[2.6.25 PATCH] JFFS2 Fix of panics caused by wrong condition for hole frag creation in write_begin

[David Woodhouse]

From: Alexey Korolev <akorolev at infradead.org>

This fixes a regression introduced in commit
205c109a7a96d9a3d8ffe64c4068b70811fef5e8 when switching to
write_begin/write_end operations in JFFS2. The page offset is
miscalculated, leading to corruption of the fragment lists and
subsequently to memory corruption and panics.

Signed-off-by: Alexey Korolev <akorolev at infradead.org>
Signed-off-by: Vasiliy Leonenko <vasiliy.leonenko at mail.ru>
Signed-off-by: David Woodhouse <dwmw2 at infradead.org>

diff --git a/fs/jffs2/file.c b/fs/jffs2/file.c
index f9c5dd6..dcc2734 100644
--- a/fs/jffs2/file.c
+++ b/fs/jffs2/file.c
@@ -129,7 +129,7 @@ static int jffs2_write_begin(struct file *filp, struct address_space *mapping,
 	struct inode *inode = mapping->host;
 	struct jffs2_inode_info *f = JFFS2_INODE_INFO(inode);
 	pgoff_t index = pos >> PAGE_CACHE_SHIFT;
-	uint32_t pageofs = pos & (PAGE_CACHE_SIZE - 1);
+	uint32_t pageofs = index << PAGE_CACHE_SHIFT;
 	int ret = 0;
 
 	pg = __grab_cache_page(mapping, index);

-- 
dwmw2