[PATCH] jffs2: fix nothing output for "ls" command

[PATCH] jffs2: fix nothing output for "ls" command

[Zhe Li]

Recently I find a bug that I get nothing with shell
command "ls". The test steps are listed below.
1. cd $JFFS2_MOUNT_DIR
2. touch file
3. ls

Finally I find that when command "ls" going into
function jffs2_readdir(), it get non-zero return
value from function dir_emit(). So I get nothing
from "ls", absolutely.

After checking my file system image, I find a raw
dirent node with nsize = 0. The full_scan mounting
process do not check nsize and the return value
of strnlen(rd->name, rd->nsize) carefully, which
causes function jffs2_readdir pass 0 to parameter
namelen of function dir_emit when we use command
"ls".

Of course it should never happened to find a raw
dirent with nsize = 0. In my opinion, this abnormal
phenomenon maybe cause by bad driver or bad medium.
But for rebustness reason, jffs2 should handle it.

This patch add codes to check the nsize and the
return value of strnlen(rd->name, rd->nsize). If
abnormal node is found, use function jffs2_scan_dirty_space
to deal with it.

Signed-off-by: Zhe Li <lizhe67@huawei.com>
---
 fs/jffs2/scan.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/fs/jffs2/scan.c b/fs/jffs2/scan.c
index 5f7e284..ff37d92 100644
--- a/fs/jffs2/scan.c
+++ b/fs/jffs2/scan.c
@@ -1065,8 +1065,21 @@ static int jffs2_scan_dirent_node(struct jffs2_sb_info *c, struct jffs2_eraseblo
 
 	pseudo_random += je32_to_cpu(rd->version);
 
+	if (rd->nsize == 0) {
+		pr_err("%s(): Node nsize is zero at 0x%08x\n", __func__, ofs);
+		if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(rd->totlen)))))
+			return err;
+		return 0;
+	}
+
 	/* Should never happen. Did. (OLPC trac #4184)*/
 	checkedlen = strnlen(rd->name, rd->nsize);
+	if (checkedlen == 0) {
+		pr_err("Dirent at %08x get zero checkedlen\n", ofs);
+		if ((err = jffs2_scan_dirty_space(c, jeb, PAD(je32_to_cpu(rd->totlen)))))
+			return err;
+		return 0;
+	}
 	if (checkedlen < rd->nsize) {
 		pr_err("Dirent at %08x has zeroes in name. Truncating to %d chars\n",
 		       ofs, checkedlen);
-- 
2.7.4

Re: [PATCH] jffs2: fix nothing output for "ls" command

[Richard Weinberger]

On Fri, May 29, 2020 at 5:38 AM Zhe Li <lizhe67@huawei.com> wrote:
>
> Recently I find a bug that I get nothing with shell
> command "ls". The test steps are listed below.
> 1. cd $JFFS2_MOUNT_DIR
> 2. touch file
> 3. ls
>
> Finally I find that when command "ls" going into
> function jffs2_readdir(), it get non-zero return
> value from function dir_emit(). So I get nothing
> from "ls", absolutely.
>
> After checking my file system image, I find a raw
> dirent node with nsize = 0. The full_scan mounting
> process do not check nsize and the return value
> of strnlen(rd->name, rd->nsize) carefully, which
> causes function jffs2_readdir pass 0 to parameter
> namelen of function dir_emit when we use command
> "ls".
>
> Of course it should never happened to find a raw
> dirent with nsize = 0. In my opinion, this abnormal
> phenomenon maybe cause by bad driver or bad medium.
> But for rebustness reason, jffs2 should handle it.

Well, if driver or medium are bad, the filesystem will die and lose
data. Instead of papering over the issue and delaying the inevitable
loss of data, please address the root cause.

-- 
Thanks,
//richard