1 files changed, 29 insertions, 33 deletions
diff --git a/fs/jffs2/scan.c b/fs/jffs2/scan.c
index 7fb45bd4915c..2a1c976c7924 100644
--- a/fs/jffs2/scan.c
+++ b/fs/jffs2/scan.c
@@ -1,15 +1,14 @@
 /*
 * JFFS2 -- Journalling Flash File System, Version 2.
 *
- * Copyright (C) 2001-2003 Red Hat, Inc.
+ * Copyright © 2001-2007 Red Hat, Inc.
 *
 * Created by David Woodhouse <dwmw2@infradead.org>
 *
 * For licensing information, see the file 'LICENCE' in this directory.
 *
- * $Id: scan.c,v 1.125 2005/09/30 13:59:13 dedekind Exp $
- *
 */
 #include <linux/kernel.h>
 #include <linux/sched.h>
 #include <linux/slab.h>
@@ -636,16 +635,17 @@ scan_more:
                if (*(uint32_t *)(&buf[ofs-buf_ofs]) == 0xffffffff) {
                        uint32_t inbuf_ofs;
-                        uint32_t empty_start;
+                        uint32_t empty_start, scan_end;
                        empty_start = ofs;
                        ofs += 4;
+                        scan_end = min_t(uint32_t, EMPTY_SCAN_SIZE(c->sector_size)/8, buf_len);
                        D1(printk(KERN_DEBUG "Found empty flash at 0x%08x\n", ofs));
                more_empty:
                        inbuf_ofs = ofs - buf_ofs;
-                        while (inbuf_ofs < buf_len) {
+                        while (inbuf_ofs < scan_end) {
-                                if (*(uint32_t *)(&buf[inbuf_ofs]) != 0xffffffff) {
+                                if (unlikely(*(uint32_t *)(&buf[inbuf_ofs]) != 0xffffffff)) {
                                        printk(KERN_WARNING "Empty flash at 0x%08x ends at 0x%08x\n",
                                               empty_start, ofs);
                                        if ((err = jffs2_scan_dirty_space(c, jeb, ofs-empty_start)))
@@ -666,7 +666,11 @@ scan_more:
                                D1(printk(KERN_DEBUG "%d bytes at start of block seems clean... assuming all clean\n", EMPTY_SCAN_SIZE(c->sector_size)));
                                return BLK_STATE_CLEANMARKER;
                        }
+                        if (!buf_size && (scan_end != buf_len)) {/* XIP/point case */
+                                scan_end = buf_len;
+                                goto more_empty;
+                        }
+                        
                        /* See how much more there is to read in this eraseblock... */
                        buf_len = min_t(uint32_t, buf_size, jeb->offset + c->sector_size - ofs);
                        if (!buf_len) {
@@ -676,6 +680,8 @@ scan_more:
                                          empty_start));
                                break;
                        }
+                        /* point never reaches here */
+                        scan_end = buf_len;
                        D1(printk(KERN_DEBUG "Reading another 0x%x at 0x%08x\n", buf_len, ofs));
                        err = jffs2_fill_scan_buf(c, buf, ofs, buf_len);
                        if (err)
@@ -734,18 +740,8 @@ scan_more:
                        ofs += 4;
                        continue;
                }
-                /* Due to poor choice of crc32 seed, an all-zero node will have a correct CRC */
-                if (!je32_to_cpu(node->hdr_crc) && !je16_to_cpu(node->nodetype) &&
-                    !je16_to_cpu(node->magic) && !je32_to_cpu(node->totlen)) {
-                        noisy_printk(&noise, "jffs2_scan_eraseblock(): All zero node header at 0x%08x.\n", ofs);
-                        if ((err = jffs2_scan_dirty_space(c, jeb, 4)))
-                                return err;
-                        ofs += 4;
-                        continue;
-                }
-                if (ofs + je32_to_cpu(node->totlen) >
+                if (ofs + je32_to_cpu(node->totlen) > jeb->offset + c->sector_size) {
-                    jeb->offset + c->sector_size) {
                        /* Eep. Node goes over the end of the erase block. */
                        printk(KERN_WARNING "Node at 0x%08x with length 0x%08x would run over the end of the erase block\n",
                               ofs, je32_to_cpu(node->totlen));
@@ -952,8 +948,7 @@ static int jffs2_scan_inode_node(struct jffs2_sb_info *c, struct jffs2_erasebloc
                                 struct jffs2_raw_inode *ri, uint32_t ofs, struct jffs2_summary *s)
 {
        struct jffs2_inode_cache *ic;
-        uint32_t ino = je32_to_cpu(ri->ino);
+        uint32_t crc, ino = je32_to_cpu(ri->ino);
-        int err;
        D1(printk(KERN_DEBUG "jffs2_scan_inode_node(): Node at 0x%08x\n", ofs));
@@ -966,21 +961,22 @@ static int jffs2_scan_inode_node(struct jffs2_sb_info *c, struct jffs2_erasebloc
           Which means that the _full_ amount of time to get to proper write mode with GC
           operational may actually be _longer_ than before. Sucks to be me. */
+        /* Check the node CRC in any case. */
+        crc = crc32(0, ri, sizeof(*ri)-8);
+        if (crc != je32_to_cpu(ri->node_crc)) {
+                printk(KERN_NOTICE "jffs2_scan_inode_node(): CRC failed on "
+                       "node at 0x%08x: Read 0x%08x, calculated 0x%08x\n",
+                       ofs, je32_to_cpu(ri->node_crc), crc);
+                /*
+                 * We believe totlen because the CRC on the node
+                 * _header_ was OK, just the node itself failed.
+                 */
+                return jffs2_scan_dirty_space(c, jeb,
+                                              PAD(je32_to_cpu(ri->totlen)));
+        }
        ic = jffs2_get_ino_cache(c, ino);
        if (!ic) {
-                /* Inocache get failed. Either we read a bogus ino# or it's just genuinely the
-                   first node we found for this inode. Do a CRC check to protect against the former
-                   case */
-                uint32_t crc = crc32(0, ri, sizeof(*ri)-8);
-                if (crc != je32_to_cpu(ri->node_crc)) {
-                        printk(KERN_NOTICE "jffs2_scan_inode_node(): CRC failed on node at 0x%08x: Read 0x%08x, calculated 0x%08x\n",
-                               ofs, je32_to_cpu(ri->node_crc), crc);
-                        /* We believe totlen because the CRC on the node _header_ was OK, just the node itself failed. */
-                        if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(ri->totlen)))))
-                                return err;
-                        return 0;
-                }
                ic = jffs2_scan_make_ino_cache(c, ino);
                if (!ic)
                        return -ENOMEM;

diff --git a/fs/jffs2/scan.c b/fs/jffs2/scan.c index 7fb45bd4915c..2a1c976c7924 100644 --- a/fs/jffs2/scan.c +++ b/fs/jffs2/scan.c
@@ -1,15 +1,14 @@
1	/*	1	/*
2	* JFFS2 -- Journalling Flash File System, Version 2.	2	* JFFS2 -- Journalling Flash File System, Version 2.
3	*	3	*
4	* Copyright (C) 2001-2003 Red Hat, Inc.	4	* Copyright © 2001-2007 Red Hat, Inc.
5	*	5	*
6	* Created by David Woodhouse <dwmw2@infradead.org>	6	* Created by David Woodhouse <dwmw2@infradead.org>
7	*	7	*
8	* For licensing information, see the file 'LICENCE' in this directory.	8	* For licensing information, see the file 'LICENCE' in this directory.
9	*	9	*
10	* $Id: scan.c,v 1.125 2005/09/30 13:59:13 dedekind Exp $
11	*
12	*/	10	*/
		11
13	#include <linux/kernel.h>	12	#include <linux/kernel.h>
14	#include <linux/sched.h>	13	#include <linux/sched.h>
15	#include <linux/slab.h>	14	#include <linux/slab.h>
@@ -636,16 +635,17 @@ scan_more:
636		635
637	if ((uint32_t )(&buf[ofs-buf_ofs]) == 0xffffffff) {	636	if ((uint32_t )(&buf[ofs-buf_ofs]) == 0xffffffff) {
638	uint32_t inbuf_ofs;	637	uint32_t inbuf_ofs;
639	uint32_t empty_start;	638	uint32_t empty_start, scan_end;
640		639
641	empty_start = ofs;	640	empty_start = ofs;
642	ofs += 4;	641	ofs += 4;
		642	scan_end = min_t(uint32_t, EMPTY_SCAN_SIZE(c->sector_size)/8, buf_len);
643		643
644	D1(printk(KERN_DEBUG "Found empty flash at 0x%08x\n", ofs));	644	D1(printk(KERN_DEBUG "Found empty flash at 0x%08x\n", ofs));
645	more_empty:	645	more_empty:
646	inbuf_ofs = ofs - buf_ofs;	646	inbuf_ofs = ofs - buf_ofs;
647	while (inbuf_ofs < buf_len) {	647	while (inbuf_ofs < scan_end) {
648	if ((uint32_t )(&buf[inbuf_ofs]) != 0xffffffff) {	648	if (unlikely((uint32_t )(&buf[inbuf_ofs]) != 0xffffffff)) {
649	printk(KERN_WARNING "Empty flash at 0x%08x ends at 0x%08x\n",	649	printk(KERN_WARNING "Empty flash at 0x%08x ends at 0x%08x\n",
650	empty_start, ofs);	650	empty_start, ofs);
651	if ((err = jffs2_scan_dirty_space(c, jeb, ofs-empty_start)))	651	if ((err = jffs2_scan_dirty_space(c, jeb, ofs-empty_start)))
@@ -666,7 +666,11 @@ scan_more:
666	D1(printk(KERN_DEBUG "%d bytes at start of block seems clean... assuming all clean\n", EMPTY_SCAN_SIZE(c->sector_size)));	666	D1(printk(KERN_DEBUG "%d bytes at start of block seems clean... assuming all clean\n", EMPTY_SCAN_SIZE(c->sector_size)));
667	return BLK_STATE_CLEANMARKER;	667	return BLK_STATE_CLEANMARKER;
668	}	668	}
669		669	if (!buf_size && (scan_end != buf_len)) {/* XIP/point case */
		670	scan_end = buf_len;
		671	goto more_empty;
		672	}
		673
670	/* See how much more there is to read in this eraseblock... */	674	/* See how much more there is to read in this eraseblock... */
671	buf_len = min_t(uint32_t, buf_size, jeb->offset + c->sector_size - ofs);	675	buf_len = min_t(uint32_t, buf_size, jeb->offset + c->sector_size - ofs);
672	if (!buf_len) {	676	if (!buf_len) {
@@ -676,6 +680,8 @@ scan_more:
676	empty_start));	680	empty_start));
677	break;	681	break;
678	}	682	}
		683	/* point never reaches here */
		684	scan_end = buf_len;
679	D1(printk(KERN_DEBUG "Reading another 0x%x at 0x%08x\n", buf_len, ofs));	685	D1(printk(KERN_DEBUG "Reading another 0x%x at 0x%08x\n", buf_len, ofs));
680	err = jffs2_fill_scan_buf(c, buf, ofs, buf_len);	686	err = jffs2_fill_scan_buf(c, buf, ofs, buf_len);
681	if (err)	687	if (err)
@@ -734,18 +740,8 @@ scan_more:
734	ofs += 4;	740	ofs += 4;
735	continue;	741	continue;
736	}	742	}
737	/* Due to poor choice of crc32 seed, an all-zero node will have a correct CRC */
738	if (!je32_to_cpu(node->hdr_crc) && !je16_to_cpu(node->nodetype) &&
739	!je16_to_cpu(node->magic) && !je32_to_cpu(node->totlen)) {
740	noisy_printk(&noise, "jffs2_scan_eraseblock(): All zero node header at 0x%08x.\n", ofs);
741	if ((err = jffs2_scan_dirty_space(c, jeb, 4)))
742	return err;
743	ofs += 4;
744	continue;
745	}
746		743
747	if (ofs + je32_to_cpu(node->totlen) >	744	if (ofs + je32_to_cpu(node->totlen) > jeb->offset + c->sector_size) {
748	jeb->offset + c->sector_size) {
749	/* Eep. Node goes over the end of the erase block. */	745	/* Eep. Node goes over the end of the erase block. */
750	printk(KERN_WARNING "Node at 0x%08x with length 0x%08x would run over the end of the erase block\n",	746	printk(KERN_WARNING "Node at 0x%08x with length 0x%08x would run over the end of the erase block\n",
751	ofs, je32_to_cpu(node->totlen));	747	ofs, je32_to_cpu(node->totlen));
@@ -952,8 +948,7 @@ static int jffs2_scan_inode_node(struct jffs2_sb_info *c, struct jffs2_erasebloc
952	struct jffs2_raw_inode ri, uint32_t ofs, struct jffs2_summary s)	948	struct jffs2_raw_inode ri, uint32_t ofs, struct jffs2_summary s)
953	{	949	{
954	struct jffs2_inode_cache *ic;	950	struct jffs2_inode_cache *ic;
955	uint32_t ino = je32_to_cpu(ri->ino);	951	uint32_t crc, ino = je32_to_cpu(ri->ino);
956	int err;
957		952
958	D1(printk(KERN_DEBUG "jffs2_scan_inode_node(): Node at 0x%08x\n", ofs));	953	D1(printk(KERN_DEBUG "jffs2_scan_inode_node(): Node at 0x%08x\n", ofs));
959		954
@@ -966,21 +961,22 @@ static int jffs2_scan_inode_node(struct jffs2_sb_info *c, struct jffs2_erasebloc
966	Which means that the _full_ amount of time to get to proper write mode with GC	961	Which means that the _full_ amount of time to get to proper write mode with GC
967	operational may actually be _longer_ than before. Sucks to be me. */	962	operational may actually be _longer_ than before. Sucks to be me. */
968		963
		964	/* Check the node CRC in any case. */
		965	crc = crc32(0, ri, sizeof(*ri)-8);
		966	if (crc != je32_to_cpu(ri->node_crc)) {
		967	printk(KERN_NOTICE "jffs2_scan_inode_node(): CRC failed on "
		968	"node at 0x%08x: Read 0x%08x, calculated 0x%08x\n",
		969	ofs, je32_to_cpu(ri->node_crc), crc);
		970	/*
		971	* We believe totlen because the CRC on the node
		972	* _header_ was OK, just the node itself failed.
		973	*/
		974	return jffs2_scan_dirty_space(c, jeb,
		975	PAD(je32_to_cpu(ri->totlen)));
		976	}
		977
969	ic = jffs2_get_ino_cache(c, ino);	978	ic = jffs2_get_ino_cache(c, ino);
970	if (!ic) {	979	if (!ic) {
971	/* Inocache get failed. Either we read a bogus ino# or it's just genuinely the
972	first node we found for this inode. Do a CRC check to protect against the former
973	case */
974	uint32_t crc = crc32(0, ri, sizeof(*ri)-8);
975
976	if (crc != je32_to_cpu(ri->node_crc)) {
977	printk(KERN_NOTICE "jffs2_scan_inode_node(): CRC failed on node at 0x%08x: Read 0x%08x, calculated 0x%08x\n",
978	ofs, je32_to_cpu(ri->node_crc), crc);
979	/* We believe totlen because the CRC on the node _header_ was OK, just the node itself failed. */
980	if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(ri->totlen)))))
981	return err;
982	return 0;
983	}
984	ic = jffs2_scan_make_ino_cache(c, ino);	980	ic = jffs2_scan_make_ino_cache(c, ino);
985	if (!ic)	981	if (!ic)
986	return -ENOMEM;	982	return -ENOMEM;