UBI leb_write_unlock NULL pointer Oops (continuation)
Bill Pringlemeir
bpringlemeir at nbsps.com
Wed Mar 5 16:30:48 EST 2014
On 5 Mar 2014, richard at nod.at wrote:
> Thorsten and Emanuel from Lawo AG kindly gave me access to one of
> their boards such that I was able to work directly on the issue.
> The solution is rather trivial.
> Two commits were missing in their tree:
> commit 8afd500cb52a5d00bab4525dd5a560d199f979b9
> Author: Adam Thomas <adamthomas1111 at gmail.com>
> Date: Sat Feb 2 22:35:08 2013 +0000
> UBIFS: fix double free of ubifs_orphan objects
> and
> commit 2928f0d0c5ebd6c9605c0d98207a44376387c298
> Author: Adam Thomas <adamthomas1111 at gmail.com>
> Date: Sat Feb 2 22:32:31 2013 +0000
> UBIFS: fix use of freed ubifs_orphan objects
> Bill, I'm very sure this fixes also the issue you face.
I haven't seen this issue recently. It was only with older versions. I
have both of those commits as well and wasn't able to reproduce it. So
I have no issues.
Still, the logic of ubi_eba_copy_leb() seems really weird to me. I
don't understand,
err = leb_write_trylock(ubi, vol_id, lnum);
followed by,
leb_write_unlock(ubi, vol_id, lnum);
It looks like a double reference count decrement. Maybe they operate on
different ltree nodes, but then the locks mis-match.
Fwiw,
Bill Pringlemeir.
More information about the linux-mtd
mailing list