projects
/
firefly-linux-kernel-4.4.55.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
97bf6af
)
jffs2: fix handling of corrupted summary length
author
Chen Jie
<chenjie6@huawei.com>
Tue, 10 Feb 2015 20:49:48 +0000
(12:49 -0800)
committer
David Woodhouse
<David.Woodhouse@intel.com>
Fri, 13 Feb 2015 17:07:54 +0000
(17:07 +0000)
sm->offset maybe wrong but magic maybe right, the offset do not have CRC.
Badness at
c00c7580
[verbose debug info unavailable]
NIP:
c00c7580
LR:
c00c718c
CTR:
00000014
REGS:
df07bb40
TRAP: 0700 Not tainted (2.6.34.13-WR4.3.0.0_standard)
MSR:
00029000
<EE,ME,CE> CR:
22084f84
XER:
00000000
TASK =
df84d6e0
[908] 'mount' THREAD:
df07a000
GPR00:
00000001
df07bbf0
df84d6e0
00000000
00000001
00000000
df07bb58
00000041
GPR08:
00000041
c0638860
00000000
00000010
22084f88
100636c8
df814ff8
00000000
GPR16:
df84d6e0
dfa558cc
c05adb90
00000048
c0452d30
00000000
000240d0
000040d0
GPR24:
00000014
c05ae734
c05be2e0
00000000
00000001
00000000
00000000
c05ae730
NIP [
c00c7580
] __alloc_pages_nodemask+0x4d0/0x638
LR [
c00c718c
] __alloc_pages_nodemask+0xdc/0x638
Call Trace:
[
df07bbf0
] [
c00c718c
] __alloc_pages_nodemask+0xdc/0x638 (unreliable)
[
df07bc90
] [
c00c7708
] __get_free_pages+0x20/0x48
[
df07bca0
] [
c00f4a40
] __kmalloc+0x15c/0x1ec
[
df07bcd0
] [
c01fc880
] jffs2_scan_medium+0xa58/0x14d0
[
df07bd70
] [
c01ff38c
] jffs2_do_mount_fs+0x1f4/0x6b4
[
df07bdb0
] [
c020144c
] jffs2_do_fill_super+0xa8/0x260
[
df07bdd0
] [
c020230c
] jffs2_fill_super+0x104/0x184
[
df07be00
] [
c0335814
] get_sb_mtd_aux+0x9c/0xec
[
df07be20
] [
c033596c
] get_sb_mtd+0x84/0x1e8
[
df07be60
] [
c0201ed0
] jffs2_get_sb+0x1c/0x2c
[
df07be70
] [
c0103898
] vfs_kern_mount+0x78/0x1e8
[
df07bea0
] [
c0103a58
] do_kern_mount+0x40/0x100
[
df07bec0
] [
c011fe90
] do_mount+0x240/0x890
[
df07bf10
] [
c0120570
] sys_mount+0x90/0xd8
[
df07bf40
] [
c00110d8
] ret_from_syscall+0x0/0x4
=== Exception: c01 at 0xff61a34
LR = 0x100135f0
Instruction dump:
38800005
38600000
48010f41
4bfffe1c
4bfc2d15
4bfffe8c
72e90200
4082fc28
3d20c064
39298860
8809000d
68000001
<
0f000000
>
2f800000
419efc0c
38000001
mount: mounting /dev/mtdblock3 on /common failed: Input/output error
Signed-off-by: Chen Jie <chenjie6@huawei.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
fs/jffs2/scan.c
patch
|
blob
|
history
diff --git
a/fs/jffs2/scan.c
b/fs/jffs2/scan.c
index 7654e87b042869ef43aff269a10e88a4088d59c3..9ad5ba4b299be2f41cca834e97480a309c4e7b16 100644
(file)
--- a/
fs/jffs2/scan.c
+++ b/
fs/jffs2/scan.c
@@
-510,6
+510,10
@@
static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
sumlen = c->sector_size - je32_to_cpu(sm->offset);
sumptr = buf + buf_size - sumlen;
+ /* sm->offset maybe wrong but MAGIC maybe right */
+ if (sumlen > c->sector_size)
+ goto full_scan;
+
/* Now, make sure the summary itself is available */
if (sumlen > buf_size) {
/* Need to kmalloc for this. */
@@
-544,6
+548,7
@@
static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
}
}
+full_scan:
buf_ofs = jeb->offset;
if (!buf_size) {