[RESEND] jffs2: bugfix of summary length

Message ID	1418324624-29697-1-git-send-email-chenjie6@huawei.com
State	Changes Requested
Headers	show Return-Path: <linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: <chenjie6@huawei.com> To: <linux-mtd@lists.infradead.org>, <David.Woodhouse@intel.com> Subject: [PATCH] [RESEND] jffs2: bugfix of summary length Date: Fri, 12 Dec 2014 03:03:44 +0800 Message-ID: <1418324624-29697-1-git-send-email-chenjie6@huawei.com> MIME-Version: 1.0 summary: Content analysis details: (-0.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [119.145.14.66 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [119.145.14.66 listed in wl.mailspike.net] 0.0 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after SPF: sender matches SPF record -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -0.0 RCVD_IN_MSPIKE_WL Mailspike good senders Cc: computersforpeace@gmail.com, akpm@linux-foundation.org, lizefan@huawei.com, zengweilin@huawei.com Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-mtd" <linux-mtd-bounces@lists.infradead.org> Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Message ID

1418324624-29697-1-git-send-email-chenjie6@huawei.com

State

Changes Requested

Headers

From: <chenjie6@huawei.com>
To: <linux-mtd@lists.infradead.org>, <David.Woodhouse@intel.com>
Subject: [PATCH] [RESEND] jffs2: bugfix of summary length
Date: Fri, 12 Dec 2014 03:03:44 +0800
Message-ID: <1418324624-29697-1-git-send-email-chenjie6@huawei.com>
MIME-Version: 1.0
Cc: computersforpeace@gmail.com, akpm@linux-foundation.org,
	lizefan@huawei.com, zengweilin@huawei.com
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-mtd" <linux-mtd-bounces@lists.infradead.org>
Errors-To: linux-mtd-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Commit Message

chenjie6@huawei.com Dec. 11, 2014, 7:03 p.m. UTC

From: chenjie <chenjie6@huawei.com>

When power is off, the magic of summary is writed but the length not 
so the length is 0xffffffff, sumlen maybe very large. 
The kmalloc() failed  and mount failed.

Cc: <stable@vger.kernel.org>
Signed-off-by: Chen Jie <chenjie6@huawei.com>
---
 fs/jffs2/scan.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Brian Norris Dec. 13, 2014, 3:20 a.m. UTC | #1

On Fri, Dec 12, 2014 at 03:03:44AM +0800, chenjie6@huawei.com wrote:
> From: chenjie <chenjie6@huawei.com>

Can you put your real name here? You have it (presumably) correct in the
sign-off.

> 
> When power is off, the magic of summary is writed but the length not 
> so the length is 0xffffffff, sumlen maybe very large. 
> The kmalloc() failed  and mount failed.

Did you catch this during power-cut testing? On real hardware or
emulation?

> Cc: <stable@vger.kernel.org>
> Signed-off-by: Chen Jie <chenjie6@huawei.com>
> ---
>  fs/jffs2/scan.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/fs/jffs2/scan.c b/fs/jffs2/scan.c
> index 7654e87..6187e56 100644
> --- a/fs/jffs2/scan.c
> +++ b/fs/jffs2/scan.c
> @@ -510,6 +510,9 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
>  				sumlen = c->sector_size - je32_to_cpu(sm->offset);
>  				sumptr = buf + buf_size - sumlen;
>  
> +				if (sumlen > c->sector_size)
> +					goto full_scan;

Can you add a comment above this to suggest why this would occur?

> +
>  				/* Now, make sure the summary itself is available */
>  				if (sumlen > buf_size) {
>  					/* Need to kmalloc for this. */
> @@ -544,6 +547,7 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
>  		}
>  	}
>  
> +full_scan:
>  	buf_ofs = jeb->offset;
>  
>  	if (!buf_size) {

I'll admit, I'm not much of a JFFS2 developer. I'll have to take a
little closer look at this before I'm comfortable taking this, esp. with
the -stable tag.

Brian

diff --git a/fs/jffs2/scan.c b/fs/jffs2/scan.c
index 7654e87..6187e56 100644
--- a/fs/jffs2/scan.c
+++ b/fs/jffs2/scan.c
@@ -510,6 +510,9 @@  static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
 				sumlen = c->sector_size - je32_to_cpu(sm->offset);
 				sumptr = buf + buf_size - sumlen;
 
+				if (sumlen > c->sector_size)
+					goto full_scan;
+
 				/* Now, make sure the summary itself is available */
 				if (sumlen > buf_size) {
 					/* Need to kmalloc for this. */
@@ -544,6 +547,7 @@  static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
 		}
 	}
 
+full_scan:
 	buf_ofs = jeb->offset;
 
 	if (!buf_size) {

[RESEND] jffs2: bugfix of summary length

Commit Message

Comments

Patch