Home
last modified time | relevance | path

Searched hist:"8 afd500c" (Results 1 – 2 of 2) sorted by relevance

/openbmc/linux/fs/ubifs/
H A Dorphan.c8afd500c Sat Feb 02 16:35:08 CST 2013 Adam Thomas <adamthomas1111@gmail.com> UBIFS: fix double free of ubifs_orphan objects

The last orphan in the dnext list has its dnext set to NULL. Because
of that, ubifs_delete_orphan assumes that it is not on the dnext list
and frees it immediately instead ignoring it as a second delete. The
orphan is later freed again by erase_deleted.

This change adds an explicit flag to ubifs_orphan indicating whether
it is pending delete.

Signed-off-by: Adam Thomas <adamthomas1111@gmail.com>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Cc: stable@vger.kernel.org
8afd500c Sat Feb 02 16:35:08 CST 2013 Adam Thomas <adamthomas1111@gmail.com> UBIFS: fix double free of ubifs_orphan objects

The last orphan in the dnext list has its dnext set to NULL. Because
of that, ubifs_delete_orphan assumes that it is not on the dnext list
and frees it immediately instead ignoring it as a second delete. The
orphan is later freed again by erase_deleted.

This change adds an explicit flag to ubifs_orphan indicating whether
it is pending delete.

Signed-off-by: Adam Thomas <adamthomas1111@gmail.com>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Cc: stable@vger.kernel.org
H A Dubifs.h8afd500c Sat Feb 02 16:35:08 CST 2013 Adam Thomas <adamthomas1111@gmail.com> UBIFS: fix double free of ubifs_orphan objects

The last orphan in the dnext list has its dnext set to NULL. Because
of that, ubifs_delete_orphan assumes that it is not on the dnext list
and frees it immediately instead ignoring it as a second delete. The
orphan is later freed again by erase_deleted.

This change adds an explicit flag to ubifs_orphan indicating whether
it is pending delete.

Signed-off-by: Adam Thomas <adamthomas1111@gmail.com>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Cc: stable@vger.kernel.org
8afd500c Sat Feb 02 16:35:08 CST 2013 Adam Thomas <adamthomas1111@gmail.com> UBIFS: fix double free of ubifs_orphan objects

The last orphan in the dnext list has its dnext set to NULL. Because
of that, ubifs_delete_orphan assumes that it is not on the dnext list
and frees it immediately instead ignoring it as a second delete. The
orphan is later freed again by erase_deleted.

This change adds an explicit flag to ubifs_orphan indicating whether
it is pending delete.

Signed-off-by: Adam Thomas <adamthomas1111@gmail.com>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Cc: stable@vger.kernel.org