From: Jan Kara Date: Mon, 18 Oct 2010 22:24:21 +0000 (+0200) Subject: quota: Fix possible oops in __dquot_initialize() X-Git-Tag: upstream/snapshot3+hdmi~12620^2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=4408ea41c0ab4b711d4da44dd954fb06dce6c3f8;p=platform%2Fadaptation%2Frenesas_rcar%2Frenesas_kernel.git quota: Fix possible oops in __dquot_initialize() When quotaon(8) races with __dquot_initialize() or dqget() fails because of EIO, ENOSPC, or similar error, we could possibly dereference NULL pointer in inode->i_dquot[cnt]. Add proper checking. Reported-by: Dmitry Monakhov Signed-off-by: Jan Kara --- diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c index 1bc38f5..0fed41e 100644 --- a/fs/quota/dquot.c +++ b/fs/quota/dquot.c @@ -1386,6 +1386,9 @@ static void __dquot_initialize(struct inode *inode, int type) /* Avoid races with quotaoff() */ if (!sb_has_quota_active(sb, cnt)) continue; + /* We could race with quotaon or dqget() could have failed */ + if (!got[cnt]) + continue; if (!inode->i_dquot[cnt]) { inode->i_dquot[cnt] = got[cnt]; got[cnt] = NULL;