aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/mtd/ubi/eba.c
Commit message (Collapse)AuthorAge
* UBI: Fastmap: Locking updatesRichard Weinberger2015-03-26
| | | | | | | | | | | | a) Rename ubi->fm_sem to ubi->fm_eba_sem as this semaphore protects EBA changes. b) Turn ubi->fm_mutex into a rw semaphore. It will still serialize fastmap writes but also ensures that ubi_wl_put_peb() is not interrupted by a fastmap write. We use a rw semaphore to allow ubi_wl_put_peb() still to be executed in parallel if no fastmap write is happening. Signed-off-by: Richard Weinberger <richard@nod.at>
* UBI: Fastmap: Fix race after ubi_wl_get_peb()Richard Weinberger2015-03-26
| | | | | | | | | | | | | | | | | | | | ubi_wl_get_peb() returns a fresh PEB which can be used by user of UBI. Due to the pool logic fastmap will correctly map this PEB upon attach time because it will be scanned. If a new fastmap is written (due to heavy parallel io) while the before the fresh PEB is assigned to the EBA table it will not be scanned as it is no longer in the pool. So, the race window exists between ubi_wl_get_peb() and the EBA table assignment. We have to make sure that no new fastmap can be written while that. To ensure that ubi_wl_get_peb() will grab ubi->fm_sem in read mode and the user of ubi_wl_get_peb() has to release it after the PEB got assigned. Signed-off-by: Richard Weinberger <richard@nod.at>
* UBI: Fastmap: Fix race in ubi_eba_atomic_leb_change()Richard Weinberger2015-03-26
| | | | | | | | | | | | | | | | | This function a) requests a new PEB, b) writes data to it, c) returns the old PEB and d) registers the new PEB in the EBA table. For the non-fastmap case this works perfectly fine and is powercut safe. Is fastmap enabled this can lead to issues. If a new fastmap is written between a) and c) the freshly requested PEB is no longer in a pool and will not be scanned upon attaching. If now a powercut happens between c) and d) the freshly requested PEB will not be scanned and the old one got already scheduled for erase. After attaching the EBA table will point to a erased PEB. Fix this issue by swapping steps c) and d). Signed-off-by: Richard Weinberger <richard@nod.at>
* UBI: fix out of bounds writeBrian Norris2015-03-26
| | | | | | | | | | | If aeb->len >= vol->reserved_pebs, we should not be writing aeb into the PEB->LEB mapping. Caught by Coverity, CID #711212. Cc: stable <stable@vger.kernel.org> Signed-off-by: Brian Norris <computersforpeace@gmail.com> Signed-off-by: Richard Weinberger <richard@nod.at>
* UBI: fix missing brace control flowBrian Norris2015-02-23
| | | | | | | | | | | | | commit 0e707ae79ba3 ("UBI: do propagate positive error codes up") seems to have produced an unintended change in the control flow here. Completely untested, but it looks obvious. Caught by Coverity, which didn't like the indentation. CID 1271184. Signed-off-by: Brian Norris <computersforpeace@gmail.com> Cc: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Richard Weinberger <richard@nod.at>
* UBI: do propagate positive error codes upArtem Bityutskiy2015-01-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | UBI uses positive function return codes internally, and should not propagate them up, except in the place this path fixes. Here is the original bug report from Dan Carpenter: The problem is really in ubi_eba_read_leb(). drivers/mtd/ubi/eba.c 412 err = ubi_io_read_vid_hdr(ubi, pnum, vid_hdr, 1); 413 if (err && err != UBI_IO_BITFLIPS) { 414 if (err > 0) { 415 /* 416 * The header is either absent or corrupted. 417 * The former case means there is a bug - 418 * switch to read-only mode just in case. 419 * The latter case means a real corruption - we 420 * may try to recover data. FIXME: but this is 421 * not implemented. 422 */ 423 if (err == UBI_IO_BAD_HDR_EBADMSG || 424 err == UBI_IO_BAD_HDR) { 425 ubi_warn("corrupted VID header at PEB %d, LEB %d:%d", 426 pnum, vol_id, lnum); 427 err = -EBADMSG; 428 } else 429 ubi_ro_mode(ubi); On this path we return UBI_IO_FF and UBI_IO_FF_BITFLIPS and it eventually gets passed to ERR_PTR(). We probably dereference the bad pointer and oops. At that point we've gone read only so it was already a bad situation... 430 } 431 goto out_free; 432 } else if (err == UBI_IO_BITFLIPS) 433 scrub = 1; 434 Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
* UBI: Add initial support for scatter gatherRichard Weinberger2015-01-28
| | | | | | | | | | | | Adds a new set of functions to deal with scatter gather. ubi_eba_read_leb_sg() will read from a LEB into a scatter gather list. The new data structure struct ubi_sgl will be used within UBI to hold the scatter gather list itself and metadata to have a cursor within the list. Signed-off-by: Richard Weinberger <richard@nod.at> Tested-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar> Reviewed-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
* UBI: Extend UBI layer debug/messaging capabilitiesTanya Brokhman2014-11-07
| | | | | | | | | | | | | | If there is more then one UBI device mounted, there is no way to distinguish between messages from different UBI devices. Add device number to all ubi layer message types. The R/O block driver messages were replaced by pr_* since ubi_device structure is not used by it. Amended a bit by Artem. Signed-off-by: Tanya Brokhman <tlinder@codeaurora.org> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
* UBI: ubi_eba_read_leb: Remove in vain variable assignmentRichard Weinberger2014-09-26
| | | | | | | | | | There is no need to set err, it will be overwritten in any case later at: if (scrub) err = ubi_wl_scrub_peb(ubi, pnum); Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
* UBI: Wire-up ->fm_semRichard Weinberger2012-10-03
| | | | | | | | Fastmap uses ->fm_sem to stop EBA changes while writing a new fastmap. Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
* UBI: Add self_check_eba()Richard Weinberger2012-10-03
| | | | | | | | self_check_eba() compares two ubi_attach_info objects. Fastmap uses this function for self checks. Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
* UBI: Export next_sqnum()Richard Weinberger2012-10-03
| | | | | | | | Fastmap needs next_sqnum(), rename it to ubi_next_sqnum() and make it non-static. Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
* UBI: comply with coding styleArtem Bityutskiy2012-09-04
| | | | | | Join all the split printk lines in order to stop checkpatch complaining. Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
* UBI: add lnum and vol_id to struct ubi_workJoel Reardon2012-05-21
| | | | | | | | | | | | | | | | | | | | | This is part of a multipart patch to allow UBI to force the erasure of particular logical eraseblock numbers. In this patch, the volume id and LEB number are added to ubi_work data structure, and both are also passed as a parameter to schedule erase to set it appropriately. Whenever ubi_wl_put_peb is called, the lnum is also passed to be forwarded to schedule erase. Later, a new ubi_sync_lnum will be added to execute immediately all work related to that lnum. This was tested by outputting the vol_id and lnum during the schedule of erasure. The ubi thread was disabled and two ubifs drives on separate partitions repeated changed a small number of LEBs. The ubi module was readded, and all the erased LEBs, corresponding to the volumes, were added to the schedule erase queue. Artem: minor tweaks Signed-off-by: Joel Reardon <reardonj@inf.ethz.ch> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
* UBI: rename _init_scan functionsArtem Bityutskiy2012-05-20
| | | | | | | | | | We have a couple of initialization funcntionsn left which have "_scan" suffic - rename them: ubi_eba_init_scan() -> ubi_eba_init() ubi_wl_init_scan() -> ubi_wl_init() Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
* UBI: rename ubi_scan_move_to_listArtem Bityutskiy2012-05-20
| | | | | | The old name is not logical anymore - rename it to 'ubi_move_aeb_to_list()'. Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
* UBI: rename ubi_scan_find_avArtem Bityutskiy2012-05-20
| | | | | | The old name is not logical anymore - rename it to 'ubi_find_av()'. Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
* UBI: rename sv to avArtem Bityutskiy2012-05-20
| | | | | | | | | After re-naming the 'struct ubi_scan_volume' we should adjust all variables named 'sv' to something else, because 'sv' stands for "scanning volume". Let's rename it to 'av' which stands for "attaching volume" which is a bit more consistent and has the same length, which makes re-naming easy. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@linux.intel.com>
* UBI: rename si to aiArtem Bityutskiy2012-05-20
| | | | | | | | | After re-naming the 'struct ubi_scan_info' we should adjust all variables named 'si' to something else, because 'si' stands for "scanning info". Let's rename it to 'ai' which stands for "attaching info" which is a bit more consistent and has the same length, which makes re-naming easy. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@linux.intel.com>
* UBI: rename seb to aebArtem Bityutskiy2012-05-20
| | | | | | | | | After re-naming the 'struct ubi_scan_leb' we should adjust all variables named 'seb' to something else, because 'seb' stands for "scanning eraseblock". Let's rename it to 'aeb' which stands for "attaching eraseblock" which is a bit more consistend and has the same length. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@linux.intel.com>
* UBI: rename struct ubi_scan_infoArtem Bityutskiy2012-05-20
| | | | | | | | | | Rename 'struct ubi_scan_info' to 'struct ubi_attach_info'. This is part of the code re-structuring I am trying to do in order to add fastmap in a more logical way. Fastmap can share a lot with scanning, including the attach-time data structures, which all now have "scan" word in the name. Let's get rid of this word. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@linux.intel.com>
* UBI: rename struct ubi_scan_volumeArtem Bityutskiy2012-05-20
| | | | | | | | | | | | Rename 'struct ubi_scan_volume' to 'struct ubi_ainf_volume'. This is part of the code re-structuring I am trying to do in order to add fastmap in a more logical way. Fastmap can share a lot with scanning, including the attach-time data structures, which all now have "scan" word in the name. Let's get rid of this word and use "ainf" instead which stands for "attach information". It has the same length as "scan" so re-naming is trivial. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@linux.intel.com>
* UBI: rename struct ubi_scan_lebArtem Bityutskiy2012-05-20
| | | | | | | | | | | | Rename 'struct ubi_scan_leb' to 'struct ubi_ainf_leb'. This is part of the code re-structuring I am trying to do in order to add fastmap in a more logical way. Fastmap can share a lot with scanning, including the attach-time data structures, which all now have "scan" word in the name. Let's get rid of this word and use "ainf" instead which stands for "attach information". It has the same length as "scan" so re-naming is trivial. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@linux.intel.com>
* UBI: Kill data type hintRichard Weinberger2012-05-20
| | | | | | | | | | | We do not need this feature and to our shame it even was not working and there was a bug found very recently. -- Artem Bityutskiy Without the data type hint UBI2 (fastmap) will be easier to implement. Signed-off-by: Richard Weinberger <richard@nod.at> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
* UBI: rename MOVE_CANCEL_BITFLIPS to MOVE_TARGET_BITFLIPSArtem Bityutskiy2012-03-09
| | | | | | | | While looking at a problem reported by UBI around the PEB moving area I noticed that the 'MOVE_CANCEL_BITFLIPS' is a bit inconsistent name and 'MOVE_TARGET_BITFLIPS' better - let's rename it. Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
* UBI: rename peb_buf1 to peb_bufArtem Bityutskiy2012-03-09
| | | | | | Now we have only one buffer so let's rename it to just 'peb_buf1'. Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
* UBI: reduce memory consumptionJosselin Costanzi2012-03-09
| | | | | | | | | | | | Remove the pre-allocated 'peb_buf2' buffer because we do not really need it. The only reason UBI has it is to check that the data were written correctly. But we do not have to have 2 buffers for this and waste RAM - we can just compare CRC checksums instead. This reduces UBI memory consumption. Artem bityutskiy: massaged the patch and commit message Signed-off-by: Josselin Costanzi <josselin.costanzi@mobile-devices.fr> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
* UBI: fix missing scrub when there is a bit-flipBhavesh Parekh2011-11-30
| | | | | | | | | | | Under some cases, when scrubbing the PEB if we did not get the lock on the PEB it fails to scrub. Add that PEB again to the scrub list Artem: minor amendments. Cc: stable@kernel.org [2.6.31+] Signed-off-by: Bhavesh Parekh <bparekh@nvidia.com> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
* mtd: utilize `mtd_is_*()' functionsBrian Norris2011-09-21
| | | | | Signed-off-by: Brian Norris <computersforpeace@gmail.com> Signed-off-by: Artem Bityutskiy <artem.bityutskiy@intel.com>
* UBI: preserve corrupted PEBsArtem Bityutskiy2010-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | Currently UBI erases all corrupted eraseblocks, irrespectively of the nature of corruption: corruption due to power cuts and non-power cut corruption. The former case is OK, but the latter is not, because UBI may destroy potentially important data. With this patch, during scanning, when UBI hits a PEB with corrupted VID header, it checks whether this PEB contains only 0xFF data. If yes, it is safe to erase this PEB and it is put to the 'erase' list. If not, this may be important data and it is better to avoid erasing this PEB. Instead, UBI puts it to the corr list and moves out of the pool of available PEB. IOW, UBI preserves this PEB. Such corrupted PEB lessen the amount of available PEBs. So the more of them we accumulate, the less PEBs are available. The maximum amount of non-power cut corrupted PEBs is 8. This patch is a response to UBIFS problem where reporter (Matthew L. Creech <mlcreech@gmail.com>) observes that UBIFS index points to an unmapped LEB. The theory is that corresponding PEB somehow got corrupted and UBI wiped it. This patch (actually a series of patches) tries to make sure such PEBs are preserved - this would make it is easier to analyze the corruption. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBI: rename IO error codeArtem Bityutskiy2010-10-19
| | | | | | | | | Rename UBI_IO_BAD_HDR_READ into UBI_IO_BAD_HDR_EBADMSG which is presumably more self-documenting and readable. Indeed, the '_READ' suffix does not tell much and even confuses, while '_EBADMSG' tells about uncorrectable ECC error, because we use -EBADMSG all over the place to represent ECC errors. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBI: do not warn unnecessarilyArtem Bityutskiy2010-08-02
| | | | | | | | | | | | | | | Currently, when UBI attaches an MTD device and cannot reserve all 1% (by default) of PEBs for bad eraseblocks handling, it prints a warning. However, Matthew L. Creech <mlcreech@gmail.com> is not very happy to see this warning, because he did reserve enough of PEB at the beginning, but with time some PEBs became bad. The warning is not necessary in this case. This patch makes UBI print the warning o if this is a new image o of this is used image and the amount of reserved PEBs is only 10% (or less) of the size of the reserved PEB pool. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBI: introduce a new IO return codeArtem Bityutskiy2010-06-04
| | | | | | | | | | | | | | | | | This patch introduces the %UBI_IO_BAD_HDR_READ return code for the I/O level function. We will use this code in order to distinguish between "corrupted header possibly because this is non-ubi data" and "corrupted header possibly because of real data corruption and ECC error". So far this patch does not introduce any functional change, just a preparation. This patch is pased on a patch from Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com> Reviewed-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Tested-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
* UBI: simplify IO error codesArtem Bityutskiy2010-06-04
| | | | | | | | | | | | | We do not really need 2 separate error codes for indicating bad VID and bad EC headers (UBI_IO_BAD_EC_HDR, UBI_IO_BAD_VID_HDR), it is enough to have only one UBI_IO_BAD_HDR return code. This patch does not introduce any functional change, only some code simplification. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com> Reviewed-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> Tested-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
* trivial: fix typo "to to" in multiple filesAnand Gadiyar2009-09-21
| | | | | Signed-off-by: Anand Gadiyar <gadiyar@ti.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
* UBI: fix double free on error pathAdrian Hunter2009-07-24
| | | | | | | | | | If we fail in 'ubi_eba_init_scan()', we free 'ubi->volumes[i]->eba_tbl' in there, but also later free it in 'free_internal_volumes()'. Fix this by assigning NULL to 'ubi->volumes[i]->eba_tbl' after it is freed. Signed-off-by: Adrian Hunter <adrian.hunter@nokia.com> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBI: handle more error codesArtem Bityutskiy2009-06-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | The UBIFS WL worker may encounter read errors and there is logic which makes a decision whether we should do one of: 1. cancel the operation and move the PEB with the read errors to the 'erroneous' list; 2. switch to R/O mode. ATM, only -EIO errors trigger 1., other errors trigger 2. The idea is that if we know we encountered an I/O error, do 1. Otherwise, we do not know how to react, and do 2., just in case. E.g., if the underlying driver became crazy because of a bug, we do not want to harm any data, and switch to R/O mode. This patch does 2 things: 1. Makes sure reads from the source PEB always cause 1. This is more consistent with other reads which come from the upper layers and never cause R/O. 2. Teaches UBI to do 1. also on -EBADMSG, UBI_IO_BAD_VID_HDR, -ENOMEM, and -ETIMEOUT. But this is only when reading the target PEB. This preblems were hunted by Adrian Hunter. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBI: fix multiple spelling typosArtem Bityutskiy2009-06-10
| | | | | | | Some of the typos were indicated by Adrian Hunter, some by 'aspell'. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBI: do not switch to R/O mode on read errorsArtem Bityutskiy2009-06-02
| | | | | | | | | | | | | | | | | | | | | | | | This patch improves UBI errors handling. ATM UBI switches to R/O mode when the WL worker fails to read the source PEB. This means that the upper layers (e.g., UBIFS) has no chances to unmap the erroneous PEB and fix the error. This patch changes this behaviour and makes UBI put PEBs like this into a separate RB-tree, thus preventing the WL worker from hitting the same read errors again and again. But there is a 10% limit on a maximum amount of PEBs like this. If there are too much of them, UBI switches to R/O mode. Additionally, this patch teaches UBI not to panic and switch to R/O mode if after a PEB has been copied, the target LEB cannot be read back. Instead, now UBI cancels the operation and schedules the target PEB for torturing. The error paths has been tested by ingecting errors into 'ubi_eba_copy_leb()'. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBI: fix and clean-up error paths in WL workerArtem Bityutskiy2009-06-02
| | | | | | | | | This patch fixes the error path in the WL worker - in same cases UBI oopses when 'goto out_error' happens and e1 or e2 are NULL. This patch also cleans up the error paths a little. And I have tested nearly all error paths in the WL worker. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBI: introduce new constantsArtem Bityutskiy2009-06-02
| | | | | | | | This patch is a clean-up and a preparation for the following patches. It introduece constants for the return values of the 'ubi_eba_copy_leb()' function. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* trivial: fix then -> than typos in comments and documentationFrederik Schwarzer2009-01-06
| | | | | | | - (better, more, bigger ...) then -> (...) than Signed-off-by: Frederik Schwarzer <schwarzerf@gmail.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
* UBI: handle write errors in WL workerArtem Bityutskiy2008-12-05
| | | | | | | | | When a PEB is moved and a write error happens, UBI switches to R/O mode, which is wrong, because we just copy the data and may select a different PEB and re-try this. This patch fixes WL worker's behavior. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBI: fix deadlockArtem Bityutskiy2008-12-05
| | | | | | | | | We cannot call 'ubi_wl_get_peb()' with @ubi->buf_mutex locked, because 'ubi_wl_get_peb()' may force erasure, which, in turn, may call 'torture_peb()' which also locks the @ubi->buf_mutex and deadlocks. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBI: fix EBADMSG handlingZoltan Sogor2008-11-06
| | | | | | | | | | | 'ubi_io_read_data()' may return EBADMSG in case of an ECC error, and we should not panic because of this. We have CRC32 checksum and may check the data. So just ignore the EBADMSG error. This patch also fixes a minor spelling error at the same time. Signed-off-by: Zoltan Sogor <weth@inf.u-szeged.hu> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBI: fix checkpatch.pl errors and warningsArtem Bityutskiy2008-07-24
| | | | | | | | Just out or curiousity ran checkpatch.pl for whole UBI, and discovered there are quite a few of stylistic issues. Fix them. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBI: bugfix - do not torture PEB needlesslyArtem Bityutskiy2008-07-24
| | | | | | | This is probably a copy-paste bug - we torture the old PEB in the atomic LEB change function, but we should not do this. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBI: amend commentariesArtem Bityutskiy2008-07-24
| | | | | | | Hch asked not to use "unit" for sub-systems, let it be so. Also some other commentaries modifications. Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBI: fix LEB lockingArtem Bityutskiy2008-07-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | leb_read_unlock() may be called simultaniously by several tasks. The would race at the following code: up_read(&le->mutex); if (free) kfree(le); And it is possible that one task frees 'le' before the other tasks do 'up_read()'. Fix this by doing up_read and free inside the 'ubi->ltree' lock. Below it the oops we had because of this: BUG: spinlock bad magic on CPU#0, integck/7504 BUG: unable to handle kernel paging request at 6b6b6c4f IP: [<c0211221>] spin_bug+0x5c/0xdb *pde = 00000000 Oops: 0000 [#1] PREEMPT SMP Modules linked in: ubifs ubi nandsim nand nand_ids nand_ecc video output Pid: 7504, comm: integck Not tainted (2.6.26-rc3ubifs26 #8) EIP: 0060:[<c0211221>] EFLAGS: 00010002 CPU: 0 EIP is at spin_bug+0x5c/0xdb EAX: 00000032 EBX: 6b6b6b6b ECX: 6b6b6b6b EDX: f7f7ce30 ESI: f76491dc EDI: c044f51f EBP: e8a736cc ESP: e8a736a8 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 Process integck (pid: 7504, ti=e8a72000 task=f7f7ce30 task.ti=e8a72000) Stack: c044f754 c044f51f 00000000 f7f7d024 00001d50 00000001 f76491dc 00000296 f6df50e0 e8a736d8 c02112f0 f76491dc e8a736e8 c039157a f7d9e830 f76491d8 e8a7370c c020b975 f76491dc 00000296 f76491f8 00000000 f76491d8 00000000 Call Trace: [<c02112f0>] ? _raw_spin_unlock+0x50/0x7c [<c039157a>] ? _spin_unlock_irqrestore+0x20/0x58 [<c020b975>] ? rwsem_wake+0x4b/0x122 [<c0390e0a>] ? call_rwsem_wake+0xa/0xc [<c0139ee7>] ? up_read+0x28/0x31 [<f8873b3c>] ? leb_read_unlock+0x73/0x7b [ubi] [<f88742a3>] ? ubi_eba_read_leb+0x195/0x2b0 [ubi] [<f8872a04>] ? ubi_leb_read+0xaf/0xf8 [ubi] Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
* UBI: fix memory leakArtem Bityutskiy2008-07-24
| | | | | | | | | ubi_free_volume() function sets ubi->volumes[] to NULL, so ubi_eba_close() is useless, it does not free what has to be freed. So zap it and free vol->eba_tbl at the volume release function. Pointed-out-by: Adrian Hunter <ext-adrian.hunter@nokia.com> Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>