Hi Chris (Sorry about calling you David) I have just committed a change for the symlink hanging pointer issue you raised. It is a bit more verbose than yours but I think it does the right thing. I shall be testing it more and running Valgrind testing too. http://www.aleph1.co.uk/cgi-bin/viewcvs.cgi/yaffs2/yaffs_guts.c?r1=1.95&r2=1.96 -- Charles On Wednesday 02 December 2009 14:07:44 Charles Manning wrote: > Thanks David > > There is definitely a problem if you unlink a symlink. > > I am a bit concerned about the apporach you propose because I don't like > the idea of using the object after it has been deleted. > > Instead I propose to do something like: > static int yaffs_DeleteSymLink(yaffs_Object * in) > { > YFREE(in->variant.symLinkVariant.alias); > + in->variant.symLinkVariant = NULL; > return yaffs_DoGenericObjectDeletion(in); > } > > then handling a NULL value properly where need be. > > -- Charles > > On Wednesday 02 December 2009 12:58:52 Charles Manning wrote: > > What do you mean by "no longer mountable"? > > > > I'll take a look at your analysis to see what's going on. > > > > -- Charles > > > > On Wednesday 02 December 2009 11:33:52 Chris David wrote: > > > Hello, > > > > > > I've been trying to figure out why sometimes our NAND device becomes > > > corrupt and is no longer mountable. The symptom appears to be that in > > > the yaffs_ScanBackwards function, around line 6719 in yaffs_guts.c, > > > under the YAFFS_OBJECT_TYPE_SYMLINK case, there is a call: > > > yaffs_CloneString(oh->alias), and this is returning an empty string. > > > How could this happen? Well, I have a possible explanation and a > > > patch. > > > > > > diff -u build_mipsel/linux-2.6.23-msp2/fs/yaffs2/yaffs_guts.c.orig > > > build_mipsel/linux-2.6.23-msp2/fs/yaffs2/yaffs_guts.c --- > > > build_mipsel/linux-2.6.23-msp2/fs/yaffs2/yaffs_guts.c.orig 2009-12-01 > > > 14:41:27.000000000 -0800 +++ > > > build_mipsel/linux-2.6.23-msp2/fs/yaffs2/yaffs_guts.c 2009-12-01 > > > 14:42:21.000000000 -0800 @@ -5157,9 +5157,10 @@ > > > > > > static int yaffs_DeleteSymLink(yaffs_Object * in) > > > { > > > + int retv; > > > + retv = yaffs_DoGenericObjectDeletion(in); > > > YFREE(in->variant.symLinkVariant.alias); > > > - > > > - return yaffs_DoGenericObjectDeletion(in); > > > + return retv; > > > } > > > > > > static int yaffs_DeleteHardLink(yaffs_Object * in) > > > > > > I observed the following by analyzing the code. There could be a call > > > stack as follows: > > > > > > yaffs_DeleteSymLink(yaffs_Object * in) > > > yaffs_DoGenericObjectDeletion(in) > > > yaffs_ChangeObjectName(in, ... > > > yaffs_UpdateObjectHeader(obj, ... > > > > > > which gets to about line 3806 (still yaffs_guts.c), where there is: > > > yaffs_strncpy(oh->alias, > > > in->variant.symLinkVariant.alias, > > > YAFFS_MAX_ALIAS_LENGTH); > > > > > > well, in->variant.symLinkVariant.alias is already freed at this point. > > > The above patch would fix this. > > > > > > I am not 100% confident in my findings. Does anyone agree that this > > > could be a real bug? I was thinking that if > > > in->myDev->deletedDir->variantType is set to something other than > > > YAFFS_OBJECT_TYPE_DIRECTORY, perhaps it isn't. > > > > > > Thanks, > > > > > > -Chris > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > yaffs mailing list > > > yaffs@lists.aleph1.co.uk > > > http://lists.aleph1.co.uk/cgi-bin/mailman/listinfo/yaffs > > > > _______________________________________________ > > yaffs mailing list > > yaffs@lists.aleph1.co.uk > > http://lists.aleph1.co.uk/cgi-bin/mailman/listinfo/yaffs > > _______________________________________________ > yaffs mailing list > yaffs@lists.aleph1.co.uk > http://lists.aleph1.co.uk/cgi-bin/mailman/listinfo/yaffs