From patchwork Mon Aug  2 09:32:33 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: ubifs : corruption after power cut test
Date: Sun, 01 Aug 2010 23:32:33 -0000
From: Matthieu CASTET <matthieu.castet@parrot.com>
X-Patchwork-Id: 60525
Message-Id: <4C5690B1.6030407@parrot.com>
To: Matthieu CASTET <matthieu.castet@parrot.com>
Cc: "linux-mtd@lists.infradead.org" <linux-mtd@lists.infradead.org>,
 "dedekind1@gmail.com" <dedekind1@gmail.com>

Matthieu CASTET a écrit :
> Hi,
> 
> Matthieu CASTET a écrit :
>> Artem Bityutskiy a écrit :
>> Ok thanks, I will run it
>>
>> When checking the code, I saw that switch_gc_head can set c->gc_lnum to -1.
>>
>> In ubifs_put_super, we set c->mst_node->gc_lnum to c->gc_lnum and write 
>> master node.
>> Can't ubifs_put_super run while switch_gc_head set gc_lnum to -1 ?
>>
> I manage to reproduce it with the backtrace [1].
> 
Waiting for a proper fix, I force recovery if gc_lnum to -1.


Matthieu


diff --git a/fs/ubifs/master.c b/fs/ubifs/master.c
index 28beaee..2b668cc 100644
--- a/fs/ubifs/master.c
+++ b/fs/ubifs/master.c
@@ -135,7 +135,7 @@ static int validate_master(const struct ubifs_info *c)
 		goto out;
 	}
 
-	if (c->gc_lnum >= c->leb_cnt || c->gc_lnum < c->main_first) {
+	if (c->gc_lnum != -1 && (c->gc_lnum >= c->leb_cnt || c->gc_lnum < c->main_first)) {
 		err = 7;
 		goto out;
 	}
diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
index 8cdcdc5..0207620 100644
--- a/fs/ubifs/super.c
+++ b/fs/ubifs/super.c
@@ -1260,7 +1260,7 @@ static int mount_ubifs(struct ubifs_info *c)
 
 	init_constants_master(c);
 
-	if ((c->mst_node->flags & cpu_to_le32(UBIFS_MST_DIRTY)) != 0) {
+	if ((c->mst_node->flags & cpu_to_le32(UBIFS_MST_DIRTY)) != 0 || c->gc_lnum == -1) {
 		ubifs_msg("recovery needed");
 		c->need_recovery = 1;
 		if (!mounted_read_only) {