From 52c50c78546d89cdd9787193781ae7b4856e5293 Mon Sep 17 00:00:00 2001
From: Li Zefan <lizefan@huawei.com>
Date: Wed, 12 Feb 2014 12:44:57 -0800
Subject: jffs2: remove from wait queue after schedule()

@wait is a local variable, so if we don't remove it from the wait queue
list, later wake_up() may end up accessing invalid memory.

This was spotted by eyes.

Signed-off-by: Li Zefan <lizefan@huawei.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
---
 cpukit/libfs/src/jffs2/src/nodemgmt.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'cpukit')

diff --git a/cpukit/libfs/src/jffs2/src/nodemgmt.c b/cpukit/libfs/src/jffs2/src/nodemgmt.c
index 40fa34c692..6cb8dc4d6f 100644
--- a/cpukit/libfs/src/jffs2/src/nodemgmt.c
+++ b/cpukit/libfs/src/jffs2/src/nodemgmt.c
@@ -181,6 +181,7 @@ int jffs2_reserve_space(struct jffs2_sb_info *c, uint32_t minsize,
 					spin_unlock(&c->erase_completion_lock);
 
 					schedule();
+					remove_wait_queue(&c->erase_wait, &wait);
 				} else
 					spin_unlock(&c->erase_completion_lock);
 			} else if (ret)
-- 
cgit v1.2.3