Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/fs/ubifs
History
Adam Thomas 8a4188e2d8 UBIFS: fix double free of ubifs_orphan objects 
commit 8afd500cb5 upstream.

The last orphan in the dnext list has its dnext set to NULL. Because
of that, ubifs_delete_orphan assumes that it is not on the dnext list
and frees it immediately instead ignoring it as a second delete. The
orphan is later freed again by erase_deleted.

This change adds an explicit flag to ubifs_orphan indicating whether
it is pending delete.

Signed-off-by: Adam Thomas <adamthomas1111@gmail.com>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
[bwh: Backported to 3.2: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Cc: Rui Xiang <rui.xiang@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2014-03-11 16:10:05 -07:00
..
budget.c
commit.c
compress.c
debug.c
debug.h
dir.c UBIFS: fix a horrid bug 2013-07-03 10:59:05 -07:00
file.c
find.c
gc.c
io.c
ioctl.c
journal.c
Kconfig
key.h
log.c
lprops.c
lpt.c
lpt_commit.c
Makefile
master.c
misc.h
orphan.c UBIFS: fix double free of ubifs_orphan objects 2014-03-11 16:10:05 -07:00
recovery.c
replay.c
sb.c
scan.c
shrinker.c
super.c
tnc.c
tnc_commit.c
tnc_misc.c
ubifs-media.h
ubifs.h UBIFS: fix double free of ubifs_orphan objects 2014-03-11 16:10:05 -07:00
xattr.c