[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

JFFS2 double free fix for 2.4.19-pre.



This fixes a double-free which could happen when a node which represents a 
hole in a file is garbage-collected. It also moves one debug message to a 
higher debug level, because it annoyed me when I was trying to find the bug.

This BitKeeper patch contains the following changesets:
1.405

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	dwmw2
# Host:	dwmw2.baythorne.internal
# Root:	/inst/bk/formarcelo-2.4

#
#--- 1.3/fs/jffs2/gc.c	Mon Feb 25 19:21:59 2002
#+++ 1.4/fs/jffs2/gc.c	Sun May 12 19:34:14 2002
#@@ -31,7 +31,7 @@
#  * provisions above, a recipient may use your version of this file
#  * under either the RHEPL or the GPL.
#  *
#- * $Id: gc.c,v 1.52.2.2 2002/02/23 14:25:36 dwmw2 Exp $
#+ * $Id: gc.c,v 1.52.2.3 2002/05/12 17:27:08 dwmw2 Exp $
#  *
#  */
# 
#@@ -497,9 +497,21 @@
# 			jffs2_mark_node_obsolete(c, f->metadata->raw);
# 			jffs2_free_full_dnode(f->metadata);
# 			f->metadata = NULL;
#-			return 0;
# 		}
#+		return 0;
# 	}
#+
#+	/* 
#+	 * We should only get here in the case where the node we are
#+	 * replacing had more than one frag, so we kept the same version
#+	 * number as before. (Except in case of error -- see 'goto fill;' 
#+	 * above.)
#+	 */
#+	D1(if(unlikely(fn->frags <= 1)) {
#+		printk(KERN_WARNING "jffs2_garbage_collect_hole: Replacing fn with %d frag(s) but new ver %d != highest_version %d of ino #%d\n",
#+		       fn->frags, ri.version, f->highest_version, ri.ino);
#+	});
#+
# 	for (frag = f->fraglist; frag; frag = frag->next) {
# 		if (frag->ofs > fn->size + fn->ofs)
# 			break;
#
#--- 1.4/fs/jffs2/nodelist.c	Mon Feb 25 19:21:59 2002
#+++ 1.5/fs/jffs2/nodelist.c	Sun May 12 19:34:14 2002
#@@ -31,7 +31,7 @@
#  * provisions above, a recipient may use your version of this file
#  * under either the RHEPL or the GPL.
#  *
#- * $Id: nodelist.c,v 1.30.2.3 2002/02/23 14:04:44 dwmw2 Exp $
#+ * $Id: nodelist.c,v 1.30.2.4 2002/05/10 18:30:33 dwmw2 Exp $
#  *
#  */
# 
#@@ -69,7 +69,7 @@
# 	*prev = new;
# 
#  out:
#-	D1(while(*list) {
#+	D2(while(*list) {
# 		printk(KERN_DEBUG "Dirent \"%s\" (hash 0x%08x, ino #%u\n", (*list)->name, (*list)->nhash, (*list)->ino);
# 		list = &(*list)->next;
# 	});
#

# Diff checksum=25f6e380


# Patch vers:	1.3
# Patch type:	REGULAR

== ChangeSet ==
torvalds@xxxxxxx.com|ChangeSet|20020205173056|16047|c1d11a41ed024864
marcelo@xxxxxxx.conectiva|ChangeSet|20020502222150|43074
D 1.405 02/05/12 19:36:09+01:00 dwmw2@xxxxxxx.internal +2 -0
B torvalds@xxxxxxx.com|ChangeSet|20020205173056|16047|c1d11a41ed024864
C
c JFFS2 update - fix double free in garbage-collecting hole nodes.
K 43122
P ChangeSet
------------------------------------------------

0a0
> patch@xxxxxxx.c|20020512183414|50438
> patch@xxxxxxx.c|20020512183414|22949

== fs/jffs2/gc.c ==
patch@xxxxxxx.c|20020205201839|10209|b6698581d0f53a8b
patch@xxxxxxx.c|20020313223046|51884
D 1.4 02/05/12 19:34:14+01:00 dwmw2@xxxxxxx.internal +14 -2
B torvalds@xxxxxxx.com|ChangeSet|20020205173056|16047|c1d11a41ed024864
C
c Fix double free in jffs2_garbage_collect_hole(), where it would call
c jffs2_add_full_dnode_to_inode() for the newly-written hole node, then
c go ahead and free the old node itself, even though it would have been
c freed already.
K 22949
O -rw-rw-r--
P fs/jffs2/gc.c
------------------------------------------------

D34 1
I34 1
 * $Id: gc.c,v 1.52.2.3 2002/05/12 17:27:08 dwmw2 Exp $
D500 1
I501 1
		return 0;
I502 12
\
	/* 
	 * We should only get here in the case where the node we are
	 * replacing had more than one frag, so we kept the same version
	 * number as before. (Except in case of error -- see 'goto fill;' 
	 * above.)
	 */
	D1(if(unlikely(fn->frags <= 1)) {
		printk(KERN_WARNING "jffs2_garbage_collect_hole: Replacing fn with %d frag(s) but new ver %d != highest_version %d of ino #%d\n",
		       fn->frags, ri.version, f->highest_version, ri.ino);
	});
\

== fs/jffs2/nodelist.c ==
patch@xxxxxxx.c|20020205201839|11659|437d0aa82721716
patch@xxxxxxx.c|20020313223046|50436
D 1.5 02/05/12 19:34:14+01:00 dwmw2@xxxxxxx.internal +2 -2
B torvalds@xxxxxxx.com|ChangeSet|20020205173056|16047|c1d11a41ed024864
C
c Move the dirent list dumping to D2
K 50438
O -rw-rw-r--
P fs/jffs2/nodelist.c
------------------------------------------------

D34 1
I34 1
 * $Id: nodelist.c,v 1.30.2.4 2002/05/10 18:30:33 dwmw2 Exp $
D72 1
I72 1
	D2(while(*list) {

# Patch checksum=7088fdab


--
dwmw2



To unsubscribe from this list: send the line "unsubscribe jffs-dev" in
the body of a message to majordomo@xxxxxxx.com