aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
Diffstat (limited to 'fs')
-rw-r--r--fs/9p/fcall.c21
-rw-r--r--fs/9p/mux.c222
-rw-r--r--fs/9p/mux.h4
-rw-r--r--fs/9p/vfs_file.c13
-rw-r--r--fs/9p/vfs_inode.c19
-rw-r--r--fs/Kconfig38
-rw-r--r--fs/Makefile2
-rw-r--r--fs/affs/namei.c3
-rw-r--r--fs/autofs4/autofs_i.h5
-rw-r--r--fs/autofs4/root.c10
-rw-r--r--fs/autofs4/waitq.c77
-rw-r--r--fs/binfmt_flat.c30
-rw-r--r--fs/bio.c8
-rw-r--r--fs/block_dev.c2
-rw-r--r--fs/cifs/CHANGES13
-rw-r--r--fs/cifs/README8
-rw-r--r--fs/cifs/cifsfs.c99
-rw-r--r--fs/cifs/cifsfs.h2
-rw-r--r--fs/cifs/cifsproto.h2
-rw-r--r--fs/cifs/cifssmb.c42
-rw-r--r--fs/cifs/connect.c103
-rw-r--r--fs/cifs/dir.c18
-rw-r--r--fs/cifs/fcntl.c2
-rw-r--r--fs/cifs/file.c44
-rw-r--r--fs/cifs/inode.c6
-rw-r--r--fs/cifs/link.c6
-rw-r--r--fs/cifs/ntlmssp.c14
-rw-r--r--fs/cifs/readdir.c45
-rw-r--r--fs/cifs/xattr.c8
-rw-r--r--fs/compat.c195
-rw-r--r--fs/configfs/dir.c137
-rw-r--r--fs/debugfs/inode.c3
-rw-r--r--fs/exportfs/expfs.c2
-rw-r--r--fs/ext3/inode.c13
-rw-r--r--fs/ext3/ioctl.c18
-rw-r--r--fs/ext3/resize.c3
-rw-r--r--fs/fuse/dev.c35
-rw-r--r--fs/fuse/fuse_i.h12
-rw-r--r--fs/fuse/inode.c40
-rw-r--r--fs/inotify.c9
-rw-r--r--fs/jffs/intrep.c15
-rw-r--r--fs/jffs2/Makefile3
-rw-r--r--fs/jffs2/README.Locking21
-rw-r--r--fs/jffs2/acl.c485
-rw-r--r--fs/jffs2/acl.h45
-rw-r--r--fs/jffs2/build.c2
-rw-r--r--fs/jffs2/compr.c2
-rw-r--r--fs/jffs2/compr.h4
-rw-r--r--fs/jffs2/debug.c14
-rw-r--r--fs/jffs2/debug.h6
-rw-r--r--fs/jffs2/dir.c121
-rw-r--r--fs/jffs2/erase.c56
-rw-r--r--fs/jffs2/file.c35
-rw-r--r--fs/jffs2/fs.c63
-rw-r--r--fs/jffs2/gc.c131
-rw-r--r--fs/jffs2/histo.h3
-rw-r--r--fs/jffs2/jffs2_fs_i.h55
-rw-r--r--fs/jffs2/jffs2_fs_sb.h133
-rw-r--r--fs/jffs2/malloc.c127
-rw-r--r--fs/jffs2/nodelist.c181
-rw-r--r--fs/jffs2/nodelist.h189
-rw-r--r--fs/jffs2/nodemgmt.c196
-rw-r--r--fs/jffs2/os-linux.h23
-rw-r--r--fs/jffs2/readinode.c119
-rw-r--r--fs/jffs2/scan.c442
-rw-r--r--fs/jffs2/security.c82
-rw-r--r--fs/jffs2/summary.c484
-rw-r--r--fs/jffs2/summary.h64
-rw-r--r--fs/jffs2/super.c20
-rw-r--r--fs/jffs2/symlink.c7
-rw-r--r--fs/jffs2/wbuf.c968
-rw-r--r--fs/jffs2/write.c147
-rw-r--r--fs/jffs2/xattr.c1238
-rw-r--r--fs/jffs2/xattr.h116
-rw-r--r--fs/jffs2/xattr_trusted.c52
-rw-r--r--fs/jffs2/xattr_user.c52
-rw-r--r--fs/jfs/jfs_metapage.c20
-rw-r--r--fs/locks.c23
-rw-r--r--fs/namei.c19
-rw-r--r--fs/namespace.c7
-rw-r--r--fs/nfsd/export.c4
-rw-r--r--fs/nfsd/vfs.c7
-rw-r--r--fs/ocfs2/aops.c46
-rw-r--r--fs/ocfs2/aops.h4
-rw-r--r--fs/ocfs2/extent_map.c6
-rw-r--r--fs/ocfs2/file.c86
-rw-r--r--fs/ocfs2/journal.c8
-rw-r--r--fs/ocfs2/uptodate.c4
-rw-r--r--fs/ocfs2/vote.c6
-rw-r--r--fs/open.c1
-rw-r--r--fs/partitions/check.c3
-rw-r--r--fs/pipe.c190
-rw-r--r--fs/reiserfs/xattr_acl.c5
-rw-r--r--fs/smbfs/dir.c5
-rw-r--r--fs/smbfs/request.c4
-rw-r--r--fs/splice.c581
-rw-r--r--fs/stat.c2
-rw-r--r--fs/xfs/xfs_alloc.c5
-rw-r--r--fs/xfs/xfs_rename.c12
-rw-r--r--fs/xfs/xfs_vfsops.c27
-rw-r--r--fs/xfs/xfs_vnodeops.c2
101 files changed, 5944 insertions, 2167 deletions
diff --git a/fs/9p/fcall.c b/fs/9p/fcall.c
index 71742ba150c4..6f2617820a4e 100644
--- a/fs/9p/fcall.c
+++ b/fs/9p/fcall.c
@@ -98,23 +98,20 @@ v9fs_t_attach(struct v9fs_session_info *v9ses, char *uname, char *aname,
98static void v9fs_t_clunk_cb(void *a, struct v9fs_fcall *tc, 98static void v9fs_t_clunk_cb(void *a, struct v9fs_fcall *tc,
99 struct v9fs_fcall *rc, int err) 99 struct v9fs_fcall *rc, int err)
100{ 100{
101 int fid; 101 int fid, id;
102 struct v9fs_session_info *v9ses; 102 struct v9fs_session_info *v9ses;
103 103
104 if (err) 104 id = 0;
105 return;
106
107 fid = tc->params.tclunk.fid; 105 fid = tc->params.tclunk.fid;
108 kfree(tc); 106 if (rc)
109 107 id = rc->id;
110 if (!rc)
111 return;
112
113 v9ses = a;
114 if (rc->id == RCLUNK)
115 v9fs_put_idpool(fid, &v9ses->fidpool);
116 108
109 kfree(tc);
117 kfree(rc); 110 kfree(rc);
111 if (id == RCLUNK) {
112 v9ses = a;
113 v9fs_put_idpool(fid, &v9ses->fidpool);
114 }
118} 115}
119 116
120/** 117/**
diff --git a/fs/9p/mux.c b/fs/9p/mux.c
index 3e5b124a7212..f4407eb276c7 100644
--- a/fs/9p/mux.c
+++ b/fs/9p/mux.c
@@ -50,15 +50,23 @@ enum {
50 Wpending = 8, /* can write */ 50 Wpending = 8, /* can write */
51}; 51};
52 52
53enum {
54 None,
55 Flushing,
56 Flushed,
57};
58
53struct v9fs_mux_poll_task; 59struct v9fs_mux_poll_task;
54 60
55struct v9fs_req { 61struct v9fs_req {
62 spinlock_t lock;
56 int tag; 63 int tag;
57 struct v9fs_fcall *tcall; 64 struct v9fs_fcall *tcall;
58 struct v9fs_fcall *rcall; 65 struct v9fs_fcall *rcall;
59 int err; 66 int err;
60 v9fs_mux_req_callback cb; 67 v9fs_mux_req_callback cb;
61 void *cba; 68 void *cba;
69 int flush;
62 struct list_head req_list; 70 struct list_head req_list;
63}; 71};
64 72
@@ -96,8 +104,8 @@ struct v9fs_mux_poll_task {
96 104
97struct v9fs_mux_rpc { 105struct v9fs_mux_rpc {
98 struct v9fs_mux_data *m; 106 struct v9fs_mux_data *m;
99 struct v9fs_req *req;
100 int err; 107 int err;
108 struct v9fs_fcall *tcall;
101 struct v9fs_fcall *rcall; 109 struct v9fs_fcall *rcall;
102 wait_queue_head_t wqueue; 110 wait_queue_head_t wqueue;
103}; 111};
@@ -524,10 +532,9 @@ again:
524 532
525static void process_request(struct v9fs_mux_data *m, struct v9fs_req *req) 533static void process_request(struct v9fs_mux_data *m, struct v9fs_req *req)
526{ 534{
527 int ecode, tag; 535 int ecode;
528 struct v9fs_str *ename; 536 struct v9fs_str *ename;
529 537
530 tag = req->tag;
531 if (!req->err && req->rcall->id == RERROR) { 538 if (!req->err && req->rcall->id == RERROR) {
532 ecode = req->rcall->params.rerror.errno; 539 ecode = req->rcall->params.rerror.errno;
533 ename = &req->rcall->params.rerror.error; 540 ename = &req->rcall->params.rerror.error;
@@ -553,23 +560,6 @@ static void process_request(struct v9fs_mux_data *m, struct v9fs_req *req)
553 if (!req->err) 560 if (!req->err)
554 req->err = -EIO; 561 req->err = -EIO;
555 } 562 }
556
557 if (req->err == ERREQFLUSH)
558 return;
559
560 if (req->cb) {
561 dprintk(DEBUG_MUX, "calling callback tcall %p rcall %p\n",
562 req->tcall, req->rcall);
563
564 (*req->cb) (req->cba, req->tcall, req->rcall, req->err);
565 req->cb = NULL;
566 } else
567 kfree(req->rcall);
568
569 v9fs_mux_put_tag(m, tag);
570
571 wake_up(&m->equeue);
572 kfree(req);
573} 563}
574 564
575/** 565/**
@@ -669,17 +659,26 @@ static void v9fs_read_work(void *a)
669 list_for_each_entry_safe(rreq, rptr, &m->req_list, req_list) { 659 list_for_each_entry_safe(rreq, rptr, &m->req_list, req_list) {
670 if (rreq->tag == rcall->tag) { 660 if (rreq->tag == rcall->tag) {
671 req = rreq; 661 req = rreq;
672 req->rcall = rcall; 662 if (req->flush != Flushing)
673 list_del(&req->req_list); 663 list_del(&req->req_list);
674 spin_unlock(&m->lock);
675 process_request(m, req);
676 break; 664 break;
677 } 665 }
678
679 } 666 }
667 spin_unlock(&m->lock);
680 668
681 if (!req) { 669 if (req) {
682 spin_unlock(&m->lock); 670 req->rcall = rcall;
671 process_request(m, req);
672
673 if (req->flush != Flushing) {
674 if (req->cb)
675 (*req->cb) (req, req->cba);
676 else
677 kfree(req->rcall);
678
679 wake_up(&m->equeue);
680 }
681 } else {
683 if (err >= 0 && rcall->id != RFLUSH) 682 if (err >= 0 && rcall->id != RFLUSH)
684 dprintk(DEBUG_ERROR, 683 dprintk(DEBUG_ERROR,
685 "unexpected response mux %p id %d tag %d\n", 684 "unexpected response mux %p id %d tag %d\n",
@@ -746,7 +745,6 @@ static struct v9fs_req *v9fs_send_request(struct v9fs_mux_data *m,
746 return ERR_PTR(-ENOMEM); 745 return ERR_PTR(-ENOMEM);
747 746
748 v9fs_set_tag(tc, n); 747 v9fs_set_tag(tc, n);
749
750 if ((v9fs_debug_level&DEBUG_FCALL) == DEBUG_FCALL) { 748 if ((v9fs_debug_level&DEBUG_FCALL) == DEBUG_FCALL) {
751 char buf[150]; 749 char buf[150];
752 750
@@ -754,12 +752,14 @@ static struct v9fs_req *v9fs_send_request(struct v9fs_mux_data *m,
754 printk(KERN_NOTICE "<<< %p %s\n", m, buf); 752 printk(KERN_NOTICE "<<< %p %s\n", m, buf);
755 } 753 }
756 754
755 spin_lock_init(&req->lock);
757 req->tag = n; 756 req->tag = n;
758 req->tcall = tc; 757 req->tcall = tc;
759 req->rcall = NULL; 758 req->rcall = NULL;
760 req->err = 0; 759 req->err = 0;
761 req->cb = cb; 760 req->cb = cb;
762 req->cba = cba; 761 req->cba = cba;
762 req->flush = None;
763 763
764 spin_lock(&m->lock); 764 spin_lock(&m->lock);
765 list_add_tail(&req->req_list, &m->unsent_req_list); 765 list_add_tail(&req->req_list, &m->unsent_req_list);
@@ -776,72 +776,108 @@ static struct v9fs_req *v9fs_send_request(struct v9fs_mux_data *m,
776 return req; 776 return req;
777} 777}
778 778
779static void v9fs_mux_flush_cb(void *a, struct v9fs_fcall *tc, 779static void v9fs_mux_free_request(struct v9fs_mux_data *m, struct v9fs_req *req)
780 struct v9fs_fcall *rc, int err) 780{
781 v9fs_mux_put_tag(m, req->tag);
782 kfree(req);
783}
784
785static void v9fs_mux_flush_cb(struct v9fs_req *freq, void *a)
781{ 786{
782 v9fs_mux_req_callback cb; 787 v9fs_mux_req_callback cb;
783 int tag; 788 int tag;
784 struct v9fs_mux_data *m; 789 struct v9fs_mux_data *m;
785 struct v9fs_req *req, *rptr; 790 struct v9fs_req *req, *rreq, *rptr;
786 791
787 m = a; 792 m = a;
788 dprintk(DEBUG_MUX, "mux %p tc %p rc %p err %d oldtag %d\n", m, tc, 793 dprintk(DEBUG_MUX, "mux %p tc %p rc %p err %d oldtag %d\n", m,
789 rc, err, tc->params.tflush.oldtag); 794 freq->tcall, freq->rcall, freq->err,
795 freq->tcall->params.tflush.oldtag);
790 796
791 spin_lock(&m->lock); 797 spin_lock(&m->lock);
792 cb = NULL; 798 cb = NULL;
793 tag = tc->params.tflush.oldtag; 799 tag = freq->tcall->params.tflush.oldtag;
794 list_for_each_entry_safe(req, rptr, &m->req_list, req_list) { 800 req = NULL;
795 if (req->tag == tag) { 801 list_for_each_entry_safe(rreq, rptr, &m->req_list, req_list) {
802 if (rreq->tag == tag) {
803 req = rreq;
796 list_del(&req->req_list); 804 list_del(&req->req_list);
797 if (req->cb) {
798 cb = req->cb;
799 req->cb = NULL;
800 spin_unlock(&m->lock);
801 (*cb) (req->cba, req->tcall, req->rcall,
802 req->err);
803 }
804 kfree(req);
805 wake_up(&m->equeue);
806 break; 805 break;
807 } 806 }
808 } 807 }
808 spin_unlock(&m->lock);
809 809
810 if (!cb) 810 if (req) {
811 spin_unlock(&m->lock); 811 spin_lock(&req->lock);
812 req->flush = Flushed;
813 spin_unlock(&req->lock);
814
815 if (req->cb)
816 (*req->cb) (req, req->cba);
817 else
818 kfree(req->rcall);
819
820 wake_up(&m->equeue);
821 }
812 822
813 v9fs_mux_put_tag(m, tag); 823 kfree(freq->tcall);
814 kfree(tc); 824 kfree(freq->rcall);
815 kfree(rc); 825 v9fs_mux_free_request(m, freq);
816} 826}
817 827
818static void 828static int
819v9fs_mux_flush_request(struct v9fs_mux_data *m, struct v9fs_req *req) 829v9fs_mux_flush_request(struct v9fs_mux_data *m, struct v9fs_req *req)
820{ 830{
821 struct v9fs_fcall *fc; 831 struct v9fs_fcall *fc;
832 struct v9fs_req *rreq, *rptr;
822 833
823 dprintk(DEBUG_MUX, "mux %p req %p tag %d\n", m, req, req->tag); 834 dprintk(DEBUG_MUX, "mux %p req %p tag %d\n", m, req, req->tag);
824 835
836 /* if a response was received for a request, do nothing */
837 spin_lock(&req->lock);
838 if (req->rcall || req->err) {
839 spin_unlock(&req->lock);
840 dprintk(DEBUG_MUX, "mux %p req %p response already received\n", m, req);
841 return 0;
842 }
843
844 req->flush = Flushing;
845 spin_unlock(&req->lock);
846
847 spin_lock(&m->lock);
848 /* if the request is not sent yet, just remove it from the list */
849 list_for_each_entry_safe(rreq, rptr, &m->unsent_req_list, req_list) {
850 if (rreq->tag == req->tag) {
851 dprintk(DEBUG_MUX, "mux %p req %p request is not sent yet\n", m, req);
852 list_del(&rreq->req_list);
853 req->flush = Flushed;
854 spin_unlock(&m->lock);
855 if (req->cb)
856 (*req->cb) (req, req->cba);
857 return 0;
858 }
859 }
860 spin_unlock(&m->lock);
861
862 clear_thread_flag(TIF_SIGPENDING);
825 fc = v9fs_create_tflush(req->tag); 863 fc = v9fs_create_tflush(req->tag);
826 v9fs_send_request(m, fc, v9fs_mux_flush_cb, m); 864 v9fs_send_request(m, fc, v9fs_mux_flush_cb, m);
865 return 1;
827} 866}
828 867
829static void 868static void
830v9fs_mux_rpc_cb(void *a, struct v9fs_fcall *tc, struct v9fs_fcall *rc, int err) 869v9fs_mux_rpc_cb(struct v9fs_req *req, void *a)
831{ 870{
832 struct v9fs_mux_rpc *r; 871 struct v9fs_mux_rpc *r;
833 872
834 if (err == ERREQFLUSH) { 873 dprintk(DEBUG_MUX, "req %p r %p\n", req, a);
835 kfree(rc);
836 dprintk(DEBUG_MUX, "err req flush\n");
837 return;
838 }
839
840 r = a; 874 r = a;
841 dprintk(DEBUG_MUX, "mux %p req %p tc %p rc %p err %d\n", r->m, r->req, 875 r->rcall = req->rcall;
842 tc, rc, err); 876 r->err = req->err;
843 r->rcall = rc; 877
844 r->err = err; 878 if (req->flush!=None && !req->err)
879 r->err = -ERESTARTSYS;
880
845 wake_up(&r->wqueue); 881 wake_up(&r->wqueue);
846} 882}
847 883
@@ -856,12 +892,13 @@ int
856v9fs_mux_rpc(struct v9fs_mux_data *m, struct v9fs_fcall *tc, 892v9fs_mux_rpc(struct v9fs_mux_data *m, struct v9fs_fcall *tc,
857 struct v9fs_fcall **rc) 893 struct v9fs_fcall **rc)
858{ 894{
859 int err; 895 int err, sigpending;
860 unsigned long flags; 896 unsigned long flags;
861 struct v9fs_req *req; 897 struct v9fs_req *req;
862 struct v9fs_mux_rpc r; 898 struct v9fs_mux_rpc r;
863 899
864 r.err = 0; 900 r.err = 0;
901 r.tcall = tc;
865 r.rcall = NULL; 902 r.rcall = NULL;
866 r.m = m; 903 r.m = m;
867 init_waitqueue_head(&r.wqueue); 904 init_waitqueue_head(&r.wqueue);
@@ -869,48 +906,50 @@ v9fs_mux_rpc(struct v9fs_mux_data *m, struct v9fs_fcall *tc,
869 if (rc) 906 if (rc)
870 *rc = NULL; 907 *rc = NULL;
871 908
909 sigpending = 0;
910 if (signal_pending(current)) {
911 sigpending = 1;
912 clear_thread_flag(TIF_SIGPENDING);
913 }
914
872 req = v9fs_send_request(m, tc, v9fs_mux_rpc_cb, &r); 915 req = v9fs_send_request(m, tc, v9fs_mux_rpc_cb, &r);
873 if (IS_ERR(req)) { 916 if (IS_ERR(req)) {
874 err = PTR_ERR(req); 917 err = PTR_ERR(req);
875 dprintk(DEBUG_MUX, "error %d\n", err); 918 dprintk(DEBUG_MUX, "error %d\n", err);
876 return PTR_ERR(req); 919 return err;
877 } 920 }
878 921
879 r.req = req;
880 dprintk(DEBUG_MUX, "mux %p tc %p tag %d rpc %p req %p\n", m, tc,
881 req->tag, &r, req);
882 err = wait_event_interruptible(r.wqueue, r.rcall != NULL || r.err < 0); 922 err = wait_event_interruptible(r.wqueue, r.rcall != NULL || r.err < 0);
883 if (r.err < 0) 923 if (r.err < 0)
884 err = r.err; 924 err = r.err;
885 925
886 if (err == -ERESTARTSYS && m->trans->status == Connected && m->err == 0) { 926 if (err == -ERESTARTSYS && m->trans->status == Connected && m->err == 0) {
887 spin_lock(&m->lock); 927 if (v9fs_mux_flush_request(m, req)) {
888 req->tcall = NULL; 928 /* wait until we get response of the flush message */
889 req->err = ERREQFLUSH; 929 do {
890 spin_unlock(&m->lock); 930 clear_thread_flag(TIF_SIGPENDING);
931 err = wait_event_interruptible(r.wqueue,
932 r.rcall || r.err);
933 } while (!r.rcall && !r.err && err==-ERESTARTSYS &&
934 m->trans->status==Connected && !m->err);
935 }
936 sigpending = 1;
937 }
891 938
892 clear_thread_flag(TIF_SIGPENDING); 939 if (sigpending) {
893 v9fs_mux_flush_request(m, req);
894 spin_lock_irqsave(&current->sighand->siglock, flags); 940 spin_lock_irqsave(&current->sighand->siglock, flags);
895 recalc_sigpending(); 941 recalc_sigpending();
896 spin_unlock_irqrestore(&current->sighand->siglock, flags); 942 spin_unlock_irqrestore(&current->sighand->siglock, flags);
897 } 943 }
898 944
899 if (!err) { 945 if (rc)
900 if (r.rcall) 946 *rc = r.rcall;
901 dprintk(DEBUG_MUX, "got response id %d tag %d\n", 947 else
902 r.rcall->id, r.rcall->tag);
903
904 if (rc)
905 *rc = r.rcall;
906 else
907 kfree(r.rcall);
908 } else {
909 kfree(r.rcall); 948 kfree(r.rcall);
910 dprintk(DEBUG_MUX, "got error %d\n", err); 949
911 if (err > 0) 950 v9fs_mux_free_request(m, req);
912 err = -EIO; 951 if (err > 0)
913 } 952 err = -EIO;
914 953
915 return err; 954 return err;
916} 955}
@@ -951,12 +990,15 @@ void v9fs_mux_cancel(struct v9fs_mux_data *m, int err)
951 struct v9fs_req *req, *rtmp; 990 struct v9fs_req *req, *rtmp;
952 LIST_HEAD(cancel_list); 991 LIST_HEAD(cancel_list);
953 992
954 dprintk(DEBUG_MUX, "mux %p err %d\n", m, err); 993 dprintk(DEBUG_ERROR, "mux %p err %d\n", m, err);
955 m->err = err; 994 m->err = err;
956 spin_lock(&m->lock); 995 spin_lock(&m->lock);
957 list_for_each_entry_safe(req, rtmp, &m->req_list, req_list) { 996 list_for_each_entry_safe(req, rtmp, &m->req_list, req_list) {
958 list_move(&req->req_list, &cancel_list); 997 list_move(&req->req_list, &cancel_list);
959 } 998 }
999 list_for_each_entry_safe(req, rtmp, &m->unsent_req_list, req_list) {
1000 list_move(&req->req_list, &cancel_list);
1001 }
960 spin_unlock(&m->lock); 1002 spin_unlock(&m->lock);
961 1003
962 list_for_each_entry_safe(req, rtmp, &cancel_list, req_list) { 1004 list_for_each_entry_safe(req, rtmp, &cancel_list, req_list) {
@@ -965,11 +1007,9 @@ void v9fs_mux_cancel(struct v9fs_mux_data *m, int err)
965 req->err = err; 1007 req->err = err;
966 1008
967 if (req->cb) 1009 if (req->cb)
968 (*req->cb) (req->cba, req->tcall, req->rcall, req->err); 1010 (*req->cb) (req, req->cba);
969 else 1011 else
970 kfree(req->rcall); 1012 kfree(req->rcall);
971
972 kfree(req);
973 } 1013 }
974 1014
975 wake_up(&m->equeue); 1015 wake_up(&m->equeue);
diff --git a/fs/9p/mux.h b/fs/9p/mux.h
index e90bfd32ea42..fb10c50186a1 100644
--- a/fs/9p/mux.h
+++ b/fs/9p/mux.h
@@ -24,6 +24,7 @@
24 */ 24 */
25 25
26struct v9fs_mux_data; 26struct v9fs_mux_data;
27struct v9fs_req;
27 28
28/** 29/**
29 * v9fs_mux_req_callback - callback function that is called when the 30 * v9fs_mux_req_callback - callback function that is called when the
@@ -36,8 +37,7 @@ struct v9fs_mux_data;
36 * @rc - response call 37 * @rc - response call
37 * @err - error code (non-zero if error occured) 38 * @err - error code (non-zero if error occured)
38 */ 39 */
39typedef void (*v9fs_mux_req_callback)(void *a, struct v9fs_fcall *tc, 40typedef void (*v9fs_mux_req_callback)(struct v9fs_req *req, void *a);
40 struct v9fs_fcall *rc, int err);
41 41
42int v9fs_mux_global_init(void); 42int v9fs_mux_global_init(void);
43void v9fs_mux_global_exit(void); 43void v9fs_mux_global_exit(void);
diff --git a/fs/9p/vfs_file.c b/fs/9p/vfs_file.c
index 083dcfcd158e..1a8e46084f0e 100644
--- a/fs/9p/vfs_file.c
+++ b/fs/9p/vfs_file.c
@@ -72,11 +72,17 @@ int v9fs_file_open(struct inode *inode, struct file *file)
72 return -ENOSPC; 72 return -ENOSPC;
73 } 73 }
74 74
75 err = v9fs_t_walk(v9ses, vfid->fid, fid, NULL, NULL); 75 err = v9fs_t_walk(v9ses, vfid->fid, fid, NULL, &fcall);
76 if (err < 0) { 76 if (err < 0) {
77 dprintk(DEBUG_ERROR, "rewalk didn't work\n"); 77 dprintk(DEBUG_ERROR, "rewalk didn't work\n");
78 goto put_fid; 78 if (fcall && fcall->id == RWALK)
79 goto clunk_fid;
80 else {
81 v9fs_put_idpool(fid, &v9ses->fidpool);
82 goto free_fcall;
83 }
79 } 84 }
85 kfree(fcall);
80 86
81 /* TODO: do special things for O_EXCL, O_NOFOLLOW, O_SYNC */ 87 /* TODO: do special things for O_EXCL, O_NOFOLLOW, O_SYNC */
82 /* translate open mode appropriately */ 88 /* translate open mode appropriately */
@@ -109,8 +115,7 @@ int v9fs_file_open(struct inode *inode, struct file *file)
109clunk_fid: 115clunk_fid:
110 v9fs_t_clunk(v9ses, fid); 116 v9fs_t_clunk(v9ses, fid);
111 117
112put_fid: 118free_fcall:
113 v9fs_put_idpool(fid, &v9ses->fidpool);
114 kfree(fcall); 119 kfree(fcall);
115 120
116 return err; 121 return err;
diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c
index 133db366d306..2cb87ba4b1c1 100644
--- a/fs/9p/vfs_inode.c
+++ b/fs/9p/vfs_inode.c
@@ -270,7 +270,10 @@ v9fs_create(struct v9fs_session_info *v9ses, u32 pfid, char *name, u32 perm,
270 err = v9fs_t_walk(v9ses, pfid, fid, NULL, &fcall); 270 err = v9fs_t_walk(v9ses, pfid, fid, NULL, &fcall);
271 if (err < 0) { 271 if (err < 0) {
272 PRINT_FCALL_ERROR("clone error", fcall); 272 PRINT_FCALL_ERROR("clone error", fcall);
273 goto put_fid; 273 if (fcall && fcall->id == RWALK)
274 goto clunk_fid;
275 else
276 goto put_fid;
274 } 277 }
275 kfree(fcall); 278 kfree(fcall);
276 279
@@ -322,6 +325,9 @@ v9fs_clone_walk(struct v9fs_session_info *v9ses, u32 fid, struct dentry *dentry)
322 &fcall); 325 &fcall);
323 326
324 if (err < 0) { 327 if (err < 0) {
328 if (fcall && fcall->id == RWALK)
329 goto clunk_fid;
330
325 PRINT_FCALL_ERROR("walk error", fcall); 331 PRINT_FCALL_ERROR("walk error", fcall);
326 v9fs_put_idpool(nfid, &v9ses->fidpool); 332 v9fs_put_idpool(nfid, &v9ses->fidpool);
327 goto error; 333 goto error;
@@ -640,19 +646,26 @@ static struct dentry *v9fs_vfs_lookup(struct inode *dir, struct dentry *dentry,
640 } 646 }
641 647
642 result = v9fs_t_walk(v9ses, dirfidnum, newfid, 648 result = v9fs_t_walk(v9ses, dirfidnum, newfid,
643 (char *)dentry->d_name.name, NULL); 649 (char *)dentry->d_name.name, &fcall);
650
644 if (result < 0) { 651 if (result < 0) {
645 v9fs_put_idpool(newfid, &v9ses->fidpool); 652 if (fcall && fcall->id == RWALK)
653 v9fs_t_clunk(v9ses, newfid);
654 else
655 v9fs_put_idpool(newfid, &v9ses->fidpool);
656
646 if (result == -ENOENT) { 657 if (result == -ENOENT) {
647 d_add(dentry, NULL); 658 d_add(dentry, NULL);
648 dprintk(DEBUG_VFS, 659 dprintk(DEBUG_VFS,
649 "Return negative dentry %p count %d\n", 660 "Return negative dentry %p count %d\n",
650 dentry, atomic_read(&dentry->d_count)); 661 dentry, atomic_read(&dentry->d_count));
662 kfree(fcall);
651 return NULL; 663 return NULL;
652 } 664 }
653 dprintk(DEBUG_ERROR, "walk error:%d\n", result); 665 dprintk(DEBUG_ERROR, "walk error:%d\n", result);
654 goto FreeFcall; 666 goto FreeFcall;
655 } 667 }
668 kfree(fcall);
656 669
657 result = v9fs_t_stat(v9ses, newfid, &fcall); 670 result = v9fs_t_stat(v9ses, newfid, &fcall);
658 if (result < 0) { 671 if (result < 0) {
diff --git a/fs/Kconfig b/fs/Kconfig
index f9b5842c8d2d..572cc435a1bb 100644
--- a/fs/Kconfig
+++ b/fs/Kconfig
@@ -1101,6 +1101,44 @@ config JFFS2_SUMMARY
1101 1101
1102 If unsure, say 'N'. 1102 If unsure, say 'N'.
1103 1103
1104config JFFS2_FS_XATTR
1105 bool "JFFS2 XATTR support (EXPERIMENTAL)"
1106 depends on JFFS2_FS && EXPERIMENTAL && !JFFS2_FS_WRITEBUFFER
1107 default n
1108 help
1109 Extended attributes are name:value pairs associated with inodes by
1110 the kernel or by users (see the attr(5) manual page, or visit
1111 <http://acl.bestbits.at/> for details).
1112
1113 If unsure, say N.
1114
1115config JFFS2_FS_POSIX_ACL
1116 bool "JFFS2 POSIX Access Control Lists"
1117 depends on JFFS2_FS_XATTR
1118 default y
1119 select FS_POSIX_ACL
1120 help
1121 Posix Access Control Lists (ACLs) support permissions for users and
1122 groups beyond the owner/group/world scheme.
1123
1124 To learn more about Access Control Lists, visit the Posix ACLs for
1125 Linux website <http://acl.bestbits.at/>.
1126
1127 If you don't know what Access Control Lists are, say N
1128
1129config JFFS2_FS_SECURITY
1130 bool "JFFS2 Security Labels"
1131 depends on JFFS2_FS_XATTR
1132 default y
1133 help
1134 Security labels support alternative access control models
1135 implemented by security modules like SELinux. This option
1136 enables an extended attribute handler for file security
1137 labels in the jffs2 filesystem.
1138
1139 If you are not using a security module that requires using
1140 extended attributes for file security labels, say N.
1141
1104config JFFS2_COMPRESSION_OPTIONS 1142config JFFS2_COMPRESSION_OPTIONS
1105 bool "Advanced compression options for JFFS2" 1143 bool "Advanced compression options for JFFS2"
1106 depends on JFFS2_FS 1144 depends on JFFS2_FS
diff --git a/fs/Makefile b/fs/Makefile
index 83bf478e786b..078d3d1191a5 100644
--- a/fs/Makefile
+++ b/fs/Makefile
@@ -45,6 +45,7 @@ obj-$(CONFIG_DNOTIFY) += dnotify.o
45obj-$(CONFIG_PROC_FS) += proc/ 45obj-$(CONFIG_PROC_FS) += proc/
46obj-y += partitions/ 46obj-y += partitions/
47obj-$(CONFIG_SYSFS) += sysfs/ 47obj-$(CONFIG_SYSFS) += sysfs/
48obj-$(CONFIG_CONFIGFS_FS) += configfs/
48obj-y += devpts/ 49obj-y += devpts/
49 50
50obj-$(CONFIG_PROFILING) += dcookies.o 51obj-$(CONFIG_PROFILING) += dcookies.o
@@ -100,5 +101,4 @@ obj-$(CONFIG_BEFS_FS) += befs/
100obj-$(CONFIG_HOSTFS) += hostfs/ 101obj-$(CONFIG_HOSTFS) += hostfs/
101obj-$(CONFIG_HPPFS) += hppfs/ 102obj-$(CONFIG_HPPFS) += hppfs/
102obj-$(CONFIG_DEBUG_FS) += debugfs/ 103obj-$(CONFIG_DEBUG_FS) += debugfs/
103obj-$(CONFIG_CONFIGFS_FS) += configfs/
104obj-$(CONFIG_OCFS2_FS) += ocfs2/ 104obj-$(CONFIG_OCFS2_FS) += ocfs2/
diff --git a/fs/affs/namei.c b/fs/affs/namei.c
index d4c2d636c479..a42143ca0169 100644
--- a/fs/affs/namei.c
+++ b/fs/affs/namei.c
@@ -416,10 +416,9 @@ affs_rename(struct inode *old_dir, struct dentry *old_dentry,
416 return retval; 416 return retval;
417 } 417 }
418 418
419 retval = -EIO;
420 bh = affs_bread(sb, old_dentry->d_inode->i_ino); 419 bh = affs_bread(sb, old_dentry->d_inode->i_ino);
421 if (!bh) 420 if (!bh)
422 goto done; 421 return -EIO;
423 422
424 /* Remove header from its parent directory. */ 423 /* Remove header from its parent directory. */
425 affs_lock_dir(old_dir); 424 affs_lock_dir(old_dir);
diff --git a/fs/autofs4/autofs_i.h b/fs/autofs4/autofs_i.h
index 57c4903614e5..d6603d02304c 100644
--- a/fs/autofs4/autofs_i.h
+++ b/fs/autofs4/autofs_i.h
@@ -74,8 +74,8 @@ struct autofs_wait_queue {
74 struct autofs_wait_queue *next; 74 struct autofs_wait_queue *next;
75 autofs_wqt_t wait_queue_token; 75 autofs_wqt_t wait_queue_token;
76 /* We use the following to see what we are waiting for */ 76 /* We use the following to see what we are waiting for */
77 int hash; 77 unsigned int hash;
78 int len; 78 unsigned int len;
79 char *name; 79 char *name;
80 u32 dev; 80 u32 dev;
81 u64 ino; 81 u64 ino;
@@ -85,7 +85,6 @@ struct autofs_wait_queue {
85 pid_t tgid; 85 pid_t tgid;
86 /* This is for status reporting upon return */ 86 /* This is for status reporting upon return */
87 int status; 87 int status;
88 atomic_t notify;
89 atomic_t wait_ctr; 88 atomic_t wait_ctr;
90}; 89};
91 90
diff --git a/fs/autofs4/root.c b/fs/autofs4/root.c
index 84e030c8ddd0..5100f984783f 100644
--- a/fs/autofs4/root.c
+++ b/fs/autofs4/root.c
@@ -327,6 +327,7 @@ static int try_to_fill_dentry(struct dentry *dentry, int flags)
327static void *autofs4_follow_link(struct dentry *dentry, struct nameidata *nd) 327static void *autofs4_follow_link(struct dentry *dentry, struct nameidata *nd)
328{ 328{
329 struct autofs_sb_info *sbi = autofs4_sbi(dentry->d_sb); 329 struct autofs_sb_info *sbi = autofs4_sbi(dentry->d_sb);
330 struct autofs_info *ino = autofs4_dentry_ino(dentry);
330 int oz_mode = autofs4_oz_mode(sbi); 331 int oz_mode = autofs4_oz_mode(sbi);
331 unsigned int lookup_type; 332 unsigned int lookup_type;
332 int status; 333 int status;
@@ -340,13 +341,8 @@ static void *autofs4_follow_link(struct dentry *dentry, struct nameidata *nd)
340 if (oz_mode || !lookup_type) 341 if (oz_mode || !lookup_type)
341 goto done; 342 goto done;
342 343
343 /* 344 /* If an expire request is pending wait for it. */
344 * If a request is pending wait for it. 345 if (ino && (ino->flags & AUTOFS_INF_EXPIRING)) {
345 * If it's a mount then it won't be expired till at least
346 * a liitle later and if it's an expire then we might need
347 * to mount it again.
348 */
349 if (autofs4_ispending(dentry)) {
350 DPRINTK("waiting for active request %p name=%.*s", 346 DPRINTK("waiting for active request %p name=%.*s",
351 dentry, dentry->d_name.len, dentry->d_name.name); 347 dentry, dentry->d_name.len, dentry->d_name.name);
352 348
diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c
index 142ab6aa2aa1..ce103e7b0bc3 100644
--- a/fs/autofs4/waitq.c
+++ b/fs/autofs4/waitq.c
@@ -189,14 +189,30 @@ static int autofs4_getpath(struct autofs_sb_info *sbi,
189 return len; 189 return len;
190} 190}
191 191
192static struct autofs_wait_queue *
193autofs4_find_wait(struct autofs_sb_info *sbi,
194 char *name, unsigned int hash, unsigned int len)
195{
196 struct autofs_wait_queue *wq;
197
198 for (wq = sbi->queues; wq; wq = wq->next) {
199 if (wq->hash == hash &&
200 wq->len == len &&
201 wq->name && !memcmp(wq->name, name, len))
202 break;
203 }
204 return wq;
205}
206
192int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry, 207int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry,
193 enum autofs_notify notify) 208 enum autofs_notify notify)
194{ 209{
210 struct autofs_info *ino;
195 struct autofs_wait_queue *wq; 211 struct autofs_wait_queue *wq;
196 char *name; 212 char *name;
197 unsigned int len = 0; 213 unsigned int len = 0;
198 unsigned int hash = 0; 214 unsigned int hash = 0;
199 int status; 215 int status, type;
200 216
201 /* In catatonic mode, we don't wait for nobody */ 217 /* In catatonic mode, we don't wait for nobody */
202 if (sbi->catatonic) 218 if (sbi->catatonic)
@@ -223,21 +239,41 @@ int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry,
223 return -EINTR; 239 return -EINTR;
224 } 240 }
225 241
226 for (wq = sbi->queues ; wq ; wq = wq->next) { 242 wq = autofs4_find_wait(sbi, name, hash, len);
227 if (wq->hash == dentry->d_name.hash && 243 ino = autofs4_dentry_ino(dentry);
228 wq->len == len && 244 if (!wq && ino && notify == NFY_NONE) {
229 wq->name && !memcmp(wq->name, name, len)) 245 /*
230 break; 246 * Either we've betean the pending expire to post it's
231 } 247 * wait or it finished while we waited on the mutex.
248 * So we need to wait till either, the wait appears
249 * or the expire finishes.
250 */
251
252 while (ino->flags & AUTOFS_INF_EXPIRING) {
253 mutex_unlock(&sbi->wq_mutex);
254 schedule_timeout_interruptible(HZ/10);
255 if (mutex_lock_interruptible(&sbi->wq_mutex)) {
256 kfree(name);
257 return -EINTR;
258 }
259 wq = autofs4_find_wait(sbi, name, hash, len);
260 if (wq)
261 break;
262 }
232 263
233 if (!wq) { 264 /*
234 /* Can't wait for an expire if there's no mount */ 265 * Not ideal but the status has already gone. Of the two
235 if (notify == NFY_NONE && !d_mountpoint(dentry)) { 266 * cases where we wait on NFY_NONE neither depend on the
267 * return status of the wait.
268 */
269 if (!wq) {
236 kfree(name); 270 kfree(name);
237 mutex_unlock(&sbi->wq_mutex); 271 mutex_unlock(&sbi->wq_mutex);
238 return -ENOENT; 272 return 0;
239 } 273 }
274 }
240 275
276 if (!wq) {
241 /* Create a new wait queue */ 277 /* Create a new wait queue */
242 wq = kmalloc(sizeof(struct autofs_wait_queue),GFP_KERNEL); 278 wq = kmalloc(sizeof(struct autofs_wait_queue),GFP_KERNEL);
243 if (!wq) { 279 if (!wq) {
@@ -263,20 +299,7 @@ int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry,
263 wq->tgid = current->tgid; 299 wq->tgid = current->tgid;
264 wq->status = -EINTR; /* Status return if interrupted */ 300 wq->status = -EINTR; /* Status return if interrupted */
265 atomic_set(&wq->wait_ctr, 2); 301 atomic_set(&wq->wait_ctr, 2);
266 atomic_set(&wq->notify, 1);
267 mutex_unlock(&sbi->wq_mutex);
268 } else {
269 atomic_inc(&wq->wait_ctr);
270 mutex_unlock(&sbi->wq_mutex); 302 mutex_unlock(&sbi->wq_mutex);
271 kfree(name);
272 DPRINTK("existing wait id = 0x%08lx, name = %.*s, nfy=%d",
273 (unsigned long) wq->wait_queue_token, wq->len, wq->name, notify);
274 }
275
276 if (notify != NFY_NONE && atomic_read(&wq->notify)) {
277 int type;
278
279 atomic_dec(&wq->notify);
280 303
281 if (sbi->version < 5) { 304 if (sbi->version < 5) {
282 if (notify == NFY_MOUNT) 305 if (notify == NFY_MOUNT)
@@ -299,6 +322,12 @@ int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry,
299 322
300 /* autofs4_notify_daemon() may block */ 323 /* autofs4_notify_daemon() may block */
301 autofs4_notify_daemon(sbi, wq, type); 324 autofs4_notify_daemon(sbi, wq, type);
325 } else {
326 atomic_inc(&wq->wait_ctr);
327 mutex_unlock(&sbi->wq_mutex);
328 kfree(name);
329 DPRINTK("existing wait id = 0x%08lx, name = %.*s, nfy=%d",
330 (unsigned long) wq->wait_queue_token, wq->len, wq->name, notify);
302 } 331 }
303 332
304 /* wq->name is NULL if and only if the lock is already released */ 333 /* wq->name is NULL if and only if the lock is already released */
diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c
index 69f44dcdb0b4..b1c902e319c1 100644
--- a/fs/binfmt_flat.c
+++ b/fs/binfmt_flat.c
@@ -428,7 +428,6 @@ static int load_flat_file(struct linux_binprm * bprm,
428 loff_t fpos; 428 loff_t fpos;
429 unsigned long start_code, end_code; 429 unsigned long start_code, end_code;
430 int ret; 430 int ret;
431 int exec_fileno;
432 431
433 hdr = ((struct flat_hdr *) bprm->buf); /* exec-header */ 432 hdr = ((struct flat_hdr *) bprm->buf); /* exec-header */
434 inode = bprm->file->f_dentry->d_inode; 433 inode = bprm->file->f_dentry->d_inode;
@@ -502,21 +501,12 @@ static int load_flat_file(struct linux_binprm * bprm,
502 goto err; 501 goto err;
503 } 502 }
504 503
505 /* check file descriptor */
506 exec_fileno = get_unused_fd();
507 if (exec_fileno < 0) {
508 ret = -EMFILE;
509 goto err;
510 }
511 get_file(bprm->file);
512 fd_install(exec_fileno, bprm->file);
513
514 /* Flush all traces of the currently running executable */ 504 /* Flush all traces of the currently running executable */
515 if (id == 0) { 505 if (id == 0) {
516 result = flush_old_exec(bprm); 506 result = flush_old_exec(bprm);
517 if (result) { 507 if (result) {
518 ret = result; 508 ret = result;
519 goto err_close; 509 goto err;
520 } 510 }
521 511
522 /* OK, This is the point of no return */ 512 /* OK, This is the point of no return */
@@ -548,7 +538,7 @@ static int load_flat_file(struct linux_binprm * bprm,
548 textpos = (unsigned long) -ENOMEM; 538 textpos = (unsigned long) -ENOMEM;
549 printk("Unable to mmap process text, errno %d\n", (int)-textpos); 539 printk("Unable to mmap process text, errno %d\n", (int)-textpos);
550 ret = textpos; 540 ret = textpos;
551 goto err_close; 541 goto err;
552 } 542 }
553 543
554 down_write(&current->mm->mmap_sem); 544 down_write(&current->mm->mmap_sem);
@@ -564,7 +554,7 @@ static int load_flat_file(struct linux_binprm * bprm,
564 (int)-datapos); 554 (int)-datapos);
565 do_munmap(current->mm, textpos, text_len); 555 do_munmap(current->mm, textpos, text_len);
566 ret = realdatastart; 556 ret = realdatastart;
567 goto err_close; 557 goto err;
568 } 558 }
569 datapos = realdatastart + MAX_SHARED_LIBS * sizeof(unsigned long); 559 datapos = realdatastart + MAX_SHARED_LIBS * sizeof(unsigned long);
570 560
@@ -587,7 +577,7 @@ static int load_flat_file(struct linux_binprm * bprm,
587 do_munmap(current->mm, textpos, text_len); 577 do_munmap(current->mm, textpos, text_len);
588 do_munmap(current->mm, realdatastart, data_len + extra); 578 do_munmap(current->mm, realdatastart, data_len + extra);
589 ret = result; 579 ret = result;
590 goto err_close; 580 goto err;
591 } 581 }
592 582
593 reloc = (unsigned long *) (datapos+(ntohl(hdr->reloc_start)-text_len)); 583 reloc = (unsigned long *) (datapos+(ntohl(hdr->reloc_start)-text_len));
@@ -606,7 +596,7 @@ static int load_flat_file(struct linux_binprm * bprm,
606 printk("Unable to allocate RAM for process text/data, errno %d\n", 596 printk("Unable to allocate RAM for process text/data, errno %d\n",
607 (int)-textpos); 597 (int)-textpos);
608 ret = textpos; 598 ret = textpos;
609 goto err_close; 599 goto err;
610 } 600 }
611 601
612 realdatastart = textpos + ntohl(hdr->data_start); 602 realdatastart = textpos + ntohl(hdr->data_start);
@@ -652,7 +642,7 @@ static int load_flat_file(struct linux_binprm * bprm,
652 do_munmap(current->mm, textpos, text_len + data_len + extra + 642 do_munmap(current->mm, textpos, text_len + data_len + extra +
653 MAX_SHARED_LIBS * sizeof(unsigned long)); 643 MAX_SHARED_LIBS * sizeof(unsigned long));
654 ret = result; 644 ret = result;
655 goto err_close; 645 goto err;
656 } 646 }
657 } 647 }
658 648
@@ -717,7 +707,7 @@ static int load_flat_file(struct linux_binprm * bprm,
717 addr = calc_reloc(*rp, libinfo, id, 0); 707 addr = calc_reloc(*rp, libinfo, id, 0);
718 if (addr == RELOC_FAILED) { 708 if (addr == RELOC_FAILED) {
719 ret = -ENOEXEC; 709 ret = -ENOEXEC;
720 goto err_close; 710 goto err;
721 } 711 }
722 *rp = addr; 712 *rp = addr;
723 } 713 }
@@ -747,7 +737,7 @@ static int load_flat_file(struct linux_binprm * bprm,
747 rp = (unsigned long *) calc_reloc(addr, libinfo, id, 1); 737 rp = (unsigned long *) calc_reloc(addr, libinfo, id, 1);
748 if (rp == (unsigned long *)RELOC_FAILED) { 738 if (rp == (unsigned long *)RELOC_FAILED) {
749 ret = -ENOEXEC; 739 ret = -ENOEXEC;
750 goto err_close; 740 goto err;
751 } 741 }
752 742
753 /* Get the pointer's value. */ 743 /* Get the pointer's value. */
@@ -762,7 +752,7 @@ static int load_flat_file(struct linux_binprm * bprm,
762 addr = calc_reloc(addr, libinfo, id, 0); 752 addr = calc_reloc(addr, libinfo, id, 0);
763 if (addr == RELOC_FAILED) { 753 if (addr == RELOC_FAILED) {
764 ret = -ENOEXEC; 754 ret = -ENOEXEC;
765 goto err_close; 755 goto err;
766 } 756 }
767 757
768 /* Write back the relocated pointer. */ 758 /* Write back the relocated pointer. */
@@ -783,8 +773,6 @@ static int load_flat_file(struct linux_binprm * bprm,
783 stack_len); 773 stack_len);
784 774
785 return 0; 775 return 0;
786err_close:
787 sys_close(exec_fileno);
788err: 776err:
789 return ret; 777 return ret;
790} 778}
diff --git a/fs/bio.c b/fs/bio.c
index eb8fbc53f2cd..6a0b9ad8f8c9 100644
--- a/fs/bio.c
+++ b/fs/bio.c
@@ -654,9 +654,10 @@ static struct bio *__bio_map_user_iov(request_queue_t *q,
654 write_to_vm, 0, &pages[cur_page], NULL); 654 write_to_vm, 0, &pages[cur_page], NULL);
655 up_read(&current->mm->mmap_sem); 655 up_read(&current->mm->mmap_sem);
656 656
657 if (ret < local_nr_pages) 657 if (ret < local_nr_pages) {
658 ret = -EFAULT;
658 goto out_unmap; 659 goto out_unmap;
659 660 }
660 661
661 offset = uaddr & ~PAGE_MASK; 662 offset = uaddr & ~PAGE_MASK;
662 for (j = cur_page; j < page_limit; j++) { 663 for (j = cur_page; j < page_limit; j++) {
@@ -1116,6 +1117,9 @@ struct bio_pair *bio_split(struct bio *bi, mempool_t *pool, int first_sectors)
1116 bp->bio1.bi_io_vec = &bp->bv1; 1117 bp->bio1.bi_io_vec = &bp->bv1;
1117 bp->bio2.bi_io_vec = &bp->bv2; 1118 bp->bio2.bi_io_vec = &bp->bv2;
1118 1119
1120 bp->bio1.bi_max_vecs = 1;
1121 bp->bio2.bi_max_vecs = 1;
1122
1119 bp->bio1.bi_end_io = bio_pair_end_1; 1123 bp->bio1.bi_end_io = bio_pair_end_1;
1120 bp->bio2.bi_end_io = bio_pair_end_2; 1124 bp->bio2.bi_end_io = bio_pair_end_2;
1121 1125
diff --git a/fs/block_dev.c b/fs/block_dev.c
index af88c43043d5..f5958f413bd1 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -1104,6 +1104,8 @@ const struct file_operations def_blk_fops = {
1104 .readv = generic_file_readv, 1104 .readv = generic_file_readv,
1105 .writev = generic_file_write_nolock, 1105 .writev = generic_file_write_nolock,
1106 .sendfile = generic_file_sendfile, 1106 .sendfile = generic_file_sendfile,
1107 .splice_read = generic_file_splice_read,
1108 .splice_write = generic_file_splice_write,
1107}; 1109};
1108 1110
1109int ioctl_by_bdev(struct block_device *bdev, unsigned cmd, unsigned long arg) 1111int ioctl_by_bdev(struct block_device *bdev, unsigned cmd, unsigned long arg)
diff --git a/fs/cifs/CHANGES b/fs/cifs/CHANGES
index 8a2de038882e..7271bb0257f6 100644
--- a/fs/cifs/CHANGES
+++ b/fs/cifs/CHANGES
@@ -1,7 +1,18 @@
1Version 1.43
2------------
3POSIX locking to servers which support CIFS POSIX Extensions
4(disabled by default controlled by proc/fs/cifs/Experimental).
5Handle conversion of long share names (especially Asian languages)
6to Unicode during mount.
7
1Version 1.42 8Version 1.42
2------------ 9------------
3Fix slow oplock break when mounted to different servers at the same time and 10Fix slow oplock break when mounted to different servers at the same time and
4the tids match and we try to find matching fid on wrong server. 11the tids match and we try to find matching fid on wrong server. Fix read
12looping when signing required by server (2.6.16 kernel only). Fix readdir
13vs. rename race which could cause each to hang. Return . and .. even
14if server does not. Allow searches to skip first three entries and
15begin at any location. Fix oops in find_writeable_file.
5 16
6Version 1.41 17Version 1.41
7------------ 18------------
diff --git a/fs/cifs/README b/fs/cifs/README
index b2b4d0803761..0355003f4f0a 100644
--- a/fs/cifs/README
+++ b/fs/cifs/README
@@ -511,6 +511,14 @@ LinuxExtensionsEnabled If set to one then the client will attempt to
511 support and want to map the uid and gid fields 511 support and want to map the uid and gid fields
512 to values supplied at mount (rather than the 512 to values supplied at mount (rather than the
513 actual values, then set this to zero. (default 1) 513 actual values, then set this to zero. (default 1)
514Experimental When set to 1 used to enable certain experimental
515 features (currently enables multipage writes
516 when signing is enabled, the multipage write
517 performance enhancement was disabled when
518 signing turned on in case buffer was modified
519 just before it was sent, also this flag will
520 be used to use the new experimental sessionsetup
521 code).
514 522
515These experimental features and tracing can be enabled by changing flags in 523These experimental features and tracing can be enabled by changing flags in
516/proc/fs/cifs (after the cifs module has been installed or built into the 524/proc/fs/cifs (after the cifs module has been installed or built into the
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index d4b713e5affb..c262d8874ce9 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -33,6 +33,7 @@
33#include <linux/vfs.h> 33#include <linux/vfs.h>
34#include <linux/mempool.h> 34#include <linux/mempool.h>
35#include <linux/delay.h> 35#include <linux/delay.h>
36#include <linux/kthread.h>
36#include "cifsfs.h" 37#include "cifsfs.h"
37#include "cifspdu.h" 38#include "cifspdu.h"
38#define DECLARE_GLOBALS_HERE 39#define DECLARE_GLOBALS_HERE
@@ -75,9 +76,6 @@ unsigned int cifs_max_pending = CIFS_MAX_REQ;
75module_param(cifs_max_pending, int, 0); 76module_param(cifs_max_pending, int, 0);
76MODULE_PARM_DESC(cifs_max_pending,"Simultaneous requests to server. Default: 50 Range: 2 to 256"); 77MODULE_PARM_DESC(cifs_max_pending,"Simultaneous requests to server. Default: 50 Range: 2 to 256");
77 78
78static DECLARE_COMPLETION(cifs_oplock_exited);
79static DECLARE_COMPLETION(cifs_dnotify_exited);
80
81extern mempool_t *cifs_sm_req_poolp; 79extern mempool_t *cifs_sm_req_poolp;
82extern mempool_t *cifs_req_poolp; 80extern mempool_t *cifs_req_poolp;
83extern mempool_t *cifs_mid_poolp; 81extern mempool_t *cifs_mid_poolp;
@@ -841,10 +839,6 @@ static int cifs_oplock_thread(void * dummyarg)
841 __u16 netfid; 839 __u16 netfid;
842 int rc; 840 int rc;
843 841
844 daemonize("cifsoplockd");
845 allow_signal(SIGTERM);
846
847 oplockThread = current;
848 do { 842 do {
849 if (try_to_freeze()) 843 if (try_to_freeze())
850 continue; 844 continue;
@@ -900,9 +894,9 @@ static int cifs_oplock_thread(void * dummyarg)
900 set_current_state(TASK_INTERRUPTIBLE); 894 set_current_state(TASK_INTERRUPTIBLE);
901 schedule_timeout(1); /* yield in case q were corrupt */ 895 schedule_timeout(1); /* yield in case q were corrupt */
902 } 896 }
903 } while(!signal_pending(current)); 897 } while (!kthread_should_stop());
904 oplockThread = NULL; 898
905 complete_and_exit (&cifs_oplock_exited, 0); 899 return 0;
906} 900}
907 901
908static int cifs_dnotify_thread(void * dummyarg) 902static int cifs_dnotify_thread(void * dummyarg)
@@ -910,10 +904,6 @@ static int cifs_dnotify_thread(void * dummyarg)
910 struct list_head *tmp; 904 struct list_head *tmp;
911 struct cifsSesInfo *ses; 905 struct cifsSesInfo *ses;
912 906
913 daemonize("cifsdnotifyd");
914 allow_signal(SIGTERM);
915
916 dnotifyThread = current;
917 do { 907 do {
918 if(try_to_freeze()) 908 if(try_to_freeze())
919 continue; 909 continue;
@@ -931,8 +921,9 @@ static int cifs_dnotify_thread(void * dummyarg)
931 wake_up_all(&ses->server->response_q); 921 wake_up_all(&ses->server->response_q);
932 } 922 }
933 read_unlock(&GlobalSMBSeslock); 923 read_unlock(&GlobalSMBSeslock);
934 } while(!signal_pending(current)); 924 } while (!kthread_should_stop());
935 complete_and_exit (&cifs_dnotify_exited, 0); 925
926 return 0;
936} 927}
937 928
938static int __init 929static int __init
@@ -982,32 +973,48 @@ init_cifs(void)
982 } 973 }
983 974
984 rc = cifs_init_inodecache(); 975 rc = cifs_init_inodecache();
985 if (!rc) { 976 if (rc)
986 rc = cifs_init_mids(); 977 goto out_clean_proc;
987 if (!rc) { 978
988 rc = cifs_init_request_bufs(); 979 rc = cifs_init_mids();
989 if (!rc) { 980 if (rc)
990 rc = register_filesystem(&cifs_fs_type); 981 goto out_destroy_inodecache;
991 if (!rc) { 982
992 rc = (int)kernel_thread(cifs_oplock_thread, NULL, 983 rc = cifs_init_request_bufs();
993 CLONE_FS | CLONE_FILES | CLONE_VM); 984 if (rc)
994 if(rc > 0) { 985 goto out_destroy_mids;
995 rc = (int)kernel_thread(cifs_dnotify_thread, NULL, 986
996 CLONE_FS | CLONE_FILES | CLONE_VM); 987 rc = register_filesystem(&cifs_fs_type);
997 if(rc > 0) 988 if (rc)
998 return 0; 989 goto out_destroy_request_bufs;
999 else 990
1000 cERROR(1,("error %d create dnotify thread", rc)); 991 oplockThread = kthread_run(cifs_oplock_thread, NULL, "cifsoplockd");
1001 } else { 992 if (IS_ERR(oplockThread)) {
1002 cERROR(1,("error %d create oplock thread",rc)); 993 rc = PTR_ERR(oplockThread);
1003 } 994 cERROR(1,("error %d create oplock thread", rc));
1004 } 995 goto out_unregister_filesystem;
1005 cifs_destroy_request_bufs();
1006 }
1007 cifs_destroy_mids();
1008 }
1009 cifs_destroy_inodecache();
1010 } 996 }
997
998 dnotifyThread = kthread_run(cifs_dnotify_thread, NULL, "cifsdnotifyd");
999 if (IS_ERR(dnotifyThread)) {
1000 rc = PTR_ERR(dnotifyThread);
1001 cERROR(1,("error %d create dnotify thread", rc));
1002 goto out_stop_oplock_thread;
1003 }
1004
1005 return 0;
1006
1007 out_stop_oplock_thread:
1008 kthread_stop(oplockThread);
1009 out_unregister_filesystem:
1010 unregister_filesystem(&cifs_fs_type);
1011 out_destroy_request_bufs:
1012 cifs_destroy_request_bufs();
1013 out_destroy_mids:
1014 cifs_destroy_mids();
1015 out_destroy_inodecache:
1016 cifs_destroy_inodecache();
1017 out_clean_proc:
1011#ifdef CONFIG_PROC_FS 1018#ifdef CONFIG_PROC_FS
1012 cifs_proc_clean(); 1019 cifs_proc_clean();
1013#endif 1020#endif
@@ -1025,14 +1032,8 @@ exit_cifs(void)
1025 cifs_destroy_inodecache(); 1032 cifs_destroy_inodecache();
1026 cifs_destroy_mids(); 1033 cifs_destroy_mids();
1027 cifs_destroy_request_bufs(); 1034 cifs_destroy_request_bufs();
1028 if(oplockThread) { 1035 kthread_stop(oplockThread);
1029 send_sig(SIGTERM, oplockThread, 1); 1036 kthread_stop(dnotifyThread);
1030 wait_for_completion(&cifs_oplock_exited);
1031 }
1032 if(dnotifyThread) {
1033 send_sig(SIGTERM, dnotifyThread, 1);
1034 wait_for_completion(&cifs_dnotify_exited);
1035 }
1036} 1037}
1037 1038
1038MODULE_AUTHOR("Steve French <sfrench@us.ibm.com>"); 1039MODULE_AUTHOR("Steve French <sfrench@us.ibm.com>");
diff --git a/fs/cifs/cifsfs.h b/fs/cifs/cifsfs.h
index 4e829dc672a6..c98755dca868 100644
--- a/fs/cifs/cifsfs.h
+++ b/fs/cifs/cifsfs.h
@@ -99,5 +99,5 @@ extern ssize_t cifs_getxattr(struct dentry *, const char *, void *, size_t);
99extern ssize_t cifs_listxattr(struct dentry *, char *, size_t); 99extern ssize_t cifs_listxattr(struct dentry *, char *, size_t);
100extern int cifs_ioctl (struct inode * inode, struct file * filep, 100extern int cifs_ioctl (struct inode * inode, struct file * filep,
101 unsigned int command, unsigned long arg); 101 unsigned int command, unsigned long arg);
102#define CIFS_VERSION "1.42" 102#define CIFS_VERSION "1.43"
103#endif /* _CIFSFS_H */ 103#endif /* _CIFSFS_H */
diff --git a/fs/cifs/cifsproto.h b/fs/cifs/cifsproto.h
index 2879ba343ca7..310ea2f0e0bf 100644
--- a/fs/cifs/cifsproto.h
+++ b/fs/cifs/cifsproto.h
@@ -267,7 +267,7 @@ extern int CIFSSMBLock(const int xid, struct cifsTconInfo *tcon,
267 const int waitFlag); 267 const int waitFlag);
268extern int CIFSSMBPosixLock(const int xid, struct cifsTconInfo *tcon, 268extern int CIFSSMBPosixLock(const int xid, struct cifsTconInfo *tcon,
269 const __u16 smb_file_id, const int get_flag, 269 const __u16 smb_file_id, const int get_flag,
270 const __u64 len, const __u64 offset, 270 const __u64 len, struct file_lock *,
271 const __u16 lock_type, const int waitFlag); 271 const __u16 lock_type, const int waitFlag);
272extern int CIFSSMBTDis(const int xid, struct cifsTconInfo *tcon); 272extern int CIFSSMBTDis(const int xid, struct cifsTconInfo *tcon);
273extern int CIFSSMBLogoff(const int xid, struct cifsSesInfo *ses); 273extern int CIFSSMBLogoff(const int xid, struct cifsSesInfo *ses);
diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
index d705500aa283..925881e00ff2 100644
--- a/fs/cifs/cifssmb.c
+++ b/fs/cifs/cifssmb.c
@@ -1355,7 +1355,8 @@ CIFSSMBLock(const int xid, struct cifsTconInfo *tcon,
1355int 1355int
1356CIFSSMBPosixLock(const int xid, struct cifsTconInfo *tcon, 1356CIFSSMBPosixLock(const int xid, struct cifsTconInfo *tcon,
1357 const __u16 smb_file_id, const int get_flag, const __u64 len, 1357 const __u16 smb_file_id, const int get_flag, const __u64 len,
1358 const __u64 lkoffset, const __u16 lock_type, const int waitFlag) 1358 struct file_lock *pLockData, const __u16 lock_type,
1359 const int waitFlag)
1359{ 1360{
1360 struct smb_com_transaction2_sfi_req *pSMB = NULL; 1361 struct smb_com_transaction2_sfi_req *pSMB = NULL;
1361 struct smb_com_transaction2_sfi_rsp *pSMBr = NULL; 1362 struct smb_com_transaction2_sfi_rsp *pSMBr = NULL;
@@ -1366,6 +1367,10 @@ CIFSSMBPosixLock(const int xid, struct cifsTconInfo *tcon,
1366 __u16 params, param_offset, offset, byte_count, count; 1367 __u16 params, param_offset, offset, byte_count, count;
1367 1368
1368 cFYI(1, ("Posix Lock")); 1369 cFYI(1, ("Posix Lock"));
1370
1371 if(pLockData == NULL)
1372 return EINVAL;
1373
1369 rc = small_smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB); 1374 rc = small_smb_init(SMB_COM_TRANSACTION2, 15, tcon, (void **) &pSMB);
1370 1375
1371 if (rc) 1376 if (rc)
@@ -1404,10 +1409,10 @@ CIFSSMBPosixLock(const int xid, struct cifsTconInfo *tcon,
1404 1409
1405 parm_data->lock_type = cpu_to_le16(lock_type); 1410 parm_data->lock_type = cpu_to_le16(lock_type);
1406 if(waitFlag) 1411 if(waitFlag)
1407 parm_data->lock_flags = 1; 1412 parm_data->lock_flags = cpu_to_le16(1);
1408 parm_data->pid = cpu_to_le32(current->tgid); 1413 parm_data->pid = cpu_to_le32(current->tgid);
1409 parm_data->start = lkoffset; 1414 parm_data->start = cpu_to_le64(pLockData->fl_start);
1410 parm_data->length = len; /* normalize negative numbers */ 1415 parm_data->length = cpu_to_le64(len); /* normalize negative numbers */
1411 1416
1412 pSMB->DataOffset = cpu_to_le16(offset); 1417 pSMB->DataOffset = cpu_to_le16(offset);
1413 pSMB->Fid = smb_file_id; 1418 pSMB->Fid = smb_file_id;
@@ -1419,8 +1424,33 @@ CIFSSMBPosixLock(const int xid, struct cifsTconInfo *tcon,
1419 (struct smb_hdr *) pSMBr, &bytes_returned, 0); 1424 (struct smb_hdr *) pSMBr, &bytes_returned, 0);
1420 if (rc) { 1425 if (rc) {
1421 cFYI(1, ("Send error in Posix Lock = %d", rc)); 1426 cFYI(1, ("Send error in Posix Lock = %d", rc));
1422 } 1427 } else if (get_flag) {
1428 /* lock structure can be returned on get */
1429 __u16 data_offset;
1430 __u16 data_count;
1431 rc = validate_t2((struct smb_t2_rsp *)pSMBr);
1423 1432
1433 if (rc || (pSMBr->ByteCount < sizeof(struct cifs_posix_lock))) {
1434 rc = -EIO; /* bad smb */
1435 goto plk_err_exit;
1436 }
1437 if(pLockData == NULL) {
1438 rc = -EINVAL;
1439 goto plk_err_exit;
1440 }
1441 data_offset = le16_to_cpu(pSMBr->t2.DataOffset);
1442 data_count = le16_to_cpu(pSMBr->t2.DataCount);
1443 if(data_count < sizeof(struct cifs_posix_lock)) {
1444 rc = -EIO;
1445 goto plk_err_exit;
1446 }
1447 parm_data = (struct cifs_posix_lock *)
1448 ((char *)&pSMBr->hdr.Protocol + data_offset);
1449 if(parm_data->lock_type == cpu_to_le16(CIFS_UNLCK))
1450 pLockData->fl_type = F_UNLCK;
1451 }
1452
1453plk_err_exit:
1424 if (pSMB) 1454 if (pSMB)
1425 cifs_small_buf_release(pSMB); 1455 cifs_small_buf_release(pSMB);
1426 1456
@@ -3119,7 +3149,7 @@ findFirstRetry:
3119 psrch_inf->endOfSearch = FALSE; 3149 psrch_inf->endOfSearch = FALSE;
3120 3150
3121 psrch_inf->entries_in_buffer = le16_to_cpu(parms->SearchCount); 3151 psrch_inf->entries_in_buffer = le16_to_cpu(parms->SearchCount);
3122 psrch_inf->index_of_last_entry = 3152 psrch_inf->index_of_last_entry = 2 /* skip . and .. */ +
3123 psrch_inf->entries_in_buffer; 3153 psrch_inf->entries_in_buffer;
3124 *pnetfid = parms->SearchHandle; 3154 *pnetfid = parms->SearchHandle;
3125 } else { 3155 } else {
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index 0b86d5ca9014..bae1479318d1 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -2148,6 +2148,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2148/* We look for obvious messed up bcc or strings in response so we do not go off 2148/* We look for obvious messed up bcc or strings in response so we do not go off
2149 the end since (at least) WIN2K and Windows XP have a major bug in not null 2149 the end since (at least) WIN2K and Windows XP have a major bug in not null
2150 terminating last Unicode string in response */ 2150 terminating last Unicode string in response */
2151 if(ses->serverOS)
2152 kfree(ses->serverOS);
2151 ses->serverOS = kzalloc(2 * (len + 1), GFP_KERNEL); 2153 ses->serverOS = kzalloc(2 * (len + 1), GFP_KERNEL);
2152 if(ses->serverOS == NULL) 2154 if(ses->serverOS == NULL)
2153 goto sesssetup_nomem; 2155 goto sesssetup_nomem;
@@ -2160,6 +2162,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2160 if (remaining_words > 0) { 2162 if (remaining_words > 0) {
2161 len = UniStrnlen((wchar_t *)bcc_ptr, 2163 len = UniStrnlen((wchar_t *)bcc_ptr,
2162 remaining_words-1); 2164 remaining_words-1);
2165 if(ses->serverNOS)
2166 kfree(ses->serverNOS);
2163 ses->serverNOS = kzalloc(2 * (len + 1),GFP_KERNEL); 2167 ses->serverNOS = kzalloc(2 * (len + 1),GFP_KERNEL);
2164 if(ses->serverNOS == NULL) 2168 if(ses->serverNOS == NULL)
2165 goto sesssetup_nomem; 2169 goto sesssetup_nomem;
@@ -2177,6 +2181,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2177 if (remaining_words > 0) { 2181 if (remaining_words > 0) {
2178 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); 2182 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2179 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */ 2183 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2184 if(ses->serverDomain)
2185 kfree(ses->serverDomain);
2180 ses->serverDomain = 2186 ses->serverDomain =
2181 kzalloc(2*(len+1),GFP_KERNEL); 2187 kzalloc(2*(len+1),GFP_KERNEL);
2182 if(ses->serverDomain == NULL) 2188 if(ses->serverDomain == NULL)
@@ -2187,15 +2193,22 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2187 ses->serverDomain[2*len] = 0; 2193 ses->serverDomain[2*len] = 0;
2188 ses->serverDomain[1+(2*len)] = 0; 2194 ses->serverDomain[1+(2*len)] = 0;
2189 } /* else no more room so create dummy domain string */ 2195 } /* else no more room so create dummy domain string */
2190 else 2196 else {
2197 if(ses->serverDomain)
2198 kfree(ses->serverDomain);
2191 ses->serverDomain = 2199 ses->serverDomain =
2192 kzalloc(2, GFP_KERNEL); 2200 kzalloc(2, GFP_KERNEL);
2201 }
2193 } else { /* no room so create dummy domain and NOS string */ 2202 } else { /* no room so create dummy domain and NOS string */
2194 /* if these kcallocs fail not much we 2203 /* if these kcallocs fail not much we
2195 can do, but better to not fail the 2204 can do, but better to not fail the
2196 sesssetup itself */ 2205 sesssetup itself */
2206 if(ses->serverDomain)
2207 kfree(ses->serverDomain);
2197 ses->serverDomain = 2208 ses->serverDomain =
2198 kzalloc(2, GFP_KERNEL); 2209 kzalloc(2, GFP_KERNEL);
2210 if(ses->serverNOS)
2211 kfree(ses->serverNOS);
2199 ses->serverNOS = 2212 ses->serverNOS =
2200 kzalloc(2, GFP_KERNEL); 2213 kzalloc(2, GFP_KERNEL);
2201 } 2214 }
@@ -2204,6 +2217,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2204 if (((long) bcc_ptr + len) - (long) 2217 if (((long) bcc_ptr + len) - (long)
2205 pByteArea(smb_buffer_response) 2218 pByteArea(smb_buffer_response)
2206 <= BCC(smb_buffer_response)) { 2219 <= BCC(smb_buffer_response)) {
2220 if(ses->serverOS)
2221 kfree(ses->serverOS);
2207 ses->serverOS = kzalloc(len + 1,GFP_KERNEL); 2222 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
2208 if(ses->serverOS == NULL) 2223 if(ses->serverOS == NULL)
2209 goto sesssetup_nomem; 2224 goto sesssetup_nomem;
@@ -2214,6 +2229,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2214 bcc_ptr++; 2229 bcc_ptr++;
2215 2230
2216 len = strnlen(bcc_ptr, 1024); 2231 len = strnlen(bcc_ptr, 1024);
2232 if(ses->serverNOS)
2233 kfree(ses->serverNOS);
2217 ses->serverNOS = kzalloc(len + 1,GFP_KERNEL); 2234 ses->serverNOS = kzalloc(len + 1,GFP_KERNEL);
2218 if(ses->serverNOS == NULL) 2235 if(ses->serverNOS == NULL)
2219 goto sesssetup_nomem; 2236 goto sesssetup_nomem;
@@ -2223,6 +2240,8 @@ CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2223 bcc_ptr++; 2240 bcc_ptr++;
2224 2241
2225 len = strnlen(bcc_ptr, 1024); 2242 len = strnlen(bcc_ptr, 1024);
2243 if(ses->serverDomain)
2244 kfree(ses->serverDomain);
2226 ses->serverDomain = kzalloc(len + 1,GFP_KERNEL); 2245 ses->serverDomain = kzalloc(len + 1,GFP_KERNEL);
2227 if(ses->serverDomain == NULL) 2246 if(ses->serverDomain == NULL)
2228 goto sesssetup_nomem; 2247 goto sesssetup_nomem;
@@ -2427,6 +2446,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2427/* We look for obvious messed up bcc or strings in response so we do not go off 2446/* We look for obvious messed up bcc or strings in response so we do not go off
2428 the end since (at least) WIN2K and Windows XP have a major bug in not null 2447 the end since (at least) WIN2K and Windows XP have a major bug in not null
2429 terminating last Unicode string in response */ 2448 terminating last Unicode string in response */
2449 if(ses->serverOS)
2450 kfree(ses->serverOS);
2430 ses->serverOS = 2451 ses->serverOS =
2431 kzalloc(2 * (len + 1), GFP_KERNEL); 2452 kzalloc(2 * (len + 1), GFP_KERNEL);
2432 cifs_strfromUCS_le(ses->serverOS, 2453 cifs_strfromUCS_le(ses->serverOS,
@@ -2441,6 +2462,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2441 len = UniStrnlen((wchar_t *)bcc_ptr, 2462 len = UniStrnlen((wchar_t *)bcc_ptr,
2442 remaining_words 2463 remaining_words
2443 - 1); 2464 - 1);
2465 if(ses->serverNOS)
2466 kfree(ses->serverNOS);
2444 ses->serverNOS = 2467 ses->serverNOS =
2445 kzalloc(2 * (len + 1), 2468 kzalloc(2 * (len + 1),
2446 GFP_KERNEL); 2469 GFP_KERNEL);
@@ -2454,7 +2477,9 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2454 remaining_words -= len + 1; 2477 remaining_words -= len + 1;
2455 if (remaining_words > 0) { 2478 if (remaining_words > 0) {
2456 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); 2479 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2457 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */ 2480 /* last string not null terminated (e.g.Windows XP/2000) */
2481 if(ses->serverDomain)
2482 kfree(ses->serverDomain);
2458 ses->serverDomain = kzalloc(2*(len+1),GFP_KERNEL); 2483 ses->serverDomain = kzalloc(2*(len+1),GFP_KERNEL);
2459 cifs_strfromUCS_le(ses->serverDomain, 2484 cifs_strfromUCS_le(ses->serverDomain,
2460 (__le16 *)bcc_ptr, 2485 (__le16 *)bcc_ptr,
@@ -2463,11 +2488,18 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2463 ses->serverDomain[2*len] = 0; 2488 ses->serverDomain[2*len] = 0;
2464 ses->serverDomain[1+(2*len)] = 0; 2489 ses->serverDomain[1+(2*len)] = 0;
2465 } /* else no more room so create dummy domain string */ 2490 } /* else no more room so create dummy domain string */
2466 else 2491 else {
2492 if(ses->serverDomain)
2493 kfree(ses->serverDomain);
2467 ses->serverDomain = 2494 ses->serverDomain =
2468 kzalloc(2,GFP_KERNEL); 2495 kzalloc(2,GFP_KERNEL);
2469 } else { /* no room so create dummy domain and NOS string */ 2496 }
2497 } else {/* no room use dummy domain&NOS */
2498 if(ses->serverDomain)
2499 kfree(ses->serverDomain);
2470 ses->serverDomain = kzalloc(2, GFP_KERNEL); 2500 ses->serverDomain = kzalloc(2, GFP_KERNEL);
2501 if(ses->serverNOS)
2502 kfree(ses->serverNOS);
2471 ses->serverNOS = kzalloc(2, GFP_KERNEL); 2503 ses->serverNOS = kzalloc(2, GFP_KERNEL);
2472 } 2504 }
2473 } else { /* ASCII */ 2505 } else { /* ASCII */
@@ -2476,6 +2508,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2476 if (((long) bcc_ptr + len) - (long) 2508 if (((long) bcc_ptr + len) - (long)
2477 pByteArea(smb_buffer_response) 2509 pByteArea(smb_buffer_response)
2478 <= BCC(smb_buffer_response)) { 2510 <= BCC(smb_buffer_response)) {
2511 if(ses->serverOS)
2512 kfree(ses->serverOS);
2479 ses->serverOS = kzalloc(len + 1, GFP_KERNEL); 2513 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
2480 strncpy(ses->serverOS, bcc_ptr, len); 2514 strncpy(ses->serverOS, bcc_ptr, len);
2481 2515
@@ -2484,6 +2518,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2484 bcc_ptr++; 2518 bcc_ptr++;
2485 2519
2486 len = strnlen(bcc_ptr, 1024); 2520 len = strnlen(bcc_ptr, 1024);
2521 if(ses->serverNOS)
2522 kfree(ses->serverNOS);
2487 ses->serverNOS = kzalloc(len + 1,GFP_KERNEL); 2523 ses->serverNOS = kzalloc(len + 1,GFP_KERNEL);
2488 strncpy(ses->serverNOS, bcc_ptr, len); 2524 strncpy(ses->serverNOS, bcc_ptr, len);
2489 bcc_ptr += len; 2525 bcc_ptr += len;
@@ -2491,6 +2527,8 @@ CIFSSpnegoSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2491 bcc_ptr++; 2527 bcc_ptr++;
2492 2528
2493 len = strnlen(bcc_ptr, 1024); 2529 len = strnlen(bcc_ptr, 1024);
2530 if(ses->serverDomain)
2531 kfree(ses->serverDomain);
2494 ses->serverDomain = kzalloc(len + 1, GFP_KERNEL); 2532 ses->serverDomain = kzalloc(len + 1, GFP_KERNEL);
2495 strncpy(ses->serverDomain, bcc_ptr, len); 2533 strncpy(ses->serverDomain, bcc_ptr, len);
2496 bcc_ptr += len; 2534 bcc_ptr += len;
@@ -2728,6 +2766,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2728/* We look for obvious messed up bcc or strings in response so we do not go off 2766/* We look for obvious messed up bcc or strings in response so we do not go off
2729 the end since (at least) WIN2K and Windows XP have a major bug in not null 2767 the end since (at least) WIN2K and Windows XP have a major bug in not null
2730 terminating last Unicode string in response */ 2768 terminating last Unicode string in response */
2769 if(ses->serverOS)
2770 kfree(ses->serverOS);
2731 ses->serverOS = 2771 ses->serverOS =
2732 kzalloc(2 * (len + 1), GFP_KERNEL); 2772 kzalloc(2 * (len + 1), GFP_KERNEL);
2733 cifs_strfromUCS_le(ses->serverOS, 2773 cifs_strfromUCS_le(ses->serverOS,
@@ -2743,6 +2783,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2743 bcc_ptr, 2783 bcc_ptr,
2744 remaining_words 2784 remaining_words
2745 - 1); 2785 - 1);
2786 if(ses->serverNOS)
2787 kfree(ses->serverNOS);
2746 ses->serverNOS = 2788 ses->serverNOS =
2747 kzalloc(2 * (len + 1), 2789 kzalloc(2 * (len + 1),
2748 GFP_KERNEL); 2790 GFP_KERNEL);
@@ -2760,6 +2802,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2760 if (remaining_words > 0) { 2802 if (remaining_words > 0) {
2761 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); 2803 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2762 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */ 2804 /* last string is not always null terminated (for e.g. for Windows XP & 2000) */
2805 if(ses->serverDomain)
2806 kfree(ses->serverDomain);
2763 ses->serverDomain = 2807 ses->serverDomain =
2764 kzalloc(2 * 2808 kzalloc(2 *
2765 (len + 2809 (len +
@@ -2777,13 +2821,20 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2777 [1 + (2 * len)] 2821 [1 + (2 * len)]
2778 = 0; 2822 = 0;
2779 } /* else no more room so create dummy domain string */ 2823 } /* else no more room so create dummy domain string */
2780 else 2824 else {
2825 if(ses->serverDomain)
2826 kfree(ses->serverDomain);
2781 ses->serverDomain = 2827 ses->serverDomain =
2782 kzalloc(2, 2828 kzalloc(2,
2783 GFP_KERNEL); 2829 GFP_KERNEL);
2830 }
2784 } else { /* no room so create dummy domain and NOS string */ 2831 } else { /* no room so create dummy domain and NOS string */
2832 if(ses->serverDomain);
2833 kfree(ses->serverDomain);
2785 ses->serverDomain = 2834 ses->serverDomain =
2786 kzalloc(2, GFP_KERNEL); 2835 kzalloc(2, GFP_KERNEL);
2836 if(ses->serverNOS)
2837 kfree(ses->serverNOS);
2787 ses->serverNOS = 2838 ses->serverNOS =
2788 kzalloc(2, GFP_KERNEL); 2839 kzalloc(2, GFP_KERNEL);
2789 } 2840 }
@@ -2792,6 +2843,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2792 if (((long) bcc_ptr + len) - (long) 2843 if (((long) bcc_ptr + len) - (long)
2793 pByteArea(smb_buffer_response) 2844 pByteArea(smb_buffer_response)
2794 <= BCC(smb_buffer_response)) { 2845 <= BCC(smb_buffer_response)) {
2846 if(ses->serverOS)
2847 kfree(ses->serverOS);
2795 ses->serverOS = 2848 ses->serverOS =
2796 kzalloc(len + 1, 2849 kzalloc(len + 1,
2797 GFP_KERNEL); 2850 GFP_KERNEL);
@@ -2803,6 +2856,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2803 bcc_ptr++; 2856 bcc_ptr++;
2804 2857
2805 len = strnlen(bcc_ptr, 1024); 2858 len = strnlen(bcc_ptr, 1024);
2859 if(ses->serverNOS)
2860 kfree(ses->serverNOS);
2806 ses->serverNOS = 2861 ses->serverNOS =
2807 kzalloc(len + 1, 2862 kzalloc(len + 1,
2808 GFP_KERNEL); 2863 GFP_KERNEL);
@@ -2812,6 +2867,8 @@ CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2812 bcc_ptr++; 2867 bcc_ptr++;
2813 2868
2814 len = strnlen(bcc_ptr, 1024); 2869 len = strnlen(bcc_ptr, 1024);
2870 if(ses->serverDomain)
2871 kfree(ses->serverDomain);
2815 ses->serverDomain = 2872 ses->serverDomain =
2816 kzalloc(len + 1, 2873 kzalloc(len + 1,
2817 GFP_KERNEL); 2874 GFP_KERNEL);
@@ -3116,6 +3173,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
3116/* We look for obvious messed up bcc or strings in response so we do not go off 3173/* We look for obvious messed up bcc or strings in response so we do not go off
3117 the end since (at least) WIN2K and Windows XP have a major bug in not null 3174 the end since (at least) WIN2K and Windows XP have a major bug in not null
3118 terminating last Unicode string in response */ 3175 terminating last Unicode string in response */
3176 if(ses->serverOS)
3177 kfree(ses->serverOS);
3119 ses->serverOS = 3178 ses->serverOS =
3120 kzalloc(2 * (len + 1), GFP_KERNEL); 3179 kzalloc(2 * (len + 1), GFP_KERNEL);
3121 cifs_strfromUCS_le(ses->serverOS, 3180 cifs_strfromUCS_le(ses->serverOS,
@@ -3131,6 +3190,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
3131 bcc_ptr, 3190 bcc_ptr,
3132 remaining_words 3191 remaining_words
3133 - 1); 3192 - 1);
3193 if(ses->serverNOS)
3194 kfree(ses->serverNOS);
3134 ses->serverNOS = 3195 ses->serverNOS =
3135 kzalloc(2 * (len + 1), 3196 kzalloc(2 * (len + 1),
3136 GFP_KERNEL); 3197 GFP_KERNEL);
@@ -3147,6 +3208,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
3147 if (remaining_words > 0) { 3208 if (remaining_words > 0) {
3148 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words); 3209 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3149 /* last string not always null terminated (e.g. for Windows XP & 2000) */ 3210 /* last string not always null terminated (e.g. for Windows XP & 2000) */
3211 if(ses->serverDomain)
3212 kfree(ses->serverDomain);
3150 ses->serverDomain = 3213 ses->serverDomain =
3151 kzalloc(2 * 3214 kzalloc(2 *
3152 (len + 3215 (len +
@@ -3172,10 +3235,17 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
3172 len)] 3235 len)]
3173 = 0; 3236 = 0;
3174 } /* else no more room so create dummy domain string */ 3237 } /* else no more room so create dummy domain string */
3175 else 3238 else {
3239 if(ses->serverDomain)
3240 kfree(ses->serverDomain);
3176 ses->serverDomain = kzalloc(2,GFP_KERNEL); 3241 ses->serverDomain = kzalloc(2,GFP_KERNEL);
3242 }
3177 } else { /* no room so create dummy domain and NOS string */ 3243 } else { /* no room so create dummy domain and NOS string */
3244 if(ses->serverDomain)
3245 kfree(ses->serverDomain);
3178 ses->serverDomain = kzalloc(2, GFP_KERNEL); 3246 ses->serverDomain = kzalloc(2, GFP_KERNEL);
3247 if(ses->serverNOS)
3248 kfree(ses->serverNOS);
3179 ses->serverNOS = kzalloc(2, GFP_KERNEL); 3249 ses->serverNOS = kzalloc(2, GFP_KERNEL);
3180 } 3250 }
3181 } else { /* ASCII */ 3251 } else { /* ASCII */
@@ -3183,6 +3253,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
3183 if (((long) bcc_ptr + len) - 3253 if (((long) bcc_ptr + len) -
3184 (long) pByteArea(smb_buffer_response) 3254 (long) pByteArea(smb_buffer_response)
3185 <= BCC(smb_buffer_response)) { 3255 <= BCC(smb_buffer_response)) {
3256 if(ses->serverOS)
3257 kfree(ses->serverOS);
3186 ses->serverOS = kzalloc(len + 1,GFP_KERNEL); 3258 ses->serverOS = kzalloc(len + 1,GFP_KERNEL);
3187 strncpy(ses->serverOS,bcc_ptr, len); 3259 strncpy(ses->serverOS,bcc_ptr, len);
3188 3260
@@ -3191,6 +3263,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
3191 bcc_ptr++; 3263 bcc_ptr++;
3192 3264
3193 len = strnlen(bcc_ptr, 1024); 3265 len = strnlen(bcc_ptr, 1024);
3266 if(ses->serverNOS)
3267 kfree(ses->serverNOS);
3194 ses->serverNOS = kzalloc(len+1,GFP_KERNEL); 3268 ses->serverNOS = kzalloc(len+1,GFP_KERNEL);
3195 strncpy(ses->serverNOS, bcc_ptr, len); 3269 strncpy(ses->serverNOS, bcc_ptr, len);
3196 bcc_ptr += len; 3270 bcc_ptr += len;
@@ -3198,6 +3272,8 @@ CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
3198 bcc_ptr++; 3272 bcc_ptr++;
3199 3273
3200 len = strnlen(bcc_ptr, 1024); 3274 len = strnlen(bcc_ptr, 1024);
3275 if(ses->serverDomain)
3276 kfree(ses->serverDomain);
3201 ses->serverDomain = kzalloc(len+1,GFP_KERNEL); 3277 ses->serverDomain = kzalloc(len+1,GFP_KERNEL);
3202 strncpy(ses->serverDomain, bcc_ptr, len); 3278 strncpy(ses->serverDomain, bcc_ptr, len);
3203 bcc_ptr += len; 3279 bcc_ptr += len;
@@ -3282,7 +3358,8 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3282 bcc_ptr++; /* align */ 3358 bcc_ptr++; /* align */
3283 } 3359 }
3284 3360
3285 if(ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) 3361 if(ses->server->secMode &
3362 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3286 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE; 3363 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3287 3364
3288 if (ses->capabilities & CAP_STATUS32) { 3365 if (ses->capabilities & CAP_STATUS32) {
@@ -3294,8 +3371,10 @@ CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3294 if (ses->capabilities & CAP_UNICODE) { 3371 if (ses->capabilities & CAP_UNICODE) {
3295 smb_buffer->Flags2 |= SMBFLG2_UNICODE; 3372 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3296 length = 3373 length =
3297 cifs_strtoUCS((__le16 *) bcc_ptr, tree, 100, nls_codepage); 3374 cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3298 bcc_ptr += 2 * length; /* convert num of 16 bit words to bytes */ 3375 6 /* max utf8 char length in bytes */ *
3376 (/* server len*/ + 256 /* share len */), nls_codepage);
3377 bcc_ptr += 2 * length; /* convert num 16 bit words to bytes */
3299 bcc_ptr += 2; /* skip trailing null */ 3378 bcc_ptr += 2; /* skip trailing null */
3300 } else { /* ASCII */ 3379 } else { /* ASCII */
3301 strcpy(bcc_ptr, tree); 3380 strcpy(bcc_ptr, tree);
@@ -3447,6 +3526,12 @@ int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3447 pSesInfo->server->secMode, 3526 pSesInfo->server->secMode,
3448 pSesInfo->server->capabilities, 3527 pSesInfo->server->capabilities,
3449 pSesInfo->server->timeZone)); 3528 pSesInfo->server->timeZone));
3529#ifdef CONFIG_CIFS_EXPERIMENTAL
3530 if(experimEnabled > 1)
3531 rc = CIFS_SessSetup(xid, pSesInfo, CIFS_NTLM /* type */,
3532 &ntlmv2_flag, nls_info);
3533 else
3534#endif
3450 if (extended_security 3535 if (extended_security
3451 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY) 3536 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3452 && (pSesInfo->server->secType == NTLMSSP)) { 3537 && (pSesInfo->server->secType == NTLMSSP)) {
diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c
index 1d0ca3eaaca5..82315edc77d7 100644
--- a/fs/cifs/dir.c
+++ b/fs/cifs/dir.c
@@ -139,9 +139,7 @@ cifs_create(struct inode *inode, struct dentry *direntry, int mode,
139 cifs_sb = CIFS_SB(inode->i_sb); 139 cifs_sb = CIFS_SB(inode->i_sb);
140 pTcon = cifs_sb->tcon; 140 pTcon = cifs_sb->tcon;
141 141
142 mutex_lock(&direntry->d_sb->s_vfs_rename_mutex);
143 full_path = build_path_from_dentry(direntry); 142 full_path = build_path_from_dentry(direntry);
144 mutex_unlock(&direntry->d_sb->s_vfs_rename_mutex);
145 if(full_path == NULL) { 143 if(full_path == NULL) {
146 FreeXid(xid); 144 FreeXid(xid);
147 return -ENOMEM; 145 return -ENOMEM;
@@ -316,9 +314,7 @@ int cifs_mknod(struct inode *inode, struct dentry *direntry, int mode,
316 cifs_sb = CIFS_SB(inode->i_sb); 314 cifs_sb = CIFS_SB(inode->i_sb);
317 pTcon = cifs_sb->tcon; 315 pTcon = cifs_sb->tcon;
318 316
319 mutex_lock(&direntry->d_sb->s_vfs_rename_mutex);
320 full_path = build_path_from_dentry(direntry); 317 full_path = build_path_from_dentry(direntry);
321 mutex_unlock(&direntry->d_sb->s_vfs_rename_mutex);
322 if(full_path == NULL) 318 if(full_path == NULL)
323 rc = -ENOMEM; 319 rc = -ENOMEM;
324 else if (pTcon->ses->capabilities & CAP_UNIX) { 320 else if (pTcon->ses->capabilities & CAP_UNIX) {
@@ -440,6 +436,20 @@ cifs_lookup(struct inode *parent_dir_inode, struct dentry *direntry, struct name
440 cifs_sb = CIFS_SB(parent_dir_inode->i_sb); 436 cifs_sb = CIFS_SB(parent_dir_inode->i_sb);
441 pTcon = cifs_sb->tcon; 437 pTcon = cifs_sb->tcon;
442 438
439 /*
440 * Don't allow the separator character in a path component.
441 * The VFS will not allow "/", but "\" is allowed by posix.
442 */
443 if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS)) {
444 int i;
445 for (i = 0; i < direntry->d_name.len; i++)
446 if (direntry->d_name.name[i] == '\\') {
447 cFYI(1, ("Invalid file name"));
448 FreeXid(xid);
449 return ERR_PTR(-EINVAL);
450 }
451 }
452
443 /* can not grab the rename sem here since it would 453 /* can not grab the rename sem here since it would
444 deadlock in the cases (beginning of sys_rename itself) 454 deadlock in the cases (beginning of sys_rename itself)
445 in which we already have the sb rename sem */ 455 in which we already have the sb rename sem */
diff --git a/fs/cifs/fcntl.c b/fs/cifs/fcntl.c
index ec4dfe9bf5ef..633a93811328 100644
--- a/fs/cifs/fcntl.c
+++ b/fs/cifs/fcntl.c
@@ -86,9 +86,7 @@ int cifs_dir_notify(struct file * file, unsigned long arg)
86 cifs_sb = CIFS_SB(file->f_dentry->d_sb); 86 cifs_sb = CIFS_SB(file->f_dentry->d_sb);
87 pTcon = cifs_sb->tcon; 87 pTcon = cifs_sb->tcon;
88 88
89 mutex_lock(&file->f_dentry->d_sb->s_vfs_rename_mutex);
90 full_path = build_path_from_dentry(file->f_dentry); 89 full_path = build_path_from_dentry(file->f_dentry);
91 mutex_unlock(&file->f_dentry->d_sb->s_vfs_rename_mutex);
92 90
93 if(full_path == NULL) { 91 if(full_path == NULL) {
94 rc = -ENOMEM; 92 rc = -ENOMEM;
diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index 5c497c529772..e2b4ce1dad66 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -84,6 +84,8 @@ static inline int cifs_get_disposition(unsigned int flags)
84 return FILE_OVERWRITE_IF; 84 return FILE_OVERWRITE_IF;
85 else if ((flags & O_CREAT) == O_CREAT) 85 else if ((flags & O_CREAT) == O_CREAT)
86 return FILE_OPEN_IF; 86 return FILE_OPEN_IF;
87 else if ((flags & O_TRUNC) == O_TRUNC)
88 return FILE_OVERWRITE;
87 else 89 else
88 return FILE_OPEN; 90 return FILE_OPEN;
89} 91}
@@ -203,9 +205,7 @@ int cifs_open(struct inode *inode, struct file *file)
203 } 205 }
204 } 206 }
205 207
206 mutex_lock(&inode->i_sb->s_vfs_rename_mutex);
207 full_path = build_path_from_dentry(file->f_dentry); 208 full_path = build_path_from_dentry(file->f_dentry);
208 mutex_unlock(&inode->i_sb->s_vfs_rename_mutex);
209 if (full_path == NULL) { 209 if (full_path == NULL) {
210 FreeXid(xid); 210 FreeXid(xid);
211 return -ENOMEM; 211 return -ENOMEM;
@@ -658,7 +658,7 @@ int cifs_lock(struct file *file, int cmd, struct file_lock *pfLock)
658 else 658 else
659 posix_lock_type = CIFS_WRLCK; 659 posix_lock_type = CIFS_WRLCK;
660 rc = CIFSSMBPosixLock(xid, pTcon, netfid, 1 /* get */, 660 rc = CIFSSMBPosixLock(xid, pTcon, netfid, 1 /* get */,
661 length, pfLock->fl_start, 661 length, pfLock,
662 posix_lock_type, wait_flag); 662 posix_lock_type, wait_flag);
663 FreeXid(xid); 663 FreeXid(xid);
664 return rc; 664 return rc;
@@ -706,7 +706,7 @@ int cifs_lock(struct file *file, int cmd, struct file_lock *pfLock)
706 return -EOPNOTSUPP; 706 return -EOPNOTSUPP;
707 } 707 }
708 rc = CIFSSMBPosixLock(xid, pTcon, netfid, 0 /* set */, 708 rc = CIFSSMBPosixLock(xid, pTcon, netfid, 0 /* set */,
709 length, pfLock->fl_start, 709 length, pfLock,
710 posix_lock_type, wait_flag); 710 posix_lock_type, wait_flag);
711 } else 711 } else
712 rc = CIFSSMBLock(xid, pTcon, netfid, length, pfLock->fl_start, 712 rc = CIFSSMBLock(xid, pTcon, netfid, length, pfLock->fl_start,
@@ -906,9 +906,10 @@ static ssize_t cifs_write(struct file *file, const char *write_data,
906 if (rc != 0) 906 if (rc != 0)
907 break; 907 break;
908 } 908 }
909 /* BB FIXME We can not sign across two buffers yet */ 909 if(experimEnabled || (pTcon->ses->server &&
910 if((pTcon->ses->server->secMode & 910 ((pTcon->ses->server->secMode &
911 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) == 0) { 911 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
912 == 0))) {
912 struct kvec iov[2]; 913 struct kvec iov[2];
913 unsigned int len; 914 unsigned int len;
914 915
@@ -923,13 +924,13 @@ static ssize_t cifs_write(struct file *file, const char *write_data,
923 *poffset, &bytes_written, 924 *poffset, &bytes_written,
924 iov, 1, long_op); 925 iov, 1, long_op);
925 } else 926 } else
926 /* BB FIXME fixup indentation of line below */ 927 rc = CIFSSMBWrite(xid, pTcon,
927 rc = CIFSSMBWrite(xid, pTcon, 928 open_file->netfid,
928 open_file->netfid, 929 min_t(const int, cifs_sb->wsize,
929 min_t(const int, cifs_sb->wsize, 930 write_size - total_written),
930 write_size - total_written), 931 *poffset, &bytes_written,
931 *poffset, &bytes_written, 932 write_data + total_written,
932 write_data + total_written, NULL, long_op); 933 NULL, long_op);
933 } 934 }
934 if (rc || (bytes_written == 0)) { 935 if (rc || (bytes_written == 0)) {
935 if (total_written) 936 if (total_written)
@@ -968,6 +969,16 @@ struct cifsFileInfo *find_writable_file(struct cifsInodeInfo *cifs_inode)
968 struct cifsFileInfo *open_file; 969 struct cifsFileInfo *open_file;
969 int rc; 970 int rc;
970 971
972 /* Having a null inode here (because mapping->host was set to zero by
973 the VFS or MM) should not happen but we had reports of on oops (due to
974 it being zero) during stress testcases so we need to check for it */
975
976 if(cifs_inode == NULL) {
977 cERROR(1,("Null inode passed to cifs_writeable_file"));
978 dump_stack();
979 return NULL;
980 }
981
971 read_lock(&GlobalSMBSeslock); 982 read_lock(&GlobalSMBSeslock);
972 list_for_each_entry(open_file, &cifs_inode->openFileList, flist) { 983 list_for_each_entry(open_file, &cifs_inode->openFileList, flist) {
973 if (open_file->closePend) 984 if (open_file->closePend)
@@ -1093,12 +1104,11 @@ static int cifs_writepages(struct address_space *mapping,
1093 if (cifs_sb->wsize < PAGE_CACHE_SIZE) 1104 if (cifs_sb->wsize < PAGE_CACHE_SIZE)
1094 return generic_writepages(mapping, wbc); 1105 return generic_writepages(mapping, wbc);
1095 1106
1096 /* BB FIXME we do not have code to sign across multiple buffers yet,
1097 so go to older writepage style write which we can sign if needed */
1098 if((cifs_sb->tcon->ses) && (cifs_sb->tcon->ses->server)) 1107 if((cifs_sb->tcon->ses) && (cifs_sb->tcon->ses->server))
1099 if(cifs_sb->tcon->ses->server->secMode & 1108 if(cifs_sb->tcon->ses->server->secMode &
1100 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED)) 1109 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
1101 return generic_writepages(mapping, wbc); 1110 if(!experimEnabled)
1111 return generic_writepages(mapping, wbc);
1102 1112
1103 /* 1113 /*
1104 * BB: Is this meaningful for a non-block-device file system? 1114 * BB: Is this meaningful for a non-block-device file system?
diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
index 957ddd1571c6..4093764ef461 100644
--- a/fs/cifs/inode.c
+++ b/fs/cifs/inode.c
@@ -722,9 +722,7 @@ int cifs_mkdir(struct inode *inode, struct dentry *direntry, int mode)
722 cifs_sb = CIFS_SB(inode->i_sb); 722 cifs_sb = CIFS_SB(inode->i_sb);
723 pTcon = cifs_sb->tcon; 723 pTcon = cifs_sb->tcon;
724 724
725 mutex_lock(&inode->i_sb->s_vfs_rename_mutex);
726 full_path = build_path_from_dentry(direntry); 725 full_path = build_path_from_dentry(direntry);
727 mutex_unlock(&inode->i_sb->s_vfs_rename_mutex);
728 if (full_path == NULL) { 726 if (full_path == NULL) {
729 FreeXid(xid); 727 FreeXid(xid);
730 return -ENOMEM; 728 return -ENOMEM;
@@ -807,9 +805,7 @@ int cifs_rmdir(struct inode *inode, struct dentry *direntry)
807 cifs_sb = CIFS_SB(inode->i_sb); 805 cifs_sb = CIFS_SB(inode->i_sb);
808 pTcon = cifs_sb->tcon; 806 pTcon = cifs_sb->tcon;
809 807
810 mutex_lock(&inode->i_sb->s_vfs_rename_mutex);
811 full_path = build_path_from_dentry(direntry); 808 full_path = build_path_from_dentry(direntry);
812 mutex_unlock(&inode->i_sb->s_vfs_rename_mutex);
813 if (full_path == NULL) { 809 if (full_path == NULL) {
814 FreeXid(xid); 810 FreeXid(xid);
815 return -ENOMEM; 811 return -ENOMEM;
@@ -1141,9 +1137,7 @@ int cifs_setattr(struct dentry *direntry, struct iattr *attrs)
1141 rc = 0; 1137 rc = 0;
1142 } 1138 }
1143 1139
1144 mutex_lock(&direntry->d_sb->s_vfs_rename_mutex);
1145 full_path = build_path_from_dentry(direntry); 1140 full_path = build_path_from_dentry(direntry);
1146 mutex_unlock(&direntry->d_sb->s_vfs_rename_mutex);
1147 if (full_path == NULL) { 1141 if (full_path == NULL) {
1148 FreeXid(xid); 1142 FreeXid(xid);
1149 return -ENOMEM; 1143 return -ENOMEM;
diff --git a/fs/cifs/link.c b/fs/cifs/link.c
index 9562f5bba65c..2ec99f833142 100644
--- a/fs/cifs/link.c
+++ b/fs/cifs/link.c
@@ -48,10 +48,8 @@ cifs_hardlink(struct dentry *old_file, struct inode *inode,
48/* No need to check for cross device links since server will do that 48/* No need to check for cross device links since server will do that
49 BB note DFS case in future though (when we may have to check) */ 49 BB note DFS case in future though (when we may have to check) */
50 50
51 mutex_lock(&inode->i_sb->s_vfs_rename_mutex);
52 fromName = build_path_from_dentry(old_file); 51 fromName = build_path_from_dentry(old_file);
53 toName = build_path_from_dentry(direntry); 52 toName = build_path_from_dentry(direntry);
54 mutex_unlock(&inode->i_sb->s_vfs_rename_mutex);
55 if((fromName == NULL) || (toName == NULL)) { 53 if((fromName == NULL) || (toName == NULL)) {
56 rc = -ENOMEM; 54 rc = -ENOMEM;
57 goto cifs_hl_exit; 55 goto cifs_hl_exit;
@@ -103,9 +101,7 @@ cifs_follow_link(struct dentry *direntry, struct nameidata *nd)
103 101
104 xid = GetXid(); 102 xid = GetXid();
105 103
106 mutex_lock(&direntry->d_sb->s_vfs_rename_mutex);
107 full_path = build_path_from_dentry(direntry); 104 full_path = build_path_from_dentry(direntry);
108 mutex_unlock(&direntry->d_sb->s_vfs_rename_mutex);
109 105
110 if (!full_path) 106 if (!full_path)
111 goto out_no_free; 107 goto out_no_free;
@@ -164,9 +160,7 @@ cifs_symlink(struct inode *inode, struct dentry *direntry, const char *symname)
164 cifs_sb = CIFS_SB(inode->i_sb); 160 cifs_sb = CIFS_SB(inode->i_sb);
165 pTcon = cifs_sb->tcon; 161 pTcon = cifs_sb->tcon;
166 162
167 mutex_lock(&inode->i_sb->s_vfs_rename_mutex);
168 full_path = build_path_from_dentry(direntry); 163 full_path = build_path_from_dentry(direntry);
169 mutex_unlock(&inode->i_sb->s_vfs_rename_mutex);
170 164
171 if(full_path == NULL) { 165 if(full_path == NULL) {
172 FreeXid(xid); 166 FreeXid(xid);
diff --git a/fs/cifs/ntlmssp.c b/fs/cifs/ntlmssp.c
index 78866f925747..115359cc7a32 100644
--- a/fs/cifs/ntlmssp.c
+++ b/fs/cifs/ntlmssp.c
@@ -121,6 +121,20 @@ CIFS_SessSetup(unsigned int xid, struct cifsSesInfo *ses, const int type,
121 } 121 }
122 122
123 123
124 /* copy session key */
125
126 /* if Unicode, align strings to two byte boundary */
127
128 /* copy user name */ /* BB Do we need to special case null user name? */
129
130 /* copy domain name */
131
132 /* copy Linux version */
133
134 /* copy network operating system name */
135
136 /* update bcc and smb buffer length */
137
124/* rc = SendReceive2(xid, ses, iov, num_iovecs, &resp_buf_type, 0); */ 138/* rc = SendReceive2(xid, ses, iov, num_iovecs, &resp_buf_type, 0); */
125 /* SMB request buf freed in SendReceive2 */ 139 /* SMB request buf freed in SendReceive2 */
126 140
diff --git a/fs/cifs/readdir.c b/fs/cifs/readdir.c
index 2f6e2825571e..b689c5035124 100644
--- a/fs/cifs/readdir.c
+++ b/fs/cifs/readdir.c
@@ -404,9 +404,7 @@ static int initiate_cifs_search(const int xid, struct file *file)
404 if(pTcon == NULL) 404 if(pTcon == NULL)
405 return -EINVAL; 405 return -EINVAL;
406 406
407 mutex_lock(&file->f_dentry->d_sb->s_vfs_rename_mutex);
408 full_path = build_path_from_dentry(file->f_dentry); 407 full_path = build_path_from_dentry(file->f_dentry);
409 mutex_unlock(&file->f_dentry->d_sb->s_vfs_rename_mutex);
410 408
411 if(full_path == NULL) { 409 if(full_path == NULL) {
412 return -ENOMEM; 410 return -ENOMEM;
@@ -592,6 +590,13 @@ static int find_cifs_entry(const int xid, struct cifsTconInfo *pTcon,
592 first_entry_in_buffer = 590 first_entry_in_buffer =
593 cifsFile->srch_inf.index_of_last_entry - 591 cifsFile->srch_inf.index_of_last_entry -
594 cifsFile->srch_inf.entries_in_buffer; 592 cifsFile->srch_inf.entries_in_buffer;
593
594 /* if first entry in buf is zero then is first buffer
595 in search response data which means it is likely . and ..
596 will be in this buffer, although some servers do not return
597 . and .. for the root of a drive and for those we need
598 to start two entries earlier */
599
595/* dump_cifs_file_struct(file, "In fce ");*/ 600/* dump_cifs_file_struct(file, "In fce ");*/
596 if(((index_to_find < cifsFile->srch_inf.index_of_last_entry) && 601 if(((index_to_find < cifsFile->srch_inf.index_of_last_entry) &&
597 is_dir_changed(file)) || 602 is_dir_changed(file)) ||
@@ -634,23 +639,14 @@ static int find_cifs_entry(const int xid, struct cifsTconInfo *pTcon,
634 char * end_of_smb = cifsFile->srch_inf.ntwrk_buf_start + 639 char * end_of_smb = cifsFile->srch_inf.ntwrk_buf_start +
635 smbCalcSize((struct smb_hdr *) 640 smbCalcSize((struct smb_hdr *)
636 cifsFile->srch_inf.ntwrk_buf_start); 641 cifsFile->srch_inf.ntwrk_buf_start);
642
643 current_entry = cifsFile->srch_inf.srch_entries_start;
637 first_entry_in_buffer = cifsFile->srch_inf.index_of_last_entry 644 first_entry_in_buffer = cifsFile->srch_inf.index_of_last_entry
638 - cifsFile->srch_inf.entries_in_buffer; 645 - cifsFile->srch_inf.entries_in_buffer;
639 pos_in_buf = index_to_find - first_entry_in_buffer; 646 pos_in_buf = index_to_find - first_entry_in_buffer;
640 cFYI(1,("found entry - pos_in_buf %d",pos_in_buf)); 647 cFYI(1,("found entry - pos_in_buf %d",pos_in_buf));
641 current_entry = cifsFile->srch_inf.srch_entries_start;
642 for(i=0;(i<(pos_in_buf)) && (current_entry != NULL);i++) { 648 for(i=0;(i<(pos_in_buf)) && (current_entry != NULL);i++) {
643 /* go entry by entry figuring out which is first */ 649 /* go entry by entry figuring out which is first */
644 /* if( . or ..)
645 skip */
646 rc = cifs_entry_is_dot(current_entry,cifsFile);
647 if(rc == 1) /* is . or .. so skip */ {
648 cFYI(1,("Entry is .")); /* BB removeme BB */
649 /* continue; */
650 } else if (rc == 2 ) {
651 cFYI(1,("Entry is ..")); /* BB removeme BB */
652 /* continue; */
653 }
654 current_entry = nxt_dir_entry(current_entry,end_of_smb); 650 current_entry = nxt_dir_entry(current_entry,end_of_smb);
655 } 651 }
656 if((current_entry == NULL) && (i < pos_in_buf)) { 652 if((current_entry == NULL) && (i < pos_in_buf)) {
@@ -770,6 +766,11 @@ static int cifs_filldir(char *pfindEntry, struct file *file,
770 if(file->f_dentry == NULL) 766 if(file->f_dentry == NULL)
771 return -ENOENT; 767 return -ENOENT;
772 768
769 rc = cifs_entry_is_dot(pfindEntry,pCifsF);
770 /* skip . and .. since we added them first */
771 if(rc != 0)
772 return 0;
773
773 cifs_sb = CIFS_SB(file->f_dentry->d_sb); 774 cifs_sb = CIFS_SB(file->f_dentry->d_sb);
774 775
775 qstring.name = scratch_buf; 776 qstring.name = scratch_buf;
@@ -898,22 +899,22 @@ int cifs_readdir(struct file *file, void *direntry, filldir_t filldir)
898 899
899 switch ((int) file->f_pos) { 900 switch ((int) file->f_pos) {
900 case 0: 901 case 0:
901 /*if (filldir(direntry, ".", 1, file->f_pos, 902 if (filldir(direntry, ".", 1, file->f_pos,
902 file->f_dentry->d_inode->i_ino, DT_DIR) < 0) { 903 file->f_dentry->d_inode->i_ino, DT_DIR) < 0) {
903 cERROR(1, ("Filldir for current dir failed ")); 904 cERROR(1, ("Filldir for current dir failed"));
904 rc = -ENOMEM; 905 rc = -ENOMEM;
905 break; 906 break;
906 } 907 }
907 file->f_pos++; */ 908 file->f_pos++;
908 case 1: 909 case 1:
909 /* if (filldir(direntry, "..", 2, file->f_pos, 910 if (filldir(direntry, "..", 2, file->f_pos,
910 file->f_dentry->d_parent->d_inode->i_ino, DT_DIR) < 0) { 911 file->f_dentry->d_parent->d_inode->i_ino, DT_DIR) < 0) {
911 cERROR(1, ("Filldir for parent dir failed ")); 912 cERROR(1, ("Filldir for parent dir failed "));
912 rc = -ENOMEM; 913 rc = -ENOMEM;
913 break; 914 break;
914 } 915 }
915 file->f_pos++; */ 916 file->f_pos++;
916 case 2: 917 default:
917 /* 1) If search is active, 918 /* 1) If search is active,
918 is in current search buffer? 919 is in current search buffer?
919 if it before then restart search 920 if it before then restart search
@@ -927,7 +928,6 @@ int cifs_readdir(struct file *file, void *direntry, filldir_t filldir)
927 return rc; 928 return rc;
928 } 929 }
929 } 930 }
930 default:
931 if(file->private_data == NULL) { 931 if(file->private_data == NULL) {
932 rc = -EINVAL; 932 rc = -EINVAL;
933 FreeXid(xid); 933 FreeXid(xid);
@@ -947,8 +947,6 @@ int cifs_readdir(struct file *file, void *direntry, filldir_t filldir)
947 kfree(cifsFile->search_resume_name); 947 kfree(cifsFile->search_resume_name);
948 cifsFile->search_resume_name = NULL; */ 948 cifsFile->search_resume_name = NULL; */
949 949
950 /* BB account for . and .. in f_pos as special case */
951
952 rc = find_cifs_entry(xid,pTcon, file, 950 rc = find_cifs_entry(xid,pTcon, file,
953 &current_entry,&num_to_fill); 951 &current_entry,&num_to_fill);
954 if(rc) { 952 if(rc) {
@@ -977,7 +975,8 @@ int cifs_readdir(struct file *file, void *direntry, filldir_t filldir)
977 num_to_fill, i)); 975 num_to_fill, i));
978 break; 976 break;
979 } 977 }
980 978 /* if buggy server returns . and .. late do
979 we want to check for that here? */
981 rc = cifs_filldir(current_entry, file, 980 rc = cifs_filldir(current_entry, file,
982 filldir, direntry,tmp_buf); 981 filldir, direntry,tmp_buf);
983 file->f_pos++; 982 file->f_pos++;
diff --git a/fs/cifs/xattr.c b/fs/cifs/xattr.c
index 3938444d87b2..7754d641775e 100644
--- a/fs/cifs/xattr.c
+++ b/fs/cifs/xattr.c
@@ -62,9 +62,7 @@ int cifs_removexattr(struct dentry * direntry, const char * ea_name)
62 cifs_sb = CIFS_SB(sb); 62 cifs_sb = CIFS_SB(sb);
63 pTcon = cifs_sb->tcon; 63 pTcon = cifs_sb->tcon;
64 64
65 mutex_lock(&sb->s_vfs_rename_mutex);
66 full_path = build_path_from_dentry(direntry); 65 full_path = build_path_from_dentry(direntry);
67 mutex_unlock(&sb->s_vfs_rename_mutex);
68 if(full_path == NULL) { 66 if(full_path == NULL) {
69 FreeXid(xid); 67 FreeXid(xid);
70 return -ENOMEM; 68 return -ENOMEM;
@@ -116,9 +114,7 @@ int cifs_setxattr(struct dentry * direntry, const char * ea_name,
116 cifs_sb = CIFS_SB(sb); 114 cifs_sb = CIFS_SB(sb);
117 pTcon = cifs_sb->tcon; 115 pTcon = cifs_sb->tcon;
118 116
119 mutex_lock(&sb->s_vfs_rename_mutex);
120 full_path = build_path_from_dentry(direntry); 117 full_path = build_path_from_dentry(direntry);
121 mutex_unlock(&sb->s_vfs_rename_mutex);
122 if(full_path == NULL) { 118 if(full_path == NULL) {
123 FreeXid(xid); 119 FreeXid(xid);
124 return -ENOMEM; 120 return -ENOMEM;
@@ -223,9 +219,7 @@ ssize_t cifs_getxattr(struct dentry * direntry, const char * ea_name,
223 cifs_sb = CIFS_SB(sb); 219 cifs_sb = CIFS_SB(sb);
224 pTcon = cifs_sb->tcon; 220 pTcon = cifs_sb->tcon;
225 221
226 mutex_lock(&sb->s_vfs_rename_mutex);
227 full_path = build_path_from_dentry(direntry); 222 full_path = build_path_from_dentry(direntry);
228 mutex_unlock(&sb->s_vfs_rename_mutex);
229 if(full_path == NULL) { 223 if(full_path == NULL) {
230 FreeXid(xid); 224 FreeXid(xid);
231 return -ENOMEM; 225 return -ENOMEM;
@@ -341,9 +335,7 @@ ssize_t cifs_listxattr(struct dentry * direntry, char * data, size_t buf_size)
341 cifs_sb = CIFS_SB(sb); 335 cifs_sb = CIFS_SB(sb);
342 pTcon = cifs_sb->tcon; 336 pTcon = cifs_sb->tcon;
343 337
344 mutex_lock(&sb->s_vfs_rename_mutex);
345 full_path = build_path_from_dentry(direntry); 338 full_path = build_path_from_dentry(direntry);
346 mutex_unlock(&sb->s_vfs_rename_mutex);
347 if(full_path == NULL) { 339 if(full_path == NULL) {
348 FreeXid(xid); 340 FreeXid(xid);
349 return -ENOMEM; 341 return -ENOMEM;
diff --git a/fs/compat.c b/fs/compat.c
index 7f8e26ea427c..b1f64786a613 100644
--- a/fs/compat.c
+++ b/fs/compat.c
@@ -1217,6 +1217,10 @@ static ssize_t compat_do_readv_writev(int type, struct file *file,
1217 if (ret < 0) 1217 if (ret < 0)
1218 goto out; 1218 goto out;
1219 1219
1220 ret = security_file_permission(file, type == READ ? MAY_READ:MAY_WRITE);
1221 if (ret)
1222 goto out;
1223
1220 fnv = NULL; 1224 fnv = NULL;
1221 if (type == READ) { 1225 if (type == READ) {
1222 fn = file->f_op->read; 1226 fn = file->f_op->read;
@@ -1313,6 +1317,26 @@ out:
1313 return ret; 1317 return ret;
1314} 1318}
1315 1319
1320asmlinkage long
1321compat_sys_vmsplice(int fd, const struct compat_iovec __user *iov32,
1322 unsigned int nr_segs, unsigned int flags)
1323{
1324 unsigned i;
1325 struct iovec *iov;
1326 if (nr_segs > UIO_MAXIOV)
1327 return -EINVAL;
1328 iov = compat_alloc_user_space(nr_segs * sizeof(struct iovec));
1329 for (i = 0; i < nr_segs; i++) {
1330 struct compat_iovec v;
1331 if (get_user(v.iov_base, &iov32[i].iov_base) ||
1332 get_user(v.iov_len, &iov32[i].iov_len) ||
1333 put_user(compat_ptr(v.iov_base), &iov[i].iov_base) ||
1334 put_user(v.iov_len, &iov[i].iov_len))
1335 return -EFAULT;
1336 }
1337 return sys_vmsplice(fd, iov, nr_segs, flags);
1338}
1339
1316/* 1340/*
1317 * Exactly like fs/open.c:sys_open(), except that it doesn't set the 1341 * Exactly like fs/open.c:sys_open(), except that it doesn't set the
1318 * O_LARGEFILE flag. 1342 * O_LARGEFILE flag.
@@ -1889,7 +1913,7 @@ asmlinkage long compat_sys_ppoll(struct pollfd __user *ufds,
1889 } 1913 }
1890 1914
1891 if (sigmask) { 1915 if (sigmask) {
1892 if (sigsetsize |= sizeof(compat_sigset_t)) 1916 if (sigsetsize != sizeof(compat_sigset_t))
1893 return -EINVAL; 1917 return -EINVAL;
1894 if (copy_from_user(&ss32, sigmask, sizeof(ss32))) 1918 if (copy_from_user(&ss32, sigmask, sizeof(ss32)))
1895 return -EFAULT; 1919 return -EFAULT;
@@ -2006,109 +2030,115 @@ union compat_nfsctl_res {
2006 struct knfsd_fh cr32_getfs; 2030 struct knfsd_fh cr32_getfs;
2007}; 2031};
2008 2032
2009static int compat_nfs_svc_trans(struct nfsctl_arg *karg, struct compat_nfsctl_arg __user *arg) 2033static int compat_nfs_svc_trans(struct nfsctl_arg *karg,
2034 struct compat_nfsctl_arg __user *arg)
2010{ 2035{
2011 int err; 2036 if (!access_ok(VERIFY_READ, &arg->ca32_svc, sizeof(arg->ca32_svc)) ||
2012 2037 get_user(karg->ca_version, &arg->ca32_version) ||
2013 err = access_ok(VERIFY_READ, &arg->ca32_svc, sizeof(arg->ca32_svc)); 2038 __get_user(karg->ca_svc.svc_port, &arg->ca32_svc.svc32_port) ||
2014 err |= get_user(karg->ca_version, &arg->ca32_version); 2039 __get_user(karg->ca_svc.svc_nthreads,
2015 err |= __get_user(karg->ca_svc.svc_port, &arg->ca32_svc.svc32_port); 2040 &arg->ca32_svc.svc32_nthreads))
2016 err |= __get_user(karg->ca_svc.svc_nthreads, &arg->ca32_svc.svc32_nthreads); 2041 return -EFAULT;
2017 return (err) ? -EFAULT : 0; 2042 return 0;
2018} 2043}
2019 2044
2020static int compat_nfs_clnt_trans(struct nfsctl_arg *karg, struct compat_nfsctl_arg __user *arg) 2045static int compat_nfs_clnt_trans(struct nfsctl_arg *karg,
2046 struct compat_nfsctl_arg __user *arg)
2021{ 2047{
2022 int err; 2048 if (!access_ok(VERIFY_READ, &arg->ca32_client,
2023 2049 sizeof(arg->ca32_client)) ||
2024 err = access_ok(VERIFY_READ, &arg->ca32_client, sizeof(arg->ca32_client)); 2050 get_user(karg->ca_version, &arg->ca32_version) ||
2025 err |= get_user(karg->ca_version, &arg->ca32_version); 2051 __copy_from_user(&karg->ca_client.cl_ident[0],
2026 err |= __copy_from_user(&karg->ca_client.cl_ident[0], 2052 &arg->ca32_client.cl32_ident[0],
2027 &arg->ca32_client.cl32_ident[0], 2053 NFSCLNT_IDMAX) ||
2028 NFSCLNT_IDMAX); 2054 __get_user(karg->ca_client.cl_naddr,
2029 err |= __get_user(karg->ca_client.cl_naddr, &arg->ca32_client.cl32_naddr); 2055 &arg->ca32_client.cl32_naddr) ||
2030 err |= __copy_from_user(&karg->ca_client.cl_addrlist[0], 2056 __copy_from_user(&karg->ca_client.cl_addrlist[0],
2031 &arg->ca32_client.cl32_addrlist[0], 2057 &arg->ca32_client.cl32_addrlist[0],
2032 (sizeof(struct in_addr) * NFSCLNT_ADDRMAX)); 2058 (sizeof(struct in_addr) * NFSCLNT_ADDRMAX)) ||
2033 err |= __get_user(karg->ca_client.cl_fhkeytype, 2059 __get_user(karg->ca_client.cl_fhkeytype,
2034 &arg->ca32_client.cl32_fhkeytype); 2060 &arg->ca32_client.cl32_fhkeytype) ||
2035 err |= __get_user(karg->ca_client.cl_fhkeylen, 2061 __get_user(karg->ca_client.cl_fhkeylen,
2036 &arg->ca32_client.cl32_fhkeylen); 2062 &arg->ca32_client.cl32_fhkeylen) ||
2037 err |= __copy_from_user(&karg->ca_client.cl_fhkey[0], 2063 __copy_from_user(&karg->ca_client.cl_fhkey[0],
2038 &arg->ca32_client.cl32_fhkey[0], 2064 &arg->ca32_client.cl32_fhkey[0],
2039 NFSCLNT_KEYMAX); 2065 NFSCLNT_KEYMAX))
2066 return -EFAULT;
2040 2067
2041 return (err) ? -EFAULT : 0; 2068 return 0;
2042} 2069}
2043 2070
2044static int compat_nfs_exp_trans(struct nfsctl_arg *karg, struct compat_nfsctl_arg __user *arg) 2071static int compat_nfs_exp_trans(struct nfsctl_arg *karg,
2072 struct compat_nfsctl_arg __user *arg)
2045{ 2073{
2046 int err; 2074 if (!access_ok(VERIFY_READ, &arg->ca32_export,
2047 2075 sizeof(arg->ca32_export)) ||
2048 err = access_ok(VERIFY_READ, &arg->ca32_export, sizeof(arg->ca32_export)); 2076 get_user(karg->ca_version, &arg->ca32_version) ||
2049 err |= get_user(karg->ca_version, &arg->ca32_version); 2077 __copy_from_user(&karg->ca_export.ex_client[0],
2050 err |= __copy_from_user(&karg->ca_export.ex_client[0], 2078 &arg->ca32_export.ex32_client[0],
2051 &arg->ca32_export.ex32_client[0], 2079 NFSCLNT_IDMAX) ||
2052 NFSCLNT_IDMAX); 2080 __copy_from_user(&karg->ca_export.ex_path[0],
2053 err |= __copy_from_user(&karg->ca_export.ex_path[0], 2081 &arg->ca32_export.ex32_path[0],
2054 &arg->ca32_export.ex32_path[0], 2082 NFS_MAXPATHLEN) ||
2055 NFS_MAXPATHLEN); 2083 __get_user(karg->ca_export.ex_dev,
2056 err |= __get_user(karg->ca_export.ex_dev, 2084 &arg->ca32_export.ex32_dev) ||
2057 &arg->ca32_export.ex32_dev); 2085 __get_user(karg->ca_export.ex_ino,
2058 err |= __get_user(karg->ca_export.ex_ino, 2086 &arg->ca32_export.ex32_ino) ||
2059 &arg->ca32_export.ex32_ino); 2087 __get_user(karg->ca_export.ex_flags,
2060 err |= __get_user(karg->ca_export.ex_flags, 2088 &arg->ca32_export.ex32_flags) ||
2061 &arg->ca32_export.ex32_flags); 2089 __get_user(karg->ca_export.ex_anon_uid,
2062 err |= __get_user(karg->ca_export.ex_anon_uid, 2090 &arg->ca32_export.ex32_anon_uid) ||
2063 &arg->ca32_export.ex32_anon_uid); 2091 __get_user(karg->ca_export.ex_anon_gid,
2064 err |= __get_user(karg->ca_export.ex_anon_gid, 2092 &arg->ca32_export.ex32_anon_gid))
2065 &arg->ca32_export.ex32_anon_gid); 2093 return -EFAULT;
2066 SET_UID(karg->ca_export.ex_anon_uid, karg->ca_export.ex_anon_uid); 2094 SET_UID(karg->ca_export.ex_anon_uid, karg->ca_export.ex_anon_uid);
2067 SET_GID(karg->ca_export.ex_anon_gid, karg->ca_export.ex_anon_gid); 2095 SET_GID(karg->ca_export.ex_anon_gid, karg->ca_export.ex_anon_gid);
2068 2096
2069 return (err) ? -EFAULT : 0; 2097 return 0;
2070} 2098}
2071 2099
2072static int compat_nfs_getfd_trans(struct nfsctl_arg *karg, struct compat_nfsctl_arg __user *arg) 2100static int compat_nfs_getfd_trans(struct nfsctl_arg *karg,
2101 struct compat_nfsctl_arg __user *arg)
2073{ 2102{
2074 int err; 2103 if (!access_ok(VERIFY_READ, &arg->ca32_getfd,
2075 2104 sizeof(arg->ca32_getfd)) ||
2076 err = access_ok(VERIFY_READ, &arg->ca32_getfd, sizeof(arg->ca32_getfd)); 2105 get_user(karg->ca_version, &arg->ca32_version) ||
2077 err |= get_user(karg->ca_version, &arg->ca32_version); 2106 __copy_from_user(&karg->ca_getfd.gd_addr,
2078 err |= __copy_from_user(&karg->ca_getfd.gd_addr, 2107 &arg->ca32_getfd.gd32_addr,
2079 &arg->ca32_getfd.gd32_addr, 2108 (sizeof(struct sockaddr))) ||
2080 (sizeof(struct sockaddr))); 2109 __copy_from_user(&karg->ca_getfd.gd_path,
2081 err |= __copy_from_user(&karg->ca_getfd.gd_path, 2110 &arg->ca32_getfd.gd32_path,
2082 &arg->ca32_getfd.gd32_path, 2111 (NFS_MAXPATHLEN+1)) ||
2083 (NFS_MAXPATHLEN+1)); 2112 __get_user(karg->ca_getfd.gd_version,
2084 err |= __get_user(karg->ca_getfd.gd_version, 2113 &arg->ca32_getfd.gd32_version))
2085 &arg->ca32_getfd.gd32_version); 2114 return -EFAULT;
2086 2115
2087 return (err) ? -EFAULT : 0; 2116 return 0;
2088} 2117}
2089 2118
2090static int compat_nfs_getfs_trans(struct nfsctl_arg *karg, struct compat_nfsctl_arg __user *arg) 2119static int compat_nfs_getfs_trans(struct nfsctl_arg *karg,
2120 struct compat_nfsctl_arg __user *arg)
2091{ 2121{
2092 int err; 2122 if (!access_ok(VERIFY_READ,&arg->ca32_getfs,sizeof(arg->ca32_getfs)) ||
2093 2123 get_user(karg->ca_version, &arg->ca32_version) ||
2094 err = access_ok(VERIFY_READ, &arg->ca32_getfs, sizeof(arg->ca32_getfs)); 2124 __copy_from_user(&karg->ca_getfs.gd_addr,
2095 err |= get_user(karg->ca_version, &arg->ca32_version); 2125 &arg->ca32_getfs.gd32_addr,
2096 err |= __copy_from_user(&karg->ca_getfs.gd_addr, 2126 (sizeof(struct sockaddr))) ||
2097 &arg->ca32_getfs.gd32_addr, 2127 __copy_from_user(&karg->ca_getfs.gd_path,
2098 (sizeof(struct sockaddr))); 2128 &arg->ca32_getfs.gd32_path,
2099 err |= __copy_from_user(&karg->ca_getfs.gd_path, 2129 (NFS_MAXPATHLEN+1)) ||
2100 &arg->ca32_getfs.gd32_path, 2130 __get_user(karg->ca_getfs.gd_maxlen,
2101 (NFS_MAXPATHLEN+1)); 2131 &arg->ca32_getfs.gd32_maxlen))
2102 err |= __get_user(karg->ca_getfs.gd_maxlen, 2132 return -EFAULT;
2103 &arg->ca32_getfs.gd32_maxlen);
2104 2133
2105 return (err) ? -EFAULT : 0; 2134 return 0;
2106} 2135}
2107 2136
2108/* This really doesn't need translations, we are only passing 2137/* This really doesn't need translations, we are only passing
2109 * back a union which contains opaque nfs file handle data. 2138 * back a union which contains opaque nfs file handle data.
2110 */ 2139 */
2111static int compat_nfs_getfh_res_trans(union nfsctl_res *kres, union compat_nfsctl_res __user *res) 2140static int compat_nfs_getfh_res_trans(union nfsctl_res *kres,
2141 union compat_nfsctl_res __user *res)
2112{ 2142{
2113 int err; 2143 int err;
2114 2144
@@ -2117,8 +2147,9 @@ static int compat_nfs_getfh_res_trans(union nfsctl_res *kres, union compat_nfsct
2117 return (err) ? -EFAULT : 0; 2147 return (err) ? -EFAULT : 0;
2118} 2148}
2119 2149
2120asmlinkage long compat_sys_nfsservctl(int cmd, struct compat_nfsctl_arg __user *arg, 2150asmlinkage long compat_sys_nfsservctl(int cmd,
2121 union compat_nfsctl_res __user *res) 2151 struct compat_nfsctl_arg __user *arg,
2152 union compat_nfsctl_res __user *res)
2122{ 2153{
2123 struct nfsctl_arg *karg; 2154 struct nfsctl_arg *karg;
2124 union nfsctl_res *kres; 2155 union nfsctl_res *kres;
diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c
index 5638c8f9362f..5f952187fc53 100644
--- a/fs/configfs/dir.c
+++ b/fs/configfs/dir.c
@@ -505,13 +505,15 @@ static int populate_groups(struct config_group *group)
505 int i; 505 int i;
506 506
507 if (group->default_groups) { 507 if (group->default_groups) {
508 /* FYI, we're faking mkdir here 508 /*
509 * FYI, we're faking mkdir here
509 * I'm not sure we need this semaphore, as we're called 510 * I'm not sure we need this semaphore, as we're called
510 * from our parent's mkdir. That holds our parent's 511 * from our parent's mkdir. That holds our parent's
511 * i_mutex, so afaik lookup cannot continue through our 512 * i_mutex, so afaik lookup cannot continue through our
512 * parent to find us, let alone mess with our tree. 513 * parent to find us, let alone mess with our tree.
513 * That said, taking our i_mutex is closer to mkdir 514 * That said, taking our i_mutex is closer to mkdir
514 * emulation, and shouldn't hurt. */ 515 * emulation, and shouldn't hurt.
516 */
515 mutex_lock(&dentry->d_inode->i_mutex); 517 mutex_lock(&dentry->d_inode->i_mutex);
516 518
517 for (i = 0; group->default_groups[i]; i++) { 519 for (i = 0; group->default_groups[i]; i++) {
@@ -546,20 +548,34 @@ static void unlink_obj(struct config_item *item)
546 548
547 item->ci_group = NULL; 549 item->ci_group = NULL;
548 item->ci_parent = NULL; 550 item->ci_parent = NULL;
551
552 /* Drop the reference for ci_entry */
549 config_item_put(item); 553 config_item_put(item);
550 554
555 /* Drop the reference for ci_parent */
551 config_group_put(group); 556 config_group_put(group);
552 } 557 }
553} 558}
554 559
555static void link_obj(struct config_item *parent_item, struct config_item *item) 560static void link_obj(struct config_item *parent_item, struct config_item *item)
556{ 561{
557 /* Parent seems redundant with group, but it makes certain 562 /*
558 * traversals much nicer. */ 563 * Parent seems redundant with group, but it makes certain
564 * traversals much nicer.
565 */
559 item->ci_parent = parent_item; 566 item->ci_parent = parent_item;
567
568 /*
569 * We hold a reference on the parent for the child's ci_parent
570 * link.
571 */
560 item->ci_group = config_group_get(to_config_group(parent_item)); 572 item->ci_group = config_group_get(to_config_group(parent_item));
561 list_add_tail(&item->ci_entry, &item->ci_group->cg_children); 573 list_add_tail(&item->ci_entry, &item->ci_group->cg_children);
562 574
575 /*
576 * We hold a reference on the child for ci_entry on the parent's
577 * cg_children
578 */
563 config_item_get(item); 579 config_item_get(item);
564} 580}
565 581
@@ -684,6 +700,10 @@ static void client_drop_item(struct config_item *parent_item,
684 type = parent_item->ci_type; 700 type = parent_item->ci_type;
685 BUG_ON(!type); 701 BUG_ON(!type);
686 702
703 /*
704 * If ->drop_item() exists, it is responsible for the
705 * config_item_put().
706 */
687 if (type->ct_group_ops && type->ct_group_ops->drop_item) 707 if (type->ct_group_ops && type->ct_group_ops->drop_item)
688 type->ct_group_ops->drop_item(to_config_group(parent_item), 708 type->ct_group_ops->drop_item(to_config_group(parent_item),
689 item); 709 item);
@@ -694,23 +714,28 @@ static void client_drop_item(struct config_item *parent_item,
694 714
695static int configfs_mkdir(struct inode *dir, struct dentry *dentry, int mode) 715static int configfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
696{ 716{
697 int ret; 717 int ret, module_got = 0;
698 struct config_group *group; 718 struct config_group *group;
699 struct config_item *item; 719 struct config_item *item;
700 struct config_item *parent_item; 720 struct config_item *parent_item;
701 struct configfs_subsystem *subsys; 721 struct configfs_subsystem *subsys;
702 struct configfs_dirent *sd; 722 struct configfs_dirent *sd;
703 struct config_item_type *type; 723 struct config_item_type *type;
704 struct module *owner; 724 struct module *owner = NULL;
705 char *name; 725 char *name;
706 726
707 if (dentry->d_parent == configfs_sb->s_root) 727 if (dentry->d_parent == configfs_sb->s_root) {
708 return -EPERM; 728 ret = -EPERM;
729 goto out;
730 }
709 731
710 sd = dentry->d_parent->d_fsdata; 732 sd = dentry->d_parent->d_fsdata;
711 if (!(sd->s_type & CONFIGFS_USET_DIR)) 733 if (!(sd->s_type & CONFIGFS_USET_DIR)) {
712 return -EPERM; 734 ret = -EPERM;
735 goto out;
736 }
713 737
738 /* Get a working ref for the duration of this function */
714 parent_item = configfs_get_config_item(dentry->d_parent); 739 parent_item = configfs_get_config_item(dentry->d_parent);
715 type = parent_item->ci_type; 740 type = parent_item->ci_type;
716 subsys = to_config_group(parent_item)->cg_subsys; 741 subsys = to_config_group(parent_item)->cg_subsys;
@@ -719,15 +744,16 @@ static int configfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
719 if (!type || !type->ct_group_ops || 744 if (!type || !type->ct_group_ops ||
720 (!type->ct_group_ops->make_group && 745 (!type->ct_group_ops->make_group &&
721 !type->ct_group_ops->make_item)) { 746 !type->ct_group_ops->make_item)) {
722 config_item_put(parent_item); 747 ret = -EPERM; /* Lack-of-mkdir returns -EPERM */
723 return -EPERM; /* What lack-of-mkdir returns */ 748 goto out_put;
724 } 749 }
725 750
726 name = kmalloc(dentry->d_name.len + 1, GFP_KERNEL); 751 name = kmalloc(dentry->d_name.len + 1, GFP_KERNEL);
727 if (!name) { 752 if (!name) {
728 config_item_put(parent_item); 753 ret = -ENOMEM;
729 return -ENOMEM; 754 goto out_put;
730 } 755 }
756
731 snprintf(name, dentry->d_name.len + 1, "%s", dentry->d_name.name); 757 snprintf(name, dentry->d_name.len + 1, "%s", dentry->d_name.name);
732 758
733 down(&subsys->su_sem); 759 down(&subsys->su_sem);
@@ -748,40 +774,67 @@ static int configfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
748 774
749 kfree(name); 775 kfree(name);
750 if (!item) { 776 if (!item) {
751 config_item_put(parent_item); 777 /*
752 return -ENOMEM; 778 * If item == NULL, then link_obj() was never called.
779 * There are no extra references to clean up.
780 */
781 ret = -ENOMEM;
782 goto out_put;
753 } 783 }
754 784
755 ret = -EINVAL; 785 /*
786 * link_obj() has been called (via link_group() for groups).
787 * From here on out, errors must clean that up.
788 */
789
756 type = item->ci_type; 790 type = item->ci_type;
757 if (type) { 791 if (!type) {
758 owner = type->ct_owner; 792 ret = -EINVAL;
759 if (try_module_get(owner)) { 793 goto out_unlink;
760 if (group) { 794 }
761 ret = configfs_attach_group(parent_item,
762 item,
763 dentry);
764 } else {
765 ret = configfs_attach_item(parent_item,
766 item,
767 dentry);
768 }
769 795
770 if (ret) { 796 owner = type->ct_owner;
771 down(&subsys->su_sem); 797 if (!try_module_get(owner)) {
772 if (group) 798 ret = -EINVAL;
773 unlink_group(group); 799 goto out_unlink;
774 else 800 }
775 unlink_obj(item);
776 client_drop_item(parent_item, item);
777 up(&subsys->su_sem);
778 801
779 config_item_put(parent_item); 802 /*
780 module_put(owner); 803 * I hate doing it this way, but if there is
781 } 804 * an error, module_put() probably should
782 } 805 * happen after any cleanup.
806 */
807 module_got = 1;
808
809 if (group)
810 ret = configfs_attach_group(parent_item, item, dentry);
811 else
812 ret = configfs_attach_item(parent_item, item, dentry);
813
814out_unlink:
815 if (ret) {
816 /* Tear down everything we built up */
817 down(&subsys->su_sem);
818 if (group)
819 unlink_group(group);
820 else
821 unlink_obj(item);
822 client_drop_item(parent_item, item);
823 up(&subsys->su_sem);
824
825 if (module_got)
826 module_put(owner);
783 } 827 }
784 828
829out_put:
830 /*
831 * link_obj()/link_group() took a reference from child->parent,
832 * so the parent is safely pinned. We can drop our working
833 * reference.
834 */
835 config_item_put(parent_item);
836
837out:
785 return ret; 838 return ret;
786} 839}
787 840
@@ -801,6 +854,7 @@ static int configfs_rmdir(struct inode *dir, struct dentry *dentry)
801 if (sd->s_type & CONFIGFS_USET_DEFAULT) 854 if (sd->s_type & CONFIGFS_USET_DEFAULT)
802 return -EPERM; 855 return -EPERM;
803 856
857 /* Get a working ref until we have the child */
804 parent_item = configfs_get_config_item(dentry->d_parent); 858 parent_item = configfs_get_config_item(dentry->d_parent);
805 subsys = to_config_group(parent_item)->cg_subsys; 859 subsys = to_config_group(parent_item)->cg_subsys;
806 BUG_ON(!subsys); 860 BUG_ON(!subsys);
@@ -817,6 +871,7 @@ static int configfs_rmdir(struct inode *dir, struct dentry *dentry)
817 return ret; 871 return ret;
818 } 872 }
819 873
874 /* Get a working ref for the duration of this function */
820 item = configfs_get_config_item(dentry); 875 item = configfs_get_config_item(dentry);
821 876
822 /* Drop reference from above, item already holds one. */ 877 /* Drop reference from above, item already holds one. */
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
index 85d166cdcae4..b55b4ea9a676 100644
--- a/fs/debugfs/inode.c
+++ b/fs/debugfs/inode.c
@@ -67,12 +67,13 @@ static struct inode *debugfs_get_inode(struct super_block *sb, int mode, dev_t d
67static int debugfs_mknod(struct inode *dir, struct dentry *dentry, 67static int debugfs_mknod(struct inode *dir, struct dentry *dentry,
68 int mode, dev_t dev) 68 int mode, dev_t dev)
69{ 69{
70 struct inode *inode = debugfs_get_inode(dir->i_sb, mode, dev); 70 struct inode *inode;
71 int error = -EPERM; 71 int error = -EPERM;
72 72
73 if (dentry->d_inode) 73 if (dentry->d_inode)
74 return -EEXIST; 74 return -EEXIST;
75 75
76 inode = debugfs_get_inode(dir->i_sb, mode, dev);
76 if (inode) { 77 if (inode) {
77 d_instantiate(dentry, inode); 78 d_instantiate(dentry, inode);
78 dget(dentry); 79 dget(dentry);
diff --git a/fs/exportfs/expfs.c b/fs/exportfs/expfs.c
index b06b54f1bbbb..4c39009350f3 100644
--- a/fs/exportfs/expfs.c
+++ b/fs/exportfs/expfs.c
@@ -102,7 +102,7 @@ find_exported_dentry(struct super_block *sb, void *obj, void *parent,
102 if (acceptable(context, result)) 102 if (acceptable(context, result))
103 return result; 103 return result;
104 if (S_ISDIR(result->d_inode->i_mode)) { 104 if (S_ISDIR(result->d_inode->i_mode)) {
105 /* there is no other dentry, so fail */ 105 err = -EACCES;
106 goto err_result; 106 goto err_result;
107 } 107 }
108 108
diff --git a/fs/ext3/inode.c b/fs/ext3/inode.c
index 48ae0339af17..2edd7eec88fd 100644
--- a/fs/ext3/inode.c
+++ b/fs/ext3/inode.c
@@ -711,7 +711,7 @@ static int ext3_splice_branch(handle_t *handle, struct inode *inode,
711 * direct blocks blocks 711 * direct blocks blocks
712 */ 712 */
713 if (num == 0 && blks > 1) { 713 if (num == 0 && blks > 1) {
714 current_block = le32_to_cpu(where->key + 1); 714 current_block = le32_to_cpu(where->key) + 1;
715 for (i = 1; i < blks; i++) 715 for (i = 1; i < blks; i++)
716 *(where->p + i ) = cpu_to_le32(current_block++); 716 *(where->p + i ) = cpu_to_le32(current_block++);
717 } 717 }
@@ -724,7 +724,7 @@ static int ext3_splice_branch(handle_t *handle, struct inode *inode,
724 if (block_i) { 724 if (block_i) {
725 block_i->last_alloc_logical_block = block + blks - 1; 725 block_i->last_alloc_logical_block = block + blks - 1;
726 block_i->last_alloc_physical_block = 726 block_i->last_alloc_physical_block =
727 le32_to_cpu(where[num].key + blks - 1); 727 le32_to_cpu(where[num].key) + blks - 1;
728 } 728 }
729 729
730 /* We are done with atomic stuff, now do the rest of housekeeping */ 730 /* We are done with atomic stuff, now do the rest of housekeeping */
@@ -814,11 +814,13 @@ int ext3_get_blocks_handle(handle_t *handle, struct inode *inode,
814 814
815 /* Simplest case - block found, no allocation needed */ 815 /* Simplest case - block found, no allocation needed */
816 if (!partial) { 816 if (!partial) {
817 first_block = chain[depth - 1].key; 817 first_block = le32_to_cpu(chain[depth - 1].key);
818 clear_buffer_new(bh_result); 818 clear_buffer_new(bh_result);
819 count++; 819 count++;
820 /*map more blocks*/ 820 /*map more blocks*/
821 while (count < maxblocks && count <= blocks_to_boundary) { 821 while (count < maxblocks && count <= blocks_to_boundary) {
822 unsigned long blk;
823
822 if (!verify_chain(chain, partial)) { 824 if (!verify_chain(chain, partial)) {
823 /* 825 /*
824 * Indirect block might be removed by 826 * Indirect block might be removed by
@@ -831,8 +833,9 @@ int ext3_get_blocks_handle(handle_t *handle, struct inode *inode,
831 count = 0; 833 count = 0;
832 break; 834 break;
833 } 835 }
834 if (le32_to_cpu(*(chain[depth-1].p+count) == 836 blk = le32_to_cpu(*(chain[depth-1].p + count));
835 (first_block + count))) 837
838 if (blk == first_block + count)
836 count++; 839 count++;
837 else 840 else
838 break; 841 break;
diff --git a/fs/ext3/ioctl.c b/fs/ext3/ioctl.c
index aaf1da17b6d4..8c22aa9a7fbb 100644
--- a/fs/ext3/ioctl.c
+++ b/fs/ext3/ioctl.c
@@ -48,6 +48,7 @@ int ext3_ioctl (struct inode * inode, struct file * filp, unsigned int cmd,
48 if (!S_ISDIR(inode->i_mode)) 48 if (!S_ISDIR(inode->i_mode))
49 flags &= ~EXT3_DIRSYNC_FL; 49 flags &= ~EXT3_DIRSYNC_FL;
50 50
51 mutex_lock(&inode->i_mutex);
51 oldflags = ei->i_flags; 52 oldflags = ei->i_flags;
52 53
53 /* The JOURNAL_DATA flag is modifiable only by root */ 54 /* The JOURNAL_DATA flag is modifiable only by root */
@@ -60,8 +61,10 @@ int ext3_ioctl (struct inode * inode, struct file * filp, unsigned int cmd,
60 * This test looks nicer. Thanks to Pauline Middelink 61 * This test looks nicer. Thanks to Pauline Middelink
61 */ 62 */
62 if ((flags ^ oldflags) & (EXT3_APPEND_FL | EXT3_IMMUTABLE_FL)) { 63 if ((flags ^ oldflags) & (EXT3_APPEND_FL | EXT3_IMMUTABLE_FL)) {
63 if (!capable(CAP_LINUX_IMMUTABLE)) 64 if (!capable(CAP_LINUX_IMMUTABLE)) {
65 mutex_unlock(&inode->i_mutex);
64 return -EPERM; 66 return -EPERM;
67 }
65 } 68 }
66 69
67 /* 70 /*
@@ -69,14 +72,18 @@ int ext3_ioctl (struct inode * inode, struct file * filp, unsigned int cmd,
69 * the relevant capability. 72 * the relevant capability.
70 */ 73 */
71 if ((jflag ^ oldflags) & (EXT3_JOURNAL_DATA_FL)) { 74 if ((jflag ^ oldflags) & (EXT3_JOURNAL_DATA_FL)) {
72 if (!capable(CAP_SYS_RESOURCE)) 75 if (!capable(CAP_SYS_RESOURCE)) {
76 mutex_unlock(&inode->i_mutex);
73 return -EPERM; 77 return -EPERM;
78 }
74 } 79 }
75 80
76 81
77 handle = ext3_journal_start(inode, 1); 82 handle = ext3_journal_start(inode, 1);
78 if (IS_ERR(handle)) 83 if (IS_ERR(handle)) {
84 mutex_unlock(&inode->i_mutex);
79 return PTR_ERR(handle); 85 return PTR_ERR(handle);
86 }
80 if (IS_SYNC(inode)) 87 if (IS_SYNC(inode))
81 handle->h_sync = 1; 88 handle->h_sync = 1;
82 err = ext3_reserve_inode_write(handle, inode, &iloc); 89 err = ext3_reserve_inode_write(handle, inode, &iloc);
@@ -93,11 +100,14 @@ int ext3_ioctl (struct inode * inode, struct file * filp, unsigned int cmd,
93 err = ext3_mark_iloc_dirty(handle, inode, &iloc); 100 err = ext3_mark_iloc_dirty(handle, inode, &iloc);
94flags_err: 101flags_err:
95 ext3_journal_stop(handle); 102 ext3_journal_stop(handle);
96 if (err) 103 if (err) {
104 mutex_unlock(&inode->i_mutex);
97 return err; 105 return err;
106 }
98 107
99 if ((jflag ^ oldflags) & (EXT3_JOURNAL_DATA_FL)) 108 if ((jflag ^ oldflags) & (EXT3_JOURNAL_DATA_FL))
100 err = ext3_change_inode_journal_flag(inode, jflag); 109 err = ext3_change_inode_journal_flag(inode, jflag);
110 mutex_unlock(&inode->i_mutex);
101 return err; 111 return err;
102 } 112 }
103 case EXT3_IOC_GETVERSION: 113 case EXT3_IOC_GETVERSION:
diff --git a/fs/ext3/resize.c b/fs/ext3/resize.c
index c5ffa8523968..34b39e9a1e5a 100644
--- a/fs/ext3/resize.c
+++ b/fs/ext3/resize.c
@@ -213,7 +213,7 @@ static int setup_new_group_blocks(struct super_block *sb,
213 goto exit_bh; 213 goto exit_bh;
214 } 214 }
215 lock_buffer(bh); 215 lock_buffer(bh);
216 memcpy(gdb->b_data, sbi->s_group_desc[i], bh->b_size); 216 memcpy(gdb->b_data, sbi->s_group_desc[i]->b_data, bh->b_size);
217 set_buffer_uptodate(gdb); 217 set_buffer_uptodate(gdb);
218 unlock_buffer(bh); 218 unlock_buffer(bh);
219 ext3_journal_dirty_metadata(handle, gdb); 219 ext3_journal_dirty_metadata(handle, gdb);
@@ -767,7 +767,6 @@ int ext3_group_add(struct super_block *sb, struct ext3_new_group_data *input)
767 if (input->group != sbi->s_groups_count) { 767 if (input->group != sbi->s_groups_count) {
768 ext3_warning(sb, __FUNCTION__, 768 ext3_warning(sb, __FUNCTION__,
769 "multiple resizers run on filesystem!"); 769 "multiple resizers run on filesystem!");
770 unlock_super(sb);
771 err = -EBUSY; 770 err = -EBUSY;
772 goto exit_journal; 771 goto exit_journal;
773 } 772 }
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index cc750c68fe70..104a62dadb94 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -128,14 +128,24 @@ void fuse_put_request(struct fuse_conn *fc, struct fuse_req *req)
128 } 128 }
129} 129}
130 130
131void fuse_remove_background(struct fuse_conn *fc, struct fuse_req *req) 131/*
132 * Called with sbput_sem held for read (request_end) or write
133 * (fuse_put_super). By the time fuse_put_super() is finished, all
134 * inodes belonging to background requests must be released, so the
135 * iputs have to be done within the locked region.
136 */
137void fuse_release_background(struct fuse_conn *fc, struct fuse_req *req)
132{ 138{
133 list_del_init(&req->bg_entry); 139 iput(req->inode);
140 iput(req->inode2);
141 spin_lock(&fc->lock);
142 list_del(&req->bg_entry);
134 if (fc->num_background == FUSE_MAX_BACKGROUND) { 143 if (fc->num_background == FUSE_MAX_BACKGROUND) {
135 fc->blocked = 0; 144 fc->blocked = 0;
136 wake_up_all(&fc->blocked_waitq); 145 wake_up_all(&fc->blocked_waitq);
137 } 146 }
138 fc->num_background--; 147 fc->num_background--;
148 spin_unlock(&fc->lock);
139} 149}
140 150
141/* 151/*
@@ -165,27 +175,22 @@ static void request_end(struct fuse_conn *fc, struct fuse_req *req)
165 wake_up(&req->waitq); 175 wake_up(&req->waitq);
166 fuse_put_request(fc, req); 176 fuse_put_request(fc, req);
167 } else { 177 } else {
168 struct inode *inode = req->inode;
169 struct inode *inode2 = req->inode2;
170 struct file *file = req->file;
171 void (*end) (struct fuse_conn *, struct fuse_req *) = req->end; 178 void (*end) (struct fuse_conn *, struct fuse_req *) = req->end;
172 req->end = NULL; 179 req->end = NULL;
173 req->inode = NULL;
174 req->inode2 = NULL;
175 req->file = NULL;
176 if (!list_empty(&req->bg_entry))
177 fuse_remove_background(fc, req);
178 spin_unlock(&fc->lock); 180 spin_unlock(&fc->lock);
181 down_read(&fc->sbput_sem);
182 if (fc->mounted)
183 fuse_release_background(fc, req);
184 up_read(&fc->sbput_sem);
185
186 /* fput must go outside sbput_sem, otherwise it can deadlock */
187 if (req->file)
188 fput(req->file);
179 189
180 if (end) 190 if (end)
181 end(fc, req); 191 end(fc, req);
182 else 192 else
183 fuse_put_request(fc, req); 193 fuse_put_request(fc, req);
184
185 if (file)
186 fput(file);
187 iput(inode);
188 iput(inode2);
189 } 194 }
190} 195}
191 196
diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
index 59661c481d9d..0474202cb5dc 100644
--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -258,9 +258,15 @@ struct fuse_conn {
258 /** waitq for blocked connection */ 258 /** waitq for blocked connection */
259 wait_queue_head_t blocked_waitq; 259 wait_queue_head_t blocked_waitq;
260 260
261 /** RW semaphore for exclusion with fuse_put_super() */
262 struct rw_semaphore sbput_sem;
263
261 /** The next unique request id */ 264 /** The next unique request id */
262 u64 reqctr; 265 u64 reqctr;
263 266
267 /** Mount is active */
268 unsigned mounted;
269
264 /** Connection established, cleared on umount, connection 270 /** Connection established, cleared on umount, connection
265 abort and device release */ 271 abort and device release */
266 unsigned connected; 272 unsigned connected;
@@ -471,11 +477,11 @@ void request_send_noreply(struct fuse_conn *fc, struct fuse_req *req);
471void request_send_background(struct fuse_conn *fc, struct fuse_req *req); 477void request_send_background(struct fuse_conn *fc, struct fuse_req *req);
472 478
473/** 479/**
474 * Remove request from the the background list 480 * Release inodes and file associated with background request
475 */ 481 */
476void fuse_remove_background(struct fuse_conn *fc, struct fuse_req *req); 482void fuse_release_background(struct fuse_conn *fc, struct fuse_req *req);
477 483
478/** Abort all requests */ 484/* Abort all requests */
479void fuse_abort_conn(struct fuse_conn *fc); 485void fuse_abort_conn(struct fuse_conn *fc);
480 486
481/** 487/**
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 43a6fc0db8a7..7627022446b2 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -204,26 +204,17 @@ static void fuse_put_super(struct super_block *sb)
204{ 204{
205 struct fuse_conn *fc = get_fuse_conn_super(sb); 205 struct fuse_conn *fc = get_fuse_conn_super(sb);
206 206
207 down_write(&fc->sbput_sem);
208 while (!list_empty(&fc->background))
209 fuse_release_background(fc,
210 list_entry(fc->background.next,
211 struct fuse_req, bg_entry));
212
207 spin_lock(&fc->lock); 213 spin_lock(&fc->lock);
214 fc->mounted = 0;
208 fc->connected = 0; 215 fc->connected = 0;
209 while (!list_empty(&fc->background)) {
210 struct fuse_req *req = list_entry(fc->background.next,
211 struct fuse_req, bg_entry);
212 struct inode *inode = req->inode;
213 struct inode *inode2 = req->inode2;
214
215 /* File would hold a reference to vfsmount */
216 BUG_ON(req->file);
217 req->inode = NULL;
218 req->inode2 = NULL;
219 fuse_remove_background(fc, req);
220
221 spin_unlock(&fc->lock);
222 iput(inode);
223 iput(inode2);
224 spin_lock(&fc->lock);
225 }
226 spin_unlock(&fc->lock); 216 spin_unlock(&fc->lock);
217 up_write(&fc->sbput_sem);
227 /* Flush all readers on this fs */ 218 /* Flush all readers on this fs */
228 kill_fasync(&fc->fasync, SIGIO, POLL_IN); 219 kill_fasync(&fc->fasync, SIGIO, POLL_IN);
229 wake_up_all(&fc->waitq); 220 wake_up_all(&fc->waitq);
@@ -395,6 +386,7 @@ static struct fuse_conn *new_conn(void)
395 INIT_LIST_HEAD(&fc->processing); 386 INIT_LIST_HEAD(&fc->processing);
396 INIT_LIST_HEAD(&fc->io); 387 INIT_LIST_HEAD(&fc->io);
397 INIT_LIST_HEAD(&fc->background); 388 INIT_LIST_HEAD(&fc->background);
389 init_rwsem(&fc->sbput_sem);
398 kobj_set_kset_s(fc, connections_subsys); 390 kobj_set_kset_s(fc, connections_subsys);
399 kobject_init(&fc->kobj); 391 kobject_init(&fc->kobj);
400 atomic_set(&fc->num_waiting, 0); 392 atomic_set(&fc->num_waiting, 0);
@@ -508,11 +500,6 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent)
508 if (file->f_op != &fuse_dev_operations) 500 if (file->f_op != &fuse_dev_operations)
509 return -EINVAL; 501 return -EINVAL;
510 502
511 /* Setting file->private_data can't race with other mount()
512 instances, since BKL is held for ->get_sb() */
513 if (file->private_data)
514 return -EINVAL;
515
516 fc = new_conn(); 503 fc = new_conn();
517 if (!fc) 504 if (!fc)
518 return -ENOMEM; 505 return -ENOMEM;
@@ -548,7 +535,14 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent)
548 if (err) 535 if (err)
549 goto err_free_req; 536 goto err_free_req;
550 537
538 /* Setting file->private_data can't race with other mount()
539 instances, since BKL is held for ->get_sb() */
540 err = -EINVAL;
541 if (file->private_data)
542 goto err_kobject_del;
543
551 sb->s_root = root_dentry; 544 sb->s_root = root_dentry;
545 fc->mounted = 1;
552 fc->connected = 1; 546 fc->connected = 1;
553 kobject_get(&fc->kobj); 547 kobject_get(&fc->kobj);
554 file->private_data = fc; 548 file->private_data = fc;
@@ -563,6 +557,8 @@ static int fuse_fill_super(struct super_block *sb, void *data, int silent)
563 557
564 return 0; 558 return 0;
565 559
560 err_kobject_del:
561 kobject_del(&fc->kobj);
566 err_free_req: 562 err_free_req:
567 fuse_request_free(init_req); 563 fuse_request_free(init_req);
568 err_put_root: 564 err_put_root:
diff --git a/fs/inotify.c b/fs/inotify.c
index 1f50302849c5..732ec4bd5774 100644
--- a/fs/inotify.c
+++ b/fs/inotify.c
@@ -848,7 +848,11 @@ static int inotify_release(struct inode *ignored, struct file *file)
848 inode = watch->inode; 848 inode = watch->inode;
849 mutex_lock(&inode->inotify_mutex); 849 mutex_lock(&inode->inotify_mutex);
850 mutex_lock(&dev->mutex); 850 mutex_lock(&dev->mutex);
851 remove_watch_no_event(watch, dev); 851
852 /* make sure we didn't race with another list removal */
853 if (likely(idr_find(&dev->idr, watch->wd)))
854 remove_watch_no_event(watch, dev);
855
852 mutex_unlock(&dev->mutex); 856 mutex_unlock(&dev->mutex);
853 mutex_unlock(&inode->inotify_mutex); 857 mutex_unlock(&inode->inotify_mutex);
854 put_inotify_watch(watch); 858 put_inotify_watch(watch);
@@ -890,8 +894,7 @@ static int inotify_ignore(struct inotify_device *dev, s32 wd)
890 mutex_lock(&dev->mutex); 894 mutex_lock(&dev->mutex);
891 895
892 /* make sure that we did not race */ 896 /* make sure that we did not race */
893 watch = idr_find(&dev->idr, wd); 897 if (likely(idr_find(&dev->idr, wd) == watch))
894 if (likely(watch))
895 remove_watch(watch, dev); 898 remove_watch(watch, dev);
896 899
897 mutex_unlock(&dev->mutex); 900 mutex_unlock(&dev->mutex);
diff --git a/fs/jffs/intrep.c b/fs/jffs/intrep.c
index 0ef207dfaf6f..5371a403130a 100644
--- a/fs/jffs/intrep.c
+++ b/fs/jffs/intrep.c
@@ -247,7 +247,7 @@ flash_safe_read(struct mtd_info *mtd, loff_t from,
247 D3(printk(KERN_NOTICE "flash_safe_read(%p, %08x, %p, %08x)\n", 247 D3(printk(KERN_NOTICE "flash_safe_read(%p, %08x, %p, %08x)\n",
248 mtd, (unsigned int) from, buf, count)); 248 mtd, (unsigned int) from, buf, count));
249 249
250 res = MTD_READ(mtd, from, count, &retlen, buf); 250 res = mtd->read(mtd, from, count, &retlen, buf);
251 if (retlen != count) { 251 if (retlen != count) {
252 panic("Didn't read all bytes in flash_safe_read(). Returned %d\n", res); 252 panic("Didn't read all bytes in flash_safe_read(). Returned %d\n", res);
253 } 253 }
@@ -262,7 +262,7 @@ flash_read_u32(struct mtd_info *mtd, loff_t from)
262 __u32 ret; 262 __u32 ret;
263 int res; 263 int res;
264 264
265 res = MTD_READ(mtd, from, 4, &retlen, (unsigned char *)&ret); 265 res = mtd->read(mtd, from, 4, &retlen, (unsigned char *)&ret);
266 if (retlen != 4) { 266 if (retlen != 4) {
267 printk("Didn't read all bytes in flash_read_u32(). Returned %d\n", res); 267 printk("Didn't read all bytes in flash_read_u32(). Returned %d\n", res);
268 return 0; 268 return 0;
@@ -282,7 +282,7 @@ flash_safe_write(struct mtd_info *mtd, loff_t to,
282 D3(printk(KERN_NOTICE "flash_safe_write(%p, %08x, %p, %08x)\n", 282 D3(printk(KERN_NOTICE "flash_safe_write(%p, %08x, %p, %08x)\n",
283 mtd, (unsigned int) to, buf, count)); 283 mtd, (unsigned int) to, buf, count));
284 284
285 res = MTD_WRITE(mtd, to, count, &retlen, buf); 285 res = mtd->write(mtd, to, count, &retlen, buf);
286 if (retlen != count) { 286 if (retlen != count) {
287 printk("Didn't write all bytes in flash_safe_write(). Returned %d\n", res); 287 printk("Didn't write all bytes in flash_safe_write(). Returned %d\n", res);
288 } 288 }
@@ -300,9 +300,9 @@ flash_safe_writev(struct mtd_info *mtd, const struct kvec *vecs,
300 300
301 D3(printk(KERN_NOTICE "flash_safe_writev(%p, %08x, %p)\n", 301 D3(printk(KERN_NOTICE "flash_safe_writev(%p, %08x, %p)\n",
302 mtd, (unsigned int) to, vecs)); 302 mtd, (unsigned int) to, vecs));
303 303
304 if (mtd->writev) { 304 if (mtd->writev) {
305 res = MTD_WRITEV(mtd, vecs, iovec_cnt, to, &retlen); 305 res = mtd->writev(mtd, vecs, iovec_cnt, to, &retlen);
306 return res ? res : retlen; 306 return res ? res : retlen;
307 } 307 }
308 /* Not implemented writev. Repeatedly use write - on the not so 308 /* Not implemented writev. Repeatedly use write - on the not so
@@ -312,7 +312,8 @@ flash_safe_writev(struct mtd_info *mtd, const struct kvec *vecs,
312 retlen=0; 312 retlen=0;
313 313
314 for (i=0; !res && i<iovec_cnt; i++) { 314 for (i=0; !res && i<iovec_cnt; i++) {
315 res = MTD_WRITE(mtd, to, vecs[i].iov_len, &retlen_a, vecs[i].iov_base); 315 res = mtd->write(mtd, to, vecs[i].iov_len, &retlen_a,
316 vecs[i].iov_base);
316 if (retlen_a != vecs[i].iov_len) { 317 if (retlen_a != vecs[i].iov_len) {
317 printk("Didn't write all bytes in flash_safe_writev(). Returned %d\n", res); 318 printk("Didn't write all bytes in flash_safe_writev(). Returned %d\n", res);
318 if (i != iovec_cnt-1) 319 if (i != iovec_cnt-1)
@@ -393,7 +394,7 @@ flash_erase_region(struct mtd_info *mtd, loff_t start,
393 set_current_state(TASK_UNINTERRUPTIBLE); 394 set_current_state(TASK_UNINTERRUPTIBLE);
394 add_wait_queue(&wait_q, &wait); 395 add_wait_queue(&wait_q, &wait);
395 396
396 if (MTD_ERASE(mtd, erase) < 0) { 397 if (mtd->erase(mtd, erase) < 0) {
397 set_current_state(TASK_RUNNING); 398 set_current_state(TASK_RUNNING);
398 remove_wait_queue(&wait_q, &wait); 399 remove_wait_queue(&wait_q, &wait);
399 kfree(erase); 400 kfree(erase);
diff --git a/fs/jffs2/Makefile b/fs/jffs2/Makefile
index 77dc5561a04e..7f28ee0bd132 100644
--- a/fs/jffs2/Makefile
+++ b/fs/jffs2/Makefile
@@ -12,6 +12,9 @@ jffs2-y += symlink.o build.o erase.o background.o fs.o writev.o
12jffs2-y += super.o debug.o 12jffs2-y += super.o debug.o
13 13
14jffs2-$(CONFIG_JFFS2_FS_WRITEBUFFER) += wbuf.o 14jffs2-$(CONFIG_JFFS2_FS_WRITEBUFFER) += wbuf.o
15jffs2-$(CONFIG_JFFS2_FS_XATTR) += xattr.o xattr_trusted.o xattr_user.o
16jffs2-$(CONFIG_JFFS2_FS_SECURITY) += security.o
17jffs2-$(CONFIG_JFFS2_FS_POSIX_ACL) += acl.o
15jffs2-$(CONFIG_JFFS2_RUBIN) += compr_rubin.o 18jffs2-$(CONFIG_JFFS2_RUBIN) += compr_rubin.o
16jffs2-$(CONFIG_JFFS2_RTIME) += compr_rtime.o 19jffs2-$(CONFIG_JFFS2_RTIME) += compr_rtime.o
17jffs2-$(CONFIG_JFFS2_ZLIB) += compr_zlib.o 20jffs2-$(CONFIG_JFFS2_ZLIB) += compr_zlib.o
diff --git a/fs/jffs2/README.Locking b/fs/jffs2/README.Locking
index b7943439b6ec..c8f0bd64e53e 100644
--- a/fs/jffs2/README.Locking
+++ b/fs/jffs2/README.Locking
@@ -150,3 +150,24 @@ the buffer.
150 150
151Ordering constraints: 151Ordering constraints:
152 Lock wbuf_sem last, after the alloc_sem or and f->sem. 152 Lock wbuf_sem last, after the alloc_sem or and f->sem.
153
154
155 c->xattr_sem
156 ------------
157
158This read/write semaphore protects against concurrent access to the
159xattr related objects which include stuff in superblock and ic->xref.
160In read-only path, write-semaphore is too much exclusion. It's enough
161by read-semaphore. But you must hold write-semaphore when updating,
162creating or deleting any xattr related object.
163
164Once xattr_sem released, there would be no assurance for the existence
165of those objects. Thus, a series of processes is often required to retry,
166when updating such a object is necessary under holding read semaphore.
167For example, do_jffs2_getxattr() holds read-semaphore to scan xref and
168xdatum at first. But it retries this process with holding write-semaphore
169after release read-semaphore, if it's necessary to load name/value pair
170from medium.
171
172Ordering constraints:
173 Lock xattr_sem last, after the alloc_sem.
diff --git a/fs/jffs2/acl.c b/fs/jffs2/acl.c
new file mode 100644
index 000000000000..320dd48b834e
--- /dev/null
+++ b/fs/jffs2/acl.c
@@ -0,0 +1,485 @@
1/*
2 * JFFS2 -- Journalling Flash File System, Version 2.
3 *
4 * Copyright (C) 2006 NEC Corporation
5 *
6 * Created by KaiGai Kohei <kaigai@ak.jp.nec.com>
7 *
8 * For licensing information, see the file 'LICENCE' in this directory.
9 *
10 */
11#include <linux/kernel.h>
12#include <linux/slab.h>
13#include <linux/fs.h>
14#include <linux/time.h>
15#include <linux/crc32.h>
16#include <linux/jffs2.h>
17#include <linux/xattr.h>
18#include <linux/posix_acl_xattr.h>
19#include <linux/mtd/mtd.h>
20#include "nodelist.h"
21
22static size_t jffs2_acl_size(int count)
23{
24 if (count <= 4) {
25 return sizeof(struct jffs2_acl_header)
26 + count * sizeof(struct jffs2_acl_entry_short);
27 } else {
28 return sizeof(struct jffs2_acl_header)
29 + 4 * sizeof(struct jffs2_acl_entry_short)
30 + (count - 4) * sizeof(struct jffs2_acl_entry);
31 }
32}
33
34static int jffs2_acl_count(size_t size)
35{
36 size_t s;
37
38 size -= sizeof(struct jffs2_acl_header);
39 s = size - 4 * sizeof(struct jffs2_acl_entry_short);
40 if (s < 0) {
41 if (size % sizeof(struct jffs2_acl_entry_short))
42 return -1;
43 return size / sizeof(struct jffs2_acl_entry_short);
44 } else {
45 if (s % sizeof(struct jffs2_acl_entry))
46 return -1;
47 return s / sizeof(struct jffs2_acl_entry) + 4;
48 }
49}
50
51static struct posix_acl *jffs2_acl_from_medium(void *value, size_t size)
52{
53 void *end = value + size;
54 struct jffs2_acl_header *header = value;
55 struct jffs2_acl_entry *entry;
56 struct posix_acl *acl;
57 uint32_t ver;
58 int i, count;
59
60 if (!value)
61 return NULL;
62 if (size < sizeof(struct jffs2_acl_header))
63 return ERR_PTR(-EINVAL);
64 ver = je32_to_cpu(header->a_version);
65 if (ver != JFFS2_ACL_VERSION) {
66 JFFS2_WARNING("Invalid ACL version. (=%u)\n", ver);
67 return ERR_PTR(-EINVAL);
68 }
69
70 value += sizeof(struct jffs2_acl_header);
71 count = jffs2_acl_count(size);
72 if (count < 0)
73 return ERR_PTR(-EINVAL);
74 if (count == 0)
75 return NULL;
76
77 acl = posix_acl_alloc(count, GFP_KERNEL);
78 if (!acl)
79 return ERR_PTR(-ENOMEM);
80
81 for (i=0; i < count; i++) {
82 entry = value;
83 if (value + sizeof(struct jffs2_acl_entry_short) > end)
84 goto fail;
85 acl->a_entries[i].e_tag = je16_to_cpu(entry->e_tag);
86 acl->a_entries[i].e_perm = je16_to_cpu(entry->e_perm);
87 switch (acl->a_entries[i].e_tag) {
88 case ACL_USER_OBJ:
89 case ACL_GROUP_OBJ:
90 case ACL_MASK:
91 case ACL_OTHER:
92 value += sizeof(struct jffs2_acl_entry_short);
93 acl->a_entries[i].e_id = ACL_UNDEFINED_ID;
94 break;
95
96 case ACL_USER:
97 case ACL_GROUP:
98 value += sizeof(struct jffs2_acl_entry);
99 if (value > end)
100 goto fail;
101 acl->a_entries[i].e_id = je32_to_cpu(entry->e_id);
102 break;
103
104 default:
105 goto fail;
106 }
107 }
108 if (value != end)
109 goto fail;
110 return acl;
111 fail:
112 posix_acl_release(acl);
113 return ERR_PTR(-EINVAL);
114}
115
116static void *jffs2_acl_to_medium(const struct posix_acl *acl, size_t *size)
117{
118 struct jffs2_acl_header *header;
119 struct jffs2_acl_entry *entry;
120 void *e;
121 size_t i;
122
123 *size = jffs2_acl_size(acl->a_count);
124 header = kmalloc(sizeof(*header) + acl->a_count * sizeof(*entry), GFP_KERNEL);
125 if (!header)
126 return ERR_PTR(-ENOMEM);
127 header->a_version = cpu_to_je32(JFFS2_ACL_VERSION);
128 e = header + 1;
129 for (i=0; i < acl->a_count; i++) {
130 entry = e;
131 entry->e_tag = cpu_to_je16(acl->a_entries[i].e_tag);
132 entry->e_perm = cpu_to_je16(acl->a_entries[i].e_perm);
133 switch(acl->a_entries[i].e_tag) {
134 case ACL_USER:
135 case ACL_GROUP:
136 entry->e_id = cpu_to_je32(acl->a_entries[i].e_id);
137 e += sizeof(struct jffs2_acl_entry);
138 break;
139
140 case ACL_USER_OBJ:
141 case ACL_GROUP_OBJ:
142 case ACL_MASK:
143 case ACL_OTHER:
144 e += sizeof(struct jffs2_acl_entry_short);
145 break;
146
147 default:
148 goto fail;
149 }
150 }
151 return header;
152 fail:
153 kfree(header);
154 return ERR_PTR(-EINVAL);
155}
156
157static struct posix_acl *jffs2_iget_acl(struct inode *inode, struct posix_acl **i_acl)
158{
159 struct posix_acl *acl = JFFS2_ACL_NOT_CACHED;
160
161 spin_lock(&inode->i_lock);
162 if (*i_acl != JFFS2_ACL_NOT_CACHED)
163 acl = posix_acl_dup(*i_acl);
164 spin_unlock(&inode->i_lock);
165 return acl;
166}
167
168static void jffs2_iset_acl(struct inode *inode, struct posix_acl **i_acl, struct posix_acl *acl)
169{
170 spin_lock(&inode->i_lock);
171 if (*i_acl != JFFS2_ACL_NOT_CACHED)
172 posix_acl_release(*i_acl);
173 *i_acl = posix_acl_dup(acl);
174 spin_unlock(&inode->i_lock);
175}
176
177static struct posix_acl *jffs2_get_acl(struct inode *inode, int type)
178{
179 struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode);
180 struct posix_acl *acl;
181 char *value = NULL;
182 int rc, xprefix;
183
184 switch (type) {
185 case ACL_TYPE_ACCESS:
186 acl = jffs2_iget_acl(inode, &f->i_acl_access);
187 if (acl != JFFS2_ACL_NOT_CACHED)
188 return acl;
189 xprefix = JFFS2_XPREFIX_ACL_ACCESS;
190 break;
191 case ACL_TYPE_DEFAULT:
192 acl = jffs2_iget_acl(inode, &f->i_acl_default);
193 if (acl != JFFS2_ACL_NOT_CACHED)
194 return acl;
195 xprefix = JFFS2_XPREFIX_ACL_DEFAULT;
196 break;
197 default:
198 return ERR_PTR(-EINVAL);
199 }
200 rc = do_jffs2_getxattr(inode, xprefix, "", NULL, 0);
201 if (rc > 0) {
202 value = kmalloc(rc, GFP_KERNEL);
203 if (!value)
204 return ERR_PTR(-ENOMEM);
205 rc = do_jffs2_getxattr(inode, xprefix, "", value, rc);
206 }
207 if (rc > 0) {
208 acl = jffs2_acl_from_medium(value, rc);
209 } else if (rc == -ENODATA || rc == -ENOSYS) {
210 acl = NULL;
211 } else {
212 acl = ERR_PTR(rc);
213 }
214 if (value)
215 kfree(value);
216 if (!IS_ERR(acl)) {
217 switch (type) {
218 case ACL_TYPE_ACCESS:
219 jffs2_iset_acl(inode, &f->i_acl_access, acl);
220 break;
221 case ACL_TYPE_DEFAULT:
222 jffs2_iset_acl(inode, &f->i_acl_default, acl);
223 break;
224 }
225 }
226 return acl;
227}
228
229static int jffs2_set_acl(struct inode *inode, int type, struct posix_acl *acl)
230{
231 struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode);
232 size_t size = 0;
233 char *value = NULL;
234 int rc, xprefix;
235
236 if (S_ISLNK(inode->i_mode))
237 return -EOPNOTSUPP;
238
239 switch (type) {
240 case ACL_TYPE_ACCESS:
241 xprefix = JFFS2_XPREFIX_ACL_ACCESS;
242 if (acl) {
243 mode_t mode = inode->i_mode;
244 rc = posix_acl_equiv_mode(acl, &mode);
245 if (rc < 0)
246 return rc;
247 if (inode->i_mode != mode) {
248 inode->i_mode = mode;
249 jffs2_dirty_inode(inode);
250 }
251 if (rc == 0)
252 acl = NULL;
253 }
254 break;
255 case ACL_TYPE_DEFAULT:
256 xprefix = JFFS2_XPREFIX_ACL_DEFAULT;
257 if (!S_ISDIR(inode->i_mode))
258 return acl ? -EACCES : 0;
259 break;
260 default:
261 return -EINVAL;
262 }
263 if (acl) {
264 value = jffs2_acl_to_medium(acl, &size);
265 if (IS_ERR(value))
266 return PTR_ERR(value);
267 }
268
269 rc = do_jffs2_setxattr(inode, xprefix, "", value, size, 0);
270 if (value)
271 kfree(value);
272 if (!rc) {
273 switch(type) {
274 case ACL_TYPE_ACCESS:
275 jffs2_iset_acl(inode, &f->i_acl_access, acl);
276 break;
277 case ACL_TYPE_DEFAULT:
278 jffs2_iset_acl(inode, &f->i_acl_default, acl);
279 break;
280 }
281 }
282 return rc;
283}
284
285static int jffs2_check_acl(struct inode *inode, int mask)
286{
287 struct posix_acl *acl;
288 int rc;
289
290 acl = jffs2_get_acl(inode, ACL_TYPE_ACCESS);
291 if (IS_ERR(acl))
292 return PTR_ERR(acl);
293 if (acl) {
294 rc = posix_acl_permission(inode, acl, mask);
295 posix_acl_release(acl);
296 return rc;
297 }
298 return -EAGAIN;
299}
300
301int jffs2_permission(struct inode *inode, int mask, struct nameidata *nd)
302{
303 return generic_permission(inode, mask, jffs2_check_acl);
304}
305
306int jffs2_init_acl(struct inode *inode, struct inode *dir)
307{
308 struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode);
309 struct posix_acl *acl = NULL, *clone;
310 mode_t mode;
311 int rc = 0;
312
313 f->i_acl_access = JFFS2_ACL_NOT_CACHED;
314 f->i_acl_default = JFFS2_ACL_NOT_CACHED;
315 if (!S_ISLNK(inode->i_mode)) {
316 acl = jffs2_get_acl(dir, ACL_TYPE_DEFAULT);
317 if (IS_ERR(acl))
318 return PTR_ERR(acl);
319 if (!acl)
320 inode->i_mode &= ~current->fs->umask;
321 }
322 if (acl) {
323 if (S_ISDIR(inode->i_mode)) {
324 rc = jffs2_set_acl(inode, ACL_TYPE_DEFAULT, acl);
325 if (rc)
326 goto cleanup;
327 }
328 clone = posix_acl_clone(acl, GFP_KERNEL);
329 rc = -ENOMEM;
330 if (!clone)
331 goto cleanup;
332 mode = inode->i_mode;
333 rc = posix_acl_create_masq(clone, &mode);
334 if (rc >= 0) {
335 inode->i_mode = mode;
336 if (rc > 0)
337 rc = jffs2_set_acl(inode, ACL_TYPE_ACCESS, clone);
338 }
339 posix_acl_release(clone);
340 }
341 cleanup:
342 posix_acl_release(acl);
343 return rc;
344}
345
346void jffs2_clear_acl(struct inode *inode)
347{
348 struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode);
349
350 if (f->i_acl_access && f->i_acl_access != JFFS2_ACL_NOT_CACHED) {
351 posix_acl_release(f->i_acl_access);
352 f->i_acl_access = JFFS2_ACL_NOT_CACHED;
353 }
354 if (f->i_acl_default && f->i_acl_default != JFFS2_ACL_NOT_CACHED) {
355 posix_acl_release(f->i_acl_default);
356 f->i_acl_default = JFFS2_ACL_NOT_CACHED;
357 }
358}
359
360int jffs2_acl_chmod(struct inode *inode)
361{
362 struct posix_acl *acl, *clone;
363 int rc;
364
365 if (S_ISLNK(inode->i_mode))
366 return -EOPNOTSUPP;
367 acl = jffs2_get_acl(inode, ACL_TYPE_ACCESS);
368 if (IS_ERR(acl) || !acl)
369 return PTR_ERR(acl);
370 clone = posix_acl_clone(acl, GFP_KERNEL);
371 posix_acl_release(acl);
372 if (!clone)
373 return -ENOMEM;
374 rc = posix_acl_chmod_masq(clone, inode->i_mode);
375 if (!rc)
376 rc = jffs2_set_acl(inode, ACL_TYPE_ACCESS, clone);
377 posix_acl_release(clone);
378 return rc;
379}
380
381static size_t jffs2_acl_access_listxattr(struct inode *inode, char *list, size_t list_size,
382 const char *name, size_t name_len)
383{
384 const int retlen = sizeof(POSIX_ACL_XATTR_ACCESS);
385
386 if (list && retlen <= list_size)
387 strcpy(list, POSIX_ACL_XATTR_ACCESS);
388 return retlen;
389}
390
391static size_t jffs2_acl_default_listxattr(struct inode *inode, char *list, size_t list_size,
392 const char *name, size_t name_len)
393{
394 const int retlen = sizeof(POSIX_ACL_XATTR_DEFAULT);
395
396 if (list && retlen <= list_size)
397 strcpy(list, POSIX_ACL_XATTR_DEFAULT);
398 return retlen;
399}
400
401static int jffs2_acl_getxattr(struct inode *inode, int type, void *buffer, size_t size)
402{
403 struct posix_acl *acl;
404 int rc;
405
406 acl = jffs2_get_acl(inode, type);
407 if (IS_ERR(acl))
408 return PTR_ERR(acl);
409 if (!acl)
410 return -ENODATA;
411 rc = posix_acl_to_xattr(acl, buffer, size);
412 posix_acl_release(acl);
413
414 return rc;
415}
416
417static int jffs2_acl_access_getxattr(struct inode *inode, const char *name, void *buffer, size_t size)
418{
419 if (name[0] != '\0')
420 return -EINVAL;
421 return jffs2_acl_getxattr(inode, ACL_TYPE_ACCESS, buffer, size);
422}
423
424static int jffs2_acl_default_getxattr(struct inode *inode, const char *name, void *buffer, size_t size)
425{
426 if (name[0] != '\0')
427 return -EINVAL;
428 return jffs2_acl_getxattr(inode, ACL_TYPE_DEFAULT, buffer, size);
429}
430
431static int jffs2_acl_setxattr(struct inode *inode, int type, const void *value, size_t size)
432{
433 struct posix_acl *acl;
434 int rc;
435
436 if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))
437 return -EPERM;
438
439 if (value) {
440 acl = posix_acl_from_xattr(value, size);
441 if (IS_ERR(acl))
442 return PTR_ERR(acl);
443 if (acl) {
444 rc = posix_acl_valid(acl);
445 if (rc)
446 goto out;
447 }
448 } else {
449 acl = NULL;
450 }
451 rc = jffs2_set_acl(inode, type, acl);
452 out:
453 posix_acl_release(acl);
454 return rc;
455}
456
457static int jffs2_acl_access_setxattr(struct inode *inode, const char *name,
458 const void *buffer, size_t size, int flags)
459{
460 if (name[0] != '\0')
461 return -EINVAL;
462 return jffs2_acl_setxattr(inode, ACL_TYPE_ACCESS, buffer, size);
463}
464
465static int jffs2_acl_default_setxattr(struct inode *inode, const char *name,
466 const void *buffer, size_t size, int flags)
467{
468 if (name[0] != '\0')
469 return -EINVAL;
470 return jffs2_acl_setxattr(inode, ACL_TYPE_DEFAULT, buffer, size);
471}
472
473struct xattr_handler jffs2_acl_access_xattr_handler = {
474 .prefix = POSIX_ACL_XATTR_ACCESS,
475 .list = jffs2_acl_access_listxattr,
476 .get = jffs2_acl_access_getxattr,
477 .set = jffs2_acl_access_setxattr,
478};
479
480struct xattr_handler jffs2_acl_default_xattr_handler = {
481 .prefix = POSIX_ACL_XATTR_DEFAULT,
482 .list = jffs2_acl_default_listxattr,
483 .get = jffs2_acl_default_getxattr,
484 .set = jffs2_acl_default_setxattr,
485};
diff --git a/fs/jffs2/acl.h b/fs/jffs2/acl.h
new file mode 100644
index 000000000000..8893bd1a6ba7
--- /dev/null
+++ b/fs/jffs2/acl.h
@@ -0,0 +1,45 @@
1/*
2 * JFFS2 -- Journalling Flash File System, Version 2.
3 *
4 * Copyright (C) 2006 NEC Corporation
5 *
6 * Created by KaiGai Kohei <kaigai@ak.jp.nec.com>
7 *
8 * For licensing information, see the file 'LICENCE' in this directory.
9 *
10 */
11struct jffs2_acl_entry {
12 jint16_t e_tag;
13 jint16_t e_perm;
14 jint32_t e_id;
15};
16
17struct jffs2_acl_entry_short {
18 jint16_t e_tag;
19 jint16_t e_perm;
20};
21
22struct jffs2_acl_header {
23 jint32_t a_version;
24};
25
26#ifdef CONFIG_JFFS2_FS_POSIX_ACL
27
28#define JFFS2_ACL_NOT_CACHED ((void *)-1)
29
30extern int jffs2_permission(struct inode *, int, struct nameidata *);
31extern int jffs2_acl_chmod(struct inode *);
32extern int jffs2_init_acl(struct inode *, struct inode *);
33extern void jffs2_clear_acl(struct inode *);
34
35extern struct xattr_handler jffs2_acl_access_xattr_handler;
36extern struct xattr_handler jffs2_acl_default_xattr_handler;
37
38#else
39
40#define jffs2_permission NULL
41#define jffs2_acl_chmod(inode) (0)
42#define jffs2_init_acl(inode,dir) (0)
43#define jffs2_clear_acl(inode)
44
45#endif /* CONFIG_JFFS2_FS_POSIX_ACL */
diff --git a/fs/jffs2/build.c b/fs/jffs2/build.c
index 70f7a896c04a..02826967ab58 100644
--- a/fs/jffs2/build.c
+++ b/fs/jffs2/build.c
@@ -160,6 +160,7 @@ static int jffs2_build_filesystem(struct jffs2_sb_info *c)
160 ic->scan_dents = NULL; 160 ic->scan_dents = NULL;
161 cond_resched(); 161 cond_resched();
162 } 162 }
163 jffs2_build_xattr_subsystem(c);
163 c->flags &= ~JFFS2_SB_FLAG_BUILDING; 164 c->flags &= ~JFFS2_SB_FLAG_BUILDING;
164 165
165 dbg_fsbuild("FS build complete\n"); 166 dbg_fsbuild("FS build complete\n");
@@ -178,6 +179,7 @@ exit:
178 jffs2_free_full_dirent(fd); 179 jffs2_free_full_dirent(fd);
179 } 180 }
180 } 181 }
182 jffs2_clear_xattr_subsystem(c);
181 } 183 }
182 184
183 return ret; 185 return ret;
diff --git a/fs/jffs2/compr.c b/fs/jffs2/compr.c
index e7944e665b9f..7001ba26c067 100644
--- a/fs/jffs2/compr.c
+++ b/fs/jffs2/compr.c
@@ -412,7 +412,7 @@ void jffs2_free_comprbuf(unsigned char *comprbuf, unsigned char *orig)
412 kfree(comprbuf); 412 kfree(comprbuf);
413} 413}
414 414
415int jffs2_compressors_init(void) 415int __init jffs2_compressors_init(void)
416{ 416{
417/* Registering compressors */ 417/* Registering compressors */
418#ifdef CONFIG_JFFS2_ZLIB 418#ifdef CONFIG_JFFS2_ZLIB
diff --git a/fs/jffs2/compr.h b/fs/jffs2/compr.h
index a77e830d85c5..509b8b1c0811 100644
--- a/fs/jffs2/compr.h
+++ b/fs/jffs2/compr.h
@@ -23,8 +23,8 @@
23#include <linux/errno.h> 23#include <linux/errno.h>
24#include <linux/fs.h> 24#include <linux/fs.h>
25#include <linux/jffs2.h> 25#include <linux/jffs2.h>
26#include <linux/jffs2_fs_i.h> 26#include "jffs2_fs_i.h"
27#include <linux/jffs2_fs_sb.h> 27#include "jffs2_fs_sb.h"
28#include "nodelist.h" 28#include "nodelist.h"
29 29
30#define JFFS2_RUBINMIPS_PRIORITY 10 30#define JFFS2_RUBINMIPS_PRIORITY 10
diff --git a/fs/jffs2/debug.c b/fs/jffs2/debug.c
index 1fe17de713e8..72b4fc13a106 100644
--- a/fs/jffs2/debug.c
+++ b/fs/jffs2/debug.c
@@ -192,13 +192,13 @@ __jffs2_dbg_acct_paranoia_check_nolock(struct jffs2_sb_info *c,
192 else 192 else
193 my_dirty_size += totlen; 193 my_dirty_size += totlen;
194 194
195 if ((!ref2->next_phys) != (ref2 == jeb->last_node)) { 195 if ((!ref_next(ref2)) != (ref2 == jeb->last_node)) {
196 JFFS2_ERROR("node_ref for node at %#08x (mem %p) has next_phys at %#08x (mem %p), last_node is at %#08x (mem %p).\n", 196 JFFS2_ERROR("node_ref for node at %#08x (mem %p) has next at %#08x (mem %p), last_node is at %#08x (mem %p).\n",
197 ref_offset(ref2), ref2, ref_offset(ref2->next_phys), ref2->next_phys, 197 ref_offset(ref2), ref2, ref_offset(ref_next(ref2)), ref_next(ref2),
198 ref_offset(jeb->last_node), jeb->last_node); 198 ref_offset(jeb->last_node), jeb->last_node);
199 goto error; 199 goto error;
200 } 200 }
201 ref2 = ref2->next_phys; 201 ref2 = ref_next(ref2);
202 } 202 }
203 203
204 if (my_used_size != jeb->used_size) { 204 if (my_used_size != jeb->used_size) {
@@ -268,9 +268,9 @@ __jffs2_dbg_dump_node_refs_nolock(struct jffs2_sb_info *c,
268 } 268 }
269 269
270 printk(JFFS2_DBG); 270 printk(JFFS2_DBG);
271 for (ref = jeb->first_node; ; ref = ref->next_phys) { 271 for (ref = jeb->first_node; ; ref = ref_next(ref)) {
272 printk("%#08x(%#x)", ref_offset(ref), ref->__totlen); 272 printk("%#08x(%#x)", ref_offset(ref), ref->__totlen);
273 if (ref->next_phys) 273 if (ref_next(ref))
274 printk("->"); 274 printk("->");
275 else 275 else
276 break; 276 break;
diff --git a/fs/jffs2/debug.h b/fs/jffs2/debug.h
index 162af6dfe292..5fa494a792b2 100644
--- a/fs/jffs2/debug.h
+++ b/fs/jffs2/debug.h
@@ -171,6 +171,12 @@
171#define dbg_memalloc(fmt, ...) 171#define dbg_memalloc(fmt, ...)
172#endif 172#endif
173 173
174/* Watch the XATTR subsystem */
175#ifdef JFFS2_DBG_XATTR_MESSAGES
176#define dbg_xattr(fmt, ...) JFFS2_DEBUG(fmt, ##__VA_ARGS__)
177#else
178#define dbg_xattr(fmt, ...)
179#endif
174 180
175/* "Sanity" checks */ 181/* "Sanity" checks */
176void 182void
diff --git a/fs/jffs2/dir.c b/fs/jffs2/dir.c
index 8bc7a5018e40..edd8371fc6a5 100644
--- a/fs/jffs2/dir.c
+++ b/fs/jffs2/dir.c
@@ -17,8 +17,8 @@
17#include <linux/fs.h> 17#include <linux/fs.h>
18#include <linux/crc32.h> 18#include <linux/crc32.h>
19#include <linux/jffs2.h> 19#include <linux/jffs2.h>
20#include <linux/jffs2_fs_i.h> 20#include "jffs2_fs_i.h"
21#include <linux/jffs2_fs_sb.h> 21#include "jffs2_fs_sb.h"
22#include <linux/time.h> 22#include <linux/time.h>
23#include "nodelist.h" 23#include "nodelist.h"
24 24
@@ -57,7 +57,12 @@ struct inode_operations jffs2_dir_inode_operations =
57 .rmdir = jffs2_rmdir, 57 .rmdir = jffs2_rmdir,
58 .mknod = jffs2_mknod, 58 .mknod = jffs2_mknod,
59 .rename = jffs2_rename, 59 .rename = jffs2_rename,
60 .permission = jffs2_permission,
60 .setattr = jffs2_setattr, 61 .setattr = jffs2_setattr,
62 .setxattr = jffs2_setxattr,
63 .getxattr = jffs2_getxattr,
64 .listxattr = jffs2_listxattr,
65 .removexattr = jffs2_removexattr
61}; 66};
62 67
63/***********************************************************************/ 68/***********************************************************************/
@@ -78,6 +83,9 @@ static struct dentry *jffs2_lookup(struct inode *dir_i, struct dentry *target,
78 83
79 D1(printk(KERN_DEBUG "jffs2_lookup()\n")); 84 D1(printk(KERN_DEBUG "jffs2_lookup()\n"));
80 85
86 if (target->d_name.len > JFFS2_MAX_NAME_LEN)
87 return ERR_PTR(-ENAMETOOLONG);
88
81 dir_f = JFFS2_INODE_INFO(dir_i); 89 dir_f = JFFS2_INODE_INFO(dir_i);
82 c = JFFS2_SB_INFO(dir_i->i_sb); 90 c = JFFS2_SB_INFO(dir_i->i_sb);
83 91
@@ -206,12 +214,15 @@ static int jffs2_create(struct inode *dir_i, struct dentry *dentry, int mode,
206 ret = jffs2_do_create(c, dir_f, f, ri, 214 ret = jffs2_do_create(c, dir_f, f, ri,
207 dentry->d_name.name, dentry->d_name.len); 215 dentry->d_name.name, dentry->d_name.len);
208 216
209 if (ret) { 217 if (ret)
210 make_bad_inode(inode); 218 goto fail;
211 iput(inode); 219
212 jffs2_free_raw_inode(ri); 220 ret = jffs2_init_security(inode, dir_i);
213 return ret; 221 if (ret)
214 } 222 goto fail;
223 ret = jffs2_init_acl(inode, dir_i);
224 if (ret)
225 goto fail;
215 226
216 dir_i->i_mtime = dir_i->i_ctime = ITIME(je32_to_cpu(ri->ctime)); 227 dir_i->i_mtime = dir_i->i_ctime = ITIME(je32_to_cpu(ri->ctime));
217 228
@@ -221,6 +232,12 @@ static int jffs2_create(struct inode *dir_i, struct dentry *dentry, int mode,
221 D1(printk(KERN_DEBUG "jffs2_create: Created ino #%lu with mode %o, nlink %d(%d). nrpages %ld\n", 232 D1(printk(KERN_DEBUG "jffs2_create: Created ino #%lu with mode %o, nlink %d(%d). nrpages %ld\n",
222 inode->i_ino, inode->i_mode, inode->i_nlink, f->inocache->nlink, inode->i_mapping->nrpages)); 233 inode->i_ino, inode->i_mode, inode->i_nlink, f->inocache->nlink, inode->i_mapping->nrpages));
223 return 0; 234 return 0;
235
236 fail:
237 make_bad_inode(inode);
238 iput(inode);
239 jffs2_free_raw_inode(ri);
240 return ret;
224} 241}
225 242
226/***********************************************************************/ 243/***********************************************************************/
@@ -291,7 +308,7 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char
291 struct jffs2_full_dnode *fn; 308 struct jffs2_full_dnode *fn;
292 struct jffs2_full_dirent *fd; 309 struct jffs2_full_dirent *fd;
293 int namelen; 310 int namelen;
294 uint32_t alloclen, phys_ofs; 311 uint32_t alloclen;
295 int ret, targetlen = strlen(target); 312 int ret, targetlen = strlen(target);
296 313
297 /* FIXME: If you care. We'd need to use frags for the target 314 /* FIXME: If you care. We'd need to use frags for the target
@@ -310,8 +327,8 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char
310 * Just the node will do for now, though 327 * Just the node will do for now, though
311 */ 328 */
312 namelen = dentry->d_name.len; 329 namelen = dentry->d_name.len;
313 ret = jffs2_reserve_space(c, sizeof(*ri) + targetlen, &phys_ofs, &alloclen, 330 ret = jffs2_reserve_space(c, sizeof(*ri) + targetlen, &alloclen,
314 ALLOC_NORMAL, JFFS2_SUMMARY_INODE_SIZE); 331 ALLOC_NORMAL, JFFS2_SUMMARY_INODE_SIZE);
315 332
316 if (ret) { 333 if (ret) {
317 jffs2_free_raw_inode(ri); 334 jffs2_free_raw_inode(ri);
@@ -339,7 +356,7 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char
339 ri->data_crc = cpu_to_je32(crc32(0, target, targetlen)); 356 ri->data_crc = cpu_to_je32(crc32(0, target, targetlen));
340 ri->node_crc = cpu_to_je32(crc32(0, ri, sizeof(*ri)-8)); 357 ri->node_crc = cpu_to_je32(crc32(0, ri, sizeof(*ri)-8));
341 358
342 fn = jffs2_write_dnode(c, f, ri, target, targetlen, phys_ofs, ALLOC_NORMAL); 359 fn = jffs2_write_dnode(c, f, ri, target, targetlen, ALLOC_NORMAL);
343 360
344 jffs2_free_raw_inode(ri); 361 jffs2_free_raw_inode(ri);
345 362
@@ -371,8 +388,20 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char
371 up(&f->sem); 388 up(&f->sem);
372 389
373 jffs2_complete_reservation(c); 390 jffs2_complete_reservation(c);
374 ret = jffs2_reserve_space(c, sizeof(*rd)+namelen, &phys_ofs, &alloclen, 391
375 ALLOC_NORMAL, JFFS2_SUMMARY_DIRENT_SIZE(namelen)); 392 ret = jffs2_init_security(inode, dir_i);
393 if (ret) {
394 jffs2_clear_inode(inode);
395 return ret;
396 }
397 ret = jffs2_init_acl(inode, dir_i);
398 if (ret) {
399 jffs2_clear_inode(inode);
400 return ret;
401 }
402
403 ret = jffs2_reserve_space(c, sizeof(*rd)+namelen, &alloclen,
404 ALLOC_NORMAL, JFFS2_SUMMARY_DIRENT_SIZE(namelen));
376 if (ret) { 405 if (ret) {
377 /* Eep. */ 406 /* Eep. */
378 jffs2_clear_inode(inode); 407 jffs2_clear_inode(inode);
@@ -404,7 +433,7 @@ static int jffs2_symlink (struct inode *dir_i, struct dentry *dentry, const char
404 rd->node_crc = cpu_to_je32(crc32(0, rd, sizeof(*rd)-8)); 433 rd->node_crc = cpu_to_je32(crc32(0, rd, sizeof(*rd)-8));
405 rd->name_crc = cpu_to_je32(crc32(0, dentry->d_name.name, namelen)); 434 rd->name_crc = cpu_to_je32(crc32(0, dentry->d_name.name, namelen));
406 435
407 fd = jffs2_write_dirent(c, dir_f, rd, dentry->d_name.name, namelen, phys_ofs, ALLOC_NORMAL); 436 fd = jffs2_write_dirent(c, dir_f, rd, dentry->d_name.name, namelen, ALLOC_NORMAL);
408 437
409 if (IS_ERR(fd)) { 438 if (IS_ERR(fd)) {
410 /* dirent failed to write. Delete the inode normally 439 /* dirent failed to write. Delete the inode normally
@@ -442,7 +471,7 @@ static int jffs2_mkdir (struct inode *dir_i, struct dentry *dentry, int mode)
442 struct jffs2_full_dnode *fn; 471 struct jffs2_full_dnode *fn;
443 struct jffs2_full_dirent *fd; 472 struct jffs2_full_dirent *fd;
444 int namelen; 473 int namelen;
445 uint32_t alloclen, phys_ofs; 474 uint32_t alloclen;
446 int ret; 475 int ret;
447 476
448 mode |= S_IFDIR; 477 mode |= S_IFDIR;
@@ -457,8 +486,8 @@ static int jffs2_mkdir (struct inode *dir_i, struct dentry *dentry, int mode)
457 * Just the node will do for now, though 486 * Just the node will do for now, though
458 */ 487 */
459 namelen = dentry->d_name.len; 488 namelen = dentry->d_name.len;
460 ret = jffs2_reserve_space(c, sizeof(*ri), &phys_ofs, &alloclen, ALLOC_NORMAL, 489 ret = jffs2_reserve_space(c, sizeof(*ri), &alloclen, ALLOC_NORMAL,
461 JFFS2_SUMMARY_INODE_SIZE); 490 JFFS2_SUMMARY_INODE_SIZE);
462 491
463 if (ret) { 492 if (ret) {
464 jffs2_free_raw_inode(ri); 493 jffs2_free_raw_inode(ri);
@@ -483,7 +512,7 @@ static int jffs2_mkdir (struct inode *dir_i, struct dentry *dentry, int mode)
483 ri->data_crc = cpu_to_je32(0); 512 ri->data_crc = cpu_to_je32(0);
484 ri->node_crc = cpu_to_je32(crc32(0, ri, sizeof(*ri)-8)); 513 ri->node_crc = cpu_to_je32(crc32(0, ri, sizeof(*ri)-8));
485 514
486 fn = jffs2_write_dnode(c, f, ri, NULL, 0, phys_ofs, ALLOC_NORMAL); 515 fn = jffs2_write_dnode(c, f, ri, NULL, 0, ALLOC_NORMAL);
487 516
488 jffs2_free_raw_inode(ri); 517 jffs2_free_raw_inode(ri);
489 518
@@ -501,8 +530,20 @@ static int jffs2_mkdir (struct inode *dir_i, struct dentry *dentry, int mode)
501 up(&f->sem); 530 up(&f->sem);
502 531
503 jffs2_complete_reservation(c); 532 jffs2_complete_reservation(c);
504 ret = jffs2_reserve_space(c, sizeof(*rd)+namelen, &phys_ofs, &alloclen, 533
505 ALLOC_NORMAL, JFFS2_SUMMARY_DIRENT_SIZE(namelen)); 534 ret = jffs2_init_security(inode, dir_i);
535 if (ret) {
536 jffs2_clear_inode(inode);
537 return ret;
538 }
539 ret = jffs2_init_acl(inode, dir_i);
540 if (ret) {
541 jffs2_clear_inode(inode);
542 return ret;
543 }
544
545 ret = jffs2_reserve_space(c, sizeof(*rd)+namelen, &alloclen,
546 ALLOC_NORMAL, JFFS2_SUMMARY_DIRENT_SIZE(namelen));
506 if (ret) { 547 if (ret) {
507 /* Eep. */ 548 /* Eep. */
508 jffs2_clear_inode(inode); 549 jffs2_clear_inode(inode);
@@ -534,7 +575,7 @@ static int jffs2_mkdir (struct inode *dir_i, struct dentry *dentry, int mode)
534 rd->node_crc = cpu_to_je32(crc32(0, rd, sizeof(*rd)-8)); 575 rd->node_crc = cpu_to_je32(crc32(0, rd, sizeof(*rd)-8));
535 rd->name_crc = cpu_to_je32(crc32(0, dentry->d_name.name, namelen)); 576 rd->name_crc = cpu_to_je32(crc32(0, dentry->d_name.name, namelen));
536 577
537 fd = jffs2_write_dirent(c, dir_f, rd, dentry->d_name.name, namelen, phys_ofs, ALLOC_NORMAL); 578 fd = jffs2_write_dirent(c, dir_f, rd, dentry->d_name.name, namelen, ALLOC_NORMAL);
538 579
539 if (IS_ERR(fd)) { 580 if (IS_ERR(fd)) {
540 /* dirent failed to write. Delete the inode normally 581 /* dirent failed to write. Delete the inode normally
@@ -588,12 +629,12 @@ static int jffs2_mknod (struct inode *dir_i, struct dentry *dentry, int mode, de
588 struct jffs2_full_dnode *fn; 629 struct jffs2_full_dnode *fn;
589 struct jffs2_full_dirent *fd; 630 struct jffs2_full_dirent *fd;
590 int namelen; 631 int namelen;
591 jint16_t dev; 632 union jffs2_device_node dev;
592 int devlen = 0; 633 int devlen = 0;
593 uint32_t alloclen, phys_ofs; 634 uint32_t alloclen;
594 int ret; 635 int ret;
595 636
596 if (!old_valid_dev(rdev)) 637 if (!new_valid_dev(rdev))
597 return -EINVAL; 638 return -EINVAL;
598 639
599 ri = jffs2_alloc_raw_inode(); 640 ri = jffs2_alloc_raw_inode();
@@ -602,17 +643,15 @@ static int jffs2_mknod (struct inode *dir_i, struct dentry *dentry, int mode, de
602 643
603 c = JFFS2_SB_INFO(dir_i->i_sb); 644 c = JFFS2_SB_INFO(dir_i->i_sb);
604 645
605 if (S_ISBLK(mode) || S_ISCHR(mode)) { 646 if (S_ISBLK(mode) || S_ISCHR(mode))
606 dev = cpu_to_je16(old_encode_dev(rdev)); 647 devlen = jffs2_encode_dev(&dev, rdev);
607 devlen = sizeof(dev);
608 }
609 648
610 /* Try to reserve enough space for both node and dirent. 649 /* Try to reserve enough space for both node and dirent.
611 * Just the node will do for now, though 650 * Just the node will do for now, though
612 */ 651 */
613 namelen = dentry->d_name.len; 652 namelen = dentry->d_name.len;
614 ret = jffs2_reserve_space(c, sizeof(*ri) + devlen, &phys_ofs, &alloclen, 653 ret = jffs2_reserve_space(c, sizeof(*ri) + devlen, &alloclen,
615 ALLOC_NORMAL, JFFS2_SUMMARY_INODE_SIZE); 654 ALLOC_NORMAL, JFFS2_SUMMARY_INODE_SIZE);
616 655
617 if (ret) { 656 if (ret) {
618 jffs2_free_raw_inode(ri); 657 jffs2_free_raw_inode(ri);
@@ -639,7 +678,7 @@ static int jffs2_mknod (struct inode *dir_i, struct dentry *dentry, int mode, de
639 ri->data_crc = cpu_to_je32(crc32(0, &dev, devlen)); 678 ri->data_crc = cpu_to_je32(crc32(0, &dev, devlen));
640 ri->node_crc = cpu_to_je32(crc32(0, ri, sizeof(*ri)-8)); 679 ri->node_crc = cpu_to_je32(crc32(0, ri, sizeof(*ri)-8));
641 680
642 fn = jffs2_write_dnode(c, f, ri, (char *)&dev, devlen, phys_ofs, ALLOC_NORMAL); 681 fn = jffs2_write_dnode(c, f, ri, (char *)&dev, devlen, ALLOC_NORMAL);
643 682
644 jffs2_free_raw_inode(ri); 683 jffs2_free_raw_inode(ri);
645 684
@@ -657,8 +696,20 @@ static int jffs2_mknod (struct inode *dir_i, struct dentry *dentry, int mode, de
657 up(&f->sem); 696 up(&f->sem);
658 697
659 jffs2_complete_reservation(c); 698 jffs2_complete_reservation(c);
660 ret = jffs2_reserve_space(c, sizeof(*rd)+namelen, &phys_ofs, &alloclen, 699
661 ALLOC_NORMAL, JFFS2_SUMMARY_DIRENT_SIZE(namelen)); 700 ret = jffs2_init_security(inode, dir_i);
701 if (ret) {
702 jffs2_clear_inode(inode);
703 return ret;
704 }
705 ret = jffs2_init_acl(inode, dir_i);
706 if (ret) {
707 jffs2_clear_inode(inode);
708 return ret;
709 }
710
711 ret = jffs2_reserve_space(c, sizeof(*rd)+namelen, &alloclen,
712 ALLOC_NORMAL, JFFS2_SUMMARY_DIRENT_SIZE(namelen));
662 if (ret) { 713 if (ret) {
663 /* Eep. */ 714 /* Eep. */
664 jffs2_clear_inode(inode); 715 jffs2_clear_inode(inode);
@@ -693,7 +744,7 @@ static int jffs2_mknod (struct inode *dir_i, struct dentry *dentry, int mode, de
693 rd->node_crc = cpu_to_je32(crc32(0, rd, sizeof(*rd)-8)); 744 rd->node_crc = cpu_to_je32(crc32(0, rd, sizeof(*rd)-8));
694 rd->name_crc = cpu_to_je32(crc32(0, dentry->d_name.name, namelen)); 745 rd->name_crc = cpu_to_je32(crc32(0, dentry->d_name.name, namelen));
695 746
696 fd = jffs2_write_dirent(c, dir_f, rd, dentry->d_name.name, namelen, phys_ofs, ALLOC_NORMAL); 747 fd = jffs2_write_dirent(c, dir_f, rd, dentry->d_name.name, namelen, ALLOC_NORMAL);
697 748
698 if (IS_ERR(fd)) { 749 if (IS_ERR(fd)) {
699 /* dirent failed to write. Delete the inode normally 750 /* dirent failed to write. Delete the inode normally
diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c
index dad68fdffe9e..1862e8bc101d 100644
--- a/fs/jffs2/erase.c
+++ b/fs/jffs2/erase.c
@@ -30,7 +30,6 @@ static void jffs2_erase_callback(struct erase_info *);
30#endif 30#endif
31static void jffs2_erase_failed(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, uint32_t bad_offset); 31static void jffs2_erase_failed(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, uint32_t bad_offset);
32static void jffs2_erase_succeeded(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb); 32static void jffs2_erase_succeeded(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb);
33static void jffs2_free_all_node_refs(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb);
34static void jffs2_mark_erased_block(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb); 33static void jffs2_mark_erased_block(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb);
35 34
36static void jffs2_erase_block(struct jffs2_sb_info *c, 35static void jffs2_erase_block(struct jffs2_sb_info *c,
@@ -136,7 +135,7 @@ void jffs2_erase_pending_blocks(struct jffs2_sb_info *c, int count)
136 c->used_size -= jeb->used_size; 135 c->used_size -= jeb->used_size;
137 c->dirty_size -= jeb->dirty_size; 136 c->dirty_size -= jeb->dirty_size;
138 jeb->wasted_size = jeb->used_size = jeb->dirty_size = jeb->free_size = 0; 137 jeb->wasted_size = jeb->used_size = jeb->dirty_size = jeb->free_size = 0;
139 jffs2_free_all_node_refs(c, jeb); 138 jffs2_free_jeb_node_refs(c, jeb);
140 list_add(&jeb->list, &c->erasing_list); 139 list_add(&jeb->list, &c->erasing_list);
141 spin_unlock(&c->erase_completion_lock); 140 spin_unlock(&c->erase_completion_lock);
142 141
@@ -231,6 +230,7 @@ static inline void jffs2_remove_node_refs_from_ino_list(struct jffs2_sb_info *c,
231 at the end of the linked list. Stash it and continue 230 at the end of the linked list. Stash it and continue
232 from the beginning of the list */ 231 from the beginning of the list */
233 ic = (struct jffs2_inode_cache *)(*prev); 232 ic = (struct jffs2_inode_cache *)(*prev);
233 BUG_ON(ic->class != RAWNODE_CLASS_INODE_CACHE);
234 prev = &ic->nodes; 234 prev = &ic->nodes;
235 continue; 235 continue;
236 } 236 }
@@ -283,22 +283,27 @@ static inline void jffs2_remove_node_refs_from_ino_list(struct jffs2_sb_info *c,
283 jffs2_del_ino_cache(c, ic); 283 jffs2_del_ino_cache(c, ic);
284} 284}
285 285
286static void jffs2_free_all_node_refs(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb) 286void jffs2_free_jeb_node_refs(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb)
287{ 287{
288 struct jffs2_raw_node_ref *ref; 288 struct jffs2_raw_node_ref *block, *ref;
289 D1(printk(KERN_DEBUG "Freeing all node refs for eraseblock offset 0x%08x\n", jeb->offset)); 289 D1(printk(KERN_DEBUG "Freeing all node refs for eraseblock offset 0x%08x\n", jeb->offset));
290 while(jeb->first_node) {
291 ref = jeb->first_node;
292 jeb->first_node = ref->next_phys;
293 290
294 /* Remove from the inode-list */ 291 block = ref = jeb->first_node;
295 if (ref->next_in_ino) 292
293 while (ref) {
294 if (ref->flash_offset == REF_LINK_NODE) {
295 ref = ref->next_in_ino;
296 jffs2_free_refblock(block);
297 block = ref;
298 continue;
299 }
300 if (ref->flash_offset != REF_EMPTY_NODE && ref->next_in_ino)
296 jffs2_remove_node_refs_from_ino_list(c, ref, jeb); 301 jffs2_remove_node_refs_from_ino_list(c, ref, jeb);
297 /* else it was a non-inode node or already removed, so don't bother */ 302 /* else it was a non-inode node or already removed, so don't bother */
298 303
299 jffs2_free_raw_node_ref(ref); 304 ref++;
300 } 305 }
301 jeb->last_node = NULL; 306 jeb->first_node = jeb->last_node = NULL;
302} 307}
303 308
304static int jffs2_block_check_erase(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, uint32_t *bad_offset) 309static int jffs2_block_check_erase(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, uint32_t *bad_offset)
@@ -351,7 +356,6 @@ fail:
351 356
352static void jffs2_mark_erased_block(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb) 357static void jffs2_mark_erased_block(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb)
353{ 358{
354 struct jffs2_raw_node_ref *marker_ref = NULL;
355 size_t retlen; 359 size_t retlen;
356 int ret; 360 int ret;
357 uint32_t bad_offset; 361 uint32_t bad_offset;
@@ -373,12 +377,8 @@ static void jffs2_mark_erased_block(struct jffs2_sb_info *c, struct jffs2_eraseb
373 goto filebad; 377 goto filebad;
374 } 378 }
375 379
376 jeb->first_node = jeb->last_node = NULL; 380 /* Everything else got zeroed before the erase */
377 jeb->free_size = c->sector_size; 381 jeb->free_size = c->sector_size;
378 jeb->used_size = 0;
379 jeb->dirty_size = 0;
380 jeb->wasted_size = 0;
381
382 } else { 382 } else {
383 383
384 struct kvec vecs[1]; 384 struct kvec vecs[1];
@@ -388,11 +388,7 @@ static void jffs2_mark_erased_block(struct jffs2_sb_info *c, struct jffs2_eraseb
388 .totlen = cpu_to_je32(c->cleanmarker_size) 388 .totlen = cpu_to_je32(c->cleanmarker_size)
389 }; 389 };
390 390
391 marker_ref = jffs2_alloc_raw_node_ref(); 391 jffs2_prealloc_raw_node_refs(c, jeb, 1);
392 if (!marker_ref) {
393 printk(KERN_WARNING "Failed to allocate raw node ref for clean marker. Refiling\n");
394 goto refile;
395 }
396 392
397 marker.hdr_crc = cpu_to_je32(crc32(0, &marker, sizeof(struct jffs2_unknown_node)-4)); 393 marker.hdr_crc = cpu_to_je32(crc32(0, &marker, sizeof(struct jffs2_unknown_node)-4));
398 394
@@ -408,21 +404,13 @@ static void jffs2_mark_erased_block(struct jffs2_sb_info *c, struct jffs2_eraseb
408 printk(KERN_WARNING "Short write to newly-erased block at 0x%08x: Wanted %zd, got %zd\n", 404 printk(KERN_WARNING "Short write to newly-erased block at 0x%08x: Wanted %zd, got %zd\n",
409 jeb->offset, sizeof(marker), retlen); 405 jeb->offset, sizeof(marker), retlen);
410 406
411 jffs2_free_raw_node_ref(marker_ref);
412 goto filebad; 407 goto filebad;
413 } 408 }
414 409
415 marker_ref->next_in_ino = NULL; 410 /* Everything else got zeroed before the erase */
416 marker_ref->next_phys = NULL; 411 jeb->free_size = c->sector_size;
417 marker_ref->flash_offset = jeb->offset | REF_NORMAL; 412 /* FIXME Special case for cleanmarker in empty block */
418 marker_ref->__totlen = c->cleanmarker_size; 413 jffs2_link_node_ref(c, jeb, jeb->offset | REF_NORMAL, c->cleanmarker_size, NULL);
419
420 jeb->first_node = jeb->last_node = marker_ref;
421
422 jeb->free_size = c->sector_size - c->cleanmarker_size;
423 jeb->used_size = c->cleanmarker_size;
424 jeb->dirty_size = 0;
425 jeb->wasted_size = 0;
426 } 414 }
427 415
428 spin_lock(&c->erase_completion_lock); 416 spin_lock(&c->erase_completion_lock);
diff --git a/fs/jffs2/file.c b/fs/jffs2/file.c
index 9f4171213e58..bb8844f40e48 100644
--- a/fs/jffs2/file.c
+++ b/fs/jffs2/file.c
@@ -54,7 +54,12 @@ const struct file_operations jffs2_file_operations =
54 54
55struct inode_operations jffs2_file_inode_operations = 55struct inode_operations jffs2_file_inode_operations =
56{ 56{
57 .setattr = jffs2_setattr 57 .permission = jffs2_permission,
58 .setattr = jffs2_setattr,
59 .setxattr = jffs2_setxattr,
60 .getxattr = jffs2_getxattr,
61 .listxattr = jffs2_listxattr,
62 .removexattr = jffs2_removexattr
58}; 63};
59 64
60struct address_space_operations jffs2_file_address_operations = 65struct address_space_operations jffs2_file_address_operations =
@@ -129,13 +134,13 @@ static int jffs2_prepare_write (struct file *filp, struct page *pg,
129 struct jffs2_sb_info *c = JFFS2_SB_INFO(inode->i_sb); 134 struct jffs2_sb_info *c = JFFS2_SB_INFO(inode->i_sb);
130 struct jffs2_raw_inode ri; 135 struct jffs2_raw_inode ri;
131 struct jffs2_full_dnode *fn; 136 struct jffs2_full_dnode *fn;
132 uint32_t phys_ofs, alloc_len; 137 uint32_t alloc_len;
133 138
134 D1(printk(KERN_DEBUG "Writing new hole frag 0x%x-0x%x between current EOF and new page\n", 139 D1(printk(KERN_DEBUG "Writing new hole frag 0x%x-0x%x between current EOF and new page\n",
135 (unsigned int)inode->i_size, pageofs)); 140 (unsigned int)inode->i_size, pageofs));
136 141
137 ret = jffs2_reserve_space(c, sizeof(ri), &phys_ofs, &alloc_len, 142 ret = jffs2_reserve_space(c, sizeof(ri), &alloc_len,
138 ALLOC_NORMAL, JFFS2_SUMMARY_INODE_SIZE); 143 ALLOC_NORMAL, JFFS2_SUMMARY_INODE_SIZE);
139 if (ret) 144 if (ret)
140 return ret; 145 return ret;
141 146
@@ -161,7 +166,7 @@ static int jffs2_prepare_write (struct file *filp, struct page *pg,
161 ri.node_crc = cpu_to_je32(crc32(0, &ri, sizeof(ri)-8)); 166 ri.node_crc = cpu_to_je32(crc32(0, &ri, sizeof(ri)-8));
162 ri.data_crc = cpu_to_je32(0); 167 ri.data_crc = cpu_to_je32(0);
163 168
164 fn = jffs2_write_dnode(c, f, &ri, NULL, 0, phys_ofs, ALLOC_NORMAL); 169 fn = jffs2_write_dnode(c, f, &ri, NULL, 0, ALLOC_NORMAL);
165 170
166 if (IS_ERR(fn)) { 171 if (IS_ERR(fn)) {
167 ret = PTR_ERR(fn); 172 ret = PTR_ERR(fn);
@@ -215,12 +220,20 @@ static int jffs2_commit_write (struct file *filp, struct page *pg,
215 D1(printk(KERN_DEBUG "jffs2_commit_write(): ino #%lu, page at 0x%lx, range %d-%d, flags %lx\n", 220 D1(printk(KERN_DEBUG "jffs2_commit_write(): ino #%lu, page at 0x%lx, range %d-%d, flags %lx\n",
216 inode->i_ino, pg->index << PAGE_CACHE_SHIFT, start, end, pg->flags)); 221 inode->i_ino, pg->index << PAGE_CACHE_SHIFT, start, end, pg->flags));
217 222
218 if (!start && end == PAGE_CACHE_SIZE) { 223 if (end == PAGE_CACHE_SIZE) {
219 /* We need to avoid deadlock with page_cache_read() in 224 if (!start) {
220 jffs2_garbage_collect_pass(). So we have to mark the 225 /* We need to avoid deadlock with page_cache_read() in
221 page up to date, to prevent page_cache_read() from 226 jffs2_garbage_collect_pass(). So we have to mark the
222 trying to re-lock it. */ 227 page up to date, to prevent page_cache_read() from
223 SetPageUptodate(pg); 228 trying to re-lock it. */
229 SetPageUptodate(pg);
230 } else {
231 /* When writing out the end of a page, write out the
232 _whole_ page. This helps to reduce the number of
233 nodes in files which have many short writes, like
234 syslog files. */
235 start = aligned_start = 0;
236 }
224 } 237 }
225 238
226 ri = jffs2_alloc_raw_inode(); 239 ri = jffs2_alloc_raw_inode();
diff --git a/fs/jffs2/fs.c b/fs/jffs2/fs.c
index 09e5d10b8840..7b6c24b14f85 100644
--- a/fs/jffs2/fs.c
+++ b/fs/jffs2/fs.c
@@ -33,11 +33,11 @@ static int jffs2_do_setattr (struct inode *inode, struct iattr *iattr)
33 struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode); 33 struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode);
34 struct jffs2_sb_info *c = JFFS2_SB_INFO(inode->i_sb); 34 struct jffs2_sb_info *c = JFFS2_SB_INFO(inode->i_sb);
35 struct jffs2_raw_inode *ri; 35 struct jffs2_raw_inode *ri;
36 unsigned short dev; 36 union jffs2_device_node dev;
37 unsigned char *mdata = NULL; 37 unsigned char *mdata = NULL;
38 int mdatalen = 0; 38 int mdatalen = 0;
39 unsigned int ivalid; 39 unsigned int ivalid;
40 uint32_t phys_ofs, alloclen; 40 uint32_t alloclen;
41 int ret; 41 int ret;
42 D1(printk(KERN_DEBUG "jffs2_setattr(): ino #%lu\n", inode->i_ino)); 42 D1(printk(KERN_DEBUG "jffs2_setattr(): ino #%lu\n", inode->i_ino));
43 ret = inode_change_ok(inode, iattr); 43 ret = inode_change_ok(inode, iattr);
@@ -51,20 +51,24 @@ static int jffs2_do_setattr (struct inode *inode, struct iattr *iattr)
51 it out again with the appropriate data attached */ 51 it out again with the appropriate data attached */
52 if (S_ISBLK(inode->i_mode) || S_ISCHR(inode->i_mode)) { 52 if (S_ISBLK(inode->i_mode) || S_ISCHR(inode->i_mode)) {
53 /* For these, we don't actually need to read the old node */ 53 /* For these, we don't actually need to read the old node */
54 dev = old_encode_dev(inode->i_rdev); 54 mdatalen = jffs2_encode_dev(&dev, inode->i_rdev);
55 mdata = (char *)&dev; 55 mdata = (char *)&dev;
56 mdatalen = sizeof(dev);
57 D1(printk(KERN_DEBUG "jffs2_setattr(): Writing %d bytes of kdev_t\n", mdatalen)); 56 D1(printk(KERN_DEBUG "jffs2_setattr(): Writing %d bytes of kdev_t\n", mdatalen));
58 } else if (S_ISLNK(inode->i_mode)) { 57 } else if (S_ISLNK(inode->i_mode)) {
58 down(&f->sem);
59 mdatalen = f->metadata->size; 59 mdatalen = f->metadata->size;
60 mdata = kmalloc(f->metadata->size, GFP_USER); 60 mdata = kmalloc(f->metadata->size, GFP_USER);
61 if (!mdata) 61 if (!mdata) {
62 up(&f->sem);
62 return -ENOMEM; 63 return -ENOMEM;
64 }
63 ret = jffs2_read_dnode(c, f, f->metadata, mdata, 0, mdatalen); 65 ret = jffs2_read_dnode(c, f, f->metadata, mdata, 0, mdatalen);
64 if (ret) { 66 if (ret) {
67 up(&f->sem);
65 kfree(mdata); 68 kfree(mdata);
66 return ret; 69 return ret;
67 } 70 }
71 up(&f->sem);
68 D1(printk(KERN_DEBUG "jffs2_setattr(): Writing %d bytes of symlink target\n", mdatalen)); 72 D1(printk(KERN_DEBUG "jffs2_setattr(): Writing %d bytes of symlink target\n", mdatalen));
69 } 73 }
70 74
@@ -75,8 +79,8 @@ static int jffs2_do_setattr (struct inode *inode, struct iattr *iattr)
75 return -ENOMEM; 79 return -ENOMEM;
76 } 80 }
77 81
78 ret = jffs2_reserve_space(c, sizeof(*ri) + mdatalen, &phys_ofs, &alloclen, 82 ret = jffs2_reserve_space(c, sizeof(*ri) + mdatalen, &alloclen,
79 ALLOC_NORMAL, JFFS2_SUMMARY_INODE_SIZE); 83 ALLOC_NORMAL, JFFS2_SUMMARY_INODE_SIZE);
80 if (ret) { 84 if (ret) {
81 jffs2_free_raw_inode(ri); 85 jffs2_free_raw_inode(ri);
82 if (S_ISLNK(inode->i_mode & S_IFMT)) 86 if (S_ISLNK(inode->i_mode & S_IFMT))
@@ -127,7 +131,7 @@ static int jffs2_do_setattr (struct inode *inode, struct iattr *iattr)
127 else 131 else
128 ri->data_crc = cpu_to_je32(0); 132 ri->data_crc = cpu_to_je32(0);
129 133
130 new_metadata = jffs2_write_dnode(c, f, ri, mdata, mdatalen, phys_ofs, ALLOC_NORMAL); 134 new_metadata = jffs2_write_dnode(c, f, ri, mdata, mdatalen, ALLOC_NORMAL);
131 if (S_ISLNK(inode->i_mode)) 135 if (S_ISLNK(inode->i_mode))
132 kfree(mdata); 136 kfree(mdata);
133 137
@@ -180,7 +184,12 @@ static int jffs2_do_setattr (struct inode *inode, struct iattr *iattr)
180 184
181int jffs2_setattr(struct dentry *dentry, struct iattr *iattr) 185int jffs2_setattr(struct dentry *dentry, struct iattr *iattr)
182{ 186{
183 return jffs2_do_setattr(dentry->d_inode, iattr); 187 int rc;
188
189 rc = jffs2_do_setattr(dentry->d_inode, iattr);
190 if (!rc && (iattr->ia_valid & ATTR_MODE))
191 rc = jffs2_acl_chmod(dentry->d_inode);
192 return rc;
184} 193}
185 194
186int jffs2_statfs(struct super_block *sb, struct kstatfs *buf) 195int jffs2_statfs(struct super_block *sb, struct kstatfs *buf)
@@ -219,6 +228,7 @@ void jffs2_clear_inode (struct inode *inode)
219 228
220 D1(printk(KERN_DEBUG "jffs2_clear_inode(): ino #%lu mode %o\n", inode->i_ino, inode->i_mode)); 229 D1(printk(KERN_DEBUG "jffs2_clear_inode(): ino #%lu mode %o\n", inode->i_ino, inode->i_mode));
221 230
231 jffs2_xattr_delete_inode(c, f->inocache);
222 jffs2_do_clear_inode(c, f); 232 jffs2_do_clear_inode(c, f);
223} 233}
224 234
@@ -227,6 +237,8 @@ void jffs2_read_inode (struct inode *inode)
227 struct jffs2_inode_info *f; 237 struct jffs2_inode_info *f;
228 struct jffs2_sb_info *c; 238 struct jffs2_sb_info *c;
229 struct jffs2_raw_inode latest_node; 239 struct jffs2_raw_inode latest_node;
240 union jffs2_device_node jdev;
241 dev_t rdev = 0;
230 int ret; 242 int ret;
231 243
232 D1(printk(KERN_DEBUG "jffs2_read_inode(): inode->i_ino == %lu\n", inode->i_ino)); 244 D1(printk(KERN_DEBUG "jffs2_read_inode(): inode->i_ino == %lu\n", inode->i_ino));
@@ -258,7 +270,6 @@ void jffs2_read_inode (struct inode *inode)
258 inode->i_blocks = (inode->i_size + 511) >> 9; 270 inode->i_blocks = (inode->i_size + 511) >> 9;
259 271
260 switch (inode->i_mode & S_IFMT) { 272 switch (inode->i_mode & S_IFMT) {
261 jint16_t rdev;
262 273
263 case S_IFLNK: 274 case S_IFLNK:
264 inode->i_op = &jffs2_symlink_inode_operations; 275 inode->i_op = &jffs2_symlink_inode_operations;
@@ -292,8 +303,16 @@ void jffs2_read_inode (struct inode *inode)
292 case S_IFBLK: 303 case S_IFBLK:
293 case S_IFCHR: 304 case S_IFCHR:
294 /* Read the device numbers from the media */ 305 /* Read the device numbers from the media */
306 if (f->metadata->size != sizeof(jdev.old) &&
307 f->metadata->size != sizeof(jdev.new)) {
308 printk(KERN_NOTICE "Device node has strange size %d\n", f->metadata->size);
309 up(&f->sem);
310 jffs2_do_clear_inode(c, f);
311 make_bad_inode(inode);
312 return;
313 }
295 D1(printk(KERN_DEBUG "Reading device numbers from flash\n")); 314 D1(printk(KERN_DEBUG "Reading device numbers from flash\n"));
296 if (jffs2_read_dnode(c, f, f->metadata, (char *)&rdev, 0, sizeof(rdev)) < 0) { 315 if (jffs2_read_dnode(c, f, f->metadata, (char *)&jdev, 0, f->metadata->size) < 0) {
297 /* Eep */ 316 /* Eep */
298 printk(KERN_NOTICE "Read device numbers for inode %lu failed\n", (unsigned long)inode->i_ino); 317 printk(KERN_NOTICE "Read device numbers for inode %lu failed\n", (unsigned long)inode->i_ino);
299 up(&f->sem); 318 up(&f->sem);
@@ -301,12 +320,15 @@ void jffs2_read_inode (struct inode *inode)
301 make_bad_inode(inode); 320 make_bad_inode(inode);
302 return; 321 return;
303 } 322 }
323 if (f->metadata->size == sizeof(jdev.old))
324 rdev = old_decode_dev(je16_to_cpu(jdev.old));
325 else
326 rdev = new_decode_dev(je32_to_cpu(jdev.new));
304 327
305 case S_IFSOCK: 328 case S_IFSOCK:
306 case S_IFIFO: 329 case S_IFIFO:
307 inode->i_op = &jffs2_file_inode_operations; 330 inode->i_op = &jffs2_file_inode_operations;
308 init_special_inode(inode, inode->i_mode, 331 init_special_inode(inode, inode->i_mode, rdev);
309 old_decode_dev((je16_to_cpu(rdev))));
310 break; 332 break;
311 333
312 default: 334 default:
@@ -492,6 +514,8 @@ int jffs2_do_fill_super(struct super_block *sb, void *data, int silent)
492 } 514 }
493 memset(c->inocache_list, 0, INOCACHE_HASHSIZE * sizeof(struct jffs2_inode_cache *)); 515 memset(c->inocache_list, 0, INOCACHE_HASHSIZE * sizeof(struct jffs2_inode_cache *));
494 516
517 jffs2_init_xattr_subsystem(c);
518
495 if ((ret = jffs2_do_mount_fs(c))) 519 if ((ret = jffs2_do_mount_fs(c)))
496 goto out_inohash; 520 goto out_inohash;
497 521
@@ -526,6 +550,7 @@ int jffs2_do_fill_super(struct super_block *sb, void *data, int silent)
526 else 550 else
527 kfree(c->blocks); 551 kfree(c->blocks);
528 out_inohash: 552 out_inohash:
553 jffs2_clear_xattr_subsystem(c);
529 kfree(c->inocache_list); 554 kfree(c->inocache_list);
530 out_wbuf: 555 out_wbuf:
531 jffs2_flash_cleanup(c); 556 jffs2_flash_cleanup(c);
@@ -639,13 +664,6 @@ static int jffs2_flash_setup(struct jffs2_sb_info *c) {
639 return ret; 664 return ret;
640 } 665 }
641 666
642 /* add setups for other bizarre flashes here... */
643 if (jffs2_nor_ecc(c)) {
644 ret = jffs2_nor_ecc_flash_setup(c);
645 if (ret)
646 return ret;
647 }
648
649 /* and Dataflash */ 667 /* and Dataflash */
650 if (jffs2_dataflash(c)) { 668 if (jffs2_dataflash(c)) {
651 ret = jffs2_dataflash_setup(c); 669 ret = jffs2_dataflash_setup(c);
@@ -669,11 +687,6 @@ void jffs2_flash_cleanup(struct jffs2_sb_info *c) {
669 jffs2_nand_flash_cleanup(c); 687 jffs2_nand_flash_cleanup(c);
670 } 688 }
671 689
672 /* add cleanups for other bizarre flashes here... */
673 if (jffs2_nor_ecc(c)) {
674 jffs2_nor_ecc_flash_cleanup(c);
675 }
676
677 /* and DataFlash */ 690 /* and DataFlash */
678 if (jffs2_dataflash(c)) { 691 if (jffs2_dataflash(c)) {
679 jffs2_dataflash_cleanup(c); 692 jffs2_dataflash_cleanup(c);
diff --git a/fs/jffs2/gc.c b/fs/jffs2/gc.c
index f9ffece453a3..477c526d638b 100644
--- a/fs/jffs2/gc.c
+++ b/fs/jffs2/gc.c
@@ -125,6 +125,7 @@ int jffs2_garbage_collect_pass(struct jffs2_sb_info *c)
125 struct jffs2_eraseblock *jeb; 125 struct jffs2_eraseblock *jeb;
126 struct jffs2_raw_node_ref *raw; 126 struct jffs2_raw_node_ref *raw;
127 int ret = 0, inum, nlink; 127 int ret = 0, inum, nlink;
128 int xattr = 0;
128 129
129 if (down_interruptible(&c->alloc_sem)) 130 if (down_interruptible(&c->alloc_sem))
130 return -EINTR; 131 return -EINTR;
@@ -138,7 +139,7 @@ int jffs2_garbage_collect_pass(struct jffs2_sb_info *c)
138 the node CRCs etc. Do it now. */ 139 the node CRCs etc. Do it now. */
139 140
140 /* checked_ino is protected by the alloc_sem */ 141 /* checked_ino is protected by the alloc_sem */
141 if (c->checked_ino > c->highest_ino) { 142 if (c->checked_ino > c->highest_ino && xattr) {
142 printk(KERN_CRIT "Checked all inodes but still 0x%x bytes of unchecked space?\n", 143 printk(KERN_CRIT "Checked all inodes but still 0x%x bytes of unchecked space?\n",
143 c->unchecked_size); 144 c->unchecked_size);
144 jffs2_dbg_dump_block_lists_nolock(c); 145 jffs2_dbg_dump_block_lists_nolock(c);
@@ -148,6 +149,9 @@ int jffs2_garbage_collect_pass(struct jffs2_sb_info *c)
148 149
149 spin_unlock(&c->erase_completion_lock); 150 spin_unlock(&c->erase_completion_lock);
150 151
152 if (!xattr)
153 xattr = jffs2_verify_xattr(c);
154
151 spin_lock(&c->inocache_lock); 155 spin_lock(&c->inocache_lock);
152 156
153 ic = jffs2_get_ino_cache(c, c->checked_ino++); 157 ic = jffs2_get_ino_cache(c, c->checked_ino++);
@@ -181,6 +185,10 @@ int jffs2_garbage_collect_pass(struct jffs2_sb_info *c)
181 and trigger the BUG() above while we haven't yet 185 and trigger the BUG() above while we haven't yet
182 finished checking all its nodes */ 186 finished checking all its nodes */
183 D1(printk(KERN_DEBUG "Waiting for ino #%u to finish reading\n", ic->ino)); 187 D1(printk(KERN_DEBUG "Waiting for ino #%u to finish reading\n", ic->ino));
188 /* We need to come back again for the _same_ inode. We've
189 made no progress in this case, but that should be OK */
190 c->checked_ino--;
191
184 up(&c->alloc_sem); 192 up(&c->alloc_sem);
185 sleep_on_spinunlock(&c->inocache_wq, &c->inocache_lock); 193 sleep_on_spinunlock(&c->inocache_wq, &c->inocache_lock);
186 return 0; 194 return 0;
@@ -231,7 +239,7 @@ int jffs2_garbage_collect_pass(struct jffs2_sb_info *c)
231 239
232 while(ref_obsolete(raw)) { 240 while(ref_obsolete(raw)) {
233 D1(printk(KERN_DEBUG "Node at 0x%08x is obsolete... skipping\n", ref_offset(raw))); 241 D1(printk(KERN_DEBUG "Node at 0x%08x is obsolete... skipping\n", ref_offset(raw)));
234 raw = raw->next_phys; 242 raw = ref_next(raw);
235 if (unlikely(!raw)) { 243 if (unlikely(!raw)) {
236 printk(KERN_WARNING "eep. End of raw list while still supposedly nodes to GC\n"); 244 printk(KERN_WARNING "eep. End of raw list while still supposedly nodes to GC\n");
237 printk(KERN_WARNING "erase block at 0x%08x. free_size 0x%08x, dirty_size 0x%08x, used_size 0x%08x\n", 245 printk(KERN_WARNING "erase block at 0x%08x. free_size 0x%08x, dirty_size 0x%08x, used_size 0x%08x\n",
@@ -248,16 +256,37 @@ int jffs2_garbage_collect_pass(struct jffs2_sb_info *c)
248 256
249 if (!raw->next_in_ino) { 257 if (!raw->next_in_ino) {
250 /* Inode-less node. Clean marker, snapshot or something like that */ 258 /* Inode-less node. Clean marker, snapshot or something like that */
251 /* FIXME: If it's something that needs to be copied, including something
252 we don't grok that has JFFS2_NODETYPE_RWCOMPAT_COPY, we should do so */
253 spin_unlock(&c->erase_completion_lock); 259 spin_unlock(&c->erase_completion_lock);
254 jffs2_mark_node_obsolete(c, raw); 260 if (ref_flags(raw) == REF_PRISTINE) {
261 /* It's an unknown node with JFFS2_FEATURE_RWCOMPAT_COPY */
262 jffs2_garbage_collect_pristine(c, NULL, raw);
263 } else {
264 /* Just mark it obsolete */
265 jffs2_mark_node_obsolete(c, raw);
266 }
255 up(&c->alloc_sem); 267 up(&c->alloc_sem);
256 goto eraseit_lock; 268 goto eraseit_lock;
257 } 269 }
258 270
259 ic = jffs2_raw_ref_to_ic(raw); 271 ic = jffs2_raw_ref_to_ic(raw);
260 272
273#ifdef CONFIG_JFFS2_FS_XATTR
274 /* When 'ic' refers xattr_datum/xattr_ref, this node is GCed as xattr.
275 * We can decide whether this node is inode or xattr by ic->class. */
276 if (ic->class == RAWNODE_CLASS_XATTR_DATUM
277 || ic->class == RAWNODE_CLASS_XATTR_REF) {
278 BUG_ON(raw->next_in_ino != (void *)ic);
279 spin_unlock(&c->erase_completion_lock);
280
281 if (ic->class == RAWNODE_CLASS_XATTR_DATUM) {
282 ret = jffs2_garbage_collect_xattr_datum(c, (struct jffs2_xattr_datum *)ic);
283 } else {
284 ret = jffs2_garbage_collect_xattr_ref(c, (struct jffs2_xattr_ref *)ic);
285 }
286 goto release_sem;
287 }
288#endif
289
261 /* We need to hold the inocache. Either the erase_completion_lock or 290 /* We need to hold the inocache. Either the erase_completion_lock or
262 the inocache_lock are sufficient; we trade down since the inocache_lock 291 the inocache_lock are sufficient; we trade down since the inocache_lock
263 causes less contention. */ 292 causes less contention. */
@@ -499,7 +528,6 @@ static int jffs2_garbage_collect_pristine(struct jffs2_sb_info *c,
499 struct jffs2_raw_node_ref *raw) 528 struct jffs2_raw_node_ref *raw)
500{ 529{
501 union jffs2_node_union *node; 530 union jffs2_node_union *node;
502 struct jffs2_raw_node_ref *nraw;
503 size_t retlen; 531 size_t retlen;
504 int ret; 532 int ret;
505 uint32_t phys_ofs, alloclen; 533 uint32_t phys_ofs, alloclen;
@@ -508,15 +536,16 @@ static int jffs2_garbage_collect_pristine(struct jffs2_sb_info *c,
508 536
509 D1(printk(KERN_DEBUG "Going to GC REF_PRISTINE node at 0x%08x\n", ref_offset(raw))); 537 D1(printk(KERN_DEBUG "Going to GC REF_PRISTINE node at 0x%08x\n", ref_offset(raw)));
510 538
511 rawlen = ref_totlen(c, c->gcblock, raw); 539 alloclen = rawlen = ref_totlen(c, c->gcblock, raw);
512 540
513 /* Ask for a small amount of space (or the totlen if smaller) because we 541 /* Ask for a small amount of space (or the totlen if smaller) because we
514 don't want to force wastage of the end of a block if splitting would 542 don't want to force wastage of the end of a block if splitting would
515 work. */ 543 work. */
516 ret = jffs2_reserve_space_gc(c, min_t(uint32_t, sizeof(struct jffs2_raw_inode) + 544 if (ic && alloclen > sizeof(struct jffs2_raw_inode) + JFFS2_MIN_DATA_LEN)
517 JFFS2_MIN_DATA_LEN, rawlen), &phys_ofs, &alloclen, rawlen); 545 alloclen = sizeof(struct jffs2_raw_inode) + JFFS2_MIN_DATA_LEN;
518 /* this is not the exact summary size of it, 546
519 it is only an upper estimation */ 547 ret = jffs2_reserve_space_gc(c, alloclen, &alloclen, rawlen);
548 /* 'rawlen' is not the exact summary size; it is only an upper estimation */
520 549
521 if (ret) 550 if (ret)
522 return ret; 551 return ret;
@@ -580,22 +609,17 @@ static int jffs2_garbage_collect_pristine(struct jffs2_sb_info *c,
580 } 609 }
581 break; 610 break;
582 default: 611 default:
583 printk(KERN_WARNING "Unknown node type for REF_PRISTINE node at 0x%08x: 0x%04x\n", 612 /* If it's inode-less, we don't _know_ what it is. Just copy it intact */
584 ref_offset(raw), je16_to_cpu(node->u.nodetype)); 613 if (ic) {
585 goto bail; 614 printk(KERN_WARNING "Unknown node type for REF_PRISTINE node at 0x%08x: 0x%04x\n",
586 } 615 ref_offset(raw), je16_to_cpu(node->u.nodetype));
587 616 goto bail;
588 nraw = jffs2_alloc_raw_node_ref(); 617 }
589 if (!nraw) {
590 ret = -ENOMEM;
591 goto out_node;
592 } 618 }
593 619
594 /* OK, all the CRCs are good; this node can just be copied as-is. */ 620 /* OK, all the CRCs are good; this node can just be copied as-is. */
595 retry: 621 retry:
596 nraw->flash_offset = phys_ofs; 622 phys_ofs = write_ofs(c);
597 nraw->__totlen = rawlen;
598 nraw->next_phys = NULL;
599 623
600 ret = jffs2_flash_write(c, phys_ofs, rawlen, &retlen, (char *)node); 624 ret = jffs2_flash_write(c, phys_ofs, rawlen, &retlen, (char *)node);
601 625
@@ -603,17 +627,11 @@ static int jffs2_garbage_collect_pristine(struct jffs2_sb_info *c,
603 printk(KERN_NOTICE "Write of %d bytes at 0x%08x failed. returned %d, retlen %zd\n", 627 printk(KERN_NOTICE "Write of %d bytes at 0x%08x failed. returned %d, retlen %zd\n",
604 rawlen, phys_ofs, ret, retlen); 628 rawlen, phys_ofs, ret, retlen);
605 if (retlen) { 629 if (retlen) {
606 /* Doesn't belong to any inode */ 630 jffs2_add_physical_node_ref(c, phys_ofs | REF_OBSOLETE, rawlen, NULL);
607 nraw->next_in_ino = NULL;
608
609 nraw->flash_offset |= REF_OBSOLETE;
610 jffs2_add_physical_node_ref(c, nraw);
611 jffs2_mark_node_obsolete(c, nraw);
612 } else { 631 } else {
613 printk(KERN_NOTICE "Not marking the space at 0x%08x as dirty because the flash driver returned retlen zero\n", nraw->flash_offset); 632 printk(KERN_NOTICE "Not marking the space at 0x%08x as dirty because the flash driver returned retlen zero\n", phys_ofs);
614 jffs2_free_raw_node_ref(nraw);
615 } 633 }
616 if (!retried && (nraw = jffs2_alloc_raw_node_ref())) { 634 if (!retried) {
617 /* Try to reallocate space and retry */ 635 /* Try to reallocate space and retry */
618 uint32_t dummy; 636 uint32_t dummy;
619 struct jffs2_eraseblock *jeb = &c->blocks[phys_ofs / c->sector_size]; 637 struct jffs2_eraseblock *jeb = &c->blocks[phys_ofs / c->sector_size];
@@ -625,7 +643,7 @@ static int jffs2_garbage_collect_pristine(struct jffs2_sb_info *c,
625 jffs2_dbg_acct_sanity_check(c,jeb); 643 jffs2_dbg_acct_sanity_check(c,jeb);
626 jffs2_dbg_acct_paranoia_check(c, jeb); 644 jffs2_dbg_acct_paranoia_check(c, jeb);
627 645
628 ret = jffs2_reserve_space_gc(c, rawlen, &phys_ofs, &dummy, rawlen); 646 ret = jffs2_reserve_space_gc(c, rawlen, &dummy, rawlen);
629 /* this is not the exact summary size of it, 647 /* this is not the exact summary size of it,
630 it is only an upper estimation */ 648 it is only an upper estimation */
631 649
@@ -638,25 +656,13 @@ static int jffs2_garbage_collect_pristine(struct jffs2_sb_info *c,
638 goto retry; 656 goto retry;
639 } 657 }
640 D1(printk(KERN_DEBUG "Failed to allocate space to retry failed write: %d!\n", ret)); 658 D1(printk(KERN_DEBUG "Failed to allocate space to retry failed write: %d!\n", ret));
641 jffs2_free_raw_node_ref(nraw);
642 } 659 }
643 660
644 jffs2_free_raw_node_ref(nraw);
645 if (!ret) 661 if (!ret)
646 ret = -EIO; 662 ret = -EIO;
647 goto out_node; 663 goto out_node;
648 } 664 }
649 nraw->flash_offset |= REF_PRISTINE; 665 jffs2_add_physical_node_ref(c, phys_ofs | REF_PRISTINE, rawlen, ic);
650 jffs2_add_physical_node_ref(c, nraw);
651
652 /* Link into per-inode list. This is safe because of the ic
653 state being INO_STATE_GC. Note that if we're doing this
654 for an inode which is in-core, the 'nraw' pointer is then
655 going to be fetched from ic->nodes by our caller. */
656 spin_lock(&c->erase_completion_lock);
657 nraw->next_in_ino = ic->nodes;
658 ic->nodes = nraw;
659 spin_unlock(&c->erase_completion_lock);
660 666
661 jffs2_mark_node_obsolete(c, raw); 667 jffs2_mark_node_obsolete(c, raw);
662 D1(printk(KERN_DEBUG "WHEEE! GC REF_PRISTINE node at 0x%08x succeeded\n", ref_offset(raw))); 668 D1(printk(KERN_DEBUG "WHEEE! GC REF_PRISTINE node at 0x%08x succeeded\n", ref_offset(raw)));
@@ -675,19 +681,16 @@ static int jffs2_garbage_collect_metadata(struct jffs2_sb_info *c, struct jffs2_
675 struct jffs2_full_dnode *new_fn; 681 struct jffs2_full_dnode *new_fn;
676 struct jffs2_raw_inode ri; 682 struct jffs2_raw_inode ri;
677 struct jffs2_node_frag *last_frag; 683 struct jffs2_node_frag *last_frag;
678 jint16_t dev; 684 union jffs2_device_node dev;
679 char *mdata = NULL, mdatalen = 0; 685 char *mdata = NULL, mdatalen = 0;
680 uint32_t alloclen, phys_ofs, ilen; 686 uint32_t alloclen, ilen;
681 int ret; 687 int ret;
682 688
683 if (S_ISBLK(JFFS2_F_I_MODE(f)) || 689 if (S_ISBLK(JFFS2_F_I_MODE(f)) ||
684 S_ISCHR(JFFS2_F_I_MODE(f)) ) { 690 S_ISCHR(JFFS2_F_I_MODE(f)) ) {
685 /* For these, we don't actually need to read the old node */ 691 /* For these, we don't actually need to read the old node */
686 /* FIXME: for minor or major > 255. */ 692 mdatalen = jffs2_encode_dev(&dev, JFFS2_F_I_RDEV(f));
687 dev = cpu_to_je16(((JFFS2_F_I_RDEV_MAJ(f) << 8) |
688 JFFS2_F_I_RDEV_MIN(f)));
689 mdata = (char *)&dev; 693 mdata = (char *)&dev;
690 mdatalen = sizeof(dev);
691 D1(printk(KERN_DEBUG "jffs2_garbage_collect_metadata(): Writing %d bytes of kdev_t\n", mdatalen)); 694 D1(printk(KERN_DEBUG "jffs2_garbage_collect_metadata(): Writing %d bytes of kdev_t\n", mdatalen));
692 } else if (S_ISLNK(JFFS2_F_I_MODE(f))) { 695 } else if (S_ISLNK(JFFS2_F_I_MODE(f))) {
693 mdatalen = fn->size; 696 mdatalen = fn->size;
@@ -706,7 +709,7 @@ static int jffs2_garbage_collect_metadata(struct jffs2_sb_info *c, struct jffs2_
706 709
707 } 710 }
708 711
709 ret = jffs2_reserve_space_gc(c, sizeof(ri) + mdatalen, &phys_ofs, &alloclen, 712 ret = jffs2_reserve_space_gc(c, sizeof(ri) + mdatalen, &alloclen,
710 JFFS2_SUMMARY_INODE_SIZE); 713 JFFS2_SUMMARY_INODE_SIZE);
711 if (ret) { 714 if (ret) {
712 printk(KERN_WARNING "jffs2_reserve_space_gc of %zd bytes for garbage_collect_metadata failed: %d\n", 715 printk(KERN_WARNING "jffs2_reserve_space_gc of %zd bytes for garbage_collect_metadata failed: %d\n",
@@ -744,7 +747,7 @@ static int jffs2_garbage_collect_metadata(struct jffs2_sb_info *c, struct jffs2_
744 ri.node_crc = cpu_to_je32(crc32(0, &ri, sizeof(ri)-8)); 747 ri.node_crc = cpu_to_je32(crc32(0, &ri, sizeof(ri)-8));
745 ri.data_crc = cpu_to_je32(crc32(0, mdata, mdatalen)); 748 ri.data_crc = cpu_to_je32(crc32(0, mdata, mdatalen));
746 749
747 new_fn = jffs2_write_dnode(c, f, &ri, mdata, mdatalen, phys_ofs, ALLOC_GC); 750 new_fn = jffs2_write_dnode(c, f, &ri, mdata, mdatalen, ALLOC_GC);
748 751
749 if (IS_ERR(new_fn)) { 752 if (IS_ERR(new_fn)) {
750 printk(KERN_WARNING "Error writing new dnode: %ld\n", PTR_ERR(new_fn)); 753 printk(KERN_WARNING "Error writing new dnode: %ld\n", PTR_ERR(new_fn));
@@ -765,7 +768,7 @@ static int jffs2_garbage_collect_dirent(struct jffs2_sb_info *c, struct jffs2_er
765{ 768{
766 struct jffs2_full_dirent *new_fd; 769 struct jffs2_full_dirent *new_fd;
767 struct jffs2_raw_dirent rd; 770 struct jffs2_raw_dirent rd;
768 uint32_t alloclen, phys_ofs; 771 uint32_t alloclen;
769 int ret; 772 int ret;
770 773
771 rd.magic = cpu_to_je16(JFFS2_MAGIC_BITMASK); 774 rd.magic = cpu_to_je16(JFFS2_MAGIC_BITMASK);
@@ -787,14 +790,14 @@ static int jffs2_garbage_collect_dirent(struct jffs2_sb_info *c, struct jffs2_er
787 rd.node_crc = cpu_to_je32(crc32(0, &rd, sizeof(rd)-8)); 790 rd.node_crc = cpu_to_je32(crc32(0, &rd, sizeof(rd)-8));
788 rd.name_crc = cpu_to_je32(crc32(0, fd->name, rd.nsize)); 791 rd.name_crc = cpu_to_je32(crc32(0, fd->name, rd.nsize));
789 792
790 ret = jffs2_reserve_space_gc(c, sizeof(rd)+rd.nsize, &phys_ofs, &alloclen, 793 ret = jffs2_reserve_space_gc(c, sizeof(rd)+rd.nsize, &alloclen,
791 JFFS2_SUMMARY_DIRENT_SIZE(rd.nsize)); 794 JFFS2_SUMMARY_DIRENT_SIZE(rd.nsize));
792 if (ret) { 795 if (ret) {
793 printk(KERN_WARNING "jffs2_reserve_space_gc of %zd bytes for garbage_collect_dirent failed: %d\n", 796 printk(KERN_WARNING "jffs2_reserve_space_gc of %zd bytes for garbage_collect_dirent failed: %d\n",
794 sizeof(rd)+rd.nsize, ret); 797 sizeof(rd)+rd.nsize, ret);
795 return ret; 798 return ret;
796 } 799 }
797 new_fd = jffs2_write_dirent(c, f, &rd, fd->name, rd.nsize, phys_ofs, ALLOC_GC); 800 new_fd = jffs2_write_dirent(c, f, &rd, fd->name, rd.nsize, ALLOC_GC);
798 801
799 if (IS_ERR(new_fd)) { 802 if (IS_ERR(new_fd)) {
800 printk(KERN_WARNING "jffs2_write_dirent in garbage_collect_dirent failed: %ld\n", PTR_ERR(new_fd)); 803 printk(KERN_WARNING "jffs2_write_dirent in garbage_collect_dirent failed: %ld\n", PTR_ERR(new_fd));
@@ -922,7 +925,7 @@ static int jffs2_garbage_collect_hole(struct jffs2_sb_info *c, struct jffs2_eras
922 struct jffs2_raw_inode ri; 925 struct jffs2_raw_inode ri;
923 struct jffs2_node_frag *frag; 926 struct jffs2_node_frag *frag;
924 struct jffs2_full_dnode *new_fn; 927 struct jffs2_full_dnode *new_fn;
925 uint32_t alloclen, phys_ofs, ilen; 928 uint32_t alloclen, ilen;
926 int ret; 929 int ret;
927 930
928 D1(printk(KERN_DEBUG "Writing replacement hole node for ino #%u from offset 0x%x to 0x%x\n", 931 D1(printk(KERN_DEBUG "Writing replacement hole node for ino #%u from offset 0x%x to 0x%x\n",
@@ -1001,14 +1004,14 @@ static int jffs2_garbage_collect_hole(struct jffs2_sb_info *c, struct jffs2_eras
1001 ri.data_crc = cpu_to_je32(0); 1004 ri.data_crc = cpu_to_je32(0);
1002 ri.node_crc = cpu_to_je32(crc32(0, &ri, sizeof(ri)-8)); 1005 ri.node_crc = cpu_to_je32(crc32(0, &ri, sizeof(ri)-8));
1003 1006
1004 ret = jffs2_reserve_space_gc(c, sizeof(ri), &phys_ofs, &alloclen, 1007 ret = jffs2_reserve_space_gc(c, sizeof(ri), &alloclen,
1005 JFFS2_SUMMARY_INODE_SIZE); 1008 JFFS2_SUMMARY_INODE_SIZE);
1006 if (ret) { 1009 if (ret) {
1007 printk(KERN_WARNING "jffs2_reserve_space_gc of %zd bytes for garbage_collect_hole failed: %d\n", 1010 printk(KERN_WARNING "jffs2_reserve_space_gc of %zd bytes for garbage_collect_hole failed: %d\n",
1008 sizeof(ri), ret); 1011 sizeof(ri), ret);
1009 return ret; 1012 return ret;
1010 } 1013 }
1011 new_fn = jffs2_write_dnode(c, f, &ri, NULL, 0, phys_ofs, ALLOC_GC); 1014 new_fn = jffs2_write_dnode(c, f, &ri, NULL, 0, ALLOC_GC);
1012 1015
1013 if (IS_ERR(new_fn)) { 1016 if (IS_ERR(new_fn)) {
1014 printk(KERN_WARNING "Error writing new hole node: %ld\n", PTR_ERR(new_fn)); 1017 printk(KERN_WARNING "Error writing new hole node: %ld\n", PTR_ERR(new_fn));
@@ -1070,7 +1073,7 @@ static int jffs2_garbage_collect_dnode(struct jffs2_sb_info *c, struct jffs2_era
1070{ 1073{
1071 struct jffs2_full_dnode *new_fn; 1074 struct jffs2_full_dnode *new_fn;
1072 struct jffs2_raw_inode ri; 1075 struct jffs2_raw_inode ri;
1073 uint32_t alloclen, phys_ofs, offset, orig_end, orig_start; 1076 uint32_t alloclen, offset, orig_end, orig_start;
1074 int ret = 0; 1077 int ret = 0;
1075 unsigned char *comprbuf = NULL, *writebuf; 1078 unsigned char *comprbuf = NULL, *writebuf;
1076 unsigned long pg; 1079 unsigned long pg;
@@ -1227,7 +1230,7 @@ static int jffs2_garbage_collect_dnode(struct jffs2_sb_info *c, struct jffs2_era
1227 uint32_t cdatalen; 1230 uint32_t cdatalen;
1228 uint16_t comprtype = JFFS2_COMPR_NONE; 1231 uint16_t comprtype = JFFS2_COMPR_NONE;
1229 1232
1230 ret = jffs2_reserve_space_gc(c, sizeof(ri) + JFFS2_MIN_DATA_LEN, &phys_ofs, 1233 ret = jffs2_reserve_space_gc(c, sizeof(ri) + JFFS2_MIN_DATA_LEN,
1231 &alloclen, JFFS2_SUMMARY_INODE_SIZE); 1234 &alloclen, JFFS2_SUMMARY_INODE_SIZE);
1232 1235
1233 if (ret) { 1236 if (ret) {
@@ -1264,7 +1267,7 @@ static int jffs2_garbage_collect_dnode(struct jffs2_sb_info *c, struct jffs2_era
1264 ri.node_crc = cpu_to_je32(crc32(0, &ri, sizeof(ri)-8)); 1267 ri.node_crc = cpu_to_je32(crc32(0, &ri, sizeof(ri)-8));
1265 ri.data_crc = cpu_to_je32(crc32(0, comprbuf, cdatalen)); 1268 ri.data_crc = cpu_to_je32(crc32(0, comprbuf, cdatalen));
1266 1269
1267 new_fn = jffs2_write_dnode(c, f, &ri, comprbuf, cdatalen, phys_ofs, ALLOC_GC); 1270 new_fn = jffs2_write_dnode(c, f, &ri, comprbuf, cdatalen, ALLOC_GC);
1268 1271
1269 jffs2_free_comprbuf(comprbuf, writebuf); 1272 jffs2_free_comprbuf(comprbuf, writebuf);
1270 1273
diff --git a/fs/jffs2/histo.h b/fs/jffs2/histo.h
deleted file mode 100644
index 22a93a08210c..000000000000
--- a/fs/jffs2/histo.h
+++ /dev/null
@@ -1,3 +0,0 @@
1/* This file provides the bit-probabilities for the input file */
2#define BIT_DIVIDER 629
3static int bits[9] = { 179,167,183,165,159,198,178,119,}; /* ia32 .so files */
diff --git a/fs/jffs2/jffs2_fs_i.h b/fs/jffs2/jffs2_fs_i.h
new file mode 100644
index 000000000000..2e0cc8e00b85
--- /dev/null
+++ b/fs/jffs2/jffs2_fs_i.h
@@ -0,0 +1,55 @@
1/* $Id: jffs2_fs_i.h,v 1.19 2005/11/07 11:14:52 gleixner Exp $ */
2
3#ifndef _JFFS2_FS_I
4#define _JFFS2_FS_I
5
6#include <linux/version.h>
7#include <linux/rbtree.h>
8#include <linux/posix_acl.h>
9#include <asm/semaphore.h>
10
11struct jffs2_inode_info {
12 /* We need an internal mutex similar to inode->i_mutex.
13 Unfortunately, we can't used the existing one, because
14 either the GC would deadlock, or we'd have to release it
15 before letting GC proceed. Or we'd have to put ugliness
16 into the GC code so it didn't attempt to obtain the i_mutex
17 for the inode(s) which are already locked */
18 struct semaphore sem;
19
20 /* The highest (datanode) version number used for this ino */
21 uint32_t highest_version;
22
23 /* List of data fragments which make up the file */
24 struct rb_root fragtree;
25
26 /* There may be one datanode which isn't referenced by any of the
27 above fragments, if it contains a metadata update but no actual
28 data - or if this is a directory inode */
29 /* This also holds the _only_ dnode for symlinks/device nodes,
30 etc. */
31 struct jffs2_full_dnode *metadata;
32
33 /* Directory entries */
34 struct jffs2_full_dirent *dents;
35
36 /* The target path if this is the inode of a symlink */
37 unsigned char *target;
38
39 /* Some stuff we just have to keep in-core at all times, for each inode. */
40 struct jffs2_inode_cache *inocache;
41
42 uint16_t flags;
43 uint8_t usercompr;
44#if !defined (__ECOS)
45#if LINUX_VERSION_CODE > KERNEL_VERSION(2,5,2)
46 struct inode vfs_inode;
47#endif
48#endif
49#ifdef CONFIG_JFFS2_FS_POSIX_ACL
50 struct posix_acl *i_acl_access;
51 struct posix_acl *i_acl_default;
52#endif
53};
54
55#endif /* _JFFS2_FS_I */
diff --git a/fs/jffs2/jffs2_fs_sb.h b/fs/jffs2/jffs2_fs_sb.h
new file mode 100644
index 000000000000..935fec1b1201
--- /dev/null
+++ b/fs/jffs2/jffs2_fs_sb.h
@@ -0,0 +1,133 @@
1/* $Id: jffs2_fs_sb.h,v 1.54 2005/09/21 13:37:34 dedekind Exp $ */
2
3#ifndef _JFFS2_FS_SB
4#define _JFFS2_FS_SB
5
6#include <linux/types.h>
7#include <linux/spinlock.h>
8#include <linux/workqueue.h>
9#include <linux/completion.h>
10#include <asm/semaphore.h>
11#include <linux/timer.h>
12#include <linux/wait.h>
13#include <linux/list.h>
14#include <linux/rwsem.h>
15
16#define JFFS2_SB_FLAG_RO 1
17#define JFFS2_SB_FLAG_SCANNING 2 /* Flash scanning is in progress */
18#define JFFS2_SB_FLAG_BUILDING 4 /* File system building is in progress */
19
20struct jffs2_inodirty;
21
22/* A struct for the overall file system control. Pointers to
23 jffs2_sb_info structs are named `c' in the source code.
24 Nee jffs_control
25*/
26struct jffs2_sb_info {
27 struct mtd_info *mtd;
28
29 uint32_t highest_ino;
30 uint32_t checked_ino;
31
32 unsigned int flags;
33
34 struct task_struct *gc_task; /* GC task struct */
35 struct completion gc_thread_start; /* GC thread start completion */
36 struct completion gc_thread_exit; /* GC thread exit completion port */
37
38 struct semaphore alloc_sem; /* Used to protect all the following
39 fields, and also to protect against
40 out-of-order writing of nodes. And GC. */
41 uint32_t cleanmarker_size; /* Size of an _inline_ CLEANMARKER
42 (i.e. zero for OOB CLEANMARKER */
43
44 uint32_t flash_size;
45 uint32_t used_size;
46 uint32_t dirty_size;
47 uint32_t wasted_size;
48 uint32_t free_size;
49 uint32_t erasing_size;
50 uint32_t bad_size;
51 uint32_t sector_size;
52 uint32_t unchecked_size;
53
54 uint32_t nr_free_blocks;
55 uint32_t nr_erasing_blocks;
56
57 /* Number of free blocks there must be before we... */
58 uint8_t resv_blocks_write; /* ... allow a normal filesystem write */
59 uint8_t resv_blocks_deletion; /* ... allow a normal filesystem deletion */
60 uint8_t resv_blocks_gctrigger; /* ... wake up the GC thread */
61 uint8_t resv_blocks_gcbad; /* ... pick a block from the bad_list to GC */
62 uint8_t resv_blocks_gcmerge; /* ... merge pages when garbage collecting */
63
64 uint32_t nospc_dirty_size;
65
66 uint32_t nr_blocks;
67 struct jffs2_eraseblock *blocks; /* The whole array of blocks. Used for getting blocks
68 * from the offset (blocks[ofs / sector_size]) */
69 struct jffs2_eraseblock *nextblock; /* The block we're currently filling */
70
71 struct jffs2_eraseblock *gcblock; /* The block we're currently garbage-collecting */
72
73 struct list_head clean_list; /* Blocks 100% full of clean data */
74 struct list_head very_dirty_list; /* Blocks with lots of dirty space */
75 struct list_head dirty_list; /* Blocks with some dirty space */
76 struct list_head erasable_list; /* Blocks which are completely dirty, and need erasing */
77 struct list_head erasable_pending_wbuf_list; /* Blocks which need erasing but only after the current wbuf is flushed */
78 struct list_head erasing_list; /* Blocks which are currently erasing */
79 struct list_head erase_pending_list; /* Blocks which need erasing now */
80 struct list_head erase_complete_list; /* Blocks which are erased and need the clean marker written to them */
81 struct list_head free_list; /* Blocks which are free and ready to be used */
82 struct list_head bad_list; /* Bad blocks. */
83 struct list_head bad_used_list; /* Bad blocks with valid data in. */
84
85 spinlock_t erase_completion_lock; /* Protect free_list and erasing_list
86 against erase completion handler */
87 wait_queue_head_t erase_wait; /* For waiting for erases to complete */
88
89 wait_queue_head_t inocache_wq;
90 struct jffs2_inode_cache **inocache_list;
91 spinlock_t inocache_lock;
92
93 /* Sem to allow jffs2_garbage_collect_deletion_dirent to
94 drop the erase_completion_lock while it's holding a pointer
95 to an obsoleted node. I don't like this. Alternatives welcomed. */
96 struct semaphore erase_free_sem;
97
98 uint32_t wbuf_pagesize; /* 0 for NOR and other flashes with no wbuf */
99
100#ifdef CONFIG_JFFS2_FS_WRITEBUFFER
101 /* Write-behind buffer for NAND flash */
102 unsigned char *wbuf;
103 unsigned char *oobbuf;
104 uint32_t wbuf_ofs;
105 uint32_t wbuf_len;
106 struct jffs2_inodirty *wbuf_inodes;
107
108 struct rw_semaphore wbuf_sem; /* Protects the write buffer */
109
110 /* Information about out-of-band area usage... */
111 struct nand_ecclayout *ecclayout;
112 uint32_t badblock_pos;
113 uint32_t fsdata_pos;
114 uint32_t fsdata_len;
115#endif
116
117 struct jffs2_summary *summary; /* Summary information */
118
119#ifdef CONFIG_JFFS2_FS_XATTR
120#define XATTRINDEX_HASHSIZE (57)
121 uint32_t highest_xid;
122 struct list_head xattrindex[XATTRINDEX_HASHSIZE];
123 struct list_head xattr_unchecked;
124 struct jffs2_xattr_ref *xref_temp;
125 struct rw_semaphore xattr_sem;
126 uint32_t xdatum_mem_usage;
127 uint32_t xdatum_mem_threshold;
128#endif
129 /* OS-private pointer for getting back to master superblock info */
130 void *os_priv;
131};
132
133#endif /* _JFFS2_FB_SB */
diff --git a/fs/jffs2/malloc.c b/fs/jffs2/malloc.c
index 036cbd11c004..4889d0700c0e 100644
--- a/fs/jffs2/malloc.c
+++ b/fs/jffs2/malloc.c
@@ -26,6 +26,10 @@ static kmem_cache_t *tmp_dnode_info_slab;
26static kmem_cache_t *raw_node_ref_slab; 26static kmem_cache_t *raw_node_ref_slab;
27static kmem_cache_t *node_frag_slab; 27static kmem_cache_t *node_frag_slab;
28static kmem_cache_t *inode_cache_slab; 28static kmem_cache_t *inode_cache_slab;
29#ifdef CONFIG_JFFS2_FS_XATTR
30static kmem_cache_t *xattr_datum_cache;
31static kmem_cache_t *xattr_ref_cache;
32#endif
29 33
30int __init jffs2_create_slab_caches(void) 34int __init jffs2_create_slab_caches(void)
31{ 35{
@@ -53,8 +57,8 @@ int __init jffs2_create_slab_caches(void)
53 if (!tmp_dnode_info_slab) 57 if (!tmp_dnode_info_slab)
54 goto err; 58 goto err;
55 59
56 raw_node_ref_slab = kmem_cache_create("jffs2_raw_node_ref", 60 raw_node_ref_slab = kmem_cache_create("jffs2_refblock",
57 sizeof(struct jffs2_raw_node_ref), 61 sizeof(struct jffs2_raw_node_ref) * (REFS_PER_BLOCK + 1),
58 0, 0, NULL, NULL); 62 0, 0, NULL, NULL);
59 if (!raw_node_ref_slab) 63 if (!raw_node_ref_slab)
60 goto err; 64 goto err;
@@ -68,8 +72,24 @@ int __init jffs2_create_slab_caches(void)
68 inode_cache_slab = kmem_cache_create("jffs2_inode_cache", 72 inode_cache_slab = kmem_cache_create("jffs2_inode_cache",
69 sizeof(struct jffs2_inode_cache), 73 sizeof(struct jffs2_inode_cache),
70 0, 0, NULL, NULL); 74 0, 0, NULL, NULL);
71 if (inode_cache_slab) 75 if (!inode_cache_slab)
72 return 0; 76 goto err;
77
78#ifdef CONFIG_JFFS2_FS_XATTR
79 xattr_datum_cache = kmem_cache_create("jffs2_xattr_datum",
80 sizeof(struct jffs2_xattr_datum),
81 0, 0, NULL, NULL);
82 if (!xattr_datum_cache)
83 goto err;
84
85 xattr_ref_cache = kmem_cache_create("jffs2_xattr_ref",
86 sizeof(struct jffs2_xattr_ref),
87 0, 0, NULL, NULL);
88 if (!xattr_ref_cache)
89 goto err;
90#endif
91
92 return 0;
73 err: 93 err:
74 jffs2_destroy_slab_caches(); 94 jffs2_destroy_slab_caches();
75 return -ENOMEM; 95 return -ENOMEM;
@@ -91,6 +111,12 @@ void jffs2_destroy_slab_caches(void)
91 kmem_cache_destroy(node_frag_slab); 111 kmem_cache_destroy(node_frag_slab);
92 if(inode_cache_slab) 112 if(inode_cache_slab)
93 kmem_cache_destroy(inode_cache_slab); 113 kmem_cache_destroy(inode_cache_slab);
114#ifdef CONFIG_JFFS2_FS_XATTR
115 if (xattr_datum_cache)
116 kmem_cache_destroy(xattr_datum_cache);
117 if (xattr_ref_cache)
118 kmem_cache_destroy(xattr_ref_cache);
119#endif
94} 120}
95 121
96struct jffs2_full_dirent *jffs2_alloc_full_dirent(int namesize) 122struct jffs2_full_dirent *jffs2_alloc_full_dirent(int namesize)
@@ -164,15 +190,65 @@ void jffs2_free_tmp_dnode_info(struct jffs2_tmp_dnode_info *x)
164 kmem_cache_free(tmp_dnode_info_slab, x); 190 kmem_cache_free(tmp_dnode_info_slab, x);
165} 191}
166 192
167struct jffs2_raw_node_ref *jffs2_alloc_raw_node_ref(void) 193struct jffs2_raw_node_ref *jffs2_alloc_refblock(void)
168{ 194{
169 struct jffs2_raw_node_ref *ret; 195 struct jffs2_raw_node_ref *ret;
196
170 ret = kmem_cache_alloc(raw_node_ref_slab, GFP_KERNEL); 197 ret = kmem_cache_alloc(raw_node_ref_slab, GFP_KERNEL);
171 dbg_memalloc("%p\n", ret); 198 if (ret) {
199 int i = 0;
200 for (i=0; i < REFS_PER_BLOCK; i++) {
201 ret[i].flash_offset = REF_EMPTY_NODE;
202 ret[i].next_in_ino = NULL;
203 }
204 ret[i].flash_offset = REF_LINK_NODE;
205 ret[i].next_in_ino = NULL;
206 }
172 return ret; 207 return ret;
173} 208}
174 209
175void jffs2_free_raw_node_ref(struct jffs2_raw_node_ref *x) 210int jffs2_prealloc_raw_node_refs(struct jffs2_sb_info *c,
211 struct jffs2_eraseblock *jeb, int nr)
212{
213 struct jffs2_raw_node_ref **p, *ref;
214 int i = nr;
215
216 dbg_memalloc("%d\n", nr);
217
218 p = &jeb->last_node;
219 ref = *p;
220
221 dbg_memalloc("Reserving %d refs for block @0x%08x\n", nr, jeb->offset);
222
223 /* If jeb->last_node is really a valid node then skip over it */
224 if (ref && ref->flash_offset != REF_EMPTY_NODE)
225 ref++;
226
227 while (i) {
228 if (!ref) {
229 dbg_memalloc("Allocating new refblock linked from %p\n", p);
230 ref = *p = jffs2_alloc_refblock();
231 if (!ref)
232 return -ENOMEM;
233 }
234 if (ref->flash_offset == REF_LINK_NODE) {
235 p = &ref->next_in_ino;
236 ref = *p;
237 continue;
238 }
239 i--;
240 ref++;
241 }
242 jeb->allocated_refs = nr;
243
244 dbg_memalloc("Reserved %d refs for block @0x%08x, last_node is %p (%08x,%p)\n",
245 nr, jeb->offset, jeb->last_node, jeb->last_node->flash_offset,
246 jeb->last_node->next_in_ino);
247
248 return 0;
249}
250
251void jffs2_free_refblock(struct jffs2_raw_node_ref *x)
176{ 252{
177 dbg_memalloc("%p\n", x); 253 dbg_memalloc("%p\n", x);
178 kmem_cache_free(raw_node_ref_slab, x); 254 kmem_cache_free(raw_node_ref_slab, x);
@@ -205,3 +281,40 @@ void jffs2_free_inode_cache(struct jffs2_inode_cache *x)
205 dbg_memalloc("%p\n", x); 281 dbg_memalloc("%p\n", x);
206 kmem_cache_free(inode_cache_slab, x); 282 kmem_cache_free(inode_cache_slab, x);
207} 283}
284
285#ifdef CONFIG_JFFS2_FS_XATTR
286struct jffs2_xattr_datum *jffs2_alloc_xattr_datum(void)
287{
288 struct jffs2_xattr_datum *xd;
289 xd = kmem_cache_alloc(xattr_datum_cache, GFP_KERNEL);
290 dbg_memalloc("%p\n", xd);
291
292 memset(xd, 0, sizeof(struct jffs2_xattr_datum));
293 xd->class = RAWNODE_CLASS_XATTR_DATUM;
294 INIT_LIST_HEAD(&xd->xindex);
295 return xd;
296}
297
298void jffs2_free_xattr_datum(struct jffs2_xattr_datum *xd)
299{
300 dbg_memalloc("%p\n", xd);
301 kmem_cache_free(xattr_datum_cache, xd);
302}
303
304struct jffs2_xattr_ref *jffs2_alloc_xattr_ref(void)
305{
306 struct jffs2_xattr_ref *ref;
307 ref = kmem_cache_alloc(xattr_ref_cache, GFP_KERNEL);
308 dbg_memalloc("%p\n", ref);
309
310 memset(ref, 0, sizeof(struct jffs2_xattr_ref));
311 ref->class = RAWNODE_CLASS_XATTR_REF;
312 return ref;
313}
314
315void jffs2_free_xattr_ref(struct jffs2_xattr_ref *ref)
316{
317 dbg_memalloc("%p\n", ref);
318 kmem_cache_free(xattr_ref_cache, ref);
319}
320#endif
diff --git a/fs/jffs2/nodelist.c b/fs/jffs2/nodelist.c
index d4d0c41490cd..927dfe42ba76 100644
--- a/fs/jffs2/nodelist.c
+++ b/fs/jffs2/nodelist.c
@@ -438,7 +438,7 @@ static int check_node_data(struct jffs2_sb_info *c, struct jffs2_tmp_dnode_info
438 if (c->mtd->point) { 438 if (c->mtd->point) {
439 err = c->mtd->point(c->mtd, ofs, len, &retlen, &buffer); 439 err = c->mtd->point(c->mtd, ofs, len, &retlen, &buffer);
440 if (!err && retlen < tn->csize) { 440 if (!err && retlen < tn->csize) {
441 JFFS2_WARNING("MTD point returned len too short: %u instead of %u.\n", retlen, tn->csize); 441 JFFS2_WARNING("MTD point returned len too short: %zu instead of %u.\n", retlen, tn->csize);
442 c->mtd->unpoint(c->mtd, buffer, ofs, len); 442 c->mtd->unpoint(c->mtd, buffer, ofs, len);
443 } else if (err) 443 } else if (err)
444 JFFS2_WARNING("MTD point failed: error code %d.\n", err); 444 JFFS2_WARNING("MTD point failed: error code %d.\n", err);
@@ -461,7 +461,7 @@ static int check_node_data(struct jffs2_sb_info *c, struct jffs2_tmp_dnode_info
461 } 461 }
462 462
463 if (retlen != len) { 463 if (retlen != len) {
464 JFFS2_ERROR("short read at %#08x: %d instead of %d.\n", ofs, retlen, len); 464 JFFS2_ERROR("short read at %#08x: %zd instead of %d.\n", ofs, retlen, len);
465 err = -EIO; 465 err = -EIO;
466 goto free_out; 466 goto free_out;
467 } 467 }
@@ -938,6 +938,7 @@ void jffs2_free_ino_caches(struct jffs2_sb_info *c)
938 this = c->inocache_list[i]; 938 this = c->inocache_list[i];
939 while (this) { 939 while (this) {
940 next = this->next; 940 next = this->next;
941 jffs2_xattr_free_inode(c, this);
941 jffs2_free_inode_cache(this); 942 jffs2_free_inode_cache(this);
942 this = next; 943 this = next;
943 } 944 }
@@ -952,9 +953,13 @@ void jffs2_free_raw_node_refs(struct jffs2_sb_info *c)
952 953
953 for (i=0; i<c->nr_blocks; i++) { 954 for (i=0; i<c->nr_blocks; i++) {
954 this = c->blocks[i].first_node; 955 this = c->blocks[i].first_node;
955 while(this) { 956 while (this) {
956 next = this->next_phys; 957 if (this[REFS_PER_BLOCK].flash_offset == REF_LINK_NODE)
957 jffs2_free_raw_node_ref(this); 958 next = this[REFS_PER_BLOCK].next_in_ino;
959 else
960 next = NULL;
961
962 jffs2_free_refblock(this);
958 this = next; 963 this = next;
959 } 964 }
960 c->blocks[i].first_node = c->blocks[i].last_node = NULL; 965 c->blocks[i].first_node = c->blocks[i].last_node = NULL;
@@ -1045,3 +1050,169 @@ void jffs2_kill_fragtree(struct rb_root *root, struct jffs2_sb_info *c)
1045 cond_resched(); 1050 cond_resched();
1046 } 1051 }
1047} 1052}
1053
1054struct jffs2_raw_node_ref *jffs2_link_node_ref(struct jffs2_sb_info *c,
1055 struct jffs2_eraseblock *jeb,
1056 uint32_t ofs, uint32_t len,
1057 struct jffs2_inode_cache *ic)
1058{
1059 struct jffs2_raw_node_ref *ref;
1060
1061 BUG_ON(!jeb->allocated_refs);
1062 jeb->allocated_refs--;
1063
1064 ref = jeb->last_node;
1065
1066 dbg_noderef("Last node at %p is (%08x,%p)\n", ref, ref->flash_offset,
1067 ref->next_in_ino);
1068
1069 while (ref->flash_offset != REF_EMPTY_NODE) {
1070 if (ref->flash_offset == REF_LINK_NODE)
1071 ref = ref->next_in_ino;
1072 else
1073 ref++;
1074 }
1075
1076 dbg_noderef("New ref is %p (%08x becomes %08x,%p) len 0x%x\n", ref,
1077 ref->flash_offset, ofs, ref->next_in_ino, len);
1078
1079 ref->flash_offset = ofs;
1080
1081 if (!jeb->first_node) {
1082 jeb->first_node = ref;
1083 BUG_ON(ref_offset(ref) != jeb->offset);
1084 } else if (unlikely(ref_offset(ref) != jeb->offset + c->sector_size - jeb->free_size)) {
1085 uint32_t last_len = ref_totlen(c, jeb, jeb->last_node);
1086
1087 JFFS2_ERROR("Adding new ref %p at (0x%08x-0x%08x) not immediately after previous (0x%08x-0x%08x)\n",
1088 ref, ref_offset(ref), ref_offset(ref)+len,
1089 ref_offset(jeb->last_node),
1090 ref_offset(jeb->last_node)+last_len);
1091 BUG();
1092 }
1093 jeb->last_node = ref;
1094
1095 if (ic) {
1096 ref->next_in_ino = ic->nodes;
1097 ic->nodes = ref;
1098 } else {
1099 ref->next_in_ino = NULL;
1100 }
1101
1102 switch(ref_flags(ref)) {
1103 case REF_UNCHECKED:
1104 c->unchecked_size += len;
1105 jeb->unchecked_size += len;
1106 break;
1107
1108 case REF_NORMAL:
1109 case REF_PRISTINE:
1110 c->used_size += len;
1111 jeb->used_size += len;
1112 break;
1113
1114 case REF_OBSOLETE:
1115 c->dirty_size += len;
1116 jeb->dirty_size += len;
1117 break;
1118 }
1119 c->free_size -= len;
1120 jeb->free_size -= len;
1121
1122#ifdef TEST_TOTLEN
1123 /* Set (and test) __totlen field... for now */
1124 ref->__totlen = len;
1125 ref_totlen(c, jeb, ref);
1126#endif
1127 return ref;
1128}
1129
1130/* No locking, no reservation of 'ref'. Do not use on a live file system */
1131int jffs2_scan_dirty_space(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb,
1132 uint32_t size)
1133{
1134 if (!size)
1135 return 0;
1136 if (unlikely(size > jeb->free_size)) {
1137 printk(KERN_CRIT "Dirty space 0x%x larger then free_size 0x%x (wasted 0x%x)\n",
1138 size, jeb->free_size, jeb->wasted_size);
1139 BUG();
1140 }
1141 /* REF_EMPTY_NODE is !obsolete, so that works OK */
1142 if (jeb->last_node && ref_obsolete(jeb->last_node)) {
1143#ifdef TEST_TOTLEN
1144 jeb->last_node->__totlen += size;
1145#endif
1146 c->dirty_size += size;
1147 c->free_size -= size;
1148 jeb->dirty_size += size;
1149 jeb->free_size -= size;
1150 } else {
1151 uint32_t ofs = jeb->offset + c->sector_size - jeb->free_size;
1152 ofs |= REF_OBSOLETE;
1153
1154 jffs2_link_node_ref(c, jeb, ofs, size, NULL);
1155 }
1156
1157 return 0;
1158}
1159
1160/* Calculate totlen from surrounding nodes or eraseblock */
1161static inline uint32_t __ref_totlen(struct jffs2_sb_info *c,
1162 struct jffs2_eraseblock *jeb,
1163 struct jffs2_raw_node_ref *ref)
1164{
1165 uint32_t ref_end;
1166 struct jffs2_raw_node_ref *next_ref = ref_next(ref);
1167
1168 if (next_ref)
1169 ref_end = ref_offset(next_ref);
1170 else {
1171 if (!jeb)
1172 jeb = &c->blocks[ref->flash_offset / c->sector_size];
1173
1174 /* Last node in block. Use free_space */
1175 if (unlikely(ref != jeb->last_node)) {
1176 printk(KERN_CRIT "ref %p @0x%08x is not jeb->last_node (%p @0x%08x)\n",
1177 ref, ref_offset(ref), jeb->last_node, jeb->last_node?ref_offset(jeb->last_node):0);
1178 BUG();
1179 }
1180 ref_end = jeb->offset + c->sector_size - jeb->free_size;
1181 }
1182 return ref_end - ref_offset(ref);
1183}
1184
1185uint32_t __jffs2_ref_totlen(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb,
1186 struct jffs2_raw_node_ref *ref)
1187{
1188 uint32_t ret;
1189
1190 ret = __ref_totlen(c, jeb, ref);
1191
1192#ifdef TEST_TOTLEN
1193 if (unlikely(ret != ref->__totlen)) {
1194 if (!jeb)
1195 jeb = &c->blocks[ref->flash_offset / c->sector_size];
1196
1197 printk(KERN_CRIT "Totlen for ref at %p (0x%08x-0x%08x) miscalculated as 0x%x instead of %x\n",
1198 ref, ref_offset(ref), ref_offset(ref)+ref->__totlen,
1199 ret, ref->__totlen);
1200 if (ref_next(ref)) {
1201 printk(KERN_CRIT "next %p (0x%08x-0x%08x)\n", ref_next(ref), ref_offset(ref_next(ref)),
1202 ref_offset(ref_next(ref))+ref->__totlen);
1203 } else
1204 printk(KERN_CRIT "No next ref. jeb->last_node is %p\n", jeb->last_node);
1205
1206 printk(KERN_CRIT "jeb->wasted_size %x, dirty_size %x, used_size %x, free_size %x\n", jeb->wasted_size, jeb->dirty_size, jeb->used_size, jeb->free_size);
1207
1208#if defined(JFFS2_DBG_DUMPS) || defined(JFFS2_DBG_PARANOIA_CHECKS)
1209 __jffs2_dbg_dump_node_refs_nolock(c, jeb);
1210#endif
1211
1212 WARN_ON(1);
1213
1214 ret = ref->__totlen;
1215 }
1216#endif /* TEST_TOTLEN */
1217 return ret;
1218}
diff --git a/fs/jffs2/nodelist.h b/fs/jffs2/nodelist.h
index 131b67b6c350..b16c60bbcf6e 100644
--- a/fs/jffs2/nodelist.h
+++ b/fs/jffs2/nodelist.h
@@ -18,8 +18,10 @@
18#include <linux/fs.h> 18#include <linux/fs.h>
19#include <linux/types.h> 19#include <linux/types.h>
20#include <linux/jffs2.h> 20#include <linux/jffs2.h>
21#include <linux/jffs2_fs_sb.h> 21#include "jffs2_fs_sb.h"
22#include <linux/jffs2_fs_i.h> 22#include "jffs2_fs_i.h"
23#include "xattr.h"
24#include "acl.h"
23#include "summary.h" 25#include "summary.h"
24 26
25#ifdef __ECOS 27#ifdef __ECOS
@@ -75,14 +77,50 @@
75struct jffs2_raw_node_ref 77struct jffs2_raw_node_ref
76{ 78{
77 struct jffs2_raw_node_ref *next_in_ino; /* Points to the next raw_node_ref 79 struct jffs2_raw_node_ref *next_in_ino; /* Points to the next raw_node_ref
78 for this inode. If this is the last, it points to the inode_cache 80 for this object. If this _is_ the last, it points to the inode_cache,
79 for this inode instead. The inode_cache will have NULL in the first 81 xattr_ref or xattr_datum instead. The common part of those structures
80 word so you know when you've got there :) */ 82 has NULL in the first word. See jffs2_raw_ref_to_ic() below */
81 struct jffs2_raw_node_ref *next_phys;
82 uint32_t flash_offset; 83 uint32_t flash_offset;
84#define TEST_TOTLEN
85#ifdef TEST_TOTLEN
83 uint32_t __totlen; /* This may die; use ref_totlen(c, jeb, ) below */ 86 uint32_t __totlen; /* This may die; use ref_totlen(c, jeb, ) below */
87#endif
84}; 88};
85 89
90#define REF_LINK_NODE ((int32_t)-1)
91#define REF_EMPTY_NODE ((int32_t)-2)
92
93/* Use blocks of about 256 bytes */
94#define REFS_PER_BLOCK ((255/sizeof(struct jffs2_raw_node_ref))-1)
95
96static inline struct jffs2_raw_node_ref *ref_next(struct jffs2_raw_node_ref *ref)
97{
98 ref++;
99
100 /* Link to another block of refs */
101 if (ref->flash_offset == REF_LINK_NODE) {
102 ref = ref->next_in_ino;
103 if (!ref)
104 return ref;
105 }
106
107 /* End of chain */
108 if (ref->flash_offset == REF_EMPTY_NODE)
109 return NULL;
110
111 return ref;
112}
113
114static inline struct jffs2_inode_cache *jffs2_raw_ref_to_ic(struct jffs2_raw_node_ref *raw)
115{
116 while(raw->next_in_ino)
117 raw = raw->next_in_ino;
118
119 /* NB. This can be a jffs2_xattr_datum or jffs2_xattr_ref and
120 not actually a jffs2_inode_cache. Check ->class */
121 return ((struct jffs2_inode_cache *)raw);
122}
123
86 /* flash_offset & 3 always has to be zero, because nodes are 124 /* flash_offset & 3 always has to be zero, because nodes are
87 always aligned at 4 bytes. So we have a couple of extra bits 125 always aligned at 4 bytes. So we have a couple of extra bits
88 to play with, which indicate the node's status; see below: */ 126 to play with, which indicate the node's status; see below: */
@@ -95,6 +133,11 @@ struct jffs2_raw_node_ref
95#define ref_obsolete(ref) (((ref)->flash_offset & 3) == REF_OBSOLETE) 133#define ref_obsolete(ref) (((ref)->flash_offset & 3) == REF_OBSOLETE)
96#define mark_ref_normal(ref) do { (ref)->flash_offset = ref_offset(ref) | REF_NORMAL; } while(0) 134#define mark_ref_normal(ref) do { (ref)->flash_offset = ref_offset(ref) | REF_NORMAL; } while(0)
97 135
136/* NB: REF_PRISTINE for an inode-less node (ref->next_in_ino == NULL) indicates
137 it is an unknown node of type JFFS2_NODETYPE_RWCOMPAT_COPY, so it'll get
138 copied. If you need to do anything different to GC inode-less nodes, then
139 you need to modify gc.c accordingly. */
140
98/* For each inode in the filesystem, we need to keep a record of 141/* For each inode in the filesystem, we need to keep a record of
99 nlink, because it would be a PITA to scan the whole directory tree 142 nlink, because it would be a PITA to scan the whole directory tree
100 at read_inode() time to calculate it, and to keep sufficient information 143 at read_inode() time to calculate it, and to keep sufficient information
@@ -103,15 +146,27 @@ struct jffs2_raw_node_ref
103 a pointer to the first physical node which is part of this inode, too. 146 a pointer to the first physical node which is part of this inode, too.
104*/ 147*/
105struct jffs2_inode_cache { 148struct jffs2_inode_cache {
149 /* First part of structure is shared with other objects which
150 can terminate the raw node refs' next_in_ino list -- which
151 currently struct jffs2_xattr_datum and struct jffs2_xattr_ref. */
152
106 struct jffs2_full_dirent *scan_dents; /* Used during scan to hold 153 struct jffs2_full_dirent *scan_dents; /* Used during scan to hold
107 temporary lists of dirents, and later must be set to 154 temporary lists of dirents, and later must be set to
108 NULL to mark the end of the raw_node_ref->next_in_ino 155 NULL to mark the end of the raw_node_ref->next_in_ino
109 chain. */ 156 chain. */
110 struct jffs2_inode_cache *next;
111 struct jffs2_raw_node_ref *nodes; 157 struct jffs2_raw_node_ref *nodes;
158 uint8_t class; /* It's used for identification */
159
160 /* end of shared structure */
161
162 uint8_t flags;
163 uint16_t state;
112 uint32_t ino; 164 uint32_t ino;
165 struct jffs2_inode_cache *next;
166#ifdef CONFIG_JFFS2_FS_XATTR
167 struct jffs2_xattr_ref *xref;
168#endif
113 int nlink; 169 int nlink;
114 int state;
115}; 170};
116 171
117/* Inode states for 'state' above. We need the 'GC' state to prevent 172/* Inode states for 'state' above. We need the 'GC' state to prevent
@@ -125,8 +180,16 @@ struct jffs2_inode_cache {
125#define INO_STATE_READING 5 /* In read_inode() */ 180#define INO_STATE_READING 5 /* In read_inode() */
126#define INO_STATE_CLEARING 6 /* In clear_inode() */ 181#define INO_STATE_CLEARING 6 /* In clear_inode() */
127 182
183#define INO_FLAGS_XATTR_CHECKED 0x01 /* has no duplicate xattr_ref */
184
185#define RAWNODE_CLASS_INODE_CACHE 0
186#define RAWNODE_CLASS_XATTR_DATUM 1
187#define RAWNODE_CLASS_XATTR_REF 2
188
128#define INOCACHE_HASHSIZE 128 189#define INOCACHE_HASHSIZE 128
129 190
191#define write_ofs(c) ((c)->nextblock->offset + (c)->sector_size - (c)->nextblock->free_size)
192
130/* 193/*
131 Larger representation of a raw node, kept in-core only when the 194 Larger representation of a raw node, kept in-core only when the
132 struct inode for this particular ino is instantiated. 195 struct inode for this particular ino is instantiated.
@@ -192,6 +255,7 @@ struct jffs2_eraseblock
192 uint32_t wasted_size; 255 uint32_t wasted_size;
193 uint32_t free_size; /* Note that sector_size - free_size 256 uint32_t free_size; /* Note that sector_size - free_size
194 is the address of the first free space */ 257 is the address of the first free space */
258 uint32_t allocated_refs;
195 struct jffs2_raw_node_ref *first_node; 259 struct jffs2_raw_node_ref *first_node;
196 struct jffs2_raw_node_ref *last_node; 260 struct jffs2_raw_node_ref *last_node;
197 261
@@ -203,57 +267,7 @@ static inline int jffs2_blocks_use_vmalloc(struct jffs2_sb_info *c)
203 return ((c->flash_size / c->sector_size) * sizeof (struct jffs2_eraseblock)) > (128 * 1024); 267 return ((c->flash_size / c->sector_size) * sizeof (struct jffs2_eraseblock)) > (128 * 1024);
204} 268}
205 269
206/* Calculate totlen from surrounding nodes or eraseblock */ 270#define ref_totlen(a, b, c) __jffs2_ref_totlen((a), (b), (c))
207static inline uint32_t __ref_totlen(struct jffs2_sb_info *c,
208 struct jffs2_eraseblock *jeb,
209 struct jffs2_raw_node_ref *ref)
210{
211 uint32_t ref_end;
212
213 if (ref->next_phys)
214 ref_end = ref_offset(ref->next_phys);
215 else {
216 if (!jeb)
217 jeb = &c->blocks[ref->flash_offset / c->sector_size];
218
219 /* Last node in block. Use free_space */
220 BUG_ON(ref != jeb->last_node);
221 ref_end = jeb->offset + c->sector_size - jeb->free_size;
222 }
223 return ref_end - ref_offset(ref);
224}
225
226static inline uint32_t ref_totlen(struct jffs2_sb_info *c,
227 struct jffs2_eraseblock *jeb,
228 struct jffs2_raw_node_ref *ref)
229{
230 uint32_t ret;
231
232#if CONFIG_JFFS2_FS_DEBUG > 0
233 if (jeb && jeb != &c->blocks[ref->flash_offset / c->sector_size]) {
234 printk(KERN_CRIT "ref_totlen called with wrong block -- at 0x%08x instead of 0x%08x; ref 0x%08x\n",
235 jeb->offset, c->blocks[ref->flash_offset / c->sector_size].offset, ref_offset(ref));
236 BUG();
237 }
238#endif
239
240#if 1
241 ret = ref->__totlen;
242#else
243 /* This doesn't actually work yet */
244 ret = __ref_totlen(c, jeb, ref);
245 if (ret != ref->__totlen) {
246 printk(KERN_CRIT "Totlen for ref at %p (0x%08x-0x%08x) miscalculated as 0x%x instead of %x\n",
247 ref, ref_offset(ref), ref_offset(ref)+ref->__totlen,
248 ret, ref->__totlen);
249 if (!jeb)
250 jeb = &c->blocks[ref->flash_offset / c->sector_size];
251 jffs2_dbg_dump_node_refs_nolock(c, jeb);
252 BUG();
253 }
254#endif
255 return ret;
256}
257 271
258#define ALLOC_NORMAL 0 /* Normal allocation */ 272#define ALLOC_NORMAL 0 /* Normal allocation */
259#define ALLOC_DELETION 1 /* Deletion node. Best to allow it */ 273#define ALLOC_DELETION 1 /* Deletion node. Best to allow it */
@@ -268,13 +282,15 @@ static inline uint32_t ref_totlen(struct jffs2_sb_info *c,
268 282
269#define PAD(x) (((x)+3)&~3) 283#define PAD(x) (((x)+3)&~3)
270 284
271static inline struct jffs2_inode_cache *jffs2_raw_ref_to_ic(struct jffs2_raw_node_ref *raw) 285static inline int jffs2_encode_dev(union jffs2_device_node *jdev, dev_t rdev)
272{ 286{
273 while(raw->next_in_ino) { 287 if (old_valid_dev(rdev)) {
274 raw = raw->next_in_ino; 288 jdev->old = cpu_to_je16(old_encode_dev(rdev));
289 return sizeof(jdev->old);
290 } else {
291 jdev->new = cpu_to_je32(new_encode_dev(rdev));
292 return sizeof(jdev->new);
275 } 293 }
276
277 return ((struct jffs2_inode_cache *)raw);
278} 294}
279 295
280static inline struct jffs2_node_frag *frag_first(struct rb_root *root) 296static inline struct jffs2_node_frag *frag_first(struct rb_root *root)
@@ -323,28 +339,44 @@ void jffs2_obsolete_node_frag(struct jffs2_sb_info *c, struct jffs2_node_frag *t
323int jffs2_add_full_dnode_to_inode(struct jffs2_sb_info *c, struct jffs2_inode_info *f, struct jffs2_full_dnode *fn); 339int jffs2_add_full_dnode_to_inode(struct jffs2_sb_info *c, struct jffs2_inode_info *f, struct jffs2_full_dnode *fn);
324void jffs2_truncate_fragtree (struct jffs2_sb_info *c, struct rb_root *list, uint32_t size); 340void jffs2_truncate_fragtree (struct jffs2_sb_info *c, struct rb_root *list, uint32_t size);
325int jffs2_add_older_frag_to_fragtree(struct jffs2_sb_info *c, struct jffs2_inode_info *f, struct jffs2_tmp_dnode_info *tn); 341int jffs2_add_older_frag_to_fragtree(struct jffs2_sb_info *c, struct jffs2_inode_info *f, struct jffs2_tmp_dnode_info *tn);
342struct jffs2_raw_node_ref *jffs2_link_node_ref(struct jffs2_sb_info *c,
343 struct jffs2_eraseblock *jeb,
344 uint32_t ofs, uint32_t len,
345 struct jffs2_inode_cache *ic);
346extern uint32_t __jffs2_ref_totlen(struct jffs2_sb_info *c,
347 struct jffs2_eraseblock *jeb,
348 struct jffs2_raw_node_ref *ref);
326 349
327/* nodemgmt.c */ 350/* nodemgmt.c */
328int jffs2_thread_should_wake(struct jffs2_sb_info *c); 351int jffs2_thread_should_wake(struct jffs2_sb_info *c);
329int jffs2_reserve_space(struct jffs2_sb_info *c, uint32_t minsize, uint32_t *ofs, 352int jffs2_reserve_space(struct jffs2_sb_info *c, uint32_t minsize,
330 uint32_t *len, int prio, uint32_t sumsize); 353 uint32_t *len, int prio, uint32_t sumsize);
331int jffs2_reserve_space_gc(struct jffs2_sb_info *c, uint32_t minsize, uint32_t *ofs, 354int jffs2_reserve_space_gc(struct jffs2_sb_info *c, uint32_t minsize,
332 uint32_t *len, uint32_t sumsize); 355 uint32_t *len, uint32_t sumsize);
333int jffs2_add_physical_node_ref(struct jffs2_sb_info *c, struct jffs2_raw_node_ref *new); 356struct jffs2_raw_node_ref *jffs2_add_physical_node_ref(struct jffs2_sb_info *c,
357 uint32_t ofs, uint32_t len,
358 struct jffs2_inode_cache *ic);
334void jffs2_complete_reservation(struct jffs2_sb_info *c); 359void jffs2_complete_reservation(struct jffs2_sb_info *c);
335void jffs2_mark_node_obsolete(struct jffs2_sb_info *c, struct jffs2_raw_node_ref *raw); 360void jffs2_mark_node_obsolete(struct jffs2_sb_info *c, struct jffs2_raw_node_ref *raw);
336 361
337/* write.c */ 362/* write.c */
338int jffs2_do_new_inode(struct jffs2_sb_info *c, struct jffs2_inode_info *f, uint32_t mode, struct jffs2_raw_inode *ri); 363int jffs2_do_new_inode(struct jffs2_sb_info *c, struct jffs2_inode_info *f, uint32_t mode, struct jffs2_raw_inode *ri);
339 364
340struct jffs2_full_dnode *jffs2_write_dnode(struct jffs2_sb_info *c, struct jffs2_inode_info *f, struct jffs2_raw_inode *ri, const unsigned char *data, uint32_t datalen, uint32_t flash_ofs, int alloc_mode); 365struct jffs2_full_dnode *jffs2_write_dnode(struct jffs2_sb_info *c, struct jffs2_inode_info *f,
341struct jffs2_full_dirent *jffs2_write_dirent(struct jffs2_sb_info *c, struct jffs2_inode_info *f, struct jffs2_raw_dirent *rd, const unsigned char *name, uint32_t namelen, uint32_t flash_ofs, int alloc_mode); 366 struct jffs2_raw_inode *ri, const unsigned char *data,
367 uint32_t datalen, int alloc_mode);
368struct jffs2_full_dirent *jffs2_write_dirent(struct jffs2_sb_info *c, struct jffs2_inode_info *f,
369 struct jffs2_raw_dirent *rd, const unsigned char *name,
370 uint32_t namelen, int alloc_mode);
342int jffs2_write_inode_range(struct jffs2_sb_info *c, struct jffs2_inode_info *f, 371int jffs2_write_inode_range(struct jffs2_sb_info *c, struct jffs2_inode_info *f,
343 struct jffs2_raw_inode *ri, unsigned char *buf, 372 struct jffs2_raw_inode *ri, unsigned char *buf,
344 uint32_t offset, uint32_t writelen, uint32_t *retlen); 373 uint32_t offset, uint32_t writelen, uint32_t *retlen);
345int jffs2_do_create(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f, struct jffs2_inode_info *f, struct jffs2_raw_inode *ri, const char *name, int namelen); 374int jffs2_do_create(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f, struct jffs2_inode_info *f,
346int jffs2_do_unlink(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f, const char *name, int namelen, struct jffs2_inode_info *dead_f, uint32_t time); 375 struct jffs2_raw_inode *ri, const char *name, int namelen);
347int jffs2_do_link (struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f, uint32_t ino, uint8_t type, const char *name, int namelen, uint32_t time); 376int jffs2_do_unlink(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f, const char *name,
377 int namelen, struct jffs2_inode_info *dead_f, uint32_t time);
378int jffs2_do_link(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f, uint32_t ino,
379 uint8_t type, const char *name, int namelen, uint32_t time);
348 380
349 381
350/* readinode.c */ 382/* readinode.c */
@@ -367,12 +399,19 @@ struct jffs2_raw_inode *jffs2_alloc_raw_inode(void);
367void jffs2_free_raw_inode(struct jffs2_raw_inode *); 399void jffs2_free_raw_inode(struct jffs2_raw_inode *);
368struct jffs2_tmp_dnode_info *jffs2_alloc_tmp_dnode_info(void); 400struct jffs2_tmp_dnode_info *jffs2_alloc_tmp_dnode_info(void);
369void jffs2_free_tmp_dnode_info(struct jffs2_tmp_dnode_info *); 401void jffs2_free_tmp_dnode_info(struct jffs2_tmp_dnode_info *);
370struct jffs2_raw_node_ref *jffs2_alloc_raw_node_ref(void); 402int jffs2_prealloc_raw_node_refs(struct jffs2_sb_info *c,
371void jffs2_free_raw_node_ref(struct jffs2_raw_node_ref *); 403 struct jffs2_eraseblock *jeb, int nr);
404void jffs2_free_refblock(struct jffs2_raw_node_ref *);
372struct jffs2_node_frag *jffs2_alloc_node_frag(void); 405struct jffs2_node_frag *jffs2_alloc_node_frag(void);
373void jffs2_free_node_frag(struct jffs2_node_frag *); 406void jffs2_free_node_frag(struct jffs2_node_frag *);
374struct jffs2_inode_cache *jffs2_alloc_inode_cache(void); 407struct jffs2_inode_cache *jffs2_alloc_inode_cache(void);
375void jffs2_free_inode_cache(struct jffs2_inode_cache *); 408void jffs2_free_inode_cache(struct jffs2_inode_cache *);
409#ifdef CONFIG_JFFS2_FS_XATTR
410struct jffs2_xattr_datum *jffs2_alloc_xattr_datum(void);
411void jffs2_free_xattr_datum(struct jffs2_xattr_datum *);
412struct jffs2_xattr_ref *jffs2_alloc_xattr_ref(void);
413void jffs2_free_xattr_ref(struct jffs2_xattr_ref *);
414#endif
376 415
377/* gc.c */ 416/* gc.c */
378int jffs2_garbage_collect_pass(struct jffs2_sb_info *c); 417int jffs2_garbage_collect_pass(struct jffs2_sb_info *c);
@@ -392,12 +431,14 @@ int jffs2_fill_scan_buf(struct jffs2_sb_info *c, void *buf,
392 uint32_t ofs, uint32_t len); 431 uint32_t ofs, uint32_t len);
393struct jffs2_inode_cache *jffs2_scan_make_ino_cache(struct jffs2_sb_info *c, uint32_t ino); 432struct jffs2_inode_cache *jffs2_scan_make_ino_cache(struct jffs2_sb_info *c, uint32_t ino);
394int jffs2_scan_classify_jeb(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb); 433int jffs2_scan_classify_jeb(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb);
434int jffs2_scan_dirty_space(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, uint32_t size);
395 435
396/* build.c */ 436/* build.c */
397int jffs2_do_mount_fs(struct jffs2_sb_info *c); 437int jffs2_do_mount_fs(struct jffs2_sb_info *c);
398 438
399/* erase.c */ 439/* erase.c */
400void jffs2_erase_pending_blocks(struct jffs2_sb_info *c, int count); 440void jffs2_erase_pending_blocks(struct jffs2_sb_info *c, int count);
441void jffs2_free_jeb_node_refs(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb);
401 442
402#ifdef CONFIG_JFFS2_FS_WRITEBUFFER 443#ifdef CONFIG_JFFS2_FS_WRITEBUFFER
403/* wbuf.c */ 444/* wbuf.c */
diff --git a/fs/jffs2/nodemgmt.c b/fs/jffs2/nodemgmt.c
index 49127a1f0458..8bedfd2ff689 100644
--- a/fs/jffs2/nodemgmt.c
+++ b/fs/jffs2/nodemgmt.c
@@ -23,13 +23,12 @@
23 * jffs2_reserve_space - request physical space to write nodes to flash 23 * jffs2_reserve_space - request physical space to write nodes to flash
24 * @c: superblock info 24 * @c: superblock info
25 * @minsize: Minimum acceptable size of allocation 25 * @minsize: Minimum acceptable size of allocation
26 * @ofs: Returned value of node offset
27 * @len: Returned value of allocation length 26 * @len: Returned value of allocation length
28 * @prio: Allocation type - ALLOC_{NORMAL,DELETION} 27 * @prio: Allocation type - ALLOC_{NORMAL,DELETION}
29 * 28 *
30 * Requests a block of physical space on the flash. Returns zero for success 29 * Requests a block of physical space on the flash. Returns zero for success
31 * and puts 'ofs' and 'len' into the appriopriate place, or returns -ENOSPC 30 * and puts 'len' into the appropriate place, or returns -ENOSPC or other
32 * or other error if appropriate. 31 * error if appropriate. Doesn't return len since that's
33 * 32 *
34 * If it returns zero, jffs2_reserve_space() also downs the per-filesystem 33 * If it returns zero, jffs2_reserve_space() also downs the per-filesystem
35 * allocation semaphore, to prevent more than one allocation from being 34 * allocation semaphore, to prevent more than one allocation from being
@@ -40,9 +39,9 @@
40 */ 39 */
41 40
42static int jffs2_do_reserve_space(struct jffs2_sb_info *c, uint32_t minsize, 41static int jffs2_do_reserve_space(struct jffs2_sb_info *c, uint32_t minsize,
43 uint32_t *ofs, uint32_t *len, uint32_t sumsize); 42 uint32_t *len, uint32_t sumsize);
44 43
45int jffs2_reserve_space(struct jffs2_sb_info *c, uint32_t minsize, uint32_t *ofs, 44int jffs2_reserve_space(struct jffs2_sb_info *c, uint32_t minsize,
46 uint32_t *len, int prio, uint32_t sumsize) 45 uint32_t *len, int prio, uint32_t sumsize)
47{ 46{
48 int ret = -EAGAIN; 47 int ret = -EAGAIN;
@@ -132,19 +131,21 @@ int jffs2_reserve_space(struct jffs2_sb_info *c, uint32_t minsize, uint32_t *ofs
132 spin_lock(&c->erase_completion_lock); 131 spin_lock(&c->erase_completion_lock);
133 } 132 }
134 133
135 ret = jffs2_do_reserve_space(c, minsize, ofs, len, sumsize); 134 ret = jffs2_do_reserve_space(c, minsize, len, sumsize);
136 if (ret) { 135 if (ret) {
137 D1(printk(KERN_DEBUG "jffs2_reserve_space: ret is %d\n", ret)); 136 D1(printk(KERN_DEBUG "jffs2_reserve_space: ret is %d\n", ret));
138 } 137 }
139 } 138 }
140 spin_unlock(&c->erase_completion_lock); 139 spin_unlock(&c->erase_completion_lock);
140 if (!ret)
141 ret = jffs2_prealloc_raw_node_refs(c, c->nextblock, 1);
141 if (ret) 142 if (ret)
142 up(&c->alloc_sem); 143 up(&c->alloc_sem);
143 return ret; 144 return ret;
144} 145}
145 146
146int jffs2_reserve_space_gc(struct jffs2_sb_info *c, uint32_t minsize, uint32_t *ofs, 147int jffs2_reserve_space_gc(struct jffs2_sb_info *c, uint32_t minsize,
147 uint32_t *len, uint32_t sumsize) 148 uint32_t *len, uint32_t sumsize)
148{ 149{
149 int ret = -EAGAIN; 150 int ret = -EAGAIN;
150 minsize = PAD(minsize); 151 minsize = PAD(minsize);
@@ -153,12 +154,15 @@ int jffs2_reserve_space_gc(struct jffs2_sb_info *c, uint32_t minsize, uint32_t *
153 154
154 spin_lock(&c->erase_completion_lock); 155 spin_lock(&c->erase_completion_lock);
155 while(ret == -EAGAIN) { 156 while(ret == -EAGAIN) {
156 ret = jffs2_do_reserve_space(c, minsize, ofs, len, sumsize); 157 ret = jffs2_do_reserve_space(c, minsize, len, sumsize);
157 if (ret) { 158 if (ret) {
158 D1(printk(KERN_DEBUG "jffs2_reserve_space_gc: looping, ret is %d\n", ret)); 159 D1(printk(KERN_DEBUG "jffs2_reserve_space_gc: looping, ret is %d\n", ret));
159 } 160 }
160 } 161 }
161 spin_unlock(&c->erase_completion_lock); 162 spin_unlock(&c->erase_completion_lock);
163 if (!ret)
164 ret = jffs2_prealloc_raw_node_refs(c, c->nextblock, 1);
165
162 return ret; 166 return ret;
163} 167}
164 168
@@ -259,10 +263,11 @@ static int jffs2_find_nextblock(struct jffs2_sb_info *c)
259} 263}
260 264
261/* Called with alloc sem _and_ erase_completion_lock */ 265/* Called with alloc sem _and_ erase_completion_lock */
262static int jffs2_do_reserve_space(struct jffs2_sb_info *c, uint32_t minsize, uint32_t *ofs, uint32_t *len, uint32_t sumsize) 266static int jffs2_do_reserve_space(struct jffs2_sb_info *c, uint32_t minsize,
267 uint32_t *len, uint32_t sumsize)
263{ 268{
264 struct jffs2_eraseblock *jeb = c->nextblock; 269 struct jffs2_eraseblock *jeb = c->nextblock;
265 uint32_t reserved_size; /* for summary information at the end of the jeb */ 270 uint32_t reserved_size; /* for summary information at the end of the jeb */
266 int ret; 271 int ret;
267 272
268 restart: 273 restart:
@@ -312,6 +317,8 @@ static int jffs2_do_reserve_space(struct jffs2_sb_info *c, uint32_t minsize, uin
312 } 317 }
313 } else { 318 } else {
314 if (jeb && minsize > jeb->free_size) { 319 if (jeb && minsize > jeb->free_size) {
320 uint32_t waste;
321
315 /* Skip the end of this block and file it as having some dirty space */ 322 /* Skip the end of this block and file it as having some dirty space */
316 /* If there's a pending write to it, flush now */ 323 /* If there's a pending write to it, flush now */
317 324
@@ -324,10 +331,26 @@ static int jffs2_do_reserve_space(struct jffs2_sb_info *c, uint32_t minsize, uin
324 goto restart; 331 goto restart;
325 } 332 }
326 333
327 c->wasted_size += jeb->free_size; 334 spin_unlock(&c->erase_completion_lock);
328 c->free_size -= jeb->free_size; 335
329 jeb->wasted_size += jeb->free_size; 336 ret = jffs2_prealloc_raw_node_refs(c, jeb, 1);
330 jeb->free_size = 0; 337 if (ret)
338 return ret;
339 /* Just lock it again and continue. Nothing much can change because
340 we hold c->alloc_sem anyway. In fact, it's not entirely clear why
341 we hold c->erase_completion_lock in the majority of this function...
342 but that's a question for another (more caffeine-rich) day. */
343 spin_lock(&c->erase_completion_lock);
344
345 waste = jeb->free_size;
346 jffs2_link_node_ref(c, jeb,
347 (jeb->offset + c->sector_size - waste) | REF_OBSOLETE,
348 waste, NULL);
349 /* FIXME: that made it count as dirty. Convert to wasted */
350 jeb->dirty_size -= waste;
351 c->dirty_size -= waste;
352 jeb->wasted_size += waste;
353 c->wasted_size += waste;
331 354
332 jffs2_close_nextblock(c, jeb); 355 jffs2_close_nextblock(c, jeb);
333 jeb = NULL; 356 jeb = NULL;
@@ -349,7 +372,6 @@ static int jffs2_do_reserve_space(struct jffs2_sb_info *c, uint32_t minsize, uin
349 } 372 }
350 /* OK, jeb (==c->nextblock) is now pointing at a block which definitely has 373 /* OK, jeb (==c->nextblock) is now pointing at a block which definitely has
351 enough space */ 374 enough space */
352 *ofs = jeb->offset + (c->sector_size - jeb->free_size);
353 *len = jeb->free_size - reserved_size; 375 *len = jeb->free_size - reserved_size;
354 376
355 if (c->cleanmarker_size && jeb->used_size == c->cleanmarker_size && 377 if (c->cleanmarker_size && jeb->used_size == c->cleanmarker_size &&
@@ -365,7 +387,8 @@ static int jffs2_do_reserve_space(struct jffs2_sb_info *c, uint32_t minsize, uin
365 spin_lock(&c->erase_completion_lock); 387 spin_lock(&c->erase_completion_lock);
366 } 388 }
367 389
368 D1(printk(KERN_DEBUG "jffs2_do_reserve_space(): Giving 0x%x bytes at 0x%x\n", *len, *ofs)); 390 D1(printk(KERN_DEBUG "jffs2_do_reserve_space(): Giving 0x%x bytes at 0x%x\n",
391 *len, jeb->offset + (c->sector_size - jeb->free_size)));
369 return 0; 392 return 0;
370} 393}
371 394
@@ -374,7 +397,6 @@ static int jffs2_do_reserve_space(struct jffs2_sb_info *c, uint32_t minsize, uin
374 * @c: superblock info 397 * @c: superblock info
375 * @new: new node reference to add 398 * @new: new node reference to add
376 * @len: length of this physical node 399 * @len: length of this physical node
377 * @dirty: dirty flag for new node
378 * 400 *
379 * Should only be used to report nodes for which space has been allocated 401 * Should only be used to report nodes for which space has been allocated
380 * by jffs2_reserve_space. 402 * by jffs2_reserve_space.
@@ -382,42 +404,30 @@ static int jffs2_do_reserve_space(struct jffs2_sb_info *c, uint32_t minsize, uin
382 * Must be called with the alloc_sem held. 404 * Must be called with the alloc_sem held.
383 */ 405 */
384 406
385int jffs2_add_physical_node_ref(struct jffs2_sb_info *c, struct jffs2_raw_node_ref *new) 407struct jffs2_raw_node_ref *jffs2_add_physical_node_ref(struct jffs2_sb_info *c,
408 uint32_t ofs, uint32_t len,
409 struct jffs2_inode_cache *ic)
386{ 410{
387 struct jffs2_eraseblock *jeb; 411 struct jffs2_eraseblock *jeb;
388 uint32_t len; 412 struct jffs2_raw_node_ref *new;
389 413
390 jeb = &c->blocks[new->flash_offset / c->sector_size]; 414 jeb = &c->blocks[ofs / c->sector_size];
391 len = ref_totlen(c, jeb, new);
392 415
393 D1(printk(KERN_DEBUG "jffs2_add_physical_node_ref(): Node at 0x%x(%d), size 0x%x\n", ref_offset(new), ref_flags(new), len)); 416 D1(printk(KERN_DEBUG "jffs2_add_physical_node_ref(): Node at 0x%x(%d), size 0x%x\n",
417 ofs & ~3, ofs & 3, len));
394#if 1 418#if 1
395 /* we could get some obsolete nodes after nextblock was refiled 419 /* Allow non-obsolete nodes only to be added at the end of c->nextblock,
396 in wbuf.c */ 420 if c->nextblock is set. Note that wbuf.c will file obsolete nodes
397 if ((c->nextblock || !ref_obsolete(new)) 421 even after refiling c->nextblock */
398 &&(jeb != c->nextblock || ref_offset(new) != jeb->offset + (c->sector_size - jeb->free_size))) { 422 if ((c->nextblock || ((ofs & 3) != REF_OBSOLETE))
423 && (jeb != c->nextblock || (ofs & ~3) != jeb->offset + (c->sector_size - jeb->free_size))) {
399 printk(KERN_WARNING "argh. node added in wrong place\n"); 424 printk(KERN_WARNING "argh. node added in wrong place\n");
400 jffs2_free_raw_node_ref(new); 425 return ERR_PTR(-EINVAL);
401 return -EINVAL;
402 } 426 }
403#endif 427#endif
404 spin_lock(&c->erase_completion_lock); 428 spin_lock(&c->erase_completion_lock);
405 429
406 if (!jeb->first_node) 430 new = jffs2_link_node_ref(c, jeb, ofs, len, ic);
407 jeb->first_node = new;
408 if (jeb->last_node)
409 jeb->last_node->next_phys = new;
410 jeb->last_node = new;
411
412 jeb->free_size -= len;
413 c->free_size -= len;
414 if (ref_obsolete(new)) {
415 jeb->dirty_size += len;
416 c->dirty_size += len;
417 } else {
418 jeb->used_size += len;
419 c->used_size += len;
420 }
421 431
422 if (!jeb->free_size && !jeb->dirty_size && !ISDIRTY(jeb->wasted_size)) { 432 if (!jeb->free_size && !jeb->dirty_size && !ISDIRTY(jeb->wasted_size)) {
423 /* If it lives on the dirty_list, jffs2_reserve_space will put it there */ 433 /* If it lives on the dirty_list, jffs2_reserve_space will put it there */
@@ -438,7 +448,7 @@ int jffs2_add_physical_node_ref(struct jffs2_sb_info *c, struct jffs2_raw_node_r
438 448
439 spin_unlock(&c->erase_completion_lock); 449 spin_unlock(&c->erase_completion_lock);
440 450
441 return 0; 451 return new;
442} 452}
443 453
444 454
@@ -470,8 +480,9 @@ void jffs2_mark_node_obsolete(struct jffs2_sb_info *c, struct jffs2_raw_node_ref
470 struct jffs2_unknown_node n; 480 struct jffs2_unknown_node n;
471 int ret, addedsize; 481 int ret, addedsize;
472 size_t retlen; 482 size_t retlen;
483 uint32_t freed_len;
473 484
474 if(!ref) { 485 if(unlikely(!ref)) {
475 printk(KERN_NOTICE "EEEEEK. jffs2_mark_node_obsolete called with NULL node\n"); 486 printk(KERN_NOTICE "EEEEEK. jffs2_mark_node_obsolete called with NULL node\n");
476 return; 487 return;
477 } 488 }
@@ -499,32 +510,34 @@ void jffs2_mark_node_obsolete(struct jffs2_sb_info *c, struct jffs2_raw_node_ref
499 510
500 spin_lock(&c->erase_completion_lock); 511 spin_lock(&c->erase_completion_lock);
501 512
513 freed_len = ref_totlen(c, jeb, ref);
514
502 if (ref_flags(ref) == REF_UNCHECKED) { 515 if (ref_flags(ref) == REF_UNCHECKED) {
503 D1(if (unlikely(jeb->unchecked_size < ref_totlen(c, jeb, ref))) { 516 D1(if (unlikely(jeb->unchecked_size < freed_len)) {
504 printk(KERN_NOTICE "raw unchecked node of size 0x%08x freed from erase block %d at 0x%08x, but unchecked_size was already 0x%08x\n", 517 printk(KERN_NOTICE "raw unchecked node of size 0x%08x freed from erase block %d at 0x%08x, but unchecked_size was already 0x%08x\n",
505 ref_totlen(c, jeb, ref), blocknr, ref->flash_offset, jeb->used_size); 518 freed_len, blocknr, ref->flash_offset, jeb->used_size);
506 BUG(); 519 BUG();
507 }) 520 })
508 D1(printk(KERN_DEBUG "Obsoleting previously unchecked node at 0x%08x of len %x: ", ref_offset(ref), ref_totlen(c, jeb, ref))); 521 D1(printk(KERN_DEBUG "Obsoleting previously unchecked node at 0x%08x of len %x: ", ref_offset(ref), freed_len));
509 jeb->unchecked_size -= ref_totlen(c, jeb, ref); 522 jeb->unchecked_size -= freed_len;
510 c->unchecked_size -= ref_totlen(c, jeb, ref); 523 c->unchecked_size -= freed_len;
511 } else { 524 } else {
512 D1(if (unlikely(jeb->used_size < ref_totlen(c, jeb, ref))) { 525 D1(if (unlikely(jeb->used_size < freed_len)) {
513 printk(KERN_NOTICE "raw node of size 0x%08x freed from erase block %d at 0x%08x, but used_size was already 0x%08x\n", 526 printk(KERN_NOTICE "raw node of size 0x%08x freed from erase block %d at 0x%08x, but used_size was already 0x%08x\n",
514 ref_totlen(c, jeb, ref), blocknr, ref->flash_offset, jeb->used_size); 527 freed_len, blocknr, ref->flash_offset, jeb->used_size);
515 BUG(); 528 BUG();
516 }) 529 })
517 D1(printk(KERN_DEBUG "Obsoleting node at 0x%08x of len %#x: ", ref_offset(ref), ref_totlen(c, jeb, ref))); 530 D1(printk(KERN_DEBUG "Obsoleting node at 0x%08x of len %#x: ", ref_offset(ref), freed_len));
518 jeb->used_size -= ref_totlen(c, jeb, ref); 531 jeb->used_size -= freed_len;
519 c->used_size -= ref_totlen(c, jeb, ref); 532 c->used_size -= freed_len;
520 } 533 }
521 534
522 // Take care, that wasted size is taken into concern 535 // Take care, that wasted size is taken into concern
523 if ((jeb->dirty_size || ISDIRTY(jeb->wasted_size + ref_totlen(c, jeb, ref))) && jeb != c->nextblock) { 536 if ((jeb->dirty_size || ISDIRTY(jeb->wasted_size + freed_len)) && jeb != c->nextblock) {
524 D1(printk(KERN_DEBUG "Dirtying\n")); 537 D1(printk("Dirtying\n"));
525 addedsize = ref_totlen(c, jeb, ref); 538 addedsize = freed_len;
526 jeb->dirty_size += ref_totlen(c, jeb, ref); 539 jeb->dirty_size += freed_len;
527 c->dirty_size += ref_totlen(c, jeb, ref); 540 c->dirty_size += freed_len;
528 541
529 /* Convert wasted space to dirty, if not a bad block */ 542 /* Convert wasted space to dirty, if not a bad block */
530 if (jeb->wasted_size) { 543 if (jeb->wasted_size) {
@@ -543,10 +556,10 @@ void jffs2_mark_node_obsolete(struct jffs2_sb_info *c, struct jffs2_raw_node_ref
543 } 556 }
544 } 557 }
545 } else { 558 } else {
546 D1(printk(KERN_DEBUG "Wasting\n")); 559 D1(printk("Wasting\n"));
547 addedsize = 0; 560 addedsize = 0;
548 jeb->wasted_size += ref_totlen(c, jeb, ref); 561 jeb->wasted_size += freed_len;
549 c->wasted_size += ref_totlen(c, jeb, ref); 562 c->wasted_size += freed_len;
550 } 563 }
551 ref->flash_offset = ref_offset(ref) | REF_OBSOLETE; 564 ref->flash_offset = ref_offset(ref) | REF_OBSOLETE;
552 565
@@ -622,7 +635,7 @@ void jffs2_mark_node_obsolete(struct jffs2_sb_info *c, struct jffs2_raw_node_ref
622 /* The erase_free_sem is locked, and has been since before we marked the node obsolete 635 /* The erase_free_sem is locked, and has been since before we marked the node obsolete
623 and potentially put its eraseblock onto the erase_pending_list. Thus, we know that 636 and potentially put its eraseblock onto the erase_pending_list. Thus, we know that
624 the block hasn't _already_ been erased, and that 'ref' itself hasn't been freed yet 637 the block hasn't _already_ been erased, and that 'ref' itself hasn't been freed yet
625 by jffs2_free_all_node_refs() in erase.c. Which is nice. */ 638 by jffs2_free_jeb_node_refs() in erase.c. Which is nice. */
626 639
627 D1(printk(KERN_DEBUG "obliterating obsoleted node at 0x%08x\n", ref_offset(ref))); 640 D1(printk(KERN_DEBUG "obliterating obsoleted node at 0x%08x\n", ref_offset(ref)));
628 ret = jffs2_flash_read(c, ref_offset(ref), sizeof(n), &retlen, (char *)&n); 641 ret = jffs2_flash_read(c, ref_offset(ref), sizeof(n), &retlen, (char *)&n);
@@ -634,8 +647,8 @@ void jffs2_mark_node_obsolete(struct jffs2_sb_info *c, struct jffs2_raw_node_ref
634 printk(KERN_WARNING "Short read from obsoleted node at 0x%08x: %zd\n", ref_offset(ref), retlen); 647 printk(KERN_WARNING "Short read from obsoleted node at 0x%08x: %zd\n", ref_offset(ref), retlen);
635 goto out_erase_sem; 648 goto out_erase_sem;
636 } 649 }
637 if (PAD(je32_to_cpu(n.totlen)) != PAD(ref_totlen(c, jeb, ref))) { 650 if (PAD(je32_to_cpu(n.totlen)) != PAD(freed_len)) {
638 printk(KERN_WARNING "Node totlen on flash (0x%08x) != totlen from node ref (0x%08x)\n", je32_to_cpu(n.totlen), ref_totlen(c, jeb, ref)); 651 printk(KERN_WARNING "Node totlen on flash (0x%08x) != totlen from node ref (0x%08x)\n", je32_to_cpu(n.totlen), freed_len);
639 goto out_erase_sem; 652 goto out_erase_sem;
640 } 653 }
641 if (!(je16_to_cpu(n.nodetype) & JFFS2_NODE_ACCURATE)) { 654 if (!(je16_to_cpu(n.nodetype) & JFFS2_NODE_ACCURATE)) {
@@ -671,6 +684,10 @@ void jffs2_mark_node_obsolete(struct jffs2_sb_info *c, struct jffs2_raw_node_ref
671 spin_lock(&c->erase_completion_lock); 684 spin_lock(&c->erase_completion_lock);
672 685
673 ic = jffs2_raw_ref_to_ic(ref); 686 ic = jffs2_raw_ref_to_ic(ref);
687 /* It seems we should never call jffs2_mark_node_obsolete() for
688 XATTR nodes.... yet. Make sure we notice if/when we change
689 that :) */
690 BUG_ON(ic->class != RAWNODE_CLASS_INODE_CACHE);
674 for (p = &ic->nodes; (*p) != ref; p = &((*p)->next_in_ino)) 691 for (p = &ic->nodes; (*p) != ref; p = &((*p)->next_in_ino))
675 ; 692 ;
676 693
@@ -683,51 +700,6 @@ void jffs2_mark_node_obsolete(struct jffs2_sb_info *c, struct jffs2_raw_node_ref
683 spin_unlock(&c->erase_completion_lock); 700 spin_unlock(&c->erase_completion_lock);
684 } 701 }
685 702
686
687 /* Merge with the next node in the physical list, if there is one
688 and if it's also obsolete and if it doesn't belong to any inode */
689 if (ref->next_phys && ref_obsolete(ref->next_phys) &&
690 !ref->next_phys->next_in_ino) {
691 struct jffs2_raw_node_ref *n = ref->next_phys;
692
693 spin_lock(&c->erase_completion_lock);
694
695 ref->__totlen += n->__totlen;
696 ref->next_phys = n->next_phys;
697 if (jeb->last_node == n) jeb->last_node = ref;
698 if (jeb->gc_node == n) {
699 /* gc will be happy continuing gc on this node */
700 jeb->gc_node=ref;
701 }
702 spin_unlock(&c->erase_completion_lock);
703
704 jffs2_free_raw_node_ref(n);
705 }
706
707 /* Also merge with the previous node in the list, if there is one
708 and that one is obsolete */
709 if (ref != jeb->first_node ) {
710 struct jffs2_raw_node_ref *p = jeb->first_node;
711
712 spin_lock(&c->erase_completion_lock);
713
714 while (p->next_phys != ref)
715 p = p->next_phys;
716
717 if (ref_obsolete(p) && !ref->next_in_ino) {
718 p->__totlen += ref->__totlen;
719 if (jeb->last_node == ref) {
720 jeb->last_node = p;
721 }
722 if (jeb->gc_node == ref) {
723 /* gc will be happy continuing gc on this node */
724 jeb->gc_node=p;
725 }
726 p->next_phys = ref->next_phys;
727 jffs2_free_raw_node_ref(ref);
728 }
729 spin_unlock(&c->erase_completion_lock);
730 }
731 out_erase_sem: 703 out_erase_sem:
732 up(&c->erase_free_sem); 704 up(&c->erase_free_sem);
733} 705}
diff --git a/fs/jffs2/os-linux.h b/fs/jffs2/os-linux.h
index d307cf548625..cd4021bcb944 100644
--- a/fs/jffs2/os-linux.h
+++ b/fs/jffs2/os-linux.h
@@ -31,9 +31,7 @@ struct kvec;
31#define JFFS2_F_I_MODE(f) (OFNI_EDONI_2SFFJ(f)->i_mode) 31#define JFFS2_F_I_MODE(f) (OFNI_EDONI_2SFFJ(f)->i_mode)
32#define JFFS2_F_I_UID(f) (OFNI_EDONI_2SFFJ(f)->i_uid) 32#define JFFS2_F_I_UID(f) (OFNI_EDONI_2SFFJ(f)->i_uid)
33#define JFFS2_F_I_GID(f) (OFNI_EDONI_2SFFJ(f)->i_gid) 33#define JFFS2_F_I_GID(f) (OFNI_EDONI_2SFFJ(f)->i_gid)
34 34#define JFFS2_F_I_RDEV(f) (OFNI_EDONI_2SFFJ(f)->i_rdev)
35#define JFFS2_F_I_RDEV_MIN(f) (iminor(OFNI_EDONI_2SFFJ(f)))
36#define JFFS2_F_I_RDEV_MAJ(f) (imajor(OFNI_EDONI_2SFFJ(f)))
37 35
38#define ITIME(sec) ((struct timespec){sec, 0}) 36#define ITIME(sec) ((struct timespec){sec, 0})
39#define I_SEC(tv) ((tv).tv_sec) 37#define I_SEC(tv) ((tv).tv_sec)
@@ -60,6 +58,10 @@ static inline void jffs2_init_inode_info(struct jffs2_inode_info *f)
60 f->target = NULL; 58 f->target = NULL;
61 f->flags = 0; 59 f->flags = 0;
62 f->usercompr = 0; 60 f->usercompr = 0;
61#ifdef CONFIG_JFFS2_FS_POSIX_ACL
62 f->i_acl_access = JFFS2_ACL_NOT_CACHED;
63 f->i_acl_default = JFFS2_ACL_NOT_CACHED;
64#endif
63} 65}
64 66
65 67
@@ -90,13 +92,10 @@ static inline void jffs2_init_inode_info(struct jffs2_inode_info *f)
90#define jffs2_flash_writev(a,b,c,d,e,f) jffs2_flash_direct_writev(a,b,c,d,e) 92#define jffs2_flash_writev(a,b,c,d,e,f) jffs2_flash_direct_writev(a,b,c,d,e)
91#define jffs2_wbuf_timeout NULL 93#define jffs2_wbuf_timeout NULL
92#define jffs2_wbuf_process NULL 94#define jffs2_wbuf_process NULL
93#define jffs2_nor_ecc(c) (0)
94#define jffs2_dataflash(c) (0) 95#define jffs2_dataflash(c) (0)
95#define jffs2_nor_wbuf_flash(c) (0)
96#define jffs2_nor_ecc_flash_setup(c) (0)
97#define jffs2_nor_ecc_flash_cleanup(c) do {} while (0)
98#define jffs2_dataflash_setup(c) (0) 96#define jffs2_dataflash_setup(c) (0)
99#define jffs2_dataflash_cleanup(c) do {} while (0) 97#define jffs2_dataflash_cleanup(c) do {} while (0)
98#define jffs2_nor_wbuf_flash(c) (0)
100#define jffs2_nor_wbuf_flash_setup(c) (0) 99#define jffs2_nor_wbuf_flash_setup(c) (0)
101#define jffs2_nor_wbuf_flash_cleanup(c) do {} while (0) 100#define jffs2_nor_wbuf_flash_cleanup(c) do {} while (0)
102 101
@@ -107,9 +106,7 @@ static inline void jffs2_init_inode_info(struct jffs2_inode_info *f)
107#ifdef CONFIG_JFFS2_SUMMARY 106#ifdef CONFIG_JFFS2_SUMMARY
108#define jffs2_can_mark_obsolete(c) (0) 107#define jffs2_can_mark_obsolete(c) (0)
109#else 108#else
110#define jffs2_can_mark_obsolete(c) \ 109#define jffs2_can_mark_obsolete(c) (c->mtd->flags & (MTD_BIT_WRITEABLE))
111 ((c->mtd->type == MTD_NORFLASH && !(c->mtd->flags & (MTD_ECC|MTD_PROGRAM_REGIONS))) || \
112 c->mtd->type == MTD_RAM)
113#endif 110#endif
114 111
115#define jffs2_cleanmarker_oob(c) (c->mtd->type == MTD_NANDFLASH) 112#define jffs2_cleanmarker_oob(c) (c->mtd->type == MTD_NANDFLASH)
@@ -133,15 +130,11 @@ int jffs2_flush_wbuf_pad(struct jffs2_sb_info *c);
133int jffs2_nand_flash_setup(struct jffs2_sb_info *c); 130int jffs2_nand_flash_setup(struct jffs2_sb_info *c);
134void jffs2_nand_flash_cleanup(struct jffs2_sb_info *c); 131void jffs2_nand_flash_cleanup(struct jffs2_sb_info *c);
135 132
136#define jffs2_nor_ecc(c) (c->mtd->type == MTD_NORFLASH && (c->mtd->flags & MTD_ECC))
137int jffs2_nor_ecc_flash_setup(struct jffs2_sb_info *c);
138void jffs2_nor_ecc_flash_cleanup(struct jffs2_sb_info *c);
139
140#define jffs2_dataflash(c) (c->mtd->type == MTD_DATAFLASH) 133#define jffs2_dataflash(c) (c->mtd->type == MTD_DATAFLASH)
141int jffs2_dataflash_setup(struct jffs2_sb_info *c); 134int jffs2_dataflash_setup(struct jffs2_sb_info *c);
142void jffs2_dataflash_cleanup(struct jffs2_sb_info *c); 135void jffs2_dataflash_cleanup(struct jffs2_sb_info *c);
143 136
144#define jffs2_nor_wbuf_flash(c) (c->mtd->type == MTD_NORFLASH && (c->mtd->flags & MTD_PROGRAM_REGIONS)) 137#define jffs2_nor_wbuf_flash(c) (c->mtd->type == MTD_NORFLASH && ! (c->mtd->flags & MTD_BIT_WRITEABLE))
145int jffs2_nor_wbuf_flash_setup(struct jffs2_sb_info *c); 138int jffs2_nor_wbuf_flash_setup(struct jffs2_sb_info *c);
146void jffs2_nor_wbuf_flash_cleanup(struct jffs2_sb_info *c); 139void jffs2_nor_wbuf_flash_cleanup(struct jffs2_sb_info *c);
147 140
diff --git a/fs/jffs2/readinode.c b/fs/jffs2/readinode.c
index 6f4a7d846e8c..5fec012b02ed 100644
--- a/fs/jffs2/readinode.c
+++ b/fs/jffs2/readinode.c
@@ -116,19 +116,42 @@ static inline int read_direntry(struct jffs2_sb_info *c, struct jffs2_raw_node_r
116 uint32_t *latest_mctime, uint32_t *mctime_ver) 116 uint32_t *latest_mctime, uint32_t *mctime_ver)
117{ 117{
118 struct jffs2_full_dirent *fd; 118 struct jffs2_full_dirent *fd;
119 uint32_t crc;
119 120
120 /* The direntry nodes are checked during the flash scanning */
121 BUG_ON(ref_flags(ref) == REF_UNCHECKED);
122 /* Obsoleted. This cannot happen, surely? dwmw2 20020308 */ 121 /* Obsoleted. This cannot happen, surely? dwmw2 20020308 */
123 BUG_ON(ref_obsolete(ref)); 122 BUG_ON(ref_obsolete(ref));
124 123
125 /* Sanity check */ 124 crc = crc32(0, rd, sizeof(*rd) - 8);
126 if (unlikely(PAD((rd->nsize + sizeof(*rd))) != PAD(je32_to_cpu(rd->totlen)))) { 125 if (unlikely(crc != je32_to_cpu(rd->node_crc))) {
127 JFFS2_ERROR("illegal nsize in node at %#08x: nsize %#02x, totlen %#04x\n", 126 JFFS2_NOTICE("header CRC failed on dirent node at %#08x: read %#08x, calculated %#08x\n",
128 ref_offset(ref), rd->nsize, je32_to_cpu(rd->totlen)); 127 ref_offset(ref), je32_to_cpu(rd->node_crc), crc);
129 return 1; 128 return 1;
130 } 129 }
131 130
131 /* If we've never checked the CRCs on this node, check them now */
132 if (ref_flags(ref) == REF_UNCHECKED) {
133 struct jffs2_eraseblock *jeb;
134 int len;
135
136 /* Sanity check */
137 if (unlikely(PAD((rd->nsize + sizeof(*rd))) != PAD(je32_to_cpu(rd->totlen)))) {
138 JFFS2_ERROR("illegal nsize in node at %#08x: nsize %#02x, totlen %#04x\n",
139 ref_offset(ref), rd->nsize, je32_to_cpu(rd->totlen));
140 return 1;
141 }
142
143 jeb = &c->blocks[ref->flash_offset / c->sector_size];
144 len = ref_totlen(c, jeb, ref);
145
146 spin_lock(&c->erase_completion_lock);
147 jeb->used_size += len;
148 jeb->unchecked_size -= len;
149 c->used_size += len;
150 c->unchecked_size -= len;
151 ref->flash_offset = ref_offset(ref) | REF_PRISTINE;
152 spin_unlock(&c->erase_completion_lock);
153 }
154
132 fd = jffs2_alloc_full_dirent(rd->nsize + 1); 155 fd = jffs2_alloc_full_dirent(rd->nsize + 1);
133 if (unlikely(!fd)) 156 if (unlikely(!fd))
134 return -ENOMEM; 157 return -ENOMEM;
@@ -198,13 +221,21 @@ static inline int read_dnode(struct jffs2_sb_info *c, struct jffs2_raw_node_ref
198 struct jffs2_tmp_dnode_info *tn; 221 struct jffs2_tmp_dnode_info *tn;
199 uint32_t len, csize; 222 uint32_t len, csize;
200 int ret = 1; 223 int ret = 1;
224 uint32_t crc;
201 225
202 /* Obsoleted. This cannot happen, surely? dwmw2 20020308 */ 226 /* Obsoleted. This cannot happen, surely? dwmw2 20020308 */
203 BUG_ON(ref_obsolete(ref)); 227 BUG_ON(ref_obsolete(ref));
204 228
229 crc = crc32(0, rd, sizeof(*rd) - 8);
230 if (unlikely(crc != je32_to_cpu(rd->node_crc))) {
231 JFFS2_NOTICE("node CRC failed on dnode at %#08x: read %#08x, calculated %#08x\n",
232 ref_offset(ref), je32_to_cpu(rd->node_crc), crc);
233 return 1;
234 }
235
205 tn = jffs2_alloc_tmp_dnode_info(); 236 tn = jffs2_alloc_tmp_dnode_info();
206 if (!tn) { 237 if (!tn) {
207 JFFS2_ERROR("failed to allocate tn (%d bytes).\n", sizeof(*tn)); 238 JFFS2_ERROR("failed to allocate tn (%zu bytes).\n", sizeof(*tn));
208 return -ENOMEM; 239 return -ENOMEM;
209 } 240 }
210 241
@@ -213,14 +244,6 @@ static inline int read_dnode(struct jffs2_sb_info *c, struct jffs2_raw_node_ref
213 244
214 /* If we've never checked the CRCs on this node, check them now */ 245 /* If we've never checked the CRCs on this node, check them now */
215 if (ref_flags(ref) == REF_UNCHECKED) { 246 if (ref_flags(ref) == REF_UNCHECKED) {
216 uint32_t crc;
217
218 crc = crc32(0, rd, sizeof(*rd) - 8);
219 if (unlikely(crc != je32_to_cpu(rd->node_crc))) {
220 JFFS2_NOTICE("header CRC failed on node at %#08x: read %#08x, calculated %#08x\n",
221 ref_offset(ref), je32_to_cpu(rd->node_crc), crc);
222 goto free_out;
223 }
224 247
225 /* Sanity checks */ 248 /* Sanity checks */
226 if (unlikely(je32_to_cpu(rd->offset) > je32_to_cpu(rd->isize)) || 249 if (unlikely(je32_to_cpu(rd->offset) > je32_to_cpu(rd->isize)) ||
@@ -343,7 +366,7 @@ free_out:
343 * Helper function for jffs2_get_inode_nodes(). 366 * Helper function for jffs2_get_inode_nodes().
344 * It is called every time an unknown node is found. 367 * It is called every time an unknown node is found.
345 * 368 *
346 * Returns: 0 on succes; 369 * Returns: 0 on success;
347 * 1 if the node should be marked obsolete; 370 * 1 if the node should be marked obsolete;
348 * negative error code on failure. 371 * negative error code on failure.
349 */ 372 */
@@ -354,37 +377,30 @@ static inline int read_unknown(struct jffs2_sb_info *c, struct jffs2_raw_node_re
354 377
355 un->nodetype = cpu_to_je16(JFFS2_NODE_ACCURATE | je16_to_cpu(un->nodetype)); 378 un->nodetype = cpu_to_je16(JFFS2_NODE_ACCURATE | je16_to_cpu(un->nodetype));
356 379
357 if (crc32(0, un, sizeof(struct jffs2_unknown_node) - 4) != je32_to_cpu(un->hdr_crc)) { 380 switch(je16_to_cpu(un->nodetype) & JFFS2_COMPAT_MASK) {
358 /* Hmmm. This should have been caught at scan time. */
359 JFFS2_NOTICE("node header CRC failed at %#08x. But it must have been OK earlier.\n", ref_offset(ref));
360 jffs2_dbg_dump_node(c, ref_offset(ref));
361 return 1;
362 } else {
363 switch(je16_to_cpu(un->nodetype) & JFFS2_COMPAT_MASK) {
364 381
365 case JFFS2_FEATURE_INCOMPAT: 382 case JFFS2_FEATURE_INCOMPAT:
366 JFFS2_ERROR("unknown INCOMPAT nodetype %#04X at %#08x\n", 383 JFFS2_ERROR("unknown INCOMPAT nodetype %#04X at %#08x\n",
367 je16_to_cpu(un->nodetype), ref_offset(ref)); 384 je16_to_cpu(un->nodetype), ref_offset(ref));
368 /* EEP */ 385 /* EEP */
369 BUG(); 386 BUG();
370 break; 387 break;
371 388
372 case JFFS2_FEATURE_ROCOMPAT: 389 case JFFS2_FEATURE_ROCOMPAT:
373 JFFS2_ERROR("unknown ROCOMPAT nodetype %#04X at %#08x\n", 390 JFFS2_ERROR("unknown ROCOMPAT nodetype %#04X at %#08x\n",
374 je16_to_cpu(un->nodetype), ref_offset(ref)); 391 je16_to_cpu(un->nodetype), ref_offset(ref));
375 BUG_ON(!(c->flags & JFFS2_SB_FLAG_RO)); 392 BUG_ON(!(c->flags & JFFS2_SB_FLAG_RO));
376 break; 393 break;
377 394
378 case JFFS2_FEATURE_RWCOMPAT_COPY: 395 case JFFS2_FEATURE_RWCOMPAT_COPY:
379 JFFS2_NOTICE("unknown RWCOMPAT_COPY nodetype %#04X at %#08x\n", 396 JFFS2_NOTICE("unknown RWCOMPAT_COPY nodetype %#04X at %#08x\n",
380 je16_to_cpu(un->nodetype), ref_offset(ref)); 397 je16_to_cpu(un->nodetype), ref_offset(ref));
381 break; 398 break;
382 399
383 case JFFS2_FEATURE_RWCOMPAT_DELETE: 400 case JFFS2_FEATURE_RWCOMPAT_DELETE:
384 JFFS2_NOTICE("unknown RWCOMPAT_DELETE nodetype %#04X at %#08x\n", 401 JFFS2_NOTICE("unknown RWCOMPAT_DELETE nodetype %#04X at %#08x\n",
385 je16_to_cpu(un->nodetype), ref_offset(ref)); 402 je16_to_cpu(un->nodetype), ref_offset(ref));
386 return 1; 403 return 1;
387 }
388 } 404 }
389 405
390 return 0; 406 return 0;
@@ -434,7 +450,7 @@ static int read_more(struct jffs2_sb_info *c, struct jffs2_raw_node_ref *ref,
434 } 450 }
435 451
436 if (retlen < len) { 452 if (retlen < len) {
437 JFFS2_ERROR("short read at %#08x: %d instead of %d.\n", 453 JFFS2_ERROR("short read at %#08x: %zu instead of %d.\n",
438 offs, retlen, len); 454 offs, retlen, len);
439 return -EIO; 455 return -EIO;
440 } 456 }
@@ -542,13 +558,25 @@ static int jffs2_get_inode_nodes(struct jffs2_sb_info *c, struct jffs2_inode_inf
542 } 558 }
543 559
544 if (retlen < len) { 560 if (retlen < len) {
545 JFFS2_ERROR("short read at %#08x: %d instead of %d.\n", ref_offset(ref), retlen, len); 561 JFFS2_ERROR("short read at %#08x: %zu instead of %d.\n", ref_offset(ref), retlen, len);
546 err = -EIO; 562 err = -EIO;
547 goto free_out; 563 goto free_out;
548 } 564 }
549 565
550 node = (union jffs2_node_union *)bufstart; 566 node = (union jffs2_node_union *)bufstart;
551 567
568 /* No need to mask in the valid bit; it shouldn't be invalid */
569 if (je32_to_cpu(node->u.hdr_crc) != crc32(0, node, sizeof(node->u)-4)) {
570 JFFS2_NOTICE("Node header CRC failed at %#08x. {%04x,%04x,%08x,%08x}\n",
571 ref_offset(ref), je16_to_cpu(node->u.magic),
572 je16_to_cpu(node->u.nodetype),
573 je32_to_cpu(node->u.totlen),
574 je32_to_cpu(node->u.hdr_crc));
575 jffs2_dbg_dump_node(c, ref_offset(ref));
576 jffs2_mark_node_obsolete(c, ref);
577 goto cont;
578 }
579
552 switch (je16_to_cpu(node->u.nodetype)) { 580 switch (je16_to_cpu(node->u.nodetype)) {
553 581
554 case JFFS2_NODETYPE_DIRENT: 582 case JFFS2_NODETYPE_DIRENT:
@@ -606,6 +634,7 @@ static int jffs2_get_inode_nodes(struct jffs2_sb_info *c, struct jffs2_inode_inf
606 goto free_out; 634 goto free_out;
607 635
608 } 636 }
637 cont:
609 spin_lock(&c->erase_completion_lock); 638 spin_lock(&c->erase_completion_lock);
610 } 639 }
611 640
diff --git a/fs/jffs2/scan.c b/fs/jffs2/scan.c
index cf55b221fc2b..61618080b86f 100644
--- a/fs/jffs2/scan.c
+++ b/fs/jffs2/scan.c
@@ -65,6 +65,28 @@ static inline uint32_t EMPTY_SCAN_SIZE(uint32_t sector_size) {
65 return DEFAULT_EMPTY_SCAN_SIZE; 65 return DEFAULT_EMPTY_SCAN_SIZE;
66} 66}
67 67
68static int file_dirty(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb)
69{
70 int ret;
71
72 if ((ret = jffs2_prealloc_raw_node_refs(c, jeb, 1)))
73 return ret;
74 if ((ret = jffs2_scan_dirty_space(c, jeb, jeb->free_size)))
75 return ret;
76 /* Turned wasted size into dirty, since we apparently
77 think it's recoverable now. */
78 jeb->dirty_size += jeb->wasted_size;
79 c->dirty_size += jeb->wasted_size;
80 c->wasted_size -= jeb->wasted_size;
81 jeb->wasted_size = 0;
82 if (VERYDIRTY(c, jeb->dirty_size)) {
83 list_add(&jeb->list, &c->very_dirty_list);
84 } else {
85 list_add(&jeb->list, &c->dirty_list);
86 }
87 return 0;
88}
89
68int jffs2_scan_medium(struct jffs2_sb_info *c) 90int jffs2_scan_medium(struct jffs2_sb_info *c)
69{ 91{
70 int i, ret; 92 int i, ret;
@@ -170,34 +192,20 @@ int jffs2_scan_medium(struct jffs2_sb_info *c)
170 (!c->nextblock || c->nextblock->free_size < jeb->free_size)) { 192 (!c->nextblock || c->nextblock->free_size < jeb->free_size)) {
171 /* Better candidate for the next writes to go to */ 193 /* Better candidate for the next writes to go to */
172 if (c->nextblock) { 194 if (c->nextblock) {
173 c->nextblock->dirty_size += c->nextblock->free_size + c->nextblock->wasted_size; 195 ret = file_dirty(c, c->nextblock);
174 c->dirty_size += c->nextblock->free_size + c->nextblock->wasted_size; 196 if (ret)
175 c->free_size -= c->nextblock->free_size; 197 return ret;
176 c->wasted_size -= c->nextblock->wasted_size;
177 c->nextblock->free_size = c->nextblock->wasted_size = 0;
178 if (VERYDIRTY(c, c->nextblock->dirty_size)) {
179 list_add(&c->nextblock->list, &c->very_dirty_list);
180 } else {
181 list_add(&c->nextblock->list, &c->dirty_list);
182 }
183 /* deleting summary information of the old nextblock */ 198 /* deleting summary information of the old nextblock */
184 jffs2_sum_reset_collected(c->summary); 199 jffs2_sum_reset_collected(c->summary);
185 } 200 }
186 /* update collected summary infromation for the current nextblock */ 201 /* update collected summary information for the current nextblock */
187 jffs2_sum_move_collected(c, s); 202 jffs2_sum_move_collected(c, s);
188 D1(printk(KERN_DEBUG "jffs2_scan_medium(): new nextblock = 0x%08x\n", jeb->offset)); 203 D1(printk(KERN_DEBUG "jffs2_scan_medium(): new nextblock = 0x%08x\n", jeb->offset));
189 c->nextblock = jeb; 204 c->nextblock = jeb;
190 } else { 205 } else {
191 jeb->dirty_size += jeb->free_size + jeb->wasted_size; 206 ret = file_dirty(c, jeb);
192 c->dirty_size += jeb->free_size + jeb->wasted_size; 207 if (ret)
193 c->free_size -= jeb->free_size; 208 return ret;
194 c->wasted_size -= jeb->wasted_size;
195 jeb->free_size = jeb->wasted_size = 0;
196 if (VERYDIRTY(c, jeb->dirty_size)) {
197 list_add(&jeb->list, &c->very_dirty_list);
198 } else {
199 list_add(&jeb->list, &c->dirty_list);
200 }
201 } 209 }
202 break; 210 break;
203 211
@@ -222,9 +230,6 @@ int jffs2_scan_medium(struct jffs2_sb_info *c)
222 } 230 }
223 } 231 }
224 232
225 if (jffs2_sum_active() && s)
226 kfree(s);
227
228 /* Nextblock dirty is always seen as wasted, because we cannot recycle it now */ 233 /* Nextblock dirty is always seen as wasted, because we cannot recycle it now */
229 if (c->nextblock && (c->nextblock->dirty_size)) { 234 if (c->nextblock && (c->nextblock->dirty_size)) {
230 c->nextblock->wasted_size += c->nextblock->dirty_size; 235 c->nextblock->wasted_size += c->nextblock->dirty_size;
@@ -242,11 +247,8 @@ int jffs2_scan_medium(struct jffs2_sb_info *c)
242 247
243 D1(printk(KERN_DEBUG "jffs2_scan_medium(): Skipping %d bytes in nextblock to ensure page alignment\n", 248 D1(printk(KERN_DEBUG "jffs2_scan_medium(): Skipping %d bytes in nextblock to ensure page alignment\n",
244 skip)); 249 skip));
245 c->nextblock->wasted_size += skip; 250 jffs2_prealloc_raw_node_refs(c, c->nextblock, 1);
246 c->wasted_size += skip; 251 jffs2_scan_dirty_space(c, c->nextblock, skip);
247
248 c->nextblock->free_size -= skip;
249 c->free_size -= skip;
250 } 252 }
251#endif 253#endif
252 if (c->nr_erasing_blocks) { 254 if (c->nr_erasing_blocks) {
@@ -266,6 +268,9 @@ int jffs2_scan_medium(struct jffs2_sb_info *c)
266 else 268 else
267 c->mtd->unpoint(c->mtd, flashbuf, 0, c->mtd->size); 269 c->mtd->unpoint(c->mtd, flashbuf, 0, c->mtd->size);
268#endif 270#endif
271 if (s)
272 kfree(s);
273
269 return ret; 274 return ret;
270} 275}
271 276
@@ -290,7 +295,7 @@ int jffs2_fill_scan_buf (struct jffs2_sb_info *c, void *buf,
290int jffs2_scan_classify_jeb(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb) 295int jffs2_scan_classify_jeb(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb)
291{ 296{
292 if ((jeb->used_size + jeb->unchecked_size) == PAD(c->cleanmarker_size) && !jeb->dirty_size 297 if ((jeb->used_size + jeb->unchecked_size) == PAD(c->cleanmarker_size) && !jeb->dirty_size
293 && (!jeb->first_node || !jeb->first_node->next_phys) ) 298 && (!jeb->first_node || !ref_next(jeb->first_node)) )
294 return BLK_STATE_CLEANMARKER; 299 return BLK_STATE_CLEANMARKER;
295 300
296 /* move blocks with max 4 byte dirty space to cleanlist */ 301 /* move blocks with max 4 byte dirty space to cleanlist */
@@ -306,11 +311,119 @@ int jffs2_scan_classify_jeb(struct jffs2_sb_info *c, struct jffs2_eraseblock *je
306 return BLK_STATE_ALLDIRTY; 311 return BLK_STATE_ALLDIRTY;
307} 312}
308 313
314#ifdef CONFIG_JFFS2_FS_XATTR
315static int jffs2_scan_xattr_node(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb,
316 struct jffs2_raw_xattr *rx, uint32_t ofs,
317 struct jffs2_summary *s)
318{
319 struct jffs2_xattr_datum *xd;
320 uint32_t totlen, crc;
321 int err;
322
323 crc = crc32(0, rx, sizeof(struct jffs2_raw_xattr) - 4);
324 if (crc != je32_to_cpu(rx->node_crc)) {
325 if (je32_to_cpu(rx->node_crc) != 0xffffffff)
326 JFFS2_WARNING("node CRC failed at %#08x, read=%#08x, calc=%#08x\n",
327 ofs, je32_to_cpu(rx->node_crc), crc);
328 if ((err = jffs2_scan_dirty_space(c, jeb, je32_to_cpu(rx->totlen))))
329 return err;
330 return 0;
331 }
332
333 totlen = PAD(sizeof(*rx) + rx->name_len + 1 + je16_to_cpu(rx->value_len));
334 if (totlen != je32_to_cpu(rx->totlen)) {
335 JFFS2_WARNING("node length mismatch at %#08x, read=%u, calc=%u\n",
336 ofs, je32_to_cpu(rx->totlen), totlen);
337 if ((err = jffs2_scan_dirty_space(c, jeb, je32_to_cpu(rx->totlen))))
338 return err;
339 return 0;
340 }
341
342 xd = jffs2_setup_xattr_datum(c, je32_to_cpu(rx->xid), je32_to_cpu(rx->version));
343 if (IS_ERR(xd)) {
344 if (PTR_ERR(xd) == -EEXIST) {
345 if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(rx->totlen)))))
346 return err;
347 return 0;
348 }
349 return PTR_ERR(xd);
350 }
351 xd->xprefix = rx->xprefix;
352 xd->name_len = rx->name_len;
353 xd->value_len = je16_to_cpu(rx->value_len);
354 xd->data_crc = je32_to_cpu(rx->data_crc);
355
356 xd->node = jffs2_link_node_ref(c, jeb, ofs | REF_PRISTINE, totlen, NULL);
357 /* FIXME */ xd->node->next_in_ino = (void *)xd;
358
359 if (jffs2_sum_active())
360 jffs2_sum_add_xattr_mem(s, rx, ofs - jeb->offset);
361 dbg_xattr("scaning xdatum at %#08x (xid=%u, version=%u)\n",
362 ofs, xd->xid, xd->version);
363 return 0;
364}
365
366static int jffs2_scan_xref_node(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb,
367 struct jffs2_raw_xref *rr, uint32_t ofs,
368 struct jffs2_summary *s)
369{
370 struct jffs2_xattr_ref *ref;
371 uint32_t crc;
372 int err;
373
374 crc = crc32(0, rr, sizeof(*rr) - 4);
375 if (crc != je32_to_cpu(rr->node_crc)) {
376 if (je32_to_cpu(rr->node_crc) != 0xffffffff)
377 JFFS2_WARNING("node CRC failed at %#08x, read=%#08x, calc=%#08x\n",
378 ofs, je32_to_cpu(rr->node_crc), crc);
379 if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(rr->totlen)))))
380 return err;
381 return 0;
382 }
383
384 if (PAD(sizeof(struct jffs2_raw_xref)) != je32_to_cpu(rr->totlen)) {
385 JFFS2_WARNING("node length mismatch at %#08x, read=%u, calc=%zd\n",
386 ofs, je32_to_cpu(rr->totlen),
387 PAD(sizeof(struct jffs2_raw_xref)));
388 if ((err = jffs2_scan_dirty_space(c, jeb, je32_to_cpu(rr->totlen))))
389 return err;
390 return 0;
391 }
392
393 ref = jffs2_alloc_xattr_ref();
394 if (!ref)
395 return -ENOMEM;
396
397 /* BEFORE jffs2_build_xattr_subsystem() called,
398 * ref->xid is used to store 32bit xid, xd is not used
399 * ref->ino is used to store 32bit inode-number, ic is not used
400 * Thoes variables are declared as union, thus using those
401 * are exclusive. In a similar way, ref->next is temporarily
402 * used to chain all xattr_ref object. It's re-chained to
403 * jffs2_inode_cache in jffs2_build_xattr_subsystem() correctly.
404 */
405 ref->ino = je32_to_cpu(rr->ino);
406 ref->xid = je32_to_cpu(rr->xid);
407 ref->next = c->xref_temp;
408 c->xref_temp = ref;
409
410 ref->node = jffs2_link_node_ref(c, jeb, ofs | REF_PRISTINE, PAD(je32_to_cpu(rr->totlen)), NULL);
411 /* FIXME */ ref->node->next_in_ino = (void *)ref;
412
413 if (jffs2_sum_active())
414 jffs2_sum_add_xref_mem(s, rr, ofs - jeb->offset);
415 dbg_xattr("scan xref at %#08x (xid=%u, ino=%u)\n",
416 ofs, ref->xid, ref->ino);
417 return 0;
418}
419#endif
420
421/* Called with 'buf_size == 0' if buf is in fact a pointer _directly_ into
422 the flash, XIP-style */
309static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, 423static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb,
310 unsigned char *buf, uint32_t buf_size, struct jffs2_summary *s) { 424 unsigned char *buf, uint32_t buf_size, struct jffs2_summary *s) {
311 struct jffs2_unknown_node *node; 425 struct jffs2_unknown_node *node;
312 struct jffs2_unknown_node crcnode; 426 struct jffs2_unknown_node crcnode;
313 struct jffs2_sum_marker *sm;
314 uint32_t ofs, prevofs; 427 uint32_t ofs, prevofs;
315 uint32_t hdr_crc, buf_ofs, buf_len; 428 uint32_t hdr_crc, buf_ofs, buf_len;
316 int err; 429 int err;
@@ -344,44 +457,75 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
344#endif 457#endif
345 458
346 if (jffs2_sum_active()) { 459 if (jffs2_sum_active()) {
347 sm = kmalloc(sizeof(struct jffs2_sum_marker), GFP_KERNEL); 460 struct jffs2_sum_marker *sm;
348 if (!sm) { 461 void *sumptr = NULL;
349 return -ENOMEM; 462 uint32_t sumlen;
350 } 463
351 464 if (!buf_size) {
352 err = jffs2_fill_scan_buf(c, (unsigned char *) sm, jeb->offset + c->sector_size - 465 /* XIP case. Just look, point at the summary if it's there */
353 sizeof(struct jffs2_sum_marker), sizeof(struct jffs2_sum_marker)); 466 sm = (void *)buf + c->sector_size - sizeof(*sm);
354 if (err) { 467 if (je32_to_cpu(sm->magic) == JFFS2_SUM_MAGIC) {
355 kfree(sm); 468 sumptr = buf + je32_to_cpu(sm->offset);
356 return err; 469 sumlen = c->sector_size - je32_to_cpu(sm->offset);
357 } 470 }
358 471 } else {
359 if (je32_to_cpu(sm->magic) == JFFS2_SUM_MAGIC ) { 472 /* If NAND flash, read a whole page of it. Else just the end */
360 err = jffs2_sum_scan_sumnode(c, jeb, je32_to_cpu(sm->offset), &pseudo_random); 473 if (c->wbuf_pagesize)
361 if (err) { 474 buf_len = c->wbuf_pagesize;
362 kfree(sm); 475 else
476 buf_len = sizeof(*sm);
477
478 /* Read as much as we want into the _end_ of the preallocated buffer */
479 err = jffs2_fill_scan_buf(c, buf + buf_size - buf_len,
480 jeb->offset + c->sector_size - buf_len,
481 buf_len);
482 if (err)
363 return err; 483 return err;
484
485 sm = (void *)buf + buf_size - sizeof(*sm);
486 if (je32_to_cpu(sm->magic) == JFFS2_SUM_MAGIC) {
487 sumlen = c->sector_size - je32_to_cpu(sm->offset);
488 sumptr = buf + buf_size - sumlen;
489
490 /* Now, make sure the summary itself is available */
491 if (sumlen > buf_size) {
492 /* Need to kmalloc for this. */
493 sumptr = kmalloc(sumlen, GFP_KERNEL);
494 if (!sumptr)
495 return -ENOMEM;
496 memcpy(sumptr + sumlen - buf_len, buf + buf_size - buf_len, buf_len);
497 }
498 if (buf_len < sumlen) {
499 /* Need to read more so that the entire summary node is present */
500 err = jffs2_fill_scan_buf(c, sumptr,
501 jeb->offset + c->sector_size - sumlen,
502 sumlen - buf_len);
503 if (err)
504 return err;
505 }
364 } 506 }
507
365 } 508 }
366 509
367 kfree(sm); 510 if (sumptr) {
511 err = jffs2_sum_scan_sumnode(c, jeb, sumptr, sumlen, &pseudo_random);
368 512
369 ofs = jeb->offset; 513 if (buf_size && sumlen > buf_size)
370 prevofs = jeb->offset - 1; 514 kfree(sumptr);
515 /* If it returns with a real error, bail.
516 If it returns positive, that's a block classification
517 (i.e. BLK_STATE_xxx) so return that too.
518 If it returns zero, fall through to full scan. */
519 if (err)
520 return err;
521 }
371 } 522 }
372 523
373 buf_ofs = jeb->offset; 524 buf_ofs = jeb->offset;
374 525
375 if (!buf_size) { 526 if (!buf_size) {
527 /* This is the XIP case -- we're reading _directly_ from the flash chip */
376 buf_len = c->sector_size; 528 buf_len = c->sector_size;
377
378 if (jffs2_sum_active()) {
379 /* must reread because of summary test */
380 err = jffs2_fill_scan_buf(c, buf, buf_ofs, buf_len);
381 if (err)
382 return err;
383 }
384
385 } else { 529 } else {
386 buf_len = EMPTY_SCAN_SIZE(c->sector_size); 530 buf_len = EMPTY_SCAN_SIZE(c->sector_size);
387 err = jffs2_fill_scan_buf(c, buf, buf_ofs, buf_len); 531 err = jffs2_fill_scan_buf(c, buf, buf_ofs, buf_len);
@@ -418,7 +562,10 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
418 if (ofs) { 562 if (ofs) {
419 D1(printk(KERN_DEBUG "Free space at %08x ends at %08x\n", jeb->offset, 563 D1(printk(KERN_DEBUG "Free space at %08x ends at %08x\n", jeb->offset,
420 jeb->offset + ofs)); 564 jeb->offset + ofs));
421 DIRTY_SPACE(ofs); 565 if ((err = jffs2_prealloc_raw_node_refs(c, jeb, 1)))
566 return err;
567 if ((err = jffs2_scan_dirty_space(c, jeb, ofs)))
568 return err;
422 } 569 }
423 570
424 /* Now ofs is a complete physical flash offset as it always was... */ 571 /* Now ofs is a complete physical flash offset as it always was... */
@@ -433,6 +580,11 @@ scan_more:
433 580
434 jffs2_dbg_acct_paranoia_check_nolock(c, jeb); 581 jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
435 582
583 /* Make sure there are node refs available for use */
584 err = jffs2_prealloc_raw_node_refs(c, jeb, 2);
585 if (err)
586 return err;
587
436 cond_resched(); 588 cond_resched();
437 589
438 if (ofs & 3) { 590 if (ofs & 3) {
@@ -442,7 +594,8 @@ scan_more:
442 } 594 }
443 if (ofs == prevofs) { 595 if (ofs == prevofs) {
444 printk(KERN_WARNING "ofs 0x%08x has already been seen. Skipping\n", ofs); 596 printk(KERN_WARNING "ofs 0x%08x has already been seen. Skipping\n", ofs);
445 DIRTY_SPACE(4); 597 if ((err = jffs2_scan_dirty_space(c, jeb, 4)))
598 return err;
446 ofs += 4; 599 ofs += 4;
447 continue; 600 continue;
448 } 601 }
@@ -451,7 +604,8 @@ scan_more:
451 if (jeb->offset + c->sector_size < ofs + sizeof(*node)) { 604 if (jeb->offset + c->sector_size < ofs + sizeof(*node)) {
452 D1(printk(KERN_DEBUG "Fewer than %zd bytes left to end of block. (%x+%x<%x+%zx) Not reading\n", sizeof(struct jffs2_unknown_node), 605 D1(printk(KERN_DEBUG "Fewer than %zd bytes left to end of block. (%x+%x<%x+%zx) Not reading\n", sizeof(struct jffs2_unknown_node),
453 jeb->offset, c->sector_size, ofs, sizeof(*node))); 606 jeb->offset, c->sector_size, ofs, sizeof(*node)));
454 DIRTY_SPACE((jeb->offset + c->sector_size)-ofs); 607 if ((err = jffs2_scan_dirty_space(c, jeb, (jeb->offset + c->sector_size)-ofs)))
608 return err;
455 break; 609 break;
456 } 610 }
457 611
@@ -481,7 +635,8 @@ scan_more:
481 if (*(uint32_t *)(&buf[inbuf_ofs]) != 0xffffffff) { 635 if (*(uint32_t *)(&buf[inbuf_ofs]) != 0xffffffff) {
482 printk(KERN_WARNING "Empty flash at 0x%08x ends at 0x%08x\n", 636 printk(KERN_WARNING "Empty flash at 0x%08x ends at 0x%08x\n",
483 empty_start, ofs); 637 empty_start, ofs);
484 DIRTY_SPACE(ofs-empty_start); 638 if ((err = jffs2_scan_dirty_space(c, jeb, ofs-empty_start)))
639 return err;
485 goto scan_more; 640 goto scan_more;
486 } 641 }
487 642
@@ -494,7 +649,7 @@ scan_more:
494 /* If we're only checking the beginning of a block with a cleanmarker, 649 /* If we're only checking the beginning of a block with a cleanmarker,
495 bail now */ 650 bail now */
496 if (buf_ofs == jeb->offset && jeb->used_size == PAD(c->cleanmarker_size) && 651 if (buf_ofs == jeb->offset && jeb->used_size == PAD(c->cleanmarker_size) &&
497 c->cleanmarker_size && !jeb->dirty_size && !jeb->first_node->next_phys) { 652 c->cleanmarker_size && !jeb->dirty_size && !ref_next(jeb->first_node)) {
498 D1(printk(KERN_DEBUG "%d bytes at start of block seems clean... assuming all clean\n", EMPTY_SCAN_SIZE(c->sector_size))); 653 D1(printk(KERN_DEBUG "%d bytes at start of block seems clean... assuming all clean\n", EMPTY_SCAN_SIZE(c->sector_size)));
499 return BLK_STATE_CLEANMARKER; 654 return BLK_STATE_CLEANMARKER;
500 } 655 }
@@ -518,20 +673,23 @@ scan_more:
518 673
519 if (ofs == jeb->offset && je16_to_cpu(node->magic) == KSAMTIB_CIGAM_2SFFJ) { 674 if (ofs == jeb->offset && je16_to_cpu(node->magic) == KSAMTIB_CIGAM_2SFFJ) {
520 printk(KERN_WARNING "Magic bitmask is backwards at offset 0x%08x. Wrong endian filesystem?\n", ofs); 675 printk(KERN_WARNING "Magic bitmask is backwards at offset 0x%08x. Wrong endian filesystem?\n", ofs);
521 DIRTY_SPACE(4); 676 if ((err = jffs2_scan_dirty_space(c, jeb, 4)))
677 return err;
522 ofs += 4; 678 ofs += 4;
523 continue; 679 continue;
524 } 680 }
525 if (je16_to_cpu(node->magic) == JFFS2_DIRTY_BITMASK) { 681 if (je16_to_cpu(node->magic) == JFFS2_DIRTY_BITMASK) {
526 D1(printk(KERN_DEBUG "Dirty bitmask at 0x%08x\n", ofs)); 682 D1(printk(KERN_DEBUG "Dirty bitmask at 0x%08x\n", ofs));
527 DIRTY_SPACE(4); 683 if ((err = jffs2_scan_dirty_space(c, jeb, 4)))
684 return err;
528 ofs += 4; 685 ofs += 4;
529 continue; 686 continue;
530 } 687 }
531 if (je16_to_cpu(node->magic) == JFFS2_OLD_MAGIC_BITMASK) { 688 if (je16_to_cpu(node->magic) == JFFS2_OLD_MAGIC_BITMASK) {
532 printk(KERN_WARNING "Old JFFS2 bitmask found at 0x%08x\n", ofs); 689 printk(KERN_WARNING "Old JFFS2 bitmask found at 0x%08x\n", ofs);
533 printk(KERN_WARNING "You cannot use older JFFS2 filesystems with newer kernels\n"); 690 printk(KERN_WARNING "You cannot use older JFFS2 filesystems with newer kernels\n");
534 DIRTY_SPACE(4); 691 if ((err = jffs2_scan_dirty_space(c, jeb, 4)))
692 return err;
535 ofs += 4; 693 ofs += 4;
536 continue; 694 continue;
537 } 695 }
@@ -540,7 +698,8 @@ scan_more:
540 noisy_printk(&noise, "jffs2_scan_eraseblock(): Magic bitmask 0x%04x not found at 0x%08x: 0x%04x instead\n", 698 noisy_printk(&noise, "jffs2_scan_eraseblock(): Magic bitmask 0x%04x not found at 0x%08x: 0x%04x instead\n",
541 JFFS2_MAGIC_BITMASK, ofs, 699 JFFS2_MAGIC_BITMASK, ofs,
542 je16_to_cpu(node->magic)); 700 je16_to_cpu(node->magic));
543 DIRTY_SPACE(4); 701 if ((err = jffs2_scan_dirty_space(c, jeb, 4)))
702 return err;
544 ofs += 4; 703 ofs += 4;
545 continue; 704 continue;
546 } 705 }
@@ -557,7 +716,8 @@ scan_more:
557 je32_to_cpu(node->totlen), 716 je32_to_cpu(node->totlen),
558 je32_to_cpu(node->hdr_crc), 717 je32_to_cpu(node->hdr_crc),
559 hdr_crc); 718 hdr_crc);
560 DIRTY_SPACE(4); 719 if ((err = jffs2_scan_dirty_space(c, jeb, 4)))
720 return err;
561 ofs += 4; 721 ofs += 4;
562 continue; 722 continue;
563 } 723 }
@@ -568,7 +728,8 @@ scan_more:
568 printk(KERN_WARNING "Node at 0x%08x with length 0x%08x would run over the end of the erase block\n", 728 printk(KERN_WARNING "Node at 0x%08x with length 0x%08x would run over the end of the erase block\n",
569 ofs, je32_to_cpu(node->totlen)); 729 ofs, je32_to_cpu(node->totlen));
570 printk(KERN_WARNING "Perhaps the file system was created with the wrong erase size?\n"); 730 printk(KERN_WARNING "Perhaps the file system was created with the wrong erase size?\n");
571 DIRTY_SPACE(4); 731 if ((err = jffs2_scan_dirty_space(c, jeb, 4)))
732 return err;
572 ofs += 4; 733 ofs += 4;
573 continue; 734 continue;
574 } 735 }
@@ -576,7 +737,8 @@ scan_more:
576 if (!(je16_to_cpu(node->nodetype) & JFFS2_NODE_ACCURATE)) { 737 if (!(je16_to_cpu(node->nodetype) & JFFS2_NODE_ACCURATE)) {
577 /* Wheee. This is an obsoleted node */ 738 /* Wheee. This is an obsoleted node */
578 D2(printk(KERN_DEBUG "Node at 0x%08x is obsolete. Skipping\n", ofs)); 739 D2(printk(KERN_DEBUG "Node at 0x%08x is obsolete. Skipping\n", ofs));
579 DIRTY_SPACE(PAD(je32_to_cpu(node->totlen))); 740 if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(node->totlen)))))
741 return err;
580 ofs += PAD(je32_to_cpu(node->totlen)); 742 ofs += PAD(je32_to_cpu(node->totlen));
581 continue; 743 continue;
582 } 744 }
@@ -614,30 +776,59 @@ scan_more:
614 ofs += PAD(je32_to_cpu(node->totlen)); 776 ofs += PAD(je32_to_cpu(node->totlen));
615 break; 777 break;
616 778
779#ifdef CONFIG_JFFS2_FS_XATTR
780 case JFFS2_NODETYPE_XATTR:
781 if (buf_ofs + buf_len < ofs + je32_to_cpu(node->totlen)) {
782 buf_len = min_t(uint32_t, buf_size, jeb->offset + c->sector_size - ofs);
783 D1(printk(KERN_DEBUG "Fewer than %d bytes (xattr node)"
784 " left to end of buf. Reading 0x%x at 0x%08x\n",
785 je32_to_cpu(node->totlen), buf_len, ofs));
786 err = jffs2_fill_scan_buf(c, buf, ofs, buf_len);
787 if (err)
788 return err;
789 buf_ofs = ofs;
790 node = (void *)buf;
791 }
792 err = jffs2_scan_xattr_node(c, jeb, (void *)node, ofs, s);
793 if (err)
794 return err;
795 ofs += PAD(je32_to_cpu(node->totlen));
796 break;
797 case JFFS2_NODETYPE_XREF:
798 if (buf_ofs + buf_len < ofs + je32_to_cpu(node->totlen)) {
799 buf_len = min_t(uint32_t, buf_size, jeb->offset + c->sector_size - ofs);
800 D1(printk(KERN_DEBUG "Fewer than %d bytes (xref node)"
801 " left to end of buf. Reading 0x%x at 0x%08x\n",
802 je32_to_cpu(node->totlen), buf_len, ofs));
803 err = jffs2_fill_scan_buf(c, buf, ofs, buf_len);
804 if (err)
805 return err;
806 buf_ofs = ofs;
807 node = (void *)buf;
808 }
809 err = jffs2_scan_xref_node(c, jeb, (void *)node, ofs, s);
810 if (err)
811 return err;
812 ofs += PAD(je32_to_cpu(node->totlen));
813 break;
814#endif /* CONFIG_JFFS2_FS_XATTR */
815
617 case JFFS2_NODETYPE_CLEANMARKER: 816 case JFFS2_NODETYPE_CLEANMARKER:
618 D1(printk(KERN_DEBUG "CLEANMARKER node found at 0x%08x\n", ofs)); 817 D1(printk(KERN_DEBUG "CLEANMARKER node found at 0x%08x\n", ofs));
619 if (je32_to_cpu(node->totlen) != c->cleanmarker_size) { 818 if (je32_to_cpu(node->totlen) != c->cleanmarker_size) {
620 printk(KERN_NOTICE "CLEANMARKER node found at 0x%08x has totlen 0x%x != normal 0x%x\n", 819 printk(KERN_NOTICE "CLEANMARKER node found at 0x%08x has totlen 0x%x != normal 0x%x\n",
621 ofs, je32_to_cpu(node->totlen), c->cleanmarker_size); 820 ofs, je32_to_cpu(node->totlen), c->cleanmarker_size);
622 DIRTY_SPACE(PAD(sizeof(struct jffs2_unknown_node))); 821 if ((err = jffs2_scan_dirty_space(c, jeb, PAD(sizeof(struct jffs2_unknown_node)))))
822 return err;
623 ofs += PAD(sizeof(struct jffs2_unknown_node)); 823 ofs += PAD(sizeof(struct jffs2_unknown_node));
624 } else if (jeb->first_node) { 824 } else if (jeb->first_node) {
625 printk(KERN_NOTICE "CLEANMARKER node found at 0x%08x, not first node in block (0x%08x)\n", ofs, jeb->offset); 825 printk(KERN_NOTICE "CLEANMARKER node found at 0x%08x, not first node in block (0x%08x)\n", ofs, jeb->offset);
626 DIRTY_SPACE(PAD(sizeof(struct jffs2_unknown_node))); 826 if ((err = jffs2_scan_dirty_space(c, jeb, PAD(sizeof(struct jffs2_unknown_node)))))
827 return err;
627 ofs += PAD(sizeof(struct jffs2_unknown_node)); 828 ofs += PAD(sizeof(struct jffs2_unknown_node));
628 } else { 829 } else {
629 struct jffs2_raw_node_ref *marker_ref = jffs2_alloc_raw_node_ref(); 830 jffs2_link_node_ref(c, jeb, ofs | REF_NORMAL, c->cleanmarker_size, NULL);
630 if (!marker_ref) {
631 printk(KERN_NOTICE "Failed to allocate node ref for clean marker\n");
632 return -ENOMEM;
633 }
634 marker_ref->next_in_ino = NULL;
635 marker_ref->next_phys = NULL;
636 marker_ref->flash_offset = ofs | REF_NORMAL;
637 marker_ref->__totlen = c->cleanmarker_size;
638 jeb->first_node = jeb->last_node = marker_ref;
639 831
640 USED_SPACE(PAD(c->cleanmarker_size));
641 ofs += PAD(c->cleanmarker_size); 832 ofs += PAD(c->cleanmarker_size);
642 } 833 }
643 break; 834 break;
@@ -645,7 +836,8 @@ scan_more:
645 case JFFS2_NODETYPE_PADDING: 836 case JFFS2_NODETYPE_PADDING:
646 if (jffs2_sum_active()) 837 if (jffs2_sum_active())
647 jffs2_sum_add_padding_mem(s, je32_to_cpu(node->totlen)); 838 jffs2_sum_add_padding_mem(s, je32_to_cpu(node->totlen));
648 DIRTY_SPACE(PAD(je32_to_cpu(node->totlen))); 839 if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(node->totlen)))))
840 return err;
649 ofs += PAD(je32_to_cpu(node->totlen)); 841 ofs += PAD(je32_to_cpu(node->totlen));
650 break; 842 break;
651 843
@@ -656,7 +848,8 @@ scan_more:
656 c->flags |= JFFS2_SB_FLAG_RO; 848 c->flags |= JFFS2_SB_FLAG_RO;
657 if (!(jffs2_is_readonly(c))) 849 if (!(jffs2_is_readonly(c)))
658 return -EROFS; 850 return -EROFS;
659 DIRTY_SPACE(PAD(je32_to_cpu(node->totlen))); 851 if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(node->totlen)))))
852 return err;
660 ofs += PAD(je32_to_cpu(node->totlen)); 853 ofs += PAD(je32_to_cpu(node->totlen));
661 break; 854 break;
662 855
@@ -666,15 +859,21 @@ scan_more:
666 859
667 case JFFS2_FEATURE_RWCOMPAT_DELETE: 860 case JFFS2_FEATURE_RWCOMPAT_DELETE:
668 D1(printk(KERN_NOTICE "Unknown but compatible feature node (0x%04x) found at offset 0x%08x\n", je16_to_cpu(node->nodetype), ofs)); 861 D1(printk(KERN_NOTICE "Unknown but compatible feature node (0x%04x) found at offset 0x%08x\n", je16_to_cpu(node->nodetype), ofs));
669 DIRTY_SPACE(PAD(je32_to_cpu(node->totlen))); 862 if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(node->totlen)))))
863 return err;
670 ofs += PAD(je32_to_cpu(node->totlen)); 864 ofs += PAD(je32_to_cpu(node->totlen));
671 break; 865 break;
672 866
673 case JFFS2_FEATURE_RWCOMPAT_COPY: 867 case JFFS2_FEATURE_RWCOMPAT_COPY: {
674 D1(printk(KERN_NOTICE "Unknown but compatible feature node (0x%04x) found at offset 0x%08x\n", je16_to_cpu(node->nodetype), ofs)); 868 D1(printk(KERN_NOTICE "Unknown but compatible feature node (0x%04x) found at offset 0x%08x\n", je16_to_cpu(node->nodetype), ofs));
675 USED_SPACE(PAD(je32_to_cpu(node->totlen))); 869
870 jffs2_link_node_ref(c, jeb, ofs | REF_PRISTINE, PAD(je32_to_cpu(node->totlen)), NULL);
871
872 /* We can't summarise nodes we don't grok */
873 jffs2_sum_disable_collecting(s);
676 ofs += PAD(je32_to_cpu(node->totlen)); 874 ofs += PAD(je32_to_cpu(node->totlen));
677 break; 875 break;
876 }
678 } 877 }
679 } 878 }
680 } 879 }
@@ -687,9 +886,9 @@ scan_more:
687 } 886 }
688 } 887 }
689 888
690 D1(printk(KERN_DEBUG "Block at 0x%08x: free 0x%08x, dirty 0x%08x, unchecked 0x%08x, used 0x%08x\n", jeb->offset, 889 D1(printk(KERN_DEBUG "Block at 0x%08x: free 0x%08x, dirty 0x%08x, unchecked 0x%08x, used 0x%08x, wasted 0x%08x\n",
691 jeb->free_size, jeb->dirty_size, jeb->unchecked_size, jeb->used_size)); 890 jeb->offset,jeb->free_size, jeb->dirty_size, jeb->unchecked_size, jeb->used_size, jeb->wasted_size));
692 891
693 /* mark_node_obsolete can add to wasted !! */ 892 /* mark_node_obsolete can add to wasted !! */
694 if (jeb->wasted_size) { 893 if (jeb->wasted_size) {
695 jeb->dirty_size += jeb->wasted_size; 894 jeb->dirty_size += jeb->wasted_size;
@@ -730,9 +929,9 @@ struct jffs2_inode_cache *jffs2_scan_make_ino_cache(struct jffs2_sb_info *c, uin
730static int jffs2_scan_inode_node(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, 929static int jffs2_scan_inode_node(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb,
731 struct jffs2_raw_inode *ri, uint32_t ofs, struct jffs2_summary *s) 930 struct jffs2_raw_inode *ri, uint32_t ofs, struct jffs2_summary *s)
732{ 931{
733 struct jffs2_raw_node_ref *raw;
734 struct jffs2_inode_cache *ic; 932 struct jffs2_inode_cache *ic;
735 uint32_t ino = je32_to_cpu(ri->ino); 933 uint32_t ino = je32_to_cpu(ri->ino);
934 int err;
736 935
737 D1(printk(KERN_DEBUG "jffs2_scan_inode_node(): Node at 0x%08x\n", ofs)); 936 D1(printk(KERN_DEBUG "jffs2_scan_inode_node(): Node at 0x%08x\n", ofs));
738 937
@@ -745,12 +944,6 @@ static int jffs2_scan_inode_node(struct jffs2_sb_info *c, struct jffs2_erasebloc
745 Which means that the _full_ amount of time to get to proper write mode with GC 944 Which means that the _full_ amount of time to get to proper write mode with GC
746 operational may actually be _longer_ than before. Sucks to be me. */ 945 operational may actually be _longer_ than before. Sucks to be me. */
747 946
748 raw = jffs2_alloc_raw_node_ref();
749 if (!raw) {
750 printk(KERN_NOTICE "jffs2_scan_inode_node(): allocation of node reference failed\n");
751 return -ENOMEM;
752 }
753
754 ic = jffs2_get_ino_cache(c, ino); 947 ic = jffs2_get_ino_cache(c, ino);
755 if (!ic) { 948 if (!ic) {
756 /* Inocache get failed. Either we read a bogus ino# or it's just genuinely the 949 /* Inocache get failed. Either we read a bogus ino# or it's just genuinely the
@@ -762,30 +955,17 @@ static int jffs2_scan_inode_node(struct jffs2_sb_info *c, struct jffs2_erasebloc
762 printk(KERN_NOTICE "jffs2_scan_inode_node(): CRC failed on node at 0x%08x: Read 0x%08x, calculated 0x%08x\n", 955 printk(KERN_NOTICE "jffs2_scan_inode_node(): CRC failed on node at 0x%08x: Read 0x%08x, calculated 0x%08x\n",
763 ofs, je32_to_cpu(ri->node_crc), crc); 956 ofs, je32_to_cpu(ri->node_crc), crc);
764 /* We believe totlen because the CRC on the node _header_ was OK, just the node itself failed. */ 957 /* We believe totlen because the CRC on the node _header_ was OK, just the node itself failed. */
765 DIRTY_SPACE(PAD(je32_to_cpu(ri->totlen))); 958 if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(ri->totlen)))))
766 jffs2_free_raw_node_ref(raw); 959 return err;
767 return 0; 960 return 0;
768 } 961 }
769 ic = jffs2_scan_make_ino_cache(c, ino); 962 ic = jffs2_scan_make_ino_cache(c, ino);
770 if (!ic) { 963 if (!ic)
771 jffs2_free_raw_node_ref(raw);
772 return -ENOMEM; 964 return -ENOMEM;
773 }
774 } 965 }
775 966
776 /* Wheee. It worked */ 967 /* Wheee. It worked */
777 968 jffs2_link_node_ref(c, jeb, ofs | REF_UNCHECKED, PAD(je32_to_cpu(ri->totlen)), ic);
778 raw->flash_offset = ofs | REF_UNCHECKED;
779 raw->__totlen = PAD(je32_to_cpu(ri->totlen));
780 raw->next_phys = NULL;
781 raw->next_in_ino = ic->nodes;
782
783 ic->nodes = raw;
784 if (!jeb->first_node)
785 jeb->first_node = raw;
786 if (jeb->last_node)
787 jeb->last_node->next_phys = raw;
788 jeb->last_node = raw;
789 969
790 D1(printk(KERN_DEBUG "Node is ino #%u, version %d. Range 0x%x-0x%x\n", 970 D1(printk(KERN_DEBUG "Node is ino #%u, version %d. Range 0x%x-0x%x\n",
791 je32_to_cpu(ri->ino), je32_to_cpu(ri->version), 971 je32_to_cpu(ri->ino), je32_to_cpu(ri->version),
@@ -794,8 +974,6 @@ static int jffs2_scan_inode_node(struct jffs2_sb_info *c, struct jffs2_erasebloc
794 974
795 pseudo_random += je32_to_cpu(ri->version); 975 pseudo_random += je32_to_cpu(ri->version);
796 976
797 UNCHECKED_SPACE(PAD(je32_to_cpu(ri->totlen)));
798
799 if (jffs2_sum_active()) { 977 if (jffs2_sum_active()) {
800 jffs2_sum_add_inode_mem(s, ri, ofs - jeb->offset); 978 jffs2_sum_add_inode_mem(s, ri, ofs - jeb->offset);
801 } 979 }
@@ -806,10 +984,10 @@ static int jffs2_scan_inode_node(struct jffs2_sb_info *c, struct jffs2_erasebloc
806static int jffs2_scan_dirent_node(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, 984static int jffs2_scan_dirent_node(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb,
807 struct jffs2_raw_dirent *rd, uint32_t ofs, struct jffs2_summary *s) 985 struct jffs2_raw_dirent *rd, uint32_t ofs, struct jffs2_summary *s)
808{ 986{
809 struct jffs2_raw_node_ref *raw;
810 struct jffs2_full_dirent *fd; 987 struct jffs2_full_dirent *fd;
811 struct jffs2_inode_cache *ic; 988 struct jffs2_inode_cache *ic;
812 uint32_t crc; 989 uint32_t crc;
990 int err;
813 991
814 D1(printk(KERN_DEBUG "jffs2_scan_dirent_node(): Node at 0x%08x\n", ofs)); 992 D1(printk(KERN_DEBUG "jffs2_scan_dirent_node(): Node at 0x%08x\n", ofs));
815 993
@@ -821,7 +999,8 @@ static int jffs2_scan_dirent_node(struct jffs2_sb_info *c, struct jffs2_eraseblo
821 printk(KERN_NOTICE "jffs2_scan_dirent_node(): Node CRC failed on node at 0x%08x: Read 0x%08x, calculated 0x%08x\n", 999 printk(KERN_NOTICE "jffs2_scan_dirent_node(): Node CRC failed on node at 0x%08x: Read 0x%08x, calculated 0x%08x\n",
822 ofs, je32_to_cpu(rd->node_crc), crc); 1000 ofs, je32_to_cpu(rd->node_crc), crc);
823 /* We believe totlen because the CRC on the node _header_ was OK, just the node itself failed. */ 1001 /* We believe totlen because the CRC on the node _header_ was OK, just the node itself failed. */
824 DIRTY_SPACE(PAD(je32_to_cpu(rd->totlen))); 1002 if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(rd->totlen)))))
1003 return err;
825 return 0; 1004 return 0;
826 } 1005 }
827 1006
@@ -842,40 +1021,23 @@ static int jffs2_scan_dirent_node(struct jffs2_sb_info *c, struct jffs2_eraseblo
842 jffs2_free_full_dirent(fd); 1021 jffs2_free_full_dirent(fd);
843 /* FIXME: Why do we believe totlen? */ 1022 /* FIXME: Why do we believe totlen? */
844 /* We believe totlen because the CRC on the node _header_ was OK, just the name failed. */ 1023 /* We believe totlen because the CRC on the node _header_ was OK, just the name failed. */
845 DIRTY_SPACE(PAD(je32_to_cpu(rd->totlen))); 1024 if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(rd->totlen)))))
1025 return err;
846 return 0; 1026 return 0;
847 } 1027 }
848 raw = jffs2_alloc_raw_node_ref();
849 if (!raw) {
850 jffs2_free_full_dirent(fd);
851 printk(KERN_NOTICE "jffs2_scan_dirent_node(): allocation of node reference failed\n");
852 return -ENOMEM;
853 }
854 ic = jffs2_scan_make_ino_cache(c, je32_to_cpu(rd->pino)); 1028 ic = jffs2_scan_make_ino_cache(c, je32_to_cpu(rd->pino));
855 if (!ic) { 1029 if (!ic) {
856 jffs2_free_full_dirent(fd); 1030 jffs2_free_full_dirent(fd);
857 jffs2_free_raw_node_ref(raw);
858 return -ENOMEM; 1031 return -ENOMEM;
859 } 1032 }
860 1033
861 raw->__totlen = PAD(je32_to_cpu(rd->totlen)); 1034 fd->raw = jffs2_link_node_ref(c, jeb, ofs | REF_PRISTINE, PAD(je32_to_cpu(rd->totlen)), ic);
862 raw->flash_offset = ofs | REF_PRISTINE;
863 raw->next_phys = NULL;
864 raw->next_in_ino = ic->nodes;
865 ic->nodes = raw;
866 if (!jeb->first_node)
867 jeb->first_node = raw;
868 if (jeb->last_node)
869 jeb->last_node->next_phys = raw;
870 jeb->last_node = raw;
871 1035
872 fd->raw = raw;
873 fd->next = NULL; 1036 fd->next = NULL;
874 fd->version = je32_to_cpu(rd->version); 1037 fd->version = je32_to_cpu(rd->version);
875 fd->ino = je32_to_cpu(rd->ino); 1038 fd->ino = je32_to_cpu(rd->ino);
876 fd->nhash = full_name_hash(fd->name, rd->nsize); 1039 fd->nhash = full_name_hash(fd->name, rd->nsize);
877 fd->type = rd->type; 1040 fd->type = rd->type;
878 USED_SPACE(PAD(je32_to_cpu(rd->totlen)));
879 jffs2_add_fd_to_list(c, fd, &ic->scan_dents); 1041 jffs2_add_fd_to_list(c, fd, &ic->scan_dents);
880 1042
881 if (jffs2_sum_active()) { 1043 if (jffs2_sum_active()) {
diff --git a/fs/jffs2/security.c b/fs/jffs2/security.c
new file mode 100644
index 000000000000..52a9894a6364
--- /dev/null
+++ b/fs/jffs2/security.c
@@ -0,0 +1,82 @@
1/*
2 * JFFS2 -- Journalling Flash File System, Version 2.
3 *
4 * Copyright (C) 2006 NEC Corporation
5 *
6 * Created by KaiGai Kohei <kaigai@ak.jp.nec.com>
7 *
8 * For licensing information, see the file 'LICENCE' in this directory.
9 *
10 */
11#include <linux/kernel.h>
12#include <linux/slab.h>
13#include <linux/fs.h>
14#include <linux/time.h>
15#include <linux/pagemap.h>
16#include <linux/highmem.h>
17#include <linux/crc32.h>
18#include <linux/jffs2.h>
19#include <linux/xattr.h>
20#include <linux/mtd/mtd.h>
21#include <linux/security.h>
22#include "nodelist.h"
23
24/* ---- Initial Security Label Attachment -------------- */
25int jffs2_init_security(struct inode *inode, struct inode *dir)
26{
27 int rc;
28 size_t len;
29 void *value;
30 char *name;
31
32 rc = security_inode_init_security(inode, dir, &name, &value, &len);
33 if (rc) {
34 if (rc == -EOPNOTSUPP)
35 return 0;
36 return rc;
37 }
38 rc = do_jffs2_setxattr(inode, JFFS2_XPREFIX_SECURITY, name, value, len, 0);
39
40 kfree(name);
41 kfree(value);
42 return rc;
43}
44
45/* ---- XATTR Handler for "security.*" ----------------- */
46static int jffs2_security_getxattr(struct inode *inode, const char *name,
47 void *buffer, size_t size)
48{
49 if (!strcmp(name, ""))
50 return -EINVAL;
51
52 return do_jffs2_getxattr(inode, JFFS2_XPREFIX_SECURITY, name, buffer, size);
53}
54
55static int jffs2_security_setxattr(struct inode *inode, const char *name, const void *buffer,
56 size_t size, int flags)
57{
58 if (!strcmp(name, ""))
59 return -EINVAL;
60
61 return do_jffs2_setxattr(inode, JFFS2_XPREFIX_SECURITY, name, buffer, size, flags);
62}
63
64static size_t jffs2_security_listxattr(struct inode *inode, char *list, size_t list_size,
65 const char *name, size_t name_len)
66{
67 size_t retlen = XATTR_SECURITY_PREFIX_LEN + name_len + 1;
68
69 if (list && retlen <= list_size) {
70 strcpy(list, XATTR_SECURITY_PREFIX);
71 strcpy(list + XATTR_SECURITY_PREFIX_LEN, name);
72 }
73
74 return retlen;
75}
76
77struct xattr_handler jffs2_security_xattr_handler = {
78 .prefix = XATTR_SECURITY_PREFIX,
79 .list = jffs2_security_listxattr,
80 .set = jffs2_security_setxattr,
81 .get = jffs2_security_getxattr
82};
diff --git a/fs/jffs2/summary.c b/fs/jffs2/summary.c
index fb9cec61fcf2..0b02fc79e4d1 100644
--- a/fs/jffs2/summary.c
+++ b/fs/jffs2/summary.c
@@ -5,6 +5,7 @@
5 * Zoltan Sogor <weth@inf.u-szeged.hu>, 5 * Zoltan Sogor <weth@inf.u-szeged.hu>,
6 * Patrik Kluba <pajko@halom.u-szeged.hu>, 6 * Patrik Kluba <pajko@halom.u-szeged.hu>,
7 * University of Szeged, Hungary 7 * University of Szeged, Hungary
8 * 2005 KaiGai Kohei <kaigai@ak.jp.nec.com>
8 * 9 *
9 * For licensing information, see the file 'LICENCE' in this directory. 10 * For licensing information, see the file 'LICENCE' in this directory.
10 * 11 *
@@ -81,6 +82,19 @@ static int jffs2_sum_add_mem(struct jffs2_summary *s, union jffs2_sum_mem *item)
81 dbg_summary("dirent (%u) added to summary\n", 82 dbg_summary("dirent (%u) added to summary\n",
82 je32_to_cpu(item->d.ino)); 83 je32_to_cpu(item->d.ino));
83 break; 84 break;
85#ifdef CONFIG_JFFS2_FS_XATTR
86 case JFFS2_NODETYPE_XATTR:
87 s->sum_size += JFFS2_SUMMARY_XATTR_SIZE;
88 s->sum_num++;
89 dbg_summary("xattr (xid=%u, version=%u) added to summary\n",
90 je32_to_cpu(item->x.xid), je32_to_cpu(item->x.version));
91 break;
92 case JFFS2_NODETYPE_XREF:
93 s->sum_size += JFFS2_SUMMARY_XREF_SIZE;
94 s->sum_num++;
95 dbg_summary("xref added to summary\n");
96 break;
97#endif
84 default: 98 default:
85 JFFS2_WARNING("UNKNOWN node type %u\n", 99 JFFS2_WARNING("UNKNOWN node type %u\n",
86 je16_to_cpu(item->u.nodetype)); 100 je16_to_cpu(item->u.nodetype));
@@ -141,6 +155,40 @@ int jffs2_sum_add_dirent_mem(struct jffs2_summary *s, struct jffs2_raw_dirent *r
141 return jffs2_sum_add_mem(s, (union jffs2_sum_mem *)temp); 155 return jffs2_sum_add_mem(s, (union jffs2_sum_mem *)temp);
142} 156}
143 157
158#ifdef CONFIG_JFFS2_FS_XATTR
159int jffs2_sum_add_xattr_mem(struct jffs2_summary *s, struct jffs2_raw_xattr *rx, uint32_t ofs)
160{
161 struct jffs2_sum_xattr_mem *temp;
162
163 temp = kmalloc(sizeof(struct jffs2_sum_xattr_mem), GFP_KERNEL);
164 if (!temp)
165 return -ENOMEM;
166
167 temp->nodetype = rx->nodetype;
168 temp->xid = rx->xid;
169 temp->version = rx->version;
170 temp->offset = cpu_to_je32(ofs);
171 temp->totlen = rx->totlen;
172 temp->next = NULL;
173
174 return jffs2_sum_add_mem(s, (union jffs2_sum_mem *)temp);
175}
176
177int jffs2_sum_add_xref_mem(struct jffs2_summary *s, struct jffs2_raw_xref *rr, uint32_t ofs)
178{
179 struct jffs2_sum_xref_mem *temp;
180
181 temp = kmalloc(sizeof(struct jffs2_sum_xref_mem), GFP_KERNEL);
182 if (!temp)
183 return -ENOMEM;
184
185 temp->nodetype = rr->nodetype;
186 temp->offset = cpu_to_je32(ofs);
187 temp->next = NULL;
188
189 return jffs2_sum_add_mem(s, (union jffs2_sum_mem *)temp);
190}
191#endif
144/* Cleanup every collected summary information */ 192/* Cleanup every collected summary information */
145 193
146static void jffs2_sum_clean_collected(struct jffs2_summary *s) 194static void jffs2_sum_clean_collected(struct jffs2_summary *s)
@@ -259,7 +307,40 @@ int jffs2_sum_add_kvec(struct jffs2_sb_info *c, const struct kvec *invecs,
259 307
260 return jffs2_sum_add_mem(c->summary, (union jffs2_sum_mem *)temp); 308 return jffs2_sum_add_mem(c->summary, (union jffs2_sum_mem *)temp);
261 } 309 }
310#ifdef CONFIG_JFFS2_FS_XATTR
311 case JFFS2_NODETYPE_XATTR: {
312 struct jffs2_sum_xattr_mem *temp;
313 if (je32_to_cpu(node->x.version) == 0xffffffff)
314 return 0;
315 temp = kmalloc(sizeof(struct jffs2_sum_xattr_mem), GFP_KERNEL);
316 if (!temp)
317 goto no_mem;
318
319 temp->nodetype = node->x.nodetype;
320 temp->xid = node->x.xid;
321 temp->version = node->x.version;
322 temp->totlen = node->x.totlen;
323 temp->offset = cpu_to_je32(ofs);
324 temp->next = NULL;
325
326 return jffs2_sum_add_mem(c->summary, (union jffs2_sum_mem *)temp);
327 }
328 case JFFS2_NODETYPE_XREF: {
329 struct jffs2_sum_xref_mem *temp;
330
331 if (je32_to_cpu(node->r.ino) == 0xffffffff
332 && je32_to_cpu(node->r.xid) == 0xffffffff)
333 return 0;
334 temp = kmalloc(sizeof(struct jffs2_sum_xref_mem), GFP_KERNEL);
335 if (!temp)
336 goto no_mem;
337 temp->nodetype = node->r.nodetype;
338 temp->offset = cpu_to_je32(ofs);
339 temp->next = NULL;
262 340
341 return jffs2_sum_add_mem(c->summary, (union jffs2_sum_mem *)temp);
342 }
343#endif
263 case JFFS2_NODETYPE_PADDING: 344 case JFFS2_NODETYPE_PADDING:
264 dbg_summary("node PADDING\n"); 345 dbg_summary("node PADDING\n");
265 c->summary->sum_padded += je32_to_cpu(node->u.totlen); 346 c->summary->sum_padded += je32_to_cpu(node->u.totlen);
@@ -288,23 +369,41 @@ no_mem:
288 return -ENOMEM; 369 return -ENOMEM;
289} 370}
290 371
372static struct jffs2_raw_node_ref *sum_link_node_ref(struct jffs2_sb_info *c,
373 struct jffs2_eraseblock *jeb,
374 uint32_t ofs, uint32_t len,
375 struct jffs2_inode_cache *ic)
376{
377 /* If there was a gap, mark it dirty */
378 if ((ofs & ~3) > c->sector_size - jeb->free_size) {
379 /* Ew. Summary doesn't actually tell us explicitly about dirty space */
380 jffs2_scan_dirty_space(c, jeb, (ofs & ~3) - (c->sector_size - jeb->free_size));
381 }
382
383 return jffs2_link_node_ref(c, jeb, jeb->offset + ofs, len, ic);
384}
291 385
292/* Process the stored summary information - helper function for jffs2_sum_scan_sumnode() */ 386/* Process the stored summary information - helper function for jffs2_sum_scan_sumnode() */
293 387
294static int jffs2_sum_process_sum_data(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, 388static int jffs2_sum_process_sum_data(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb,
295 struct jffs2_raw_summary *summary, uint32_t *pseudo_random) 389 struct jffs2_raw_summary *summary, uint32_t *pseudo_random)
296{ 390{
297 struct jffs2_raw_node_ref *raw;
298 struct jffs2_inode_cache *ic; 391 struct jffs2_inode_cache *ic;
299 struct jffs2_full_dirent *fd; 392 struct jffs2_full_dirent *fd;
300 void *sp; 393 void *sp;
301 int i, ino; 394 int i, ino;
395 int err;
302 396
303 sp = summary->sum; 397 sp = summary->sum;
304 398
305 for (i=0; i<je32_to_cpu(summary->sum_num); i++) { 399 for (i=0; i<je32_to_cpu(summary->sum_num); i++) {
306 dbg_summary("processing summary index %d\n", i); 400 dbg_summary("processing summary index %d\n", i);
307 401
402 /* Make sure there's a spare ref for dirty space */
403 err = jffs2_prealloc_raw_node_refs(c, jeb, 2);
404 if (err)
405 return err;
406
308 switch (je16_to_cpu(((struct jffs2_sum_unknown_flash *)sp)->nodetype)) { 407 switch (je16_to_cpu(((struct jffs2_sum_unknown_flash *)sp)->nodetype)) {
309 case JFFS2_NODETYPE_INODE: { 408 case JFFS2_NODETYPE_INODE: {
310 struct jffs2_sum_inode_flash *spi; 409 struct jffs2_sum_inode_flash *spi;
@@ -312,38 +411,20 @@ static int jffs2_sum_process_sum_data(struct jffs2_sb_info *c, struct jffs2_eras
312 411
313 ino = je32_to_cpu(spi->inode); 412 ino = je32_to_cpu(spi->inode);
314 413
315 dbg_summary("Inode at 0x%08x\n", 414 dbg_summary("Inode at 0x%08x-0x%08x\n",
316 jeb->offset + je32_to_cpu(spi->offset)); 415 jeb->offset + je32_to_cpu(spi->offset),
317 416 jeb->offset + je32_to_cpu(spi->offset) + je32_to_cpu(spi->totlen));
318 raw = jffs2_alloc_raw_node_ref();
319 if (!raw) {
320 JFFS2_NOTICE("allocation of node reference failed\n");
321 kfree(summary);
322 return -ENOMEM;
323 }
324 417
325 ic = jffs2_scan_make_ino_cache(c, ino); 418 ic = jffs2_scan_make_ino_cache(c, ino);
326 if (!ic) { 419 if (!ic) {
327 JFFS2_NOTICE("scan_make_ino_cache failed\n"); 420 JFFS2_NOTICE("scan_make_ino_cache failed\n");
328 jffs2_free_raw_node_ref(raw);
329 kfree(summary);
330 return -ENOMEM; 421 return -ENOMEM;
331 } 422 }
332 423
333 raw->flash_offset = (jeb->offset + je32_to_cpu(spi->offset)) | REF_UNCHECKED; 424 sum_link_node_ref(c, jeb, je32_to_cpu(spi->offset) | REF_UNCHECKED,
334 raw->__totlen = PAD(je32_to_cpu(spi->totlen)); 425 PAD(je32_to_cpu(spi->totlen)), ic);
335 raw->next_phys = NULL;
336 raw->next_in_ino = ic->nodes;
337
338 ic->nodes = raw;
339 if (!jeb->first_node)
340 jeb->first_node = raw;
341 if (jeb->last_node)
342 jeb->last_node->next_phys = raw;
343 jeb->last_node = raw;
344 *pseudo_random += je32_to_cpu(spi->version);
345 426
346 UNCHECKED_SPACE(PAD(je32_to_cpu(spi->totlen))); 427 *pseudo_random += je32_to_cpu(spi->version);
347 428
348 sp += JFFS2_SUMMARY_INODE_SIZE; 429 sp += JFFS2_SUMMARY_INODE_SIZE;
349 430
@@ -354,52 +435,33 @@ static int jffs2_sum_process_sum_data(struct jffs2_sb_info *c, struct jffs2_eras
354 struct jffs2_sum_dirent_flash *spd; 435 struct jffs2_sum_dirent_flash *spd;
355 spd = sp; 436 spd = sp;
356 437
357 dbg_summary("Dirent at 0x%08x\n", 438 dbg_summary("Dirent at 0x%08x-0x%08x\n",
358 jeb->offset + je32_to_cpu(spd->offset)); 439 jeb->offset + je32_to_cpu(spd->offset),
440 jeb->offset + je32_to_cpu(spd->offset) + je32_to_cpu(spd->totlen));
441
359 442
360 fd = jffs2_alloc_full_dirent(spd->nsize+1); 443 fd = jffs2_alloc_full_dirent(spd->nsize+1);
361 if (!fd) { 444 if (!fd)
362 kfree(summary);
363 return -ENOMEM; 445 return -ENOMEM;
364 }
365 446
366 memcpy(&fd->name, spd->name, spd->nsize); 447 memcpy(&fd->name, spd->name, spd->nsize);
367 fd->name[spd->nsize] = 0; 448 fd->name[spd->nsize] = 0;
368 449
369 raw = jffs2_alloc_raw_node_ref();
370 if (!raw) {
371 jffs2_free_full_dirent(fd);
372 JFFS2_NOTICE("allocation of node reference failed\n");
373 kfree(summary);
374 return -ENOMEM;
375 }
376
377 ic = jffs2_scan_make_ino_cache(c, je32_to_cpu(spd->pino)); 450 ic = jffs2_scan_make_ino_cache(c, je32_to_cpu(spd->pino));
378 if (!ic) { 451 if (!ic) {
379 jffs2_free_full_dirent(fd); 452 jffs2_free_full_dirent(fd);
380 jffs2_free_raw_node_ref(raw);
381 kfree(summary);
382 return -ENOMEM; 453 return -ENOMEM;
383 } 454 }
384 455
385 raw->__totlen = PAD(je32_to_cpu(spd->totlen)); 456 fd->raw = sum_link_node_ref(c, jeb, je32_to_cpu(spd->offset) | REF_UNCHECKED,
386 raw->flash_offset = (jeb->offset + je32_to_cpu(spd->offset)) | REF_PRISTINE; 457 PAD(je32_to_cpu(spd->totlen)), ic);
387 raw->next_phys = NULL; 458
388 raw->next_in_ino = ic->nodes;
389 ic->nodes = raw;
390 if (!jeb->first_node)
391 jeb->first_node = raw;
392 if (jeb->last_node)
393 jeb->last_node->next_phys = raw;
394 jeb->last_node = raw;
395
396 fd->raw = raw;
397 fd->next = NULL; 459 fd->next = NULL;
398 fd->version = je32_to_cpu(spd->version); 460 fd->version = je32_to_cpu(spd->version);
399 fd->ino = je32_to_cpu(spd->ino); 461 fd->ino = je32_to_cpu(spd->ino);
400 fd->nhash = full_name_hash(fd->name, spd->nsize); 462 fd->nhash = full_name_hash(fd->name, spd->nsize);
401 fd->type = spd->type; 463 fd->type = spd->type;
402 USED_SPACE(PAD(je32_to_cpu(spd->totlen))); 464
403 jffs2_add_fd_to_list(c, fd, &ic->scan_dents); 465 jffs2_add_fd_to_list(c, fd, &ic->scan_dents);
404 466
405 *pseudo_random += je32_to_cpu(spd->version); 467 *pseudo_random += je32_to_cpu(spd->version);
@@ -408,48 +470,105 @@ static int jffs2_sum_process_sum_data(struct jffs2_sb_info *c, struct jffs2_eras
408 470
409 break; 471 break;
410 } 472 }
473#ifdef CONFIG_JFFS2_FS_XATTR
474 case JFFS2_NODETYPE_XATTR: {
475 struct jffs2_xattr_datum *xd;
476 struct jffs2_sum_xattr_flash *spx;
477
478 spx = (struct jffs2_sum_xattr_flash *)sp;
479 dbg_summary("xattr at %#08x-%#08x (xid=%u, version=%u)\n",
480 jeb->offset + je32_to_cpu(spx->offset),
481 jeb->offset + je32_to_cpu(spx->offset) + je32_to_cpu(spx->totlen),
482 je32_to_cpu(spx->xid), je32_to_cpu(spx->version));
483
484 xd = jffs2_setup_xattr_datum(c, je32_to_cpu(spx->xid),
485 je32_to_cpu(spx->version));
486 if (IS_ERR(xd)) {
487 if (PTR_ERR(xd) == -EEXIST) {
488 /* a newer version of xd exists */
489 if ((err = jffs2_scan_dirty_space(c, jeb, je32_to_cpu(spx->totlen))))
490 return err;
491 sp += JFFS2_SUMMARY_XATTR_SIZE;
492 break;
493 }
494 JFFS2_NOTICE("allocation of xattr_datum failed\n");
495 return PTR_ERR(xd);
496 }
497
498 xd->node = sum_link_node_ref(c, jeb, je32_to_cpu(spx->offset) | REF_UNCHECKED,
499 PAD(je32_to_cpu(spx->totlen)), NULL);
500 /* FIXME */ xd->node->next_in_ino = (void *)xd;
501
502 *pseudo_random += je32_to_cpu(spx->xid);
503 sp += JFFS2_SUMMARY_XATTR_SIZE;
504
505 break;
506 }
507 case JFFS2_NODETYPE_XREF: {
508 struct jffs2_xattr_ref *ref;
509 struct jffs2_sum_xref_flash *spr;
510
511 spr = (struct jffs2_sum_xref_flash *)sp;
512 dbg_summary("xref at %#08x-%#08x\n",
513 jeb->offset + je32_to_cpu(spr->offset),
514 jeb->offset + je32_to_cpu(spr->offset) +
515 (uint32_t)PAD(sizeof(struct jffs2_raw_xref)));
516
517 ref = jffs2_alloc_xattr_ref();
518 if (!ref) {
519 JFFS2_NOTICE("allocation of xattr_datum failed\n");
520 return -ENOMEM;
521 }
522 ref->ino = 0xfffffffe;
523 ref->xid = 0xfffffffd;
524 ref->next = c->xref_temp;
525 c->xref_temp = ref;
411 526
527 ref->node = sum_link_node_ref(c, jeb, je32_to_cpu(spr->offset) | REF_UNCHECKED,
528 PAD(sizeof(struct jffs2_raw_xref)), NULL);
529 /* FIXME */ ref->node->next_in_ino = (void *)ref;
530
531 *pseudo_random += ref->node->flash_offset;
532 sp += JFFS2_SUMMARY_XREF_SIZE;
533
534 break;
535 }
536#endif
412 default : { 537 default : {
413 JFFS2_WARNING("Unsupported node type found in summary! Exiting..."); 538 uint16_t nodetype = je16_to_cpu(((struct jffs2_sum_unknown_flash *)sp)->nodetype);
414 kfree(summary); 539 JFFS2_WARNING("Unsupported node type %x found in summary! Exiting...\n", nodetype);
415 return -EIO; 540 if ((nodetype & JFFS2_COMPAT_MASK) == JFFS2_FEATURE_INCOMPAT)
541 return -EIO;
542
543 /* For compatible node types, just fall back to the full scan */
544 c->wasted_size -= jeb->wasted_size;
545 c->free_size += c->sector_size - jeb->free_size;
546 c->used_size -= jeb->used_size;
547 c->dirty_size -= jeb->dirty_size;
548 jeb->wasted_size = jeb->used_size = jeb->dirty_size = 0;
549 jeb->free_size = c->sector_size;
550
551 jffs2_free_jeb_node_refs(c, jeb);
552 return -ENOTRECOVERABLE;
416 } 553 }
417 } 554 }
418 } 555 }
419
420 kfree(summary);
421 return 0; 556 return 0;
422} 557}
423 558
424/* Process the summary node - called from jffs2_scan_eraseblock() */ 559/* Process the summary node - called from jffs2_scan_eraseblock() */
425
426int jffs2_sum_scan_sumnode(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, 560int jffs2_sum_scan_sumnode(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb,
427 uint32_t ofs, uint32_t *pseudo_random) 561 struct jffs2_raw_summary *summary, uint32_t sumsize,
562 uint32_t *pseudo_random)
428{ 563{
429 struct jffs2_unknown_node crcnode; 564 struct jffs2_unknown_node crcnode;
430 struct jffs2_raw_node_ref *cache_ref; 565 int ret, ofs;
431 struct jffs2_raw_summary *summary;
432 int ret, sumsize;
433 uint32_t crc; 566 uint32_t crc;
434 567
435 sumsize = c->sector_size - ofs; 568 ofs = c->sector_size - sumsize;
436 ofs += jeb->offset;
437 569
438 dbg_summary("summary found for 0x%08x at 0x%08x (0x%x bytes)\n", 570 dbg_summary("summary found for 0x%08x at 0x%08x (0x%x bytes)\n",
439 jeb->offset, ofs, sumsize); 571 jeb->offset, jeb->offset + ofs, sumsize);
440
441 summary = kmalloc(sumsize, GFP_KERNEL);
442
443 if (!summary) {
444 return -ENOMEM;
445 }
446
447 ret = jffs2_fill_scan_buf(c, (unsigned char *)summary, ofs, sumsize);
448
449 if (ret) {
450 kfree(summary);
451 return ret;
452 }
453 572
454 /* OK, now check for node validity and CRC */ 573 /* OK, now check for node validity and CRC */
455 crcnode.magic = cpu_to_je16(JFFS2_MAGIC_BITMASK); 574 crcnode.magic = cpu_to_je16(JFFS2_MAGIC_BITMASK);
@@ -486,66 +605,49 @@ int jffs2_sum_scan_sumnode(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb
486 605
487 dbg_summary("Summary : CLEANMARKER node \n"); 606 dbg_summary("Summary : CLEANMARKER node \n");
488 607
608 ret = jffs2_prealloc_raw_node_refs(c, jeb, 1);
609 if (ret)
610 return ret;
611
489 if (je32_to_cpu(summary->cln_mkr) != c->cleanmarker_size) { 612 if (je32_to_cpu(summary->cln_mkr) != c->cleanmarker_size) {
490 dbg_summary("CLEANMARKER node has totlen 0x%x != normal 0x%x\n", 613 dbg_summary("CLEANMARKER node has totlen 0x%x != normal 0x%x\n",
491 je32_to_cpu(summary->cln_mkr), c->cleanmarker_size); 614 je32_to_cpu(summary->cln_mkr), c->cleanmarker_size);
492 UNCHECKED_SPACE(PAD(je32_to_cpu(summary->cln_mkr))); 615 if ((ret = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(summary->cln_mkr)))))
616 return ret;
493 } else if (jeb->first_node) { 617 } else if (jeb->first_node) {
494 dbg_summary("CLEANMARKER node not first node in block " 618 dbg_summary("CLEANMARKER node not first node in block "
495 "(0x%08x)\n", jeb->offset); 619 "(0x%08x)\n", jeb->offset);
496 UNCHECKED_SPACE(PAD(je32_to_cpu(summary->cln_mkr))); 620 if ((ret = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(summary->cln_mkr)))))
621 return ret;
497 } else { 622 } else {
498 struct jffs2_raw_node_ref *marker_ref = jffs2_alloc_raw_node_ref(); 623 jffs2_link_node_ref(c, jeb, jeb->offset | REF_NORMAL,
499 624 je32_to_cpu(summary->cln_mkr), NULL);
500 if (!marker_ref) {
501 JFFS2_NOTICE("Failed to allocate node ref for clean marker\n");
502 kfree(summary);
503 return -ENOMEM;
504 }
505
506 marker_ref->next_in_ino = NULL;
507 marker_ref->next_phys = NULL;
508 marker_ref->flash_offset = jeb->offset | REF_NORMAL;
509 marker_ref->__totlen = je32_to_cpu(summary->cln_mkr);
510 jeb->first_node = jeb->last_node = marker_ref;
511
512 USED_SPACE( PAD(je32_to_cpu(summary->cln_mkr)) );
513 } 625 }
514 } 626 }
515 627
516 if (je32_to_cpu(summary->padded)) {
517 DIRTY_SPACE(je32_to_cpu(summary->padded));
518 }
519
520 ret = jffs2_sum_process_sum_data(c, jeb, summary, pseudo_random); 628 ret = jffs2_sum_process_sum_data(c, jeb, summary, pseudo_random);
629 /* -ENOTRECOVERABLE isn't a fatal error -- it means we should do a full
630 scan of this eraseblock. So return zero */
631 if (ret == -ENOTRECOVERABLE)
632 return 0;
521 if (ret) 633 if (ret)
522 return ret; 634 return ret; /* real error */
523 635
524 /* for PARANOIA_CHECK */ 636 /* for PARANOIA_CHECK */
525 cache_ref = jffs2_alloc_raw_node_ref(); 637 ret = jffs2_prealloc_raw_node_refs(c, jeb, 2);
526 638 if (ret)
527 if (!cache_ref) { 639 return ret;
528 JFFS2_NOTICE("Failed to allocate node ref for cache\n");
529 return -ENOMEM;
530 }
531
532 cache_ref->next_in_ino = NULL;
533 cache_ref->next_phys = NULL;
534 cache_ref->flash_offset = ofs | REF_NORMAL;
535 cache_ref->__totlen = sumsize;
536
537 if (!jeb->first_node)
538 jeb->first_node = cache_ref;
539 if (jeb->last_node)
540 jeb->last_node->next_phys = cache_ref;
541 jeb->last_node = cache_ref;
542 640
543 USED_SPACE(sumsize); 641 sum_link_node_ref(c, jeb, ofs | REF_NORMAL, sumsize, NULL);
544 642
545 jeb->wasted_size += jeb->free_size; 643 if (unlikely(jeb->free_size)) {
546 c->wasted_size += jeb->free_size; 644 JFFS2_WARNING("Free size 0x%x bytes in eraseblock @0x%08x with summary?\n",
547 c->free_size -= jeb->free_size; 645 jeb->free_size, jeb->offset);
548 jeb->free_size = 0; 646 jeb->wasted_size += jeb->free_size;
647 c->wasted_size += jeb->free_size;
648 c->free_size -= jeb->free_size;
649 jeb->free_size = 0;
650 }
549 651
550 return jffs2_scan_classify_jeb(c, jeb); 652 return jffs2_scan_classify_jeb(c, jeb);
551 653
@@ -564,6 +666,7 @@ static int jffs2_sum_write_data(struct jffs2_sb_info *c, struct jffs2_eraseblock
564 union jffs2_sum_mem *temp; 666 union jffs2_sum_mem *temp;
565 struct jffs2_sum_marker *sm; 667 struct jffs2_sum_marker *sm;
566 struct kvec vecs[2]; 668 struct kvec vecs[2];
669 uint32_t sum_ofs;
567 void *wpage; 670 void *wpage;
568 int ret; 671 int ret;
569 size_t retlen; 672 size_t retlen;
@@ -581,16 +684,17 @@ static int jffs2_sum_write_data(struct jffs2_sb_info *c, struct jffs2_eraseblock
581 wpage = c->summary->sum_buf; 684 wpage = c->summary->sum_buf;
582 685
583 while (c->summary->sum_num) { 686 while (c->summary->sum_num) {
687 temp = c->summary->sum_list_head;
584 688
585 switch (je16_to_cpu(c->summary->sum_list_head->u.nodetype)) { 689 switch (je16_to_cpu(temp->u.nodetype)) {
586 case JFFS2_NODETYPE_INODE: { 690 case JFFS2_NODETYPE_INODE: {
587 struct jffs2_sum_inode_flash *sino_ptr = wpage; 691 struct jffs2_sum_inode_flash *sino_ptr = wpage;
588 692
589 sino_ptr->nodetype = c->summary->sum_list_head->i.nodetype; 693 sino_ptr->nodetype = temp->i.nodetype;
590 sino_ptr->inode = c->summary->sum_list_head->i.inode; 694 sino_ptr->inode = temp->i.inode;
591 sino_ptr->version = c->summary->sum_list_head->i.version; 695 sino_ptr->version = temp->i.version;
592 sino_ptr->offset = c->summary->sum_list_head->i.offset; 696 sino_ptr->offset = temp->i.offset;
593 sino_ptr->totlen = c->summary->sum_list_head->i.totlen; 697 sino_ptr->totlen = temp->i.totlen;
594 698
595 wpage += JFFS2_SUMMARY_INODE_SIZE; 699 wpage += JFFS2_SUMMARY_INODE_SIZE;
596 700
@@ -600,30 +704,60 @@ static int jffs2_sum_write_data(struct jffs2_sb_info *c, struct jffs2_eraseblock
600 case JFFS2_NODETYPE_DIRENT: { 704 case JFFS2_NODETYPE_DIRENT: {
601 struct jffs2_sum_dirent_flash *sdrnt_ptr = wpage; 705 struct jffs2_sum_dirent_flash *sdrnt_ptr = wpage;
602 706
603 sdrnt_ptr->nodetype = c->summary->sum_list_head->d.nodetype; 707 sdrnt_ptr->nodetype = temp->d.nodetype;
604 sdrnt_ptr->totlen = c->summary->sum_list_head->d.totlen; 708 sdrnt_ptr->totlen = temp->d.totlen;
605 sdrnt_ptr->offset = c->summary->sum_list_head->d.offset; 709 sdrnt_ptr->offset = temp->d.offset;
606 sdrnt_ptr->pino = c->summary->sum_list_head->d.pino; 710 sdrnt_ptr->pino = temp->d.pino;
607 sdrnt_ptr->version = c->summary->sum_list_head->d.version; 711 sdrnt_ptr->version = temp->d.version;
608 sdrnt_ptr->ino = c->summary->sum_list_head->d.ino; 712 sdrnt_ptr->ino = temp->d.ino;
609 sdrnt_ptr->nsize = c->summary->sum_list_head->d.nsize; 713 sdrnt_ptr->nsize = temp->d.nsize;
610 sdrnt_ptr->type = c->summary->sum_list_head->d.type; 714 sdrnt_ptr->type = temp->d.type;
611 715
612 memcpy(sdrnt_ptr->name, c->summary->sum_list_head->d.name, 716 memcpy(sdrnt_ptr->name, temp->d.name,
613 c->summary->sum_list_head->d.nsize); 717 temp->d.nsize);
614 718
615 wpage += JFFS2_SUMMARY_DIRENT_SIZE(c->summary->sum_list_head->d.nsize); 719 wpage += JFFS2_SUMMARY_DIRENT_SIZE(temp->d.nsize);
616 720
617 break; 721 break;
618 } 722 }
723#ifdef CONFIG_JFFS2_FS_XATTR
724 case JFFS2_NODETYPE_XATTR: {
725 struct jffs2_sum_xattr_flash *sxattr_ptr = wpage;
726
727 temp = c->summary->sum_list_head;
728 sxattr_ptr->nodetype = temp->x.nodetype;
729 sxattr_ptr->xid = temp->x.xid;
730 sxattr_ptr->version = temp->x.version;
731 sxattr_ptr->offset = temp->x.offset;
732 sxattr_ptr->totlen = temp->x.totlen;
733
734 wpage += JFFS2_SUMMARY_XATTR_SIZE;
735 break;
736 }
737 case JFFS2_NODETYPE_XREF: {
738 struct jffs2_sum_xref_flash *sxref_ptr = wpage;
619 739
740 temp = c->summary->sum_list_head;
741 sxref_ptr->nodetype = temp->r.nodetype;
742 sxref_ptr->offset = temp->r.offset;
743
744 wpage += JFFS2_SUMMARY_XREF_SIZE;
745 break;
746 }
747#endif
620 default : { 748 default : {
621 BUG(); /* unknown node in summary information */ 749 if ((je16_to_cpu(temp->u.nodetype) & JFFS2_COMPAT_MASK)
750 == JFFS2_FEATURE_RWCOMPAT_COPY) {
751 dbg_summary("Writing unknown RWCOMPAT_COPY node type %x\n",
752 je16_to_cpu(temp->u.nodetype));
753 jffs2_sum_disable_collecting(c->summary);
754 } else {
755 BUG(); /* unknown node in summary information */
756 }
622 } 757 }
623 } 758 }
624 759
625 temp = c->summary->sum_list_head; 760 c->summary->sum_list_head = temp->u.next;
626 c->summary->sum_list_head = c->summary->sum_list_head->u.next;
627 kfree(temp); 761 kfree(temp);
628 762
629 c->summary->sum_num--; 763 c->summary->sum_num--;
@@ -645,25 +779,34 @@ static int jffs2_sum_write_data(struct jffs2_sb_info *c, struct jffs2_eraseblock
645 vecs[1].iov_base = c->summary->sum_buf; 779 vecs[1].iov_base = c->summary->sum_buf;
646 vecs[1].iov_len = datasize; 780 vecs[1].iov_len = datasize;
647 781
648 dbg_summary("JFFS2: writing out data to flash to pos : 0x%08x\n", 782 sum_ofs = jeb->offset + c->sector_size - jeb->free_size;
649 jeb->offset + c->sector_size - jeb->free_size);
650 783
651 spin_unlock(&c->erase_completion_lock); 784 dbg_summary("JFFS2: writing out data to flash to pos : 0x%08x\n",
652 ret = jffs2_flash_writev(c, vecs, 2, jeb->offset + c->sector_size - 785 sum_ofs);
653 jeb->free_size, &retlen, 0);
654 spin_lock(&c->erase_completion_lock);
655 786
787 ret = jffs2_flash_writev(c, vecs, 2, sum_ofs, &retlen, 0);
656 788
657 if (ret || (retlen != infosize)) { 789 if (ret || (retlen != infosize)) {
658 JFFS2_WARNING("Write of %zd bytes at 0x%08x failed. returned %d, retlen %zd\n", 790
659 infosize, jeb->offset + c->sector_size - jeb->free_size, ret, retlen); 791 JFFS2_WARNING("Write of %u bytes at 0x%08x failed. returned %d, retlen %zd\n",
792 infosize, sum_ofs, ret, retlen);
793
794 if (retlen) {
795 /* Waste remaining space */
796 spin_lock(&c->erase_completion_lock);
797 jffs2_link_node_ref(c, jeb, sum_ofs | REF_OBSOLETE, infosize, NULL);
798 spin_unlock(&c->erase_completion_lock);
799 }
660 800
661 c->summary->sum_size = JFFS2_SUMMARY_NOSUM_SIZE; 801 c->summary->sum_size = JFFS2_SUMMARY_NOSUM_SIZE;
662 WASTED_SPACE(infosize);
663 802
664 return 1; 803 return 0;
665 } 804 }
666 805
806 spin_lock(&c->erase_completion_lock);
807 jffs2_link_node_ref(c, jeb, sum_ofs | REF_NORMAL, infosize, NULL);
808 spin_unlock(&c->erase_completion_lock);
809
667 return 0; 810 return 0;
668} 811}
669 812
@@ -671,13 +814,16 @@ static int jffs2_sum_write_data(struct jffs2_sb_info *c, struct jffs2_eraseblock
671 814
672int jffs2_sum_write_sumnode(struct jffs2_sb_info *c) 815int jffs2_sum_write_sumnode(struct jffs2_sb_info *c)
673{ 816{
674 struct jffs2_raw_node_ref *summary_ref; 817 int datasize, infosize, padsize;
675 int datasize, infosize, padsize, ret;
676 struct jffs2_eraseblock *jeb; 818 struct jffs2_eraseblock *jeb;
819 int ret;
677 820
678 dbg_summary("called\n"); 821 dbg_summary("called\n");
679 822
823 spin_unlock(&c->erase_completion_lock);
824
680 jeb = c->nextblock; 825 jeb = c->nextblock;
826 jffs2_prealloc_raw_node_refs(c, jeb, 1);
681 827
682 if (!c->summary->sum_num || !c->summary->sum_list_head) { 828 if (!c->summary->sum_num || !c->summary->sum_list_head) {
683 JFFS2_WARNING("Empty summary info!!!\n"); 829 JFFS2_WARNING("Empty summary info!!!\n");
@@ -696,35 +842,11 @@ int jffs2_sum_write_sumnode(struct jffs2_sb_info *c)
696 jffs2_sum_disable_collecting(c->summary); 842 jffs2_sum_disable_collecting(c->summary);
697 843
698 JFFS2_WARNING("Not enough space for summary, padsize = %d\n", padsize); 844 JFFS2_WARNING("Not enough space for summary, padsize = %d\n", padsize);
845 spin_lock(&c->erase_completion_lock);
699 return 0; 846 return 0;
700 } 847 }
701 848
702 ret = jffs2_sum_write_data(c, jeb, infosize, datasize, padsize); 849 ret = jffs2_sum_write_data(c, jeb, infosize, datasize, padsize);
703 if (ret)
704 return 0; /* can't write out summary, block is marked as NOSUM_SIZE */
705
706 /* for ACCT_PARANOIA_CHECK */
707 spin_unlock(&c->erase_completion_lock);
708 summary_ref = jffs2_alloc_raw_node_ref();
709 spin_lock(&c->erase_completion_lock); 850 spin_lock(&c->erase_completion_lock);
710 851 return ret;
711 if (!summary_ref) {
712 JFFS2_NOTICE("Failed to allocate node ref for summary\n");
713 return -ENOMEM;
714 }
715
716 summary_ref->next_in_ino = NULL;
717 summary_ref->next_phys = NULL;
718 summary_ref->flash_offset = (jeb->offset + c->sector_size - jeb->free_size) | REF_NORMAL;
719 summary_ref->__totlen = infosize;
720
721 if (!jeb->first_node)
722 jeb->first_node = summary_ref;
723 if (jeb->last_node)
724 jeb->last_node->next_phys = summary_ref;
725 jeb->last_node = summary_ref;
726
727 USED_SPACE(infosize);
728
729 return 0;
730} 852}
diff --git a/fs/jffs2/summary.h b/fs/jffs2/summary.h
index b7a678be1709..6bf1f6aa4552 100644
--- a/fs/jffs2/summary.h
+++ b/fs/jffs2/summary.h
@@ -18,23 +18,6 @@
18#include <linux/uio.h> 18#include <linux/uio.h>
19#include <linux/jffs2.h> 19#include <linux/jffs2.h>
20 20
21#define DIRTY_SPACE(x) do { typeof(x) _x = (x); \
22 c->free_size -= _x; c->dirty_size += _x; \
23 jeb->free_size -= _x ; jeb->dirty_size += _x; \
24 }while(0)
25#define USED_SPACE(x) do { typeof(x) _x = (x); \
26 c->free_size -= _x; c->used_size += _x; \
27 jeb->free_size -= _x ; jeb->used_size += _x; \
28 }while(0)
29#define WASTED_SPACE(x) do { typeof(x) _x = (x); \
30 c->free_size -= _x; c->wasted_size += _x; \
31 jeb->free_size -= _x ; jeb->wasted_size += _x; \
32 }while(0)
33#define UNCHECKED_SPACE(x) do { typeof(x) _x = (x); \
34 c->free_size -= _x; c->unchecked_size += _x; \
35 jeb->free_size -= _x ; jeb->unchecked_size += _x; \
36 }while(0)
37
38#define BLK_STATE_ALLFF 0 21#define BLK_STATE_ALLFF 0
39#define BLK_STATE_CLEAN 1 22#define BLK_STATE_CLEAN 1
40#define BLK_STATE_PARTDIRTY 2 23#define BLK_STATE_PARTDIRTY 2
@@ -45,6 +28,8 @@
45#define JFFS2_SUMMARY_NOSUM_SIZE 0xffffffff 28#define JFFS2_SUMMARY_NOSUM_SIZE 0xffffffff
46#define JFFS2_SUMMARY_INODE_SIZE (sizeof(struct jffs2_sum_inode_flash)) 29#define JFFS2_SUMMARY_INODE_SIZE (sizeof(struct jffs2_sum_inode_flash))
47#define JFFS2_SUMMARY_DIRENT_SIZE(x) (sizeof(struct jffs2_sum_dirent_flash) + (x)) 30#define JFFS2_SUMMARY_DIRENT_SIZE(x) (sizeof(struct jffs2_sum_dirent_flash) + (x))
31#define JFFS2_SUMMARY_XATTR_SIZE (sizeof(struct jffs2_sum_xattr_flash))
32#define JFFS2_SUMMARY_XREF_SIZE (sizeof(struct jffs2_sum_xref_flash))
48 33
49/* Summary structures used on flash */ 34/* Summary structures used on flash */
50 35
@@ -75,11 +60,28 @@ struct jffs2_sum_dirent_flash
75 uint8_t name[0]; /* dirent name */ 60 uint8_t name[0]; /* dirent name */
76} __attribute__((packed)); 61} __attribute__((packed));
77 62
63struct jffs2_sum_xattr_flash
64{
65 jint16_t nodetype; /* == JFFS2_NODETYPE_XATR */
66 jint32_t xid; /* xattr identifier */
67 jint32_t version; /* version number */
68 jint32_t offset; /* offset on jeb */
69 jint32_t totlen; /* node length */
70} __attribute__((packed));
71
72struct jffs2_sum_xref_flash
73{
74 jint16_t nodetype; /* == JFFS2_NODETYPE_XREF */
75 jint32_t offset; /* offset on jeb */
76} __attribute__((packed));
77
78union jffs2_sum_flash 78union jffs2_sum_flash
79{ 79{
80 struct jffs2_sum_unknown_flash u; 80 struct jffs2_sum_unknown_flash u;
81 struct jffs2_sum_inode_flash i; 81 struct jffs2_sum_inode_flash i;
82 struct jffs2_sum_dirent_flash d; 82 struct jffs2_sum_dirent_flash d;
83 struct jffs2_sum_xattr_flash x;
84 struct jffs2_sum_xref_flash r;
83}; 85};
84 86
85/* Summary structures used in the memory */ 87/* Summary structures used in the memory */
@@ -114,11 +116,30 @@ struct jffs2_sum_dirent_mem
114 uint8_t name[0]; /* dirent name */ 116 uint8_t name[0]; /* dirent name */
115} __attribute__((packed)); 117} __attribute__((packed));
116 118
119struct jffs2_sum_xattr_mem
120{
121 union jffs2_sum_mem *next;
122 jint16_t nodetype;
123 jint32_t xid;
124 jint32_t version;
125 jint32_t offset;
126 jint32_t totlen;
127} __attribute__((packed));
128
129struct jffs2_sum_xref_mem
130{
131 union jffs2_sum_mem *next;
132 jint16_t nodetype;
133 jint32_t offset;
134} __attribute__((packed));
135
117union jffs2_sum_mem 136union jffs2_sum_mem
118{ 137{
119 struct jffs2_sum_unknown_mem u; 138 struct jffs2_sum_unknown_mem u;
120 struct jffs2_sum_inode_mem i; 139 struct jffs2_sum_inode_mem i;
121 struct jffs2_sum_dirent_mem d; 140 struct jffs2_sum_dirent_mem d;
141 struct jffs2_sum_xattr_mem x;
142 struct jffs2_sum_xref_mem r;
122}; 143};
123 144
124/* Summary related information stored in superblock */ 145/* Summary related information stored in superblock */
@@ -159,8 +180,11 @@ int jffs2_sum_write_sumnode(struct jffs2_sb_info *c);
159int jffs2_sum_add_padding_mem(struct jffs2_summary *s, uint32_t size); 180int jffs2_sum_add_padding_mem(struct jffs2_summary *s, uint32_t size);
160int jffs2_sum_add_inode_mem(struct jffs2_summary *s, struct jffs2_raw_inode *ri, uint32_t ofs); 181int jffs2_sum_add_inode_mem(struct jffs2_summary *s, struct jffs2_raw_inode *ri, uint32_t ofs);
161int jffs2_sum_add_dirent_mem(struct jffs2_summary *s, struct jffs2_raw_dirent *rd, uint32_t ofs); 182int jffs2_sum_add_dirent_mem(struct jffs2_summary *s, struct jffs2_raw_dirent *rd, uint32_t ofs);
183int jffs2_sum_add_xattr_mem(struct jffs2_summary *s, struct jffs2_raw_xattr *rx, uint32_t ofs);
184int jffs2_sum_add_xref_mem(struct jffs2_summary *s, struct jffs2_raw_xref *rr, uint32_t ofs);
162int jffs2_sum_scan_sumnode(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, 185int jffs2_sum_scan_sumnode(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb,
163 uint32_t ofs, uint32_t *pseudo_random); 186 struct jffs2_raw_summary *summary, uint32_t sumlen,
187 uint32_t *pseudo_random);
164 188
165#else /* SUMMARY DISABLED */ 189#else /* SUMMARY DISABLED */
166 190
@@ -176,7 +200,9 @@ int jffs2_sum_scan_sumnode(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb
176#define jffs2_sum_add_padding_mem(a,b) 200#define jffs2_sum_add_padding_mem(a,b)
177#define jffs2_sum_add_inode_mem(a,b,c) 201#define jffs2_sum_add_inode_mem(a,b,c)
178#define jffs2_sum_add_dirent_mem(a,b,c) 202#define jffs2_sum_add_dirent_mem(a,b,c)
179#define jffs2_sum_scan_sumnode(a,b,c,d) (0) 203#define jffs2_sum_add_xattr_mem(a,b,c)
204#define jffs2_sum_add_xref_mem(a,b,c)
205#define jffs2_sum_scan_sumnode(a,b,c,d,e) (0)
180 206
181#endif /* CONFIG_JFFS2_SUMMARY */ 207#endif /* CONFIG_JFFS2_SUMMARY */
182 208
diff --git a/fs/jffs2/super.c b/fs/jffs2/super.c
index ffd8e84b22cc..9d0521451f59 100644
--- a/fs/jffs2/super.c
+++ b/fs/jffs2/super.c
@@ -151,7 +151,10 @@ static struct super_block *jffs2_get_sb_mtd(struct file_system_type *fs_type,
151 151
152 sb->s_op = &jffs2_super_operations; 152 sb->s_op = &jffs2_super_operations;
153 sb->s_flags = flags | MS_NOATIME; 153 sb->s_flags = flags | MS_NOATIME;
154 154 sb->s_xattr = jffs2_xattr_handlers;
155#ifdef CONFIG_JFFS2_FS_POSIX_ACL
156 sb->s_flags |= MS_POSIXACL;
157#endif
155 ret = jffs2_do_fill_super(sb, data, flags & MS_SILENT ? 1 : 0); 158 ret = jffs2_do_fill_super(sb, data, flags & MS_SILENT ? 1 : 0);
156 159
157 if (ret) { 160 if (ret) {
@@ -293,6 +296,7 @@ static void jffs2_put_super (struct super_block *sb)
293 kfree(c->blocks); 296 kfree(c->blocks);
294 jffs2_flash_cleanup(c); 297 jffs2_flash_cleanup(c);
295 kfree(c->inocache_list); 298 kfree(c->inocache_list);
299 jffs2_clear_xattr_subsystem(c);
296 if (c->mtd->sync) 300 if (c->mtd->sync)
297 c->mtd->sync(c->mtd); 301 c->mtd->sync(c->mtd);
298 302
@@ -320,6 +324,18 @@ static int __init init_jffs2_fs(void)
320{ 324{
321 int ret; 325 int ret;
322 326
327 /* Paranoia checks for on-medium structures. If we ask GCC
328 to pack them with __attribute__((packed)) then it _also_
329 assumes that they're not aligned -- so it emits crappy
330 code on some architectures. Ideally we want an attribute
331 which means just 'no padding', without the alignment
332 thing. But GCC doesn't have that -- we have to just
333 hope the structs are the right sizes, instead. */
334 BUG_ON(sizeof(struct jffs2_unknown_node) != 12);
335 BUG_ON(sizeof(struct jffs2_raw_dirent) != 40);
336 BUG_ON(sizeof(struct jffs2_raw_inode) != 68);
337 BUG_ON(sizeof(struct jffs2_raw_summary) != 32);
338
323 printk(KERN_INFO "JFFS2 version 2.2." 339 printk(KERN_INFO "JFFS2 version 2.2."
324#ifdef CONFIG_JFFS2_FS_WRITEBUFFER 340#ifdef CONFIG_JFFS2_FS_WRITEBUFFER
325 " (NAND)" 341 " (NAND)"
@@ -327,7 +343,7 @@ static int __init init_jffs2_fs(void)
327#ifdef CONFIG_JFFS2_SUMMARY 343#ifdef CONFIG_JFFS2_SUMMARY
328 " (SUMMARY) " 344 " (SUMMARY) "
329#endif 345#endif
330 " (C) 2001-2003 Red Hat, Inc.\n"); 346 " (C) 2001-2006 Red Hat, Inc.\n");
331 347
332 jffs2_inode_cachep = kmem_cache_create("jffs2_i", 348 jffs2_inode_cachep = kmem_cache_create("jffs2_i",
333 sizeof(struct jffs2_inode_info), 349 sizeof(struct jffs2_inode_info),
diff --git a/fs/jffs2/symlink.c b/fs/jffs2/symlink.c
index d55754fe8925..fc211b6e9b03 100644
--- a/fs/jffs2/symlink.c
+++ b/fs/jffs2/symlink.c
@@ -24,7 +24,12 @@ struct inode_operations jffs2_symlink_inode_operations =
24{ 24{
25 .readlink = generic_readlink, 25 .readlink = generic_readlink,
26 .follow_link = jffs2_follow_link, 26 .follow_link = jffs2_follow_link,
27 .setattr = jffs2_setattr 27 .permission = jffs2_permission,
28 .setattr = jffs2_setattr,
29 .setxattr = jffs2_setxattr,
30 .getxattr = jffs2_getxattr,
31 .listxattr = jffs2_listxattr,
32 .removexattr = jffs2_removexattr
28}; 33};
29 34
30static void *jffs2_follow_link(struct dentry *dentry, struct nameidata *nd) 35static void *jffs2_follow_link(struct dentry *dentry, struct nameidata *nd)
diff --git a/fs/jffs2/wbuf.c b/fs/jffs2/wbuf.c
index 4cebf0e57c46..a7f153f79ecb 100644
--- a/fs/jffs2/wbuf.c
+++ b/fs/jffs2/wbuf.c
@@ -156,69 +156,130 @@ static void jffs2_block_refile(struct jffs2_sb_info *c, struct jffs2_eraseblock
156 jffs2_erase_pending_trigger(c); 156 jffs2_erase_pending_trigger(c);
157 } 157 }
158 158
159 /* Adjust its size counts accordingly */ 159 if (!jffs2_prealloc_raw_node_refs(c, jeb, 1)) {
160 c->wasted_size += jeb->free_size; 160 uint32_t oldfree = jeb->free_size;
161 c->free_size -= jeb->free_size; 161
162 jeb->wasted_size += jeb->free_size; 162 jffs2_link_node_ref(c, jeb,
163 jeb->free_size = 0; 163 (jeb->offset+c->sector_size-oldfree) | REF_OBSOLETE,
164 oldfree, NULL);
165 /* convert to wasted */
166 c->wasted_size += oldfree;
167 jeb->wasted_size += oldfree;
168 c->dirty_size -= oldfree;
169 jeb->dirty_size -= oldfree;
170 }
164 171
165 jffs2_dbg_dump_block_lists_nolock(c); 172 jffs2_dbg_dump_block_lists_nolock(c);
166 jffs2_dbg_acct_sanity_check_nolock(c,jeb); 173 jffs2_dbg_acct_sanity_check_nolock(c,jeb);
167 jffs2_dbg_acct_paranoia_check_nolock(c, jeb); 174 jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
168} 175}
169 176
177static struct jffs2_raw_node_ref **jffs2_incore_replace_raw(struct jffs2_sb_info *c,
178 struct jffs2_inode_info *f,
179 struct jffs2_raw_node_ref *raw,
180 union jffs2_node_union *node)
181{
182 struct jffs2_node_frag *frag;
183 struct jffs2_full_dirent *fd;
184
185 dbg_noderef("incore_replace_raw: node at %p is {%04x,%04x}\n",
186 node, je16_to_cpu(node->u.magic), je16_to_cpu(node->u.nodetype));
187
188 BUG_ON(je16_to_cpu(node->u.magic) != 0x1985 &&
189 je16_to_cpu(node->u.magic) != 0);
190
191 switch (je16_to_cpu(node->u.nodetype)) {
192 case JFFS2_NODETYPE_INODE:
193 if (f->metadata && f->metadata->raw == raw) {
194 dbg_noderef("Will replace ->raw in f->metadata at %p\n", f->metadata);
195 return &f->metadata->raw;
196 }
197 frag = jffs2_lookup_node_frag(&f->fragtree, je32_to_cpu(node->i.offset));
198 BUG_ON(!frag);
199 /* Find a frag which refers to the full_dnode we want to modify */
200 while (!frag->node || frag->node->raw != raw) {
201 frag = frag_next(frag);
202 BUG_ON(!frag);
203 }
204 dbg_noderef("Will replace ->raw in full_dnode at %p\n", frag->node);
205 return &frag->node->raw;
206
207 case JFFS2_NODETYPE_DIRENT:
208 for (fd = f->dents; fd; fd = fd->next) {
209 if (fd->raw == raw) {
210 dbg_noderef("Will replace ->raw in full_dirent at %p\n", fd);
211 return &fd->raw;
212 }
213 }
214 BUG();
215
216 default:
217 dbg_noderef("Don't care about replacing raw for nodetype %x\n",
218 je16_to_cpu(node->u.nodetype));
219 break;
220 }
221 return NULL;
222}
223
170/* Recover from failure to write wbuf. Recover the nodes up to the 224/* Recover from failure to write wbuf. Recover the nodes up to the
171 * wbuf, not the one which we were starting to try to write. */ 225 * wbuf, not the one which we were starting to try to write. */
172 226
173static void jffs2_wbuf_recover(struct jffs2_sb_info *c) 227static void jffs2_wbuf_recover(struct jffs2_sb_info *c)
174{ 228{
175 struct jffs2_eraseblock *jeb, *new_jeb; 229 struct jffs2_eraseblock *jeb, *new_jeb;
176 struct jffs2_raw_node_ref **first_raw, **raw; 230 struct jffs2_raw_node_ref *raw, *next, *first_raw = NULL;
177 size_t retlen; 231 size_t retlen;
178 int ret; 232 int ret;
233 int nr_refile = 0;
179 unsigned char *buf; 234 unsigned char *buf;
180 uint32_t start, end, ofs, len; 235 uint32_t start, end, ofs, len;
181 236
182 spin_lock(&c->erase_completion_lock);
183
184 jeb = &c->blocks[c->wbuf_ofs / c->sector_size]; 237 jeb = &c->blocks[c->wbuf_ofs / c->sector_size];
185 238
239 spin_lock(&c->erase_completion_lock);
186 jffs2_block_refile(c, jeb, REFILE_NOTEMPTY); 240 jffs2_block_refile(c, jeb, REFILE_NOTEMPTY);
241 spin_unlock(&c->erase_completion_lock);
242
243 BUG_ON(!ref_obsolete(jeb->last_node));
187 244
188 /* Find the first node to be recovered, by skipping over every 245 /* Find the first node to be recovered, by skipping over every
189 node which ends before the wbuf starts, or which is obsolete. */ 246 node which ends before the wbuf starts, or which is obsolete. */
190 first_raw = &jeb->first_node; 247 for (next = raw = jeb->first_node; next; raw = next) {
191 while (*first_raw && 248 next = ref_next(raw);
192 (ref_obsolete(*first_raw) || 249
193 (ref_offset(*first_raw)+ref_totlen(c, jeb, *first_raw)) < c->wbuf_ofs)) { 250 if (ref_obsolete(raw) ||
194 D1(printk(KERN_DEBUG "Skipping node at 0x%08x(%d)-0x%08x which is either before 0x%08x or obsolete\n", 251 (next && ref_offset(next) <= c->wbuf_ofs)) {
195 ref_offset(*first_raw), ref_flags(*first_raw), 252 dbg_noderef("Skipping node at 0x%08x(%d)-0x%08x which is either before 0x%08x or obsolete\n",
196 (ref_offset(*first_raw) + ref_totlen(c, jeb, *first_raw)), 253 ref_offset(raw), ref_flags(raw),
197 c->wbuf_ofs)); 254 (ref_offset(raw) + ref_totlen(c, jeb, raw)),
198 first_raw = &(*first_raw)->next_phys; 255 c->wbuf_ofs);
256 continue;
257 }
258 dbg_noderef("First node to be recovered is at 0x%08x(%d)-0x%08x\n",
259 ref_offset(raw), ref_flags(raw),
260 (ref_offset(raw) + ref_totlen(c, jeb, raw)));
261
262 first_raw = raw;
263 break;
199 } 264 }
200 265
201 if (!*first_raw) { 266 if (!first_raw) {
202 /* All nodes were obsolete. Nothing to recover. */ 267 /* All nodes were obsolete. Nothing to recover. */
203 D1(printk(KERN_DEBUG "No non-obsolete nodes to be recovered. Just filing block bad\n")); 268 D1(printk(KERN_DEBUG "No non-obsolete nodes to be recovered. Just filing block bad\n"));
204 spin_unlock(&c->erase_completion_lock); 269 c->wbuf_len = 0;
205 return; 270 return;
206 } 271 }
207 272
208 start = ref_offset(*first_raw); 273 start = ref_offset(first_raw);
209 end = ref_offset(*first_raw) + ref_totlen(c, jeb, *first_raw); 274 end = ref_offset(jeb->last_node);
210 275 nr_refile = 1;
211 /* Find the last node to be recovered */
212 raw = first_raw;
213 while ((*raw)) {
214 if (!ref_obsolete(*raw))
215 end = ref_offset(*raw) + ref_totlen(c, jeb, *raw);
216 276
217 raw = &(*raw)->next_phys; 277 /* Count the number of refs which need to be copied */
218 } 278 while ((raw = ref_next(raw)) != jeb->last_node)
219 spin_unlock(&c->erase_completion_lock); 279 nr_refile++;
220 280
221 D1(printk(KERN_DEBUG "wbuf recover %08x-%08x\n", start, end)); 281 dbg_noderef("wbuf recover %08x-%08x (%d bytes in %d nodes)\n",
282 start, end, end - start, nr_refile);
222 283
223 buf = NULL; 284 buf = NULL;
224 if (start < c->wbuf_ofs) { 285 if (start < c->wbuf_ofs) {
@@ -233,28 +294,37 @@ static void jffs2_wbuf_recover(struct jffs2_sb_info *c)
233 } 294 }
234 295
235 /* Do the read... */ 296 /* Do the read... */
236 if (jffs2_cleanmarker_oob(c)) 297 ret = c->mtd->read(c->mtd, start, c->wbuf_ofs - start, &retlen, buf);
237 ret = c->mtd->read_ecc(c->mtd, start, c->wbuf_ofs - start, &retlen, buf, NULL, c->oobinfo);
238 else
239 ret = c->mtd->read(c->mtd, start, c->wbuf_ofs - start, &retlen, buf);
240 298
241 if (ret == -EBADMSG && retlen == c->wbuf_ofs - start) { 299 /* ECC recovered ? */
242 /* ECC recovered */ 300 if ((ret == -EUCLEAN || ret == -EBADMSG) &&
301 (retlen == c->wbuf_ofs - start))
243 ret = 0; 302 ret = 0;
244 } 303
245 if (ret || retlen != c->wbuf_ofs - start) { 304 if (ret || retlen != c->wbuf_ofs - start) {
246 printk(KERN_CRIT "Old data are already lost in wbuf recovery. Data loss ensues.\n"); 305 printk(KERN_CRIT "Old data are already lost in wbuf recovery. Data loss ensues.\n");
247 306
248 kfree(buf); 307 kfree(buf);
249 buf = NULL; 308 buf = NULL;
250 read_failed: 309 read_failed:
251 first_raw = &(*first_raw)->next_phys; 310 first_raw = ref_next(first_raw);
311 nr_refile--;
312 while (first_raw && ref_obsolete(first_raw)) {
313 first_raw = ref_next(first_raw);
314 nr_refile--;
315 }
316
252 /* If this was the only node to be recovered, give up */ 317 /* If this was the only node to be recovered, give up */
253 if (!(*first_raw)) 318 if (!first_raw) {
319 c->wbuf_len = 0;
254 return; 320 return;
321 }
255 322
256 /* It wasn't. Go on and try to recover nodes complete in the wbuf */ 323 /* It wasn't. Go on and try to recover nodes complete in the wbuf */
257 start = ref_offset(*first_raw); 324 start = ref_offset(first_raw);
325 dbg_noderef("wbuf now recover %08x-%08x (%d bytes in %d nodes)\n",
326 start, end, end - start, nr_refile);
327
258 } else { 328 } else {
259 /* Read succeeded. Copy the remaining data from the wbuf */ 329 /* Read succeeded. Copy the remaining data from the wbuf */
260 memcpy(buf + (c->wbuf_ofs - start), c->wbuf, end - c->wbuf_ofs); 330 memcpy(buf + (c->wbuf_ofs - start), c->wbuf, end - c->wbuf_ofs);
@@ -263,14 +333,23 @@ static void jffs2_wbuf_recover(struct jffs2_sb_info *c)
263 /* OK... we're to rewrite (end-start) bytes of data from first_raw onwards. 333 /* OK... we're to rewrite (end-start) bytes of data from first_raw onwards.
264 Either 'buf' contains the data, or we find it in the wbuf */ 334 Either 'buf' contains the data, or we find it in the wbuf */
265 335
266
267 /* ... and get an allocation of space from a shiny new block instead */ 336 /* ... and get an allocation of space from a shiny new block instead */
268 ret = jffs2_reserve_space_gc(c, end-start, &ofs, &len, JFFS2_SUMMARY_NOSUM_SIZE); 337 ret = jffs2_reserve_space_gc(c, end-start, &len, JFFS2_SUMMARY_NOSUM_SIZE);
269 if (ret) { 338 if (ret) {
270 printk(KERN_WARNING "Failed to allocate space for wbuf recovery. Data loss ensues.\n"); 339 printk(KERN_WARNING "Failed to allocate space for wbuf recovery. Data loss ensues.\n");
271 kfree(buf); 340 kfree(buf);
272 return; 341 return;
273 } 342 }
343
344 ret = jffs2_prealloc_raw_node_refs(c, c->nextblock, nr_refile);
345 if (ret) {
346 printk(KERN_WARNING "Failed to allocate node refs for wbuf recovery. Data loss ensues.\n");
347 kfree(buf);
348 return;
349 }
350
351 ofs = write_ofs(c);
352
274 if (end-start >= c->wbuf_pagesize) { 353 if (end-start >= c->wbuf_pagesize) {
275 /* Need to do another write immediately, but it's possible 354 /* Need to do another write immediately, but it's possible
276 that this is just because the wbuf itself is completely 355 that this is just because the wbuf itself is completely
@@ -288,36 +367,22 @@ static void jffs2_wbuf_recover(struct jffs2_sb_info *c)
288 if (breakme++ == 20) { 367 if (breakme++ == 20) {
289 printk(KERN_NOTICE "Faking write error at 0x%08x\n", ofs); 368 printk(KERN_NOTICE "Faking write error at 0x%08x\n", ofs);
290 breakme = 0; 369 breakme = 0;
291 c->mtd->write_ecc(c->mtd, ofs, towrite, &retlen, 370 c->mtd->write(c->mtd, ofs, towrite, &retlen,
292 brokenbuf, NULL, c->oobinfo); 371 brokenbuf);
293 ret = -EIO; 372 ret = -EIO;
294 } else 373 } else
295#endif 374#endif
296 if (jffs2_cleanmarker_oob(c)) 375 ret = c->mtd->write(c->mtd, ofs, towrite, &retlen,
297 ret = c->mtd->write_ecc(c->mtd, ofs, towrite, &retlen, 376 rewrite_buf);
298 rewrite_buf, NULL, c->oobinfo);
299 else
300 ret = c->mtd->write(c->mtd, ofs, towrite, &retlen, rewrite_buf);
301 377
302 if (ret || retlen != towrite) { 378 if (ret || retlen != towrite) {
303 /* Argh. We tried. Really we did. */ 379 /* Argh. We tried. Really we did. */
304 printk(KERN_CRIT "Recovery of wbuf failed due to a second write error\n"); 380 printk(KERN_CRIT "Recovery of wbuf failed due to a second write error\n");
305 kfree(buf); 381 kfree(buf);
306 382
307 if (retlen) { 383 if (retlen)
308 struct jffs2_raw_node_ref *raw2; 384 jffs2_add_physical_node_ref(c, ofs | REF_OBSOLETE, ref_totlen(c, jeb, first_raw), NULL);
309
310 raw2 = jffs2_alloc_raw_node_ref();
311 if (!raw2)
312 return;
313 385
314 raw2->flash_offset = ofs | REF_OBSOLETE;
315 raw2->__totlen = ref_totlen(c, jeb, *first_raw);
316 raw2->next_phys = NULL;
317 raw2->next_in_ino = NULL;
318
319 jffs2_add_physical_node_ref(c, raw2);
320 }
321 return; 386 return;
322 } 387 }
323 printk(KERN_NOTICE "Recovery of wbuf succeeded to %08x\n", ofs); 388 printk(KERN_NOTICE "Recovery of wbuf succeeded to %08x\n", ofs);
@@ -326,12 +391,10 @@ static void jffs2_wbuf_recover(struct jffs2_sb_info *c)
326 c->wbuf_ofs = ofs + towrite; 391 c->wbuf_ofs = ofs + towrite;
327 memmove(c->wbuf, rewrite_buf + towrite, c->wbuf_len); 392 memmove(c->wbuf, rewrite_buf + towrite, c->wbuf_len);
328 /* Don't muck about with c->wbuf_inodes. False positives are harmless. */ 393 /* Don't muck about with c->wbuf_inodes. False positives are harmless. */
329 kfree(buf);
330 } else { 394 } else {
331 /* OK, now we're left with the dregs in whichever buffer we're using */ 395 /* OK, now we're left with the dregs in whichever buffer we're using */
332 if (buf) { 396 if (buf) {
333 memcpy(c->wbuf, buf, end-start); 397 memcpy(c->wbuf, buf, end-start);
334 kfree(buf);
335 } else { 398 } else {
336 memmove(c->wbuf, c->wbuf + (start - c->wbuf_ofs), end - start); 399 memmove(c->wbuf, c->wbuf + (start - c->wbuf_ofs), end - start);
337 } 400 }
@@ -343,62 +406,111 @@ static void jffs2_wbuf_recover(struct jffs2_sb_info *c)
343 new_jeb = &c->blocks[ofs / c->sector_size]; 406 new_jeb = &c->blocks[ofs / c->sector_size];
344 407
345 spin_lock(&c->erase_completion_lock); 408 spin_lock(&c->erase_completion_lock);
346 if (new_jeb->first_node) { 409 for (raw = first_raw; raw != jeb->last_node; raw = ref_next(raw)) {
347 /* Odd, but possible with ST flash later maybe */ 410 uint32_t rawlen = ref_totlen(c, jeb, raw);
348 new_jeb->last_node->next_phys = *first_raw; 411 struct jffs2_inode_cache *ic;
349 } else { 412 struct jffs2_raw_node_ref *new_ref;
350 new_jeb->first_node = *first_raw; 413 struct jffs2_raw_node_ref **adjust_ref = NULL;
351 } 414 struct jffs2_inode_info *f = NULL;
352
353 raw = first_raw;
354 while (*raw) {
355 uint32_t rawlen = ref_totlen(c, jeb, *raw);
356 415
357 D1(printk(KERN_DEBUG "Refiling block of %08x at %08x(%d) to %08x\n", 416 D1(printk(KERN_DEBUG "Refiling block of %08x at %08x(%d) to %08x\n",
358 rawlen, ref_offset(*raw), ref_flags(*raw), ofs)); 417 rawlen, ref_offset(raw), ref_flags(raw), ofs));
418
419 ic = jffs2_raw_ref_to_ic(raw);
420
421 /* Ick. This XATTR mess should be fixed shortly... */
422 if (ic && ic->class == RAWNODE_CLASS_XATTR_DATUM) {
423 struct jffs2_xattr_datum *xd = (void *)ic;
424 BUG_ON(xd->node != raw);
425 adjust_ref = &xd->node;
426 raw->next_in_ino = NULL;
427 ic = NULL;
428 } else if (ic && ic->class == RAWNODE_CLASS_XATTR_REF) {
429 struct jffs2_xattr_datum *xr = (void *)ic;
430 BUG_ON(xr->node != raw);
431 adjust_ref = &xr->node;
432 raw->next_in_ino = NULL;
433 ic = NULL;
434 } else if (ic && ic->class == RAWNODE_CLASS_INODE_CACHE) {
435 struct jffs2_raw_node_ref **p = &ic->nodes;
436
437 /* Remove the old node from the per-inode list */
438 while (*p && *p != (void *)ic) {
439 if (*p == raw) {
440 (*p) = (raw->next_in_ino);
441 raw->next_in_ino = NULL;
442 break;
443 }
444 p = &((*p)->next_in_ino);
445 }
359 446
360 if (ref_obsolete(*raw)) { 447 if (ic->state == INO_STATE_PRESENT && !ref_obsolete(raw)) {
361 /* Shouldn't really happen much */ 448 /* If it's an in-core inode, then we have to adjust any
362 new_jeb->dirty_size += rawlen; 449 full_dirent or full_dnode structure to point to the
363 new_jeb->free_size -= rawlen; 450 new version instead of the old */
364 c->dirty_size += rawlen; 451 f = jffs2_gc_fetch_inode(c, ic->ino, ic->nlink);
365 } else { 452 if (IS_ERR(f)) {
366 new_jeb->used_size += rawlen; 453 /* Should never happen; it _must_ be present */
367 new_jeb->free_size -= rawlen; 454 JFFS2_ERROR("Failed to iget() ino #%u, err %ld\n",
455 ic->ino, PTR_ERR(f));
456 BUG();
457 }
458 /* We don't lock f->sem. There's a number of ways we could
459 end up in here with it already being locked, and nobody's
460 going to modify it on us anyway because we hold the
461 alloc_sem. We're only changing one ->raw pointer too,
462 which we can get away with without upsetting readers. */
463 adjust_ref = jffs2_incore_replace_raw(c, f, raw,
464 (void *)(buf?:c->wbuf) + (ref_offset(raw) - start));
465 } else if (unlikely(ic->state != INO_STATE_PRESENT &&
466 ic->state != INO_STATE_CHECKEDABSENT &&
467 ic->state != INO_STATE_GC)) {
468 JFFS2_ERROR("Inode #%u is in strange state %d!\n", ic->ino, ic->state);
469 BUG();
470 }
471 }
472
473 new_ref = jffs2_link_node_ref(c, new_jeb, ofs | ref_flags(raw), rawlen, ic);
474
475 if (adjust_ref) {
476 BUG_ON(*adjust_ref != raw);
477 *adjust_ref = new_ref;
478 }
479 if (f)
480 jffs2_gc_release_inode(c, f);
481
482 if (!ref_obsolete(raw)) {
368 jeb->dirty_size += rawlen; 483 jeb->dirty_size += rawlen;
369 jeb->used_size -= rawlen; 484 jeb->used_size -= rawlen;
370 c->dirty_size += rawlen; 485 c->dirty_size += rawlen;
486 c->used_size -= rawlen;
487 raw->flash_offset = ref_offset(raw) | REF_OBSOLETE;
488 BUG_ON(raw->next_in_ino);
371 } 489 }
372 c->free_size -= rawlen;
373 (*raw)->flash_offset = ofs | ref_flags(*raw);
374 ofs += rawlen; 490 ofs += rawlen;
375 new_jeb->last_node = *raw;
376
377 raw = &(*raw)->next_phys;
378 } 491 }
379 492
493 kfree(buf);
494
380 /* Fix up the original jeb now it's on the bad_list */ 495 /* Fix up the original jeb now it's on the bad_list */
381 *first_raw = NULL; 496 if (first_raw == jeb->first_node) {
382 if (first_raw == &jeb->first_node) {
383 jeb->last_node = NULL;
384 D1(printk(KERN_DEBUG "Failing block at %08x is now empty. Moving to erase_pending_list\n", jeb->offset)); 497 D1(printk(KERN_DEBUG "Failing block at %08x is now empty. Moving to erase_pending_list\n", jeb->offset));
385 list_del(&jeb->list); 498 list_del(&jeb->list);
386 list_add(&jeb->list, &c->erase_pending_list); 499 list_add(&jeb->list, &c->erase_pending_list);
387 c->nr_erasing_blocks++; 500 c->nr_erasing_blocks++;
388 jffs2_erase_pending_trigger(c); 501 jffs2_erase_pending_trigger(c);
389 } 502 }
390 else
391 jeb->last_node = container_of(first_raw, struct jffs2_raw_node_ref, next_phys);
392 503
393 jffs2_dbg_acct_sanity_check_nolock(c, jeb); 504 jffs2_dbg_acct_sanity_check_nolock(c, jeb);
394 jffs2_dbg_acct_paranoia_check_nolock(c, jeb); 505 jffs2_dbg_acct_paranoia_check_nolock(c, jeb);
395 506
396 jffs2_dbg_acct_sanity_check_nolock(c, new_jeb); 507 jffs2_dbg_acct_sanity_check_nolock(c, new_jeb);
397 jffs2_dbg_acct_paranoia_check_nolock(c, new_jeb); 508 jffs2_dbg_acct_paranoia_check_nolock(c, new_jeb);
398 509
399 spin_unlock(&c->erase_completion_lock); 510 spin_unlock(&c->erase_completion_lock);
400 511
401 D1(printk(KERN_DEBUG "wbuf recovery completed OK\n")); 512 D1(printk(KERN_DEBUG "wbuf recovery completed OK. wbuf_ofs 0x%08x, len 0x%x\n", c->wbuf_ofs, c->wbuf_len));
513
402} 514}
403 515
404/* Meaning of pad argument: 516/* Meaning of pad argument:
@@ -412,6 +524,7 @@ static void jffs2_wbuf_recover(struct jffs2_sb_info *c)
412 524
413static int __jffs2_flush_wbuf(struct jffs2_sb_info *c, int pad) 525static int __jffs2_flush_wbuf(struct jffs2_sb_info *c, int pad)
414{ 526{
527 struct jffs2_eraseblock *wbuf_jeb;
415 int ret; 528 int ret;
416 size_t retlen; 529 size_t retlen;
417 530
@@ -429,6 +542,10 @@ static int __jffs2_flush_wbuf(struct jffs2_sb_info *c, int pad)
429 if (!c->wbuf_len) /* already checked c->wbuf above */ 542 if (!c->wbuf_len) /* already checked c->wbuf above */
430 return 0; 543 return 0;
431 544
545 wbuf_jeb = &c->blocks[c->wbuf_ofs / c->sector_size];
546 if (jffs2_prealloc_raw_node_refs(c, wbuf_jeb, c->nextblock->allocated_refs + 1))
547 return -ENOMEM;
548
432 /* claim remaining space on the page 549 /* claim remaining space on the page
433 this happens, if we have a change to a new block, 550 this happens, if we have a change to a new block,
434 or if fsync forces us to flush the writebuffer. 551 or if fsync forces us to flush the writebuffer.
@@ -458,15 +575,12 @@ static int __jffs2_flush_wbuf(struct jffs2_sb_info *c, int pad)
458 if (breakme++ == 20) { 575 if (breakme++ == 20) {
459 printk(KERN_NOTICE "Faking write error at 0x%08x\n", c->wbuf_ofs); 576 printk(KERN_NOTICE "Faking write error at 0x%08x\n", c->wbuf_ofs);
460 breakme = 0; 577 breakme = 0;
461 c->mtd->write_ecc(c->mtd, c->wbuf_ofs, c->wbuf_pagesize, 578 c->mtd->write(c->mtd, c->wbuf_ofs, c->wbuf_pagesize, &retlen,
462 &retlen, brokenbuf, NULL, c->oobinfo); 579 brokenbuf);
463 ret = -EIO; 580 ret = -EIO;
464 } else 581 } else
465#endif 582#endif
466 583
467 if (jffs2_cleanmarker_oob(c))
468 ret = c->mtd->write_ecc(c->mtd, c->wbuf_ofs, c->wbuf_pagesize, &retlen, c->wbuf, NULL, c->oobinfo);
469 else
470 ret = c->mtd->write(c->mtd, c->wbuf_ofs, c->wbuf_pagesize, &retlen, c->wbuf); 584 ret = c->mtd->write(c->mtd, c->wbuf_ofs, c->wbuf_pagesize, &retlen, c->wbuf);
471 585
472 if (ret || retlen != c->wbuf_pagesize) { 586 if (ret || retlen != c->wbuf_pagesize) {
@@ -483,32 +597,34 @@ static int __jffs2_flush_wbuf(struct jffs2_sb_info *c, int pad)
483 return ret; 597 return ret;
484 } 598 }
485 599
486 spin_lock(&c->erase_completion_lock);
487
488 /* Adjust free size of the block if we padded. */ 600 /* Adjust free size of the block if we padded. */
489 if (pad) { 601 if (pad) {
490 struct jffs2_eraseblock *jeb; 602 uint32_t waste = c->wbuf_pagesize - c->wbuf_len;
491
492 jeb = &c->blocks[c->wbuf_ofs / c->sector_size];
493 603
494 D1(printk(KERN_DEBUG "jffs2_flush_wbuf() adjusting free_size of %sblock at %08x\n", 604 D1(printk(KERN_DEBUG "jffs2_flush_wbuf() adjusting free_size of %sblock at %08x\n",
495 (jeb==c->nextblock)?"next":"", jeb->offset)); 605 (wbuf_jeb==c->nextblock)?"next":"", wbuf_jeb->offset));
496 606
497 /* wbuf_pagesize - wbuf_len is the amount of space that's to be 607 /* wbuf_pagesize - wbuf_len is the amount of space that's to be
498 padded. If there is less free space in the block than that, 608 padded. If there is less free space in the block than that,
499 something screwed up */ 609 something screwed up */
500 if (jeb->free_size < (c->wbuf_pagesize - c->wbuf_len)) { 610 if (wbuf_jeb->free_size < waste) {
501 printk(KERN_CRIT "jffs2_flush_wbuf(): Accounting error. wbuf at 0x%08x has 0x%03x bytes, 0x%03x left.\n", 611 printk(KERN_CRIT "jffs2_flush_wbuf(): Accounting error. wbuf at 0x%08x has 0x%03x bytes, 0x%03x left.\n",
502 c->wbuf_ofs, c->wbuf_len, c->wbuf_pagesize-c->wbuf_len); 612 c->wbuf_ofs, c->wbuf_len, waste);
503 printk(KERN_CRIT "jffs2_flush_wbuf(): But free_size for block at 0x%08x is only 0x%08x\n", 613 printk(KERN_CRIT "jffs2_flush_wbuf(): But free_size for block at 0x%08x is only 0x%08x\n",
504 jeb->offset, jeb->free_size); 614 wbuf_jeb->offset, wbuf_jeb->free_size);
505 BUG(); 615 BUG();
506 } 616 }
507 jeb->free_size -= (c->wbuf_pagesize - c->wbuf_len); 617
508 c->free_size -= (c->wbuf_pagesize - c->wbuf_len); 618 spin_lock(&c->erase_completion_lock);
509 jeb->wasted_size += (c->wbuf_pagesize - c->wbuf_len); 619
510 c->wasted_size += (c->wbuf_pagesize - c->wbuf_len); 620 jffs2_link_node_ref(c, wbuf_jeb, (c->wbuf_ofs + c->wbuf_len) | REF_OBSOLETE, waste, NULL);
511 } 621 /* FIXME: that made it count as dirty. Convert to wasted */
622 wbuf_jeb->dirty_size -= waste;
623 c->dirty_size -= waste;
624 wbuf_jeb->wasted_size += waste;
625 c->wasted_size += waste;
626 } else
627 spin_lock(&c->erase_completion_lock);
512 628
513 /* Stick any now-obsoleted blocks on the erase_pending_list */ 629 /* Stick any now-obsoleted blocks on the erase_pending_list */
514 jffs2_refile_wbuf_blocks(c); 630 jffs2_refile_wbuf_blocks(c);
@@ -603,20 +719,30 @@ int jffs2_flush_wbuf_pad(struct jffs2_sb_info *c)
603 719
604 return ret; 720 return ret;
605} 721}
606int jffs2_flash_writev(struct jffs2_sb_info *c, const struct kvec *invecs, unsigned long count, loff_t to, size_t *retlen, uint32_t ino) 722
723static size_t jffs2_fill_wbuf(struct jffs2_sb_info *c, const uint8_t *buf,
724 size_t len)
607{ 725{
608 struct kvec outvecs[3]; 726 if (len && !c->wbuf_len && (len >= c->wbuf_pagesize))
609 uint32_t totlen = 0; 727 return 0;
610 uint32_t split_ofs = 0; 728
611 uint32_t old_totlen; 729 if (len > (c->wbuf_pagesize - c->wbuf_len))
612 int ret, splitvec = -1; 730 len = c->wbuf_pagesize - c->wbuf_len;
613 int invec, outvec; 731 memcpy(c->wbuf + c->wbuf_len, buf, len);
614 size_t wbuf_retlen; 732 c->wbuf_len += (uint32_t) len;
615 unsigned char *wbuf_ptr; 733 return len;
616 size_t donelen = 0; 734}
735
736int jffs2_flash_writev(struct jffs2_sb_info *c, const struct kvec *invecs,
737 unsigned long count, loff_t to, size_t *retlen,
738 uint32_t ino)
739{
740 struct jffs2_eraseblock *jeb;
741 size_t wbuf_retlen, donelen = 0;
617 uint32_t outvec_to = to; 742 uint32_t outvec_to = to;
743 int ret, invec;
618 744
619 /* If not NAND flash, don't bother */ 745 /* If not writebuffered flash, don't bother */
620 if (!jffs2_is_writebuffered(c)) 746 if (!jffs2_is_writebuffered(c))
621 return jffs2_flash_direct_writev(c, invecs, count, to, retlen); 747 return jffs2_flash_direct_writev(c, invecs, count, to, retlen);
622 748
@@ -629,34 +755,22 @@ int jffs2_flash_writev(struct jffs2_sb_info *c, const struct kvec *invecs, unsig
629 memset(c->wbuf,0xff,c->wbuf_pagesize); 755 memset(c->wbuf,0xff,c->wbuf_pagesize);
630 } 756 }
631 757
632 /* Fixup the wbuf if we are moving to a new eraseblock. The checks below 758 /*
633 fail for ECC'd NOR because cleanmarker == 16, so a block starts at 759 * Sanity checks on target address. It's permitted to write
634 xxx0010. */ 760 * at PAD(c->wbuf_len+c->wbuf_ofs), and it's permitted to
635 if (jffs2_nor_ecc(c)) { 761 * write at the beginning of a new erase block. Anything else,
636 if (((c->wbuf_ofs % c->sector_size) == 0) && !c->wbuf_len) { 762 * and you die. New block starts at xxx000c (0-b = block
637 c->wbuf_ofs = PAGE_DIV(to); 763 * header)
638 c->wbuf_len = PAGE_MOD(to); 764 */
639 memset(c->wbuf,0xff,c->wbuf_pagesize);
640 }
641 }
642
643 /* Sanity checks on target address.
644 It's permitted to write at PAD(c->wbuf_len+c->wbuf_ofs),
645 and it's permitted to write at the beginning of a new
646 erase block. Anything else, and you die.
647 New block starts at xxx000c (0-b = block header)
648 */
649 if (SECTOR_ADDR(to) != SECTOR_ADDR(c->wbuf_ofs)) { 765 if (SECTOR_ADDR(to) != SECTOR_ADDR(c->wbuf_ofs)) {
650 /* It's a write to a new block */ 766 /* It's a write to a new block */
651 if (c->wbuf_len) { 767 if (c->wbuf_len) {
652 D1(printk(KERN_DEBUG "jffs2_flash_writev() to 0x%lx causes flush of wbuf at 0x%08x\n", (unsigned long)to, c->wbuf_ofs)); 768 D1(printk(KERN_DEBUG "jffs2_flash_writev() to 0x%lx "
769 "causes flush of wbuf at 0x%08x\n",
770 (unsigned long)to, c->wbuf_ofs));
653 ret = __jffs2_flush_wbuf(c, PAD_NOACCOUNT); 771 ret = __jffs2_flush_wbuf(c, PAD_NOACCOUNT);
654 if (ret) { 772 if (ret)
655 /* the underlying layer has to check wbuf_len to do the cleanup */ 773 goto outerr;
656 D1(printk(KERN_WARNING "jffs2_flush_wbuf() called from jffs2_flash_writev() failed %d\n", ret));
657 *retlen = 0;
658 goto exit;
659 }
660 } 774 }
661 /* set pointer to new block */ 775 /* set pointer to new block */
662 c->wbuf_ofs = PAGE_DIV(to); 776 c->wbuf_ofs = PAGE_DIV(to);
@@ -665,165 +779,70 @@ int jffs2_flash_writev(struct jffs2_sb_info *c, const struct kvec *invecs, unsig
665 779
666 if (to != PAD(c->wbuf_ofs + c->wbuf_len)) { 780 if (to != PAD(c->wbuf_ofs + c->wbuf_len)) {
667 /* We're not writing immediately after the writebuffer. Bad. */ 781 /* We're not writing immediately after the writebuffer. Bad. */
668 printk(KERN_CRIT "jffs2_flash_writev(): Non-contiguous write to %08lx\n", (unsigned long)to); 782 printk(KERN_CRIT "jffs2_flash_writev(): Non-contiguous write "
783 "to %08lx\n", (unsigned long)to);
669 if (c->wbuf_len) 784 if (c->wbuf_len)
670 printk(KERN_CRIT "wbuf was previously %08x-%08x\n", 785 printk(KERN_CRIT "wbuf was previously %08x-%08x\n",
671 c->wbuf_ofs, c->wbuf_ofs+c->wbuf_len); 786 c->wbuf_ofs, c->wbuf_ofs+c->wbuf_len);
672 BUG(); 787 BUG();
673 } 788 }
674 789
675 /* Note outvecs[3] above. We know count is never greater than 2 */ 790 /* adjust alignment offset */
676 if (count > 2) { 791 if (c->wbuf_len != PAGE_MOD(to)) {
677 printk(KERN_CRIT "jffs2_flash_writev(): count is %ld\n", count); 792 c->wbuf_len = PAGE_MOD(to);
678 BUG(); 793 /* take care of alignment to next page */
679 } 794 if (!c->wbuf_len) {
680 795 c->wbuf_len = c->wbuf_pagesize;
681 invec = 0; 796 ret = __jffs2_flush_wbuf(c, NOPAD);
682 outvec = 0; 797 if (ret)
683 798 goto outerr;
684 /* Fill writebuffer first, if already in use */
685 if (c->wbuf_len) {
686 uint32_t invec_ofs = 0;
687
688 /* adjust alignment offset */
689 if (c->wbuf_len != PAGE_MOD(to)) {
690 c->wbuf_len = PAGE_MOD(to);
691 /* take care of alignment to next page */
692 if (!c->wbuf_len)
693 c->wbuf_len = c->wbuf_pagesize;
694 }
695
696 while(c->wbuf_len < c->wbuf_pagesize) {
697 uint32_t thislen;
698
699 if (invec == count)
700 goto alldone;
701
702 thislen = c->wbuf_pagesize - c->wbuf_len;
703
704 if (thislen >= invecs[invec].iov_len)
705 thislen = invecs[invec].iov_len;
706
707 invec_ofs = thislen;
708
709 memcpy(c->wbuf + c->wbuf_len, invecs[invec].iov_base, thislen);
710 c->wbuf_len += thislen;
711 donelen += thislen;
712 /* Get next invec, if actual did not fill the buffer */
713 if (c->wbuf_len < c->wbuf_pagesize)
714 invec++;
715 }
716
717 /* write buffer is full, flush buffer */
718 ret = __jffs2_flush_wbuf(c, NOPAD);
719 if (ret) {
720 /* the underlying layer has to check wbuf_len to do the cleanup */
721 D1(printk(KERN_WARNING "jffs2_flush_wbuf() called from jffs2_flash_writev() failed %d\n", ret));
722 /* Retlen zero to make sure our caller doesn't mark the space dirty.
723 We've already done everything that's necessary */
724 *retlen = 0;
725 goto exit;
726 }
727 outvec_to += donelen;
728 c->wbuf_ofs = outvec_to;
729
730 /* All invecs done ? */
731 if (invec == count)
732 goto alldone;
733
734 /* Set up the first outvec, containing the remainder of the
735 invec we partially used */
736 if (invecs[invec].iov_len > invec_ofs) {
737 outvecs[0].iov_base = invecs[invec].iov_base+invec_ofs;
738 totlen = outvecs[0].iov_len = invecs[invec].iov_len-invec_ofs;
739 if (totlen > c->wbuf_pagesize) {
740 splitvec = outvec;
741 split_ofs = outvecs[0].iov_len - PAGE_MOD(totlen);
742 }
743 outvec++;
744 }
745 invec++;
746 }
747
748 /* OK, now we've flushed the wbuf and the start of the bits
749 we have been asked to write, now to write the rest.... */
750
751 /* totlen holds the amount of data still to be written */
752 old_totlen = totlen;
753 for ( ; invec < count; invec++,outvec++ ) {
754 outvecs[outvec].iov_base = invecs[invec].iov_base;
755 totlen += outvecs[outvec].iov_len = invecs[invec].iov_len;
756 if (PAGE_DIV(totlen) != PAGE_DIV(old_totlen)) {
757 splitvec = outvec;
758 split_ofs = outvecs[outvec].iov_len - PAGE_MOD(totlen);
759 old_totlen = totlen;
760 } 799 }
761 } 800 }
762 801
763 /* Now the outvecs array holds all the remaining data to write */ 802 for (invec = 0; invec < count; invec++) {
764 /* Up to splitvec,split_ofs is to be written immediately. The rest 803 int vlen = invecs[invec].iov_len;
765 goes into the (now-empty) wbuf */ 804 uint8_t *v = invecs[invec].iov_base;
766
767 if (splitvec != -1) {
768 uint32_t remainder;
769
770 remainder = outvecs[splitvec].iov_len - split_ofs;
771 outvecs[splitvec].iov_len = split_ofs;
772
773 /* We did cross a page boundary, so we write some now */
774 if (jffs2_cleanmarker_oob(c))
775 ret = c->mtd->writev_ecc(c->mtd, outvecs, splitvec+1, outvec_to, &wbuf_retlen, NULL, c->oobinfo);
776 else
777 ret = jffs2_flash_direct_writev(c, outvecs, splitvec+1, outvec_to, &wbuf_retlen);
778
779 if (ret < 0 || wbuf_retlen != PAGE_DIV(totlen)) {
780 /* At this point we have no problem,
781 c->wbuf is empty. However refile nextblock to avoid
782 writing again to same address.
783 */
784 struct jffs2_eraseblock *jeb;
785 805
786 spin_lock(&c->erase_completion_lock); 806 wbuf_retlen = jffs2_fill_wbuf(c, v, vlen);
787 807
788 jeb = &c->blocks[outvec_to / c->sector_size]; 808 if (c->wbuf_len == c->wbuf_pagesize) {
789 jffs2_block_refile(c, jeb, REFILE_ANYWAY); 809 ret = __jffs2_flush_wbuf(c, NOPAD);
790 810 if (ret)
791 *retlen = 0; 811 goto outerr;
792 spin_unlock(&c->erase_completion_lock);
793 goto exit;
794 } 812 }
795 813 vlen -= wbuf_retlen;
814 outvec_to += wbuf_retlen;
796 donelen += wbuf_retlen; 815 donelen += wbuf_retlen;
797 c->wbuf_ofs = PAGE_DIV(outvec_to) + PAGE_DIV(totlen); 816 v += wbuf_retlen;
798 817
799 if (remainder) { 818 if (vlen >= c->wbuf_pagesize) {
800 outvecs[splitvec].iov_base += split_ofs; 819 ret = c->mtd->write(c->mtd, outvec_to, PAGE_DIV(vlen),
801 outvecs[splitvec].iov_len = remainder; 820 &wbuf_retlen, v);
802 } else { 821 if (ret < 0 || wbuf_retlen != PAGE_DIV(vlen))
803 splitvec++; 822 goto outfile;
823
824 vlen -= wbuf_retlen;
825 outvec_to += wbuf_retlen;
826 c->wbuf_ofs = outvec_to;
827 donelen += wbuf_retlen;
828 v += wbuf_retlen;
804 } 829 }
805 830
806 } else { 831 wbuf_retlen = jffs2_fill_wbuf(c, v, vlen);
807 splitvec = 0; 832 if (c->wbuf_len == c->wbuf_pagesize) {
808 } 833 ret = __jffs2_flush_wbuf(c, NOPAD);
809 834 if (ret)
810 /* Now splitvec points to the start of the bits we have to copy 835 goto outerr;
811 into the wbuf */ 836 }
812 wbuf_ptr = c->wbuf;
813 837
814 for ( ; splitvec < outvec; splitvec++) { 838 outvec_to += wbuf_retlen;
815 /* Don't copy the wbuf into itself */ 839 donelen += wbuf_retlen;
816 if (outvecs[splitvec].iov_base == c->wbuf)
817 continue;
818 memcpy(wbuf_ptr, outvecs[splitvec].iov_base, outvecs[splitvec].iov_len);
819 wbuf_ptr += outvecs[splitvec].iov_len;
820 donelen += outvecs[splitvec].iov_len;
821 } 840 }
822 c->wbuf_len = wbuf_ptr - c->wbuf;
823 841
824 /* If there's a remainder in the wbuf and it's a non-GC write, 842 /*
825 remember that the wbuf affects this ino */ 843 * If there's a remainder in the wbuf and it's a non-GC write,
826alldone: 844 * remember that the wbuf affects this ino
845 */
827 *retlen = donelen; 846 *retlen = donelen;
828 847
829 if (jffs2_sum_active()) { 848 if (jffs2_sum_active()) {
@@ -836,8 +855,24 @@ alldone:
836 jffs2_wbuf_dirties_inode(c, ino); 855 jffs2_wbuf_dirties_inode(c, ino);
837 856
838 ret = 0; 857 ret = 0;
858 up_write(&c->wbuf_sem);
859 return ret;
839 860
840exit: 861outfile:
862 /*
863 * At this point we have no problem, c->wbuf is empty. However
864 * refile nextblock to avoid writing again to same address.
865 */
866
867 spin_lock(&c->erase_completion_lock);
868
869 jeb = &c->blocks[outvec_to / c->sector_size];
870 jffs2_block_refile(c, jeb, REFILE_ANYWAY);
871
872 spin_unlock(&c->erase_completion_lock);
873
874outerr:
875 *retlen = 0;
841 up_write(&c->wbuf_sem); 876 up_write(&c->wbuf_sem);
842 return ret; 877 return ret;
843} 878}
@@ -846,7 +881,8 @@ exit:
846 * This is the entry for flash write. 881 * This is the entry for flash write.
847 * Check, if we work on NAND FLASH, if so build an kvec and write it via vritev 882 * Check, if we work on NAND FLASH, if so build an kvec and write it via vritev
848*/ 883*/
849int jffs2_flash_write(struct jffs2_sb_info *c, loff_t ofs, size_t len, size_t *retlen, const u_char *buf) 884int jffs2_flash_write(struct jffs2_sb_info *c, loff_t ofs, size_t len,
885 size_t *retlen, const u_char *buf)
850{ 886{
851 struct kvec vecs[1]; 887 struct kvec vecs[1];
852 888
@@ -871,25 +907,23 @@ int jffs2_flash_read(struct jffs2_sb_info *c, loff_t ofs, size_t len, size_t *re
871 907
872 /* Read flash */ 908 /* Read flash */
873 down_read(&c->wbuf_sem); 909 down_read(&c->wbuf_sem);
874 if (jffs2_cleanmarker_oob(c)) 910 ret = c->mtd->read(c->mtd, ofs, len, retlen, buf);
875 ret = c->mtd->read_ecc(c->mtd, ofs, len, retlen, buf, NULL, c->oobinfo); 911
876 else 912 if ( (ret == -EBADMSG || ret == -EUCLEAN) && (*retlen == len) ) {
877 ret = c->mtd->read(c->mtd, ofs, len, retlen, buf); 913 if (ret == -EBADMSG)
878 914 printk(KERN_WARNING "mtd->read(0x%zx bytes from 0x%llx)"
879 if ( (ret == -EBADMSG) && (*retlen == len) ) { 915 " returned ECC error\n", len, ofs);
880 printk(KERN_WARNING "mtd->read(0x%zx bytes from 0x%llx) returned ECC error\n",
881 len, ofs);
882 /* 916 /*
883 * We have the raw data without ECC correction in the buffer, maybe 917 * We have the raw data without ECC correction in the buffer,
884 * we are lucky and all data or parts are correct. We check the node. 918 * maybe we are lucky and all data or parts are correct. We
885 * If data are corrupted node check will sort it out. 919 * check the node. If data are corrupted node check will sort
886 * We keep this block, it will fail on write or erase and the we 920 * it out. We keep this block, it will fail on write or erase
887 * mark it bad. Or should we do that now? But we should give him a chance. 921 * and the we mark it bad. Or should we do that now? But we
888 * Maybe we had a system crash or power loss before the ecc write or 922 * should give him a chance. Maybe we had a system crash or
889 * a erase was completed. 923 * power loss before the ecc write or a erase was completed.
890 * So we return success. :) 924 * So we return success. :)
891 */ 925 */
892 ret = 0; 926 ret = 0;
893 } 927 }
894 928
895 /* if no writebuffer available or write buffer empty, return */ 929 /* if no writebuffer available or write buffer empty, return */
@@ -911,7 +945,7 @@ int jffs2_flash_read(struct jffs2_sb_info *c, loff_t ofs, size_t len, size_t *re
911 orbf = (c->wbuf_ofs - ofs); /* offset in read buffer */ 945 orbf = (c->wbuf_ofs - ofs); /* offset in read buffer */
912 if (orbf > len) /* is write beyond write buffer ? */ 946 if (orbf > len) /* is write beyond write buffer ? */
913 goto exit; 947 goto exit;
914 lwbf = len - orbf; /* number of bytes to copy */ 948 lwbf = len - orbf; /* number of bytes to copy */
915 if (lwbf > c->wbuf_len) 949 if (lwbf > c->wbuf_len)
916 lwbf = c->wbuf_len; 950 lwbf = c->wbuf_len;
917 } 951 }
@@ -923,158 +957,159 @@ exit:
923 return ret; 957 return ret;
924} 958}
925 959
960#define NR_OOB_SCAN_PAGES 4
961
926/* 962/*
927 * Check, if the out of band area is empty 963 * Check, if the out of band area is empty
928 */ 964 */
929int jffs2_check_oob_empty( struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb, int mode) 965int jffs2_check_oob_empty(struct jffs2_sb_info *c,
966 struct jffs2_eraseblock *jeb, int mode)
930{ 967{
931 unsigned char *buf; 968 int i, page, ret;
932 int ret = 0; 969 int oobsize = c->mtd->oobsize;
933 int i,len,page; 970 struct mtd_oob_ops ops;
934 size_t retlen; 971
935 int oob_size; 972 ops.len = NR_OOB_SCAN_PAGES * oobsize;
936 973 ops.ooblen = oobsize;
937 /* allocate a buffer for all oob data in this sector */ 974 ops.oobbuf = c->oobbuf;
938 oob_size = c->mtd->oobsize; 975 ops.ooboffs = 0;
939 len = 4 * oob_size; 976 ops.datbuf = NULL;
940 buf = kmalloc(len, GFP_KERNEL); 977 ops.mode = MTD_OOB_PLACE;
941 if (!buf) { 978
942 printk(KERN_NOTICE "jffs2_check_oob_empty(): allocation of temporary data buffer for oob check failed\n"); 979 ret = c->mtd->read_oob(c->mtd, jeb->offset, &ops);
943 return -ENOMEM;
944 }
945 /*
946 * if mode = 0, we scan for a total empty oob area, else we have
947 * to take care of the cleanmarker in the first page of the block
948 */
949 ret = jffs2_flash_read_oob(c, jeb->offset, len , &retlen, buf);
950 if (ret) { 980 if (ret) {
951 D1(printk(KERN_WARNING "jffs2_check_oob_empty(): Read OOB failed %d for block at %08x\n", ret, jeb->offset)); 981 D1(printk(KERN_WARNING "jffs2_check_oob_empty(): Read OOB "
952 goto out; 982 "failed %d for block at %08x\n", ret, jeb->offset));
983 return ret;
953 } 984 }
954 985
955 if (retlen < len) { 986 if (ops.retlen < ops.len) {
956 D1(printk(KERN_WARNING "jffs2_check_oob_empty(): Read OOB return short read " 987 D1(printk(KERN_WARNING "jffs2_check_oob_empty(): Read OOB "
957 "(%zd bytes not %d) for block at %08x\n", retlen, len, jeb->offset)); 988 "returned short read (%zd bytes not %d) for block "
958 ret = -EIO; 989 "at %08x\n", ops.retlen, ops.len, jeb->offset));
959 goto out; 990 return -EIO;
960 } 991 }
961 992
962 /* Special check for first page */ 993 /* Special check for first page */
963 for(i = 0; i < oob_size ; i++) { 994 for(i = 0; i < oobsize ; i++) {
964 /* Yeah, we know about the cleanmarker. */ 995 /* Yeah, we know about the cleanmarker. */
965 if (mode && i >= c->fsdata_pos && 996 if (mode && i >= c->fsdata_pos &&
966 i < c->fsdata_pos + c->fsdata_len) 997 i < c->fsdata_pos + c->fsdata_len)
967 continue; 998 continue;
968 999
969 if (buf[i] != 0xFF) { 1000 if (ops.oobbuf[i] != 0xFF) {
970 D2(printk(KERN_DEBUG "Found %02x at %x in OOB for %08x\n", 1001 D2(printk(KERN_DEBUG "Found %02x at %x in OOB for "
971 buf[i], i, jeb->offset)); 1002 "%08x\n", ops.oobbuf[i], i, jeb->offset));
972 ret = 1; 1003 return 1;
973 goto out;
974 } 1004 }
975 } 1005 }
976 1006
977 /* we know, we are aligned :) */ 1007 /* we know, we are aligned :) */
978 for (page = oob_size; page < len; page += sizeof(long)) { 1008 for (page = oobsize; page < ops.len; page += sizeof(long)) {
979 unsigned long dat = *(unsigned long *)(&buf[page]); 1009 long dat = *(long *)(&ops.oobbuf[page]);
980 if(dat != -1) { 1010 if(dat != -1)
981 ret = 1; 1011 return 1;
982 goto out;
983 }
984 } 1012 }
985 1013 return 0;
986out:
987 kfree(buf);
988
989 return ret;
990} 1014}
991 1015
992/* 1016/*
993* Scan for a valid cleanmarker and for bad blocks 1017 * Scan for a valid cleanmarker and for bad blocks
994* For virtual blocks (concatenated physical blocks) check the cleanmarker 1018 */
995* only in the first page of the first physical block, but scan for bad blocks in all 1019int jffs2_check_nand_cleanmarker (struct jffs2_sb_info *c,
996* physical blocks 1020 struct jffs2_eraseblock *jeb)
997*/
998int jffs2_check_nand_cleanmarker (struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb)
999{ 1021{
1000 struct jffs2_unknown_node n; 1022 struct jffs2_unknown_node n;
1001 unsigned char buf[2 * NAND_MAX_OOBSIZE]; 1023 struct mtd_oob_ops ops;
1002 unsigned char *p; 1024 int oobsize = c->mtd->oobsize;
1003 int ret, i, cnt, retval = 0; 1025 unsigned char *p,*b;
1004 size_t retlen, offset; 1026 int i, ret;
1005 int oob_size; 1027 size_t offset = jeb->offset;
1006 1028
1007 offset = jeb->offset; 1029 /* Check first if the block is bad. */
1008 oob_size = c->mtd->oobsize; 1030 if (c->mtd->block_isbad(c->mtd, offset)) {
1009 1031 D1 (printk(KERN_WARNING "jffs2_check_nand_cleanmarker()"
1010 /* Loop through the physical blocks */ 1032 ": Bad block at %08x\n", jeb->offset));
1011 for (cnt = 0; cnt < (c->sector_size / c->mtd->erasesize); cnt++) { 1033 return 2;
1012 /* Check first if the block is bad. */ 1034 }
1013 if (c->mtd->block_isbad (c->mtd, offset)) {
1014 D1 (printk (KERN_WARNING "jffs2_check_nand_cleanmarker(): Bad block at %08x\n", jeb->offset));
1015 return 2;
1016 }
1017 /*
1018 * We read oob data from page 0 and 1 of the block.
1019 * page 0 contains cleanmarker and badblock info
1020 * page 1 contains failure count of this block
1021 */
1022 ret = c->mtd->read_oob (c->mtd, offset, oob_size << 1, &retlen, buf);
1023 1035
1024 if (ret) { 1036 ops.len = oobsize;
1025 D1 (printk (KERN_WARNING "jffs2_check_nand_cleanmarker(): Read OOB failed %d for block at %08x\n", ret, jeb->offset)); 1037 ops.ooblen = oobsize;
1026 return ret; 1038 ops.oobbuf = c->oobbuf;
1027 } 1039 ops.ooboffs = 0;
1028 if (retlen < (oob_size << 1)) { 1040 ops.datbuf = NULL;
1029 D1 (printk (KERN_WARNING "jffs2_check_nand_cleanmarker(): Read OOB return short read (%zd bytes not %d) for block at %08x\n", retlen, oob_size << 1, jeb->offset)); 1041 ops.mode = MTD_OOB_PLACE;
1030 return -EIO;
1031 }
1032 1042
1033 /* Check cleanmarker only on the first physical block */ 1043 ret = c->mtd->read_oob(c->mtd, offset, &ops);
1034 if (!cnt) { 1044 if (ret) {
1035 n.magic = cpu_to_je16 (JFFS2_MAGIC_BITMASK); 1045 D1 (printk(KERN_WARNING "jffs2_check_nand_cleanmarker(): "
1036 n.nodetype = cpu_to_je16 (JFFS2_NODETYPE_CLEANMARKER); 1046 "Read OOB failed %d for block at %08x\n",
1037 n.totlen = cpu_to_je32 (8); 1047 ret, jeb->offset));
1038 p = (unsigned char *) &n; 1048 return ret;
1049 }
1039 1050
1040 for (i = 0; i < c->fsdata_len; i++) { 1051 if (ops.retlen < ops.len) {
1041 if (buf[c->fsdata_pos + i] != p[i]) { 1052 D1 (printk (KERN_WARNING "jffs2_check_nand_cleanmarker(): "
1042 retval = 1; 1053 "Read OOB return short read (%zd bytes not %d) "
1043 } 1054 "for block at %08x\n", ops.retlen, ops.len,
1044 } 1055 jeb->offset));
1045 D1(if (retval == 1) { 1056 return -EIO;
1046 printk(KERN_WARNING "jffs2_check_nand_cleanmarker(): Cleanmarker node not detected in block at %08x\n", jeb->offset);
1047 printk(KERN_WARNING "OOB at %08x was ", offset);
1048 for (i=0; i < oob_size; i++) {
1049 printk("%02x ", buf[i]);
1050 }
1051 printk("\n");
1052 })
1053 }
1054 offset += c->mtd->erasesize;
1055 } 1057 }
1056 return retval; 1058
1059 n.magic = cpu_to_je16 (JFFS2_MAGIC_BITMASK);
1060 n.nodetype = cpu_to_je16 (JFFS2_NODETYPE_CLEANMARKER);
1061 n.totlen = cpu_to_je32 (8);
1062 p = (unsigned char *) &n;
1063 b = c->oobbuf + c->fsdata_pos;
1064
1065 for (i = c->fsdata_len; i; i--) {
1066 if (*b++ != *p++)
1067 ret = 1;
1068 }
1069
1070 D1(if (ret == 1) {
1071 printk(KERN_WARNING "jffs2_check_nand_cleanmarker(): "
1072 "Cleanmarker node not detected in block at %08x\n",
1073 offset);
1074 printk(KERN_WARNING "OOB at %08zx was ", offset);
1075 for (i=0; i < oobsize; i++)
1076 printk("%02x ", c->oobbuf[i]);
1077 printk("\n");
1078 });
1079 return ret;
1057} 1080}
1058 1081
1059int jffs2_write_nand_cleanmarker(struct jffs2_sb_info *c, struct jffs2_eraseblock *jeb) 1082int jffs2_write_nand_cleanmarker(struct jffs2_sb_info *c,
1083 struct jffs2_eraseblock *jeb)
1060{ 1084{
1061 struct jffs2_unknown_node n; 1085 struct jffs2_unknown_node n;
1062 int ret; 1086 int ret;
1063 size_t retlen; 1087 struct mtd_oob_ops ops;
1064 1088
1065 n.magic = cpu_to_je16(JFFS2_MAGIC_BITMASK); 1089 n.magic = cpu_to_je16(JFFS2_MAGIC_BITMASK);
1066 n.nodetype = cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER); 1090 n.nodetype = cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER);
1067 n.totlen = cpu_to_je32(8); 1091 n.totlen = cpu_to_je32(8);
1068 1092
1069 ret = jffs2_flash_write_oob(c, jeb->offset + c->fsdata_pos, c->fsdata_len, &retlen, (unsigned char *)&n); 1093 ops.len = c->fsdata_len;
1094 ops.ooblen = c->fsdata_len;;
1095 ops.oobbuf = (uint8_t *)&n;
1096 ops.ooboffs = c->fsdata_pos;
1097 ops.datbuf = NULL;
1098 ops.mode = MTD_OOB_PLACE;
1099
1100 ret = c->mtd->write_oob(c->mtd, jeb->offset, &ops);
1070 1101
1071 if (ret) { 1102 if (ret) {
1072 D1(printk(KERN_WARNING "jffs2_write_nand_cleanmarker(): Write failed for block at %08x: error %d\n", jeb->offset, ret)); 1103 D1(printk(KERN_WARNING "jffs2_write_nand_cleanmarker(): "
1104 "Write failed for block at %08x: error %d\n",
1105 jeb->offset, ret));
1073 return ret; 1106 return ret;
1074 } 1107 }
1075 if (retlen != c->fsdata_len) { 1108 if (ops.retlen != ops.len) {
1076 D1(printk(KERN_WARNING "jffs2_write_nand_cleanmarker(): Short write for block at %08x: %zd not %d\n", jeb->offset, retlen, c->fsdata_len)); 1109 D1(printk(KERN_WARNING "jffs2_write_nand_cleanmarker(): "
1077 return ret; 1110 "Short write for block at %08x: %zd not %d\n",
1111 jeb->offset, ops.retlen, ops.len));
1112 return -EIO;
1078 } 1113 }
1079 return 0; 1114 return 0;
1080} 1115}
@@ -1108,18 +1143,9 @@ int jffs2_write_nand_badblock(struct jffs2_sb_info *c, struct jffs2_eraseblock *
1108 return 1; 1143 return 1;
1109} 1144}
1110 1145
1111#define NAND_JFFS2_OOB16_FSDALEN 8
1112
1113static struct nand_oobinfo jffs2_oobinfo_docecc = {
1114 .useecc = MTD_NANDECC_PLACE,
1115 .eccbytes = 6,
1116 .eccpos = {0,1,2,3,4,5}
1117};
1118
1119
1120static int jffs2_nand_set_oobinfo(struct jffs2_sb_info *c) 1146static int jffs2_nand_set_oobinfo(struct jffs2_sb_info *c)
1121{ 1147{
1122 struct nand_oobinfo *oinfo = &c->mtd->oobinfo; 1148 struct nand_ecclayout *oinfo = c->mtd->ecclayout;
1123 1149
1124 /* Do this only, if we have an oob buffer */ 1150 /* Do this only, if we have an oob buffer */
1125 if (!c->mtd->oobsize) 1151 if (!c->mtd->oobsize)
@@ -1129,33 +1155,23 @@ static int jffs2_nand_set_oobinfo(struct jffs2_sb_info *c)
1129 c->cleanmarker_size = 0; 1155 c->cleanmarker_size = 0;
1130 1156
1131 /* Should we use autoplacement ? */ 1157 /* Should we use autoplacement ? */
1132 if (oinfo && oinfo->useecc == MTD_NANDECC_AUTOPLACE) { 1158 if (!oinfo) {
1133 D1(printk(KERN_DEBUG "JFFS2 using autoplace on NAND\n")); 1159 D1(printk(KERN_DEBUG "JFFS2 on NAND. No autoplacment info found\n"));
1134 /* Get the position of the free bytes */ 1160 return -EINVAL;
1135 if (!oinfo->oobfree[0][1]) { 1161 }
1136 printk (KERN_WARNING "jffs2_nand_set_oobinfo(): Eeep. Autoplacement selected and no empty space in oob\n");
1137 return -ENOSPC;
1138 }
1139 c->fsdata_pos = oinfo->oobfree[0][0];
1140 c->fsdata_len = oinfo->oobfree[0][1];
1141 if (c->fsdata_len > 8)
1142 c->fsdata_len = 8;
1143 } else {
1144 /* This is just a legacy fallback and should go away soon */
1145 switch(c->mtd->ecctype) {
1146 case MTD_ECC_RS_DiskOnChip:
1147 printk(KERN_WARNING "JFFS2 using DiskOnChip hardware ECC without autoplacement. Fix it!\n");
1148 c->oobinfo = &jffs2_oobinfo_docecc;
1149 c->fsdata_pos = 6;
1150 c->fsdata_len = NAND_JFFS2_OOB16_FSDALEN;
1151 c->badblock_pos = 15;
1152 break;
1153 1162
1154 default: 1163 D1(printk(KERN_DEBUG "JFFS2 using autoplace on NAND\n"));
1155 D1(printk(KERN_DEBUG "JFFS2 on NAND. No autoplacment info found\n")); 1164 /* Get the position of the free bytes */
1156 return -EINVAL; 1165 if (!oinfo->oobfree[0].length) {
1157 } 1166 printk (KERN_WARNING "jffs2_nand_set_oobinfo(): Eeep."
1167 " Autoplacement selected and no empty space in oob\n");
1168 return -ENOSPC;
1158 } 1169 }
1170 c->fsdata_pos = oinfo->oobfree[0].offset;
1171 c->fsdata_len = oinfo->oobfree[0].length;
1172 if (c->fsdata_len > 8)
1173 c->fsdata_len = 8;
1174
1159 return 0; 1175 return 0;
1160} 1176}
1161 1177
@@ -1165,13 +1181,17 @@ int jffs2_nand_flash_setup(struct jffs2_sb_info *c)
1165 1181
1166 /* Initialise write buffer */ 1182 /* Initialise write buffer */
1167 init_rwsem(&c->wbuf_sem); 1183 init_rwsem(&c->wbuf_sem);
1168 c->wbuf_pagesize = c->mtd->oobblock; 1184 c->wbuf_pagesize = c->mtd->writesize;
1169 c->wbuf_ofs = 0xFFFFFFFF; 1185 c->wbuf_ofs = 0xFFFFFFFF;
1170 1186
1171 c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL); 1187 c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1172 if (!c->wbuf) 1188 if (!c->wbuf)
1173 return -ENOMEM; 1189 return -ENOMEM;
1174 1190
1191 c->oobbuf = kmalloc(NR_OOB_SCAN_PAGES * c->mtd->oobsize, GFP_KERNEL);
1192 if (!c->oobbuf)
1193 return -ENOMEM;
1194
1175 res = jffs2_nand_set_oobinfo(c); 1195 res = jffs2_nand_set_oobinfo(c);
1176 1196
1177#ifdef BREAKME 1197#ifdef BREAKME
@@ -1189,6 +1209,7 @@ int jffs2_nand_flash_setup(struct jffs2_sb_info *c)
1189void jffs2_nand_flash_cleanup(struct jffs2_sb_info *c) 1209void jffs2_nand_flash_cleanup(struct jffs2_sb_info *c)
1190{ 1210{
1191 kfree(c->wbuf); 1211 kfree(c->wbuf);
1212 kfree(c->oobbuf);
1192} 1213}
1193 1214
1194int jffs2_dataflash_setup(struct jffs2_sb_info *c) { 1215int jffs2_dataflash_setup(struct jffs2_sb_info *c) {
@@ -1236,33 +1257,14 @@ void jffs2_dataflash_cleanup(struct jffs2_sb_info *c) {
1236 kfree(c->wbuf); 1257 kfree(c->wbuf);
1237} 1258}
1238 1259
1239int jffs2_nor_ecc_flash_setup(struct jffs2_sb_info *c) {
1240 /* Cleanmarker is actually larger on the flashes */
1241 c->cleanmarker_size = 16;
1242
1243 /* Initialize write buffer */
1244 init_rwsem(&c->wbuf_sem);
1245 c->wbuf_pagesize = c->mtd->eccsize;
1246 c->wbuf_ofs = 0xFFFFFFFF;
1247
1248 c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
1249 if (!c->wbuf)
1250 return -ENOMEM;
1251
1252 return 0;
1253}
1254
1255void jffs2_nor_ecc_flash_cleanup(struct jffs2_sb_info *c) {
1256 kfree(c->wbuf);
1257}
1258
1259int jffs2_nor_wbuf_flash_setup(struct jffs2_sb_info *c) { 1260int jffs2_nor_wbuf_flash_setup(struct jffs2_sb_info *c) {
1260 /* Cleanmarker currently occupies a whole programming region */ 1261 /* Cleanmarker currently occupies whole programming regions,
1261 c->cleanmarker_size = MTD_PROGREGION_SIZE(c->mtd); 1262 * either one or 2 for 8Byte STMicro flashes. */
1263 c->cleanmarker_size = max(16u, c->mtd->writesize);
1262 1264
1263 /* Initialize write buffer */ 1265 /* Initialize write buffer */
1264 init_rwsem(&c->wbuf_sem); 1266 init_rwsem(&c->wbuf_sem);
1265 c->wbuf_pagesize = MTD_PROGREGION_SIZE(c->mtd); 1267 c->wbuf_pagesize = c->mtd->writesize;
1266 c->wbuf_ofs = 0xFFFFFFFF; 1268 c->wbuf_ofs = 0xFFFFFFFF;
1267 1269
1268 c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL); 1270 c->wbuf = kmalloc(c->wbuf_pagesize, GFP_KERNEL);
diff --git a/fs/jffs2/write.c b/fs/jffs2/write.c
index 1342f0158e9b..67176792e138 100644
--- a/fs/jffs2/write.c
+++ b/fs/jffs2/write.c
@@ -37,7 +37,6 @@ int jffs2_do_new_inode(struct jffs2_sb_info *c, struct jffs2_inode_info *f, uint
37 f->inocache->nodes = (struct jffs2_raw_node_ref *)f->inocache; 37 f->inocache->nodes = (struct jffs2_raw_node_ref *)f->inocache;
38 f->inocache->state = INO_STATE_PRESENT; 38 f->inocache->state = INO_STATE_PRESENT;
39 39
40
41 jffs2_add_ino_cache(c, f->inocache); 40 jffs2_add_ino_cache(c, f->inocache);
42 D1(printk(KERN_DEBUG "jffs2_do_new_inode(): Assigned ino# %d\n", f->inocache->ino)); 41 D1(printk(KERN_DEBUG "jffs2_do_new_inode(): Assigned ino# %d\n", f->inocache->ino));
43 ri->ino = cpu_to_je32(f->inocache->ino); 42 ri->ino = cpu_to_je32(f->inocache->ino);
@@ -57,12 +56,14 @@ int jffs2_do_new_inode(struct jffs2_sb_info *c, struct jffs2_inode_info *f, uint
57/* jffs2_write_dnode - given a raw_inode, allocate a full_dnode for it, 56/* jffs2_write_dnode - given a raw_inode, allocate a full_dnode for it,
58 write it to the flash, link it into the existing inode/fragment list */ 57 write it to the flash, link it into the existing inode/fragment list */
59 58
60struct jffs2_full_dnode *jffs2_write_dnode(struct jffs2_sb_info *c, struct jffs2_inode_info *f, struct jffs2_raw_inode *ri, const unsigned char *data, uint32_t datalen, uint32_t flash_ofs, int alloc_mode) 59struct jffs2_full_dnode *jffs2_write_dnode(struct jffs2_sb_info *c, struct jffs2_inode_info *f,
60 struct jffs2_raw_inode *ri, const unsigned char *data,
61 uint32_t datalen, int alloc_mode)
61 62
62{ 63{
63 struct jffs2_raw_node_ref *raw;
64 struct jffs2_full_dnode *fn; 64 struct jffs2_full_dnode *fn;
65 size_t retlen; 65 size_t retlen;
66 uint32_t flash_ofs;
66 struct kvec vecs[2]; 67 struct kvec vecs[2];
67 int ret; 68 int ret;
68 int retried = 0; 69 int retried = 0;
@@ -78,34 +79,21 @@ struct jffs2_full_dnode *jffs2_write_dnode(struct jffs2_sb_info *c, struct jffs2
78 vecs[1].iov_base = (unsigned char *)data; 79 vecs[1].iov_base = (unsigned char *)data;
79 vecs[1].iov_len = datalen; 80 vecs[1].iov_len = datalen;
80 81
81 jffs2_dbg_prewrite_paranoia_check(c, flash_ofs, vecs[0].iov_len + vecs[1].iov_len);
82
83 if (je32_to_cpu(ri->totlen) != sizeof(*ri) + datalen) { 82 if (je32_to_cpu(ri->totlen) != sizeof(*ri) + datalen) {
84 printk(KERN_WARNING "jffs2_write_dnode: ri->totlen (0x%08x) != sizeof(*ri) (0x%08zx) + datalen (0x%08x)\n", je32_to_cpu(ri->totlen), sizeof(*ri), datalen); 83 printk(KERN_WARNING "jffs2_write_dnode: ri->totlen (0x%08x) != sizeof(*ri) (0x%08zx) + datalen (0x%08x)\n", je32_to_cpu(ri->totlen), sizeof(*ri), datalen);
85 } 84 }
86 raw = jffs2_alloc_raw_node_ref();
87 if (!raw)
88 return ERR_PTR(-ENOMEM);
89 85
90 fn = jffs2_alloc_full_dnode(); 86 fn = jffs2_alloc_full_dnode();
91 if (!fn) { 87 if (!fn)
92 jffs2_free_raw_node_ref(raw);
93 return ERR_PTR(-ENOMEM); 88 return ERR_PTR(-ENOMEM);
94 }
95
96 fn->ofs = je32_to_cpu(ri->offset);
97 fn->size = je32_to_cpu(ri->dsize);
98 fn->frags = 0;
99 89
100 /* check number of valid vecs */ 90 /* check number of valid vecs */
101 if (!datalen || !data) 91 if (!datalen || !data)
102 cnt = 1; 92 cnt = 1;
103 retry: 93 retry:
104 fn->raw = raw; 94 flash_ofs = write_ofs(c);
105 95
106 raw->flash_offset = flash_ofs; 96 jffs2_dbg_prewrite_paranoia_check(c, flash_ofs, vecs[0].iov_len + vecs[1].iov_len);
107 raw->__totlen = PAD(sizeof(*ri)+datalen);
108 raw->next_phys = NULL;
109 97
110 if ((alloc_mode!=ALLOC_GC) && (je32_to_cpu(ri->version) < f->highest_version)) { 98 if ((alloc_mode!=ALLOC_GC) && (je32_to_cpu(ri->version) < f->highest_version)) {
111 BUG_ON(!retried); 99 BUG_ON(!retried);
@@ -125,22 +113,16 @@ struct jffs2_full_dnode *jffs2_write_dnode(struct jffs2_sb_info *c, struct jffs2
125 113
126 /* Mark the space as dirtied */ 114 /* Mark the space as dirtied */
127 if (retlen) { 115 if (retlen) {
128 /* Doesn't belong to any inode */
129 raw->next_in_ino = NULL;
130
131 /* Don't change raw->size to match retlen. We may have 116 /* Don't change raw->size to match retlen. We may have
132 written the node header already, and only the data will 117 written the node header already, and only the data will
133 seem corrupted, in which case the scan would skip over 118 seem corrupted, in which case the scan would skip over
134 any node we write before the original intended end of 119 any node we write before the original intended end of
135 this node */ 120 this node */
136 raw->flash_offset |= REF_OBSOLETE; 121 jffs2_add_physical_node_ref(c, flash_ofs | REF_OBSOLETE, PAD(sizeof(*ri)+datalen), NULL);
137 jffs2_add_physical_node_ref(c, raw);
138 jffs2_mark_node_obsolete(c, raw);
139 } else { 122 } else {
140 printk(KERN_NOTICE "Not marking the space at 0x%08x as dirty because the flash driver returned retlen zero\n", raw->flash_offset); 123 printk(KERN_NOTICE "Not marking the space at 0x%08x as dirty because the flash driver returned retlen zero\n", flash_ofs);
141 jffs2_free_raw_node_ref(raw);
142 } 124 }
143 if (!retried && alloc_mode != ALLOC_NORETRY && (raw = jffs2_alloc_raw_node_ref())) { 125 if (!retried && alloc_mode != ALLOC_NORETRY) {
144 /* Try to reallocate space and retry */ 126 /* Try to reallocate space and retry */
145 uint32_t dummy; 127 uint32_t dummy;
146 struct jffs2_eraseblock *jeb = &c->blocks[flash_ofs / c->sector_size]; 128 struct jffs2_eraseblock *jeb = &c->blocks[flash_ofs / c->sector_size];
@@ -153,19 +135,20 @@ struct jffs2_full_dnode *jffs2_write_dnode(struct jffs2_sb_info *c, struct jffs2
153 jffs2_dbg_acct_paranoia_check(c, jeb); 135 jffs2_dbg_acct_paranoia_check(c, jeb);
154 136
155 if (alloc_mode == ALLOC_GC) { 137 if (alloc_mode == ALLOC_GC) {
156 ret = jffs2_reserve_space_gc(c, sizeof(*ri) + datalen, &flash_ofs, 138 ret = jffs2_reserve_space_gc(c, sizeof(*ri) + datalen, &dummy,
157 &dummy, JFFS2_SUMMARY_INODE_SIZE); 139 JFFS2_SUMMARY_INODE_SIZE);
158 } else { 140 } else {
159 /* Locking pain */ 141 /* Locking pain */
160 up(&f->sem); 142 up(&f->sem);
161 jffs2_complete_reservation(c); 143 jffs2_complete_reservation(c);
162 144
163 ret = jffs2_reserve_space(c, sizeof(*ri) + datalen, &flash_ofs, 145 ret = jffs2_reserve_space(c, sizeof(*ri) + datalen, &dummy,
164 &dummy, alloc_mode, JFFS2_SUMMARY_INODE_SIZE); 146 alloc_mode, JFFS2_SUMMARY_INODE_SIZE);
165 down(&f->sem); 147 down(&f->sem);
166 } 148 }
167 149
168 if (!ret) { 150 if (!ret) {
151 flash_ofs = write_ofs(c);
169 D1(printk(KERN_DEBUG "Allocated space at 0x%08x to retry failed write.\n", flash_ofs)); 152 D1(printk(KERN_DEBUG "Allocated space at 0x%08x to retry failed write.\n", flash_ofs));
170 153
171 jffs2_dbg_acct_sanity_check(c,jeb); 154 jffs2_dbg_acct_sanity_check(c,jeb);
@@ -174,7 +157,6 @@ struct jffs2_full_dnode *jffs2_write_dnode(struct jffs2_sb_info *c, struct jffs2
174 goto retry; 157 goto retry;
175 } 158 }
176 D1(printk(KERN_DEBUG "Failed to allocate space to retry failed write: %d!\n", ret)); 159 D1(printk(KERN_DEBUG "Failed to allocate space to retry failed write: %d!\n", ret));
177 jffs2_free_raw_node_ref(raw);
178 } 160 }
179 /* Release the full_dnode which is now useless, and return */ 161 /* Release the full_dnode which is now useless, and return */
180 jffs2_free_full_dnode(fn); 162 jffs2_free_full_dnode(fn);
@@ -188,20 +170,17 @@ struct jffs2_full_dnode *jffs2_write_dnode(struct jffs2_sb_info *c, struct jffs2
188 if ((je32_to_cpu(ri->dsize) >= PAGE_CACHE_SIZE) || 170 if ((je32_to_cpu(ri->dsize) >= PAGE_CACHE_SIZE) ||
189 ( ((je32_to_cpu(ri->offset)&(PAGE_CACHE_SIZE-1))==0) && 171 ( ((je32_to_cpu(ri->offset)&(PAGE_CACHE_SIZE-1))==0) &&
190 (je32_to_cpu(ri->dsize)+je32_to_cpu(ri->offset) == je32_to_cpu(ri->isize)))) { 172 (je32_to_cpu(ri->dsize)+je32_to_cpu(ri->offset) == je32_to_cpu(ri->isize)))) {
191 raw->flash_offset |= REF_PRISTINE; 173 flash_ofs |= REF_PRISTINE;
192 } else { 174 } else {
193 raw->flash_offset |= REF_NORMAL; 175 flash_ofs |= REF_NORMAL;
194 } 176 }
195 jffs2_add_physical_node_ref(c, raw); 177 fn->raw = jffs2_add_physical_node_ref(c, flash_ofs, PAD(sizeof(*ri)+datalen), f->inocache);
196 178 fn->ofs = je32_to_cpu(ri->offset);
197 /* Link into per-inode list */ 179 fn->size = je32_to_cpu(ri->dsize);
198 spin_lock(&c->erase_completion_lock); 180 fn->frags = 0;
199 raw->next_in_ino = f->inocache->nodes;
200 f->inocache->nodes = raw;
201 spin_unlock(&c->erase_completion_lock);
202 181
203 D1(printk(KERN_DEBUG "jffs2_write_dnode wrote node at 0x%08x(%d) with dsize 0x%x, csize 0x%x, node_crc 0x%08x, data_crc 0x%08x, totlen 0x%08x\n", 182 D1(printk(KERN_DEBUG "jffs2_write_dnode wrote node at 0x%08x(%d) with dsize 0x%x, csize 0x%x, node_crc 0x%08x, data_crc 0x%08x, totlen 0x%08x\n",
204 flash_ofs, ref_flags(raw), je32_to_cpu(ri->dsize), 183 flash_ofs & ~3, flash_ofs & 3, je32_to_cpu(ri->dsize),
205 je32_to_cpu(ri->csize), je32_to_cpu(ri->node_crc), 184 je32_to_cpu(ri->csize), je32_to_cpu(ri->node_crc),
206 je32_to_cpu(ri->data_crc), je32_to_cpu(ri->totlen))); 185 je32_to_cpu(ri->data_crc), je32_to_cpu(ri->totlen)));
207 186
@@ -212,12 +191,14 @@ struct jffs2_full_dnode *jffs2_write_dnode(struct jffs2_sb_info *c, struct jffs2
212 return fn; 191 return fn;
213} 192}
214 193
215struct jffs2_full_dirent *jffs2_write_dirent(struct jffs2_sb_info *c, struct jffs2_inode_info *f, struct jffs2_raw_dirent *rd, const unsigned char *name, uint32_t namelen, uint32_t flash_ofs, int alloc_mode) 194struct jffs2_full_dirent *jffs2_write_dirent(struct jffs2_sb_info *c, struct jffs2_inode_info *f,
195 struct jffs2_raw_dirent *rd, const unsigned char *name,
196 uint32_t namelen, int alloc_mode)
216{ 197{
217 struct jffs2_raw_node_ref *raw;
218 struct jffs2_full_dirent *fd; 198 struct jffs2_full_dirent *fd;
219 size_t retlen; 199 size_t retlen;
220 struct kvec vecs[2]; 200 struct kvec vecs[2];
201 uint32_t flash_ofs;
221 int retried = 0; 202 int retried = 0;
222 int ret; 203 int ret;
223 204
@@ -228,26 +209,16 @@ struct jffs2_full_dirent *jffs2_write_dirent(struct jffs2_sb_info *c, struct jff
228 D1(if(je32_to_cpu(rd->hdr_crc) != crc32(0, rd, sizeof(struct jffs2_unknown_node)-4)) { 209 D1(if(je32_to_cpu(rd->hdr_crc) != crc32(0, rd, sizeof(struct jffs2_unknown_node)-4)) {
229 printk(KERN_CRIT "Eep. CRC not correct in jffs2_write_dirent()\n"); 210 printk(KERN_CRIT "Eep. CRC not correct in jffs2_write_dirent()\n");
230 BUG(); 211 BUG();
231 } 212 });
232 );
233 213
234 vecs[0].iov_base = rd; 214 vecs[0].iov_base = rd;
235 vecs[0].iov_len = sizeof(*rd); 215 vecs[0].iov_len = sizeof(*rd);
236 vecs[1].iov_base = (unsigned char *)name; 216 vecs[1].iov_base = (unsigned char *)name;
237 vecs[1].iov_len = namelen; 217 vecs[1].iov_len = namelen;
238 218
239 jffs2_dbg_prewrite_paranoia_check(c, flash_ofs, vecs[0].iov_len + vecs[1].iov_len);
240
241 raw = jffs2_alloc_raw_node_ref();
242
243 if (!raw)
244 return ERR_PTR(-ENOMEM);
245
246 fd = jffs2_alloc_full_dirent(namelen+1); 219 fd = jffs2_alloc_full_dirent(namelen+1);
247 if (!fd) { 220 if (!fd)
248 jffs2_free_raw_node_ref(raw);
249 return ERR_PTR(-ENOMEM); 221 return ERR_PTR(-ENOMEM);
250 }
251 222
252 fd->version = je32_to_cpu(rd->version); 223 fd->version = je32_to_cpu(rd->version);
253 fd->ino = je32_to_cpu(rd->ino); 224 fd->ino = je32_to_cpu(rd->ino);
@@ -257,11 +228,9 @@ struct jffs2_full_dirent *jffs2_write_dirent(struct jffs2_sb_info *c, struct jff
257 fd->name[namelen]=0; 228 fd->name[namelen]=0;
258 229
259 retry: 230 retry:
260 fd->raw = raw; 231 flash_ofs = write_ofs(c);
261 232
262 raw->flash_offset = flash_ofs; 233 jffs2_dbg_prewrite_paranoia_check(c, flash_ofs, vecs[0].iov_len + vecs[1].iov_len);
263 raw->__totlen = PAD(sizeof(*rd)+namelen);
264 raw->next_phys = NULL;
265 234
266 if ((alloc_mode!=ALLOC_GC) && (je32_to_cpu(rd->version) < f->highest_version)) { 235 if ((alloc_mode!=ALLOC_GC) && (je32_to_cpu(rd->version) < f->highest_version)) {
267 BUG_ON(!retried); 236 BUG_ON(!retried);
@@ -280,15 +249,11 @@ struct jffs2_full_dirent *jffs2_write_dirent(struct jffs2_sb_info *c, struct jff
280 sizeof(*rd)+namelen, flash_ofs, ret, retlen); 249 sizeof(*rd)+namelen, flash_ofs, ret, retlen);
281 /* Mark the space as dirtied */ 250 /* Mark the space as dirtied */
282 if (retlen) { 251 if (retlen) {
283 raw->next_in_ino = NULL; 252 jffs2_add_physical_node_ref(c, flash_ofs | REF_OBSOLETE, PAD(sizeof(*rd)+namelen), NULL);
284 raw->flash_offset |= REF_OBSOLETE;
285 jffs2_add_physical_node_ref(c, raw);
286 jffs2_mark_node_obsolete(c, raw);
287 } else { 253 } else {
288 printk(KERN_NOTICE "Not marking the space at 0x%08x as dirty because the flash driver returned retlen zero\n", raw->flash_offset); 254 printk(KERN_NOTICE "Not marking the space at 0x%08x as dirty because the flash driver returned retlen zero\n", flash_ofs);
289 jffs2_free_raw_node_ref(raw);
290 } 255 }
291 if (!retried && (raw = jffs2_alloc_raw_node_ref())) { 256 if (!retried) {
292 /* Try to reallocate space and retry */ 257 /* Try to reallocate space and retry */
293 uint32_t dummy; 258 uint32_t dummy;
294 struct jffs2_eraseblock *jeb = &c->blocks[flash_ofs / c->sector_size]; 259 struct jffs2_eraseblock *jeb = &c->blocks[flash_ofs / c->sector_size];
@@ -301,39 +266,33 @@ struct jffs2_full_dirent *jffs2_write_dirent(struct jffs2_sb_info *c, struct jff
301 jffs2_dbg_acct_paranoia_check(c, jeb); 266 jffs2_dbg_acct_paranoia_check(c, jeb);
302 267
303 if (alloc_mode == ALLOC_GC) { 268 if (alloc_mode == ALLOC_GC) {
304 ret = jffs2_reserve_space_gc(c, sizeof(*rd) + namelen, &flash_ofs, 269 ret = jffs2_reserve_space_gc(c, sizeof(*rd) + namelen, &dummy,
305 &dummy, JFFS2_SUMMARY_DIRENT_SIZE(namelen)); 270 JFFS2_SUMMARY_DIRENT_SIZE(namelen));
306 } else { 271 } else {
307 /* Locking pain */ 272 /* Locking pain */
308 up(&f->sem); 273 up(&f->sem);
309 jffs2_complete_reservation(c); 274 jffs2_complete_reservation(c);
310 275
311 ret = jffs2_reserve_space(c, sizeof(*rd) + namelen, &flash_ofs, 276 ret = jffs2_reserve_space(c, sizeof(*rd) + namelen, &dummy,
312 &dummy, alloc_mode, JFFS2_SUMMARY_DIRENT_SIZE(namelen)); 277 alloc_mode, JFFS2_SUMMARY_DIRENT_SIZE(namelen));
313 down(&f->sem); 278 down(&f->sem);
314 } 279 }
315 280
316 if (!ret) { 281 if (!ret) {
282 flash_ofs = write_ofs(c);
317 D1(printk(KERN_DEBUG "Allocated space at 0x%08x to retry failed write.\n", flash_ofs)); 283 D1(printk(KERN_DEBUG "Allocated space at 0x%08x to retry failed write.\n", flash_ofs));
318 jffs2_dbg_acct_sanity_check(c,jeb); 284 jffs2_dbg_acct_sanity_check(c,jeb);
319 jffs2_dbg_acct_paranoia_check(c, jeb); 285 jffs2_dbg_acct_paranoia_check(c, jeb);
320 goto retry; 286 goto retry;
321 } 287 }
322 D1(printk(KERN_DEBUG "Failed to allocate space to retry failed write: %d!\n", ret)); 288 D1(printk(KERN_DEBUG "Failed to allocate space to retry failed write: %d!\n", ret));
323 jffs2_free_raw_node_ref(raw);
324 } 289 }
325 /* Release the full_dnode which is now useless, and return */ 290 /* Release the full_dnode which is now useless, and return */
326 jffs2_free_full_dirent(fd); 291 jffs2_free_full_dirent(fd);
327 return ERR_PTR(ret?ret:-EIO); 292 return ERR_PTR(ret?ret:-EIO);
328 } 293 }
329 /* Mark the space used */ 294 /* Mark the space used */
330 raw->flash_offset |= REF_PRISTINE; 295 fd->raw = jffs2_add_physical_node_ref(c, flash_ofs | REF_PRISTINE, PAD(sizeof(*rd)+namelen), f->inocache);
331 jffs2_add_physical_node_ref(c, raw);
332
333 spin_lock(&c->erase_completion_lock);
334 raw->next_in_ino = f->inocache->nodes;
335 f->inocache->nodes = raw;
336 spin_unlock(&c->erase_completion_lock);
337 296
338 if (retried) { 297 if (retried) {
339 jffs2_dbg_acct_sanity_check(c,NULL); 298 jffs2_dbg_acct_sanity_check(c,NULL);
@@ -359,14 +318,14 @@ int jffs2_write_inode_range(struct jffs2_sb_info *c, struct jffs2_inode_info *f,
359 struct jffs2_full_dnode *fn; 318 struct jffs2_full_dnode *fn;
360 unsigned char *comprbuf = NULL; 319 unsigned char *comprbuf = NULL;
361 uint16_t comprtype = JFFS2_COMPR_NONE; 320 uint16_t comprtype = JFFS2_COMPR_NONE;
362 uint32_t phys_ofs, alloclen; 321 uint32_t alloclen;
363 uint32_t datalen, cdatalen; 322 uint32_t datalen, cdatalen;
364 int retried = 0; 323 int retried = 0;
365 324
366 retry: 325 retry:
367 D2(printk(KERN_DEBUG "jffs2_commit_write() loop: 0x%x to write to 0x%x\n", writelen, offset)); 326 D2(printk(KERN_DEBUG "jffs2_commit_write() loop: 0x%x to write to 0x%x\n", writelen, offset));
368 327
369 ret = jffs2_reserve_space(c, sizeof(*ri) + JFFS2_MIN_DATA_LEN, &phys_ofs, 328 ret = jffs2_reserve_space(c, sizeof(*ri) + JFFS2_MIN_DATA_LEN,
370 &alloclen, ALLOC_NORMAL, JFFS2_SUMMARY_INODE_SIZE); 329 &alloclen, ALLOC_NORMAL, JFFS2_SUMMARY_INODE_SIZE);
371 if (ret) { 330 if (ret) {
372 D1(printk(KERN_DEBUG "jffs2_reserve_space returned %d\n", ret)); 331 D1(printk(KERN_DEBUG "jffs2_reserve_space returned %d\n", ret));
@@ -394,7 +353,7 @@ int jffs2_write_inode_range(struct jffs2_sb_info *c, struct jffs2_inode_info *f,
394 ri->node_crc = cpu_to_je32(crc32(0, ri, sizeof(*ri)-8)); 353 ri->node_crc = cpu_to_je32(crc32(0, ri, sizeof(*ri)-8));
395 ri->data_crc = cpu_to_je32(crc32(0, comprbuf, cdatalen)); 354 ri->data_crc = cpu_to_je32(crc32(0, comprbuf, cdatalen));
396 355
397 fn = jffs2_write_dnode(c, f, ri, comprbuf, cdatalen, phys_ofs, ALLOC_NORETRY); 356 fn = jffs2_write_dnode(c, f, ri, comprbuf, cdatalen, ALLOC_NORETRY);
398 357
399 jffs2_free_comprbuf(comprbuf, buf); 358 jffs2_free_comprbuf(comprbuf, buf);
400 359
@@ -448,13 +407,13 @@ int jffs2_do_create(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f, str
448 struct jffs2_raw_dirent *rd; 407 struct jffs2_raw_dirent *rd;
449 struct jffs2_full_dnode *fn; 408 struct jffs2_full_dnode *fn;
450 struct jffs2_full_dirent *fd; 409 struct jffs2_full_dirent *fd;
451 uint32_t alloclen, phys_ofs; 410 uint32_t alloclen;
452 int ret; 411 int ret;
453 412
454 /* Try to reserve enough space for both node and dirent. 413 /* Try to reserve enough space for both node and dirent.
455 * Just the node will do for now, though 414 * Just the node will do for now, though
456 */ 415 */
457 ret = jffs2_reserve_space(c, sizeof(*ri), &phys_ofs, &alloclen, ALLOC_NORMAL, 416 ret = jffs2_reserve_space(c, sizeof(*ri), &alloclen, ALLOC_NORMAL,
458 JFFS2_SUMMARY_INODE_SIZE); 417 JFFS2_SUMMARY_INODE_SIZE);
459 D1(printk(KERN_DEBUG "jffs2_do_create(): reserved 0x%x bytes\n", alloclen)); 418 D1(printk(KERN_DEBUG "jffs2_do_create(): reserved 0x%x bytes\n", alloclen));
460 if (ret) { 419 if (ret) {
@@ -465,7 +424,7 @@ int jffs2_do_create(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f, str
465 ri->data_crc = cpu_to_je32(0); 424 ri->data_crc = cpu_to_je32(0);
466 ri->node_crc = cpu_to_je32(crc32(0, ri, sizeof(*ri)-8)); 425 ri->node_crc = cpu_to_je32(crc32(0, ri, sizeof(*ri)-8));
467 426
468 fn = jffs2_write_dnode(c, f, ri, NULL, 0, phys_ofs, ALLOC_NORMAL); 427 fn = jffs2_write_dnode(c, f, ri, NULL, 0, ALLOC_NORMAL);
469 428
470 D1(printk(KERN_DEBUG "jffs2_do_create created file with mode 0x%x\n", 429 D1(printk(KERN_DEBUG "jffs2_do_create created file with mode 0x%x\n",
471 jemode_to_cpu(ri->mode))); 430 jemode_to_cpu(ri->mode)));
@@ -484,7 +443,7 @@ int jffs2_do_create(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f, str
484 443
485 up(&f->sem); 444 up(&f->sem);
486 jffs2_complete_reservation(c); 445 jffs2_complete_reservation(c);
487 ret = jffs2_reserve_space(c, sizeof(*rd)+namelen, &phys_ofs, &alloclen, 446 ret = jffs2_reserve_space(c, sizeof(*rd)+namelen, &alloclen,
488 ALLOC_NORMAL, JFFS2_SUMMARY_DIRENT_SIZE(namelen)); 447 ALLOC_NORMAL, JFFS2_SUMMARY_DIRENT_SIZE(namelen));
489 448
490 if (ret) { 449 if (ret) {
@@ -516,7 +475,7 @@ int jffs2_do_create(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f, str
516 rd->node_crc = cpu_to_je32(crc32(0, rd, sizeof(*rd)-8)); 475 rd->node_crc = cpu_to_je32(crc32(0, rd, sizeof(*rd)-8));
517 rd->name_crc = cpu_to_je32(crc32(0, name, namelen)); 476 rd->name_crc = cpu_to_je32(crc32(0, name, namelen));
518 477
519 fd = jffs2_write_dirent(c, dir_f, rd, name, namelen, phys_ofs, ALLOC_NORMAL); 478 fd = jffs2_write_dirent(c, dir_f, rd, name, namelen, ALLOC_NORMAL);
520 479
521 jffs2_free_raw_dirent(rd); 480 jffs2_free_raw_dirent(rd);
522 481
@@ -545,7 +504,7 @@ int jffs2_do_unlink(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f,
545{ 504{
546 struct jffs2_raw_dirent *rd; 505 struct jffs2_raw_dirent *rd;
547 struct jffs2_full_dirent *fd; 506 struct jffs2_full_dirent *fd;
548 uint32_t alloclen, phys_ofs; 507 uint32_t alloclen;
549 int ret; 508 int ret;
550 509
551 if (1 /* alternative branch needs testing */ || 510 if (1 /* alternative branch needs testing */ ||
@@ -556,7 +515,7 @@ int jffs2_do_unlink(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f,
556 if (!rd) 515 if (!rd)
557 return -ENOMEM; 516 return -ENOMEM;
558 517
559 ret = jffs2_reserve_space(c, sizeof(*rd)+namelen, &phys_ofs, &alloclen, 518 ret = jffs2_reserve_space(c, sizeof(*rd)+namelen, &alloclen,
560 ALLOC_DELETION, JFFS2_SUMMARY_DIRENT_SIZE(namelen)); 519 ALLOC_DELETION, JFFS2_SUMMARY_DIRENT_SIZE(namelen));
561 if (ret) { 520 if (ret) {
562 jffs2_free_raw_dirent(rd); 521 jffs2_free_raw_dirent(rd);
@@ -580,7 +539,7 @@ int jffs2_do_unlink(struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f,
580 rd->node_crc = cpu_to_je32(crc32(0, rd, sizeof(*rd)-8)); 539 rd->node_crc = cpu_to_je32(crc32(0, rd, sizeof(*rd)-8));
581 rd->name_crc = cpu_to_je32(crc32(0, name, namelen)); 540 rd->name_crc = cpu_to_je32(crc32(0, name, namelen));
582 541
583 fd = jffs2_write_dirent(c, dir_f, rd, name, namelen, phys_ofs, ALLOC_DELETION); 542 fd = jffs2_write_dirent(c, dir_f, rd, name, namelen, ALLOC_DELETION);
584 543
585 jffs2_free_raw_dirent(rd); 544 jffs2_free_raw_dirent(rd);
586 545
@@ -659,14 +618,14 @@ int jffs2_do_link (struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f, uint
659{ 618{
660 struct jffs2_raw_dirent *rd; 619 struct jffs2_raw_dirent *rd;
661 struct jffs2_full_dirent *fd; 620 struct jffs2_full_dirent *fd;
662 uint32_t alloclen, phys_ofs; 621 uint32_t alloclen;
663 int ret; 622 int ret;
664 623
665 rd = jffs2_alloc_raw_dirent(); 624 rd = jffs2_alloc_raw_dirent();
666 if (!rd) 625 if (!rd)
667 return -ENOMEM; 626 return -ENOMEM;
668 627
669 ret = jffs2_reserve_space(c, sizeof(*rd)+namelen, &phys_ofs, &alloclen, 628 ret = jffs2_reserve_space(c, sizeof(*rd)+namelen, &alloclen,
670 ALLOC_NORMAL, JFFS2_SUMMARY_DIRENT_SIZE(namelen)); 629 ALLOC_NORMAL, JFFS2_SUMMARY_DIRENT_SIZE(namelen));
671 if (ret) { 630 if (ret) {
672 jffs2_free_raw_dirent(rd); 631 jffs2_free_raw_dirent(rd);
@@ -692,7 +651,7 @@ int jffs2_do_link (struct jffs2_sb_info *c, struct jffs2_inode_info *dir_f, uint
692 rd->node_crc = cpu_to_je32(crc32(0, rd, sizeof(*rd)-8)); 651 rd->node_crc = cpu_to_je32(crc32(0, rd, sizeof(*rd)-8));
693 rd->name_crc = cpu_to_je32(crc32(0, name, namelen)); 652 rd->name_crc = cpu_to_je32(crc32(0, name, namelen));
694 653
695 fd = jffs2_write_dirent(c, dir_f, rd, name, namelen, phys_ofs, ALLOC_NORMAL); 654 fd = jffs2_write_dirent(c, dir_f, rd, name, namelen, ALLOC_NORMAL);
696 655
697 jffs2_free_raw_dirent(rd); 656 jffs2_free_raw_dirent(rd);
698 657
diff --git a/fs/jffs2/xattr.c b/fs/jffs2/xattr.c
new file mode 100644
index 000000000000..2d82e250be34
--- /dev/null
+++ b/fs/jffs2/xattr.c
@@ -0,0 +1,1238 @@
1/*
2 * JFFS2 -- Journalling Flash File System, Version 2.
3 *
4 * Copyright (C) 2006 NEC Corporation
5 *
6 * Created by KaiGai Kohei <kaigai@ak.jp.nec.com>
7 *
8 * For licensing information, see the file 'LICENCE' in this directory.
9 *
10 */
11#include <linux/kernel.h>
12#include <linux/slab.h>
13#include <linux/fs.h>
14#include <linux/time.h>
15#include <linux/pagemap.h>
16#include <linux/highmem.h>
17#include <linux/crc32.h>
18#include <linux/jffs2.h>
19#include <linux/xattr.h>
20#include <linux/mtd/mtd.h>
21#include "nodelist.h"
22/* -------- xdatum related functions ----------------
23 * xattr_datum_hashkey(xprefix, xname, xvalue, xsize)
24 * is used to calcurate xdatum hashkey. The reminder of hashkey into XATTRINDEX_HASHSIZE is
25 * the index of the xattr name/value pair cache (c->xattrindex).
26 * unload_xattr_datum(c, xd)
27 * is used to release xattr name/value pair and detach from c->xattrindex.
28 * reclaim_xattr_datum(c)
29 * is used to reclaim xattr name/value pairs on the xattr name/value pair cache when
30 * memory usage by cache is over c->xdatum_mem_threshold. Currentry, this threshold
31 * is hard coded as 32KiB.
32 * delete_xattr_datum_node(c, xd)
33 * is used to delete a jffs2 node is dominated by xdatum. When EBS(Erase Block Summary) is
34 * enabled, it overwrites the obsolete node by myself.
35 * delete_xattr_datum(c, xd)
36 * is used to delete jffs2_xattr_datum object. It must be called with 0-value of reference
37 * counter. (It means how many jffs2_xattr_ref object refers this xdatum.)
38 * do_verify_xattr_datum(c, xd)
39 * is used to load the xdatum informations without name/value pair from the medium.
40 * It's necessary once, because those informations are not collected during mounting
41 * process when EBS is enabled.
42 * 0 will be returned, if success. An negative return value means recoverable error, and
43 * positive return value means unrecoverable error. Thus, caller must remove this xdatum
44 * and xref when it returned positive value.
45 * do_load_xattr_datum(c, xd)
46 * is used to load name/value pair from the medium.
47 * The meanings of return value is same as do_verify_xattr_datum().
48 * load_xattr_datum(c, xd)
49 * is used to be as a wrapper of do_verify_xattr_datum() and do_load_xattr_datum().
50 * If xd need to call do_verify_xattr_datum() at first, it's called before calling
51 * do_load_xattr_datum(). The meanings of return value is same as do_verify_xattr_datum().
52 * save_xattr_datum(c, xd)
53 * is used to write xdatum to medium. xd->version will be incremented.
54 * create_xattr_datum(c, xprefix, xname, xvalue, xsize)
55 * is used to create new xdatum and write to medium.
56 * -------------------------------------------------- */
57
58static uint32_t xattr_datum_hashkey(int xprefix, const char *xname, const char *xvalue, int xsize)
59{
60 int name_len = strlen(xname);
61
62 return crc32(xprefix, xname, name_len) ^ crc32(xprefix, xvalue, xsize);
63}
64
65static void unload_xattr_datum(struct jffs2_sb_info *c, struct jffs2_xattr_datum *xd)
66{
67 /* must be called under down_write(xattr_sem) */
68 D1(dbg_xattr("%s: xid=%u, version=%u\n", __FUNCTION__, xd->xid, xd->version));
69 if (xd->xname) {
70 c->xdatum_mem_usage -= (xd->name_len + 1 + xd->value_len);
71 kfree(xd->xname);
72 }
73
74 list_del_init(&xd->xindex);
75 xd->hashkey = 0;
76 xd->xname = NULL;
77 xd->xvalue = NULL;
78}
79
80static void reclaim_xattr_datum(struct jffs2_sb_info *c)
81{
82 /* must be called under down_write(xattr_sem) */
83 struct jffs2_xattr_datum *xd, *_xd;
84 uint32_t target, before;
85 static int index = 0;
86 int count;
87
88 if (c->xdatum_mem_threshold > c->xdatum_mem_usage)
89 return;
90
91 before = c->xdatum_mem_usage;
92 target = c->xdatum_mem_usage * 4 / 5; /* 20% reduction */
93 for (count = 0; count < XATTRINDEX_HASHSIZE; count++) {
94 list_for_each_entry_safe(xd, _xd, &c->xattrindex[index], xindex) {
95 if (xd->flags & JFFS2_XFLAGS_HOT) {
96 xd->flags &= ~JFFS2_XFLAGS_HOT;
97 } else if (!(xd->flags & JFFS2_XFLAGS_BIND)) {
98 unload_xattr_datum(c, xd);
99 }
100 if (c->xdatum_mem_usage <= target)
101 goto out;
102 }
103 index = (index+1) % XATTRINDEX_HASHSIZE;
104 }
105 out:
106 JFFS2_NOTICE("xdatum_mem_usage from %u byte to %u byte (%u byte reclaimed)\n",
107 before, c->xdatum_mem_usage, before - c->xdatum_mem_usage);
108}
109
110static void delete_xattr_datum_node(struct jffs2_sb_info *c, struct jffs2_xattr_datum *xd)
111{
112 /* must be called under down_write(xattr_sem) */
113 struct jffs2_raw_xattr rx;
114 size_t length;
115 int rc;
116
117 if (!xd->node) {
118 JFFS2_WARNING("xdatum (xid=%u) is removed twice.\n", xd->xid);
119 return;
120 }
121 if (jffs2_sum_active()) {
122 memset(&rx, 0xff, sizeof(struct jffs2_raw_xattr));
123 rc = jffs2_flash_read(c, ref_offset(xd->node),
124 sizeof(struct jffs2_unknown_node),
125 &length, (char *)&rx);
126 if (rc || length != sizeof(struct jffs2_unknown_node)) {
127 JFFS2_ERROR("jffs2_flash_read()=%d, req=%zu, read=%zu at %#08x\n",
128 rc, sizeof(struct jffs2_unknown_node),
129 length, ref_offset(xd->node));
130 }
131 rc = jffs2_flash_write(c, ref_offset(xd->node), sizeof(rx),
132 &length, (char *)&rx);
133 if (rc || length != sizeof(struct jffs2_raw_xattr)) {
134 JFFS2_ERROR("jffs2_flash_write()=%d, req=%zu, wrote=%zu ar %#08x\n",
135 rc, sizeof(rx), length, ref_offset(xd->node));
136 }
137 }
138 spin_lock(&c->erase_completion_lock);
139 xd->node->next_in_ino = NULL;
140 spin_unlock(&c->erase_completion_lock);
141 jffs2_mark_node_obsolete(c, xd->node);
142 xd->node = NULL;
143}
144
145static void delete_xattr_datum(struct jffs2_sb_info *c, struct jffs2_xattr_datum *xd)
146{
147 /* must be called under down_write(xattr_sem) */
148 BUG_ON(xd->refcnt);
149
150 unload_xattr_datum(c, xd);
151 if (xd->node) {
152 delete_xattr_datum_node(c, xd);
153 xd->node = NULL;
154 }
155 jffs2_free_xattr_datum(xd);
156}
157
158static int do_verify_xattr_datum(struct jffs2_sb_info *c, struct jffs2_xattr_datum *xd)
159{
160 /* must be called under down_write(xattr_sem) */
161 struct jffs2_eraseblock *jeb;
162 struct jffs2_raw_xattr rx;
163 size_t readlen;
164 uint32_t crc, totlen;
165 int rc;
166
167 BUG_ON(!xd->node);
168 BUG_ON(ref_flags(xd->node) != REF_UNCHECKED);
169
170 rc = jffs2_flash_read(c, ref_offset(xd->node), sizeof(rx), &readlen, (char *)&rx);
171 if (rc || readlen != sizeof(rx)) {
172 JFFS2_WARNING("jffs2_flash_read()=%d, req=%zu, read=%zu at %#08x\n",
173 rc, sizeof(rx), readlen, ref_offset(xd->node));
174 return rc ? rc : -EIO;
175 }
176 crc = crc32(0, &rx, sizeof(rx) - 4);
177 if (crc != je32_to_cpu(rx.node_crc)) {
178 if (je32_to_cpu(rx.node_crc) != 0xffffffff)
179 JFFS2_ERROR("node CRC failed at %#08x, read=%#08x, calc=%#08x\n",
180 ref_offset(xd->node), je32_to_cpu(rx.hdr_crc), crc);
181 return EIO;
182 }
183 totlen = PAD(sizeof(rx) + rx.name_len + 1 + je16_to_cpu(rx.value_len));
184 if (je16_to_cpu(rx.magic) != JFFS2_MAGIC_BITMASK
185 || je16_to_cpu(rx.nodetype) != JFFS2_NODETYPE_XATTR
186 || je32_to_cpu(rx.totlen) != totlen
187 || je32_to_cpu(rx.xid) != xd->xid
188 || je32_to_cpu(rx.version) != xd->version) {
189 JFFS2_ERROR("inconsistent xdatum at %#08x, magic=%#04x/%#04x, "
190 "nodetype=%#04x/%#04x, totlen=%u/%u, xid=%u/%u, version=%u/%u\n",
191 ref_offset(xd->node), je16_to_cpu(rx.magic), JFFS2_MAGIC_BITMASK,
192 je16_to_cpu(rx.nodetype), JFFS2_NODETYPE_XATTR,
193 je32_to_cpu(rx.totlen), totlen,
194 je32_to_cpu(rx.xid), xd->xid,
195 je32_to_cpu(rx.version), xd->version);
196 return EIO;
197 }
198 xd->xprefix = rx.xprefix;
199 xd->name_len = rx.name_len;
200 xd->value_len = je16_to_cpu(rx.value_len);
201 xd->data_crc = je32_to_cpu(rx.data_crc);
202
203 /* This JFFS2_NODETYPE_XATTR node is checked */
204 jeb = &c->blocks[ref_offset(xd->node) / c->sector_size];
205 totlen = PAD(je32_to_cpu(rx.totlen));
206
207 spin_lock(&c->erase_completion_lock);
208 c->unchecked_size -= totlen; c->used_size += totlen;
209 jeb->unchecked_size -= totlen; jeb->used_size += totlen;
210 xd->node->flash_offset = ref_offset(xd->node) | REF_PRISTINE;
211 spin_unlock(&c->erase_completion_lock);
212
213 /* unchecked xdatum is chained with c->xattr_unchecked */
214 list_del_init(&xd->xindex);
215
216 dbg_xattr("success on verfying xdatum (xid=%u, version=%u)\n",
217 xd->xid, xd->version);
218
219 return 0;
220}
221
222static int do_load_xattr_datum(struct jffs2_sb_info *c, struct jffs2_xattr_datum *xd)
223{
224 /* must be called under down_write(xattr_sem) */
225 char *data;
226 size_t readlen;
227 uint32_t crc, length;
228 int i, ret, retry = 0;
229
230 BUG_ON(!xd->node);
231 BUG_ON(ref_flags(xd->node) != REF_PRISTINE);
232 BUG_ON(!list_empty(&xd->xindex));
233 retry:
234 length = xd->name_len + 1 + xd->value_len;
235 data = kmalloc(length, GFP_KERNEL);
236 if (!data)
237 return -ENOMEM;
238
239 ret = jffs2_flash_read(c, ref_offset(xd->node)+sizeof(struct jffs2_raw_xattr),
240 length, &readlen, data);
241
242 if (ret || length!=readlen) {
243 JFFS2_WARNING("jffs2_flash_read() returned %d, request=%d, readlen=%zu, at %#08x\n",
244 ret, length, readlen, ref_offset(xd->node));
245 kfree(data);
246 return ret ? ret : -EIO;
247 }
248
249 data[xd->name_len] = '\0';
250 crc = crc32(0, data, length);
251 if (crc != xd->data_crc) {
252 JFFS2_WARNING("node CRC failed (JFFS2_NODETYPE_XREF)"
253 " at %#08x, read: 0x%08x calculated: 0x%08x\n",
254 ref_offset(xd->node), xd->data_crc, crc);
255 kfree(data);
256 return EIO;
257 }
258
259 xd->flags |= JFFS2_XFLAGS_HOT;
260 xd->xname = data;
261 xd->xvalue = data + xd->name_len+1;
262
263 c->xdatum_mem_usage += length;
264
265 xd->hashkey = xattr_datum_hashkey(xd->xprefix, xd->xname, xd->xvalue, xd->value_len);
266 i = xd->hashkey % XATTRINDEX_HASHSIZE;
267 list_add(&xd->xindex, &c->xattrindex[i]);
268 if (!retry) {
269 retry = 1;
270 reclaim_xattr_datum(c);
271 if (!xd->xname)
272 goto retry;
273 }
274
275 dbg_xattr("success on loading xdatum (xid=%u, xprefix=%u, xname='%s')\n",
276 xd->xid, xd->xprefix, xd->xname);
277
278 return 0;
279}
280
281static int load_xattr_datum(struct jffs2_sb_info *c, struct jffs2_xattr_datum *xd)
282{
283 /* must be called under down_write(xattr_sem);
284 * rc < 0 : recoverable error, try again
285 * rc = 0 : success
286 * rc > 0 : Unrecoverable error, this node should be deleted.
287 */
288 int rc = 0;
289 BUG_ON(xd->xname);
290 if (!xd->node)
291 return EIO;
292 if (unlikely(ref_flags(xd->node) != REF_PRISTINE)) {
293 rc = do_verify_xattr_datum(c, xd);
294 if (rc > 0) {
295 list_del_init(&xd->xindex);
296 delete_xattr_datum_node(c, xd);
297 }
298 }
299 if (!rc)
300 rc = do_load_xattr_datum(c, xd);
301 return rc;
302}
303
304static int save_xattr_datum(struct jffs2_sb_info *c, struct jffs2_xattr_datum *xd)
305{
306 /* must be called under down_write(xattr_sem) */
307 struct jffs2_raw_node_ref *raw;
308 struct jffs2_raw_xattr rx;
309 struct kvec vecs[2];
310 size_t length;
311 int rc, totlen;
312 uint32_t phys_ofs = write_ofs(c);
313
314 BUG_ON(!xd->xname);
315
316 vecs[0].iov_base = &rx;
317 vecs[0].iov_len = PAD(sizeof(rx));
318 vecs[1].iov_base = xd->xname;
319 vecs[1].iov_len = xd->name_len + 1 + xd->value_len;
320 totlen = vecs[0].iov_len + vecs[1].iov_len;
321
322 /* Setup raw-xattr */
323 rx.magic = cpu_to_je16(JFFS2_MAGIC_BITMASK);
324 rx.nodetype = cpu_to_je16(JFFS2_NODETYPE_XATTR);
325 rx.totlen = cpu_to_je32(PAD(totlen));
326 rx.hdr_crc = cpu_to_je32(crc32(0, &rx, sizeof(struct jffs2_unknown_node) - 4));
327
328 rx.xid = cpu_to_je32(xd->xid);
329 rx.version = cpu_to_je32(++xd->version);
330 rx.xprefix = xd->xprefix;
331 rx.name_len = xd->name_len;
332 rx.value_len = cpu_to_je16(xd->value_len);
333 rx.data_crc = cpu_to_je32(crc32(0, vecs[1].iov_base, vecs[1].iov_len));
334 rx.node_crc = cpu_to_je32(crc32(0, &rx, sizeof(struct jffs2_raw_xattr) - 4));
335
336 rc = jffs2_flash_writev(c, vecs, 2, phys_ofs, &length, 0);
337 if (rc || totlen != length) {
338 JFFS2_WARNING("jffs2_flash_writev()=%d, req=%u, wrote=%zu, at %#08x\n",
339 rc, totlen, length, phys_ofs);
340 rc = rc ? rc : -EIO;
341 if (length)
342 jffs2_add_physical_node_ref(c, phys_ofs | REF_OBSOLETE, PAD(totlen), NULL);
343
344 return rc;
345 }
346
347 /* success */
348 raw = jffs2_add_physical_node_ref(c, phys_ofs | REF_PRISTINE, PAD(totlen), NULL);
349 /* FIXME */ raw->next_in_ino = (void *)xd;
350
351 if (xd->node)
352 delete_xattr_datum_node(c, xd);
353 xd->node = raw;
354
355 dbg_xattr("success on saving xdatum (xid=%u, version=%u, xprefix=%u, xname='%s')\n",
356 xd->xid, xd->version, xd->xprefix, xd->xname);
357
358 return 0;
359}
360
361static struct jffs2_xattr_datum *create_xattr_datum(struct jffs2_sb_info *c,
362 int xprefix, const char *xname,
363 const char *xvalue, int xsize)
364{
365 /* must be called under down_write(xattr_sem) */
366 struct jffs2_xattr_datum *xd;
367 uint32_t hashkey, name_len;
368 char *data;
369 int i, rc;
370
371 /* Search xattr_datum has same xname/xvalue by index */
372 hashkey = xattr_datum_hashkey(xprefix, xname, xvalue, xsize);
373 i = hashkey % XATTRINDEX_HASHSIZE;
374 list_for_each_entry(xd, &c->xattrindex[i], xindex) {
375 if (xd->hashkey==hashkey
376 && xd->xprefix==xprefix
377 && xd->value_len==xsize
378 && !strcmp(xd->xname, xname)
379 && !memcmp(xd->xvalue, xvalue, xsize)) {
380 xd->refcnt++;
381 return xd;
382 }
383 }
384
385 /* Not found, Create NEW XATTR-Cache */
386 name_len = strlen(xname);
387
388 xd = jffs2_alloc_xattr_datum();
389 if (!xd)
390 return ERR_PTR(-ENOMEM);
391
392 data = kmalloc(name_len + 1 + xsize, GFP_KERNEL);
393 if (!data) {
394 jffs2_free_xattr_datum(xd);
395 return ERR_PTR(-ENOMEM);
396 }
397 strcpy(data, xname);
398 memcpy(data + name_len + 1, xvalue, xsize);
399
400 xd->refcnt = 1;
401 xd->xid = ++c->highest_xid;
402 xd->flags |= JFFS2_XFLAGS_HOT;
403 xd->xprefix = xprefix;
404
405 xd->hashkey = hashkey;
406 xd->xname = data;
407 xd->xvalue = data + name_len + 1;
408 xd->name_len = name_len;
409 xd->value_len = xsize;
410 xd->data_crc = crc32(0, data, xd->name_len + 1 + xd->value_len);
411
412 rc = save_xattr_datum(c, xd);
413 if (rc) {
414 kfree(xd->xname);
415 jffs2_free_xattr_datum(xd);
416 return ERR_PTR(rc);
417 }
418
419 /* Insert Hash Index */
420 i = hashkey % XATTRINDEX_HASHSIZE;
421 list_add(&xd->xindex, &c->xattrindex[i]);
422
423 c->xdatum_mem_usage += (xd->name_len + 1 + xd->value_len);
424 reclaim_xattr_datum(c);
425
426 return xd;
427}
428
429/* -------- xref related functions ------------------
430 * verify_xattr_ref(c, ref)
431 * is used to load xref information from medium. Because summary data does not
432 * contain xid/ino, it's necessary to verify once while mounting process.
433 * delete_xattr_ref_node(c, ref)
434 * is used to delete a jffs2 node is dominated by xref. When EBS is enabled,
435 * it overwrites the obsolete node by myself.
436 * delete_xattr_ref(c, ref)
437 * is used to delete jffs2_xattr_ref object. If the reference counter of xdatum
438 * is refered by this xref become 0, delete_xattr_datum() is called later.
439 * save_xattr_ref(c, ref)
440 * is used to write xref to medium.
441 * create_xattr_ref(c, ic, xd)
442 * is used to create a new xref and write to medium.
443 * jffs2_xattr_delete_inode(c, ic)
444 * is called to remove xrefs related to obsolete inode when inode is unlinked.
445 * jffs2_xattr_free_inode(c, ic)
446 * is called to release xattr related objects when unmounting.
447 * check_xattr_ref_inode(c, ic)
448 * is used to confirm inode does not have duplicate xattr name/value pair.
449 * -------------------------------------------------- */
450static int verify_xattr_ref(struct jffs2_sb_info *c, struct jffs2_xattr_ref *ref)
451{
452 struct jffs2_eraseblock *jeb;
453 struct jffs2_raw_xref rr;
454 size_t readlen;
455 uint32_t crc, totlen;
456 int rc;
457
458 BUG_ON(ref_flags(ref->node) != REF_UNCHECKED);
459
460 rc = jffs2_flash_read(c, ref_offset(ref->node), sizeof(rr), &readlen, (char *)&rr);
461 if (rc || sizeof(rr) != readlen) {
462 JFFS2_WARNING("jffs2_flash_read()=%d, req=%zu, read=%zu, at %#08x\n",
463 rc, sizeof(rr), readlen, ref_offset(ref->node));
464 return rc ? rc : -EIO;
465 }
466 /* obsolete node */
467 crc = crc32(0, &rr, sizeof(rr) - 4);
468 if (crc != je32_to_cpu(rr.node_crc)) {
469 if (je32_to_cpu(rr.node_crc) != 0xffffffff)
470 JFFS2_ERROR("node CRC failed at %#08x, read=%#08x, calc=%#08x\n",
471 ref_offset(ref->node), je32_to_cpu(rr.node_crc), crc);
472 return EIO;
473 }
474 if (je16_to_cpu(rr.magic) != JFFS2_MAGIC_BITMASK
475 || je16_to_cpu(rr.nodetype) != JFFS2_NODETYPE_XREF
476 || je32_to_cpu(rr.totlen) != PAD(sizeof(rr))) {
477 JFFS2_ERROR("inconsistent xref at %#08x, magic=%#04x/%#04x, "
478 "nodetype=%#04x/%#04x, totlen=%u/%zu\n",
479 ref_offset(ref->node), je16_to_cpu(rr.magic), JFFS2_MAGIC_BITMASK,
480 je16_to_cpu(rr.nodetype), JFFS2_NODETYPE_XREF,
481 je32_to_cpu(rr.totlen), PAD(sizeof(rr)));
482 return EIO;
483 }
484 ref->ino = je32_to_cpu(rr.ino);
485 ref->xid = je32_to_cpu(rr.xid);
486
487 /* fixup superblock/eraseblock info */
488 jeb = &c->blocks[ref_offset(ref->node) / c->sector_size];
489 totlen = PAD(sizeof(rr));
490
491 spin_lock(&c->erase_completion_lock);
492 c->unchecked_size -= totlen; c->used_size += totlen;
493 jeb->unchecked_size -= totlen; jeb->used_size += totlen;
494 ref->node->flash_offset = ref_offset(ref->node) | REF_PRISTINE;
495 spin_unlock(&c->erase_completion_lock);
496
497 dbg_xattr("success on verifying xref (ino=%u, xid=%u) at %#08x\n",
498 ref->ino, ref->xid, ref_offset(ref->node));
499 return 0;
500}
501
502static void delete_xattr_ref_node(struct jffs2_sb_info *c, struct jffs2_xattr_ref *ref)
503{
504 struct jffs2_raw_xref rr;
505 size_t length;
506 int rc;
507
508 if (jffs2_sum_active()) {
509 memset(&rr, 0xff, sizeof(rr));
510 rc = jffs2_flash_read(c, ref_offset(ref->node),
511 sizeof(struct jffs2_unknown_node),
512 &length, (char *)&rr);
513 if (rc || length != sizeof(struct jffs2_unknown_node)) {
514 JFFS2_ERROR("jffs2_flash_read()=%d, req=%zu, read=%zu at %#08x\n",
515 rc, sizeof(struct jffs2_unknown_node),
516 length, ref_offset(ref->node));
517 }
518 rc = jffs2_flash_write(c, ref_offset(ref->node), sizeof(rr),
519 &length, (char *)&rr);
520 if (rc || length != sizeof(struct jffs2_raw_xref)) {
521 JFFS2_ERROR("jffs2_flash_write()=%d, req=%zu, wrote=%zu at %#08x\n",
522 rc, sizeof(rr), length, ref_offset(ref->node));
523 }
524 }
525 spin_lock(&c->erase_completion_lock);
526 ref->node->next_in_ino = NULL;
527 spin_unlock(&c->erase_completion_lock);
528 jffs2_mark_node_obsolete(c, ref->node);
529 ref->node = NULL;
530}
531
532static void delete_xattr_ref(struct jffs2_sb_info *c, struct jffs2_xattr_ref *ref)
533{
534 /* must be called under down_write(xattr_sem) */
535 struct jffs2_xattr_datum *xd;
536
537 BUG_ON(!ref->node);
538 delete_xattr_ref_node(c, ref);
539
540 xd = ref->xd;
541 xd->refcnt--;
542 if (!xd->refcnt)
543 delete_xattr_datum(c, xd);
544 jffs2_free_xattr_ref(ref);
545}
546
547static int save_xattr_ref(struct jffs2_sb_info *c, struct jffs2_xattr_ref *ref)
548{
549 /* must be called under down_write(xattr_sem) */
550 struct jffs2_raw_node_ref *raw;
551 struct jffs2_raw_xref rr;
552 size_t length;
553 uint32_t phys_ofs = write_ofs(c);
554 int ret;
555
556 rr.magic = cpu_to_je16(JFFS2_MAGIC_BITMASK);
557 rr.nodetype = cpu_to_je16(JFFS2_NODETYPE_XREF);
558 rr.totlen = cpu_to_je32(PAD(sizeof(rr)));
559 rr.hdr_crc = cpu_to_je32(crc32(0, &rr, sizeof(struct jffs2_unknown_node) - 4));
560
561 rr.ino = cpu_to_je32(ref->ic->ino);
562 rr.xid = cpu_to_je32(ref->xd->xid);
563 rr.node_crc = cpu_to_je32(crc32(0, &rr, sizeof(rr) - 4));
564
565 ret = jffs2_flash_write(c, phys_ofs, sizeof(rr), &length, (char *)&rr);
566 if (ret || sizeof(rr) != length) {
567 JFFS2_WARNING("jffs2_flash_write() returned %d, request=%zu, retlen=%zu, at %#08x\n",
568 ret, sizeof(rr), length, phys_ofs);
569 ret = ret ? ret : -EIO;
570 if (length)
571 jffs2_add_physical_node_ref(c, phys_ofs | REF_OBSOLETE, PAD(sizeof(rr)), NULL);
572
573 return ret;
574 }
575
576 raw = jffs2_add_physical_node_ref(c, phys_ofs | REF_PRISTINE, PAD(sizeof(rr)), NULL);
577 /* FIXME */ raw->next_in_ino = (void *)ref;
578 if (ref->node)
579 delete_xattr_ref_node(c, ref);
580 ref->node = raw;
581
582 dbg_xattr("success on saving xref (ino=%u, xid=%u)\n", ref->ic->ino, ref->xd->xid);
583
584 return 0;
585}
586
587static struct jffs2_xattr_ref *create_xattr_ref(struct jffs2_sb_info *c, struct jffs2_inode_cache *ic,
588 struct jffs2_xattr_datum *xd)
589{
590 /* must be called under down_write(xattr_sem) */
591 struct jffs2_xattr_ref *ref;
592 int ret;
593
594 ref = jffs2_alloc_xattr_ref();
595 if (!ref)
596 return ERR_PTR(-ENOMEM);
597 ref->ic = ic;
598 ref->xd = xd;
599
600 ret = save_xattr_ref(c, ref);
601 if (ret) {
602 jffs2_free_xattr_ref(ref);
603 return ERR_PTR(ret);
604 }
605
606 /* Chain to inode */
607 ref->next = ic->xref;
608 ic->xref = ref;
609
610 return ref; /* success */
611}
612
613void jffs2_xattr_delete_inode(struct jffs2_sb_info *c, struct jffs2_inode_cache *ic)
614{
615 /* It's called from jffs2_clear_inode() on inode removing.
616 When an inode with XATTR is removed, those XATTRs must be removed. */
617 struct jffs2_xattr_ref *ref, *_ref;
618
619 if (!ic || ic->nlink > 0)
620 return;
621
622 down_write(&c->xattr_sem);
623 for (ref = ic->xref; ref; ref = _ref) {
624 _ref = ref->next;
625 delete_xattr_ref(c, ref);
626 }
627 ic->xref = NULL;
628 up_write(&c->xattr_sem);
629}
630
631void jffs2_xattr_free_inode(struct jffs2_sb_info *c, struct jffs2_inode_cache *ic)
632{
633 /* It's called from jffs2_free_ino_caches() until unmounting FS. */
634 struct jffs2_xattr_datum *xd;
635 struct jffs2_xattr_ref *ref, *_ref;
636
637 down_write(&c->xattr_sem);
638 for (ref = ic->xref; ref; ref = _ref) {
639 _ref = ref->next;
640 xd = ref->xd;
641 xd->refcnt--;
642 if (!xd->refcnt) {
643 unload_xattr_datum(c, xd);
644 jffs2_free_xattr_datum(xd);
645 }
646 jffs2_free_xattr_ref(ref);
647 }
648 ic->xref = NULL;
649 up_write(&c->xattr_sem);
650}
651
652static int check_xattr_ref_inode(struct jffs2_sb_info *c, struct jffs2_inode_cache *ic)
653{
654 /* success of check_xattr_ref_inode() means taht inode (ic) dose not have
655 * duplicate name/value pairs. If duplicate name/value pair would be found,
656 * one will be removed.
657 */
658 struct jffs2_xattr_ref *ref, *cmp, **pref;
659 int rc = 0;
660
661 if (likely(ic->flags & INO_FLAGS_XATTR_CHECKED))
662 return 0;
663 down_write(&c->xattr_sem);
664 retry:
665 rc = 0;
666 for (ref=ic->xref, pref=&ic->xref; ref; pref=&ref->next, ref=ref->next) {
667 if (!ref->xd->xname) {
668 rc = load_xattr_datum(c, ref->xd);
669 if (unlikely(rc > 0)) {
670 *pref = ref->next;
671 delete_xattr_ref(c, ref);
672 goto retry;
673 } else if (unlikely(rc < 0))
674 goto out;
675 }
676 for (cmp=ref->next, pref=&ref->next; cmp; pref=&cmp->next, cmp=cmp->next) {
677 if (!cmp->xd->xname) {
678 ref->xd->flags |= JFFS2_XFLAGS_BIND;
679 rc = load_xattr_datum(c, cmp->xd);
680 ref->xd->flags &= ~JFFS2_XFLAGS_BIND;
681 if (unlikely(rc > 0)) {
682 *pref = cmp->next;
683 delete_xattr_ref(c, cmp);
684 goto retry;
685 } else if (unlikely(rc < 0))
686 goto out;
687 }
688 if (ref->xd->xprefix == cmp->xd->xprefix
689 && !strcmp(ref->xd->xname, cmp->xd->xname)) {
690 *pref = cmp->next;
691 delete_xattr_ref(c, cmp);
692 goto retry;
693 }
694 }
695 }
696 ic->flags |= INO_FLAGS_XATTR_CHECKED;
697 out:
698 up_write(&c->xattr_sem);
699
700 return rc;
701}
702
703/* -------- xattr subsystem functions ---------------
704 * jffs2_init_xattr_subsystem(c)
705 * is used to initialize semaphore and list_head, and some variables.
706 * jffs2_find_xattr_datum(c, xid)
707 * is used to lookup xdatum while scanning process.
708 * jffs2_clear_xattr_subsystem(c)
709 * is used to release any xattr related objects.
710 * jffs2_build_xattr_subsystem(c)
711 * is used to associate xdatum and xref while super block building process.
712 * jffs2_setup_xattr_datum(c, xid, version)
713 * is used to insert xdatum while scanning process.
714 * -------------------------------------------------- */
715void jffs2_init_xattr_subsystem(struct jffs2_sb_info *c)
716{
717 int i;
718
719 for (i=0; i < XATTRINDEX_HASHSIZE; i++)
720 INIT_LIST_HEAD(&c->xattrindex[i]);
721 INIT_LIST_HEAD(&c->xattr_unchecked);
722 c->xref_temp = NULL;
723
724 init_rwsem(&c->xattr_sem);
725 c->xdatum_mem_usage = 0;
726 c->xdatum_mem_threshold = 32 * 1024; /* Default 32KB */
727}
728
729static struct jffs2_xattr_datum *jffs2_find_xattr_datum(struct jffs2_sb_info *c, uint32_t xid)
730{
731 struct jffs2_xattr_datum *xd;
732 int i = xid % XATTRINDEX_HASHSIZE;
733
734 /* It's only used in scanning/building process. */
735 BUG_ON(!(c->flags & (JFFS2_SB_FLAG_SCANNING|JFFS2_SB_FLAG_BUILDING)));
736
737 list_for_each_entry(xd, &c->xattrindex[i], xindex) {
738 if (xd->xid==xid)
739 return xd;
740 }
741 return NULL;
742}
743
744void jffs2_clear_xattr_subsystem(struct jffs2_sb_info *c)
745{
746 struct jffs2_xattr_datum *xd, *_xd;
747 struct jffs2_xattr_ref *ref, *_ref;
748 int i;
749
750 for (ref=c->xref_temp; ref; ref = _ref) {
751 _ref = ref->next;
752 jffs2_free_xattr_ref(ref);
753 }
754 c->xref_temp = NULL;
755
756 for (i=0; i < XATTRINDEX_HASHSIZE; i++) {
757 list_for_each_entry_safe(xd, _xd, &c->xattrindex[i], xindex) {
758 list_del(&xd->xindex);
759 if (xd->xname)
760 kfree(xd->xname);
761 jffs2_free_xattr_datum(xd);
762 }
763 }
764}
765
766void jffs2_build_xattr_subsystem(struct jffs2_sb_info *c)
767{
768 struct jffs2_xattr_ref *ref, *_ref;
769 struct jffs2_xattr_datum *xd, *_xd;
770 struct jffs2_inode_cache *ic;
771 int i, xdatum_count =0, xdatum_unchecked_count = 0, xref_count = 0;
772
773 BUG_ON(!(c->flags & JFFS2_SB_FLAG_BUILDING));
774
775 /* Phase.1 */
776 for (ref=c->xref_temp; ref; ref=_ref) {
777 _ref = ref->next;
778 /* checking REF_UNCHECKED nodes */
779 if (ref_flags(ref->node) != REF_PRISTINE) {
780 if (verify_xattr_ref(c, ref)) {
781 delete_xattr_ref_node(c, ref);
782 jffs2_free_xattr_ref(ref);
783 continue;
784 }
785 }
786 /* At this point, ref->xid and ref->ino contain XID and inode number.
787 ref->xd and ref->ic are not valid yet. */
788 xd = jffs2_find_xattr_datum(c, ref->xid);
789 ic = jffs2_get_ino_cache(c, ref->ino);
790 if (!xd || !ic) {
791 if (ref_flags(ref->node) != REF_UNCHECKED)
792 JFFS2_WARNING("xref(ino=%u, xid=%u) is orphan. \n",
793 ref->ino, ref->xid);
794 delete_xattr_ref_node(c, ref);
795 jffs2_free_xattr_ref(ref);
796 continue;
797 }
798 ref->xd = xd;
799 ref->ic = ic;
800 xd->refcnt++;
801 ref->next = ic->xref;
802 ic->xref = ref;
803 xref_count++;
804 }
805 c->xref_temp = NULL;
806 /* After this, ref->xid/ino are NEVER used. */
807
808 /* Phase.2 */
809 for (i=0; i < XATTRINDEX_HASHSIZE; i++) {
810 list_for_each_entry_safe(xd, _xd, &c->xattrindex[i], xindex) {
811 list_del_init(&xd->xindex);
812 if (!xd->refcnt) {
813 if (ref_flags(xd->node) != REF_UNCHECKED)
814 JFFS2_WARNING("orphan xdatum(xid=%u, version=%u) at %#08x\n",
815 xd->xid, xd->version, ref_offset(xd->node));
816 delete_xattr_datum(c, xd);
817 continue;
818 }
819 if (ref_flags(xd->node) != REF_PRISTINE) {
820 dbg_xattr("unchecked xdatum(xid=%u) at %#08x\n",
821 xd->xid, ref_offset(xd->node));
822 list_add(&xd->xindex, &c->xattr_unchecked);
823 xdatum_unchecked_count++;
824 }
825 xdatum_count++;
826 }
827 }
828 /* build complete */
829 JFFS2_NOTICE("complete building xattr subsystem, %u of xdatum (%u unchecked) and "
830 "%u of xref found.\n", xdatum_count, xdatum_unchecked_count, xref_count);
831}
832
833struct jffs2_xattr_datum *jffs2_setup_xattr_datum(struct jffs2_sb_info *c,
834 uint32_t xid, uint32_t version)
835{
836 struct jffs2_xattr_datum *xd, *_xd;
837
838 _xd = jffs2_find_xattr_datum(c, xid);
839 if (_xd) {
840 dbg_xattr("duplicate xdatum (xid=%u, version=%u/%u) at %#08x\n",
841 xid, version, _xd->version, ref_offset(_xd->node));
842 if (version < _xd->version)
843 return ERR_PTR(-EEXIST);
844 }
845 xd = jffs2_alloc_xattr_datum();
846 if (!xd)
847 return ERR_PTR(-ENOMEM);
848 xd->xid = xid;
849 xd->version = version;
850 if (xd->xid > c->highest_xid)
851 c->highest_xid = xd->xid;
852 list_add_tail(&xd->xindex, &c->xattrindex[xid % XATTRINDEX_HASHSIZE]);
853
854 if (_xd) {
855 list_del_init(&_xd->xindex);
856 delete_xattr_datum_node(c, _xd);
857 jffs2_free_xattr_datum(_xd);
858 }
859 return xd;
860}
861
862/* -------- xattr subsystem functions ---------------
863 * xprefix_to_handler(xprefix)
864 * is used to translate xprefix into xattr_handler.
865 * jffs2_listxattr(dentry, buffer, size)
866 * is an implementation of listxattr handler on jffs2.
867 * do_jffs2_getxattr(inode, xprefix, xname, buffer, size)
868 * is an implementation of getxattr handler on jffs2.
869 * do_jffs2_setxattr(inode, xprefix, xname, buffer, size, flags)
870 * is an implementation of setxattr handler on jffs2.
871 * -------------------------------------------------- */
872struct xattr_handler *jffs2_xattr_handlers[] = {
873 &jffs2_user_xattr_handler,
874#ifdef CONFIG_JFFS2_FS_SECURITY
875 &jffs2_security_xattr_handler,
876#endif
877#ifdef CONFIG_JFFS2_FS_POSIX_ACL
878 &jffs2_acl_access_xattr_handler,
879 &jffs2_acl_default_xattr_handler,
880#endif
881 &jffs2_trusted_xattr_handler,
882 NULL
883};
884
885static struct xattr_handler *xprefix_to_handler(int xprefix) {
886 struct xattr_handler *ret;
887
888 switch (xprefix) {
889 case JFFS2_XPREFIX_USER:
890 ret = &jffs2_user_xattr_handler;
891 break;
892#ifdef CONFIG_JFFS2_FS_SECURITY
893 case JFFS2_XPREFIX_SECURITY:
894 ret = &jffs2_security_xattr_handler;
895 break;
896#endif
897#ifdef CONFIG_JFFS2_FS_POSIX_ACL
898 case JFFS2_XPREFIX_ACL_ACCESS:
899 ret = &jffs2_acl_access_xattr_handler;
900 break;
901 case JFFS2_XPREFIX_ACL_DEFAULT:
902 ret = &jffs2_acl_default_xattr_handler;
903 break;
904#endif
905 case JFFS2_XPREFIX_TRUSTED:
906 ret = &jffs2_trusted_xattr_handler;
907 break;
908 default:
909 ret = NULL;
910 break;
911 }
912 return ret;
913}
914
915ssize_t jffs2_listxattr(struct dentry *dentry, char *buffer, size_t size)
916{
917 struct inode *inode = dentry->d_inode;
918 struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode);
919 struct jffs2_sb_info *c = JFFS2_SB_INFO(inode->i_sb);
920 struct jffs2_inode_cache *ic = f->inocache;
921 struct jffs2_xattr_ref *ref, **pref;
922 struct jffs2_xattr_datum *xd;
923 struct xattr_handler *xhandle;
924 ssize_t len, rc;
925 int retry = 0;
926
927 rc = check_xattr_ref_inode(c, ic);
928 if (unlikely(rc))
929 return rc;
930
931 down_read(&c->xattr_sem);
932 retry:
933 len = 0;
934 for (ref=ic->xref, pref=&ic->xref; ref; pref=&ref->next, ref=ref->next) {
935 BUG_ON(ref->ic != ic);
936 xd = ref->xd;
937 if (!xd->xname) {
938 /* xdatum is unchached */
939 if (!retry) {
940 retry = 1;
941 up_read(&c->xattr_sem);
942 down_write(&c->xattr_sem);
943 goto retry;
944 } else {
945 rc = load_xattr_datum(c, xd);
946 if (unlikely(rc > 0)) {
947 *pref = ref->next;
948 delete_xattr_ref(c, ref);
949 goto retry;
950 } else if (unlikely(rc < 0))
951 goto out;
952 }
953 }
954 xhandle = xprefix_to_handler(xd->xprefix);
955 if (!xhandle)
956 continue;
957 if (buffer) {
958 rc = xhandle->list(inode, buffer+len, size-len, xd->xname, xd->name_len);
959 } else {
960 rc = xhandle->list(inode, NULL, 0, xd->xname, xd->name_len);
961 }
962 if (rc < 0)
963 goto out;
964 len += rc;
965 }
966 rc = len;
967 out:
968 if (!retry) {
969 up_read(&c->xattr_sem);
970 } else {
971 up_write(&c->xattr_sem);
972 }
973 return rc;
974}
975
976int do_jffs2_getxattr(struct inode *inode, int xprefix, const char *xname,
977 char *buffer, size_t size)
978{
979 struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode);
980 struct jffs2_sb_info *c = JFFS2_SB_INFO(inode->i_sb);
981 struct jffs2_inode_cache *ic = f->inocache;
982 struct jffs2_xattr_datum *xd;
983 struct jffs2_xattr_ref *ref, **pref;
984 int rc, retry = 0;
985
986 rc = check_xattr_ref_inode(c, ic);
987 if (unlikely(rc))
988 return rc;
989
990 down_read(&c->xattr_sem);
991 retry:
992 for (ref=ic->xref, pref=&ic->xref; ref; pref=&ref->next, ref=ref->next) {
993 BUG_ON(ref->ic!=ic);
994
995 xd = ref->xd;
996 if (xd->xprefix != xprefix)
997 continue;
998 if (!xd->xname) {
999 /* xdatum is unchached */
1000 if (!retry) {
1001 retry = 1;
1002 up_read(&c->xattr_sem);
1003 down_write(&c->xattr_sem);
1004 goto retry;
1005 } else {
1006 rc = load_xattr_datum(c, xd);
1007 if (unlikely(rc > 0)) {
1008 *pref = ref->next;
1009 delete_xattr_ref(c, ref);
1010 goto retry;
1011 } else if (unlikely(rc < 0)) {
1012 goto out;
1013 }
1014 }
1015 }
1016 if (!strcmp(xname, xd->xname)) {
1017 rc = xd->value_len;
1018 if (buffer) {
1019 if (size < rc) {
1020 rc = -ERANGE;
1021 } else {
1022 memcpy(buffer, xd->xvalue, rc);
1023 }
1024 }
1025 goto out;
1026 }
1027 }
1028 rc = -ENODATA;
1029 out:
1030 if (!retry) {
1031 up_read(&c->xattr_sem);
1032 } else {
1033 up_write(&c->xattr_sem);
1034 }
1035 return rc;
1036}
1037
1038int do_jffs2_setxattr(struct inode *inode, int xprefix, const char *xname,
1039 const char *buffer, size_t size, int flags)
1040{
1041 struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode);
1042 struct jffs2_sb_info *c = JFFS2_SB_INFO(inode->i_sb);
1043 struct jffs2_inode_cache *ic = f->inocache;
1044 struct jffs2_xattr_datum *xd;
1045 struct jffs2_xattr_ref *ref, *newref, **pref;
1046 uint32_t length, request;
1047 int rc;
1048
1049 rc = check_xattr_ref_inode(c, ic);
1050 if (unlikely(rc))
1051 return rc;
1052
1053 request = PAD(sizeof(struct jffs2_raw_xattr) + strlen(xname) + 1 + size);
1054 rc = jffs2_reserve_space(c, request, &length,
1055 ALLOC_NORMAL, JFFS2_SUMMARY_XATTR_SIZE);
1056 if (rc) {
1057 JFFS2_WARNING("jffs2_reserve_space()=%d, request=%u\n", rc, request);
1058 return rc;
1059 }
1060
1061 /* Find existing xattr */
1062 down_write(&c->xattr_sem);
1063 retry:
1064 for (ref=ic->xref, pref=&ic->xref; ref; pref=&ref->next, ref=ref->next) {
1065 xd = ref->xd;
1066 if (xd->xprefix != xprefix)
1067 continue;
1068 if (!xd->xname) {
1069 rc = load_xattr_datum(c, xd);
1070 if (unlikely(rc > 0)) {
1071 *pref = ref->next;
1072 delete_xattr_ref(c, ref);
1073 goto retry;
1074 } else if (unlikely(rc < 0))
1075 goto out;
1076 }
1077 if (!strcmp(xd->xname, xname)) {
1078 if (flags & XATTR_CREATE) {
1079 rc = -EEXIST;
1080 goto out;
1081 }
1082 if (!buffer) {
1083 *pref = ref->next;
1084 delete_xattr_ref(c, ref);
1085 rc = 0;
1086 goto out;
1087 }
1088 goto found;
1089 }
1090 }
1091 /* not found */
1092 if (flags & XATTR_REPLACE) {
1093 rc = -ENODATA;
1094 goto out;
1095 }
1096 if (!buffer) {
1097 rc = -EINVAL;
1098 goto out;
1099 }
1100 found:
1101 xd = create_xattr_datum(c, xprefix, xname, buffer, size);
1102 if (IS_ERR(xd)) {
1103 rc = PTR_ERR(xd);
1104 goto out;
1105 }
1106 up_write(&c->xattr_sem);
1107 jffs2_complete_reservation(c);
1108
1109 /* create xattr_ref */
1110 request = PAD(sizeof(struct jffs2_raw_xref));
1111 rc = jffs2_reserve_space(c, request, &length,
1112 ALLOC_NORMAL, JFFS2_SUMMARY_XREF_SIZE);
1113 if (rc) {
1114 JFFS2_WARNING("jffs2_reserve_space()=%d, request=%u\n", rc, request);
1115 down_write(&c->xattr_sem);
1116 xd->refcnt--;
1117 if (!xd->refcnt)
1118 delete_xattr_datum(c, xd);
1119 up_write(&c->xattr_sem);
1120 return rc;
1121 }
1122 down_write(&c->xattr_sem);
1123 if (ref)
1124 *pref = ref->next;
1125 newref = create_xattr_ref(c, ic, xd);
1126 if (IS_ERR(newref)) {
1127 if (ref) {
1128 ref->next = ic->xref;
1129 ic->xref = ref;
1130 }
1131 rc = PTR_ERR(newref);
1132 xd->refcnt--;
1133 if (!xd->refcnt)
1134 delete_xattr_datum(c, xd);
1135 } else if (ref) {
1136 delete_xattr_ref(c, ref);
1137 }
1138 out:
1139 up_write(&c->xattr_sem);
1140 jffs2_complete_reservation(c);
1141 return rc;
1142}
1143
1144/* -------- garbage collector functions -------------
1145 * jffs2_garbage_collect_xattr_datum(c, xd)
1146 * is used to move xdatum into new node.
1147 * jffs2_garbage_collect_xattr_ref(c, ref)
1148 * is used to move xref into new node.
1149 * jffs2_verify_xattr(c)
1150 * is used to call do_verify_xattr_datum() before garbage collecting.
1151 * -------------------------------------------------- */
1152int jffs2_garbage_collect_xattr_datum(struct jffs2_sb_info *c, struct jffs2_xattr_datum *xd)
1153{
1154 uint32_t totlen, length, old_ofs;
1155 int rc = -EINVAL;
1156
1157 down_write(&c->xattr_sem);
1158 BUG_ON(!xd->node);
1159
1160 old_ofs = ref_offset(xd->node);
1161 totlen = ref_totlen(c, c->gcblock, xd->node);
1162 if (totlen < sizeof(struct jffs2_raw_xattr))
1163 goto out;
1164
1165 if (!xd->xname) {
1166 rc = load_xattr_datum(c, xd);
1167 if (unlikely(rc > 0)) {
1168 delete_xattr_datum_node(c, xd);
1169 rc = 0;
1170 goto out;
1171 } else if (unlikely(rc < 0))
1172 goto out;
1173 }
1174 rc = jffs2_reserve_space_gc(c, totlen, &length, JFFS2_SUMMARY_XATTR_SIZE);
1175 if (rc || length < totlen) {
1176 JFFS2_WARNING("jffs2_reserve_space()=%d, request=%u\n", rc, totlen);
1177 rc = rc ? rc : -EBADFD;
1178 goto out;
1179 }
1180 rc = save_xattr_datum(c, xd);
1181 if (!rc)
1182 dbg_xattr("xdatum (xid=%u, version=%u) GC'ed from %#08x to %08x\n",
1183 xd->xid, xd->version, old_ofs, ref_offset(xd->node));
1184 out:
1185 up_write(&c->xattr_sem);
1186 return rc;
1187}
1188
1189
1190int jffs2_garbage_collect_xattr_ref(struct jffs2_sb_info *c, struct jffs2_xattr_ref *ref)
1191{
1192 uint32_t totlen, length, old_ofs;
1193 int rc = -EINVAL;
1194
1195 down_write(&c->xattr_sem);
1196 BUG_ON(!ref->node);
1197
1198 old_ofs = ref_offset(ref->node);
1199 totlen = ref_totlen(c, c->gcblock, ref->node);
1200 if (totlen != sizeof(struct jffs2_raw_xref))
1201 goto out;
1202
1203 rc = jffs2_reserve_space_gc(c, totlen, &length, JFFS2_SUMMARY_XREF_SIZE);
1204 if (rc || length < totlen) {
1205 JFFS2_WARNING("%s: jffs2_reserve_space() = %d, request = %u\n",
1206 __FUNCTION__, rc, totlen);
1207 rc = rc ? rc : -EBADFD;
1208 goto out;
1209 }
1210 rc = save_xattr_ref(c, ref);
1211 if (!rc)
1212 dbg_xattr("xref (ino=%u, xid=%u) GC'ed from %#08x to %08x\n",
1213 ref->ic->ino, ref->xd->xid, old_ofs, ref_offset(ref->node));
1214 out:
1215 up_write(&c->xattr_sem);
1216 return rc;
1217}
1218
1219int jffs2_verify_xattr(struct jffs2_sb_info *c)
1220{
1221 struct jffs2_xattr_datum *xd, *_xd;
1222 int rc;
1223
1224 down_write(&c->xattr_sem);
1225 list_for_each_entry_safe(xd, _xd, &c->xattr_unchecked, xindex) {
1226 rc = do_verify_xattr_datum(c, xd);
1227 if (rc == 0) {
1228 list_del_init(&xd->xindex);
1229 break;
1230 } else if (rc > 0) {
1231 list_del_init(&xd->xindex);
1232 delete_xattr_datum_node(c, xd);
1233 }
1234 }
1235 up_write(&c->xattr_sem);
1236
1237 return list_empty(&c->xattr_unchecked) ? 1 : 0;
1238}
diff --git a/fs/jffs2/xattr.h b/fs/jffs2/xattr.h
new file mode 100644
index 000000000000..2c199856c582
--- /dev/null
+++ b/fs/jffs2/xattr.h
@@ -0,0 +1,116 @@
1/*
2 * JFFS2 -- Journalling Flash File System, Version 2.
3 *
4 * Copyright (C) 2006 NEC Corporation
5 *
6 * Created by KaiGai Kohei <kaigai@ak.jp.nec.com>
7 *
8 * For licensing information, see the file 'LICENCE' in this directory.
9 *
10 */
11#ifndef _JFFS2_FS_XATTR_H_
12#define _JFFS2_FS_XATTR_H_
13
14#include <linux/xattr.h>
15#include <linux/list.h>
16
17#define JFFS2_XFLAGS_HOT (0x01) /* This datum is HOT */
18#define JFFS2_XFLAGS_BIND (0x02) /* This datum is not reclaimed */
19
20struct jffs2_xattr_datum
21{
22 void *always_null;
23 struct jffs2_raw_node_ref *node;
24 uint8_t class;
25 uint8_t flags;
26 uint16_t xprefix; /* see JFFS2_XATTR_PREFIX_* */
27
28 struct list_head xindex; /* chained from c->xattrindex[n] */
29 uint32_t refcnt; /* # of xattr_ref refers this */
30 uint32_t xid;
31 uint32_t version;
32
33 uint32_t data_crc;
34 uint32_t hashkey;
35 char *xname; /* XATTR name without prefix */
36 uint32_t name_len; /* length of xname */
37 char *xvalue; /* XATTR value */
38 uint32_t value_len; /* length of xvalue */
39};
40
41struct jffs2_inode_cache;
42struct jffs2_xattr_ref
43{
44 void *always_null;
45 struct jffs2_raw_node_ref *node;
46 uint8_t class;
47 uint8_t flags; /* Currently unused */
48 u16 unused;
49
50 union {
51 struct jffs2_inode_cache *ic; /* reference to jffs2_inode_cache */
52 uint32_t ino; /* only used in scanning/building */
53 };
54 union {
55 struct jffs2_xattr_datum *xd; /* reference to jffs2_xattr_datum */
56 uint32_t xid; /* only used in sccanning/building */
57 };
58 struct jffs2_xattr_ref *next; /* chained from ic->xref_list */
59};
60
61#ifdef CONFIG_JFFS2_FS_XATTR
62
63extern void jffs2_init_xattr_subsystem(struct jffs2_sb_info *c);
64extern void jffs2_build_xattr_subsystem(struct jffs2_sb_info *c);
65extern void jffs2_clear_xattr_subsystem(struct jffs2_sb_info *c);
66
67extern struct jffs2_xattr_datum *jffs2_setup_xattr_datum(struct jffs2_sb_info *c,
68 uint32_t xid, uint32_t version);
69
70extern void jffs2_xattr_delete_inode(struct jffs2_sb_info *c, struct jffs2_inode_cache *ic);
71extern void jffs2_xattr_free_inode(struct jffs2_sb_info *c, struct jffs2_inode_cache *ic);
72
73extern int jffs2_garbage_collect_xattr_datum(struct jffs2_sb_info *c, struct jffs2_xattr_datum *xd);
74extern int jffs2_garbage_collect_xattr_ref(struct jffs2_sb_info *c, struct jffs2_xattr_ref *ref);
75extern int jffs2_verify_xattr(struct jffs2_sb_info *c);
76
77extern int do_jffs2_getxattr(struct inode *inode, int xprefix, const char *xname,
78 char *buffer, size_t size);
79extern int do_jffs2_setxattr(struct inode *inode, int xprefix, const char *xname,
80 const char *buffer, size_t size, int flags);
81
82extern struct xattr_handler *jffs2_xattr_handlers[];
83extern struct xattr_handler jffs2_user_xattr_handler;
84extern struct xattr_handler jffs2_trusted_xattr_handler;
85
86extern ssize_t jffs2_listxattr(struct dentry *, char *, size_t);
87#define jffs2_getxattr generic_getxattr
88#define jffs2_setxattr generic_setxattr
89#define jffs2_removexattr generic_removexattr
90
91#else
92
93#define jffs2_init_xattr_subsystem(c)
94#define jffs2_build_xattr_subsystem(c)
95#define jffs2_clear_xattr_subsystem(c)
96
97#define jffs2_xattr_delete_inode(c, ic)
98#define jffs2_xattr_free_inode(c, ic)
99#define jffs2_verify_xattr(c) (1)
100
101#define jffs2_xattr_handlers NULL
102#define jffs2_listxattr NULL
103#define jffs2_getxattr NULL
104#define jffs2_setxattr NULL
105#define jffs2_removexattr NULL
106
107#endif /* CONFIG_JFFS2_FS_XATTR */
108
109#ifdef CONFIG_JFFS2_FS_SECURITY
110extern int jffs2_init_security(struct inode *inode, struct inode *dir);
111extern struct xattr_handler jffs2_security_xattr_handler;
112#else
113#define jffs2_init_security(inode,dir) (0)
114#endif /* CONFIG_JFFS2_FS_SECURITY */
115
116#endif /* _JFFS2_FS_XATTR_H_ */
diff --git a/fs/jffs2/xattr_trusted.c b/fs/jffs2/xattr_trusted.c
new file mode 100644
index 000000000000..ed046e19dbfa
--- /dev/null
+++ b/fs/jffs2/xattr_trusted.c
@@ -0,0 +1,52 @@
1/*
2 * JFFS2 -- Journalling Flash File System, Version 2.
3 *
4 * Copyright (C) 2006 NEC Corporation
5 *
6 * Created by KaiGai Kohei <kaigai@ak.jp.nec.com>
7 *
8 * For licensing information, see the file 'LICENCE' in this directory.
9 *
10 */
11#include <linux/kernel.h>
12#include <linux/fs.h>
13#include <linux/jffs2.h>
14#include <linux/xattr.h>
15#include <linux/mtd/mtd.h>
16#include "nodelist.h"
17
18static int jffs2_trusted_getxattr(struct inode *inode, const char *name,
19 void *buffer, size_t size)
20{
21 if (!strcmp(name, ""))
22 return -EINVAL;
23 return do_jffs2_getxattr(inode, JFFS2_XPREFIX_TRUSTED, name, buffer, size);
24}
25
26static int jffs2_trusted_setxattr(struct inode *inode, const char *name, const void *buffer,
27 size_t size, int flags)
28{
29 if (!strcmp(name, ""))
30 return -EINVAL;
31 return do_jffs2_setxattr(inode, JFFS2_XPREFIX_TRUSTED, name, buffer, size, flags);
32}
33
34static size_t jffs2_trusted_listxattr(struct inode *inode, char *list, size_t list_size,
35 const char *name, size_t name_len)
36{
37 size_t retlen = XATTR_TRUSTED_PREFIX_LEN + name_len + 1;
38
39 if (list && retlen<=list_size) {
40 strcpy(list, XATTR_TRUSTED_PREFIX);
41 strcpy(list + XATTR_TRUSTED_PREFIX_LEN, name);
42 }
43
44 return retlen;
45}
46
47struct xattr_handler jffs2_trusted_xattr_handler = {
48 .prefix = XATTR_TRUSTED_PREFIX,
49 .list = jffs2_trusted_listxattr,
50 .set = jffs2_trusted_setxattr,
51 .get = jffs2_trusted_getxattr
52};
diff --git a/fs/jffs2/xattr_user.c b/fs/jffs2/xattr_user.c
new file mode 100644
index 000000000000..2f8e9aa01ea0
--- /dev/null
+++ b/fs/jffs2/xattr_user.c
@@ -0,0 +1,52 @@
1/*
2 * JFFS2 -- Journalling Flash File System, Version 2.
3 *
4 * Copyright (C) 2006 NEC Corporation
5 *
6 * Created by KaiGai Kohei <kaigai@ak.jp.nec.com>
7 *
8 * For licensing information, see the file 'LICENCE' in this directory.
9 *
10 */
11#include <linux/kernel.h>
12#include <linux/fs.h>
13#include <linux/jffs2.h>
14#include <linux/xattr.h>
15#include <linux/mtd/mtd.h>
16#include "nodelist.h"
17
18static int jffs2_user_getxattr(struct inode *inode, const char *name,
19 void *buffer, size_t size)
20{
21 if (!strcmp(name, ""))
22 return -EINVAL;
23 return do_jffs2_getxattr(inode, JFFS2_XPREFIX_USER, name, buffer, size);
24}
25
26static int jffs2_user_setxattr(struct inode *inode, const char *name, const void *buffer,
27 size_t size, int flags)
28{
29 if (!strcmp(name, ""))
30 return -EINVAL;
31 return do_jffs2_setxattr(inode, JFFS2_XPREFIX_USER, name, buffer, size, flags);
32}
33
34static size_t jffs2_user_listxattr(struct inode *inode, char *list, size_t list_size,
35 const char *name, size_t name_len)
36{
37 size_t retlen = XATTR_USER_PREFIX_LEN + name_len + 1;
38
39 if (list && retlen <= list_size) {
40 strcpy(list, XATTR_USER_PREFIX);
41 strcpy(list + XATTR_USER_PREFIX_LEN, name);
42 }
43
44 return retlen;
45}
46
47struct xattr_handler jffs2_user_xattr_handler = {
48 .prefix = XATTR_USER_PREFIX,
49 .list = jffs2_user_listxattr,
50 .set = jffs2_user_setxattr,
51 .get = jffs2_user_getxattr
52};
diff --git a/fs/jfs/jfs_metapage.c b/fs/jfs/jfs_metapage.c
index f28696f235c4..2b220dd6b4e7 100644
--- a/fs/jfs/jfs_metapage.c
+++ b/fs/jfs/jfs_metapage.c
@@ -542,7 +542,7 @@ add_failed:
542static int metapage_releasepage(struct page *page, gfp_t gfp_mask) 542static int metapage_releasepage(struct page *page, gfp_t gfp_mask)
543{ 543{
544 struct metapage *mp; 544 struct metapage *mp;
545 int busy = 0; 545 int ret = 1;
546 unsigned int offset; 546 unsigned int offset;
547 547
548 for (offset = 0; offset < PAGE_CACHE_SIZE; offset += PSIZE) { 548 for (offset = 0; offset < PAGE_CACHE_SIZE; offset += PSIZE) {
@@ -552,30 +552,20 @@ static int metapage_releasepage(struct page *page, gfp_t gfp_mask)
552 continue; 552 continue;
553 553
554 jfs_info("metapage_releasepage: mp = 0x%p", mp); 554 jfs_info("metapage_releasepage: mp = 0x%p", mp);
555 if (mp->count || mp->nohomeok) { 555 if (mp->count || mp->nohomeok ||
556 test_bit(META_dirty, &mp->flag)) {
556 jfs_info("count = %ld, nohomeok = %d", mp->count, 557 jfs_info("count = %ld, nohomeok = %d", mp->count,
557 mp->nohomeok); 558 mp->nohomeok);
558 busy = 1; 559 ret = 0;
559 continue; 560 continue;
560 } 561 }
561 wait_on_page_writeback(page);
562 //WARN_ON(test_bit(META_dirty, &mp->flag));
563 if (test_bit(META_dirty, &mp->flag)) {
564 dump_mem("dirty mp in metapage_releasepage", mp,
565 sizeof(struct metapage));
566 dump_mem("page", page, sizeof(struct page));
567 dump_stack();
568 }
569 if (mp->lsn) 562 if (mp->lsn)
570 remove_from_logsync(mp); 563 remove_from_logsync(mp);
571 remove_metapage(page, mp); 564 remove_metapage(page, mp);
572 INCREMENT(mpStat.pagefree); 565 INCREMENT(mpStat.pagefree);
573 free_metapage(mp); 566 free_metapage(mp);
574 } 567 }
575 if (busy) 568 return ret;
576 return -1;
577
578 return 0;
579} 569}
580 570
581static void metapage_invalidatepage(struct page *page, unsigned long offset) 571static void metapage_invalidatepage(struct page *page, unsigned long offset)
diff --git a/fs/locks.c b/fs/locks.c
index efad798824dc..ab61a8b54829 100644
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -446,15 +446,14 @@ static struct lock_manager_operations lease_manager_ops = {
446 */ 446 */
447static int lease_init(struct file *filp, int type, struct file_lock *fl) 447static int lease_init(struct file *filp, int type, struct file_lock *fl)
448 { 448 {
449 if (assign_type(fl, type) != 0)
450 return -EINVAL;
451
449 fl->fl_owner = current->files; 452 fl->fl_owner = current->files;
450 fl->fl_pid = current->tgid; 453 fl->fl_pid = current->tgid;
451 454
452 fl->fl_file = filp; 455 fl->fl_file = filp;
453 fl->fl_flags = FL_LEASE; 456 fl->fl_flags = FL_LEASE;
454 if (assign_type(fl, type) != 0) {
455 locks_free_lock(fl);
456 return -EINVAL;
457 }
458 fl->fl_start = 0; 457 fl->fl_start = 0;
459 fl->fl_end = OFFSET_MAX; 458 fl->fl_end = OFFSET_MAX;
460 fl->fl_ops = NULL; 459 fl->fl_ops = NULL;
@@ -466,16 +465,19 @@ static int lease_init(struct file *filp, int type, struct file_lock *fl)
466static int lease_alloc(struct file *filp, int type, struct file_lock **flp) 465static int lease_alloc(struct file *filp, int type, struct file_lock **flp)
467{ 466{
468 struct file_lock *fl = locks_alloc_lock(); 467 struct file_lock *fl = locks_alloc_lock();
469 int error; 468 int error = -ENOMEM;
470 469
471 if (fl == NULL) 470 if (fl == NULL)
472 return -ENOMEM; 471 goto out;
473 472
474 error = lease_init(filp, type, fl); 473 error = lease_init(filp, type, fl);
475 if (error) 474 if (error) {
476 return error; 475 locks_free_lock(fl);
476 fl = NULL;
477 }
478out:
477 *flp = fl; 479 *flp = fl;
478 return 0; 480 return error;
479} 481}
480 482
481/* Check if two locks overlap each other. 483/* Check if two locks overlap each other.
@@ -753,6 +755,7 @@ static int flock_lock_file(struct file *filp, struct file_lock *request)
753 if (request->fl_type == F_UNLCK) 755 if (request->fl_type == F_UNLCK)
754 goto out; 756 goto out;
755 757
758 error = -ENOMEM;
756 new_fl = locks_alloc_lock(); 759 new_fl = locks_alloc_lock();
757 if (new_fl == NULL) 760 if (new_fl == NULL)
758 goto out; 761 goto out;
@@ -779,6 +782,7 @@ static int flock_lock_file(struct file *filp, struct file_lock *request)
779 locks_copy_lock(new_fl, request); 782 locks_copy_lock(new_fl, request);
780 locks_insert_lock(&inode->i_flock, new_fl); 783 locks_insert_lock(&inode->i_flock, new_fl);
781 new_fl = NULL; 784 new_fl = NULL;
785 error = 0;
782 786
783out: 787out:
784 unlock_kernel(); 788 unlock_kernel();
@@ -1372,6 +1376,7 @@ static int __setlease(struct file *filp, long arg, struct file_lock **flp)
1372 goto out; 1376 goto out;
1373 1377
1374 if (my_before != NULL) { 1378 if (my_before != NULL) {
1379 *flp = *my_before;
1375 error = lease->fl_lmops->fl_change(my_before, arg); 1380 error = lease->fl_lmops->fl_change(my_before, arg);
1376 goto out; 1381 goto out;
1377 } 1382 }
diff --git a/fs/namei.c b/fs/namei.c
index 96723ae83c89..d6e2ee251736 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1080,8 +1080,8 @@ static int fastcall do_path_lookup(int dfd, const char *name,
1080 nd->flags = flags; 1080 nd->flags = flags;
1081 nd->depth = 0; 1081 nd->depth = 0;
1082 1082
1083 read_lock(&current->fs->lock);
1084 if (*name=='/') { 1083 if (*name=='/') {
1084 read_lock(&current->fs->lock);
1085 if (current->fs->altroot && !(nd->flags & LOOKUP_NOALT)) { 1085 if (current->fs->altroot && !(nd->flags & LOOKUP_NOALT)) {
1086 nd->mnt = mntget(current->fs->altrootmnt); 1086 nd->mnt = mntget(current->fs->altrootmnt);
1087 nd->dentry = dget(current->fs->altroot); 1087 nd->dentry = dget(current->fs->altroot);
@@ -1092,33 +1092,35 @@ static int fastcall do_path_lookup(int dfd, const char *name,
1092 } 1092 }
1093 nd->mnt = mntget(current->fs->rootmnt); 1093 nd->mnt = mntget(current->fs->rootmnt);
1094 nd->dentry = dget(current->fs->root); 1094 nd->dentry = dget(current->fs->root);
1095 read_unlock(&current->fs->lock);
1095 } else if (dfd == AT_FDCWD) { 1096 } else if (dfd == AT_FDCWD) {
1097 read_lock(&current->fs->lock);
1096 nd->mnt = mntget(current->fs->pwdmnt); 1098 nd->mnt = mntget(current->fs->pwdmnt);
1097 nd->dentry = dget(current->fs->pwd); 1099 nd->dentry = dget(current->fs->pwd);
1100 read_unlock(&current->fs->lock);
1098 } else { 1101 } else {
1099 struct dentry *dentry; 1102 struct dentry *dentry;
1100 1103
1101 file = fget_light(dfd, &fput_needed); 1104 file = fget_light(dfd, &fput_needed);
1102 retval = -EBADF; 1105 retval = -EBADF;
1103 if (!file) 1106 if (!file)
1104 goto unlock_fail; 1107 goto out_fail;
1105 1108
1106 dentry = file->f_dentry; 1109 dentry = file->f_dentry;
1107 1110
1108 retval = -ENOTDIR; 1111 retval = -ENOTDIR;
1109 if (!S_ISDIR(dentry->d_inode->i_mode)) 1112 if (!S_ISDIR(dentry->d_inode->i_mode))
1110 goto fput_unlock_fail; 1113 goto fput_fail;
1111 1114
1112 retval = file_permission(file, MAY_EXEC); 1115 retval = file_permission(file, MAY_EXEC);
1113 if (retval) 1116 if (retval)
1114 goto fput_unlock_fail; 1117 goto fput_fail;
1115 1118
1116 nd->mnt = mntget(file->f_vfsmnt); 1119 nd->mnt = mntget(file->f_vfsmnt);
1117 nd->dentry = dget(dentry); 1120 nd->dentry = dget(dentry);
1118 1121
1119 fput_light(file, fput_needed); 1122 fput_light(file, fput_needed);
1120 } 1123 }
1121 read_unlock(&current->fs->lock);
1122 current->total_link_count = 0; 1124 current->total_link_count = 0;
1123 retval = link_path_walk(name, nd); 1125 retval = link_path_walk(name, nd);
1124out: 1126out:
@@ -1127,13 +1129,12 @@ out:
1127 nd->dentry->d_inode)) 1129 nd->dentry->d_inode))
1128 audit_inode(name, nd->dentry->d_inode, flags); 1130 audit_inode(name, nd->dentry->d_inode, flags);
1129 } 1131 }
1132out_fail:
1130 return retval; 1133 return retval;
1131 1134
1132fput_unlock_fail: 1135fput_fail:
1133 fput_light(file, fput_needed); 1136 fput_light(file, fput_needed);
1134unlock_fail: 1137 goto out_fail;
1135 read_unlock(&current->fs->lock);
1136 return retval;
1137} 1138}
1138 1139
1139int fastcall path_lookup(const char *name, unsigned int flags, 1140int fastcall path_lookup(const char *name, unsigned int flags,
diff --git a/fs/namespace.c b/fs/namespace.c
index 2c5f1f80bdc2..bf478addb852 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -899,13 +899,11 @@ static int do_change_type(struct nameidata *nd, int flag)
899/* 899/*
900 * do loopback mount. 900 * do loopback mount.
901 */ 901 */
902static int do_loopback(struct nameidata *nd, char *old_name, unsigned long flags, int mnt_flags) 902static int do_loopback(struct nameidata *nd, char *old_name, int recurse)
903{ 903{
904 struct nameidata old_nd; 904 struct nameidata old_nd;
905 struct vfsmount *mnt = NULL; 905 struct vfsmount *mnt = NULL;
906 int recurse = flags & MS_REC;
907 int err = mount_is_safe(nd); 906 int err = mount_is_safe(nd);
908
909 if (err) 907 if (err)
910 return err; 908 return err;
911 if (!old_name || !*old_name) 909 if (!old_name || !*old_name)
@@ -939,7 +937,6 @@ static int do_loopback(struct nameidata *nd, char *old_name, unsigned long flags
939 spin_unlock(&vfsmount_lock); 937 spin_unlock(&vfsmount_lock);
940 release_mounts(&umount_list); 938 release_mounts(&umount_list);
941 } 939 }
942 mnt->mnt_flags = mnt_flags;
943 940
944out: 941out:
945 up_write(&namespace_sem); 942 up_write(&namespace_sem);
@@ -1353,7 +1350,7 @@ long do_mount(char *dev_name, char *dir_name, char *type_page,
1353 retval = do_remount(&nd, flags & ~MS_REMOUNT, mnt_flags, 1350 retval = do_remount(&nd, flags & ~MS_REMOUNT, mnt_flags,
1354 data_page); 1351 data_page);
1355 else if (flags & MS_BIND) 1352 else if (flags & MS_BIND)
1356 retval = do_loopback(&nd, dev_name, flags, mnt_flags); 1353 retval = do_loopback(&nd, dev_name, flags & MS_REC);
1357 else if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE | MS_UNBINDABLE)) 1354 else if (flags & (MS_SHARED | MS_PRIVATE | MS_SLAVE | MS_UNBINDABLE))
1358 retval = do_change_type(&nd, flags); 1355 retval = do_change_type(&nd, flags);
1359 else if (flags & MS_MOVE) 1356 else if (flags & MS_MOVE)
diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c
index 4e0578121d9a..3eec30000f3f 100644
--- a/fs/nfsd/export.c
+++ b/fs/nfsd/export.c
@@ -1066,9 +1066,11 @@ exp_pseudoroot(struct auth_domain *clp, struct svc_fh *fhp,
1066 rv = nfserr_perm; 1066 rv = nfserr_perm;
1067 else if (IS_ERR(exp)) 1067 else if (IS_ERR(exp))
1068 rv = nfserrno(PTR_ERR(exp)); 1068 rv = nfserrno(PTR_ERR(exp));
1069 else 1069 else {
1070 rv = fh_compose(fhp, exp, 1070 rv = fh_compose(fhp, exp,
1071 fsid_key->ek_dentry, NULL); 1071 fsid_key->ek_dentry, NULL);
1072 exp_put(exp);
1073 }
1072 cache_put(&fsid_key->h, &svc_expkey_cache); 1074 cache_put(&fsid_key->h, &svc_expkey_cache);
1073 return rv; 1075 return rv;
1074} 1076}
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
index 6aa92d0e6876..1d65f13f458c 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
@@ -1922,11 +1922,10 @@ nfsd_set_posix_acl(struct svc_fh *fhp, int type, struct posix_acl *acl)
1922 value = kmalloc(size, GFP_KERNEL); 1922 value = kmalloc(size, GFP_KERNEL);
1923 if (!value) 1923 if (!value)
1924 return -ENOMEM; 1924 return -ENOMEM;
1925 size = posix_acl_to_xattr(acl, value, size); 1925 error = posix_acl_to_xattr(acl, value, size);
1926 if (size < 0) { 1926 if (error < 0)
1927 error = size;
1928 goto getout; 1927 goto getout;
1929 } 1928 size = error;
1930 } else 1929 } else
1931 size = 0; 1930 size = 0;
1932 1931
diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c
index 0d858d0b25be..47152bf9a7f2 100644
--- a/fs/ocfs2/aops.c
+++ b/fs/ocfs2/aops.c
@@ -276,13 +276,29 @@ static int ocfs2_writepage(struct page *page, struct writeback_control *wbc)
276 return ret; 276 return ret;
277} 277}
278 278
279/* This can also be called from ocfs2_write_zero_page() which has done
280 * it's own cluster locking. */
281int ocfs2_prepare_write_nolock(struct inode *inode, struct page *page,
282 unsigned from, unsigned to)
283{
284 int ret;
285
286 down_read(&OCFS2_I(inode)->ip_alloc_sem);
287
288 ret = block_prepare_write(page, from, to, ocfs2_get_block);
289
290 up_read(&OCFS2_I(inode)->ip_alloc_sem);
291
292 return ret;
293}
294
279/* 295/*
280 * ocfs2_prepare_write() can be an outer-most ocfs2 call when it is called 296 * ocfs2_prepare_write() can be an outer-most ocfs2 call when it is called
281 * from loopback. It must be able to perform its own locking around 297 * from loopback. It must be able to perform its own locking around
282 * ocfs2_get_block(). 298 * ocfs2_get_block().
283 */ 299 */
284int ocfs2_prepare_write(struct file *file, struct page *page, 300static int ocfs2_prepare_write(struct file *file, struct page *page,
285 unsigned from, unsigned to) 301 unsigned from, unsigned to)
286{ 302{
287 struct inode *inode = page->mapping->host; 303 struct inode *inode = page->mapping->host;
288 int ret; 304 int ret;
@@ -295,11 +311,7 @@ int ocfs2_prepare_write(struct file *file, struct page *page,
295 goto out; 311 goto out;
296 } 312 }
297 313
298 down_read(&OCFS2_I(inode)->ip_alloc_sem); 314 ret = ocfs2_prepare_write_nolock(inode, page, from, to);
299
300 ret = block_prepare_write(page, from, to, ocfs2_get_block);
301
302 up_read(&OCFS2_I(inode)->ip_alloc_sem);
303 315
304 ocfs2_meta_unlock(inode, 0); 316 ocfs2_meta_unlock(inode, 0);
305out: 317out:
@@ -625,11 +637,31 @@ static ssize_t ocfs2_direct_IO(int rw,
625 int ret; 637 int ret;
626 638
627 mlog_entry_void(); 639 mlog_entry_void();
640
641 /*
642 * We get PR data locks even for O_DIRECT. This allows
643 * concurrent O_DIRECT I/O but doesn't let O_DIRECT with
644 * extending and buffered zeroing writes race. If they did
645 * race then the buffered zeroing could be written back after
646 * the O_DIRECT I/O. It's one thing to tell people not to mix
647 * buffered and O_DIRECT writes, but expecting them to
648 * understand that file extension is also an implicit buffered
649 * write is too much. By getting the PR we force writeback of
650 * the buffered zeroing before proceeding.
651 */
652 ret = ocfs2_data_lock(inode, 0);
653 if (ret < 0) {
654 mlog_errno(ret);
655 goto out;
656 }
657 ocfs2_data_unlock(inode, 0);
658
628 ret = blockdev_direct_IO_no_locking(rw, iocb, inode, 659 ret = blockdev_direct_IO_no_locking(rw, iocb, inode,
629 inode->i_sb->s_bdev, iov, offset, 660 inode->i_sb->s_bdev, iov, offset,
630 nr_segs, 661 nr_segs,
631 ocfs2_direct_IO_get_blocks, 662 ocfs2_direct_IO_get_blocks,
632 ocfs2_dio_end_io); 663 ocfs2_dio_end_io);
664out:
633 mlog_exit(ret); 665 mlog_exit(ret);
634 return ret; 666 return ret;
635} 667}
diff --git a/fs/ocfs2/aops.h b/fs/ocfs2/aops.h
index d40456d509a0..e88c3f0b8fa9 100644
--- a/fs/ocfs2/aops.h
+++ b/fs/ocfs2/aops.h
@@ -22,8 +22,8 @@
22#ifndef OCFS2_AOPS_H 22#ifndef OCFS2_AOPS_H
23#define OCFS2_AOPS_H 23#define OCFS2_AOPS_H
24 24
25int ocfs2_prepare_write(struct file *file, struct page *page, 25int ocfs2_prepare_write_nolock(struct inode *inode, struct page *page,
26 unsigned from, unsigned to); 26 unsigned from, unsigned to);
27 27
28struct ocfs2_journal_handle *ocfs2_start_walk_page_trans(struct inode *inode, 28struct ocfs2_journal_handle *ocfs2_start_walk_page_trans(struct inode *inode,
29 struct page *page, 29 struct page *page,
diff --git a/fs/ocfs2/extent_map.c b/fs/ocfs2/extent_map.c
index 4601fc256f11..1a5c69071df6 100644
--- a/fs/ocfs2/extent_map.c
+++ b/fs/ocfs2/extent_map.c
@@ -569,7 +569,7 @@ static int ocfs2_extent_map_insert(struct inode *inode,
569 569
570 ret = -ENOMEM; 570 ret = -ENOMEM;
571 ctxt.new_ent = kmem_cache_alloc(ocfs2_em_ent_cachep, 571 ctxt.new_ent = kmem_cache_alloc(ocfs2_em_ent_cachep,
572 GFP_KERNEL); 572 GFP_NOFS);
573 if (!ctxt.new_ent) { 573 if (!ctxt.new_ent) {
574 mlog_errno(ret); 574 mlog_errno(ret);
575 return ret; 575 return ret;
@@ -583,14 +583,14 @@ static int ocfs2_extent_map_insert(struct inode *inode,
583 if (ctxt.need_left && !ctxt.left_ent) { 583 if (ctxt.need_left && !ctxt.left_ent) {
584 ctxt.left_ent = 584 ctxt.left_ent =
585 kmem_cache_alloc(ocfs2_em_ent_cachep, 585 kmem_cache_alloc(ocfs2_em_ent_cachep,
586 GFP_KERNEL); 586 GFP_NOFS);
587 if (!ctxt.left_ent) 587 if (!ctxt.left_ent)
588 break; 588 break;
589 } 589 }
590 if (ctxt.need_right && !ctxt.right_ent) { 590 if (ctxt.need_right && !ctxt.right_ent) {
591 ctxt.right_ent = 591 ctxt.right_ent =
592 kmem_cache_alloc(ocfs2_em_ent_cachep, 592 kmem_cache_alloc(ocfs2_em_ent_cachep,
593 GFP_KERNEL); 593 GFP_NOFS);
594 if (!ctxt.right_ent) 594 if (!ctxt.right_ent)
595 break; 595 break;
596 } 596 }
diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
index 581eb451a41a..a9559c874530 100644
--- a/fs/ocfs2/file.c
+++ b/fs/ocfs2/file.c
@@ -613,7 +613,8 @@ leave:
613 613
614/* Some parts of this taken from generic_cont_expand, which turned out 614/* Some parts of this taken from generic_cont_expand, which turned out
615 * to be too fragile to do exactly what we need without us having to 615 * to be too fragile to do exactly what we need without us having to
616 * worry about recursive locking in ->commit_write(). */ 616 * worry about recursive locking in ->prepare_write() and
617 * ->commit_write(). */
617static int ocfs2_write_zero_page(struct inode *inode, 618static int ocfs2_write_zero_page(struct inode *inode,
618 u64 size) 619 u64 size)
619{ 620{
@@ -641,7 +642,7 @@ static int ocfs2_write_zero_page(struct inode *inode,
641 goto out; 642 goto out;
642 } 643 }
643 644
644 ret = ocfs2_prepare_write(NULL, page, offset, offset); 645 ret = ocfs2_prepare_write_nolock(inode, page, offset, offset);
645 if (ret < 0) { 646 if (ret < 0) {
646 mlog_errno(ret); 647 mlog_errno(ret);
647 goto out_unlock; 648 goto out_unlock;
@@ -695,13 +696,26 @@ out:
695 return ret; 696 return ret;
696} 697}
697 698
699/*
700 * A tail_to_skip value > 0 indicates that we're being called from
701 * ocfs2_file_aio_write(). This has the following implications:
702 *
703 * - we don't want to update i_size
704 * - di_bh will be NULL, which is fine because it's only used in the
705 * case where we want to update i_size.
706 * - ocfs2_zero_extend() will then only be filling the hole created
707 * between i_size and the start of the write.
708 */
698static int ocfs2_extend_file(struct inode *inode, 709static int ocfs2_extend_file(struct inode *inode,
699 struct buffer_head *di_bh, 710 struct buffer_head *di_bh,
700 u64 new_i_size) 711 u64 new_i_size,
712 size_t tail_to_skip)
701{ 713{
702 int ret = 0; 714 int ret = 0;
703 u32 clusters_to_add; 715 u32 clusters_to_add;
704 716
717 BUG_ON(!tail_to_skip && !di_bh);
718
705 /* setattr sometimes calls us like this. */ 719 /* setattr sometimes calls us like this. */
706 if (new_i_size == 0) 720 if (new_i_size == 0)
707 goto out; 721 goto out;
@@ -714,27 +728,44 @@ static int ocfs2_extend_file(struct inode *inode,
714 OCFS2_I(inode)->ip_clusters; 728 OCFS2_I(inode)->ip_clusters;
715 729
716 if (clusters_to_add) { 730 if (clusters_to_add) {
717 ret = ocfs2_extend_allocation(inode, clusters_to_add); 731 /*
732 * protect the pages that ocfs2_zero_extend is going to
733 * be pulling into the page cache.. we do this before the
734 * metadata extend so that we don't get into the situation
735 * where we've extended the metadata but can't get the data
736 * lock to zero.
737 */
738 ret = ocfs2_data_lock(inode, 1);
718 if (ret < 0) { 739 if (ret < 0) {
719 mlog_errno(ret); 740 mlog_errno(ret);
720 goto out; 741 goto out;
721 } 742 }
722 743
723 ret = ocfs2_zero_extend(inode, new_i_size); 744 ret = ocfs2_extend_allocation(inode, clusters_to_add);
724 if (ret < 0) { 745 if (ret < 0) {
725 mlog_errno(ret); 746 mlog_errno(ret);
726 goto out; 747 goto out_unlock;
727 } 748 }
728 }
729 749
730 /* No allocation required, we just use this helper to 750 ret = ocfs2_zero_extend(inode, (u64)new_i_size - tail_to_skip);
731 * do a trivial update of i_size. */ 751 if (ret < 0) {
732 ret = ocfs2_simple_size_update(inode, di_bh, new_i_size); 752 mlog_errno(ret);
733 if (ret < 0) { 753 goto out_unlock;
734 mlog_errno(ret); 754 }
735 goto out; 755 }
756
757 if (!tail_to_skip) {
758 /* We're being called from ocfs2_setattr() which wants
759 * us to update i_size */
760 ret = ocfs2_simple_size_update(inode, di_bh, new_i_size);
761 if (ret < 0)
762 mlog_errno(ret);
736 } 763 }
737 764
765out_unlock:
766 if (clusters_to_add) /* this is the only case in which we lock */
767 ocfs2_data_unlock(inode, 1);
768
738out: 769out:
739 return ret; 770 return ret;
740} 771}
@@ -793,7 +824,7 @@ int ocfs2_setattr(struct dentry *dentry, struct iattr *attr)
793 if (i_size_read(inode) > attr->ia_size) 824 if (i_size_read(inode) > attr->ia_size)
794 status = ocfs2_truncate_file(inode, bh, attr->ia_size); 825 status = ocfs2_truncate_file(inode, bh, attr->ia_size);
795 else 826 else
796 status = ocfs2_extend_file(inode, bh, attr->ia_size); 827 status = ocfs2_extend_file(inode, bh, attr->ia_size, 0);
797 if (status < 0) { 828 if (status < 0) {
798 if (status != -ENOSPC) 829 if (status != -ENOSPC)
799 mlog_errno(status); 830 mlog_errno(status);
@@ -1049,21 +1080,12 @@ static ssize_t ocfs2_file_aio_write(struct kiocb *iocb,
1049 if (!clusters) 1080 if (!clusters)
1050 break; 1081 break;
1051 1082
1052 ret = ocfs2_extend_allocation(inode, clusters); 1083 ret = ocfs2_extend_file(inode, NULL, newsize, count);
1053 if (ret < 0) { 1084 if (ret < 0) {
1054 if (ret != -ENOSPC) 1085 if (ret != -ENOSPC)
1055 mlog_errno(ret); 1086 mlog_errno(ret);
1056 goto out; 1087 goto out;
1057 } 1088 }
1058
1059 /* Fill any holes which would've been created by this
1060 * write. If we're O_APPEND, this will wind up
1061 * (correctly) being a noop. */
1062 ret = ocfs2_zero_extend(inode, (u64) newsize - count);
1063 if (ret < 0) {
1064 mlog_errno(ret);
1065 goto out;
1066 }
1067 break; 1089 break;
1068 } 1090 }
1069 1091
@@ -1146,6 +1168,22 @@ static ssize_t ocfs2_file_aio_read(struct kiocb *iocb,
1146 ocfs2_iocb_set_rw_locked(iocb); 1168 ocfs2_iocb_set_rw_locked(iocb);
1147 } 1169 }
1148 1170
1171 /*
1172 * We're fine letting folks race truncates and extending
1173 * writes with read across the cluster, just like they can
1174 * locally. Hence no rw_lock during read.
1175 *
1176 * Take and drop the meta data lock to update inode fields
1177 * like i_size. This allows the checks down below
1178 * generic_file_aio_read() a chance of actually working.
1179 */
1180 ret = ocfs2_meta_lock(inode, NULL, NULL, 0);
1181 if (ret < 0) {
1182 mlog_errno(ret);
1183 goto bail;
1184 }
1185 ocfs2_meta_unlock(inode, 0);
1186
1149 ret = generic_file_aio_read(iocb, buf, count, iocb->ki_pos); 1187 ret = generic_file_aio_read(iocb, buf, count, iocb->ki_pos);
1150 if (ret == -EINVAL) 1188 if (ret == -EINVAL)
1151 mlog(ML_ERROR, "generic_file_aio_read returned -EINVAL\n"); 1189 mlog(ML_ERROR, "generic_file_aio_read returned -EINVAL\n");
diff --git a/fs/ocfs2/journal.c b/fs/ocfs2/journal.c
index 6a610ae53583..eebc3cfa6be8 100644
--- a/fs/ocfs2/journal.c
+++ b/fs/ocfs2/journal.c
@@ -117,7 +117,7 @@ struct ocfs2_journal_handle *ocfs2_alloc_handle(struct ocfs2_super *osb)
117{ 117{
118 struct ocfs2_journal_handle *retval = NULL; 118 struct ocfs2_journal_handle *retval = NULL;
119 119
120 retval = kcalloc(1, sizeof(*retval), GFP_KERNEL); 120 retval = kcalloc(1, sizeof(*retval), GFP_NOFS);
121 if (!retval) { 121 if (!retval) {
122 mlog(ML_ERROR, "Failed to allocate memory for journal " 122 mlog(ML_ERROR, "Failed to allocate memory for journal "
123 "handle!\n"); 123 "handle!\n");
@@ -870,9 +870,11 @@ static int ocfs2_force_read_journal(struct inode *inode)
870 if (p_blocks > CONCURRENT_JOURNAL_FILL) 870 if (p_blocks > CONCURRENT_JOURNAL_FILL)
871 p_blocks = CONCURRENT_JOURNAL_FILL; 871 p_blocks = CONCURRENT_JOURNAL_FILL;
872 872
873 /* We are reading journal data which should not
874 * be put in the uptodate cache */
873 status = ocfs2_read_blocks(OCFS2_SB(inode->i_sb), 875 status = ocfs2_read_blocks(OCFS2_SB(inode->i_sb),
874 p_blkno, p_blocks, bhs, 0, 876 p_blkno, p_blocks, bhs, 0,
875 inode); 877 NULL);
876 if (status < 0) { 878 if (status < 0) {
877 mlog_errno(status); 879 mlog_errno(status);
878 goto bail; 880 goto bail;
@@ -982,7 +984,7 @@ static void ocfs2_queue_recovery_completion(struct ocfs2_journal *journal,
982{ 984{
983 struct ocfs2_la_recovery_item *item; 985 struct ocfs2_la_recovery_item *item;
984 986
985 item = kmalloc(sizeof(struct ocfs2_la_recovery_item), GFP_KERNEL); 987 item = kmalloc(sizeof(struct ocfs2_la_recovery_item), GFP_NOFS);
986 if (!item) { 988 if (!item) {
987 /* Though we wish to avoid it, we are in fact safe in 989 /* Though we wish to avoid it, we are in fact safe in
988 * skipping local alloc cleanup as fsck.ocfs2 is more 990 * skipping local alloc cleanup as fsck.ocfs2 is more
diff --git a/fs/ocfs2/uptodate.c b/fs/ocfs2/uptodate.c
index 04a684dfdd96..b8a00a793326 100644
--- a/fs/ocfs2/uptodate.c
+++ b/fs/ocfs2/uptodate.c
@@ -337,7 +337,7 @@ static void __ocfs2_set_buffer_uptodate(struct ocfs2_inode_info *oi,
337 (unsigned long long)oi->ip_blkno, 337 (unsigned long long)oi->ip_blkno,
338 (unsigned long long)block, expand_tree); 338 (unsigned long long)block, expand_tree);
339 339
340 new = kmem_cache_alloc(ocfs2_uptodate_cachep, GFP_KERNEL); 340 new = kmem_cache_alloc(ocfs2_uptodate_cachep, GFP_NOFS);
341 if (!new) { 341 if (!new) {
342 mlog_errno(-ENOMEM); 342 mlog_errno(-ENOMEM);
343 return; 343 return;
@@ -349,7 +349,7 @@ static void __ocfs2_set_buffer_uptodate(struct ocfs2_inode_info *oi,
349 * has no way of tracking that. */ 349 * has no way of tracking that. */
350 for(i = 0; i < OCFS2_INODE_MAX_CACHE_ARRAY; i++) { 350 for(i = 0; i < OCFS2_INODE_MAX_CACHE_ARRAY; i++) {
351 tree[i] = kmem_cache_alloc(ocfs2_uptodate_cachep, 351 tree[i] = kmem_cache_alloc(ocfs2_uptodate_cachep,
352 GFP_KERNEL); 352 GFP_NOFS);
353 if (!tree[i]) { 353 if (!tree[i]) {
354 mlog_errno(-ENOMEM); 354 mlog_errno(-ENOMEM);
355 goto out_free; 355 goto out_free;
diff --git a/fs/ocfs2/vote.c b/fs/ocfs2/vote.c
index 53049a204197..ee42765a8553 100644
--- a/fs/ocfs2/vote.c
+++ b/fs/ocfs2/vote.c
@@ -586,7 +586,7 @@ static struct ocfs2_net_wait_ctxt *ocfs2_new_net_wait_ctxt(unsigned int response
586{ 586{
587 struct ocfs2_net_wait_ctxt *w; 587 struct ocfs2_net_wait_ctxt *w;
588 588
589 w = kcalloc(1, sizeof(*w), GFP_KERNEL); 589 w = kcalloc(1, sizeof(*w), GFP_NOFS);
590 if (!w) { 590 if (!w) {
591 mlog_errno(-ENOMEM); 591 mlog_errno(-ENOMEM);
592 goto bail; 592 goto bail;
@@ -749,7 +749,7 @@ static struct ocfs2_vote_msg * ocfs2_new_vote_request(struct ocfs2_super *osb,
749 749
750 BUG_ON(!ocfs2_is_valid_vote_request(type)); 750 BUG_ON(!ocfs2_is_valid_vote_request(type));
751 751
752 request = kcalloc(1, sizeof(*request), GFP_KERNEL); 752 request = kcalloc(1, sizeof(*request), GFP_NOFS);
753 if (!request) { 753 if (!request) {
754 mlog_errno(-ENOMEM); 754 mlog_errno(-ENOMEM);
755 } else { 755 } else {
@@ -1129,7 +1129,7 @@ static int ocfs2_handle_vote_message(struct o2net_msg *msg,
1129 struct ocfs2_super *osb = data; 1129 struct ocfs2_super *osb = data;
1130 struct ocfs2_vote_work *work; 1130 struct ocfs2_vote_work *work;
1131 1131
1132 work = kmalloc(sizeof(struct ocfs2_vote_work), GFP_KERNEL); 1132 work = kmalloc(sizeof(struct ocfs2_vote_work), GFP_NOFS);
1133 if (!work) { 1133 if (!work) {
1134 status = -ENOMEM; 1134 status = -ENOMEM;
1135 mlog_errno(status); 1135 mlog_errno(status);
diff --git a/fs/open.c b/fs/open.c
index 53ec28c36777..317b7c7f38a7 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -1124,7 +1124,6 @@ asmlinkage long sys_openat(int dfd, const char __user *filename, int flags,
1124 prevent_tail_call(ret); 1124 prevent_tail_call(ret);
1125 return ret; 1125 return ret;
1126} 1126}
1127EXPORT_SYMBOL_GPL(sys_openat);
1128 1127
1129#ifndef __alpha__ 1128#ifndef __alpha__
1130 1129
diff --git a/fs/partitions/check.c b/fs/partitions/check.c
index 45ae7dd3c650..7ef1f094de91 100644
--- a/fs/partitions/check.c
+++ b/fs/partitions/check.c
@@ -533,6 +533,7 @@ void del_gendisk(struct gendisk *disk)
533 533
534 devfs_remove_disk(disk); 534 devfs_remove_disk(disk);
535 535
536 kobject_uevent(&disk->kobj, KOBJ_REMOVE);
536 if (disk->holder_dir) 537 if (disk->holder_dir)
537 kobject_unregister(disk->holder_dir); 538 kobject_unregister(disk->holder_dir);
538 if (disk->slave_dir) 539 if (disk->slave_dir)
@@ -545,7 +546,7 @@ void del_gendisk(struct gendisk *disk)
545 kfree(disk_name); 546 kfree(disk_name);
546 } 547 }
547 put_device(disk->driverfs_dev); 548 put_device(disk->driverfs_dev);
549 disk->driverfs_dev = NULL;
548 } 550 }
549 kobject_uevent(&disk->kobj, KOBJ_REMOVE);
550 kobject_del(&disk->kobj); 551 kobject_del(&disk->kobj);
551} 552}
diff --git a/fs/pipe.c b/fs/pipe.c
index 7fefb10db8d9..5acd8954aaa0 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -55,7 +55,8 @@ void pipe_wait(struct pipe_inode_info *pipe)
55} 55}
56 56
57static int 57static int
58pipe_iov_copy_from_user(void *to, struct iovec *iov, unsigned long len) 58pipe_iov_copy_from_user(void *to, struct iovec *iov, unsigned long len,
59 int atomic)
59{ 60{
60 unsigned long copy; 61 unsigned long copy;
61 62
@@ -64,8 +65,13 @@ pipe_iov_copy_from_user(void *to, struct iovec *iov, unsigned long len)
64 iov++; 65 iov++;
65 copy = min_t(unsigned long, len, iov->iov_len); 66 copy = min_t(unsigned long, len, iov->iov_len);
66 67
67 if (copy_from_user(to, iov->iov_base, copy)) 68 if (atomic) {
68 return -EFAULT; 69 if (__copy_from_user_inatomic(to, iov->iov_base, copy))
70 return -EFAULT;
71 } else {
72 if (copy_from_user(to, iov->iov_base, copy))
73 return -EFAULT;
74 }
69 to += copy; 75 to += copy;
70 len -= copy; 76 len -= copy;
71 iov->iov_base += copy; 77 iov->iov_base += copy;
@@ -75,7 +81,8 @@ pipe_iov_copy_from_user(void *to, struct iovec *iov, unsigned long len)
75} 81}
76 82
77static int 83static int
78pipe_iov_copy_to_user(struct iovec *iov, const void *from, unsigned long len) 84pipe_iov_copy_to_user(struct iovec *iov, const void *from, unsigned long len,
85 int atomic)
79{ 86{
80 unsigned long copy; 87 unsigned long copy;
81 88
@@ -84,8 +91,13 @@ pipe_iov_copy_to_user(struct iovec *iov, const void *from, unsigned long len)
84 iov++; 91 iov++;
85 copy = min_t(unsigned long, len, iov->iov_len); 92 copy = min_t(unsigned long, len, iov->iov_len);
86 93
87 if (copy_to_user(iov->iov_base, from, copy)) 94 if (atomic) {
88 return -EFAULT; 95 if (__copy_to_user_inatomic(iov->iov_base, from, copy))
96 return -EFAULT;
97 } else {
98 if (copy_to_user(iov->iov_base, from, copy))
99 return -EFAULT;
100 }
89 from += copy; 101 from += copy;
90 len -= copy; 102 len -= copy;
91 iov->iov_base += copy; 103 iov->iov_base += copy;
@@ -94,13 +106,52 @@ pipe_iov_copy_to_user(struct iovec *iov, const void *from, unsigned long len)
94 return 0; 106 return 0;
95} 107}
96 108
109/*
110 * Attempt to pre-fault in the user memory, so we can use atomic copies.
111 * Returns the number of bytes not faulted in.
112 */
113static int iov_fault_in_pages_write(struct iovec *iov, unsigned long len)
114{
115 while (!iov->iov_len)
116 iov++;
117
118 while (len > 0) {
119 unsigned long this_len;
120
121 this_len = min_t(unsigned long, len, iov->iov_len);
122 if (fault_in_pages_writeable(iov->iov_base, this_len))
123 break;
124
125 len -= this_len;
126 iov++;
127 }
128
129 return len;
130}
131
132/*
133 * Pre-fault in the user memory, so we can use atomic copies.
134 */
135static void iov_fault_in_pages_read(struct iovec *iov, unsigned long len)
136{
137 while (!iov->iov_len)
138 iov++;
139
140 while (len > 0) {
141 unsigned long this_len;
142
143 this_len = min_t(unsigned long, len, iov->iov_len);
144 fault_in_pages_readable(iov->iov_base, this_len);
145 len -= this_len;
146 iov++;
147 }
148}
149
97static void anon_pipe_buf_release(struct pipe_inode_info *pipe, 150static void anon_pipe_buf_release(struct pipe_inode_info *pipe,
98 struct pipe_buffer *buf) 151 struct pipe_buffer *buf)
99{ 152{
100 struct page *page = buf->page; 153 struct page *page = buf->page;
101 154
102 buf->flags &= ~PIPE_BUF_FLAG_STOLEN;
103
104 /* 155 /*
105 * If nobody else uses this page, and we don't already have a 156 * If nobody else uses this page, and we don't already have a
106 * temporary page, let's keep track of it as a one-deep 157 * temporary page, let's keep track of it as a one-deep
@@ -112,38 +163,58 @@ static void anon_pipe_buf_release(struct pipe_inode_info *pipe,
112 page_cache_release(page); 163 page_cache_release(page);
113} 164}
114 165
115static void * anon_pipe_buf_map(struct file *file, struct pipe_inode_info *pipe, 166void *generic_pipe_buf_map(struct pipe_inode_info *pipe,
116 struct pipe_buffer *buf) 167 struct pipe_buffer *buf, int atomic)
117{ 168{
169 if (atomic) {
170 buf->flags |= PIPE_BUF_FLAG_ATOMIC;
171 return kmap_atomic(buf->page, KM_USER0);
172 }
173
118 return kmap(buf->page); 174 return kmap(buf->page);
119} 175}
120 176
121static void anon_pipe_buf_unmap(struct pipe_inode_info *pipe, 177void generic_pipe_buf_unmap(struct pipe_inode_info *pipe,
122 struct pipe_buffer *buf) 178 struct pipe_buffer *buf, void *map_data)
123{ 179{
124 kunmap(buf->page); 180 if (buf->flags & PIPE_BUF_FLAG_ATOMIC) {
181 buf->flags &= ~PIPE_BUF_FLAG_ATOMIC;
182 kunmap_atomic(map_data, KM_USER0);
183 } else
184 kunmap(buf->page);
125} 185}
126 186
127static int anon_pipe_buf_steal(struct pipe_inode_info *pipe, 187int generic_pipe_buf_steal(struct pipe_inode_info *pipe,
128 struct pipe_buffer *buf) 188 struct pipe_buffer *buf)
129{ 189{
130 buf->flags |= PIPE_BUF_FLAG_STOLEN; 190 struct page *page = buf->page;
131 return 0; 191
192 if (page_count(page) == 1) {
193 lock_page(page);
194 return 0;
195 }
196
197 return 1;
132} 198}
133 199
134static void anon_pipe_buf_get(struct pipe_inode_info *info, 200void generic_pipe_buf_get(struct pipe_inode_info *info, struct pipe_buffer *buf)
135 struct pipe_buffer *buf)
136{ 201{
137 page_cache_get(buf->page); 202 page_cache_get(buf->page);
138} 203}
139 204
205int generic_pipe_buf_pin(struct pipe_inode_info *info, struct pipe_buffer *buf)
206{
207 return 0;
208}
209
140static struct pipe_buf_operations anon_pipe_buf_ops = { 210static struct pipe_buf_operations anon_pipe_buf_ops = {
141 .can_merge = 1, 211 .can_merge = 1,
142 .map = anon_pipe_buf_map, 212 .map = generic_pipe_buf_map,
143 .unmap = anon_pipe_buf_unmap, 213 .unmap = generic_pipe_buf_unmap,
214 .pin = generic_pipe_buf_pin,
144 .release = anon_pipe_buf_release, 215 .release = anon_pipe_buf_release,
145 .steal = anon_pipe_buf_steal, 216 .steal = generic_pipe_buf_steal,
146 .get = anon_pipe_buf_get, 217 .get = generic_pipe_buf_get,
147}; 218};
148 219
149static ssize_t 220static ssize_t
@@ -174,22 +245,33 @@ pipe_readv(struct file *filp, const struct iovec *_iov,
174 struct pipe_buf_operations *ops = buf->ops; 245 struct pipe_buf_operations *ops = buf->ops;
175 void *addr; 246 void *addr;
176 size_t chars = buf->len; 247 size_t chars = buf->len;
177 int error; 248 int error, atomic;
178 249
179 if (chars > total_len) 250 if (chars > total_len)
180 chars = total_len; 251 chars = total_len;
181 252
182 addr = ops->map(filp, pipe, buf); 253 error = ops->pin(pipe, buf);
183 if (IS_ERR(addr)) { 254 if (error) {
184 if (!ret) 255 if (!ret)
185 ret = PTR_ERR(addr); 256 error = ret;
186 break; 257 break;
187 } 258 }
188 error = pipe_iov_copy_to_user(iov, addr + buf->offset, chars); 259
189 ops->unmap(pipe, buf); 260 atomic = !iov_fault_in_pages_write(iov, chars);
261redo:
262 addr = ops->map(pipe, buf, atomic);
263 error = pipe_iov_copy_to_user(iov, addr + buf->offset, chars, atomic);
264 ops->unmap(pipe, buf, addr);
190 if (unlikely(error)) { 265 if (unlikely(error)) {
266 /*
267 * Just retry with the slow path if we failed.
268 */
269 if (atomic) {
270 atomic = 0;
271 goto redo;
272 }
191 if (!ret) 273 if (!ret)
192 ret = -EFAULT; 274 ret = error;
193 break; 275 break;
194 } 276 }
195 ret += chars; 277 ret += chars;
@@ -293,21 +375,28 @@ pipe_writev(struct file *filp, const struct iovec *_iov,
293 int offset = buf->offset + buf->len; 375 int offset = buf->offset + buf->len;
294 376
295 if (ops->can_merge && offset + chars <= PAGE_SIZE) { 377 if (ops->can_merge && offset + chars <= PAGE_SIZE) {
378 int error, atomic = 1;
296 void *addr; 379 void *addr;
297 int error;
298 380
299 addr = ops->map(filp, pipe, buf); 381 error = ops->pin(pipe, buf);
300 if (IS_ERR(addr)) { 382 if (error)
301 error = PTR_ERR(addr);
302 goto out; 383 goto out;
303 } 384
385 iov_fault_in_pages_read(iov, chars);
386redo1:
387 addr = ops->map(pipe, buf, atomic);
304 error = pipe_iov_copy_from_user(offset + addr, iov, 388 error = pipe_iov_copy_from_user(offset + addr, iov,
305 chars); 389 chars, atomic);
306 ops->unmap(pipe, buf); 390 ops->unmap(pipe, buf, addr);
307 ret = error; 391 ret = error;
308 do_wakeup = 1; 392 do_wakeup = 1;
309 if (error) 393 if (error) {
394 if (atomic) {
395 atomic = 0;
396 goto redo1;
397 }
310 goto out; 398 goto out;
399 }
311 buf->len += chars; 400 buf->len += chars;
312 total_len -= chars; 401 total_len -= chars;
313 ret = chars; 402 ret = chars;
@@ -330,7 +419,8 @@ pipe_writev(struct file *filp, const struct iovec *_iov,
330 int newbuf = (pipe->curbuf + bufs) & (PIPE_BUFFERS-1); 419 int newbuf = (pipe->curbuf + bufs) & (PIPE_BUFFERS-1);
331 struct pipe_buffer *buf = pipe->bufs + newbuf; 420 struct pipe_buffer *buf = pipe->bufs + newbuf;
332 struct page *page = pipe->tmp_page; 421 struct page *page = pipe->tmp_page;
333 int error; 422 char *src;
423 int error, atomic = 1;
334 424
335 if (!page) { 425 if (!page) {
336 page = alloc_page(GFP_HIGHUSER); 426 page = alloc_page(GFP_HIGHUSER);
@@ -350,11 +440,27 @@ pipe_writev(struct file *filp, const struct iovec *_iov,
350 if (chars > total_len) 440 if (chars > total_len)
351 chars = total_len; 441 chars = total_len;
352 442
353 error = pipe_iov_copy_from_user(kmap(page), iov, chars); 443 iov_fault_in_pages_read(iov, chars);
354 kunmap(page); 444redo2:
445 if (atomic)
446 src = kmap_atomic(page, KM_USER0);
447 else
448 src = kmap(page);
449
450 error = pipe_iov_copy_from_user(src, iov, chars,
451 atomic);
452 if (atomic)
453 kunmap_atomic(src, KM_USER0);
454 else
455 kunmap(page);
456
355 if (unlikely(error)) { 457 if (unlikely(error)) {
458 if (atomic) {
459 atomic = 0;
460 goto redo2;
461 }
356 if (!ret) 462 if (!ret)
357 ret = -EFAULT; 463 ret = error;
358 break; 464 break;
359 } 465 }
360 ret += chars; 466 ret += chars;
diff --git a/fs/reiserfs/xattr_acl.c b/fs/reiserfs/xattr_acl.c
index 58c418fbca2c..97ae1b92bc47 100644
--- a/fs/reiserfs/xattr_acl.c
+++ b/fs/reiserfs/xattr_acl.c
@@ -408,8 +408,9 @@ int reiserfs_cache_default_acl(struct inode *inode)
408 acl = reiserfs_get_acl(inode, ACL_TYPE_DEFAULT); 408 acl = reiserfs_get_acl(inode, ACL_TYPE_DEFAULT);
409 reiserfs_read_unlock_xattrs(inode->i_sb); 409 reiserfs_read_unlock_xattrs(inode->i_sb);
410 reiserfs_read_unlock_xattr_i(inode); 410 reiserfs_read_unlock_xattr_i(inode);
411 ret = acl ? 1 : 0; 411 ret = (acl && !IS_ERR(acl));
412 posix_acl_release(acl); 412 if (ret)
413 posix_acl_release(acl);
413 } 414 }
414 415
415 return ret; 416 return ret;
diff --git a/fs/smbfs/dir.c b/fs/smbfs/dir.c
index 34c7a11d91f0..70d9c5a37f5a 100644
--- a/fs/smbfs/dir.c
+++ b/fs/smbfs/dir.c
@@ -434,6 +434,11 @@ smb_lookup(struct inode *dir, struct dentry *dentry, struct nameidata *nd)
434 if (dentry->d_name.len > SMB_MAXNAMELEN) 434 if (dentry->d_name.len > SMB_MAXNAMELEN)
435 goto out; 435 goto out;
436 436
437 /* Do not allow lookup of names with backslashes in */
438 error = -EINVAL;
439 if (memchr(dentry->d_name.name, '\\', dentry->d_name.len))
440 goto out;
441
437 lock_kernel(); 442 lock_kernel();
438 error = smb_proc_getattr(dentry, &finfo); 443 error = smb_proc_getattr(dentry, &finfo);
439#ifdef SMBFS_PARANOIA 444#ifdef SMBFS_PARANOIA
diff --git a/fs/smbfs/request.c b/fs/smbfs/request.c
index c71c375863cc..c71dd2760d32 100644
--- a/fs/smbfs/request.c
+++ b/fs/smbfs/request.c
@@ -339,9 +339,11 @@ int smb_add_request(struct smb_request *req)
339 /* 339 /*
340 * On timeout or on interrupt we want to try and remove the 340 * On timeout or on interrupt we want to try and remove the
341 * request from the recvq/xmitq. 341 * request from the recvq/xmitq.
342 * First check if the request is still part of a queue. (May
343 * have been removed by some error condition)
342 */ 344 */
343 smb_lock_server(server); 345 smb_lock_server(server);
344 if (!(req->rq_flags & SMB_REQ_RECEIVED)) { 346 if (!list_empty(&req->rq_queue)) {
345 list_del_init(&req->rq_queue); 347 list_del_init(&req->rq_queue);
346 smb_rput(req); 348 smb_rput(req);
347 } 349 }
diff --git a/fs/splice.c b/fs/splice.c
index 0559e7577a04..a285fd746dc0 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -27,15 +27,22 @@
27#include <linux/buffer_head.h> 27#include <linux/buffer_head.h>
28#include <linux/module.h> 28#include <linux/module.h>
29#include <linux/syscalls.h> 29#include <linux/syscalls.h>
30#include <linux/uio.h>
31
32struct partial_page {
33 unsigned int offset;
34 unsigned int len;
35};
30 36
31/* 37/*
32 * Passed to the actors 38 * Passed to splice_to_pipe
33 */ 39 */
34struct splice_desc { 40struct splice_pipe_desc {
35 unsigned int len, total_len; /* current and remaining length */ 41 struct page **pages; /* page map */
42 struct partial_page *partial; /* pages[] may not be contig */
43 int nr_pages; /* number of pages in map */
36 unsigned int flags; /* splice flags */ 44 unsigned int flags; /* splice flags */
37 struct file *file; /* file to read/write */ 45 struct pipe_buf_operations *ops;/* ops associated with output pipe */
38 loff_t pos; /* file position */
39}; 46};
40 47
41/* 48/*
@@ -44,7 +51,7 @@ struct splice_desc {
44 * addition of remove_mapping(). If success is returned, the caller may 51 * addition of remove_mapping(). If success is returned, the caller may
45 * attempt to reuse this page for another destination. 52 * attempt to reuse this page for another destination.
46 */ 53 */
47static int page_cache_pipe_buf_steal(struct pipe_inode_info *info, 54static int page_cache_pipe_buf_steal(struct pipe_inode_info *pipe,
48 struct pipe_buffer *buf) 55 struct pipe_buffer *buf)
49{ 56{
50 struct page *page = buf->page; 57 struct page *page = buf->page;
@@ -71,21 +78,19 @@ static int page_cache_pipe_buf_steal(struct pipe_inode_info *info,
71 return 1; 78 return 1;
72 } 79 }
73 80
74 buf->flags |= PIPE_BUF_FLAG_STOLEN | PIPE_BUF_FLAG_LRU; 81 buf->flags |= PIPE_BUF_FLAG_LRU;
75 return 0; 82 return 0;
76} 83}
77 84
78static void page_cache_pipe_buf_release(struct pipe_inode_info *info, 85static void page_cache_pipe_buf_release(struct pipe_inode_info *pipe,
79 struct pipe_buffer *buf) 86 struct pipe_buffer *buf)
80{ 87{
81 page_cache_release(buf->page); 88 page_cache_release(buf->page);
82 buf->page = NULL; 89 buf->flags &= ~PIPE_BUF_FLAG_LRU;
83 buf->flags &= ~(PIPE_BUF_FLAG_STOLEN | PIPE_BUF_FLAG_LRU);
84} 90}
85 91
86static void *page_cache_pipe_buf_map(struct file *file, 92static int page_cache_pipe_buf_pin(struct pipe_inode_info *pipe,
87 struct pipe_inode_info *info, 93 struct pipe_buffer *buf)
88 struct pipe_buffer *buf)
89{ 94{
90 struct page *page = buf->page; 95 struct page *page = buf->page;
91 int err; 96 int err;
@@ -111,51 +116,59 @@ static void *page_cache_pipe_buf_map(struct file *file,
111 } 116 }
112 117
113 /* 118 /*
114 * Page is ok afterall, fall through to mapping. 119 * Page is ok afterall, we are done.
115 */ 120 */
116 unlock_page(page); 121 unlock_page(page);
117 } 122 }
118 123
119 return kmap(page); 124 return 0;
120error: 125error:
121 unlock_page(page); 126 unlock_page(page);
122 return ERR_PTR(err); 127 return err;
123} 128}
124 129
125static void page_cache_pipe_buf_unmap(struct pipe_inode_info *info, 130static struct pipe_buf_operations page_cache_pipe_buf_ops = {
126 struct pipe_buffer *buf) 131 .can_merge = 0,
127{ 132 .map = generic_pipe_buf_map,
128 kunmap(buf->page); 133 .unmap = generic_pipe_buf_unmap,
129} 134 .pin = page_cache_pipe_buf_pin,
135 .release = page_cache_pipe_buf_release,
136 .steal = page_cache_pipe_buf_steal,
137 .get = generic_pipe_buf_get,
138};
130 139
131static void page_cache_pipe_buf_get(struct pipe_inode_info *info, 140static int user_page_pipe_buf_steal(struct pipe_inode_info *pipe,
132 struct pipe_buffer *buf) 141 struct pipe_buffer *buf)
133{ 142{
134 page_cache_get(buf->page); 143 if (!(buf->flags & PIPE_BUF_FLAG_GIFT))
144 return 1;
145
146 buf->flags |= PIPE_BUF_FLAG_LRU;
147 return generic_pipe_buf_steal(pipe, buf);
135} 148}
136 149
137static struct pipe_buf_operations page_cache_pipe_buf_ops = { 150static struct pipe_buf_operations user_page_pipe_buf_ops = {
138 .can_merge = 0, 151 .can_merge = 0,
139 .map = page_cache_pipe_buf_map, 152 .map = generic_pipe_buf_map,
140 .unmap = page_cache_pipe_buf_unmap, 153 .unmap = generic_pipe_buf_unmap,
154 .pin = generic_pipe_buf_pin,
141 .release = page_cache_pipe_buf_release, 155 .release = page_cache_pipe_buf_release,
142 .steal = page_cache_pipe_buf_steal, 156 .steal = user_page_pipe_buf_steal,
143 .get = page_cache_pipe_buf_get, 157 .get = generic_pipe_buf_get,
144}; 158};
145 159
146/* 160/*
147 * Pipe output worker. This sets up our pipe format with the page cache 161 * Pipe output worker. This sets up our pipe format with the page cache
148 * pipe buffer operations. Otherwise very similar to the regular pipe_writev(). 162 * pipe buffer operations. Otherwise very similar to the regular pipe_writev().
149 */ 163 */
150static ssize_t move_to_pipe(struct pipe_inode_info *pipe, struct page **pages, 164static ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
151 int nr_pages, unsigned long len, 165 struct splice_pipe_desc *spd)
152 unsigned int offset, unsigned int flags)
153{ 166{
154 int ret, do_wakeup, i; 167 int ret, do_wakeup, page_nr;
155 168
156 ret = 0; 169 ret = 0;
157 do_wakeup = 0; 170 do_wakeup = 0;
158 i = 0; 171 page_nr = 0;
159 172
160 if (pipe->inode) 173 if (pipe->inode)
161 mutex_lock(&pipe->inode->i_mutex); 174 mutex_lock(&pipe->inode->i_mutex);
@@ -171,27 +184,22 @@ static ssize_t move_to_pipe(struct pipe_inode_info *pipe, struct page **pages,
171 if (pipe->nrbufs < PIPE_BUFFERS) { 184 if (pipe->nrbufs < PIPE_BUFFERS) {
172 int newbuf = (pipe->curbuf + pipe->nrbufs) & (PIPE_BUFFERS - 1); 185 int newbuf = (pipe->curbuf + pipe->nrbufs) & (PIPE_BUFFERS - 1);
173 struct pipe_buffer *buf = pipe->bufs + newbuf; 186 struct pipe_buffer *buf = pipe->bufs + newbuf;
174 struct page *page = pages[i++];
175 unsigned long this_len;
176 187
177 this_len = PAGE_CACHE_SIZE - offset; 188 buf->page = spd->pages[page_nr];
178 if (this_len > len) 189 buf->offset = spd->partial[page_nr].offset;
179 this_len = len; 190 buf->len = spd->partial[page_nr].len;
191 buf->ops = spd->ops;
192 if (spd->flags & SPLICE_F_GIFT)
193 buf->flags |= PIPE_BUF_FLAG_GIFT;
180 194
181 buf->page = page;
182 buf->offset = offset;
183 buf->len = this_len;
184 buf->ops = &page_cache_pipe_buf_ops;
185 pipe->nrbufs++; 195 pipe->nrbufs++;
196 page_nr++;
197 ret += buf->len;
198
186 if (pipe->inode) 199 if (pipe->inode)
187 do_wakeup = 1; 200 do_wakeup = 1;
188 201
189 ret += this_len; 202 if (!--spd->nr_pages)
190 len -= this_len;
191 offset = 0;
192 if (!--nr_pages)
193 break;
194 if (!len)
195 break; 203 break;
196 if (pipe->nrbufs < PIPE_BUFFERS) 204 if (pipe->nrbufs < PIPE_BUFFERS)
197 continue; 205 continue;
@@ -199,7 +207,7 @@ static ssize_t move_to_pipe(struct pipe_inode_info *pipe, struct page **pages,
199 break; 207 break;
200 } 208 }
201 209
202 if (flags & SPLICE_F_NONBLOCK) { 210 if (spd->flags & SPLICE_F_NONBLOCK) {
203 if (!ret) 211 if (!ret)
204 ret = -EAGAIN; 212 ret = -EAGAIN;
205 break; 213 break;
@@ -234,8 +242,8 @@ static ssize_t move_to_pipe(struct pipe_inode_info *pipe, struct page **pages,
234 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); 242 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
235 } 243 }
236 244
237 while (i < nr_pages) 245 while (page_nr < spd->nr_pages)
238 page_cache_release(pages[i++]); 246 page_cache_release(spd->pages[page_nr++]);
239 247
240 return ret; 248 return ret;
241} 249}
@@ -246,17 +254,24 @@ __generic_file_splice_read(struct file *in, loff_t *ppos,
246 unsigned int flags) 254 unsigned int flags)
247{ 255{
248 struct address_space *mapping = in->f_mapping; 256 struct address_space *mapping = in->f_mapping;
249 unsigned int loff, offset, nr_pages; 257 unsigned int loff, nr_pages;
250 struct page *pages[PIPE_BUFFERS]; 258 struct page *pages[PIPE_BUFFERS];
259 struct partial_page partial[PIPE_BUFFERS];
251 struct page *page; 260 struct page *page;
252 pgoff_t index, end_index; 261 pgoff_t index, end_index;
253 loff_t isize; 262 loff_t isize;
254 size_t bytes; 263 size_t total_len;
255 int i, error; 264 int error, page_nr;
265 struct splice_pipe_desc spd = {
266 .pages = pages,
267 .partial = partial,
268 .flags = flags,
269 .ops = &page_cache_pipe_buf_ops,
270 };
256 271
257 index = *ppos >> PAGE_CACHE_SHIFT; 272 index = *ppos >> PAGE_CACHE_SHIFT;
258 loff = offset = *ppos & ~PAGE_CACHE_MASK; 273 loff = *ppos & ~PAGE_CACHE_MASK;
259 nr_pages = (len + offset + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT; 274 nr_pages = (len + loff + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
260 275
261 if (nr_pages > PIPE_BUFFERS) 276 if (nr_pages > PIPE_BUFFERS)
262 nr_pages = PIPE_BUFFERS; 277 nr_pages = PIPE_BUFFERS;
@@ -266,47 +281,83 @@ __generic_file_splice_read(struct file *in, loff_t *ppos,
266 * read-ahead if this is a non-zero offset (we are likely doing small 281 * read-ahead if this is a non-zero offset (we are likely doing small
267 * chunk splice and the page is already there) for a single page. 282 * chunk splice and the page is already there) for a single page.
268 */ 283 */
269 if (!offset || nr_pages > 1) 284 if (!loff || nr_pages > 1)
270 do_page_cache_readahead(mapping, in, index, nr_pages); 285 page_cache_readahead(mapping, &in->f_ra, in, index, nr_pages);
271 286
272 /* 287 /*
273 * Now fill in the holes: 288 * Now fill in the holes:
274 */ 289 */
275 error = 0; 290 error = 0;
276 bytes = 0; 291 total_len = 0;
277 for (i = 0; i < nr_pages; i++, index++) {
278 unsigned int this_len;
279 292
280 if (!len) 293 /*
281 break; 294 * Lookup the (hopefully) full range of pages we need.
295 */
296 spd.nr_pages = find_get_pages_contig(mapping, index, nr_pages, pages);
282 297
298 /*
299 * If find_get_pages_contig() returned fewer pages than we needed,
300 * allocate the rest.
301 */
302 index += spd.nr_pages;
303 while (spd.nr_pages < nr_pages) {
283 /* 304 /*
284 * this_len is the max we'll use from this page 305 * Page could be there, find_get_pages_contig() breaks on
285 */ 306 * the first hole.
286 this_len = min(len, PAGE_CACHE_SIZE - loff);
287find_page:
288 /*
289 * lookup the page for this index
290 */ 307 */
291 page = find_get_page(mapping, index); 308 page = find_get_page(mapping, index);
292 if (!page) { 309 if (!page) {
293 /* 310 /*
294 * page didn't exist, allocate one 311 * Make sure the read-ahead engine is notified
312 * about this failure.
313 */
314 handle_ra_miss(mapping, &in->f_ra, index);
315
316 /*
317 * page didn't exist, allocate one.
295 */ 318 */
296 page = page_cache_alloc_cold(mapping); 319 page = page_cache_alloc_cold(mapping);
297 if (!page) 320 if (!page)
298 break; 321 break;
299 322
300 error = add_to_page_cache_lru(page, mapping, index, 323 error = add_to_page_cache_lru(page, mapping, index,
301 mapping_gfp_mask(mapping)); 324 mapping_gfp_mask(mapping));
302 if (unlikely(error)) { 325 if (unlikely(error)) {
303 page_cache_release(page); 326 page_cache_release(page);
327 if (error == -EEXIST)
328 continue;
304 break; 329 break;
305 } 330 }
306 331 /*
307 goto readpage; 332 * add_to_page_cache() locks the page, unlock it
333 * to avoid convoluting the logic below even more.
334 */
335 unlock_page(page);
308 } 336 }
309 337
338 pages[spd.nr_pages++] = page;
339 index++;
340 }
341
342 /*
343 * Now loop over the map and see if we need to start IO on any
344 * pages, fill in the partial map, etc.
345 */
346 index = *ppos >> PAGE_CACHE_SHIFT;
347 nr_pages = spd.nr_pages;
348 spd.nr_pages = 0;
349 for (page_nr = 0; page_nr < nr_pages; page_nr++) {
350 unsigned int this_len;
351
352 if (!len)
353 break;
354
355 /*
356 * this_len is the max we'll use from this page
357 */
358 this_len = min_t(unsigned long, len, PAGE_CACHE_SIZE - loff);
359 page = pages[page_nr];
360
310 /* 361 /*
311 * If the page isn't uptodate, we may need to start io on it 362 * If the page isn't uptodate, we may need to start io on it
312 */ 363 */
@@ -327,7 +378,6 @@ find_page:
327 */ 378 */
328 if (!page->mapping) { 379 if (!page->mapping) {
329 unlock_page(page); 380 unlock_page(page);
330 page_cache_release(page);
331 break; 381 break;
332 } 382 }
333 /* 383 /*
@@ -338,16 +388,20 @@ find_page:
338 goto fill_it; 388 goto fill_it;
339 } 389 }
340 390
341readpage:
342 /* 391 /*
343 * need to read in the page 392 * need to read in the page
344 */ 393 */
345 error = mapping->a_ops->readpage(in, page); 394 error = mapping->a_ops->readpage(in, page);
346
347 if (unlikely(error)) { 395 if (unlikely(error)) {
348 page_cache_release(page); 396 /*
397 * We really should re-lookup the page here,
398 * but it complicates things a lot. Instead
399 * lets just do what we already stored, and
400 * we'll get it the next time we are called.
401 */
349 if (error == AOP_TRUNCATED_PAGE) 402 if (error == AOP_TRUNCATED_PAGE)
350 goto find_page; 403 error = 0;
404
351 break; 405 break;
352 } 406 }
353 407
@@ -356,10 +410,8 @@ readpage:
356 */ 410 */
357 isize = i_size_read(mapping->host); 411 isize = i_size_read(mapping->host);
358 end_index = (isize - 1) >> PAGE_CACHE_SHIFT; 412 end_index = (isize - 1) >> PAGE_CACHE_SHIFT;
359 if (unlikely(!isize || index > end_index)) { 413 if (unlikely(!isize || index > end_index))
360 page_cache_release(page);
361 break; 414 break;
362 }
363 415
364 /* 416 /*
365 * if this is the last page, see if we need to shrink 417 * if this is the last page, see if we need to shrink
@@ -367,26 +419,35 @@ readpage:
367 */ 419 */
368 if (end_index == index) { 420 if (end_index == index) {
369 loff = PAGE_CACHE_SIZE - (isize & ~PAGE_CACHE_MASK); 421 loff = PAGE_CACHE_SIZE - (isize & ~PAGE_CACHE_MASK);
370 if (bytes + loff > isize) { 422 if (total_len + loff > isize)
371 page_cache_release(page);
372 break; 423 break;
373 }
374 /* 424 /*
375 * force quit after adding this page 425 * force quit after adding this page
376 */ 426 */
377 nr_pages = i; 427 len = this_len;
378 this_len = min(this_len, loff); 428 this_len = min(this_len, loff);
429 loff = 0;
379 } 430 }
380 } 431 }
381fill_it: 432fill_it:
382 pages[i] = page; 433 partial[page_nr].offset = loff;
383 bytes += this_len; 434 partial[page_nr].len = this_len;
384 len -= this_len; 435 len -= this_len;
436 total_len += this_len;
385 loff = 0; 437 loff = 0;
438 spd.nr_pages++;
439 index++;
386 } 440 }
387 441
388 if (i) 442 /*
389 return move_to_pipe(pipe, pages, i, bytes, offset, flags); 443 * Release any pages at the end, if we quit early. 'i' is how far
444 * we got, 'nr_pages' is how many pages are in the map.
445 */
446 while (page_nr < nr_pages)
447 page_cache_release(pages[page_nr++]);
448
449 if (spd.nr_pages)
450 return splice_to_pipe(pipe, &spd);
390 451
391 return error; 452 return error;
392} 453}
@@ -439,38 +500,24 @@ EXPORT_SYMBOL(generic_file_splice_read);
439 500
440/* 501/*
441 * Send 'sd->len' bytes to socket from 'sd->file' at position 'sd->pos' 502 * Send 'sd->len' bytes to socket from 'sd->file' at position 'sd->pos'
442 * using sendpage(). 503 * using sendpage(). Return the number of bytes sent.
443 */ 504 */
444static int pipe_to_sendpage(struct pipe_inode_info *info, 505static int pipe_to_sendpage(struct pipe_inode_info *pipe,
445 struct pipe_buffer *buf, struct splice_desc *sd) 506 struct pipe_buffer *buf, struct splice_desc *sd)
446{ 507{
447 struct file *file = sd->file; 508 struct file *file = sd->file;
448 loff_t pos = sd->pos; 509 loff_t pos = sd->pos;
449 unsigned int offset; 510 int ret, more;
450 ssize_t ret;
451 void *ptr;
452 int more;
453 511
454 /* 512 ret = buf->ops->pin(pipe, buf);
455 * Sub-optimal, but we are limited by the pipe ->map. We don't 513 if (!ret) {
456 * need a kmap'ed buffer here, we just want to make sure we 514 more = (sd->flags & SPLICE_F_MORE) || sd->len < sd->total_len;
457 * have the page pinned if the pipe page originates from the
458 * page cache.
459 */
460 ptr = buf->ops->map(file, info, buf);
461 if (IS_ERR(ptr))
462 return PTR_ERR(ptr);
463
464 offset = pos & ~PAGE_CACHE_MASK;
465 more = (sd->flags & SPLICE_F_MORE) || sd->len < sd->total_len;
466 515
467 ret = file->f_op->sendpage(file, buf->page, offset, sd->len, &pos,more); 516 ret = file->f_op->sendpage(file, buf->page, buf->offset,
468 517 sd->len, &pos, more);
469 buf->ops->unmap(info, buf); 518 }
470 if (ret == sd->len)
471 return 0;
472 519
473 return -EIO; 520 return ret;
474} 521}
475 522
476/* 523/*
@@ -493,43 +540,51 @@ static int pipe_to_sendpage(struct pipe_inode_info *info,
493 * SPLICE_F_MOVE isn't set, or we cannot move the page, we simply create 540 * SPLICE_F_MOVE isn't set, or we cannot move the page, we simply create
494 * a new page in the output file page cache and fill/dirty that. 541 * a new page in the output file page cache and fill/dirty that.
495 */ 542 */
496static int pipe_to_file(struct pipe_inode_info *info, struct pipe_buffer *buf, 543static int pipe_to_file(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
497 struct splice_desc *sd) 544 struct splice_desc *sd)
498{ 545{
499 struct file *file = sd->file; 546 struct file *file = sd->file;
500 struct address_space *mapping = file->f_mapping; 547 struct address_space *mapping = file->f_mapping;
501 gfp_t gfp_mask = mapping_gfp_mask(mapping); 548 gfp_t gfp_mask = mapping_gfp_mask(mapping);
502 unsigned int offset; 549 unsigned int offset, this_len;
503 struct page *page; 550 struct page *page;
504 pgoff_t index; 551 pgoff_t index;
505 char *src;
506 int ret; 552 int ret;
507 553
508 /* 554 /*
509 * make sure the data in this buffer is uptodate 555 * make sure the data in this buffer is uptodate
510 */ 556 */
511 src = buf->ops->map(file, info, buf); 557 ret = buf->ops->pin(pipe, buf);
512 if (IS_ERR(src)) 558 if (unlikely(ret))
513 return PTR_ERR(src); 559 return ret;
514 560
515 index = sd->pos >> PAGE_CACHE_SHIFT; 561 index = sd->pos >> PAGE_CACHE_SHIFT;
516 offset = sd->pos & ~PAGE_CACHE_MASK; 562 offset = sd->pos & ~PAGE_CACHE_MASK;
517 563
564 this_len = sd->len;
565 if (this_len + offset > PAGE_CACHE_SIZE)
566 this_len = PAGE_CACHE_SIZE - offset;
567
518 /* 568 /*
519 * Reuse buf page, if SPLICE_F_MOVE is set. 569 * Reuse buf page, if SPLICE_F_MOVE is set and we are doing a full
570 * page.
520 */ 571 */
521 if (sd->flags & SPLICE_F_MOVE) { 572 if ((sd->flags & SPLICE_F_MOVE) && this_len == PAGE_CACHE_SIZE) {
522 /* 573 /*
523 * If steal succeeds, buf->page is now pruned from the vm 574 * If steal succeeds, buf->page is now pruned from the
524 * side (LRU and page cache) and we can reuse it. The page 575 * pagecache and we can reuse it. The page will also be
525 * will also be looked on successful return. 576 * locked on successful return.
526 */ 577 */
527 if (buf->ops->steal(info, buf)) 578 if (buf->ops->steal(pipe, buf))
528 goto find_page; 579 goto find_page;
529 580
530 page = buf->page; 581 page = buf->page;
531 if (add_to_page_cache(page, mapping, index, gfp_mask)) 582 if (add_to_page_cache(page, mapping, index, gfp_mask)) {
583 unlock_page(page);
532 goto find_page; 584 goto find_page;
585 }
586
587 page_cache_get(page);
533 588
534 if (!(buf->flags & PIPE_BUF_FLAG_LRU)) 589 if (!(buf->flags & PIPE_BUF_FLAG_LRU))
535 lru_cache_add(page); 590 lru_cache_add(page);
@@ -558,7 +613,7 @@ find_page:
558 * the full page. 613 * the full page.
559 */ 614 */
560 if (!PageUptodate(page)) { 615 if (!PageUptodate(page)) {
561 if (sd->len < PAGE_CACHE_SIZE) { 616 if (this_len < PAGE_CACHE_SIZE) {
562 ret = mapping->a_ops->readpage(file, page); 617 ret = mapping->a_ops->readpage(file, page);
563 if (unlikely(ret)) 618 if (unlikely(ret))
564 goto out; 619 goto out;
@@ -582,51 +637,67 @@ find_page:
582 } 637 }
583 } 638 }
584 639
585 ret = mapping->a_ops->prepare_write(file, page, 0, sd->len); 640 ret = mapping->a_ops->prepare_write(file, page, offset, offset+this_len);
586 if (ret == AOP_TRUNCATED_PAGE) { 641 if (unlikely(ret)) {
642 loff_t isize = i_size_read(mapping->host);
643
644 if (ret != AOP_TRUNCATED_PAGE)
645 unlock_page(page);
587 page_cache_release(page); 646 page_cache_release(page);
588 goto find_page; 647 if (ret == AOP_TRUNCATED_PAGE)
589 } else if (ret) 648 goto find_page;
649
650 /*
651 * prepare_write() may have instantiated a few blocks
652 * outside i_size. Trim these off again.
653 */
654 if (sd->pos + this_len > isize)
655 vmtruncate(mapping->host, isize);
656
590 goto out; 657 goto out;
658 }
591 659
592 if (!(buf->flags & PIPE_BUF_FLAG_STOLEN)) { 660 if (buf->page != page) {
593 char *dst = kmap_atomic(page, KM_USER0); 661 /*
662 * Careful, ->map() uses KM_USER0!
663 */
664 char *src = buf->ops->map(pipe, buf, 1);
665 char *dst = kmap_atomic(page, KM_USER1);
594 666
595 memcpy(dst + offset, src + buf->offset, sd->len); 667 memcpy(dst + offset, src + buf->offset, this_len);
596 flush_dcache_page(page); 668 flush_dcache_page(page);
597 kunmap_atomic(dst, KM_USER0); 669 kunmap_atomic(dst, KM_USER1);
670 buf->ops->unmap(pipe, buf, src);
598 } 671 }
599 672
600 ret = mapping->a_ops->commit_write(file, page, 0, sd->len); 673 ret = mapping->a_ops->commit_write(file, page, offset, offset+this_len);
601 if (ret == AOP_TRUNCATED_PAGE) { 674 if (!ret) {
675 /*
676 * Return the number of bytes written and mark page as
677 * accessed, we are now done!
678 */
679 ret = this_len;
680 mark_page_accessed(page);
681 balance_dirty_pages_ratelimited(mapping);
682 } else if (ret == AOP_TRUNCATED_PAGE) {
602 page_cache_release(page); 683 page_cache_release(page);
603 goto find_page; 684 goto find_page;
604 } else if (ret) 685 }
605 goto out;
606
607 mark_page_accessed(page);
608 balance_dirty_pages_ratelimited(mapping);
609out: 686out:
610 if (!(buf->flags & PIPE_BUF_FLAG_STOLEN)) 687 page_cache_release(page);
611 page_cache_release(page);
612
613 unlock_page(page); 688 unlock_page(page);
614out_nomem: 689out_nomem:
615 buf->ops->unmap(info, buf);
616 return ret; 690 return ret;
617} 691}
618 692
619typedef int (splice_actor)(struct pipe_inode_info *, struct pipe_buffer *,
620 struct splice_desc *);
621
622/* 693/*
623 * Pipe input worker. Most of this logic works like a regular pipe, the 694 * Pipe input worker. Most of this logic works like a regular pipe, the
624 * key here is the 'actor' worker passed in that actually moves the data 695 * key here is the 'actor' worker passed in that actually moves the data
625 * to the wanted destination. See pipe_to_file/pipe_to_sendpage above. 696 * to the wanted destination. See pipe_to_file/pipe_to_sendpage above.
626 */ 697 */
627static ssize_t move_from_pipe(struct pipe_inode_info *pipe, struct file *out, 698ssize_t splice_from_pipe(struct pipe_inode_info *pipe, struct file *out,
628 loff_t *ppos, size_t len, unsigned int flags, 699 loff_t *ppos, size_t len, unsigned int flags,
629 splice_actor *actor) 700 splice_actor *actor)
630{ 701{
631 int ret, do_wakeup, err; 702 int ret, do_wakeup, err;
632 struct splice_desc sd; 703 struct splice_desc sd;
@@ -652,16 +723,22 @@ static ssize_t move_from_pipe(struct pipe_inode_info *pipe, struct file *out,
652 sd.len = sd.total_len; 723 sd.len = sd.total_len;
653 724
654 err = actor(pipe, buf, &sd); 725 err = actor(pipe, buf, &sd);
655 if (err) { 726 if (err <= 0) {
656 if (!ret && err != -ENODATA) 727 if (!ret && err != -ENODATA)
657 ret = err; 728 ret = err;
658 729
659 break; 730 break;
660 } 731 }
661 732
662 ret += sd.len; 733 ret += err;
663 buf->offset += sd.len; 734 buf->offset += err;
664 buf->len -= sd.len; 735 buf->len -= err;
736
737 sd.len -= err;
738 sd.pos += err;
739 sd.total_len -= err;
740 if (sd.len)
741 continue;
665 742
666 if (!buf->len) { 743 if (!buf->len) {
667 buf->ops = NULL; 744 buf->ops = NULL;
@@ -672,8 +749,6 @@ static ssize_t move_from_pipe(struct pipe_inode_info *pipe, struct file *out,
672 do_wakeup = 1; 749 do_wakeup = 1;
673 } 750 }
674 751
675 sd.pos += sd.len;
676 sd.total_len -= sd.len;
677 if (!sd.total_len) 752 if (!sd.total_len)
678 break; 753 break;
679 } 754 }
@@ -741,7 +816,7 @@ generic_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
741 struct address_space *mapping = out->f_mapping; 816 struct address_space *mapping = out->f_mapping;
742 ssize_t ret; 817 ssize_t ret;
743 818
744 ret = move_from_pipe(pipe, out, ppos, len, flags, pipe_to_file); 819 ret = splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_file);
745 if (ret > 0) { 820 if (ret > 0) {
746 struct inode *inode = mapping->host; 821 struct inode *inode = mapping->host;
747 822
@@ -783,7 +858,7 @@ EXPORT_SYMBOL(generic_file_splice_write);
783ssize_t generic_splice_sendpage(struct pipe_inode_info *pipe, struct file *out, 858ssize_t generic_splice_sendpage(struct pipe_inode_info *pipe, struct file *out,
784 loff_t *ppos, size_t len, unsigned int flags) 859 loff_t *ppos, size_t len, unsigned int flags)
785{ 860{
786 return move_from_pipe(pipe, out, ppos, len, flags, pipe_to_sendpage); 861 return splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_sendpage);
787} 862}
788 863
789EXPORT_SYMBOL(generic_splice_sendpage); 864EXPORT_SYMBOL(generic_splice_sendpage);
@@ -870,7 +945,7 @@ long do_splice_direct(struct file *in, loff_t *ppos, struct file *out,
870 945
871 /* 946 /*
872 * We don't have an immediate reader, but we'll read the stuff 947 * We don't have an immediate reader, but we'll read the stuff
873 * out of the pipe right after the move_to_pipe(). So set 948 * out of the pipe right after the splice_to_pipe(). So set
874 * PIPE_READERS appropriately. 949 * PIPE_READERS appropriately.
875 */ 950 */
876 pipe->readers = 1; 951 pipe->readers = 1;
@@ -1010,6 +1085,184 @@ static long do_splice(struct file *in, loff_t __user *off_in,
1010 return -EINVAL; 1085 return -EINVAL;
1011} 1086}
1012 1087
1088/*
1089 * Map an iov into an array of pages and offset/length tupples. With the
1090 * partial_page structure, we can map several non-contiguous ranges into
1091 * our ones pages[] map instead of splitting that operation into pieces.
1092 * Could easily be exported as a generic helper for other users, in which
1093 * case one would probably want to add a 'max_nr_pages' parameter as well.
1094 */
1095static int get_iovec_page_array(const struct iovec __user *iov,
1096 unsigned int nr_vecs, struct page **pages,
1097 struct partial_page *partial, int aligned)
1098{
1099 int buffers = 0, error = 0;
1100
1101 /*
1102 * It's ok to take the mmap_sem for reading, even
1103 * across a "get_user()".
1104 */
1105 down_read(&current->mm->mmap_sem);
1106
1107 while (nr_vecs) {
1108 unsigned long off, npages;
1109 void __user *base;
1110 size_t len;
1111 int i;
1112
1113 /*
1114 * Get user address base and length for this iovec.
1115 */
1116 error = get_user(base, &iov->iov_base);
1117 if (unlikely(error))
1118 break;
1119 error = get_user(len, &iov->iov_len);
1120 if (unlikely(error))
1121 break;
1122
1123 /*
1124 * Sanity check this iovec. 0 read succeeds.
1125 */
1126 if (unlikely(!len))
1127 break;
1128 error = -EFAULT;
1129 if (unlikely(!base))
1130 break;
1131
1132 /*
1133 * Get this base offset and number of pages, then map
1134 * in the user pages.
1135 */
1136 off = (unsigned long) base & ~PAGE_MASK;
1137
1138 /*
1139 * If asked for alignment, the offset must be zero and the
1140 * length a multiple of the PAGE_SIZE.
1141 */
1142 error = -EINVAL;
1143 if (aligned && (off || len & ~PAGE_MASK))
1144 break;
1145
1146 npages = (off + len + PAGE_SIZE - 1) >> PAGE_SHIFT;
1147 if (npages > PIPE_BUFFERS - buffers)
1148 npages = PIPE_BUFFERS - buffers;
1149
1150 error = get_user_pages(current, current->mm,
1151 (unsigned long) base, npages, 0, 0,
1152 &pages[buffers], NULL);
1153
1154 if (unlikely(error <= 0))
1155 break;
1156
1157 /*
1158 * Fill this contiguous range into the partial page map.
1159 */
1160 for (i = 0; i < error; i++) {
1161 const int plen = min_t(size_t, len, PAGE_SIZE - off);
1162
1163 partial[buffers].offset = off;
1164 partial[buffers].len = plen;
1165
1166 off = 0;
1167 len -= plen;
1168 buffers++;
1169 }
1170
1171 /*
1172 * We didn't complete this iov, stop here since it probably
1173 * means we have to move some of this into a pipe to
1174 * be able to continue.
1175 */
1176 if (len)
1177 break;
1178
1179 /*
1180 * Don't continue if we mapped fewer pages than we asked for,
1181 * or if we mapped the max number of pages that we have
1182 * room for.
1183 */
1184 if (error < npages || buffers == PIPE_BUFFERS)
1185 break;
1186
1187 nr_vecs--;
1188 iov++;
1189 }
1190
1191 up_read(&current->mm->mmap_sem);
1192
1193 if (buffers)
1194 return buffers;
1195
1196 return error;
1197}
1198
1199/*
1200 * vmsplice splices a user address range into a pipe. It can be thought of
1201 * as splice-from-memory, where the regular splice is splice-from-file (or
1202 * to file). In both cases the output is a pipe, naturally.
1203 *
1204 * Note that vmsplice only supports splicing _from_ user memory to a pipe,
1205 * not the other way around. Splicing from user memory is a simple operation
1206 * that can be supported without any funky alignment restrictions or nasty
1207 * vm tricks. We simply map in the user memory and fill them into a pipe.
1208 * The reverse isn't quite as easy, though. There are two possible solutions
1209 * for that:
1210 *
1211 * - memcpy() the data internally, at which point we might as well just
1212 * do a regular read() on the buffer anyway.
1213 * - Lots of nasty vm tricks, that are neither fast nor flexible (it
1214 * has restriction limitations on both ends of the pipe).
1215 *
1216 * Alas, it isn't here.
1217 *
1218 */
1219static long do_vmsplice(struct file *file, const struct iovec __user *iov,
1220 unsigned long nr_segs, unsigned int flags)
1221{
1222 struct pipe_inode_info *pipe = file->f_dentry->d_inode->i_pipe;
1223 struct page *pages[PIPE_BUFFERS];
1224 struct partial_page partial[PIPE_BUFFERS];
1225 struct splice_pipe_desc spd = {
1226 .pages = pages,
1227 .partial = partial,
1228 .flags = flags,
1229 .ops = &user_page_pipe_buf_ops,
1230 };
1231
1232 if (unlikely(!pipe))
1233 return -EBADF;
1234 if (unlikely(nr_segs > UIO_MAXIOV))
1235 return -EINVAL;
1236 else if (unlikely(!nr_segs))
1237 return 0;
1238
1239 spd.nr_pages = get_iovec_page_array(iov, nr_segs, pages, partial,
1240 flags & SPLICE_F_GIFT);
1241 if (spd.nr_pages <= 0)
1242 return spd.nr_pages;
1243
1244 return splice_to_pipe(pipe, &spd);
1245}
1246
1247asmlinkage long sys_vmsplice(int fd, const struct iovec __user *iov,
1248 unsigned long nr_segs, unsigned int flags)
1249{
1250 struct file *file;
1251 long error;
1252 int fput;
1253
1254 error = -EBADF;
1255 file = fget_light(fd, &fput);
1256 if (file) {
1257 if (file->f_mode & FMODE_WRITE)
1258 error = do_vmsplice(file, iov, nr_segs, flags);
1259
1260 fput_light(file, fput);
1261 }
1262
1263 return error;
1264}
1265
1013asmlinkage long sys_splice(int fd_in, loff_t __user *off_in, 1266asmlinkage long sys_splice(int fd_in, loff_t __user *off_in,
1014 int fd_out, loff_t __user *off_out, 1267 int fd_out, loff_t __user *off_out,
1015 size_t len, unsigned int flags) 1268 size_t len, unsigned int flags)
@@ -1092,6 +1345,12 @@ static int link_pipe(struct pipe_inode_info *ipipe,
1092 obuf = opipe->bufs + nbuf; 1345 obuf = opipe->bufs + nbuf;
1093 *obuf = *ibuf; 1346 *obuf = *ibuf;
1094 1347
1348 /*
1349 * Don't inherit the gift flag, we need to
1350 * prevent multiple steals of this page.
1351 */
1352 obuf->flags &= ~PIPE_BUF_FLAG_GIFT;
1353
1095 if (obuf->len > len) 1354 if (obuf->len > len)
1096 obuf->len = len; 1355 obuf->len = len;
1097 1356
diff --git a/fs/stat.c b/fs/stat.c
index 9948cc1685a4..0f282face322 100644
--- a/fs/stat.c
+++ b/fs/stat.c
@@ -261,7 +261,7 @@ asmlinkage long sys_newlstat(char __user *filename, struct stat __user *statbuf)
261 return error; 261 return error;
262} 262}
263 263
264#ifndef __ARCH_WANT_STAT64 264#if !defined(__ARCH_WANT_STAT64) || defined(__ARCH_WANT_SYS_NEWFSTATAT)
265asmlinkage long sys_newfstatat(int dfd, char __user *filename, 265asmlinkage long sys_newfstatat(int dfd, char __user *filename,
266 struct stat __user *statbuf, int flag) 266 struct stat __user *statbuf, int flag)
267{ 267{
diff --git a/fs/xfs/xfs_alloc.c b/fs/xfs/xfs_alloc.c
index 64ee07db0d5e..8558226281c4 100644
--- a/fs/xfs/xfs_alloc.c
+++ b/fs/xfs/xfs_alloc.c
@@ -1942,8 +1942,10 @@ xfs_alloc_fix_freelist(
1942 /* 1942 /*
1943 * Allocate as many blocks as possible at once. 1943 * Allocate as many blocks as possible at once.
1944 */ 1944 */
1945 if ((error = xfs_alloc_ag_vextent(&targs))) 1945 if ((error = xfs_alloc_ag_vextent(&targs))) {
1946 xfs_trans_brelse(tp, agflbp);
1946 return error; 1947 return error;
1948 }
1947 /* 1949 /*
1948 * Stop if we run out. Won't happen if callers are obeying 1950 * Stop if we run out. Won't happen if callers are obeying
1949 * the restrictions correctly. Can happen for free calls 1951 * the restrictions correctly. Can happen for free calls
@@ -1960,6 +1962,7 @@ xfs_alloc_fix_freelist(
1960 return error; 1962 return error;
1961 } 1963 }
1962 } 1964 }
1965 xfs_trans_brelse(tp, agflbp);
1963 args->agbp = agbp; 1966 args->agbp = agbp;
1964 return 0; 1967 return 0;
1965} 1968}
diff --git a/fs/xfs/xfs_rename.c b/fs/xfs/xfs_rename.c
index 81a05cfd77d2..1f148762eb28 100644
--- a/fs/xfs/xfs_rename.c
+++ b/fs/xfs/xfs_rename.c
@@ -316,6 +316,18 @@ xfs_rename(
316 } 316 }
317 } 317 }
318 318
319 /*
320 * If we are using project inheritance, we only allow renames
321 * into our tree when the project IDs are the same; else the
322 * tree quota mechanism would be circumvented.
323 */
324 if (unlikely((target_dp->i_d.di_flags & XFS_DIFLAG_PROJINHERIT) &&
325 (target_dp->i_d.di_projid != src_ip->i_d.di_projid))) {
326 error = XFS_ERROR(EXDEV);
327 xfs_rename_unlock4(inodes, XFS_ILOCK_SHARED);
328 goto rele_return;
329 }
330
319 new_parent = (src_dp != target_dp); 331 new_parent = (src_dp != target_dp);
320 src_is_directory = ((src_ip->i_d.di_mode & S_IFMT) == S_IFDIR); 332 src_is_directory = ((src_ip->i_d.di_mode & S_IFMT) == S_IFDIR);
321 333
diff --git a/fs/xfs/xfs_vfsops.c b/fs/xfs/xfs_vfsops.c
index f0e09ca14139..36ea1b2094f2 100644
--- a/fs/xfs/xfs_vfsops.c
+++ b/fs/xfs/xfs_vfsops.c
@@ -669,31 +669,22 @@ xfs_mntupdate(
669 xfs_mount_t *mp = XFS_BHVTOM(bdp); 669 xfs_mount_t *mp = XFS_BHVTOM(bdp);
670 int error; 670 int error;
671 671
672 if (args->flags & XFSMNT_BARRIER) 672 if (!(*flags & MS_RDONLY)) { /* rw/ro -> rw */
673 mp->m_flags |= XFS_MOUNT_BARRIER; 673 if (vfsp->vfs_flag & VFS_RDONLY)
674 else 674 vfsp->vfs_flag &= ~VFS_RDONLY;
675 mp->m_flags &= ~XFS_MOUNT_BARRIER; 675 if (args->flags & XFSMNT_BARRIER) {
676 676 mp->m_flags |= XFS_MOUNT_BARRIER;
677 if ((vfsp->vfs_flag & VFS_RDONLY) &&
678 !(*flags & MS_RDONLY)) {
679 vfsp->vfs_flag &= ~VFS_RDONLY;
680
681 if (args->flags & XFSMNT_BARRIER)
682 xfs_mountfs_check_barriers(mp); 677 xfs_mountfs_check_barriers(mp);
683 } 678 } else {
684 679 mp->m_flags &= ~XFS_MOUNT_BARRIER;
685 if (!(vfsp->vfs_flag & VFS_RDONLY) && 680 }
686 (*flags & MS_RDONLY)) { 681 } else if (!(vfsp->vfs_flag & VFS_RDONLY)) { /* rw -> ro */
687 VFS_SYNC(vfsp, SYNC_FSDATA|SYNC_BDFLUSH|SYNC_ATTR, NULL, error); 682 VFS_SYNC(vfsp, SYNC_FSDATA|SYNC_BDFLUSH|SYNC_ATTR, NULL, error);
688
689 xfs_quiesce_fs(mp); 683 xfs_quiesce_fs(mp);
690
691 /* Ok now write out an unmount record */
692 xfs_log_unmount_write(mp); 684 xfs_log_unmount_write(mp);
693 xfs_unmountfs_writesb(mp); 685 xfs_unmountfs_writesb(mp);
694 vfsp->vfs_flag |= VFS_RDONLY; 686 vfsp->vfs_flag |= VFS_RDONLY;
695 } 687 }
696
697 return 0; 688 return 0;
698} 689}
699 690
diff --git a/fs/xfs/xfs_vnodeops.c b/fs/xfs/xfs_vnodeops.c
index fa71b305ba5c..7027ae68ee38 100644
--- a/fs/xfs/xfs_vnodeops.c
+++ b/fs/xfs/xfs_vnodeops.c
@@ -2663,7 +2663,7 @@ xfs_link(
2663 */ 2663 */
2664 if (unlikely((tdp->i_d.di_flags & XFS_DIFLAG_PROJINHERIT) && 2664 if (unlikely((tdp->i_d.di_flags & XFS_DIFLAG_PROJINHERIT) &&
2665 (tdp->i_d.di_projid != sip->i_d.di_projid))) { 2665 (tdp->i_d.di_projid != sip->i_d.di_projid))) {
2666 error = XFS_ERROR(EPERM); 2666 error = XFS_ERROR(EXDEV);
2667 goto error_return; 2667 goto error_return;
2668 } 2668 }
2669 2669
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-21 04:21:06 -0500