From: Baokun Li <libaokun1@huawei.com>
Date: Mon, 15 Nov 2021 01:31:43 +0000 (+0800)
Subject: ubifs: fix double return leb in ubifs_garbage_collect
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=0d76502172d83e1e09aedbdced3d8be0ef1abcb5;p=linux.git

ubifs: fix double return leb in ubifs_garbage_collect

If ubifs_garbage_collect_leb() returns -EAGAIN and enters the "out"
branch, ubifs_return_leb will execute twice on the same lnum. This
can cause data loss in concurrency situations.

Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
---

diff --git a/fs/ubifs/gc.c b/fs/ubifs/gc.c
index 05e1eeae84579..1f74a127fe3a0 100644
--- a/fs/ubifs/gc.c
+++ b/fs/ubifs/gc.c
@@ -758,6 +758,8 @@ int ubifs_garbage_collect(struct ubifs_info *c, int anyway)
 				err = ubifs_return_leb(c, lp.lnum);
 				if (err)
 					ret = err;
+				/*  Maybe double return LEB if goto out */
+				lp.lnum = -1;
 				break;
 			}
 			goto out;