From 5bd5c03c317085339deb044ba52fce131a6a0b67 Mon Sep 17 00:00:00 2001 From: Joakim Tjernlund Date: Sun, 24 Jun 2007 19:22:29 +0200 Subject: [JFFS2] Prevent oops after 'node added in wrong place' debug check jffs2_add_physical_node_ref() should never really return error -- it's an internal debugging check which triggered. We really need to work out why and stop it happening. But in the meantime, let's make the failure mode a little less nasty. Signed-off-by: Joakim Tjernlund Signed-off-by: David Woodhouse diff --git a/fs/jffs2/write.c b/fs/jffs2/write.c index c9fe0ab..1406f2c 100644 --- a/fs/jffs2/write.c +++ b/fs/jffs2/write.c @@ -173,6 +173,12 @@ struct jffs2_full_dnode *jffs2_write_dnode(struct jffs2_sb_info *c, struct jffs2 flash_ofs |= REF_NORMAL; } fn->raw = jffs2_add_physical_node_ref(c, flash_ofs, PAD(sizeof(*ri)+datalen), f->inocache); + if (IS_ERR(fn->raw)) { + void *hold_err = fn->raw; + /* Release the full_dnode which is now useless, and return */ + jffs2_free_full_dnode(fn); + return ERR_PTR(PTR_ERR(hold_err)); + } fn->ofs = je32_to_cpu(ri->offset); fn->size = je32_to_cpu(ri->dsize); fn->frags = 0; @@ -291,6 +297,12 @@ struct jffs2_full_dirent *jffs2_write_dirent(struct jffs2_sb_info *c, struct jff } /* Mark the space used */ fd->raw = jffs2_add_physical_node_ref(c, flash_ofs | REF_PRISTINE, PAD(sizeof(*rd)+namelen), f->inocache); + if (IS_ERR(fd->raw)) { + void *hold_err = fd->raw; + /* Release the full_dirent which is now useless, and return */ + jffs2_free_full_dirent(fd); + return ERR_PTR(PTR_ERR(hold_err)); + } if (retried) { jffs2_dbg_acct_sanity_check(c,NULL); -- cgit v0.10.2 From 71c23397752c0e40722d931ab9152342e9673336 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 29 Jun 2007 13:39:57 +0100 Subject: [JFFS2] Deletion dirents should be REF_NORMAL, not REF_PRISTINE. Otherwise they'll never actually get garbage-collected. Noted by Jonathan Larmour. Signed-off-by: David Woodhouse diff --git a/fs/jffs2/nodelist.h b/fs/jffs2/nodelist.h index 25126a0..bc5509f 100644 --- a/fs/jffs2/nodelist.h +++ b/fs/jffs2/nodelist.h @@ -139,6 +139,11 @@ static inline struct jffs2_inode_cache *jffs2_raw_ref_to_ic(struct jffs2_raw_nod #define ref_obsolete(ref) (((ref)->flash_offset & 3) == REF_OBSOLETE) #define mark_ref_normal(ref) do { (ref)->flash_offset = ref_offset(ref) | REF_NORMAL; } while(0) +/* Dirent nodes should be REF_PRISTINE only if they are not a deletion + dirent. Deletion dirents should be REF_NORMAL so that GC gets to + throw them away when appropriate */ +#define dirent_node_state(rd) ( (je32_to_cpu((rd)->ino)?REF_PRISTINE:REF_NORMAL) ) + /* NB: REF_PRISTINE for an inode-less node (ref->next_in_ino == NULL) indicates it is an unknown node of type JFFS2_NODETYPE_RWCOMPAT_COPY, so it'll get copied. If you need to do anything different to GC inode-less nodes, then diff --git a/fs/jffs2/readinode.c b/fs/jffs2/readinode.c index 7b36378..170da20 100644 --- a/fs/jffs2/readinode.c +++ b/fs/jffs2/readinode.c @@ -613,7 +613,7 @@ static inline int read_direntry(struct jffs2_sb_info *c, struct jffs2_raw_node_r jeb->unchecked_size -= len; c->used_size += len; c->unchecked_size -= len; - ref->flash_offset = ref_offset(ref) | REF_PRISTINE; + ref->flash_offset = ref_offset(ref) | dirent_node_state(rd); spin_unlock(&c->erase_completion_lock); } diff --git a/fs/jffs2/scan.c b/fs/jffs2/scan.c index 2a1c976..6c75cd4 100644 --- a/fs/jffs2/scan.c +++ b/fs/jffs2/scan.c @@ -1049,7 +1049,8 @@ static int jffs2_scan_dirent_node(struct jffs2_sb_info *c, struct jffs2_eraseblo return -ENOMEM; } - fd->raw = jffs2_link_node_ref(c, jeb, ofs | REF_PRISTINE, PAD(je32_to_cpu(rd->totlen)), ic); + fd->raw = jffs2_link_node_ref(c, jeb, ofs | dirent_node_state(rd), + PAD(je32_to_cpu(rd->totlen)), ic); fd->next = NULL; fd->version = je32_to_cpu(rd->version); diff --git a/fs/jffs2/write.c b/fs/jffs2/write.c index 1406f2c..bc61859 100644 --- a/fs/jffs2/write.c +++ b/fs/jffs2/write.c @@ -296,7 +296,8 @@ struct jffs2_full_dirent *jffs2_write_dirent(struct jffs2_sb_info *c, struct jff return ERR_PTR(ret?ret:-EIO); } /* Mark the space used */ - fd->raw = jffs2_add_physical_node_ref(c, flash_ofs | REF_PRISTINE, PAD(sizeof(*rd)+namelen), f->inocache); + fd->raw = jffs2_add_physical_node_ref(c, flash_ofs | dirent_node_state(rd), + PAD(sizeof(*rd)+namelen), f->inocache); if (IS_ERR(fd->raw)) { void *hold_err = fd->raw; /* Release the full_dirent which is now useless, and return */ -- cgit v0.10.2 From 7b687707d769112aee220bafd50fa113363717ff Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 28 Jun 2007 19:49:36 +0100 Subject: [JFFS2] Fix suspend failure with JFFS2 GC thread. The try_to_freeze() call was in the wrong place; we need it in the signal-pending loop now that a pending freeze also makes signal_pending() return true. Signed-off-by: David Woodhouse diff --git a/fs/jffs2/background.c b/fs/jffs2/background.c index 143c553..504643f 100644 --- a/fs/jffs2/background.c +++ b/fs/jffs2/background.c @@ -84,7 +84,7 @@ static int jffs2_garbage_collect_thread(void *_c) set_freezable(); for (;;) { allow_signal(SIGHUP); - + again: if (!jffs2_thread_should_wake(c)) { set_current_state (TASK_INTERRUPTIBLE); D1(printk(KERN_DEBUG "jffs2_garbage_collect_thread sleeping...\n")); @@ -95,9 +95,6 @@ static int jffs2_garbage_collect_thread(void *_c) schedule(); } - if (try_to_freeze()) - continue; - /* This thread is purely an optimisation. But if it runs when other things could be running, it actually makes things a lot worse. Use yield() and put it at the back of the runqueue @@ -112,6 +109,9 @@ static int jffs2_garbage_collect_thread(void *_c) siginfo_t info; unsigned long signr; + if (try_to_freeze()) + goto again; + signr = dequeue_signal_lock(current, ¤t->blocked, &info); switch(signr) { -- cgit v0.10.2 From b8e3ec30c232eb76c96ecab52205fe46e8b0473a Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 5 Jul 2007 01:57:26 -0400 Subject: [JFFS2] Print correct node offset when complaining about broken data CRC Debugging the hardware problems in OLPC trac #1905 would be a whole lot easier if the correct node offsets were printed for the offending nodes. Signed-off-by: David Woodhouse diff --git a/fs/jffs2/readinode.c b/fs/jffs2/readinode.c index 170da20..b5baa35 100644 --- a/fs/jffs2/readinode.c +++ b/fs/jffs2/readinode.c @@ -104,7 +104,7 @@ static int check_node_data(struct jffs2_sb_info *c, struct jffs2_tmp_dnode_info if (crc != tn->data_crc) { JFFS2_NOTICE("wrong data CRC in data node at 0x%08x: read %#08x, calculated %#08x.\n", - ofs, tn->data_crc, crc); + ref_offset(ref), tn->data_crc, crc); return 1; } -- cgit v0.10.2 From 47af05dd4b98b57eeb682596a0df42d106e02167 Mon Sep 17 00:00:00 2001 From: Florin Malita Date: Thu, 19 Jul 2007 16:45:18 -0400 Subject: [MTD] Fix potential leak in rfd_ftl_add_mtd This fixes a leak in the !mtd->erasesize error path (Coverity 1765). Signed-off-by: Florin Malita Signed-off-by: David Woodhouse diff --git a/drivers/mtd/rfd_ftl.c b/drivers/mtd/rfd_ftl.c index d4b1ba8..006c03a 100644 --- a/drivers/mtd/rfd_ftl.c +++ b/drivers/mtd/rfd_ftl.c @@ -779,6 +779,7 @@ static void rfd_ftl_add_mtd(struct mtd_blktrans_ops *tr, struct mtd_info *mtd) else { if (!mtd->erasesize) { printk(KERN_WARNING PREFIX "please provide block_size"); + kfree(part); return; } else -- cgit v0.10.2 From 9d7b4b5562b60c826c71cf2e1b7b63add42e527f Mon Sep 17 00:00:00 2001 From: Roland Stigge Date: Wed, 18 Jul 2007 14:56:11 +0200 Subject: [MTD] [NAND] Fix refactoring of EDB7312 hwcontrol function. The patch ensures that the current code (kernel 2.6.22) uses the bits like the code prior to the refactoring. The variable "bits" is employed in a useful way now. Signed-off-by: Roland Stigge Signed-off-by: David Woodhouse diff --git a/drivers/mtd/nand/edb7312.c b/drivers/mtd/nand/edb7312.c index 1daf823..0146cdc 100644 --- a/drivers/mtd/nand/edb7312.c +++ b/drivers/mtd/nand/edb7312.c @@ -74,7 +74,7 @@ static struct mtd_partition partition_info[] = { /* * hardware specific access to control-lines * - * NAND_NCE: bit 0 -> bit 7 + * NAND_NCE: bit 0 -> bit 6 (bit 7 = 1) * NAND_CLE: bit 1 -> bit 4 * NAND_ALE: bit 2 -> bit 5 */ @@ -83,12 +83,12 @@ static void ep7312_hwcontrol(struct mtd_info *mtd, int cmd, unsigned int ctrl) struct nand_chip *chip = mtd->priv; if (ctrl & NAND_CTRL_CHANGE) { - unsigned char bits; + unsigned char bits = 0x80; - bits = (ctrl & (NAND_CLE | NAND_ALE)) << 3; - bits = (ctrl & NAND_NCE) << 7; + bits |= (ctrl & (NAND_CLE | NAND_ALE)) << 3; + bits |= (ctrl & NAND_NCE) ? 0x00 : 0x40; - clps_writeb((clps_readb(ep7312_pxdr) & 0xB0) | 0x10, + clps_writeb((clps_readb(ep7312_pxdr) & 0xF0) | bits, ep7312_pxdr); } if (cmd != NAND_CMD_NONE) -- cgit v0.10.2 From 06a7643cd3d440a1d15a6b3aa7ee431f3f4791b4 Mon Sep 17 00:00:00 2001 From: Artem Bityutskiy Date: Mon, 23 Jul 2007 16:06:50 +0300 Subject: [MTD] [NAND] fix race in nand_base.c When we mark block bad we have to get chip because this involves writing to the page's OOB. We hit this bug in UBI - we observed random obscure crashes when it marks block bad from the background thread and there is some parallel task which utilizes flash. This patch also adds a TODO note about BBT table protection which it seems does not exist. Signed-off-by: Artem Bityutskiy Signed-off-by: David Woodhouse diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c index 7e68203..4b019c6 100644 --- a/drivers/mtd/nand/nand_base.c +++ b/drivers/mtd/nand/nand_base.c @@ -24,6 +24,7 @@ * if we have HW ecc support. * The AG-AND chips have nice features for speed improvement, * which are not supported yet. Read / program 4 pages in one go. + * BBT table is not serialized, has to be fixed * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as @@ -360,6 +361,7 @@ static int nand_default_block_markbad(struct mtd_info *mtd, loff_t ofs) /* We write two bytes, so we dont have to mess with 16 bit * access */ + nand_get_device(chip, mtd, FL_WRITING); ofs += mtd->oobsize; chip->ops.len = chip->ops.ooblen = 2; chip->ops.datbuf = NULL; @@ -367,9 +369,11 @@ static int nand_default_block_markbad(struct mtd_info *mtd, loff_t ofs) chip->ops.ooboffs = chip->badblockpos & ~0x01; ret = nand_do_write_oob(mtd, ofs, &chip->ops); + nand_release_device(mtd); } if (!ret) mtd->ecc_stats.badblocks++; + return ret; } -- cgit v0.10.2 From a4265f8d9241ba583e48380f1b9e60cfcb798449 Mon Sep 17 00:00:00 2001 From: Ivan Kuten Date: Thu, 24 May 2007 14:35:58 +0300 Subject: [MTD] [NAND] at91_nand rdy_pin fix The patch below fixes nand driver for AT91 boards which do not have NAND R/B signal connected to gpio (rdy_pin is not connected). Signed-off-by: Ivan Kuten Acked-by: Andrew Victor Signed-off-by: David Woodhouse diff --git a/drivers/mtd/nand/at91_nand.c b/drivers/mtd/nand/at91_nand.c index 512e999..b2a5672 100644 --- a/drivers/mtd/nand/at91_nand.c +++ b/drivers/mtd/nand/at91_nand.c @@ -128,7 +128,10 @@ static int __init at91_nand_probe(struct platform_device *pdev) nand_chip->IO_ADDR_R = host->io_base; nand_chip->IO_ADDR_W = host->io_base; nand_chip->cmd_ctrl = at91_nand_cmd_ctrl; - nand_chip->dev_ready = at91_nand_device_ready; + + if (host->board->rdy_pin) + nand_chip->dev_ready = at91_nand_device_ready; + nand_chip->ecc.mode = NAND_ECC_SOFT; /* enable ECC */ nand_chip->chip_delay = 20; /* 20us command delay time */ -- cgit v0.10.2 From 515495a1da9abf339b922b7919c4950e85b87b42 Mon Sep 17 00:00:00 2001 From: Ben Dooks Date: Mon, 28 May 2007 19:17:54 +0100 Subject: [MTD] [NAND] nand_base.c: fix type of eccpos pointer The nand_base.c driver implicitly casts the uint32_t eccpos array to 'int *', which is not only not guaranteed to be the same sign as the source, but is not guaranteed to be the same size. Fix by changing nand_base.c to use uint32_t referencing the eccpos fields. Signed-off-by: Ben Dooks Signed-off-by: David Woodhouse diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c index 4b019c6..24ac677 100644 --- a/drivers/mtd/nand/nand_base.c +++ b/drivers/mtd/nand/nand_base.c @@ -772,7 +772,7 @@ static int nand_read_page_swecc(struct mtd_info *mtd, struct nand_chip *chip, uint8_t *p = buf; uint8_t *ecc_calc = chip->buffers->ecccalc; uint8_t *ecc_code = chip->buffers->ecccode; - int *eccpos = chip->ecc.layout->eccpos; + uint32_t *eccpos = chip->ecc.layout->eccpos; chip->ecc.read_page_raw(mtd, chip, buf); @@ -814,7 +814,7 @@ static int nand_read_page_hwecc(struct mtd_info *mtd, struct nand_chip *chip, uint8_t *p = buf; uint8_t *ecc_calc = chip->buffers->ecccalc; uint8_t *ecc_code = chip->buffers->ecccode; - int *eccpos = chip->ecc.layout->eccpos; + uint32_t *eccpos = chip->ecc.layout->eccpos; for (i = 0; eccsteps; eccsteps--, i += eccbytes, p += eccsize) { chip->ecc.hwctl(mtd, NAND_ECC_READ); @@ -1420,7 +1420,7 @@ static void nand_write_page_swecc(struct mtd_info *mtd, struct nand_chip *chip, int eccsteps = chip->ecc.steps; uint8_t *ecc_calc = chip->buffers->ecccalc; const uint8_t *p = buf; - int *eccpos = chip->ecc.layout->eccpos; + uint32_t *eccpos = chip->ecc.layout->eccpos; /* Software ecc calculation */ for (i = 0; eccsteps; eccsteps--, i += eccbytes, p += eccsize) @@ -1446,7 +1446,7 @@ static void nand_write_page_hwecc(struct mtd_info *mtd, struct nand_chip *chip, int eccsteps = chip->ecc.steps; uint8_t *ecc_calc = chip->buffers->ecccalc; const uint8_t *p = buf; - int *eccpos = chip->ecc.layout->eccpos; + uint32_t *eccpos = chip->ecc.layout->eccpos; for (i = 0; eccsteps; eccsteps--, i += eccbytes, p += eccsize) { chip->ecc.hwctl(mtd, NAND_ECC_WRITE); -- cgit v0.10.2