to erasable_list\n"));
129                         list_add_tail(&jeb->list, &c->erasable_list);
130                 }
131         }
132 }
133
134 #define REFILE_NOTEMPTY 0
135 #define REFILE_ANYWAY   1
136
137 static void jffs2_block_refile(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, int allow_empty)
138 {
139         D1(printk("About to refile bad block at %08x\n", jeb->offset));
140
141         /* File the existing block on the bad_used_list.... */
142         if (c->nextblock == jeb)
143                 c->nextblock = NULL;
144         else /* Not sure this should ever happen... need more coffee */
145                 list_del(&jeb->list);
146         if (jeb->first_node) {
147                 D1(printk("Refiling block at %08x to bad_used_list\n", jeb->offset));
148                 list_add(&jeb->list, &c->bad_used_list);
149         } else {
150                 BUG_ON(allow_empty == REFILE_NOTEMPTY);
151                 /* It has to have had some nodes or we couldn't be here */
152                 D1(printk("Refiling block at %08x to erase_pending_list\n", jeb->offset));
153                 list_add(&jeb->list, &c->erase_pending_list);
154                 c->nr_erasing_blocks++;
155                 jffs2_erase_pending_trigger(c);
156         }
157
158         if (!jffs2_prealloc_raw_node_refs(c, jeb, 1)) {
159                 uint32_t oldfree = jeb->free_size;
160
161                 jffs2_link_node_ref(c, jeb, 
162                                     (jeb->offset+c->sector_size-oldfree) | REF_OBSOLETE,
163                                     oldfree, NULL);
164                 /* convert to wasted */
165                 c->wasted_size += oldfree;
166                 jeb->wasted_size += oldfree;
167                 c->dirty_size -= oldfree;
168                 jeb->dirty_size -= oldfree;
169         }
170
171         jffs2_dbg_dump_block_lists_nolock(c);
172         jffs2_dbg_acct_sanity_check_nolock(c,jeb);
173         jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
174 }
175
176 static struct jffs2_raw_node_ref **jffs2_incore_replace_raw(struct jffs2_sb_info *c,
177                                                             struct jffs2_inode_info *f,
178                                                             struct jffs2_raw_node_ref *raw,
179                                                             union jffs2_node_union *node)
180 {
181         struct jffs2_node_frag *frag;
182         struct jffs2_full_dirent *fd;
183
184         dbg_noderef("incore_replace_raw: node at %p is {%04x,%04x}\n",
185                     node, je16_to_cpu(node->u.magic), je16_to_cpu(node->u.nodetype));
186
187         BUG_ON(je16_to_cpu(node->u.magic) != 0x1985 &&
188                je16_to_cpu(node->u.magic) != 0);
189
190         switch (je16_to_cpu(node->u.nodetype)) {
191         case JFFS2_NODETYPE_INODE:
192                 if (f->metadata && f->metadata->raw == raw) {
193                         dbg_noderef("Will replace ->raw in f->metadata at %p\n", f->metadata);
194                         return &f->metadata->raw;
195                 }
196                 frag = jffs2_lookup_node_frag(&f->fragtree, je32_to_cpu(node->i.offset));
197                 BUG_ON(!frag);
198                 /* Find a frag which refers to the full_dnode we want to modify */
199                 while (!frag->node || frag->node->raw != raw) {
200                         frag = frag_next(frag);
201                         BUG_ON(!frag);
202                 }
203                 dbg_noderef("Will replace ->raw in full_dnode at %p\n", frag->node);
204                 return &frag->node->raw;
205
206         case JFFS2_NODETYPE_DIRENT:
207                 for (fd = f->dents; fd; fd = fd->next) {
208                         if (fd->raw == raw) {
209                                 dbg_noderef("Will replace ->raw in full_dirent at %p\n", fd);
210                                 return &fd->raw;
211                         }
212                 }
213                 BUG();
214
215         default:
216                 dbg_noderef("Don't care about replacing raw for nodetype %x\n",
217                             je16_to_cpu(node->u.nodetype));
218                 break;
219         }
220         return NULL;
221 }
222
223 #ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
224 static int jffs2_verify_write(struct jffs2_sb_info *c, unsigned char *buf,
225                               uint32_t ofs)
226 {
227         int ret;
228         size_t retlen;
229         char *eccstr;
230
231         ret = c->mtd->read(c->mtd, ofs, c->wbuf_pagesize, &retlen, c->wbuf_verify);
232         if (ret && ret != -EUCLEAN && ret != -EBADMSG) {
233                 printk(KERN_WARNING "jffs2_verify_write(): Read back of page at %08x failed: %d\n", c->wbuf_ofs, ret);
234                 return ret;
235         } else if (retlen != c->wbuf_pagesize) {
236                 printk(KERN_WARNING "jffs2_verify_write(): Read back of page at %08x gave short read: %zd not %d.\n", ofs, retlen, c->wbuf_pagesize);
237                 return -EIO;
238         }
239         if (!memcmp(buf, c->wbuf_verify, c->wbuf_pagesize))
240                 return 0;
241
242         if (ret == -EUCLEAN)
243                 eccstr = "corrected";
244         else if (ret == -EBADMSG)
245                 eccstr = "correction failed";
246         else
247                 eccstr = "OK or unused";
248
249         printk(KERN_WARNING "Write verify error (ECC %s) at %08x. Wrote:\n",
250                eccstr, c->wbuf_ofs);
251         print_hex_dump(KERN_WARNING, "", DUMP_PREFIX_OFFSET, 16, 1,
252                        c->wbuf, c->wbuf_pagesize, 0);
253
254         printk(KERN_WARNING "Read back:\n");
255         print_hex_dump(KERN_WARNING, "", DUMP_PREFIX_OFFSET, 16, 1,
256                        c->wbuf_verify, c->wbuf_pagesize, 0);
257
258         return -EIO;
259 }
260 #else
261 #define jffs2_verify_write(c,b,o) (0)
262 #endif
263
264 /* Recover from failure to write wbuf. Recover the nodes up to the
265  * wbuf, not the one which we were starting to try to write. */
266
267 static void jffs2_wbuf_recover(struct jffs2_sb_info *c)
268 {
269         struct jffs2_eraseblock *jeb, *new_jeb;
270         struct jffs2_raw_node_ref *raw, *next, *first_raw = NULL;
271         size_t retlen;
272         int ret;
273         int nr_refile = 0;
274         unsigned char *buf;
275         uint32_t start, end, ofs, len;
276
277         jeb = &c->blocks[c->wbuf_ofs / c->sector_size];
278
279         spin_lock(&c->erase_completion_lock);
280         if (c->wbuf_ofs % c->mtd->erasesize)
281                 jffs2_block_refile(c, jeb, REFILE_NOTEMPTY);
282         else
283                 jffs2_block_refile(c, jeb, REFILE_ANYWAY);
284         spin_unlock(&c->erase_completion_lock);
285
286         BUG_ON(!ref_obsolete(jeb->last_node));
287
288         /* Find the first node to be recovered, by skipping over every
289            node which ends before the wbuf starts, or which is obsolete. */
290         for (next = raw = jeb->first_node; next; raw = next) {
291                 next = ref_next(raw);
292
293                 if (ref_obsolete(raw) || 
294                     (next && ref_offset(next) <= c->wbuf_ofs)) {
295                         dbg_noderef("Skipping node at 0x%08x(%d)-0x%08x which is either before 0x%08x or obsolete\n",
296                                     ref_offset(raw), ref_flags(raw),
297                                     (ref_offset(raw) + ref_totlen(c, jeb, raw)),
298                                     c->wbuf_ofs);
299                         continue;
300                 }
301                 dbg_noderef("First node to be recovered is at 0x%08x(%d)-0x%08x\n",
302                             ref_offset(raw), ref_flags(raw),
303                             (ref_offset(raw) + ref_totlen(c, jeb, raw)));
304
305                 first_raw = raw;
306                 break;
307         }
308
309         if (!first_raw) {
310                 /* All nodes were obsolete. Nothing to recover. */
311                 D1(printk(KERN_DEBUG "No non-obsolete nodes to be recovered. Just filing block bad\n"));
312                 c->wbuf_len = 0;
313                 return;
314         }
315
316         start = ref_offset(first_raw);
317         end = ref_offset(jeb->last_node);
318         nr_refile = 1;
319
320         /* Count the number of refs which need to be copied */
321         while ((raw = ref_next(raw)) != jeb->last_node)
322                 nr_refile++;
323
324         dbg_noderef("wbuf recover %08x-%08x (%d bytes in %d nodes)\n",
325                     start, end, end - start, nr_refile);
326
327         buf = NULL;
328         if (start < c->wbuf_ofs) {
329                 /* First affected node was already partially written.
330                  * Attempt to reread the old data into our buffer. */
331
332                 buf = kmalloc(end - start, GFP_KERNEL);
333                 if (!buf) {
334                         printk(KERN_CRIT "Malloc failure in wbuf recovery. Data loss ensues.\n");
335
336                         goto read_failed;
337                 }
338
339                 /* Do the read... */
340                 ret = c->mtd->read(c->mtd, start, c->wbuf_ofs - start, &retlen, buf);
341
342                 /* ECC recovered ? */
343                 if ((ret == -EUCLEAN || ret == -EBADMSG) &&
344                     (retlen == c->wbuf_ofs - start))
345                         ret = 0;
346
347                 if (ret || retlen != c->wbuf_ofs - start) {
348                         printk(KERN_CRIT "Old data are already lost in wbuf recovery. Data loss ensues.\n");
349
350                         kfree(buf);
351                         buf = NULL;
352                 read_failed:
353                         first_raw = ref_next(first_raw);
354                         nr_refile--;
355                         while (first_raw && ref_obsolete(first_raw)) {
356                                 first_raw = ref_next(first_raw);
357                                 nr_refile--;
358                         }
359
360                         /* If this was the only node to be recovered, give up */
361                         if (!first_raw) {
362                                 c->wbuf_len = 0;
363                                 return;
364                         }
365
366                         /* It wasn't. Go on and try to recover nodes complete in the wbuf */
367                         start = ref_offset(first_raw);
368                         dbg_noderef("wbuf now recover %08x-%08x (%d bytes in %d nodes)\n",
369                                     start, end, end - start, nr_refile);
370
371                 } else {
372                         /* Read succeeded. Copy the remaining data from the wbuf */
373                         memcpy(buf + (c->wbuf_ofs - start), c->wbuf, end - c->wbuf_ofs);
374                 }
375         }
376         /* OK... we're to rewrite (end-start) bytes of data from first_raw onwards.
377            Either 'buf' contains the data, or we find it in the wbuf */
378
379         /* ... and get an allocation of space from a shiny new block instead */
380         ret = jffs2_reserve_space_gc(c, end-start, &len, JFFS2_SUMMARY_NOSUM_SIZE);
381         if (ret) {
382                 printk(KERN_WARNING "Failed to allocate space for wbuf recovery. Data loss ensues.\n");
383                 kfree(buf);
384                 return;
385         }
386
387         /* The summary is not recovered, so it must be disabled for this erase block */
388         jffs2_sum_disable_collecting(c->summary);
389
390         ret = jffs2_prealloc_raw_node_refs(c, c->nextblock, nr_refile);
391         if (ret) {
392                 printk(KERN_WARNING "Failed to allocate node refs for wbuf recovery. Data loss ensues.\n");
393                 kfree(buf);
394                 return;
395         }
396
397         ofs = write_ofs(c);
398
399         if (end-start >= c->wbuf_pagesize) {
400                 /* Need to do another write immediately, but it's possible
401                    that this is just because the wbuf itself is completely
402                    full, and there's nothing earlier read back from the
403                    flash. Hence 'buf' isn't necessarily what we're writing
404                    from. */
405                 unsigned char *rewrite_buf = buf?:c->wbuf;
406                 uint32_t towrite = (end-start) - ((end-start)%c->wbuf_pagesize);
407
408                 D1(printk(KERN_DEBUG "Write 0x%x bytes at 0x%08x in wbuf recover\n",
409                           towrite, ofs));
410
411 #ifdef BREAKMEHEADER
412                 static int breakme;
413                 if (breakme++ == 20) {
414                         printk(KERN_NOTICE "Faking write error at 0x%08x\n", ofs);
415                         breakme = 0;
416                         c->mtd->write(c->mtd, ofs, towrite, &retlen,
417                                       brokenbuf);
418                         ret = -EIO;
419                 } else
420 #endif
421                         ret = c->mtd->write(c->mtd, ofs, towrite, &retlen,
422                                             rewrite_buf);
423
424                 if (ret || retlen != towrite || jffs2_verify_write(c, rewrite_buf, ofs)) {
425                         /* Argh. We tried. Really we did. */
426                         printk(KERN_CRIT "Recovery of wbuf failed due to a second write error\n");
427                         kfree(buf);
428
429                         if (retlen)
430                                 jffs2_add_physical_node_ref(c, ofs | REF_OBSOLETE, ref_totlen(c, jeb, first_raw), NULL);
431
432                         return;
433                 }
434                 printk(KERN_NOTICE "Recovery of wbuf succeeded to %08x\n", ofs);
435
436                 c->wbuf_len = (end - start) - towrite;
437                 c->wbuf_ofs = ofs + towrite;
438                 memmove(c->wbuf, rewrite_buf + towrite, c->wbuf_len);
439                 /* Don't muck about with c->wbuf_inodes. False positives are harmless. */
440         } else {
441                 /* OK, now we're left with the dregs in whichever buffer we're using */
442                 if (buf) {
443                         memcpy(c->wbuf, buf, end-start);
444                 } else {
445                         memmove(c->wbuf, c->wbuf + (start - c->wbuf_ofs), end - start);
446                 }
447                 c->wbuf_ofs = ofs;
448                 c->wbuf_len = end - start;
449         }
450
451         /* Now sort out the jffs2_raw_node_refs, moving them from the old to the next block */
452         new_jeb = &c->blocks[ofs / c->sector_size];
453
454         spin_lock(&c->erase_completion_lock);
455         for (raw = first_raw; raw != jeb->last_node; raw = ref_next(raw)) {
456                 uint32_t rawlen = ref_totlen(c, jeb, raw);
457                 struct jffs2_inode_cache *ic;
458                 struct jffs2_raw_node_ref *new_ref;
459                 struct jffs2_raw_node_ref **adjust_ref = NULL;
460                 struct jffs2_inode_info *f = NULL;
461
462                 D1(printk(KERN_DEBUG "Refiling block of %08x at %08x(%d) to %08x\n",
463                           rawlen, ref_offset(raw), ref_flags(raw), ofs));
464
465                 ic = jffs2_raw_ref_to_ic(raw);
466
467                 /* Ick. This XATTR mess should be fixed shortly... */
468                 if (ic && ic->class == RAWNODE_CLASS_XATTR_DATUM) {
469                         struct jffs2_xattr_datum *xd = (void *)ic;
470                         BUG_ON(xd->node != raw);
471                         adjust_ref = &xd->node;
472                         raw->next_in_ino = NULL;
473                         ic = NULL;
474                 } else if (ic && ic->class == RAWNODE_CLASS_XATTR_REF) {
475                         struct jffs2_xattr_datum *xr = (void *)ic;
476                         BUG_ON(xr->node != raw);
477                         adjust_ref = &xr->node;
478                         raw->next_in_ino = NULL;
479                         ic = NULL;
480                 } else if (ic && ic->class == RAWNODE_CLASS_INODE_CACHE) {
481                         struct jffs2_raw_node_ref **p = &ic->nodes;
482
483                         /* Remove the old node from the per-inode list */
484                         while (*p && *p != (void *)ic) {
485                                 if (*p == raw) {
486                                         (*p) = (raw->next_in_ino);
487                                         raw->next_in_ino = NULL;
488                                         break;
489                                 }
490                                 p = &((*p)->next_in_ino);
491                         }
492
493                         if (ic->state == INO_STATE_PRESENT && !ref_obsolete(raw)) {
494                                 /* If it's an in-core inode, then we have to adjust any
495                                    full_dirent or full_dnode structure to point to the
496                                    new version instead of the old */
497                                 f = jffs2_gc_fetch_inode(c, ic->ino, !ic->pino_nlink);
498                                 if (IS_ERR(f)) {
499                                         /* Should never happen; it _must_ be present */
500                                         JFFS2_ERROR("Failed to iget() ino #%u, err %ld\n",
501                                                     ic->ino, PTR_ERR(f));
502                                         BUG();
503                                 }
504                                 /* We don't lock f->sem. There's a number of ways we could
505                                    end up in here with it already being locked, and nobody's
506                                    going to modify it on us anyway because we hold the
507                                    alloc_sem. We're only changing one ->raw pointer too,
508                                    which we can get away with without upsetting readers. */
509                                 adjust_ref = jffs2_incore_replace_raw(c, f, raw,
510                                                                       (void *)(buf?:c->wbuf) + (ref_offset(raw) - start));
511                         } else if (unlikely(ic->state != INO_STATE_PRESENT &&
512                                             ic->state != INO_STATE_CHECKEDABSENT &&
513                                             ic->state != INO_STATE_GC)) {
514                                 JFFS2_ERROR("Inode #%u is in strange state %d!\n", ic->ino, ic->state);
515                                 BUG();
516                         }
517                 }
518
519                 new_ref = jffs2_link_node_ref(c, new_jeb, ofs | ref_flags(raw), rawlen, ic);
520
521                 if (adjust_ref) {
522                         BUG_ON(*adjust_ref != raw);
523                         *adjust_ref = new_ref;
524                 }
525                 if (f)
526                         jffs2_gc_release_inode(c, f);
527
528                 if (!ref_obsolete(raw)) {
529                         jeb->dirty_size += rawlen;
530                         jeb->used_size  -= rawlen;
531                         c->dirty_size += rawlen;
532                         c->used_size -= rawlen;
533                         raw->flash_offset = ref_offset(raw) | REF_OBSOLETE;
534                         BUG_ON(raw->next_in_ino);
535                 }
536                 ofs += rawlen;
537         }
538
539         kfree(buf);
540
541         /* Fix up the original jeb now it's on the bad_list */
542         if (first_raw == jeb->first_node) {
543                 D1(printk(KERN_DEBUG "Failing block at %08x is now empty. Moving to erase_pending_list\n", jeb->offset));
544                 list_move(&jeb->list, &c->erase_pending_list);
545                 c->nr_erasing_blocks++;
546                 jffs2_erase_pending_trigger(c);
547         }
548
549         jffs2_dbg_acct_sanity_check_nolock(c, jeb);
550         jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
551
552         jffs2_dbg_acct_sanity_check_nolock(c, new_jeb);
553         jffs2_dbg_acct_paranoia_check_nolock(c, new_jeb);
554
555         spin_unlock(&c->erase_completion_lock);
556
557         D1(printk(KERN_DEBUG "wbuf recovery completed OK. wbuf_ofs 0x%08x, len 0x%x\n", c->wbuf_ofs, c->wbuf_len));
558
559 }
560
561 /* Meaning of pad argument:
562    0: Do not pad. Probably pointless - we only ever use this when we can't pad anyway.
563    1: Pad, do not adjust nextblock free_size
564    2: Pad, adjust nextblock free_size
565 */
566 #define NOPAD           0
567 #define PAD_NOACCOUNT   1
568 #define PAD_ACCOUNTING  2
569
570 static int __jffs2_flush_wbuf(struct jffs2_sb_info *c, int pad)
571 {
572         struct jffs2_eraseblock *wbuf_jeb;
573         int ret;
574         size_t retlen;
575
576         /* Nothing to do if not write-buffering the flash. In particular, we shouldn't
577            del_timer() the timer we never initialised. */
578         if (!jffs2_is_writebuffered(c))
579                 return 0;
580
581         if (mutex_trylock(&c->alloc_sem)) {
582                 mutex_unlock(&c->alloc_sem);
583                 printk(KERN_CRIT "jffs2_flush_wbuf() called with alloc_sem not locked!\n");
584                 BUG();
585         }
586
587         if (!c->wbuf_len)       /* already checked c->wbuf above */
588                 return 0;
589
590         wbuf_jeb = &c->blocks[c->wbuf_ofs / c->sector_size];
591         if (jffs2_prealloc_raw_node_refs(c, wbuf_jeb, c->nextblock->allocated_refs + 1))
592                 return -ENOMEM;
593
594         /* claim remaining space on the page
595            this happens, if we have a change to a new block,
596            or if fsync forces us to flush the writebuffer.
597            if we have a switch to next page, we will not have
598            enough remaining space for this.
599         */
600         if (pad ) {
601                 c->wbuf_len = PAD(c->wbuf_len);
602
603                 /* Pad with JFFS2_DIRTY_BITMASK initially.  this helps out ECC'd NOR
604                    with 8 byte page size */
605                 memset(c->wbuf + c->wbuf_len, 0, c->wbuf_pagesize - c->wbuf_len);
606
607                 if ( c->wbuf_len + sizeof(struct jffs2_unknown_node) < c->wbuf_pagesize) {
608                         struct jffs2_unknown_node *padnode = (void *)(c->wbuf + c->wbuf_len);
609                         padnode->magic = cpu_to_je16(JFFS2_MAGIC_BITMASK);
610                         padnode->nodetype = cpu_to_je16(JFFS2_NODETYPE_PADDING);
611                         padnode->totlen = cpu_to_je32(c->wbuf_pagesize - c->wbuf_len);
612                         padnode->hdr_crc = cpu_to_je32(crc32(0, padnode, sizeof(*padnode)-4));
613                 }
614         }
615         /* else jffs2_flash_writev has actually filled in the rest of the
616            buffer for us, and will deal with the node refs etc. later. */
617
618 #ifdef BREAKME
619         static int breakme;
620         if (breakme++ == 20) {
621                 printk(KERN_NOTICE "Faking write error at 0x%08x\n", c->wbuf_ofs);
622                 breakme = 0;
623                 c->mtd->write(c->mtd, c->wbuf_ofs, c->wbuf_pagesize, &retlen,
624                               brokenbuf);
625                 ret = -EIO;
626         } else
627 #endif
628
629                 ret = c->mtd->write(c->mtd, c->wbuf_ofs, c->wbuf_pagesize, &retlen, c->wbuf);
630
631         if (ret) {
632                 printk(KERN_WARNING "jffs2_flush_wbuf(): Write failed with %d\n", ret);
633                 goto wfail;
634         } else if (retlen != c->wbuf_pagesize) {
635                 printk(KERN_WARNING "jffs2_flush_wbuf(): Write was short: %zd instead of %d\n",
636                        retlen, c->wbuf_pagesize);
637                 ret = -EIO;
638                 goto wfail;
639         } else if ((ret = jffs2_verify_write(c, c->wbuf, c->wbuf_ofs))) {
640         wfail:
641                 jffs2_wbuf_recover(c);
642
643                 return ret;
644         }
645
646         /* Adjust free size of the block if we padded. */
647         if (pad) {
648                 uint32_t waste = c->wbuf_pagesize - c->wbuf_len;
649
650                 D1(printk(KERN_DEBUG "jffs2_flush_wbuf() adjusting free_size of %sblock at %08x\n",
651                           (wbuf_jeb==c->nextblock)?"next":"", wbuf_jeb->offset));
652
653                 /* wbuf_pagesize - wbuf_len is the amount of space that's to be
654                    padded. If there is less free space in the block than that,
655                    something screwed up */
656                 if (wbuf_jeb->free_size < waste) {
657                         printk(KERN_CRIT "jffs2_flush_wbuf(): Accounting error. wbuf at 0x%08x has 0x%03x bytes, 0x%03x left.\n",
658                                c->wbuf_ofs, c->wbuf_len, waste);
659                         printk(KERN_CRIT "jffs2_flush_wbuf(): But free_size for block at 0x%08x is only 0x%08x\n",
660                                wbuf_jeb->offset, wbuf_jeb->free_size);
661                         BUG();
662                 }
663
664                 spin_lock(&c->erase_completion_lock);
665
666                 jffs2_link_node_ref(c, wbuf_jeb, (c->wbuf_ofs + c->wbuf_len) | REF_OBSOLETE, waste, NULL);
667                 /* FIXME: that made it count as dirty. Convert to wasted */
668                 wbuf_jeb->dirty_size -= waste;
669                 c->dirty_size -= waste;
670                 wbuf_jeb->wasted_size += waste;
671                 c->wasted_size += waste;
672         } else
673                 spin_lock(&c->erase_completion_lock);
674
675         /* Stick any now-obsoleted blocks on the erase_pending_list */
676         jffs2_refile_wbuf_blocks(c);
677         jffs2_clear_wbuf_ino_list(c);
678         spin_unlock(&c->erase_completion_lock);
679
680         memset(c->wbuf,0xff,c->wbuf_pagesize);
681         /* adjust write buffer offset, else we get a non contiguous write bug */
682         if (SECTOR_ADDR(c->wbuf_ofs) == SECTOR_ADDR(c->wbuf_ofs+c->wbuf_pagesize))
683                 c->wbuf_ofs += c->wbuf_pagesize;
684         else
685                 c->wbuf_ofs = 0xffffffff;
686         c->wbuf_len = 0;
687         return 0;
688 }
689
690 /* Trigger garbage collection to flush the write-buffer.
691    If ino arg is zero, do it if _any_ real (i.e. not GC) writes are
692    outstanding. If ino arg non-zero, do it only if a write for the
693    given inode is outstanding. */
694 int jffs2_flush_wbuf_gc(struct jffs2_sb_info *c, uint32_t ino)
695 {
696         uint32_t old_wbuf_ofs;
697         uint32_t old_wbuf_len;
698         int ret = 0;
699
700         D1(printk(KERN_DEBUG "jffs2_flush_wbuf_gc() called for ino #%u...\n", ino));
701
702         if (!c->wbuf)
703                 return 0;
704
705         mutex_lock(&c->alloc_sem);
706         if (!jffs2_wbuf_pending_for_ino(c, ino)) {
707                 D1(printk(KERN_DEBUG "Ino #%d not pending in wbuf. Returning\n", ino));
708                 mutex_unlock(&c->alloc_sem);
709                 return 0;
710         }
711
712         old_wbuf_ofs = c->wbuf_ofs;
713         old_wbuf_len = c->wbuf_len;
714
715         if (c->unchecked_size) {
716                 /* GC won't make any progress for a while */
717                 D1(printk(KERN_DEBUG "jffs2_flush_wbuf_gc() padding. Not finished checking\n"));
718                 down_write(&c->wbuf_sem);
719                 ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
720                 /* retry flushing wbuf in case jffs2_wbuf_recover
721                    left some data in the wbuf */
722                 if (ret)
723                         ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
724                 up_write(&c->wbuf_sem);
725         } else while (old_wbuf_len &&
726                       old_wbuf_ofs == c->wbuf_ofs) {
727
728                 mutex_unlock(&c->alloc_sem);
729
730                 D1(printk(KERN_DEBUG "jffs2_flush_wbuf_gc() calls gc pass\n"));
731
732                 ret = jffs2_garbage_collect_pass(c);
733                 if (ret) {
734                         /* GC failed. Flush it with padding instead */
735                         mutex_lock(&c->alloc_sem);
736                         down_write(&c->wbuf_sem);
737                         ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
738                         /* retry flushing wbuf in case jffs2_wbuf_recover
739                            left some data in the wbuf */
740                         if (ret)
741                                 ret = __jffs2_flush_wbuf(c, PAD_ACCOUNTING);
742                         up_write(&c->wbuf_sem);
743                         break;
744                 }
745                 mutex_lock(&c->alloc_sem);
746         }
747
748         D1(printk(KERN_DEBUG "jffs2_flush_wbuf_gc() ends...\n"));
749
750         mutex_unlock(&c->alloc_sem);
751         return ret;
752 }
753
754 /* Pad write-buffer to end and write it, wasting space. */
755 int jffs2_flush_wbuf_pad(struct jffs2_sb_info *c)
756 {
757         int ret;
758
759         if (!c->wbuf)
760                 return 0;
761
762         down_write(&c->wbuf_sem);
763         ret = __jffs2_flush_wbuf(c, PAD_NOACCOUNT);
764         /* retry - maybe wbuf recover left some data in wbuf. */
765         if (ret)
766                 ret = __jffs2_flush_wbuf(c, PAD_NOACCOUNT);
767         up_write(&c->wbuf_sem);
768
769         return ret;
770 }
771
772 static size_t jffs2_fill_wbuf(struct jffs2_sb_info *c, const uint8_t *buf,
773                               size_t len)
774 {
775         if (len && !c->wbuf_len && (len >= c->wbuf_pagesize))
776                 return 0;
777
778         if (len > (c->wbuf_pagesize - c->wbuf_len))
779                 len = c->wbuf_pagesize - c->wbuf_len;
780         memcpy(c->wbuf + c->wbuf_len, buf, len);
781         c->wbuf_len += (uint32_t) len;
782         return len;
783 }
784
785 int jffs2_flash_writev(struct jffs2_sb_info *c, const struct kvec *invecs,
786                        unsigned long count, loff_t to, size_t *retlen,
787                        uint32_t ino)
788 {
789         struct jffs2_eraseblock *jeb;
790         size_t wbuf_retlen, donelen = 0;
791         uint32_t outvec_to = to;
792         int ret, invec;
793
794         /* If not writebuffered flash, don't bother */
795         if (!jffs2_is_writebuffered(c))
796                 return jffs2_flash_direct_writev(c, invecs, count, to, retlen);
797
798         down_write(&c->wbuf_sem);
799
800         /* If wbuf_ofs is not initialized, set it to target address */
801         if (c->wbuf_ofs == 0xFFFFFFFF) {
802                 c->wbuf_ofs = PAGE_DIV(to);
803                 c->wbuf_len = PAGE_MOD(to);
804                 memset(c->wbuf,0xff,c->wbuf_pagesize);
805         }
806
807         /*
808          * Sanity checks on target address.  It's permitted to write
809          * at PAD(c->wbuf_len+c->wbuf_ofs), and it's permitted to
810          * write at the beginning of a new erase block. Anything else,
811          * and you die.  New block starts at xxx000c (0-b = block
812          * header)
813          */
814         if (SECTOR_ADDR(to) != SECTOR_ADDR(c->wbuf_ofs)) {
815                 /* It's a write to a new block */
816                 if (c->wbuf_len) {
817                         D1(printk(KERN_DEBUG "jffs2_flash_writev() to 0x%lx "
818                                   "causes flush of wbuf at 0x%08x\n",
819                                   (unsigned long)to, c->wbuf_ofs));
820                         ret = __jffs2_flush_wbuf(c, PAD_NOACCOUNT);
821                         if (ret)
822                                 goto outerr;
823                 }
824                 /* set pointer to new block */
825                 c->wbuf_ofs = PAGE_DIV(to);
826                 c->wbuf_len = PAGE_MOD(to);
827         }
828
829         if (to != PAD(c->wbuf_ofs + c->wbuf_len)) {
830                 /* We're not writing immediately after the writebuffer. Bad. */
831                 printk(KERN_CRIT "jffs2_flash_writev(): Non-contiguous write "
832                        "to %08lx\n", (unsigned long)to);
833                 if (c->wbuf_len)
834                         printk(KERN_CRIT "wbuf was previously %08x-%08x\n",
835                                c->wbuf_ofs, c->wbuf_ofs+c->wbuf_len);
836                 BUG();
837         }
838
839         /* adjust alignment offset */
840         if (c->wbuf_len != PAGE_MOD(to)) {
841                 c->wbuf_len = PAGE_MOD(to);
842                 /* take care of alignment to next page */
843                 if (!c->wbuf_len) {
844                         c->wbuf_len = c->wbuf_pagesize;
845                         ret = __jffs2_flush_wbuf(c, NOPAD);
846                         if (ret)
847                                 goto outerr;
848                 }
849         }
850
851         for (invec = 0; invec < count; invec++) {
852                 int vlen = invecs[invec].iov_len;
853                 uint8_t *v = invecs[invec].iov_base;
854
855                 wbuf_retlen = jffs2_fill_wbuf(c, v, vlen);
856
857                 if (c->wbuf_len == c->wbuf_pagesize) {
858                         ret = __jffs2_flush_wbuf(c, NOPAD);
859                         if (ret)
860                                 goto outerr;
861                 }
862                 vlen -= wbuf_retlen;
863                 outvec_to += wbuf_retlen;
864                 donelen += wbuf_retlen;
865                 v += wbuf_retlen;
866
867                 if (vlen >= c->wbuf_pagesize) {
868                         ret = c->mtd->write(c->mtd, outvec_to, PAGE_DIV(vlen),
869                                             &wbuf_retlen, v);
870                         if (ret < 0 || wbuf_retlen != PAGE_DIV(vlen))
871                                 goto outfile;
872
873                         vlen -= wbuf_retlen;
874                         outvec_to += wbuf_retlen;
875                         c->wbuf_ofs = outvec_to;
876                         donelen += wbuf_retlen;
877                         v += wbuf_retlen;
878                 }
879
880                 wbuf_retlen = jffs2_fill_wbuf(c, v, vlen);
881                 if (c->wbuf_len == c->wbuf_pagesize) {
882                         ret = __jffs2_flush_wbuf(c, NOPAD);
883                         if (ret)
884                                 goto outerr;
885                 }
886
887                 outvec_to += wbuf_retlen;
888                 donelen += wbuf_retlen;
889         }
890
891         /*
892          * If there's a remainder in the wbuf and it's a non-GC write,
893          * remember that the wbuf affects this ino
894          */
895         *retlen = donelen;
896
897         if (jffs2_sum_active()) {
898                 int res = jffs2_sum_add_kvec(c, invecs, count, (uint32_t) to);
899                 if (res)
900                         return res;
901         }
902
903         if (c->wbuf_len && ino)
904                 jffs2_wbuf_dirties_inode(c, ino);
905
906         ret = 0;
907         up_write(&c->wbuf_sem);
908         return ret;
909
910 outfile:
911         /*
912          * At this point we have no problem, c->wbuf is empty. However
913          * refile nextblock to avoid writing again to same address.
914          */
915
916         spin_lock(&c->erase_completion_lock);
917
918         jeb = &c->blocks[outvec_to / c->sector_size];
919         jffs2_block_refile(c, jeb, REFILE_ANYWAY);
920
921         spin_unlock(&c->erase_completion_lock);
922
923 outerr:
924         *retlen = 0;
925         up_write(&c->wbuf_sem);
926         return ret;
927 }
928
929 /*
930  *      This is the entry for flash write.
931  *      Check, if we work on NAND FLASH, if so build an kvec and write it via vritev
932 */
933 int jffs2_flash_write(struct jffs2_sb_info *c, loff_t ofs, size_t len,
934                       size_t *retlen, const u_char *buf)
935 {
936         struct kvec vecs[1];
937
938         if (!jffs2_is_writebuffered(c))
939                 return jffs2_flash_direct_write(c, ofs, len, retlen, buf);
940
941         vecs[0].iov_base = (unsigned char *) buf;
942         vecs[0].iov_len = len;
943         return jffs2_flash_writev(c, vecs, 1, ofs, retlen, 0);
944 }
945
946 /*
947         Handle readback from writebuffer and ECC failure return
948 */
949 int jffs2_flash_read(struct jffs2_sb_info *c, loff_t ofs, size_t len, size_t *retlen, u_char *buf)
950 {
951         loff_t  orbf = 0, owbf = 0, lwbf = 0;
952         int     ret;
953
954         if (!jffs2_is_writebuffered(c))
955                 return c->mtd->read(c->mtd, ofs, len, retlen, buf);
956
957         /* Read flash */
958         down_read(&c->wbuf_sem);
959         ret = c->mtd->read(c->mtd, ofs, len, retlen, buf);
960
961         if ( (ret == -EBADMSG || ret == -EUCLEAN) && (*retlen == len) ) {
962                 if (ret == -EBADMSG)
963                         printk(KERN_WARNING "mtd->read(0x%zx bytes from 0x%llx)"
964                                " returned ECC error\n", len, ofs);
965                 /*
966                  * We have the raw data without ECC correction in the buffer,
967                  * maybe we are lucky and all data or parts are correct. We
968                  * check the node.  If data are corrupted node check will sort
969                  * it out.  We keep this block, it will fail on write or erase
970                  * and the we mark it bad. Or should we do that now? But we
971                  * should give him a chance.  Maybe we had a system crash or
972                  * power loss before the ecc write or a erase was completed.
973                  * So we return success. :)
974                  */
975                 ret = 0;
976         }
977
978         /* if no writebuffer available or write buffer empty, return */
979         if (!c->wbuf_pagesize || !c->wbuf_len)
980                 goto exit;
981
982         /* if we read in a different block, return */
983         if (SECTOR_ADDR(ofs) != SECTOR_ADDR(c->wbuf_ofs))
984                 goto exit;
985
986         if (ofs >= c->wbuf_ofs) {
987                 owbf = (ofs - c->wbuf_ofs);     /* offset in write buffer */
988                 if (owbf > c->wbuf_len)         /* is read beyond write buffer ? */
989                         goto exit;
990                 lwbf = c->wbuf_len - owbf;      /* number of bytes to copy */
991                 if (lwbf > len)
992                         lwbf = len;
993         } else {
994                 orbf = (c->wbuf_ofs - ofs);     /* offset in read buffer */
995                 if (orbf > len)                 /* is write beyond write buffer ? */
996                         goto exit;
997                 lwbf = len - orbf;              /* number of bytes to copy */
998                 if (lwbf > c->wbuf_len)
999                         lwbf = c->wbuf_len;
1000         }
1001         if (lwbf > 0)
1002                 memcpy(buf+orbf,c->wbuf+owbf,lwbf);
1003
1004 exit:
1005         up_read(&c->wbuf_sem);
1006         return ret;
1007 }
1008
1009 #define NR_OOB_SCAN_PAGES 4
1010
1011 /* For historical reasons we use only 8 bytes for OOB clean marker */
1012 #define OOB_CM_SIZE 8
1013
1014 static const struct jffs2_unknown_node oob_cleanmarker =
1015 {
1016         .magic = constant_cpu_to_je16(JFFS2_MAGIC_BITMASK),
1017         .nodetype = constant_cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER),
1018         .totlen = constant_cpu_to_je32(8)
1019 };
1020
1021 /*
1022  * Check, if the out of band area is empty. This function knows about the clean
1023  * marker and if it is present in OOB, treats the OOB as empty anyway.
1024  */
1025 int jffs2_check_oob_empty(struct jffs2_sb_info *c,
1026                           struct jffs2_eraseblock *jeb, int mode)
1027 {
1028         int i, ret;
1029         int cmlen = min_t(int, c->oobavail, OOB_CM_SIZE);
1030         struct mtd_oob_ops ops;
1031
1032         ops.mode = MTD_OOB_AUTO;
1033         ops.ooblen = NR_OOB_SCAN_PAGES * c->oobavail;
1034         ops.oobbuf = c->oobbuf;
1035         ops.len = ops.ooboffs = ops.retlen = ops.oobretlen = 0;
1036         ops.datbuf = NULL;
1037
1038         ret = c->mtd->read_oob(c->mtd, jeb->offset, &ops);
1039         if (ret || ops.oobretlen != ops.ooblen) {
1040                 printk(KERN_ERR "cannot read OOB for EB at %08x, requested %zd"
1041                                 " bytes, read %zd bytes, error %d\n",
1042                                 jeb->offset, ops.ooblen, ops.oobretlen, ret);
1043                 if (!ret)
1044                         ret = -EIO;
1045                 return ret;
1046         }
1047
1048         for(i = 0; i < ops.ooblen; i++) {
1049                 if (mode && i < cmlen)
1050                         /* Yeah, we know about the cleanmarker */
1051                         continue;
1052
1053                 if (ops.oobbuf[i] != 0xFF) {
1054                         D2(printk(KERN_DEBUG "Found %02x at %x in OOB for "
1055                                   "%08x\n", ops.oobbuf[i], i, jeb->offset));
1056                         return 1;
1057                 }
1058         }
1059
1060         return 0;
1061 }
1062
1063 /*
1064  * Check for a valid cleanmarker.
1065  * Returns: 0 if a valid cleanmarker was found
1066  *          1 if no cleanmarker was found
1067  *          negative error code if an error occurred
1068  */
1069 int jffs2_check_nand_cleanmarker(struct jffs2_sb_info *c,
1070                                  struct jffs2_eraseblock *jeb)
1071 {
1072         struct mtd_oob_ops ops;
1073         int ret, cmlen = min_t(int, c->oobavail, OOB_CM_SIZE);
1074
1075         ops.mode = MTD_OOB_AUTO;
1076         ops.ooblen = cmlen;
1077         ops.oobbuf = c->oobbuf;
1078         ops.len = ops.ooboffs = ops.retlen = ops.oobretlen = 0;
1079         ops.datbuf = NULL;
1080
1081         ret = c->mtd->read_oob(c->mtd, jeb->offset, &ops);
1082         if (ret || ops.oobretlen != ops.ooblen) {
1083                 printk(KERN_ERR "cannot read OOB for EB at %08x, requested %zd"
1084                                 " bytes, read %zd bytes, error %d\n",
1085                                 jeb->offset, ops.ooblen, ops.oobretlen, ret);
1086                 if (!ret)
1087                         ret = -EIO;
1088                 return ret;
1089         }
1090
1091         return !!memcmp(&oob_cleanmarker, c->oobbuf, cmlen);
1092 }
1093
1094 int jffs2_write_nand_cleanmarker(struct jffs2_sb_info *c,
1095                                  struct jffs2_eraseblock *jeb)
1096 {
1097         int ret;
1098         struct mtd_oob_ops ops;
1099         int cmlen = min_t(int, c->oobavail, OOB_CM_SIZE);
1100
1101         ops.mode = MTD_OOB_AUTO;
1102         ops.ooblen = cmlen;
1103         ops.oobbuf = (uint8_t *)&oob_cleanmarker;
1104         ops.len = ops.ooboffs = ops.retlen = ops.oobretlen = 0;
1105         ops.datbuf = NULL;
1106
1107         ret = c->mtd->write_oob(c->mtd, jeb->offset, &ops);
1108         if (ret || ops.oobretlen != ops.ooblen) {
1109                 printk(KERN_ERR "cannot write OOB for EB at %08x, requested %zd"
1110                                 " bytes, read %zd bytes, error %d\n",
1111                                 jeb->offset, ops.ooblen, ops.oobretlen, ret);
1112                 if (!ret)
1113                         ret = -EIO;
1114                 return ret;
1115         }
1116
1117         return 0;
1118 }
1119
1120 /*
1121  * On NAND we try to mark this block bad. If the block was erased more
1122  * than MAX_ERASE_FAILURES we mark it finaly bad.
1123  * Don't care about failures. This block remains on the erase-pending
1124  * or badblock list as long as nobody manipulates the flash with
1125  * a bootloader or something like that.
1126  */
1127
1128 int jffs2_write_nand_badblock(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, uint32_t bad_offset)
1129 {
1130         int     ret;
1131
1132         /* if the count is < max, we try to write the counter to the 2nd page oob area */
1133         if( ++jeb->bad_count < MAX_ERASE_FAILURES)
1134                 return 0;
1135
1136         if (!c->mtd->block_markbad)
1137                 return 1; // What else can we do?
1138
1139         printk(KERN_WARNING "JFFS2: marking eraseblock at %08x\n as bad", bad_offset);
1140         ret = c->mtd->block_markbad(c->mtd, bad_offset);
1141
1142         if (ret) {
1143                 D1(printk(KERN_WARNING "jffs2_write_nand_badblock(): Write failed for block at %08x: error %d\n", jeb->offset, ret));
1144                 return ret;
1145         }
1146         return 1;
1147 }
1148
1149 int jffs2_nand_flash_setup(struct jffs2_sb_info *c)
1150 {
1151         struct nand_ecclayout *oinfo = c->mtd->ecclayout;
1152
1153         if (!c->mtd->oobsize)
1154                 return 0;
1155
1156         /* Cleanmarker is out-of-band, so inline size zero */
1157         c->cleanmarker_size = 0;
1158
1159         if (!oinfo || oinfo->oobavail == 0) {
1160                 printk(KERN_ERR "inconsistent device description\n");
1161                 return -EINVAL;
1162         }
1163
1164         D1(printk(KERN_DEBUG "JFFS2 using OOB on NAND\n"));
1165
1166         c->oobavail = oinfo->oobavail;
1167
1168         /* Initialise write buffer */
1169         init_rwsem(&c->wbuf_sem);
1170         c->wbuf_pagesize = c->mtd->writesize;
1171         c->wbuf_ofs = 0xFFFFFFFF;
1172
1173         c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1174         if (!c->wbuf)
1175                 return -ENOMEM;
1176
1177         c->oobbuf = kmalloc(NR_OOB_SCAN_PAGES * c->oobavail, GFP_KERNEL);
1178         if (!c->oobbuf) {
1179                 kfree(c->wbuf);
1180                 return -ENOMEM;
1181         }
1182
1183 #ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1184         c->wbuf_verify = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1185         if (!c->wbuf_verify) {
1186                 kfree(c->oobbuf);
1187                 kfree(c->wbuf);
1188                 return -ENOMEM;
1189         }
1190 #endif
1191         return 0;
1192 }
1193
1194 void jffs2_nand_flash_cleanup(struct jffs2_sb_info *c)
1195 {
1196 #ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1197         kfree(c->wbuf_verify);
1198 #endif
1199         kfree(c->wbuf);
1200         kfree(c->oobbuf);
1201 }
1202
1203 int jffs2_dataflash_setup(struct jffs2_sb_info *c) {
1204         c->cleanmarker_size = 0;                /* No cleanmarkers needed */
1205
1206         /* Initialize write buffer */
1207         init_rwsem(&c->wbuf_sem);
1208
1209
1210         c->wbuf_pagesize =  c->mtd->erasesize;
1211
1212         /* Find a suitable c->sector_size
1213          * - Not too much sectors
1214          * - Sectors have to be at least 4 K + some bytes
1215          * - All known dataflashes have erase sizes of 528 or 1056
1216          * - we take at least 8 eraseblocks and want to have at least 8K size
1217          * - The concatenation should be a power of 2
1218         */
1219
1220         c->sector_size = 8 * c->mtd->erasesize;
1221
1222         while (c->sector_size < 8192) {
1223                 c->sector_size *= 2;
1224         }
1225
1226         /* It may be necessary to adjust the flash size */
1227         c->flash_size = c->mtd->size;
1228
1229         if ((c->flash_size % c->sector_size) != 0) {
1230                 c->flash_size = (c->flash_size / c->sector_size) * c->sector_size;
1231                 printk(KERN_WARNING "JFFS2 flash size adjusted to %dKiB\n", c->flash_size);
1232         };
1233
1234         c->wbuf_ofs = 0xFFFFFFFF;
1235         c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1236         if (!c->wbuf)
1237                 return -ENOMEM;
1238
1239 #ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1240         c->wbuf_verify = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1241         if (!c->wbuf_verify) {
1242                 kfree(c->oobbuf);
1243                 kfree(c->wbuf);
1244                 return -ENOMEM;
1245         }
1246 #endif
1247
1248         printk(KERN_INFO "JFFS2 write-buffering enabled buffer (%d) erasesize (%d)\n", c->wbuf_pagesize, c->sector_size);
1249
1250         return 0;
1251 }
1252
1253 void jffs2_dataflash_cleanup(struct jffs2_sb_info *c) {
1254 #ifdef CONFIG_JFFS2_FS_WBUF_VERIFY
1255         kfree(c->wbuf_verify);
1256 #endif
1257         kfree(c->wbuf);
1258 }
1259
1260 int jffs2_nor_wbuf_flash_setup(struct jffs2_sb_info *c) {
1261         /* Cleanmarker currently occupies whole programming regions,
1262          * either one or 2 for 8Byte STMicro flashes. */
1263         c->cleanmarker_size = max(16u, c->mtd->writesize);
1264
1265         /* Initialize write buffer */
1266         init_rwsem(&c->wbuf_sem);
1267         c->wbuf_pagesize = c->mtd->writesize;
1268         c->wbuf_ofs = 0xFFFFFFFF;
1269
1270         c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1271         if (!c->wbuf)
1272                 return -ENOMEM;
1273
1274         return 0;
1275 }
1276
1277 void jffs2_nor_wbuf_flash_cleanup(struct jffs2_sb_info *c) {
1278         kfree(c->wbuf);
1279 }
1280
1281 int jffs2_ubivol_setup(struct jffs2_sb_info *c) {
1282         c->cleanmarker_size = 0;
1283
1284         if (c->mtd->writesize == 1)
1285                 /* We do not need write-buffer */
1286                 return 0;
1287
1288         init_rwsem(&c->wbuf_sem);
1289
1290         c->wbuf_pagesize =  c->mtd->writesize;
1291         c->wbuf_ofs = 0xFFFFFFFF;
1292         c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1293         if (!c->wbuf)
1294                 return -ENOMEM;
1295
1296         printk(KERN_INFO "JFFS2 write-buffering enabled buffer (%d) erasesize (%d)\n", c->wbuf_pagesize, c->sector_size);
1297
1298         return 0;
1299 }
1300
1301 void jffs2_ubivol_cleanup(struct jffs2_sb_info *c) {
1302         kfree(c->wbuf);
1303 }