[3.11.y.z extended stable] Patch "jffs2: remove from wait queue after schedule()" has been added to staging queue

[Luis Henriques]

This is a note to let you know that I have just added a patch titled

    jffs2: remove from wait queue after schedule()

to the linux-3.11.y-queue branch of the 3.11.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.11.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.11.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Luis

------

>From 68466d07932932f5be55b0ad4cd605f2ae29cb6e Mon Sep 17 00:00:00 2001
From: Li Zefan <lizefan at huawei.com>
Date: Wed, 12 Feb 2014 12:44:57 -0800
Subject: jffs2: remove from wait queue after schedule()

commit 3ead9578443b66ddb3d50ed4f53af8a0c0298ec5 upstream.

@wait is a local variable, so if we don't remove it from the wait queue
list, later wake_up() may end up accessing invalid memory.

This was spotted by eyes.

Signed-off-by: Li Zefan <lizefan at huawei.com>
Cc: David Woodhouse <dwmw2 at infradead.org>
Cc: Artem Bityutskiy <artem.bityutskiy at linux.intel.com>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Brian Norris <computersforpeace at gmail.com>
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
 fs/jffs2/nodemgmt.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/jffs2/nodemgmt.c b/fs/jffs2/nodemgmt.c
index 0331072..bbae5b1 100644
--- a/fs/jffs2/nodemgmt.c
+++ b/fs/jffs2/nodemgmt.c
@@ -179,6 +179,7 @@ int jffs2_reserve_space(struct jffs2_sb_info *c, uint32_t minsize,
 					spin_unlock(&c->erase_completion_lock);

 					schedule();
+					remove_wait_queue(&c->erase_wait, &wait);
 				} else
 					spin_unlock(&c->erase_completion_lock);
 			} else if (ret)
--
1.9.1