1/* 2 * This file is part of UBIFS. 3 * 4 * Copyright (C) 2006-2008 Nokia Corporation 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 as published by 8 * the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, but WITHOUT 11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 13 * more details. 14 * 15 * You should have received a copy of the GNU General Public License along with 16 * this program; if not, write to the Free Software Foundation, Inc., 51 17 * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 18 * 19 * Authors: Adrian Hunter 20 * Artem Bityutskiy (���������������� ����������) 21 */ 22 23/* 24 * This file implements functions needed to recover from unclean un-mounts. 25 * When UBIFS is mounted, it checks a flag on the master node to determine if 26 * an un-mount was completed successfully. If not, the process of mounting 27 * incorporates additional checking and fixing of on-flash data structures. 28 * UBIFS always cleans away all remnants of an unclean un-mount, so that 29 * errors do not accumulate. However UBIFS defers recovery if it is mounted 30 * read-only, and the flash is not modified in that case. 31 */ 32 33#include <linux/crc32.h> 34#include <linux/slab.h> 35#include "ubifs.h" 36 37/** 38 * is_empty - determine whether a buffer is empty (contains all 0xff). 39 * @buf: buffer to clean 40 * @len: length of buffer 41 * 42 * This function returns %1 if the buffer is empty (contains all 0xff) otherwise 43 * %0 is returned. 44 */ 45static int is_empty(void *buf, int len) 46{ 47 uint8_t *p = buf; 48 int i; 49 50 for (i = 0; i < len; i++) 51 if (*p++ != 0xff) 52 return 0; 53 return 1; 54} 55 56/** 57 * first_non_ff - find offset of the first non-0xff byte. 58 * @buf: buffer to search in 59 * @len: length of buffer 60 * 61 * This function returns offset of the first non-0xff byte in @buf or %-1 if 62 * the buffer contains only 0xff bytes. 63 */ 64static int first_non_ff(void *buf, int len) 65{ 66 uint8_t *p = buf; 67 int i; 68 69 for (i = 0; i < len; i++) 70 if (*p++ != 0xff) 71 return i; 72 return -1; 73} 74 75/** 76 * get_master_node - get the last valid master node allowing for corruption. 77 * @c: UBIFS file-system description object 78 * @lnum: LEB number 79 * @pbuf: buffer containing the LEB read, is returned here 80 * @mst: master node, if found, is returned here 81 * @cor: corruption, if found, is returned here 82 * 83 * This function allocates a buffer, reads the LEB into it, and finds and 84 * returns the last valid master node allowing for one area of corruption. 85 * The corrupt area, if there is one, must be consistent with the assumption 86 * that it is the result of an unclean unmount while the master node was being 87 * written. Under those circumstances, it is valid to use the previously written 88 * master node. 89 * 90 * This function returns %0 on success and a negative error code on failure. 91 */ 92static int get_master_node(const struct ubifs_info *c, int lnum, void **pbuf, 93 struct ubifs_mst_node **mst, void **cor) 94{ 95 const int sz = c->mst_node_alsz; 96 int err, offs, len; 97 void *sbuf, *buf; 98 99 sbuf = vmalloc(c->leb_size); 100 if (!sbuf) 101 return -ENOMEM; 102 103 err = ubi_read(c->ubi, lnum, sbuf, 0, c->leb_size); 104 if (err && err != -EBADMSG) 105 goto out_free; 106 107 /* Find the first position that is definitely not a node */ 108 offs = 0; 109 buf = sbuf; 110 len = c->leb_size; 111 while (offs + UBIFS_MST_NODE_SZ <= c->leb_size) { 112 struct ubifs_ch *ch = buf; 113 114 if (le32_to_cpu(ch->magic) != UBIFS_NODE_MAGIC) 115 break; 116 offs += sz; 117 buf += sz; 118 len -= sz; 119 } 120 /* See if there was a valid master node before that */ 121 if (offs) { 122 int ret; 123 124 offs -= sz; 125 buf -= sz; 126 len += sz; 127 ret = ubifs_scan_a_node(c, buf, len, lnum, offs, 1); 128 if (ret != SCANNED_A_NODE && offs) { 129 /* Could have been corruption so check one place back */ 130 offs -= sz; 131 buf -= sz; 132 len += sz; 133 ret = ubifs_scan_a_node(c, buf, len, lnum, offs, 1); 134 if (ret != SCANNED_A_NODE) 135 /* 136 * We accept only one area of corruption because 137 * we are assuming that it was caused while 138 * trying to write a master node. 139 */ 140 goto out_err; 141 } 142 if (ret == SCANNED_A_NODE) { 143 struct ubifs_ch *ch = buf; 144 145 if (ch->node_type != UBIFS_MST_NODE) 146 goto out_err; 147 dbg_rcvry("found a master node at %d:%d", lnum, offs); 148 *mst = buf; 149 offs += sz; 150 buf += sz; 151 len -= sz; 152 } 153 } 154 /* Check for corruption */ 155 if (offs < c->leb_size) { 156 if (!is_empty(buf, min_t(int, len, sz))) { 157 *cor = buf; 158 dbg_rcvry("found corruption at %d:%d", lnum, offs); 159 } 160 offs += sz; 161 buf += sz; 162 len -= sz; 163 } 164 /* Check remaining empty space */ 165 if (offs < c->leb_size) 166 if (!is_empty(buf, len)) 167 goto out_err; 168 *pbuf = sbuf; 169 return 0; 170 171out_err: 172 err = -EINVAL; 173out_free: 174 vfree(sbuf); 175 *mst = NULL; 176 *cor = NULL; 177 return err; 178} 179 180/** 181 * write_rcvrd_mst_node - write recovered master node. 182 * @c: UBIFS file-system description object 183 * @mst: master node 184 * 185 * This function returns %0 on success and a negative error code on failure. 186 */ 187static int write_rcvrd_mst_node(struct ubifs_info *c, 188 struct ubifs_mst_node *mst) 189{ 190 int err = 0, lnum = UBIFS_MST_LNUM, sz = c->mst_node_alsz; 191 __le32 save_flags; 192 193 dbg_rcvry("recovery"); 194 195 save_flags = mst->flags; 196 mst->flags |= cpu_to_le32(UBIFS_MST_RCVRY); 197 198 ubifs_prepare_node(c, mst, UBIFS_MST_NODE_SZ, 1); 199 err = ubi_leb_change(c->ubi, lnum, mst, sz, UBI_SHORTTERM); 200 if (err) 201 goto out; 202 err = ubi_leb_change(c->ubi, lnum + 1, mst, sz, UBI_SHORTTERM); 203 if (err) 204 goto out; 205out: 206 mst->flags = save_flags; 207 return err; 208} 209 210/** 211 * ubifs_recover_master_node - recover the master node. 212 * @c: UBIFS file-system description object 213 * 214 * This function recovers the master node from corruption that may occur due to 215 * an unclean unmount. 216 * 217 * This function returns %0 on success and a negative error code on failure. 218 */ 219int ubifs_recover_master_node(struct ubifs_info *c) 220{ 221 void *buf1 = NULL, *buf2 = NULL, *cor1 = NULL, *cor2 = NULL; 222 struct ubifs_mst_node *mst1 = NULL, *mst2 = NULL, *mst; 223 const int sz = c->mst_node_alsz; 224 int err, offs1, offs2; 225 226 dbg_rcvry("recovery"); 227 228 err = get_master_node(c, UBIFS_MST_LNUM, &buf1, &mst1, &cor1); 229 if (err) 230 goto out_free; 231 232 err = get_master_node(c, UBIFS_MST_LNUM + 1, &buf2, &mst2, &cor2); 233 if (err) 234 goto out_free; 235 236 if (mst1) { 237 offs1 = (void *)mst1 - buf1; 238 if ((le32_to_cpu(mst1->flags) & UBIFS_MST_RCVRY) && 239 (offs1 == 0 && !cor1)) { 240 /* 241 * mst1 was written by recovery at offset 0 with no 242 * corruption. 243 */ 244 dbg_rcvry("recovery recovery"); 245 mst = mst1; 246 } else if (mst2) { 247 offs2 = (void *)mst2 - buf2; 248 if (offs1 == offs2) { 249 /* Same offset, so must be the same */ 250 if (memcmp((void *)mst1 + UBIFS_CH_SZ, 251 (void *)mst2 + UBIFS_CH_SZ, 252 UBIFS_MST_NODE_SZ - UBIFS_CH_SZ)) 253 goto out_err; 254 mst = mst1; 255 } else if (offs2 + sz == offs1) { 256 /* 1st LEB was written, 2nd was not */ 257 if (cor1) 258 goto out_err; 259 mst = mst1; 260 } else if (offs1 == 0 && offs2 + sz >= c->leb_size) { 261 /* 1st LEB was unmapped and written, 2nd not */ 262 if (cor1) 263 goto out_err; 264 mst = mst1; 265 } else 266 goto out_err; 267 } else { 268 /* 269 * 2nd LEB was unmapped and about to be written, so 270 * there must be only one master node in the first LEB 271 * and no corruption. 272 */ 273 if (offs1 != 0 || cor1) 274 goto out_err; 275 mst = mst1; 276 } 277 } else { 278 if (!mst2) 279 goto out_err; 280 /* 281 * 1st LEB was unmapped and about to be written, so there must 282 * be no room left in 2nd LEB. 283 */ 284 offs2 = (void *)mst2 - buf2; 285 if (offs2 + sz + sz <= c->leb_size) 286 goto out_err; 287 mst = mst2; 288 } 289 290 ubifs_msg("recovered master node from LEB %d", 291 (mst == mst1 ? UBIFS_MST_LNUM : UBIFS_MST_LNUM + 1)); 292 293 memcpy(c->mst_node, mst, UBIFS_MST_NODE_SZ); 294 295 if ((c->vfs_sb->s_flags & MS_RDONLY)) { 296 /* Read-only mode. Keep a copy for switching to rw mode */ 297 c->rcvrd_mst_node = kmalloc(sz, GFP_KERNEL); 298 if (!c->rcvrd_mst_node) { 299 err = -ENOMEM; 300 goto out_free; 301 } 302 memcpy(c->rcvrd_mst_node, c->mst_node, UBIFS_MST_NODE_SZ); 303 } else { 304 /* Write the recovered master node */ 305 c->max_sqnum = le64_to_cpu(mst->ch.sqnum) - 1; 306 err = write_rcvrd_mst_node(c, c->mst_node); 307 if (err) 308 goto out_free; 309 } 310 311 vfree(buf2); 312 vfree(buf1); 313 314 return 0; 315 316out_err: 317 err = -EINVAL; 318out_free: 319 ubifs_err("failed to recover master node"); 320 if (mst1) { 321 dbg_err("dumping first master node"); 322 dbg_dump_node(c, mst1); 323 } 324 if (mst2) { 325 dbg_err("dumping second master node"); 326 dbg_dump_node(c, mst2); 327 } 328 vfree(buf2); 329 vfree(buf1); 330 return err; 331} 332 333/** 334 * ubifs_write_rcvrd_mst_node - write the recovered master node. 335 * @c: UBIFS file-system description object 336 * 337 * This function writes the master node that was recovered during mounting in 338 * read-only mode and must now be written because we are remounting rw. 339 * 340 * This function returns %0 on success and a negative error code on failure. 341 */ 342int ubifs_write_rcvrd_mst_node(struct ubifs_info *c) 343{ 344 int err; 345 346 if (!c->rcvrd_mst_node) 347 return 0; 348 c->rcvrd_mst_node->flags |= cpu_to_le32(UBIFS_MST_DIRTY); 349 c->mst_node->flags |= cpu_to_le32(UBIFS_MST_DIRTY); 350 err = write_rcvrd_mst_node(c, c->rcvrd_mst_node); 351 if (err) 352 return err; 353 kfree(c->rcvrd_mst_node); 354 c->rcvrd_mst_node = NULL; 355 return 0; 356} 357 358/** 359 * is_last_write - determine if an offset was in the last write to a LEB. 360 * @c: UBIFS file-system description object 361 * @buf: buffer to check 362 * @offs: offset to check 363 * 364 * This function returns %1 if @offs was in the last write to the LEB whose data 365 * is in @buf, otherwise %0 is returned. The determination is made by checking 366 * for subsequent empty space starting from the next @c->min_io_size boundary. 367 */ 368static int is_last_write(const struct ubifs_info *c, void *buf, int offs) 369{ 370 int empty_offs, check_len; 371 uint8_t *p; 372 373 /* 374 * Round up to the next @c->min_io_size boundary i.e. @offs is in the 375 * last wbuf written. After that should be empty space. 376 */ 377 empty_offs = ALIGN(offs + 1, c->min_io_size); 378 check_len = c->leb_size - empty_offs; 379 p = buf + empty_offs - offs; 380 return is_empty(p, check_len); 381} 382 383/** 384 * clean_buf - clean the data from an LEB sitting in a buffer. 385 * @c: UBIFS file-system description object 386 * @buf: buffer to clean 387 * @lnum: LEB number to clean 388 * @offs: offset from which to clean 389 * @len: length of buffer 390 * 391 * This function pads up to the next min_io_size boundary (if there is one) and 392 * sets empty space to all 0xff. @buf, @offs and @len are updated to the next 393 * @c->min_io_size boundary. 394 */ 395static void clean_buf(const struct ubifs_info *c, void **buf, int lnum, 396 int *offs, int *len) 397{ 398 int empty_offs, pad_len; 399 400 lnum = lnum; 401 dbg_rcvry("cleaning corruption at %d:%d", lnum, *offs); 402 403 ubifs_assert(!(*offs & 7)); 404 empty_offs = ALIGN(*offs, c->min_io_size); 405 pad_len = empty_offs - *offs; 406 ubifs_pad(c, *buf, pad_len); 407 *offs += pad_len; 408 *buf += pad_len; 409 *len -= pad_len; 410 memset(*buf, 0xff, c->leb_size - empty_offs); 411} 412 413/** 414 * no_more_nodes - determine if there are no more nodes in a buffer. 415 * @c: UBIFS file-system description object 416 * @buf: buffer to check 417 * @len: length of buffer 418 * @lnum: LEB number of the LEB from which @buf was read 419 * @offs: offset from which @buf was read 420 * 421 * This function ensures that the corrupted node at @offs is the last thing 422 * written to a LEB. This function returns %1 if more data is not found and 423 * %0 if more data is found. 424 */ 425static int no_more_nodes(const struct ubifs_info *c, void *buf, int len, 426 int lnum, int offs) 427{ 428 struct ubifs_ch *ch = buf; 429 int skip, dlen = le32_to_cpu(ch->len); 430 431 /* Check for empty space after the corrupt node's common header */ 432 skip = ALIGN(offs + UBIFS_CH_SZ, c->min_io_size) - offs; 433 if (is_empty(buf + skip, len - skip)) 434 return 1; 435 /* 436 * The area after the common header size is not empty, so the common 437 * header must be intact. Check it. 438 */ 439 if (ubifs_check_node(c, buf, lnum, offs, 1, 0) != -EUCLEAN) { 440 dbg_rcvry("unexpected bad common header at %d:%d", lnum, offs); 441 return 0; 442 } 443 /* Now we know the corrupt node's length we can skip over it */ 444 skip = ALIGN(offs + dlen, c->min_io_size) - offs; 445 /* After which there should be empty space */ 446 if (is_empty(buf + skip, len - skip)) 447 return 1; 448 dbg_rcvry("unexpected data at %d:%d", lnum, offs + skip); 449 return 0; 450} 451 452/** 453 * fix_unclean_leb - fix an unclean LEB. 454 * @c: UBIFS file-system description object 455 * @sleb: scanned LEB information 456 * @start: offset where scan started 457 */ 458static int fix_unclean_leb(struct ubifs_info *c, struct ubifs_scan_leb *sleb, 459 int start) 460{ 461 int lnum = sleb->lnum, endpt = start; 462 463 /* Get the end offset of the last node we are keeping */ 464 if (!list_empty(&sleb->nodes)) { 465 struct ubifs_scan_node *snod; 466 467 snod = list_entry(sleb->nodes.prev, 468 struct ubifs_scan_node, list); 469 endpt = snod->offs + snod->len; 470 } 471 472 if ((c->vfs_sb->s_flags & MS_RDONLY) && !c->remounting_rw) { 473 /* Add to recovery list */ 474 struct ubifs_unclean_leb *ucleb; 475 476 dbg_rcvry("need to fix LEB %d start %d endpt %d", 477 lnum, start, sleb->endpt); 478 ucleb = kzalloc(sizeof(struct ubifs_unclean_leb), GFP_NOFS); 479 if (!ucleb) 480 return -ENOMEM; 481 ucleb->lnum = lnum; 482 ucleb->endpt = endpt; 483 list_add_tail(&ucleb->list, &c->unclean_leb_list); 484 } else { 485 /* Write the fixed LEB back to flash */ 486 int err; 487 488 dbg_rcvry("fixing LEB %d start %d endpt %d", 489 lnum, start, sleb->endpt); 490 if (endpt == 0) { 491 err = ubifs_leb_unmap(c, lnum); 492 if (err) 493 return err; 494 } else { 495 int len = ALIGN(endpt, c->min_io_size); 496 497 if (start) { 498 err = ubi_read(c->ubi, lnum, sleb->buf, 0, 499 start); 500 if (err) 501 return err; 502 } 503 /* Pad to min_io_size */ 504 if (len > endpt) { 505 int pad_len = len - ALIGN(endpt, 8); 506 507 if (pad_len > 0) { 508 void *buf = sleb->buf + len - pad_len; 509 510 ubifs_pad(c, buf, pad_len); 511 } 512 } 513 err = ubi_leb_change(c->ubi, lnum, sleb->buf, len, 514 UBI_UNKNOWN); 515 if (err) 516 return err; 517 } 518 } 519 return 0; 520} 521 522/** 523 * drop_incomplete_group - drop nodes from an incomplete group. 524 * @sleb: scanned LEB information 525 * @offs: offset of dropped nodes is returned here 526 * 527 * This function returns %1 if nodes are dropped and %0 otherwise. 528 */ 529static int drop_incomplete_group(struct ubifs_scan_leb *sleb, int *offs) 530{ 531 int dropped = 0; 532 533 while (!list_empty(&sleb->nodes)) { 534 struct ubifs_scan_node *snod; 535 struct ubifs_ch *ch; 536 537 snod = list_entry(sleb->nodes.prev, struct ubifs_scan_node, 538 list); 539 ch = snod->node; 540 if (ch->group_type != UBIFS_IN_NODE_GROUP) 541 return dropped; 542 dbg_rcvry("dropping node at %d:%d", sleb->lnum, snod->offs); 543 *offs = snod->offs; 544 list_del(&snod->list); 545 kfree(snod); 546 sleb->nodes_cnt -= 1; 547 dropped = 1; 548 } 549 return dropped; 550} 551 552/** 553 * ubifs_recover_leb - scan and recover a LEB. 554 * @c: UBIFS file-system description object 555 * @lnum: LEB number 556 * @offs: offset 557 * @sbuf: LEB-sized buffer to use 558 * @grouped: nodes may be grouped for recovery 559 * 560 * This function does a scan of a LEB, but caters for errors that might have 561 * been caused by the unclean unmount from which we are attempting to recover. 562 * Returns %0 in case of success, %-EUCLEAN if an unrecoverable corruption is 563 * found, and a negative error code in case of failure. 564 */ 565struct ubifs_scan_leb *ubifs_recover_leb(struct ubifs_info *c, int lnum, 566 int offs, void *sbuf, int grouped) 567{ 568 int err, len = c->leb_size - offs, need_clean = 0, quiet = 1; 569 int empty_chkd = 0, start = offs; 570 struct ubifs_scan_leb *sleb; 571 void *buf = sbuf + offs; 572 573 dbg_rcvry("%d:%d", lnum, offs); 574 575 sleb = ubifs_start_scan(c, lnum, offs, sbuf); 576 if (IS_ERR(sleb)) 577 return sleb; 578 579 if (sleb->ecc) 580 need_clean = 1; 581 582 while (len >= 8) { 583 int ret; 584 585 dbg_scan("look at LEB %d:%d (%d bytes left)", 586 lnum, offs, len); 587 588 cond_resched(); 589 590 /* 591 * Scan quietly until there is an error from which we cannot 592 * recover 593 */ 594 ret = ubifs_scan_a_node(c, buf, len, lnum, offs, quiet); 595 596 if (ret == SCANNED_A_NODE) { 597 /* A valid node, and not a padding node */ 598 struct ubifs_ch *ch = buf; 599 int node_len; 600 601 err = ubifs_add_snod(c, sleb, buf, offs); 602 if (err) 603 goto error; 604 node_len = ALIGN(le32_to_cpu(ch->len), 8); 605 offs += node_len; 606 buf += node_len; 607 len -= node_len; 608 continue; 609 } 610 611 if (ret > 0) { 612 /* Padding bytes or a valid padding node */ 613 offs += ret; 614 buf += ret; 615 len -= ret; 616 continue; 617 } 618 619 if (ret == SCANNED_EMPTY_SPACE) { 620 if (!is_empty(buf, len)) { 621 if (!is_last_write(c, buf, offs)) 622 break; 623 clean_buf(c, &buf, lnum, &offs, &len); 624 need_clean = 1; 625 } 626 empty_chkd = 1; 627 break; 628 } 629 630 if (ret == SCANNED_GARBAGE || ret == SCANNED_A_BAD_PAD_NODE) 631 if (is_last_write(c, buf, offs)) { 632 clean_buf(c, &buf, lnum, &offs, &len); 633 need_clean = 1; 634 empty_chkd = 1; 635 break; 636 } 637 638 if (ret == SCANNED_A_CORRUPT_NODE) 639 if (no_more_nodes(c, buf, len, lnum, offs)) { 640 clean_buf(c, &buf, lnum, &offs, &len); 641 need_clean = 1; 642 empty_chkd = 1; 643 break; 644 } 645 646 if (quiet) { 647 /* Redo the last scan but noisily */ 648 quiet = 0; 649 continue; 650 } 651 652 switch (ret) { 653 case SCANNED_GARBAGE: 654 dbg_err("garbage"); 655 goto corrupted; 656 case SCANNED_A_CORRUPT_NODE: 657 case SCANNED_A_BAD_PAD_NODE: 658 dbg_err("bad node"); 659 goto corrupted; 660 default: 661 dbg_err("unknown"); 662 err = -EINVAL; 663 goto error; 664 } 665 } 666 667 if (!empty_chkd && !is_empty(buf, len)) { 668 if (is_last_write(c, buf, offs)) { 669 clean_buf(c, &buf, lnum, &offs, &len); 670 need_clean = 1; 671 } else { 672 int corruption = first_non_ff(buf, len); 673 674 ubifs_err("corrupt empty space LEB %d:%d, corruption " 675 "starts at %d", lnum, offs, corruption); 676 /* Make sure we dump interesting non-0xFF data */ 677 offs = corruption; 678 buf += corruption; 679 goto corrupted; 680 } 681 } 682 683 /* Drop nodes from incomplete group */ 684 if (grouped && drop_incomplete_group(sleb, &offs)) { 685 buf = sbuf + offs; 686 len = c->leb_size - offs; 687 clean_buf(c, &buf, lnum, &offs, &len); 688 need_clean = 1; 689 } 690 691 if (offs % c->min_io_size) { 692 clean_buf(c, &buf, lnum, &offs, &len); 693 need_clean = 1; 694 } 695 696 ubifs_end_scan(c, sleb, lnum, offs); 697 698 if (need_clean) { 699 err = fix_unclean_leb(c, sleb, start); 700 if (err) 701 goto error; 702 } 703 704 return sleb; 705 706corrupted: 707 ubifs_scanned_corruption(c, lnum, offs, buf); 708 err = -EUCLEAN; 709error: 710 ubifs_err("LEB %d scanning failed", lnum); 711 ubifs_scan_destroy(sleb); 712 return ERR_PTR(err); 713} 714 715/** 716 * get_cs_sqnum - get commit start sequence number. 717 * @c: UBIFS file-system description object 718 * @lnum: LEB number of commit start node 719 * @offs: offset of commit start node 720 * @cs_sqnum: commit start sequence number is returned here 721 * 722 * This function returns %0 on success and a negative error code on failure. 723 */ 724static int get_cs_sqnum(struct ubifs_info *c, int lnum, int offs, 725 unsigned long long *cs_sqnum) 726{ 727 struct ubifs_cs_node *cs_node = NULL; 728 int err, ret; 729 730 dbg_rcvry("at %d:%d", lnum, offs); 731 cs_node = kmalloc(UBIFS_CS_NODE_SZ, GFP_KERNEL); 732 if (!cs_node) 733 return -ENOMEM; 734 if (c->leb_size - offs < UBIFS_CS_NODE_SZ) 735 goto out_err; 736 err = ubi_read(c->ubi, lnum, (void *)cs_node, offs, UBIFS_CS_NODE_SZ); 737 if (err && err != -EBADMSG) 738 goto out_free; 739 ret = ubifs_scan_a_node(c, cs_node, UBIFS_CS_NODE_SZ, lnum, offs, 0); 740 if (ret != SCANNED_A_NODE) { 741 dbg_err("Not a valid node"); 742 goto out_err; 743 } 744 if (cs_node->ch.node_type != UBIFS_CS_NODE) { 745 dbg_err("Node a CS node, type is %d", cs_node->ch.node_type); 746 goto out_err; 747 } 748 if (le64_to_cpu(cs_node->cmt_no) != c->cmt_no) { 749 dbg_err("CS node cmt_no %llu != current cmt_no %llu", 750 (unsigned long long)le64_to_cpu(cs_node->cmt_no), 751 c->cmt_no); 752 goto out_err; 753 } 754 *cs_sqnum = le64_to_cpu(cs_node->ch.sqnum); 755 dbg_rcvry("commit start sqnum %llu", *cs_sqnum); 756 kfree(cs_node); 757 return 0; 758 759out_err: 760 err = -EINVAL; 761out_free: 762 ubifs_err("failed to get CS sqnum"); 763 kfree(cs_node); 764 return err; 765} 766 767/** 768 * ubifs_recover_log_leb - scan and recover a log LEB. 769 * @c: UBIFS file-system description object 770 * @lnum: LEB number 771 * @offs: offset 772 * @sbuf: LEB-sized buffer to use 773 * 774 * This function does a scan of a LEB, but caters for errors that might have 775 * been caused by the unclean unmount from which we are attempting to recover. 776 * 777 * This function returns %0 on success and a negative error code on failure. 778 */ 779struct ubifs_scan_leb *ubifs_recover_log_leb(struct ubifs_info *c, int lnum, 780 int offs, void *sbuf) 781{ 782 struct ubifs_scan_leb *sleb; 783 int next_lnum; 784 785 dbg_rcvry("LEB %d", lnum); 786 next_lnum = lnum + 1; 787 if (next_lnum >= UBIFS_LOG_LNUM + c->log_lebs) 788 next_lnum = UBIFS_LOG_LNUM; 789 if (next_lnum != c->ltail_lnum) { 790 /* 791 * We can only recover at the end of the log, so check that the 792 * next log LEB is empty or out of date. 793 */ 794 sleb = ubifs_scan(c, next_lnum, 0, sbuf, 0); 795 if (IS_ERR(sleb)) 796 return sleb; 797 if (sleb->nodes_cnt) { 798 struct ubifs_scan_node *snod; 799 unsigned long long cs_sqnum = c->cs_sqnum; 800 801 snod = list_entry(sleb->nodes.next, 802 struct ubifs_scan_node, list); 803 if (cs_sqnum == 0) { 804 int err; 805 806 err = get_cs_sqnum(c, lnum, offs, &cs_sqnum); 807 if (err) { 808 ubifs_scan_destroy(sleb); 809 return ERR_PTR(err); 810 } 811 } 812 if (snod->sqnum > cs_sqnum) { 813 ubifs_err("unrecoverable log corruption " 814 "in LEB %d", lnum); 815 ubifs_scan_destroy(sleb); 816 return ERR_PTR(-EUCLEAN); 817 } 818 } 819 ubifs_scan_destroy(sleb); 820 } 821 return ubifs_recover_leb(c, lnum, offs, sbuf, 0); 822} 823 824/** 825 * recover_head - recover a head. 826 * @c: UBIFS file-system description object 827 * @lnum: LEB number of head to recover 828 * @offs: offset of head to recover 829 * @sbuf: LEB-sized buffer to use 830 * 831 * This function ensures that there is no data on the flash at a head location. 832 * 833 * This function returns %0 on success and a negative error code on failure. 834 */ 835static int recover_head(const struct ubifs_info *c, int lnum, int offs, 836 void *sbuf) 837{ 838 int len, err; 839 840 if (c->min_io_size > 1) 841 len = c->min_io_size; 842 else 843 len = 512; 844 if (offs + len > c->leb_size) 845 len = c->leb_size - offs; 846 847 if (!len) 848 return 0; 849 850 /* Read at the head location and check it is empty flash */ 851 err = ubi_read(c->ubi, lnum, sbuf, offs, len); 852 if (err || !is_empty(sbuf, len)) { 853 dbg_rcvry("cleaning head at %d:%d", lnum, offs); 854 if (offs == 0) 855 return ubifs_leb_unmap(c, lnum); 856 err = ubi_read(c->ubi, lnum, sbuf, 0, offs); 857 if (err) 858 return err; 859 return ubi_leb_change(c->ubi, lnum, sbuf, offs, UBI_UNKNOWN); 860 } 861 862 return 0; 863} 864 865/** 866 * ubifs_recover_inl_heads - recover index and LPT heads. 867 * @c: UBIFS file-system description object 868 * @sbuf: LEB-sized buffer to use 869 * 870 * This function ensures that there is no data on the flash at the index and 871 * LPT head locations. 872 * 873 * This deals with the recovery of a half-completed journal commit. UBIFS is 874 * careful never to overwrite the last version of the index or the LPT. Because 875 * the index and LPT are wandering trees, data from a half-completed commit will 876 * not be referenced anywhere in UBIFS. The data will be either in LEBs that are 877 * assumed to be empty and will be unmapped anyway before use, or in the index 878 * and LPT heads. 879 * 880 * This function returns %0 on success and a negative error code on failure. 881 */ 882int ubifs_recover_inl_heads(const struct ubifs_info *c, void *sbuf) 883{ 884 int err; 885 886 ubifs_assert(!(c->vfs_sb->s_flags & MS_RDONLY) || c->remounting_rw); 887 888 dbg_rcvry("checking index head at %d:%d", c->ihead_lnum, c->ihead_offs); 889 err = recover_head(c, c->ihead_lnum, c->ihead_offs, sbuf); 890 if (err) 891 return err; 892 893 dbg_rcvry("checking LPT head at %d:%d", c->nhead_lnum, c->nhead_offs); 894 err = recover_head(c, c->nhead_lnum, c->nhead_offs, sbuf); 895 if (err) 896 return err; 897 898 return 0; 899} 900 901/** 902 * clean_an_unclean_leb - read and write a LEB to remove corruption. 903 * @c: UBIFS file-system description object 904 * @ucleb: unclean LEB information 905 * @sbuf: LEB-sized buffer to use 906 * 907 * This function reads a LEB up to a point pre-determined by the mount recovery, 908 * checks the nodes, and writes the result back to the flash, thereby cleaning 909 * off any following corruption, or non-fatal ECC errors. 910 * 911 * This function returns %0 on success and a negative error code on failure. 912 */ 913static int clean_an_unclean_leb(const struct ubifs_info *c, 914 struct ubifs_unclean_leb *ucleb, void *sbuf) 915{ 916 int err, lnum = ucleb->lnum, offs = 0, len = ucleb->endpt, quiet = 1; 917 void *buf = sbuf; 918 919 dbg_rcvry("LEB %d len %d", lnum, len); 920 921 if (len == 0) { 922 /* Nothing to read, just unmap it */ 923 err = ubifs_leb_unmap(c, lnum); 924 if (err) 925 return err; 926 return 0; 927 } 928 929 err = ubi_read(c->ubi, lnum, buf, offs, len); 930 if (err && err != -EBADMSG) 931 return err; 932 933 while (len >= 8) { 934 int ret; 935 936 cond_resched(); 937 938 /* Scan quietly until there is an error */ 939 ret = ubifs_scan_a_node(c, buf, len, lnum, offs, quiet); 940 941 if (ret == SCANNED_A_NODE) { 942 /* A valid node, and not a padding node */ 943 struct ubifs_ch *ch = buf; 944 int node_len; 945 946 node_len = ALIGN(le32_to_cpu(ch->len), 8); 947 offs += node_len; 948 buf += node_len; 949 len -= node_len; 950 continue; 951 } 952 953 if (ret > 0) { 954 /* Padding bytes or a valid padding node */ 955 offs += ret; 956 buf += ret; 957 len -= ret; 958 continue; 959 } 960 961 if (ret == SCANNED_EMPTY_SPACE) { 962 ubifs_err("unexpected empty space at %d:%d", 963 lnum, offs); 964 return -EUCLEAN; 965 } 966 967 if (quiet) { 968 /* Redo the last scan but noisily */ 969 quiet = 0; 970 continue; 971 } 972 973 ubifs_scanned_corruption(c, lnum, offs, buf); 974 return -EUCLEAN; 975 } 976 977 /* Pad to min_io_size */ 978 len = ALIGN(ucleb->endpt, c->min_io_size); 979 if (len > ucleb->endpt) { 980 int pad_len = len - ALIGN(ucleb->endpt, 8); 981 982 if (pad_len > 0) { 983 buf = c->sbuf + len - pad_len; 984 ubifs_pad(c, buf, pad_len); 985 } 986 } 987 988 /* Write back the LEB atomically */ 989 err = ubi_leb_change(c->ubi, lnum, sbuf, len, UBI_UNKNOWN); 990 if (err) 991 return err; 992 993 dbg_rcvry("cleaned LEB %d", lnum); 994 995 return 0; 996} 997 998/** 999 * ubifs_clean_lebs - clean LEBs recovered during read-only mount. 1000 * @c: UBIFS file-system description object 1001 * @sbuf: LEB-sized buffer to use 1002 * 1003 * This function cleans a LEB identified during recovery that needs to be 1004 * written but was not because UBIFS was mounted read-only. This happens when 1005 * remounting to read-write mode. 1006 * 1007 * This function returns %0 on success and a negative error code on failure. 1008 */ 1009int ubifs_clean_lebs(const struct ubifs_info *c, void *sbuf) 1010{ 1011 dbg_rcvry("recovery"); 1012 while (!list_empty(&c->unclean_leb_list)) { 1013 struct ubifs_unclean_leb *ucleb; 1014 int err; 1015 1016 ucleb = list_entry(c->unclean_leb_list.next, 1017 struct ubifs_unclean_leb, list); 1018 err = clean_an_unclean_leb(c, ucleb, sbuf); 1019 if (err) 1020 return err; 1021 list_del(&ucleb->list); 1022 kfree(ucleb); 1023 } 1024 return 0; 1025} 1026 1027/** 1028 * ubifs_rcvry_gc_commit - recover the GC LEB number and run the commit. 1029 * @c: UBIFS file-system description object 1030 * 1031 * Out-of-place garbage collection requires always one empty LEB with which to 1032 * start garbage collection. The LEB number is recorded in c->gc_lnum and is 1033 * written to the master node on unmounting. In the case of an unclean unmount 1034 * the value of gc_lnum recorded in the master node is out of date and cannot 1035 * be used. Instead, recovery must allocate an empty LEB for this purpose. 1036 * However, there may not be enough empty space, in which case it must be 1037 * possible to GC the dirtiest LEB into the GC head LEB. 1038 * 1039 * This function also runs the commit which causes the TNC updates from 1040 * size-recovery and orphans to be written to the flash. That is important to 1041 * ensure correct replay order for subsequent mounts. 1042 * 1043 * This function returns %0 on success and a negative error code on failure. 1044 */ 1045int ubifs_rcvry_gc_commit(struct ubifs_info *c) 1046{ 1047 struct ubifs_wbuf *wbuf = &c->jheads[GCHD].wbuf; 1048 struct ubifs_lprops lp; 1049 int lnum, err; 1050 1051 c->gc_lnum = -1; 1052 if (wbuf->lnum == -1) { 1053 dbg_rcvry("no GC head LEB"); 1054 goto find_free; 1055 } 1056 /* 1057 * See whether the used space in the dirtiest LEB fits in the GC head 1058 * LEB. 1059 */ 1060 if (wbuf->offs == c->leb_size) { 1061 dbg_rcvry("no room in GC head LEB"); 1062 goto find_free; 1063 } 1064 err = ubifs_find_dirty_leb(c, &lp, wbuf->offs, 2); 1065 if (err) { 1066 /* 1067 * There are no dirty or empty LEBs subject to here being 1068 * enough for the index. Try to use 1069 * 'ubifs_find_free_leb_for_idx()', which will return any empty 1070 * LEBs (ignoring index requirements). If the index then 1071 * doesn't have enough LEBs the recovery commit will fail - 1072 * which is the same result anyway i.e. recovery fails. So 1073 * there is no problem ignoring index requirements and just 1074 * grabbing a free LEB since we have already established there 1075 * is not a dirty LEB we could have used instead. 1076 */ 1077 if (err == -ENOSPC) { 1078 dbg_rcvry("could not find a dirty LEB"); 1079 goto find_free; 1080 } 1081 return err; 1082 } 1083 ubifs_assert(!(lp.flags & LPROPS_INDEX)); 1084 lnum = lp.lnum; 1085 if (lp.free + lp.dirty == c->leb_size) { 1086 /* An empty LEB was returned */ 1087 if (lp.free != c->leb_size) { 1088 err = ubifs_change_one_lp(c, lnum, c->leb_size, 1089 0, 0, 0, 0); 1090 if (err) 1091 return err; 1092 } 1093 err = ubifs_leb_unmap(c, lnum); 1094 if (err) 1095 return err; 1096 c->gc_lnum = lnum; 1097 dbg_rcvry("allocated LEB %d for GC", lnum); 1098 /* Run the commit */ 1099 dbg_rcvry("committing"); 1100 return ubifs_run_commit(c); 1101 } 1102 /* 1103 * There was no empty LEB so the used space in the dirtiest LEB must fit 1104 * in the GC head LEB. 1105 */ 1106 if (lp.free + lp.dirty < wbuf->offs) { 1107 dbg_rcvry("LEB %d doesn't fit in GC head LEB %d:%d", 1108 lnum, wbuf->lnum, wbuf->offs); 1109 err = ubifs_return_leb(c, lnum); 1110 if (err) 1111 return err; 1112 goto find_free; 1113 } 1114 /* 1115 * We run the commit before garbage collection otherwise subsequent 1116 * mounts will see the GC and orphan deletion in a different order. 1117 */ 1118 dbg_rcvry("committing"); 1119 err = ubifs_run_commit(c); 1120 if (err) 1121 return err; 1122 /* 1123 * The data in the dirtiest LEB fits in the GC head LEB, so do the GC 1124 * - use locking to keep 'ubifs_assert()' happy. 1125 */ 1126 dbg_rcvry("GC'ing LEB %d", lnum); 1127 mutex_lock_nested(&wbuf->io_mutex, wbuf->jhead); 1128 err = ubifs_garbage_collect_leb(c, &lp); 1129 if (err >= 0) { 1130 int err2 = ubifs_wbuf_sync_nolock(wbuf); 1131 1132 if (err2) 1133 err = err2; 1134 } 1135 mutex_unlock(&wbuf->io_mutex); 1136 if (err < 0) { 1137 dbg_err("GC failed, error %d", err); 1138 if (err == -EAGAIN) 1139 err = -EINVAL; 1140 return err; 1141 } 1142 if (err != LEB_RETAINED) { 1143 dbg_err("GC returned %d", err); 1144 return -EINVAL; 1145 } 1146 err = ubifs_leb_unmap(c, c->gc_lnum); 1147 if (err) 1148 return err; 1149 dbg_rcvry("allocated LEB %d for GC", lnum); 1150 return 0; 1151 1152find_free: 1153 /* 1154 * There is no GC head LEB or the free space in the GC head LEB is too 1155 * small, or there are not dirty LEBs. Allocate gc_lnum by calling 1156 * 'ubifs_find_free_leb_for_idx()' so GC is not run. 1157 */ 1158 lnum = ubifs_find_free_leb_for_idx(c); 1159 if (lnum < 0) { 1160 dbg_err("could not find an empty LEB"); 1161 return lnum; 1162 } 1163 /* And reset the index flag */ 1164 err = ubifs_change_one_lp(c, lnum, LPROPS_NC, LPROPS_NC, 0, 1165 LPROPS_INDEX, 0); 1166 if (err) 1167 return err; 1168 c->gc_lnum = lnum; 1169 dbg_rcvry("allocated LEB %d for GC", lnum); 1170 /* Run the commit */ 1171 dbg_rcvry("committing"); 1172 return ubifs_run_commit(c); 1173} 1174 1175/** 1176 * struct size_entry - inode size information for recovery. 1177 * @rb: link in the RB-tree of sizes 1178 * @inum: inode number 1179 * @i_size: size on inode 1180 * @d_size: maximum size based on data nodes 1181 * @exists: indicates whether the inode exists 1182 * @inode: inode if pinned in memory awaiting rw mode to fix it 1183 */ 1184struct size_entry { 1185 struct rb_node rb; 1186 ino_t inum; 1187 loff_t i_size; 1188 loff_t d_size; 1189 int exists; 1190 struct inode *inode; 1191}; 1192 1193/** 1194 * add_ino - add an entry to the size tree. 1195 * @c: UBIFS file-system description object 1196 * @inum: inode number 1197 * @i_size: size on inode 1198 * @d_size: maximum size based on data nodes 1199 * @exists: indicates whether the inode exists 1200 */ 1201static int add_ino(struct ubifs_info *c, ino_t inum, loff_t i_size, 1202 loff_t d_size, int exists) 1203{ 1204 struct rb_node **p = &c->size_tree.rb_node, *parent = NULL; 1205 struct size_entry *e; 1206 1207 while (*p) { 1208 parent = *p; 1209 e = rb_entry(parent, struct size_entry, rb); 1210 if (inum < e->inum) 1211 p = &(*p)->rb_left; 1212 else 1213 p = &(*p)->rb_right; 1214 } 1215 1216 e = kzalloc(sizeof(struct size_entry), GFP_KERNEL); 1217 if (!e) 1218 return -ENOMEM; 1219 1220 e->inum = inum; 1221 e->i_size = i_size; 1222 e->d_size = d_size; 1223 e->exists = exists; 1224 1225 rb_link_node(&e->rb, parent, p); 1226 rb_insert_color(&e->rb, &c->size_tree); 1227 1228 return 0; 1229} 1230 1231/** 1232 * find_ino - find an entry on the size tree. 1233 * @c: UBIFS file-system description object 1234 * @inum: inode number 1235 */ 1236static struct size_entry *find_ino(struct ubifs_info *c, ino_t inum) 1237{ 1238 struct rb_node *p = c->size_tree.rb_node; 1239 struct size_entry *e; 1240 1241 while (p) { 1242 e = rb_entry(p, struct size_entry, rb); 1243 if (inum < e->inum) 1244 p = p->rb_left; 1245 else if (inum > e->inum) 1246 p = p->rb_right; 1247 else 1248 return e; 1249 } 1250 return NULL; 1251} 1252 1253/** 1254 * remove_ino - remove an entry from the size tree. 1255 * @c: UBIFS file-system description object 1256 * @inum: inode number 1257 */ 1258static void remove_ino(struct ubifs_info *c, ino_t inum) 1259{ 1260 struct size_entry *e = find_ino(c, inum); 1261 1262 if (!e) 1263 return; 1264 rb_erase(&e->rb, &c->size_tree); 1265 kfree(e); 1266} 1267 1268/** 1269 * ubifs_destroy_size_tree - free resources related to the size tree. 1270 * @c: UBIFS file-system description object 1271 */ 1272void ubifs_destroy_size_tree(struct ubifs_info *c) 1273{ 1274 struct rb_node *this = c->size_tree.rb_node; 1275 struct size_entry *e; 1276 1277 while (this) { 1278 if (this->rb_left) { 1279 this = this->rb_left; 1280 continue; 1281 } else if (this->rb_right) { 1282 this = this->rb_right; 1283 continue; 1284 } 1285 e = rb_entry(this, struct size_entry, rb); 1286 if (e->inode) 1287 iput(e->inode); 1288 this = rb_parent(this); 1289 if (this) { 1290 if (this->rb_left == &e->rb) 1291 this->rb_left = NULL; 1292 else 1293 this->rb_right = NULL; 1294 } 1295 kfree(e); 1296 } 1297 c->size_tree = RB_ROOT; 1298} 1299 1300/** 1301 * ubifs_recover_size_accum - accumulate inode sizes for recovery. 1302 * @c: UBIFS file-system description object 1303 * @key: node key 1304 * @deletion: node is for a deletion 1305 * @new_size: inode size 1306 * 1307 * This function has two purposes: 1308 * 1) to ensure there are no data nodes that fall outside the inode size 1309 * 2) to ensure there are no data nodes for inodes that do not exist 1310 * To accomplish those purposes, a rb-tree is constructed containing an entry 1311 * for each inode number in the journal that has not been deleted, and recording 1312 * the size from the inode node, the maximum size of any data node (also altered 1313 * by truncations) and a flag indicating a inode number for which no inode node 1314 * was present in the journal. 1315 * 1316 * Note that there is still the possibility that there are data nodes that have 1317 * been committed that are beyond the inode size, however the only way to find 1318 * them would be to scan the entire index. Alternatively, some provision could 1319 * be made to record the size of inodes at the start of commit, which would seem 1320 * very cumbersome for a scenario that is quite unlikely and the only negative 1321 * consequence of which is wasted space. 1322 * 1323 * This functions returns %0 on success and a negative error code on failure. 1324 */ 1325int ubifs_recover_size_accum(struct ubifs_info *c, union ubifs_key *key, 1326 int deletion, loff_t new_size) 1327{ 1328 ino_t inum = key_inum(c, key); 1329 struct size_entry *e; 1330 int err; 1331 1332 switch (key_type(c, key)) { 1333 case UBIFS_INO_KEY: 1334 if (deletion) 1335 remove_ino(c, inum); 1336 else { 1337 e = find_ino(c, inum); 1338 if (e) { 1339 e->i_size = new_size; 1340 e->exists = 1; 1341 } else { 1342 err = add_ino(c, inum, new_size, 0, 1); 1343 if (err) 1344 return err; 1345 } 1346 } 1347 break; 1348 case UBIFS_DATA_KEY: 1349 e = find_ino(c, inum); 1350 if (e) { 1351 if (new_size > e->d_size) 1352 e->d_size = new_size; 1353 } else { 1354 err = add_ino(c, inum, 0, new_size, 0); 1355 if (err) 1356 return err; 1357 } 1358 break; 1359 case UBIFS_TRUN_KEY: 1360 e = find_ino(c, inum); 1361 if (e) 1362 e->d_size = new_size; 1363 break; 1364 } 1365 return 0; 1366} 1367 1368/** 1369 * fix_size_in_place - fix inode size in place on flash. 1370 * @c: UBIFS file-system description object 1371 * @e: inode size information for recovery 1372 */ 1373static int fix_size_in_place(struct ubifs_info *c, struct size_entry *e) 1374{ 1375 struct ubifs_ino_node *ino = c->sbuf; 1376 unsigned char *p; 1377 union ubifs_key key; 1378 int err, lnum, offs, len; 1379 loff_t i_size; 1380 uint32_t crc; 1381 1382 /* Locate the inode node LEB number and offset */ 1383 ino_key_init(c, &key, e->inum); 1384 err = ubifs_tnc_locate(c, &key, ino, &lnum, &offs); 1385 if (err) 1386 goto out; 1387 /* 1388 * If the size recorded on the inode node is greater than the size that 1389 * was calculated from nodes in the journal then don't change the inode. 1390 */ 1391 i_size = le64_to_cpu(ino->size); 1392 if (i_size >= e->d_size) 1393 return 0; 1394 /* Read the LEB */ 1395 err = ubi_read(c->ubi, lnum, c->sbuf, 0, c->leb_size); 1396 if (err) 1397 goto out; 1398 /* Change the size field and recalculate the CRC */ 1399 ino = c->sbuf + offs; 1400 ino->size = cpu_to_le64(e->d_size); 1401 len = le32_to_cpu(ino->ch.len); 1402 crc = crc32(UBIFS_CRC32_INIT, (void *)ino + 8, len - 8); 1403 ino->ch.crc = cpu_to_le32(crc); 1404 /* Work out where data in the LEB ends and free space begins */ 1405 p = c->sbuf; 1406 len = c->leb_size - 1; 1407 while (p[len] == 0xff) 1408 len -= 1; 1409 len = ALIGN(len + 1, c->min_io_size); 1410 /* Atomically write the fixed LEB back again */ 1411 err = ubi_leb_change(c->ubi, lnum, c->sbuf, len, UBI_UNKNOWN); 1412 if (err) 1413 goto out; 1414 dbg_rcvry("inode %lu at %d:%d size %lld -> %lld ", 1415 (unsigned long)e->inum, lnum, offs, i_size, e->d_size); 1416 return 0; 1417 1418out: 1419 ubifs_warn("inode %lu failed to fix size %lld -> %lld error %d", 1420 (unsigned long)e->inum, e->i_size, e->d_size, err); 1421 return err; 1422} 1423 1424/** 1425 * ubifs_recover_size - recover inode size. 1426 * @c: UBIFS file-system description object 1427 * 1428 * This function attempts to fix inode size discrepancies identified by the 1429 * 'ubifs_recover_size_accum()' function. 1430 * 1431 * This functions returns %0 on success and a negative error code on failure. 1432 */ 1433int ubifs_recover_size(struct ubifs_info *c) 1434{ 1435 struct rb_node *this = rb_first(&c->size_tree); 1436 1437 while (this) { 1438 struct size_entry *e; 1439 int err; 1440 1441 e = rb_entry(this, struct size_entry, rb); 1442 if (!e->exists) { 1443 union ubifs_key key; 1444 1445 ino_key_init(c, &key, e->inum); 1446 err = ubifs_tnc_lookup(c, &key, c->sbuf); 1447 if (err && err != -ENOENT) 1448 return err; 1449 if (err == -ENOENT) { 1450 /* Remove data nodes that have no inode */ 1451 dbg_rcvry("removing ino %lu", 1452 (unsigned long)e->inum); 1453 err = ubifs_tnc_remove_ino(c, e->inum); 1454 if (err) 1455 return err; 1456 } else { 1457 struct ubifs_ino_node *ino = c->sbuf; 1458 1459 e->exists = 1; 1460 e->i_size = le64_to_cpu(ino->size); 1461 } 1462 } 1463 if (e->exists && e->i_size < e->d_size) { 1464 if (!e->inode && (c->vfs_sb->s_flags & MS_RDONLY)) { 1465 /* Fix the inode size and pin it in memory */ 1466 struct inode *inode; 1467 1468 inode = ubifs_iget(c->vfs_sb, e->inum); 1469 if (IS_ERR(inode)) 1470 return PTR_ERR(inode); 1471 if (inode->i_size < e->d_size) { 1472 dbg_rcvry("ino %lu size %lld -> %lld", 1473 (unsigned long)e->inum, 1474 e->d_size, inode->i_size); 1475 inode->i_size = e->d_size; 1476 ubifs_inode(inode)->ui_size = e->d_size; 1477 e->inode = inode; 1478 this = rb_next(this); 1479 continue; 1480 } 1481 iput(inode); 1482 } else { 1483 /* Fix the size in place */ 1484 err = fix_size_in_place(c, e); 1485 if (err) 1486 return err; 1487 if (e->inode) 1488 iput(e->inode); 1489 } 1490 } 1491 this = rb_next(this); 1492 rb_erase(&e->rb, &c->size_tree); 1493 kfree(e); 1494 } 1495 return 0; 1496} 1497