ubifs: Fail commit if TNC is obviously inconsistent
authorRichard Weinberger <richard@nod.at>
Wed, 7 Jun 2017 21:33:35 +0000 (23:33 +0200)
committerRichard Weinberger <richard@nod.at>
Fri, 14 Jul 2017 20:49:07 +0000 (22:49 +0200)
A reference to LEB 0 or with length 0 in the TNC
is never correct and could be caused by a memory corruption.
Don't write such a bad index node to the MTD.
Instead fail the commit which will turn UBIFS into read-only mode.

This is less painful than having the bad reference on the MTD
from where UBFIS has no chance to recover.

Signed-off-by: Richard Weinberger <richard@nod.at>
fs/ubifs/tnc_commit.c

index 51157da3f76ed87a2a0c7f34c7c2240db116ed00..aa31f60220ef4b8a52fa41d9261e1dffcb1dbc5e 100644 (file)
@@ -57,6 +57,8 @@ static int make_idx_node(struct ubifs_info *c, struct ubifs_idx_node *idx,
                        ubifs_dump_znode(c, znode);
                        if (zbr->znode)
                                ubifs_dump_znode(c, zbr->znode);
+
+                       return -EINVAL;
                }
        }
        ubifs_prepare_node(c, idx, len, 0);
@@ -859,6 +861,8 @@ static int write_index(struct ubifs_info *c)
                                ubifs_dump_znode(c, znode);
                                if (zbr->znode)
                                        ubifs_dump_znode(c, zbr->znode);
+
+                               return -EINVAL;
                        }
                }
                len = ubifs_idx_node_sz(c, znode->child_cnt);