In list "super_blocks" ubifs collects allocated super_block
structs. U-Boot frees on unmount the allocated struct,
so the pointer stored in this list is free after the umount.
On a new ubifs mount, the new allocated super_block struct
get inserted into the super_blocks list ... which contains
now a freed pointer, and the list_add_tail() corrupts the
freed memory ...
2 solutions are possible:
- remove the super_block from the super_blocks list
on umount
- as U-Boot does not use the super_blocks list ...
remove it complete for U-Boot.
Both solutions should not introduce problems for porting
to newer linux version, so this patch removes the unused
super_blocks list, as it saves code size and execution
time.
Signed-off-by: Heiko Schocher <h...@denx.de>
---
pollux:u-boot hs [work] $ ./tools/buildman/buildman arm -s
boards.cfg is up to date. Nothing to do.
Summary of current source for 546 boards (8 threads, 1 job per thread)
(no errors to report)
pollux:u-boot hs [work] $
fs/ubifs/super.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
index dcf3a47..effa8d9 100644
--- a/fs/ubifs/super.c
+++ b/fs/ubifs/super.c
@@ -48,7 +48,6 @@ struct vfsmount;
#define INODE_LOCKED_MAX 64
struct super_block *ubifs_sb;
-LIST_HEAD(super_blocks);
static struct inode *inodes_locked_down[INODE_LOCKED_MAX];
@@ -2425,10 +2424,10 @@ retry:
s->s_type = type;
#ifndef __UBOOT__
strlcpy(s->s_id, type->name, sizeof(s->s_id));
+ list_add_tail(&s->s_list, &super_blocks);
#else
strncpy(s->s_id, type->name, sizeof(s->s_id));
#endif
- list_add_tail(&s->s_list, &super_blocks);
hlist_add_head(&s->s_instances, &type->fs_supers);
#ifndef __UBOOT__
spin_unlock(&sb_lock);
--
2.5.0
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
