[JFFS2] Check for all-zero node headers

Due to a poor choice of CRC32 seed, a node header which is all zeroes
would pass the CRC32 check. Explicitly check for this case, and treat it
as we do a CRC failure.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

diff --git a/fs/jffs2/readinode.c b/fs/jffs2/readinode.c
index 58a0b912e9d05ce5697ff1239711ead97671e152..717a48cf7df2aadbccde0432024dafde0e80a410 100644 (file)
--- a/fs/jffs2/readinode.c
+++ b/fs/jffs2/readinode.c
@@ -373,7 +373,14 @@ free_out:
 static inline int read_unknown(struct jffs2_sb_info *c, struct jffs2_raw_node_ref *ref, struct jffs2_unknown_node *un)
 {
        /* We don't mark unknown nodes as REF_UNCHECKED */
-       BUG_ON(ref_flags(ref) == REF_UNCHECKED);
+       if (ref_flags(ref) == REF_UNCHECKED) {
+               JFFS2_ERROR("REF_UNCHECKED but unknown node at %#08x\n",
+                           ref_offset(ref));
+               JFFS2_ERROR("Node is {%04x,%04x,%08x,%08x}. Please report this error.\n",
+                            je16_to_cpu(un->magic), je16_to_cpu(un->nodetype),
+                            je32_to_cpu(un->totlen), je32_to_cpu(un->hdr_crc));
+               return 1;
+       }
 
        un->nodetype = cpu_to_je16(JFFS2_NODE_ACCURATE | je16_to_cpu(un->nodetype));
 
@@ -576,6 +583,13 @@ static int jffs2_get_inode_nodes(struct jffs2_sb_info *c, struct jffs2_inode_inf
                        jffs2_mark_node_obsolete(c, ref);
                        goto cont;
                }
+               /* Due to poor choice of crc32 seed, an all-zero node will have a correct CRC */
+               if (!je32_to_cpu(node->u.hdr_crc) && !je16_to_cpu(node->u.nodetype) &&
+                   !je16_to_cpu(node->u.magic) && !je32_to_cpu(node->u.totlen)) {
+                       JFFS2_NOTICE("All zero node header at %#08x.\n", ref_offset(ref));
+                       jffs2_mark_node_obsolete(c, ref);
+                       goto cont;
+               }
 
                switch (je16_to_cpu(node->u.nodetype)) {
 

diff --git a/fs/jffs2/scan.c b/fs/jffs2/scan.c
index 31c1475d922aa2d3f4eb5c75841838f1100a385b..7fb45bd4915c5c1f1cbc8ffb71bd226f5a99b24b 100644 (file)
--- a/fs/jffs2/scan.c
+++ b/fs/jffs2/scan.c
@@ -734,6 +734,15 @@ scan_more:
                        ofs += 4;
                        continue;
                }
+               /* Due to poor choice of crc32 seed, an all-zero node will have a correct CRC */
+               if (!je32_to_cpu(node->hdr_crc) && !je16_to_cpu(node->nodetype) &&
+                   !je16_to_cpu(node->magic) && !je32_to_cpu(node->totlen)) {
+                       noisy_printk(&noise, "jffs2_scan_eraseblock(): All zero node header at 0x%08x.\n", ofs);
+                       if ((err = jffs2_scan_dirty_space(c, jeb, 4)))
+                               return err;
+                       ofs += 4;
+                       continue;
+               }
 
                if (ofs + je32_to_cpu(node->totlen) >
                    jeb->offset + c->sector_size) {