From: Li Zefan <lizefan@xxxxxxxxxx> Subject: jffs2: remove wait queue after schedule() @wait is a local variable, so if we don't remove it from the wait queue list, later wake_up() may end up accessing invalid memory. This was spotted by eyes. Signed-off-by: Li Zefan <lizefan@xxxxxxxxxx> Cc: David Woodhouse <dwmw2@xxxxxxxxxxxxx> Cc: Brian Norris <computersforpeace@xxxxxxxxx> Cc: Artem Bityutskiy <artem.bityutskiy@xxxxxxxxxxxxxxx> Cc: <stable@xxxxxxxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- fs/jffs2/nodemgmt.c | 1 + 1 file changed, 1 insertion(+) diff -puN fs/jffs2/nodemgmt.c~jffs2-remove-wait-queue-after-schedule fs/jffs2/nodemgmt.c --- a/fs/jffs2/nodemgmt.c~jffs2-remove-wait-queue-after-schedule +++ a/fs/jffs2/nodemgmt.c @@ -179,6 +179,7 @@ int jffs2_reserve_space(struct jffs2_sb_ spin_unlock(&c->erase_completion_lock); schedule(); + remove_wait_queue(&c->erase_wait, &wait); } else spin_unlock(&c->erase_completion_lock); } else if (ret) _ -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html