]> git.karo-electronics.de Git - karo-tx-linux.git/commitdiff
projects / karo-tx-linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fbdd518)
ocfs2: fix possible double free in ocfs2_write_begin_nolock
authorXue jiufei <xuejiufei@huawei.com>
Tue, 5 Nov 2013 05:55:08 +0000 (16:55 +1100)
committerStephen Rothwell <sfr@canb.auug.org.au>
Tue, 5 Nov 2013 05:55:08 +0000 (16:55 +1100)
When ocfs2_write_cluster_by_desc() failed in ocfs2_write_begin_nolock()
because of ENOSPC, it goes to out_quota, freeing data_ac(meta_ac).  Then
it calls ocfs2_try_to_free_truncate_log() to free space.  If enough space
freed, it will try to write again.  Unfortunately, some error happenes
before ocfs2_lock_allocators(), it goes to out and free data_ac(meta_ac)
again.

Signed-off-by: joyce <xuejiufei@huawei.com>
Reviewed-by: Jie Liu <jeff.liu@oracle.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Mark Fasheh <mfasheh@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
fs/ocfs2/aops.c patch | blob | history

diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c
index c20360002f291b22d7cb72761316aff2797a85c3..f959a1532767ffe80c12854aa2613903e2e3f9d2 100644 (file)
--- a/fs/ocfs2/aops.c
+++ b/fs/ocfs2/aops.c
@@ -1898,10 +1898,14 @@ out_commit:
 out:
        ocfs2_free_write_ctxt(wc);
 
-       if (data_ac)
+       if (data_ac) {
                ocfs2_free_alloc_context(data_ac);
-       if (meta_ac)
+               data_ac = NULL;
+       }
+       if (meta_ac) {
                ocfs2_free_alloc_context(meta_ac);
+               meta_ac = NULL;
+       }
 
        if (ret == -ENOSPC && try_free) {
                /*
Linux kernel for KaRo TX COM modules