From: Li Zefan <lizefan@huawei.com>
Date: Wed, 12 Feb 2014 20:44:57 +0000 (-0800)
Subject: jffs2: remove from wait queue after schedule()
X-Git-Tag: firefly_0821_release~3679^2~2483
X-Git-Url: http://plrg.eecs.uci.edu/git/?a=commitdiff_plain;h=cc8ece834baaac84cffafad31dc25c1f73ef6add;p=firefly-linux-kernel-4.4.55.git

jffs2: remove from wait queue after schedule()

commit 3ead9578443b66ddb3d50ed4f53af8a0c0298ec5 upstream.

@wait is a local variable, so if we don't remove it from the wait queue
list, later wake_up() may end up accessing invalid memory.

This was spotted by eyes.

Signed-off-by: Li Zefan <lizefan@huawei.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/fs/jffs2/nodemgmt.c b/fs/jffs2/nodemgmt.c
index 41789e6fa6fe..b6bd4affd9ad 100644
--- a/fs/jffs2/nodemgmt.c
+++ b/fs/jffs2/nodemgmt.c
@@ -179,6 +179,7 @@ int jffs2_reserve_space(struct jffs2_sb_info *c, uint32_t minsize,
 					spin_unlock(&c->erase_completion_lock);
 
 					schedule();
+					remove_wait_queue(&c->erase_wait, &wait);
 				} else
 					spin_unlock(&c->erase_completion_lock);
 			} else if (ret)