[JFFS2] Check for all-zero node headers
[linux-2.6] / fs / jffs2 / nodelist.c
1 /*
2  * JFFS2 -- Journalling Flash File System, Version 2.
3  *
4  * Copyright (C) 2001-2003 Red Hat, Inc.
5  *
6  * Created by David Woodhouse <dwmw2@infradead.org>
7  *
8  * For licensing information, see the file 'LICENCE' in this directory.
9  *
10  * $Id: nodelist.c,v 1.115 2005/11/07 11:14:40 gleixner Exp $
11  *
12  */
13
14 #include <linux/kernel.h>
15 #include <linux/sched.h>
16 #include <linux/fs.h>
17 #include <linux/mtd/mtd.h>
18 #include <linux/rbtree.h>
19 #include <linux/crc32.h>
20 #include <linux/slab.h>
21 #include <linux/pagemap.h>
22 #include "nodelist.h"
23
24 static void jffs2_obsolete_node_frag(struct jffs2_sb_info *c,
25                                      struct jffs2_node_frag *this);
26
27 void jffs2_add_fd_to_list(struct jffs2_sb_info *c, struct jffs2_full_dirent *new, struct jffs2_full_dirent **list)
28 {
29         struct jffs2_full_dirent **prev = list;
30
31         dbg_dentlist("add dirent \"%s\", ino #%u\n", new->name, new->ino);
32
33         while ((*prev) && (*prev)->nhash <= new->nhash) {
34                 if ((*prev)->nhash == new->nhash && !strcmp((*prev)->name, new->name)) {
35                         /* Duplicate. Free one */
36                         if (new->version < (*prev)->version) {
37                                 dbg_dentlist("Eep! Marking new dirent node is obsolete, old is \"%s\", ino #%u\n",
38                                         (*prev)->name, (*prev)->ino);
39                                 jffs2_mark_node_obsolete(c, new->raw);
40                                 jffs2_free_full_dirent(new);
41                         } else {
42                                 dbg_dentlist("marking old dirent \"%s\", ino #%u bsolete\n",
43                                         (*prev)->name, (*prev)->ino);
44                                 new->next = (*prev)->next;
45                                 jffs2_mark_node_obsolete(c, ((*prev)->raw));
46                                 jffs2_free_full_dirent(*prev);
47                                 *prev = new;
48                         }
49                         return;
50                 }
51                 prev = &((*prev)->next);
52         }
53         new->next = *prev;
54         *prev = new;
55 }
56
57 void jffs2_truncate_fragtree(struct jffs2_sb_info *c, struct rb_root *list, uint32_t size)
58 {
59         struct jffs2_node_frag *frag = jffs2_lookup_node_frag(list, size);
60
61         dbg_fragtree("truncating fragtree to 0x%08x bytes\n", size);
62
63         /* We know frag->ofs <= size. That's what lookup does for us */
64         if (frag && frag->ofs != size) {
65                 if (frag->ofs+frag->size > size) {
66                         frag->size = size - frag->ofs;
67                 }
68                 frag = frag_next(frag);
69         }
70         while (frag && frag->ofs >= size) {
71                 struct jffs2_node_frag *next = frag_next(frag);
72
73                 frag_erase(frag, list);
74                 jffs2_obsolete_node_frag(c, frag);
75                 frag = next;
76         }
77
78         if (size == 0)
79                 return;
80
81         /*
82          * If the last fragment starts at the RAM page boundary, it is
83          * REF_PRISTINE irrespective of its size.
84          */
85         frag = frag_last(list);
86         if (frag->node && (frag->ofs & (PAGE_CACHE_SIZE - 1)) == 0) {
87                 dbg_fragtree2("marking the last fragment 0x%08x-0x%08x REF_PRISTINE.\n",
88                         frag->ofs, frag->ofs + frag->size);
89                 frag->node->raw->flash_offset = ref_offset(frag->node->raw) | REF_PRISTINE;
90         }
91 }
92
93 static void jffs2_obsolete_node_frag(struct jffs2_sb_info *c,
94                                      struct jffs2_node_frag *this)
95 {
96         if (this->node) {
97                 this->node->frags--;
98                 if (!this->node->frags) {
99                         /* The node has no valid frags left. It's totally obsoleted */
100                         dbg_fragtree2("marking old node @0x%08x (0x%04x-0x%04x) obsolete\n",
101                                 ref_offset(this->node->raw), this->node->ofs, this->node->ofs+this->node->size);
102                         jffs2_mark_node_obsolete(c, this->node->raw);
103                         jffs2_free_full_dnode(this->node);
104                 } else {
105                         dbg_fragtree2("marking old node @0x%08x (0x%04x-0x%04x) REF_NORMAL. frags is %d\n",
106                                 ref_offset(this->node->raw), this->node->ofs, this->node->ofs+this->node->size, this->node->frags);
107                         mark_ref_normal(this->node->raw);
108                 }
109
110         }
111         jffs2_free_node_frag(this);
112 }
113
114 static void jffs2_fragtree_insert(struct jffs2_node_frag *newfrag, struct jffs2_node_frag *base)
115 {
116         struct rb_node *parent = &base->rb;
117         struct rb_node **link = &parent;
118
119         dbg_fragtree2("insert frag (0x%04x-0x%04x)\n", newfrag->ofs, newfrag->ofs + newfrag->size);
120
121         while (*link) {
122                 parent = *link;
123                 base = rb_entry(parent, struct jffs2_node_frag, rb);
124
125                 if (newfrag->ofs > base->ofs)
126                         link = &base->rb.rb_right;
127                 else if (newfrag->ofs < base->ofs)
128                         link = &base->rb.rb_left;
129                 else {
130                         JFFS2_ERROR("duplicate frag at %08x (%p,%p)\n", newfrag->ofs, newfrag, base);
131                         BUG();
132                 }
133         }
134
135         rb_link_node(&newfrag->rb, &base->rb, link);
136 }
137
138 /*
139  * Allocate and initializes a new fragment.
140  */
141 static struct jffs2_node_frag * new_fragment(struct jffs2_full_dnode *fn, uint32_t ofs, uint32_t size)
142 {
143         struct jffs2_node_frag *newfrag;
144
145         newfrag = jffs2_alloc_node_frag();
146         if (likely(newfrag)) {
147                 newfrag->ofs = ofs;
148                 newfrag->size = size;
149                 newfrag->node = fn;
150         } else {
151                 JFFS2_ERROR("cannot allocate a jffs2_node_frag object\n");
152         }
153
154         return newfrag;
155 }
156
157 /*
158  * Called when there is no overlapping fragment exist. Inserts a hole before the new
159  * fragment and inserts the new fragment to the fragtree.
160  */
161 static int no_overlapping_node(struct jffs2_sb_info *c, struct rb_root *root,
162                                struct jffs2_node_frag *newfrag,
163                                struct jffs2_node_frag *this, uint32_t lastend)
164 {
165         if (lastend < newfrag->node->ofs) {
166                 /* put a hole in before the new fragment */
167                 struct jffs2_node_frag *holefrag;
168
169                 holefrag= new_fragment(NULL, lastend, newfrag->node->ofs - lastend);
170                 if (unlikely(!holefrag)) {
171                         jffs2_free_node_frag(newfrag);
172                         return -ENOMEM;
173                 }
174
175                 if (this) {
176                         /* By definition, the 'this' node has no right-hand child,
177                            because there are no frags with offset greater than it.
178                            So that's where we want to put the hole */
179                         dbg_fragtree2("add hole frag %#04x-%#04x on the right of the new frag.\n",
180                                 holefrag->ofs, holefrag->ofs + holefrag->size);
181                         rb_link_node(&holefrag->rb, &this->rb, &this->rb.rb_right);
182                 } else {
183                         dbg_fragtree2("Add hole frag %#04x-%#04x to the root of the tree.\n",
184                                 holefrag->ofs, holefrag->ofs + holefrag->size);
185                         rb_link_node(&holefrag->rb, NULL, &root->rb_node);
186                 }
187                 rb_insert_color(&holefrag->rb, root);
188                 this = holefrag;
189         }
190
191         if (this) {
192                 /* By definition, the 'this' node has no right-hand child,
193                    because there are no frags with offset greater than it.
194                    So that's where we want to put new fragment */
195                 dbg_fragtree2("add the new node at the right\n");
196                 rb_link_node(&newfrag->rb, &this->rb, &this->rb.rb_right);
197         } else {
198                 dbg_fragtree2("insert the new node at the root of the tree\n");
199                 rb_link_node(&newfrag->rb, NULL, &root->rb_node);
200         }
201         rb_insert_color(&newfrag->rb, root);
202
203         return 0;
204 }
205
206 /* Doesn't set inode->i_size */
207 static int jffs2_add_frag_to_fragtree(struct jffs2_sb_info *c, struct rb_root *root, struct jffs2_node_frag *newfrag)
208 {
209         struct jffs2_node_frag *this;
210         uint32_t lastend;
211
212         /* Skip all the nodes which are completed before this one starts */
213         this = jffs2_lookup_node_frag(root, newfrag->node->ofs);
214
215         if (this) {
216                 dbg_fragtree2("lookup gave frag 0x%04x-0x%04x; phys 0x%08x (*%p)\n",
217                           this->ofs, this->ofs+this->size, this->node?(ref_offset(this->node->raw)):0xffffffff, this);
218                 lastend = this->ofs + this->size;
219         } else {
220                 dbg_fragtree2("lookup gave no frag\n");
221                 lastend = 0;
222         }
223
224         /* See if we ran off the end of the fragtree */
225         if (lastend <= newfrag->ofs) {
226                 /* We did */
227
228                 /* Check if 'this' node was on the same page as the new node.
229                    If so, both 'this' and the new node get marked REF_NORMAL so
230                    the GC can take a look.
231                 */
232                 if (lastend && (lastend-1) >> PAGE_CACHE_SHIFT == newfrag->ofs >> PAGE_CACHE_SHIFT) {
233                         if (this->node)
234                                 mark_ref_normal(this->node->raw);
235                         mark_ref_normal(newfrag->node->raw);
236                 }
237
238                 return no_overlapping_node(c, root, newfrag, this, lastend);
239         }
240
241         if (this->node)
242                 dbg_fragtree2("dealing with frag %u-%u, phys %#08x(%d).\n",
243                 this->ofs, this->ofs + this->size,
244                 ref_offset(this->node->raw), ref_flags(this->node->raw));
245         else
246                 dbg_fragtree2("dealing with hole frag %u-%u.\n",
247                 this->ofs, this->ofs + this->size);
248
249         /* OK. 'this' is pointing at the first frag that newfrag->ofs at least partially obsoletes,
250          * - i.e. newfrag->ofs < this->ofs+this->size && newfrag->ofs >= this->ofs
251          */
252         if (newfrag->ofs > this->ofs) {
253                 /* This node isn't completely obsoleted. The start of it remains valid */
254
255                 /* Mark the new node and the partially covered node REF_NORMAL -- let
256                    the GC take a look at them */
257                 mark_ref_normal(newfrag->node->raw);
258                 if (this->node)
259                         mark_ref_normal(this->node->raw);
260
261                 if (this->ofs + this->size > newfrag->ofs + newfrag->size) {
262                         /* The new node splits 'this' frag into two */
263                         struct jffs2_node_frag *newfrag2;
264
265                         if (this->node)
266                                 dbg_fragtree2("split old frag 0x%04x-0x%04x, phys 0x%08x\n",
267                                         this->ofs, this->ofs+this->size, ref_offset(this->node->raw));
268                         else
269                                 dbg_fragtree2("split old hole frag 0x%04x-0x%04x\n",
270                                         this->ofs, this->ofs+this->size);
271
272                         /* New second frag pointing to this's node */
273                         newfrag2 = new_fragment(this->node, newfrag->ofs + newfrag->size,
274                                                 this->ofs + this->size - newfrag->ofs - newfrag->size);
275                         if (unlikely(!newfrag2))
276                                 return -ENOMEM;
277                         if (this->node)
278                                 this->node->frags++;
279
280                         /* Adjust size of original 'this' */
281                         this->size = newfrag->ofs - this->ofs;
282
283                         /* Now, we know there's no node with offset
284                            greater than this->ofs but smaller than
285                            newfrag2->ofs or newfrag->ofs, for obvious
286                            reasons. So we can do a tree insert from
287                            'this' to insert newfrag, and a tree insert
288                            from newfrag to insert newfrag2. */
289                         jffs2_fragtree_insert(newfrag, this);
290                         rb_insert_color(&newfrag->rb, root);
291
292                         jffs2_fragtree_insert(newfrag2, newfrag);
293                         rb_insert_color(&newfrag2->rb, root);
294
295                         return 0;
296                 }
297                 /* New node just reduces 'this' frag in size, doesn't split it */
298                 this->size = newfrag->ofs - this->ofs;
299
300                 /* Again, we know it lives down here in the tree */
301                 jffs2_fragtree_insert(newfrag, this);
302                 rb_insert_color(&newfrag->rb, root);
303         } else {
304                 /* New frag starts at the same point as 'this' used to. Replace
305                    it in the tree without doing a delete and insertion */
306                 dbg_fragtree2("inserting newfrag (*%p),%d-%d in before 'this' (*%p),%d-%d\n",
307                           newfrag, newfrag->ofs, newfrag->ofs+newfrag->size, this, this->ofs, this->ofs+this->size);
308
309                 rb_replace_node(&this->rb, &newfrag->rb, root);
310
311                 if (newfrag->ofs + newfrag->size >= this->ofs+this->size) {
312                         dbg_fragtree2("obsoleting node frag %p (%x-%x)\n", this, this->ofs, this->ofs+this->size);
313                         jffs2_obsolete_node_frag(c, this);
314                 } else {
315                         this->ofs += newfrag->size;
316                         this->size -= newfrag->size;
317
318                         jffs2_fragtree_insert(this, newfrag);
319                         rb_insert_color(&this->rb, root);
320                         return 0;
321                 }
322         }
323         /* OK, now we have newfrag added in the correct place in the tree, but
324            frag_next(newfrag) may be a fragment which is overlapped by it
325         */
326         while ((this = frag_next(newfrag)) && newfrag->ofs + newfrag->size >= this->ofs + this->size) {
327                 /* 'this' frag is obsoleted completely. */
328                 dbg_fragtree2("obsoleting node frag %p (%x-%x) and removing from tree\n",
329                         this, this->ofs, this->ofs+this->size);
330                 rb_erase(&this->rb, root);
331                 jffs2_obsolete_node_frag(c, this);
332         }
333         /* Now we're pointing at the first frag which isn't totally obsoleted by
334            the new frag */
335
336         if (!this || newfrag->ofs + newfrag->size == this->ofs)
337                 return 0;
338
339         /* Still some overlap but we don't need to move it in the tree */
340         this->size = (this->ofs + this->size) - (newfrag->ofs + newfrag->size);
341         this->ofs = newfrag->ofs + newfrag->size;
342
343         /* And mark them REF_NORMAL so the GC takes a look at them */
344         if (this->node)
345                 mark_ref_normal(this->node->raw);
346         mark_ref_normal(newfrag->node->raw);
347
348         return 0;
349 }
350
351 /*
352  * Given an inode, probably with existing tree of fragments, add the new node
353  * to the fragment tree.
354  */
355 int jffs2_add_full_dnode_to_inode(struct jffs2_sb_info *c, struct jffs2_inode_info *f, struct jffs2_full_dnode *fn)
356 {
357         int ret;
358         struct jffs2_node_frag *newfrag;
359
360         if (unlikely(!fn->size))
361                 return 0;
362
363         newfrag = new_fragment(fn, fn->ofs, fn->size);
364         if (unlikely(!newfrag))
365                 return -ENOMEM;
366         newfrag->node->frags = 1;
367
368         dbg_fragtree("adding node %#04x-%#04x @0x%08x on flash, newfrag *%p\n",
369                   fn->ofs, fn->ofs+fn->size, ref_offset(fn->raw), newfrag);
370
371         ret = jffs2_add_frag_to_fragtree(c, &f->fragtree, newfrag);
372         if (unlikely(ret))
373                 return ret;
374
375         /* If we now share a page with other nodes, mark either previous
376            or next node REF_NORMAL, as appropriate.  */
377         if (newfrag->ofs & (PAGE_CACHE_SIZE-1)) {
378                 struct jffs2_node_frag *prev = frag_prev(newfrag);
379
380                 mark_ref_normal(fn->raw);
381                 /* If we don't start at zero there's _always_ a previous */
382                 if (prev->node)
383                         mark_ref_normal(prev->node->raw);
384         }
385
386         if ((newfrag->ofs+newfrag->size) & (PAGE_CACHE_SIZE-1)) {
387                 struct jffs2_node_frag *next = frag_next(newfrag);
388
389                 if (next) {
390                         mark_ref_normal(fn->raw);
391                         if (next->node)
392                                 mark_ref_normal(next->node->raw);
393                 }
394         }
395         jffs2_dbg_fragtree_paranoia_check_nolock(f);
396
397         return 0;
398 }
399
400 /*
401  * Check the data CRC of the node.
402  *
403  * Returns: 0 if the data CRC is correct;
404  *          1 - if incorrect;
405  *          error code if an error occured.
406  */
407 static int check_node_data(struct jffs2_sb_info *c, struct jffs2_tmp_dnode_info *tn)
408 {
409         struct jffs2_raw_node_ref *ref = tn->fn->raw;
410         int err = 0, pointed = 0;
411         struct jffs2_eraseblock *jeb;
412         unsigned char *buffer;
413         uint32_t crc, ofs, len;
414         size_t retlen;
415
416         BUG_ON(tn->csize == 0);
417
418         if (!jffs2_is_writebuffered(c))
419                 goto adj_acc;
420
421         /* Calculate how many bytes were already checked */
422         ofs = ref_offset(ref) + sizeof(struct jffs2_raw_inode);
423         len = ofs % c->wbuf_pagesize;
424         if (likely(len))
425                 len = c->wbuf_pagesize - len;
426
427         if (len >= tn->csize) {
428                 dbg_readinode("no need to check node at %#08x, data length %u, data starts at %#08x - it has already been checked.\n",
429                         ref_offset(ref), tn->csize, ofs);
430                 goto adj_acc;
431         }
432
433         ofs += len;
434         len = tn->csize - len;
435
436         dbg_readinode("check node at %#08x, data length %u, partial CRC %#08x, correct CRC %#08x, data starts at %#08x, start checking from %#08x - %u bytes.\n",
437                 ref_offset(ref), tn->csize, tn->partial_crc, tn->data_crc, ofs - len, ofs, len);
438
439 #ifndef __ECOS
440         /* TODO: instead, incapsulate point() stuff to jffs2_flash_read(),
441          * adding and jffs2_flash_read_end() interface. */
442         if (c->mtd->point) {
443                 err = c->mtd->point(c->mtd, ofs, len, &retlen, &buffer);
444                 if (!err && retlen < tn->csize) {
445                         JFFS2_WARNING("MTD point returned len too short: %zu instead of %u.\n", retlen, tn->csize);
446                         c->mtd->unpoint(c->mtd, buffer, ofs, len);
447                 } else if (err)
448                         JFFS2_WARNING("MTD point failed: error code %d.\n", err);
449                 else
450                         pointed = 1; /* succefully pointed to device */
451         }
452 #endif
453
454         if (!pointed) {
455                 buffer = kmalloc(len, GFP_KERNEL);
456                 if (unlikely(!buffer))
457                         return -ENOMEM;
458
459                 /* TODO: this is very frequent pattern, make it a separate
460                  * routine */
461                 err = jffs2_flash_read(c, ofs, len, &retlen, buffer);
462                 if (err) {
463                         JFFS2_ERROR("can not read %d bytes from 0x%08x, error code: %d.\n", len, ofs, err);
464                         goto free_out;
465                 }
466
467                 if (retlen != len) {
468                         JFFS2_ERROR("short read at %#08x: %zd instead of %d.\n", ofs, retlen, len);
469                         err = -EIO;
470                         goto free_out;
471                 }
472         }
473
474         /* Continue calculating CRC */
475         crc = crc32(tn->partial_crc, buffer, len);
476         if(!pointed)
477                 kfree(buffer);
478 #ifndef __ECOS
479         else
480                 c->mtd->unpoint(c->mtd, buffer, ofs, len);
481 #endif
482
483         if (crc != tn->data_crc) {
484                 JFFS2_NOTICE("wrong data CRC in data node at 0x%08x: read %#08x, calculated %#08x.\n",
485                         ofs, tn->data_crc, crc);
486                 return 1;
487         }
488
489 adj_acc:
490         jeb = &c->blocks[ref->flash_offset / c->sector_size];
491         len = ref_totlen(c, jeb, ref);
492
493         /*
494          * Mark the node as having been checked and fix the
495          * accounting accordingly.
496          */
497         spin_lock(&c->erase_completion_lock);
498         jeb->used_size += len;
499         jeb->unchecked_size -= len;
500         c->used_size += len;
501         c->unchecked_size -= len;
502         spin_unlock(&c->erase_completion_lock);
503
504         return 0;
505
506 free_out:
507         if(!pointed)
508                 kfree(buffer);
509 #ifndef __ECOS
510         else
511                 c->mtd->unpoint(c->mtd, buffer, ofs, len);
512 #endif
513         return err;
514 }
515
516 /*
517  * Helper function for jffs2_add_older_frag_to_fragtree().
518  *
519  * Checks the node if we are in the checking stage.
520  */
521 static int check_node(struct jffs2_sb_info *c, struct jffs2_inode_info *f, struct jffs2_tmp_dnode_info *tn)
522 {
523         int ret;
524
525         BUG_ON(ref_obsolete(tn->fn->raw));
526
527         /* We only check the data CRC of unchecked nodes */
528         if (ref_flags(tn->fn->raw) != REF_UNCHECKED)
529                 return 0;
530
531         dbg_fragtree2("check node %#04x-%#04x, phys offs %#08x.\n",
532                 tn->fn->ofs, tn->fn->ofs + tn->fn->size, ref_offset(tn->fn->raw));
533
534         ret = check_node_data(c, tn);
535         if (unlikely(ret < 0)) {
536                 JFFS2_ERROR("check_node_data() returned error: %d.\n",
537                         ret);
538         } else if (unlikely(ret > 0)) {
539                 dbg_fragtree2("CRC error, mark it obsolete.\n");
540                 jffs2_mark_node_obsolete(c, tn->fn->raw);
541         }
542
543         return ret;
544 }
545
546 /*
547  * Helper function for jffs2_add_older_frag_to_fragtree().
548  *
549  * Called when the new fragment that is being inserted
550  * splits a hole fragment.
551  */
552 static int split_hole(struct jffs2_sb_info *c, struct rb_root *root,
553                       struct jffs2_node_frag *newfrag, struct jffs2_node_frag *hole)
554 {
555         dbg_fragtree2("fragment %#04x-%#04x splits the hole %#04x-%#04x\n",
556                 newfrag->ofs, newfrag->ofs + newfrag->size, hole->ofs, hole->ofs + hole->size);
557
558         if (hole->ofs == newfrag->ofs) {
559                 /*
560                  * Well, the new fragment actually starts at the same offset as
561                  * the hole.
562                  */
563                 if (hole->ofs + hole->size > newfrag->ofs + newfrag->size) {
564                         /*
565                          * We replace the overlapped left part of the hole by
566                          * the new node.
567                          */
568
569                         dbg_fragtree2("insert fragment %#04x-%#04x and cut the left part of the hole\n",
570                                 newfrag->ofs, newfrag->ofs + newfrag->size);
571                         rb_replace_node(&hole->rb, &newfrag->rb, root);
572
573                         hole->ofs += newfrag->size;
574                         hole->size -= newfrag->size;
575
576                         /*
577                          * We know that 'hole' should be the right hand
578                          * fragment.
579                          */
580                         jffs2_fragtree_insert(hole, newfrag);
581                         rb_insert_color(&hole->rb, root);
582                 } else {
583                         /*
584                          * Ah, the new fragment is of the same size as the hole.
585                          * Relace the hole by it.
586                          */
587                         dbg_fragtree2("insert fragment %#04x-%#04x and overwrite hole\n",
588                                 newfrag->ofs, newfrag->ofs + newfrag->size);
589                         rb_replace_node(&hole->rb, &newfrag->rb, root);
590                         jffs2_free_node_frag(hole);
591                 }
592         } else {
593                 /* The new fragment lefts some hole space at the left */
594
595                 struct jffs2_node_frag * newfrag2 = NULL;
596
597                 if (hole->ofs + hole->size > newfrag->ofs + newfrag->size) {
598                         /* The new frag also lefts some space at the right */
599                         newfrag2 = new_fragment(NULL, newfrag->ofs +
600                                 newfrag->size, hole->ofs + hole->size
601                                 - newfrag->ofs - newfrag->size);
602                         if (unlikely(!newfrag2)) {
603                                 jffs2_free_node_frag(newfrag);
604                                 return -ENOMEM;
605                         }
606                 }
607
608                 hole->size = newfrag->ofs - hole->ofs;
609                 dbg_fragtree2("left the hole %#04x-%#04x at the left and inserd fragment %#04x-%#04x\n",
610                         hole->ofs, hole->ofs + hole->size, newfrag->ofs, newfrag->ofs + newfrag->size);
611
612                 jffs2_fragtree_insert(newfrag, hole);
613                 rb_insert_color(&newfrag->rb, root);
614
615                 if (newfrag2) {
616                         dbg_fragtree2("left the hole %#04x-%#04x at the right\n",
617                                 newfrag2->ofs, newfrag2->ofs + newfrag2->size);
618                         jffs2_fragtree_insert(newfrag2, newfrag);
619                         rb_insert_color(&newfrag2->rb, root);
620                 }
621         }
622
623         return 0;
624 }
625
626 /*
627  * This function is used when we build inode. It expects the nodes are passed
628  * in the decreasing version order. The whole point of this is to improve the
629  * inodes checking on NAND: we check the nodes' data CRC only when they are not
630  * obsoleted. Previously, add_frag_to_fragtree() function was used and
631  * nodes were passed to it in the increasing version ordes and CRCs of all
632  * nodes were checked.
633  *
634  * Note: tn->fn->size shouldn't be zero.
635  *
636  * Returns 0 if the node was inserted
637  *         1 if it wasn't inserted (since it is obsolete)
638  *         < 0 an if error occured
639  */
640 int jffs2_add_older_frag_to_fragtree(struct jffs2_sb_info *c, struct jffs2_inode_info *f,
641                                      struct jffs2_tmp_dnode_info *tn)
642 {
643         struct jffs2_node_frag *this, *newfrag;
644         uint32_t lastend;
645         struct jffs2_full_dnode *fn = tn->fn;
646         struct rb_root *root = &f->fragtree;
647         uint32_t fn_size = fn->size, fn_ofs = fn->ofs;
648         int err, checked = 0;
649         int ref_flag;
650
651         dbg_fragtree("insert fragment %#04x-%#04x, ver %u\n", fn_ofs, fn_ofs + fn_size, tn->version);
652
653         /* Skip all the nodes which are completed before this one starts */
654         this = jffs2_lookup_node_frag(root, fn_ofs);
655         if (this)
656                 dbg_fragtree2("'this' found %#04x-%#04x (%s)\n", this->ofs, this->ofs + this->size, this->node ? "data" : "hole");
657
658         if (this)
659                 lastend = this->ofs + this->size;
660         else
661                 lastend = 0;
662
663         /* Detect the preliminary type of node */
664         if (fn->size >= PAGE_CACHE_SIZE)
665                 ref_flag = REF_PRISTINE;
666         else
667                 ref_flag = REF_NORMAL;
668
669         /* See if we ran off the end of the root */
670         if (lastend <= fn_ofs) {
671                 /* We did */
672
673                 /*
674                  * We are going to insert the new node into the
675                  * fragment tree, so check it.
676                  */
677                 err = check_node(c, f, tn);
678                 if (err != 0)
679                         return err;
680
681                 fn->frags = 1;
682
683                 newfrag = new_fragment(fn, fn_ofs, fn_size);
684                 if (unlikely(!newfrag))
685                         return -ENOMEM;
686
687                 err = no_overlapping_node(c, root, newfrag, this, lastend);
688                 if (unlikely(err != 0)) {
689                         jffs2_free_node_frag(newfrag);
690                         return err;
691                 }
692
693                 goto out_ok;
694         }
695
696         fn->frags = 0;
697
698         while (1) {
699                 /*
700                  * Here we have:
701                  * fn_ofs < this->ofs + this->size && fn_ofs >= this->ofs.
702                  *
703                  * Remember, 'this' has higher version, any non-hole node
704                  * which is already in the fragtree is newer then the newly
705                  * inserted.
706                  */
707                 if (!this->node) {
708                         /*
709                          * 'this' is the hole fragment, so at least the
710                          * beginning of the new fragment is valid.
711                          */
712
713                         /*
714                          * We are going to insert the new node into the
715                          * fragment tree, so check it.
716                          */
717                         if (!checked) {
718                                 err = check_node(c, f, tn);
719                                 if (unlikely(err != 0))
720                                         return err;
721                                 checked = 1;
722                         }
723
724                         if (this->ofs + this->size >= fn_ofs + fn_size) {
725                                 /* We split the hole on two parts */
726
727                                 fn->frags += 1;
728                                 newfrag = new_fragment(fn, fn_ofs, fn_size);
729                                 if (unlikely(!newfrag))
730                                         return -ENOMEM;
731
732                                 err = split_hole(c, root, newfrag, this);
733                                 if (unlikely(err))
734                                         return err;
735                                 goto out_ok;
736                         }
737
738                         /*
739                          * The beginning of the new fragment is valid since it
740                          * overlaps the hole node.
741                          */
742
743                         ref_flag = REF_NORMAL;
744
745                         fn->frags += 1;
746                         newfrag = new_fragment(fn, fn_ofs,
747                                         this->ofs + this->size - fn_ofs);
748                         if (unlikely(!newfrag))
749                                 return -ENOMEM;
750
751                         if (fn_ofs == this->ofs) {
752                                 /*
753                                  * The new node starts at the same offset as
754                                  * the hole and supersieds the hole.
755                                  */
756                                 dbg_fragtree2("add the new fragment instead of hole %#04x-%#04x, refcnt %d\n",
757                                         fn_ofs, fn_ofs + this->ofs + this->size - fn_ofs, fn->frags);
758
759                                 rb_replace_node(&this->rb, &newfrag->rb, root);
760                                 jffs2_free_node_frag(this);
761                         } else {
762                                 /*
763                                  * The hole becomes shorter as its right part
764                                  * is supersieded by the new fragment.
765                                  */
766                                 dbg_fragtree2("reduce size of hole %#04x-%#04x to %#04x-%#04x\n",
767                                         this->ofs, this->ofs + this->size, this->ofs, this->ofs + this->size - newfrag->size);
768
769                                 dbg_fragtree2("add new fragment %#04x-%#04x, refcnt %d\n", fn_ofs,
770                                         fn_ofs + this->ofs + this->size - fn_ofs, fn->frags);
771
772                                 this->size -= newfrag->size;
773                                 jffs2_fragtree_insert(newfrag, this);
774                                 rb_insert_color(&newfrag->rb, root);
775                         }
776
777                         fn_ofs += newfrag->size;
778                         fn_size -= newfrag->size;
779                         this = rb_entry(rb_next(&newfrag->rb),
780                                         struct jffs2_node_frag, rb);
781
782                         dbg_fragtree2("switch to the next 'this' fragment: %#04x-%#04x %s\n",
783                                 this->ofs, this->ofs + this->size, this->node ? "(data)" : "(hole)");
784                 }
785
786                 /*
787                  * 'This' node is not the hole so it obsoletes the new fragment
788                  * either fully or partially.
789                  */
790                 if (this->ofs + this->size >= fn_ofs + fn_size) {
791                         /* The new node is obsolete, drop it */
792                         if (fn->frags == 0) {
793                                 dbg_fragtree2("%#04x-%#04x is obsolete, mark it obsolete\n", fn_ofs, fn_ofs + fn_size);
794                                 ref_flag = REF_OBSOLETE;
795                         }
796                         goto out_ok;
797                 } else {
798                         struct jffs2_node_frag *new_this;
799
800                         /* 'This' node obsoletes the beginning of the new node */
801                         dbg_fragtree2("the beginning %#04x-%#04x is obsolete\n", fn_ofs, this->ofs + this->size);
802
803                         ref_flag = REF_NORMAL;
804
805                         fn_size -= this->ofs + this->size - fn_ofs;
806                         fn_ofs = this->ofs + this->size;
807                         dbg_fragtree2("now considering %#04x-%#04x\n", fn_ofs, fn_ofs + fn_size);
808
809                         new_this = rb_entry(rb_next(&this->rb), struct jffs2_node_frag, rb);
810                         if (!new_this) {
811                                 /*
812                                  * There is no next fragment. Add the rest of
813                                  * the new node as the right-hand child.
814                                  */
815                                 if (!checked) {
816                                         err = check_node(c, f, tn);
817                                         if (unlikely(err != 0))
818                                                 return err;
819                                         checked = 1;
820                                 }
821
822                                 fn->frags += 1;
823                                 newfrag = new_fragment(fn, fn_ofs, fn_size);
824                                 if (unlikely(!newfrag))
825                                         return -ENOMEM;
826
827                                 dbg_fragtree2("there are no more fragments, insert %#04x-%#04x\n",
828                                         newfrag->ofs, newfrag->ofs + newfrag->size);
829                                 rb_link_node(&newfrag->rb, &this->rb, &this->rb.rb_right);
830                                 rb_insert_color(&newfrag->rb, root);
831                                 goto out_ok;
832                         } else {
833                                 this = new_this;
834                                 dbg_fragtree2("switch to the next 'this' fragment: %#04x-%#04x %s\n",
835                                         this->ofs, this->ofs + this->size, this->node ? "(data)" : "(hole)");
836                         }
837                 }
838         }
839
840 out_ok:
841         BUG_ON(fn->size < PAGE_CACHE_SIZE && ref_flag == REF_PRISTINE);
842
843         if (ref_flag == REF_OBSOLETE) {
844                 dbg_fragtree2("the node is obsolete now\n");
845                 /* jffs2_mark_node_obsolete() will adjust space accounting */
846                 jffs2_mark_node_obsolete(c, fn->raw);
847                 return 1;
848         }
849
850         dbg_fragtree2("the node is \"%s\" now\n", ref_flag == REF_NORMAL ? "REF_NORMAL" : "REF_PRISTINE");
851
852         /* Space accounting was adjusted at check_node_data() */
853         spin_lock(&c->erase_completion_lock);
854         fn->raw->flash_offset = ref_offset(fn->raw) | ref_flag;
855         spin_unlock(&c->erase_completion_lock);
856
857         return 0;
858 }
859
860 void jffs2_set_inocache_state(struct jffs2_sb_info *c, struct jffs2_inode_cache *ic, int state)
861 {
862         spin_lock(&c->inocache_lock);
863         ic->state = state;
864         wake_up(&c->inocache_wq);
865         spin_unlock(&c->inocache_lock);
866 }
867
868 /* During mount, this needs no locking. During normal operation, its
869    callers want to do other stuff while still holding the inocache_lock.
870    Rather than introducing special case get_ino_cache functions or
871    callbacks, we just let the caller do the locking itself. */
872
873 struct jffs2_inode_cache *jffs2_get_ino_cache(struct jffs2_sb_info *c, uint32_t ino)
874 {
875         struct jffs2_inode_cache *ret;
876
877         ret = c->inocache_list[ino % INOCACHE_HASHSIZE];
878         while (ret && ret->ino < ino) {
879                 ret = ret->next;
880         }
881
882         if (ret && ret->ino != ino)
883                 ret = NULL;
884
885         return ret;
886 }
887
888 void jffs2_add_ino_cache (struct jffs2_sb_info *c, struct jffs2_inode_cache *new)
889 {
890         struct jffs2_inode_cache **prev;
891
892         spin_lock(&c->inocache_lock);
893         if (!new->ino)
894                 new->ino = ++c->highest_ino;
895
896         dbg_inocache("add %p (ino #%u)\n", new, new->ino);
897
898         prev = &c->inocache_list[new->ino % INOCACHE_HASHSIZE];
899
900         while ((*prev) && (*prev)->ino < new->ino) {
901                 prev = &(*prev)->next;
902         }
903         new->next = *prev;
904         *prev = new;
905
906         spin_unlock(&c->inocache_lock);
907 }
908
909 void jffs2_del_ino_cache(struct jffs2_sb_info *c, struct jffs2_inode_cache *old)
910 {
911         struct jffs2_inode_cache **prev;
912
913 #ifdef CONFIG_JFFS2_FS_XATTR
914         BUG_ON(old->xref);
915 #endif
916         dbg_inocache("del %p (ino #%u)\n", old, old->ino);
917         spin_lock(&c->inocache_lock);
918
919         prev = &c->inocache_list[old->ino % INOCACHE_HASHSIZE];
920
921         while ((*prev) && (*prev)->ino < old->ino) {
922                 prev = &(*prev)->next;
923         }
924         if ((*prev) == old) {
925                 *prev = old->next;
926         }
927
928         /* Free it now unless it's in READING or CLEARING state, which
929            are the transitions upon read_inode() and clear_inode(). The
930            rest of the time we know nobody else is looking at it, and
931            if it's held by read_inode() or clear_inode() they'll free it
932            for themselves. */
933         if (old->state != INO_STATE_READING && old->state != INO_STATE_CLEARING)
934                 jffs2_free_inode_cache(old);
935
936         spin_unlock(&c->inocache_lock);
937 }
938
939 void jffs2_free_ino_caches(struct jffs2_sb_info *c)
940 {
941         int i;
942         struct jffs2_inode_cache *this, *next;
943
944         for (i=0; i<INOCACHE_HASHSIZE; i++) {
945                 this = c->inocache_list[i];
946                 while (this) {
947                         next = this->next;
948                         jffs2_xattr_free_inode(c, this);
949                         jffs2_free_inode_cache(this);
950                         this = next;
951                 }
952                 c->inocache_list[i] = NULL;
953         }
954 }
955
956 void jffs2_free_raw_node_refs(struct jffs2_sb_info *c)
957 {
958         int i;
959         struct jffs2_raw_node_ref *this, *next;
960
961         for (i=0; i<c->nr_blocks; i++) {
962                 this = c->blocks[i].first_node;
963                 while (this) {
964                         if (this[REFS_PER_BLOCK].flash_offset == REF_LINK_NODE)
965                                 next = this[REFS_PER_BLOCK].next_in_ino;
966                         else
967                                 next = NULL;
968
969                         jffs2_free_refblock(this);
970                         this = next;
971                 }
972                 c->blocks[i].first_node = c->blocks[i].last_node = NULL;
973         }
974 }
975
976 struct jffs2_node_frag *jffs2_lookup_node_frag(struct rb_root *fragtree, uint32_t offset)
977 {
978         /* The common case in lookup is that there will be a node
979            which precisely matches. So we go looking for that first */
980         struct rb_node *next;
981         struct jffs2_node_frag *prev = NULL;
982         struct jffs2_node_frag *frag = NULL;
983
984         dbg_fragtree2("root %p, offset %d\n", fragtree, offset);
985
986         next = fragtree->rb_node;
987
988         while(next) {
989                 frag = rb_entry(next, struct jffs2_node_frag, rb);
990
991                 if (frag->ofs + frag->size <= offset) {
992                         /* Remember the closest smaller match on the way down */
993                         if (!prev || frag->ofs > prev->ofs)
994                                 prev = frag;
995                         next = frag->rb.rb_right;
996                 } else if (frag->ofs > offset) {
997                         next = frag->rb.rb_left;
998                 } else {
999                         return frag;
1000                 }
1001         }
1002
1003         /* Exact match not found. Go back up looking at each parent,
1004            and return the closest smaller one */
1005
1006         if (prev)
1007                 dbg_fragtree2("no match. Returning frag %#04x-%#04x, closest previous\n",
1008                           prev->ofs, prev->ofs+prev->size);
1009         else
1010                 dbg_fragtree2("returning NULL, empty fragtree\n");
1011
1012         return prev;
1013 }
1014
1015 /* Pass 'c' argument to indicate that nodes should be marked obsolete as
1016    they're killed. */
1017 void jffs2_kill_fragtree(struct rb_root *root, struct jffs2_sb_info *c)
1018 {
1019         struct jffs2_node_frag *frag;
1020         struct jffs2_node_frag *parent;
1021
1022         if (!root->rb_node)
1023                 return;
1024
1025         dbg_fragtree("killing\n");
1026
1027         frag = (rb_entry(root->rb_node, struct jffs2_node_frag, rb));
1028         while(frag) {
1029                 if (frag->rb.rb_left) {
1030                         frag = frag_left(frag);
1031                         continue;
1032                 }
1033                 if (frag->rb.rb_right) {
1034                         frag = frag_right(frag);
1035                         continue;
1036                 }
1037
1038                 if (frag->node && !(--frag->node->frags)) {
1039                         /* Not a hole, and it's the final remaining frag
1040                            of this node. Free the node */
1041                         if (c)
1042                                 jffs2_mark_node_obsolete(c, frag->node->raw);
1043
1044                         jffs2_free_full_dnode(frag->node);
1045                 }
1046                 parent = frag_parent(frag);
1047                 if (parent) {
1048                         if (frag_left(parent) == frag)
1049                                 parent->rb.rb_left = NULL;
1050                         else
1051                                 parent->rb.rb_right = NULL;
1052                 }
1053
1054                 jffs2_free_node_frag(frag);
1055                 frag = parent;
1056
1057                 cond_resched();
1058         }
1059 }
1060
1061 struct jffs2_raw_node_ref *jffs2_link_node_ref(struct jffs2_sb_info *c,
1062                                                struct jffs2_eraseblock *jeb,
1063                                                uint32_t ofs, uint32_t len,
1064                                                struct jffs2_inode_cache *ic)
1065 {
1066         struct jffs2_raw_node_ref *ref;
1067
1068         BUG_ON(!jeb->allocated_refs);
1069         jeb->allocated_refs--;
1070
1071         ref = jeb->last_node;
1072
1073         dbg_noderef("Last node at %p is (%08x,%p)\n", ref, ref->flash_offset,
1074                     ref->next_in_ino);
1075
1076         while (ref->flash_offset != REF_EMPTY_NODE) {
1077                 if (ref->flash_offset == REF_LINK_NODE)
1078                         ref = ref->next_in_ino;
1079                 else
1080                         ref++;
1081         }
1082
1083         dbg_noderef("New ref is %p (%08x becomes %08x,%p) len 0x%x\n", ref, 
1084                     ref->flash_offset, ofs, ref->next_in_ino, len);
1085
1086         ref->flash_offset = ofs;
1087
1088         if (!jeb->first_node) {
1089                 jeb->first_node = ref;
1090                 BUG_ON(ref_offset(ref) != jeb->offset);
1091         } else if (unlikely(ref_offset(ref) != jeb->offset + c->sector_size - jeb->free_size)) {
1092                 uint32_t last_len = ref_totlen(c, jeb, jeb->last_node);
1093
1094                 JFFS2_ERROR("Adding new ref %p at (0x%08x-0x%08x) not immediately after previous (0x%08x-0x%08x)\n",
1095                             ref, ref_offset(ref), ref_offset(ref)+len,
1096                             ref_offset(jeb->last_node), 
1097                             ref_offset(jeb->last_node)+last_len);
1098                 BUG();
1099         }
1100         jeb->last_node = ref;
1101
1102         if (ic) {
1103                 ref->next_in_ino = ic->nodes;
1104                 ic->nodes = ref;
1105         } else {
1106                 ref->next_in_ino = NULL;
1107         }
1108
1109         switch(ref_flags(ref)) {
1110         case REF_UNCHECKED:
1111                 c->unchecked_size += len;
1112                 jeb->unchecked_size += len;
1113                 break;
1114
1115         case REF_NORMAL:
1116         case REF_PRISTINE:
1117                 c->used_size += len;
1118                 jeb->used_size += len;
1119                 break;
1120
1121         case REF_OBSOLETE:
1122                 c->dirty_size += len;
1123                 jeb->dirty_size += len;
1124                 break;
1125         }
1126         c->free_size -= len;
1127         jeb->free_size -= len;
1128
1129 #ifdef TEST_TOTLEN
1130         /* Set (and test) __totlen field... for now */
1131         ref->__totlen = len;
1132         ref_totlen(c, jeb, ref);
1133 #endif
1134         return ref;
1135 }
1136
1137 /* No locking, no reservation of 'ref'. Do not use on a live file system */
1138 int jffs2_scan_dirty_space(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb,
1139                            uint32_t size)
1140 {
1141         if (!size)
1142                 return 0;
1143         if (unlikely(size > jeb->free_size)) {
1144                 printk(KERN_CRIT "Dirty space 0x%x larger then free_size 0x%x (wasted 0x%x)\n",
1145                        size, jeb->free_size, jeb->wasted_size);
1146                 BUG();
1147         }
1148         /* REF_EMPTY_NODE is !obsolete, so that works OK */
1149         if (jeb->last_node && ref_obsolete(jeb->last_node)) {
1150 #ifdef TEST_TOTLEN
1151                 jeb->last_node->__totlen += size;
1152 #endif
1153                 c->dirty_size += size;
1154                 c->free_size -= size;
1155                 jeb->dirty_size += size;
1156                 jeb->free_size -= size;
1157         } else {
1158                 uint32_t ofs = jeb->offset + c->sector_size - jeb->free_size;
1159                 ofs |= REF_OBSOLETE;
1160
1161                 jffs2_link_node_ref(c, jeb, ofs, size, NULL);
1162         }
1163
1164         return 0;
1165 }
1166
1167 /* Calculate totlen from surrounding nodes or eraseblock */
1168 static inline uint32_t __ref_totlen(struct jffs2_sb_info *c,
1169                                     struct jffs2_eraseblock *jeb,
1170                                     struct jffs2_raw_node_ref *ref)
1171 {
1172         uint32_t ref_end;
1173         struct jffs2_raw_node_ref *next_ref = ref_next(ref);
1174
1175         if (next_ref)
1176                 ref_end = ref_offset(next_ref);
1177         else {
1178                 if (!jeb)
1179                         jeb = &c->blocks[ref->flash_offset / c->sector_size];
1180
1181                 /* Last node in block. Use free_space */
1182                 if (unlikely(ref != jeb->last_node)) {
1183                         printk(KERN_CRIT "ref %p @0x%08x is not jeb->last_node (%p @0x%08x)\n",
1184                                ref, ref_offset(ref), jeb->last_node, jeb->last_node?ref_offset(jeb->last_node):0);
1185                         BUG();
1186                 }
1187                 ref_end = jeb->offset + c->sector_size - jeb->free_size;
1188         }
1189         return ref_end - ref_offset(ref);
1190 }
1191
1192 uint32_t __jffs2_ref_totlen(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb,
1193                             struct jffs2_raw_node_ref *ref)
1194 {
1195         uint32_t ret;
1196
1197         ret = __ref_totlen(c, jeb, ref);
1198
1199 #ifdef TEST_TOTLEN
1200         if (unlikely(ret != ref->__totlen)) {
1201                 if (!jeb)
1202                         jeb = &c->blocks[ref->flash_offset / c->sector_size];
1203
1204                 printk(KERN_CRIT "Totlen for ref at %p (0x%08x-0x%08x) miscalculated as 0x%x instead of %x\n",
1205                        ref, ref_offset(ref), ref_offset(ref)+ref->__totlen,
1206                        ret, ref->__totlen);
1207                 if (ref_next(ref)) {
1208                         printk(KERN_CRIT "next %p (0x%08x-0x%08x)\n", ref_next(ref), ref_offset(ref_next(ref)),
1209                                ref_offset(ref_next(ref))+ref->__totlen);
1210                 } else 
1211                         printk(KERN_CRIT "No next ref. jeb->last_node is %p\n", jeb->last_node);
1212
1213                 printk(KERN_CRIT "jeb->wasted_size %x, dirty_size %x, used_size %x, free_size %x\n", jeb->wasted_size, jeb->dirty_size, jeb->used_size, jeb->free_size);
1214
1215 #if defined(JFFS2_DBG_DUMPS) || defined(JFFS2_DBG_PARANOIA_CHECKS)
1216                 __jffs2_dbg_dump_node_refs_nolock(c, jeb);
1217 #endif
1218
1219                 WARN_ON(1);
1220
1221                 ret = ref->__totlen;
1222         }
1223 #endif /* TEST_TOTLEN */
1224         return ret;
1225 }