[PATCH (fixed)] Fix infinite loop in INFTL_foldchain() in drivers/mtd/inftlcore.c
Daniel Rosenthal
danielrosenthal at acm.org
Tue Oct 7 13:29:04 EDT 2008
I'm having problems with my email client, but I've attached a patch
(both inline and as a regular attachment). This patch fixes a loop
that is potentially infinite in INFTL_foldchain in
drivers/mtd/inftlcore.c.
When iterating over a chain in reverse (oldest block first), this
patch correctly marks the PUtable[] entry of the second to last erase
block of a chain as BLOCK_NIL, regardless of whether or not it can
format the last block successfully. Before, the second to last block
was only marked as pointing to BLOCK_NIL if INFTL_formatblock()
succeeded on the last block of the chain, which could potentially
result in an infinite loop if the block was worn out and refused to
format.
If there are any problems with this patch please let me know. I can
apply them fine after pulling them from email, but my email client
(web interface) isn't fullproof, so if anybody else has problems,
please let me know. (I can't send it through pine or otherwise due to
network configuration.)
Thanks,
Daniel
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
-------------- next part --------------
>From 8f1275749768d316788194cc198093b00f85d0d6 Mon Sep 17 00:00:00 2001
From: Daniel Rosenthal <danielrosenthal at acm.org>
Date: Sun, 5 Oct 2008 17:43:10 -0400
Subject: [PATCH] Fix infinite loop in INFTL_foldchain in drivers/mtd/inftlcore.c.
Signed-off-by: Daniel Rosenthal <danielrosenthal at acm.org>
---
drivers/mtd/inftlcore.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/drivers/mtd/inftlcore.c b/drivers/mtd/inftlcore.c
index c4f9d33..50ce138 100644
--- a/drivers/mtd/inftlcore.c
+++ b/drivers/mtd/inftlcore.c
@@ -388,6 +388,10 @@ static u16 INFTL_foldchain(struct INFTLrecord *inftl, unsigned thisVUC, unsigned
if (thisEUN == targetEUN)
break;
+ /* Unlink the last block from the chain. */
+ inftl->PUtable[prevEUN] = BLOCK_NIL;
+
+ /* Now try to erase it. */
if (INFTL_formatblock(inftl, thisEUN) < 0) {
/*
* Could not erase : mark block as reserved.
@@ -396,7 +400,6 @@ static u16 INFTL_foldchain(struct INFTLrecord *inftl, unsigned thisVUC, unsigned
} else {
/* Correctly erased : mark it as free */
inftl->PUtable[thisEUN] = BLOCK_FREE;
- inftl->PUtable[prevEUN] = BLOCK_NIL;
inftl->numfreeEUNs++;
}
}
--
1.5.6.4
-------------- next part --------------
>From 8f1275749768d316788194cc198093b00f85d0d6 Mon Sep 17 00:00:00 2001
From: Daniel Rosenthal <danielrosenthal at acm.org>
Date: Sun, 5 Oct 2008 17:43:10 -0400
Subject: [PATCH] Fix infinite loop in INFTL_foldchain in drivers/mtd/inftlcore.c.
Signed-off-by: Daniel Rosenthal <danielrosenthal at acm.org>
---
drivers/mtd/inftlcore.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/drivers/mtd/inftlcore.c b/drivers/mtd/inftlcore.c
index c4f9d33..50ce138 100644
--- a/drivers/mtd/inftlcore.c
+++ b/drivers/mtd/inftlcore.c
@@ -388,6 +388,10 @@ static u16 INFTL_foldchain(struct INFTLrecord *inftl, unsigned thisVUC, unsigned
if (thisEUN == targetEUN)
break;
+ /* Unlink the last block from the chain. */
+ inftl->PUtable[prevEUN] = BLOCK_NIL;
+
+ /* Now try to erase it. */
if (INFTL_formatblock(inftl, thisEUN) < 0) {
/*
* Could not erase : mark block as reserved.
@@ -396,7 +400,6 @@ static u16 INFTL_foldchain(struct INFTLrecord *inftl, unsigned thisVUC, unsigned
} else {
/* Correctly erased : mark it as free */
inftl->PUtable[thisEUN] = BLOCK_FREE;
- inftl->PUtable[prevEUN] = BLOCK_NIL;
inftl->numfreeEUNs++;
}
}
--
1.5.6.4
More information about the linux-mtd
mailing list