Thank you for that investigation.

On Monday 19 December 2005 15:38, Yong Kwan Park wrote:
> Hi all,
>
> I had a problem related with hard link in yaffs2.
>
> A problem occured in the following two deleted objects.
>
> yaffs_Object  obj1
>       variantType = YAFFS_OBJECT_TYPE_HARDLINK
>       objectId = 6036
>       variant.hardLinkVariant.equivalentObjectId = 6010
>       deleted = 1
>
> yaffs_Object  obj2
>        variantType = YAFFS_OBJECT_TYPE_HARDLINK
>        objectId = 5816
>        variant.hardLinkVariant.equivalentObjectId = 6036
>        deleted = 1
>
> An error took place in the function yaffs_ScanBackwards.
>
> Line 4896
>
> case YAFFS_OBJECT_TYPE_HARDLINK:
>
>        in->variant.hardLinkVariant.equivalentObjectId =
>
>              oh->equivalentObjectId;
>
>        in->hardLinks.next =
>
>              (struct list_head *) hardList;
>
>        hardList = in;
>
>        break;


Hmmm. Something is going wrong here. A hard link's equivalent object should 
never be another hard link. It looks like something is broken in the hard 
link handling when deleted objects are being linked to.

>
>
>
> Obj1 was the first object to be executed in the previous code.
>
> Therefore, obj1->hardLinks.next = NULL;
>
> Because hardList was initialized to NULL in line 4432.
>
>
>
> This makes an error in the following code.
>
>
>
> Line 4953
>
> if (in) {
>
>         /* Add the hardlink pointers */
>
>         hl->variant.hardLinkVariant.equivalentObject = in;
>
>         list_add(&hl->hardLinks, &in->hardLinks);
>
> } else {
>
>         /* Todo Need to report/handle this better.
>
>           * Got a problem... hardlink to a non-existant object
>
>           */
>
>          hl->variant.hardLinkVariant.equivalentObject = NULL;
>
>          INIT_LIST_HEAD(&hl->hardLinks);
>
>
>
> }
>
>
>
> In line 4956, there is list_add(&hl->hardLinks, &in->hardLinks).
>
> In this case, "in" can be obj1 and "hl" can be obj2.
>
> But obj1->hardLinks.next was initialized to NULL in line 4899.
>
> So NULL pointer is referenced in list_add.
>
>
>
> This problem was caused because a deleted hard link referred to
>
> the other deleted hard link.
>
> The other reason is that deleted hard links were set up.
>
>
>
> I solved this problem like this.
>
>
>
> 4897,4901c4897,4904
>
> <                       in->variant.hardLinkVariant.equivalentObjectId =
>
> <                           oh->equivalentObjectId;
>
> <                       in->hardLinks.next =
>
> <                           (struct list_head *) hardList;
>
> <                       hardList = in;
>
> ---
>
> >                       if (in->deleted == 0)
> >
> >                       {
> >
> >                           in->variant.hardLinkVariant.equivalentObjectId
> > =
> >
> >                               oh->equivalentObjectId;
> >
> >                           in->hardLinks.next =
> >
> >                               (struct list_head *) hardList;
> >
> >                           hardList = in;
> >
> >                       }

I am pretty sure that this is the correct way to fix it.

A hardlink that has been deleted should not be linked to anything.

I have made this change to CVS, but I will be investigating things a bit 
further.