lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

quota: Fix possible oops in __dquot_initialize()

Browse Source 
When quotaon(8) races with __dquot_initialize() or dqget() fails because
of EIO, ENOSPC, or similar error, we could possibly dereference NULL pointer
in inode->i_dquot[cnt]. Add proper checking.

Reported-by: Dmitry Monakhov <dmonakhov@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
This commit is contained in:
Jan Kara
2010-10-19 00:24:21 +02:00
parent a4c18ad2ee
commit 4408ea41c0
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
fs/quota/dquot.c
View File

@@ -1386,6 +1386,9 @@ static void __dquot_initialize(struct inode *inode, int type)
/* Avoid races with quotaoff() */ /* Avoid races with quotaoff() */
if (!sb_has_quota_active(sb, cnt)) if (!sb_has_quota_active(sb, cnt))
continue; continue;
/* We could race with quotaon or dqget() could have failed */
if (!got[cnt])
continue;
if (!inode->i_dquot[cnt]) { if (!inode->i_dquot[cnt]) {
inode->i_dquot[cnt] = got[cnt]; inode->i_dquot[cnt] = got[cnt];
got[cnt] = NULL; got[cnt] = NULL;