jffs2: remove from wait queue after schedule()

[Linux-MTD Mailing List]

Gitweb:     http://git.infradead.org/?p=mtd-2.6.git;a=commit;h=3ead9578443b66ddb3d50ed4f53af8a0c0298ec5
Commit:     3ead9578443b66ddb3d50ed4f53af8a0c0298ec5
Parent:     f4f6a0be01498f42b023d5aa71275bc05478d331
Author:     Li Zefan <lizefan at huawei.com>
AuthorDate: Wed Feb 12 12:44:57 2014 -0800
Committer:  Brian Norris <computersforpeace at gmail.com>
CommitDate: Mon Mar 10 22:42:27 2014 -0700

    jffs2: remove from wait queue after schedule()
    
    @wait is a local variable, so if we don't remove it from the wait queue
    list, later wake_up() may end up accessing invalid memory.
    
    This was spotted by eyes.
    
    Signed-off-by: Li Zefan <lizefan at huawei.com>
    Cc: David Woodhouse <dwmw2 at infradead.org>
    Cc: Artem Bityutskiy <artem.bityutskiy at linux.intel.com>
    Cc: <stable at vger.kernel.org>
    Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
    Signed-off-by: Brian Norris <computersforpeace at gmail.com>
---
 fs/jffs2/nodemgmt.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/jffs2/nodemgmt.c b/fs/jffs2/nodemgmt.c
index 0331072..bbae5b1 100644
--- a/fs/jffs2/nodemgmt.c
+++ b/fs/jffs2/nodemgmt.c
@@ -179,6 +179,7 @@ int jffs2_reserve_space(struct jffs2_sb_info *c, uint32_t minsize,
 					spin_unlock(&c->erase_completion_lock);
 
 					schedule();
+					remove_wait_queue(&c->erase_wait, &wait);
 				} else
 					spin_unlock(&c->erase_completion_lock);
 			} else if (ret)