| From 3ead9578443b66ddb3d50ed4f53af8a0c0298ec5 Mon Sep 17 00:00:00 2001 |
| From: Li Zefan <lizefan@huawei.com> |
| Date: Wed, 12 Feb 2014 12:44:57 -0800 |
| Subject: jffs2: remove from wait queue after schedule() |
| |
| From: Li Zefan <lizefan@huawei.com> |
| |
| commit 3ead9578443b66ddb3d50ed4f53af8a0c0298ec5 upstream. |
| |
| @wait is a local variable, so if we don't remove it from the wait queue |
| list, later wake_up() may end up accessing invalid memory. |
| |
| This was spotted by eyes. |
| |
| Signed-off-by: Li Zefan <lizefan@huawei.com> |
| Cc: David Woodhouse <dwmw2@infradead.org> |
| Cc: Artem Bityutskiy <artem.bityutskiy@linux.intel.com> |
| Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
| Signed-off-by: Brian Norris <computersforpeace@gmail.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| fs/jffs2/nodemgmt.c | 1 + |
| 1 file changed, 1 insertion(+) |
| |
| --- a/fs/jffs2/nodemgmt.c |
| +++ b/fs/jffs2/nodemgmt.c |
| @@ -179,6 +179,7 @@ int jffs2_reserve_space(struct jffs2_sb_ |
| spin_unlock(&c->erase_completion_lock); |
| |
| schedule(); |
| + remove_wait_queue(&c->erase_wait, &wait); |
| } else |
| spin_unlock(&c->erase_completion_lock); |
| } else if (ret) |
