Home
last modified time | relevance | path

Searched hist:"4 c41bd0e" (Results 1 – 1 of 1) sorted by relevance

/openbmc/linux/fs/jffs2/
H A Dreadinode.c4c41bd0e Mon Feb 16 14:29:31 CST 2009 Thomas Gleixner <tglx@linutronix.de> [JFFS2] fix mount crash caused by removed nodes

At scan time we observed following scenario:

node A inserted
node B inserted
node C inserted -> sets overlapped flag on node B

node A is removed due to CRC failure -> overlapped flag on node B remains

while (tn->overlapped)
tn = tn_prev(tn);

==> crash, when tn_prev(B) is referenced.

When the ultimate node is removed at scan time and the overlapped flag
is set on the penultimate node, then nothing updates the overlapped
flag of that node. The overlapped iterators blindly expect that the
ultimate node does not have the overlapped flag set, which causes the
scan code to crash.

It would be a huge overhead to go through the node chain on node
removal and fix up the overlapped flags, so detecting such a case on
the fly in the overlapped iterators is a simpler and reliable
solution.

Cc: stable@kernel.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
4c41bd0e Mon Feb 16 14:29:31 CST 2009 Thomas Gleixner <tglx@linutronix.de> [JFFS2] fix mount crash caused by removed nodes

At scan time we observed following scenario:

node A inserted
node B inserted
node C inserted -> sets overlapped flag on node B

node A is removed due to CRC failure -> overlapped flag on node B remains

while (tn->overlapped)
tn = tn_prev(tn);

==> crash, when tn_prev(B) is referenced.

When the ultimate node is removed at scan time and the overlapped flag
is set on the penultimate node, then nothing updates the overlapped
flag of that node. The overlapped iterators blindly expect that the
ultimate node does not have the overlapped flag set, which causes the
scan code to crash.

It would be a huge overhead to go through the node chain on node
removal and fix up the overlapped flags, so detecting such a case on
the fly in the overlapped iterators is a simpler and reliable
solution.

Cc: stable@kernel.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>