30 Dec, 2020
1 commit
-
commit 9afc9a8a4909fece0e911e72b1060614ba2f7969 upstream.
The log of this problem is:
jffs2: Error garbage collecting node at 0x***!
jffs2: No space for garbage collection. Aborting GC threadThis is because GC believe that it do nothing, so it abort.
After going over the image of jffs2, I find a scene that
can trigger this problem stably.
The scene is: there is a normal dirent node at summary-area,
but abnormal at corresponding not-summary-area with error
name_crc.The reason that GC exit abnormally is because it find that
abnormal dirent node to GC, but when it goes to function
jffs2_add_fd_to_list, it cannot meet the condition listed
below:if ((*prev)->nhash == new->nhash && !strcmp((*prev)->name, new->name))
So no node is marked obsolete, statistical information of
erase_block do not change, which cause GC exit abnormally.The root cause of this problem is: we do not check the
name_crc of the abnormal dirent node with summary is enabled.Noticed that in function jffs2_scan_dirent_node, we use
function jffs2_scan_dirty_space to deal with the dirent
node with error name_crc. So this patch add a checking
code in function read_direntry to ensure the correctness
of dirent node. If checked failed, the dirent node will
be marked obsolete so GC will pass this node and this
problem will be fixed.Cc:
Signed-off-by: Zhe Li
Signed-off-by: Richard Weinberger
Signed-off-by: Greg Kroah-Hartman
24 Aug, 2020
1 commit
-
Replace the existing /* fall through */ comments and its variants with
the new pseudo-keyword macro fallthrough[1]. Also, remove unnecessary
fall-through markings when it is the case.[1] https://www.kernel.org/doc/html/v5.7/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through
Signed-off-by: Gustavo A. R. Silva
01 Apr, 2019
1 commit
-
free the symlink body after the same RCU delay we have for freeing the
struct inode itself, so that traversal during RCU pathwalk wouldn't step
into freed memory.Signed-off-by: Al Viro
20 Apr, 2017
1 commit
-
trivial fix to spelling mistake in JFFS2_ERROR message
Signed-off-by: Colin Ian King
[Brian: also fix 'an' -> 'a']
Signed-off-by: Brian Norris
11 Jun, 2016
1 commit
-
We always mixed in the parent pointer into the dentry name hash, but we
did it late at lookup time. It turns out that we can simplify that
lookup-time action by salting the hash with the parent pointer early
instead of late.A few other users of our string hashes also wanted to mix in their own
pointers into the hash, and those are updated to use the same mechanism.Hash users that don't have any particular initial salt can just use the
NULL pointer as a no-salt.Cc: Vegard Nossum
Cc: George Spelvin
Cc: Al Viro
Signed-off-by: Linus Torvalds
05 Oct, 2015
1 commit
-
Need to free the memory allocated for 'fd' if failed to read all
of the remainder name.Signed-off-by: Wei Fang
Signed-off-by: Brian Norris
08 May, 2015
1 commit
-
Li Zefan reported an unbalanced locking issue, found by his
internal debugging feature on runtime. The particular case he was
looking at doesn't lead to a deadlock, as the structure that this lock
is embedded in is freed on error. But we should straighten out the error
handling.Because several callers of jffs2_do_read_inode_internal() /
jffs2_do_read_inode() already handle the locking/unlocking and inode
clearing at their own level, let's just push any unlocks/clearing down
to the caller. This consistency is much easier to verify.Reported-by: Li Zefan
Cc: David Woodhouse
Cc: Artem Bityutskiy
Cc: Andrew Morton
Signed-off-by: Brian Norris
29 Nov, 2014
1 commit
-
Signed-off-by: Geert Uytterhoeven
Cc: David Woodhouse
Cc: linux-mtd@lists.infradead.org
Signed-off-by: Brian Norris
24 Jan, 2014
1 commit
-
Use rbtree_postorder_for_each_entry_safe() to destroy the rbtree instead
of opencoding an alternate postorder iteration that modifies the treeSigned-off-by: Cody P Schafer
Cc: Michel Lespinasse
Cc: Jan Kara
Cc: David Woodhouse
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
09 Oct, 2012
1 commit
-
rbtree users must use the documented APIs to manipulate the tree
structure. Low-level helpers to manipulate node colors and parenthood are
not part of that API, so move them to lib/rbtree.c[dwmw2@infradead.org: fix jffs2 build issue due to renamed __rb_parent_color field]
Signed-off-by: Michel Lespinasse
Cc: Andrea Arcangeli
Acked-by: David Woodhouse
Cc: Rik van Riel
Cc: Peter Zijlstra
Cc: Daniel Santos
Cc: Jens Axboe
Cc: "Eric W. Biederman"
Signed-off-by: David Woodhouse
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
14 May, 2012
3 commits
-
Unlike file data integrity the xattr data integrity was not checked
before some explicit access to the attribute was made.This could leave in the system a number of corrupted extended attributes
which will be detected only at access time and possibly at a very late
time compared to the time the corruption actually happened.This patch adds the ability to check for extended attribute integrity
on first GC scan pass (similar to file data integrity check). This allows
for all present attributes to be completly verified before any use of them.In order to work correctly this patch also needs the patch allowing
JFFS2 to discriminate between recoverable and non recoverable errors
on extended attributes.Signed-off-by: Jean-Christophe DUBOIS
Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse -
Replace the verbose `je32_to_cpu(latest_node->csize)' with a shorter
`csize'.Signed-off-by: Xi Wang
Cc: Artem Bityutskiy
Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse -
`csize' is read from disk and thus needs validation. Otherwise a bogus
value 0xffffffff would turn the subsequent kmalloc(csize + 1, ...) into
kmalloc(0, ...), leading to out-of-bounds write.This patch limits `csize' to JFFS2_MAX_NAME_LEN, which is also used
in jffs2_symlink().Artem: we actually validate csize by checking CRC, so this 0xFFs cannot
come from empty flash region. But I guess an attacker could feed JFFS2
an image with random csize value, including 0xFFs.Signed-off-by: Xi Wang
Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse
27 Mar, 2012
1 commit
-
Use pr_fmt to prefix KBUILD_MODNAME to appropriate logging messages.
Remove now unnecessary internal prefixes from formats.
Signed-off-by: Joe Perches
Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse
10 Jan, 2012
3 commits
-
Remove direct usage of the "mtd->point" function pointer. Instead,
test the mtd_point() return code for '-EOPNOTSUPP'.Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse -
Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse -
Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse
22 Jul, 2011
1 commit
-
No idea why these were split in the first place...
Signed-off-by: Jean Delvare
Signed-off-by: Jiri Kosina
31 Mar, 2011
1 commit
-
Fixes generated by 'codespell' and manually reviewed.
Signed-off-by: Lucas De Marchi
18 Mar, 2010
1 commit
-
jffs2 uses rb_node = NULL; to zero rb_root.
The problem with this is that 17d9ddc72fb8bba0d4f678 ("rbtree: Add
support for augmented rbtrees") in the linux-next tree adds a new field
to that struct which needs to be NULL as well. This patch uses RB_ROOT
as the intializer so all of the relevant fields will be NULL'd.Signed-off-by: Venkatesh Pallipadi
Cc: Eric Paris
Acked-by: David Woodhouse
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
17 Dec, 2009
1 commit
-
* git://git.infradead.org/mtd-2.6: (90 commits)
jffs2: Fix long-standing bug with symlink garbage collection.
mtd: OneNAND: Fix test of unsigned in onenand_otp_walk()
mtd: cfi_cmdset_0002, fix lock imbalance
Revert "mtd: move mxcnd_remove to .exit.text"
mtd: m25p80: add support for Macronix MX25L4005A
kmsg_dump: fix build for CONFIG_PRINTK=n
mtd: nandsim: add support for 4KiB pages
mtd: mtdoops: refactor as a kmsg_dumper
mtd: mtdoops: make record size configurable
mtd: mtdoops: limit the maximum mtd partition size
mtd: mtdoops: keep track of used/unused pages in an array
mtd: mtdoops: several minor cleanups
core: Add kernel message dumper to call on oopses and panics
mtd: add ARM pismo support
mtd: pxa3xx_nand: Fix PIO data transfer
mtd: nand: fix multi-chip suspend problem
mtd: add support for switching old SST chips into QRY mode
mtd: fix M29W800D dev_id and uaddr
mtd: don't use PF_MEMALLOC
mtd: Add bad block table overrides to Davinci NAND driver
...Fixed up conflicts (mostly trivial) in
drivers/mtd/devices/m25p80.c
drivers/mtd/maps/pcmciamtd.c
drivers/mtd/nand/pxa3xx_nand.c
kernel/printk.c
04 Dec, 2009
1 commit
-
That is "success", "unknown", "through", "performance", "[re|un]mapping"
, "access", "default", "reasonable", "[con]currently", "temperature"
, "channel", "[un]used", "application", "example","hierarchy", "therefore"
, "[over|under]flow", "contiguous", "threshold", "enough" and others.Signed-off-by: André Goddard Rosa
Signed-off-by: Jiri Kosina
30 Nov, 2009
1 commit
-
The returned error should stay negative
Signed-off-by: Roel Kluin
Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse
24 Jun, 2009
1 commit
-
Signed-off-by: Al Viro
21 Feb, 2009
1 commit
-
At scan time we observed following scenario:
node A inserted
node B inserted
node C inserted -> sets overlapped flag on node Bnode A is removed due to CRC failure -> overlapped flag on node B remains
while (tn->overlapped)
tn = tn_prev(tn);==> crash, when tn_prev(B) is referenced.
When the ultimate node is removed at scan time and the overlapped flag
is set on the penultimate node, then nothing updates the overlapped
flag of that node. The overlapped iterators blindly expect that the
ultimate node does not have the overlapped flag set, which causes the
scan code to crash.It would be a huge overhead to go through the node chain on node
removal and fix up the overlapped flags, so detecting such a case on
the fly in the overlapped iterators is a simpler and reliable
solution.Cc: stable@kernel.org
Signed-off-by: Thomas Gleixner
Signed-off-by: David Woodhouse
02 May, 2008
2 commits
-
Adding the ability to get a physical address from point() in addition
to virtual address. This physical address is required for XIP of
userspace code from flash.Signed-off-by: Jared Hulbert
Reviewed-by: Jörn Engel
Acked-by: Nicolas Pitre
Acked-by: Greg Ungerer
Signed-off-by: David Woodhouse -
To support NFS export, we need to know the parent inode of directories.
Rather than growing the jffs2_inode_cache structure, share space with
the nlink field -- which was always set to 1 for directories anyway.Signed-off-by: David Woodhouse
23 Apr, 2008
1 commit
-
We haven't seen bugs in this for a while now, since the rewrite. No need
to be _quite_ so verbose...Signed-off-by: David Woodhouse
22 Apr, 2008
1 commit
-
Signed-off-by: David Woodhouse
08 Feb, 2008
1 commit
-
* git://git.infradead.org/mtd-2.6: (120 commits)
[MTD] Fix mtdoops.c compilation
[MTD] [NOR] fix startup lock when using multiple nor flash chips
[MTD] [DOC200x] eccbuf is statically defined and always evaluate to true
[MTD] Fix maps/physmap.c compilation with CONFIG_PM
[MTD] onenand: Add panic_write function to the onenand driver
[MTD] mtdoops: Use the panic_write function when present
[MTD] Add mtd panic_write function pointer
[MTD] [NAND] Freescale enhanced Local Bus Controller FCM NAND support.
[MTD] physmap.c: Add support for multiple resources
[MTD] [NAND] Fix misparenthesization introduced by commit 78b65179...
[MTD] [NAND] Fix Blackfin NFC ECC calculating bug with page size 512 bytes
[MTD] [NAND] Remove wrong operation in PM function of the BF54x NFC driver
[MTD] [NAND] Remove unused variable in plat_nand_remove
[MTD] Unlocking all Intel flash that is locked on power up.
[MTD] [NAND] at91_nand: Make mtdparts option can override board info
[MTD] mtdoops: Various minor cleanups
[MTD] mtdoops: Ensure sequential write to the buffer
[MTD] mtdoops: Perform write operations in a workqueue
[MTD] mtdoops: Add further error return code checking
[MTD] [NOR] Test devtype, not definition in flash_probe(), drivers/mtd/devices/lart.c
...
03 Feb, 2008
1 commit
-
Signed-off-by: Robert P. J. Day
Signed-off-by: Adrian Bunk
28 Nov, 2007
1 commit
-
If we ask it to map 'len' bytes of the device, don't compare against
some other number and whine that it's different. That's a little silly.Signed-off-by: Alexey Korolev
Signed-off-by: David Woodhouse
22 Nov, 2007
1 commit
-
We were failing to check the data CRC on data nodes on non-writebuffered
flash, which led to "interesting" behaviour on unclean shutdowns.Signed-off-by: David Woodhouse
24 Sep, 2007
1 commit
-
Fix a couple of instances in JFFS2 where the unpoint() routine is
being called with the wrong length in cases where the point() routine
truncated a request.Signed-off-by: Andy Lowe
Signed-off-by: Nicolas Pitre
Signed-off-by: David Woodhouse
10 Jul, 2007
1 commit
-
Convert many spaces to tabs; one or two other minor cosmetic fixes.
Signed-off-by: David Woodhouse
05 Jul, 2007
1 commit
-
Debugging the hardware problems in OLPC trac #1905 would be a whole lot
easier if the correct node offsets were printed for the offending nodes.Signed-off-by: David Woodhouse
04 Jul, 2007
1 commit
-
We should have stopped returning 1 from read_dnode() to indicate
failure. We can just mark the damn thing obsolete immediately. But I
missed a case where we don't.Signed-off-by: David Woodhouse
29 Jun, 2007
1 commit
-
Otherwise they'll never actually get garbage-collected.
Noted by Jonathan Larmour.Signed-off-by: David Woodhouse
02 Jun, 2007
1 commit
-
We should keep the mdata node with higher version number, not just the
one we happen to find latest. Doh.Signed-off-by: David Woodhouse
01 Jun, 2007
1 commit
-
If we have already read enough bytes, no need to call read_more().
Signed-off-by: Artem Bityutskiy
Signed-off-by: David Woodhouse