This is a note to let you know that I've just added the patch titled jffs2: remove from wait queue after schedule() to the 3.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: jffs2-remove-from-wait-queue-after-schedule.patch and it can be found in the queue-3.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 3ead9578443b66ddb3d50ed4f53af8a0c0298ec5 Mon Sep 17 00:00:00 2001 From: Li Zefan <lizefan@xxxxxxxxxx> Date: Wed, 12 Feb 2014 12:44:57 -0800 Subject: jffs2: remove from wait queue after schedule() From: Li Zefan <lizefan@xxxxxxxxxx> commit 3ead9578443b66ddb3d50ed4f53af8a0c0298ec5 upstream. @wait is a local variable, so if we don't remove it from the wait queue list, later wake_up() may end up accessing invalid memory. This was spotted by eyes. Signed-off-by: Li Zefan <lizefan@xxxxxxxxxx> Cc: David Woodhouse <dwmw2@xxxxxxxxxxxxx> Cc: Artem Bityutskiy <artem.bityutskiy@xxxxxxxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> Signed-off-by: Brian Norris <computersforpeace@xxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/jffs2/nodemgmt.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/jffs2/nodemgmt.c +++ b/fs/jffs2/nodemgmt.c @@ -139,6 +139,7 @@ int jffs2_reserve_space(struct jffs2_sb_ spin_unlock(&c->erase_completion_lock); schedule(); + remove_wait_queue(&c->erase_wait, &wait); } else spin_unlock(&c->erase_completion_lock); } else if (ret) Patches currently in stable-queue which might be from lizefan@xxxxxxxxxx are queue-3.4/jffs2-avoid-soft-lockup-in-jffs2_reserve_space_gc.patch queue-3.4/jffs2-remove-from-wait-queue-after-schedule.patch -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html