JFFS2 bugfix

[Artem B. Bityuckiy]

Hello,

I've found bug in JFFS2. When there is no free space left on JFFS2 file 
system, and somebody for example tries to creade new directory, JFFS2 
frees memory twice.

See dir.c, jffs2_create(), line 216.

jffs2_do_create returns error.
jffs2_clear_inode(inode) is called and frees the jffs2_sb_info, 
jffs2_full_dnode, etc.
iput(inode) is called, calling in turn the jffs2_clear_inode, and the 
same structures are freed for the second time. This leads to the slab 
cache corruption.

So, the following patch which fixes the problem is proposed.

--- dir.c       2004-10-16 21:02:22.886276648 +0400
+++ dir_corrected.c     2004-10-16 21:03:10.843766654 +0400
@@ -217,7 +217,6 @@
                               dentry->d_name.name, dentry->d_name.len);

         if (ret) {
-               jffs2_clear_inode(inode);
                 make_bad_inode(inode);
                 iput(inode);
                 jffs2_free_raw_inode(ri);

-- 
Best Regards,
Artem B. Bityuckiy,
St.-Petersburg, Russia.