[FYI] Killing JFFS2 with repeated power failures

[Jörn Engel]

While hunting for the cause of CRC error on JFFS2, I noticed a
theoretical problem with JFFS2.

If JFFS2 war writing during a power failure, some amount of flash gets
filled with garbage.  By writing 4KiB pages of random data, nodes of
slightly more than 4KiB are created, with the remainder going into
wbuf.  A power failure now would eat 6KiB with a 2KiB wbuf.

If this happens when the filesystem is full (5 blocks left) and GC has
to kick in, a scenario can be constructed where power failures happen
very shortly after bootup - just long enough for GC to write 1-2
nodes.  And each failure can eat 6KiB of flash space.

Repeat a couple of times and JFFS2 will paint itself into a corner.

Afaics, this problem is highly theoretical and has never been observed
in the field.  And if it ever happens, a system experiencing power
failures at such a rate is effectively bricked anyway.  All we should
make sure is that more than 2-3 power failures are necessary to hit
this problem.

Jörn

-- 
It's just what we asked for, but not what we want!
-- anonymous