Commit c4eadeb7 authored by Herbert Pötzl's avatar Herbert Pötzl Committed by Linus Torvalds

[PATCH] fix ext3 quota allocation bug on error path ...

looking at ext3_xattr_block_set() [fs/ext3/xattr.c] ...
I see that

                                error = -EDQUOT;
                                if (DQUOT_ALLOC_BLOCK(inode, 1))
                                        goto cleanup;

allocates a quota block, but right after that several
error echecks happen ...

                                if (error)
                                        goto cleanup;

and I don't see any DQUOT_FREE_BLOCK() in the errorpath

cleanup:
        if (ce)
                mb_cache_entry_release(ce);
        brelse(new_bh); 
        if (!(bs->bh && s->base == bs->bh->b_data))
                kfree(s->base);

        return error;

I'd suggest the attached fix.
Acked-by: default avatarJan Kara <jack@suse.cz>
Acked-by: default avatarAndreas Gruenbacher <agruen@suse.de>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 9a6008b6
...@@ -771,7 +771,7 @@ ext3_xattr_block_set(handle_t *handle, struct inode *inode, ...@@ -771,7 +771,7 @@ ext3_xattr_block_set(handle_t *handle, struct inode *inode,
error = ext3_journal_get_write_access(handle, error = ext3_journal_get_write_access(handle,
new_bh); new_bh);
if (error) if (error)
goto cleanup; goto cleanup_dquot;
lock_buffer(new_bh); lock_buffer(new_bh);
BHDR(new_bh)->h_refcount = cpu_to_le32(1 + BHDR(new_bh)->h_refcount = cpu_to_le32(1 +
le32_to_cpu(BHDR(new_bh)->h_refcount)); le32_to_cpu(BHDR(new_bh)->h_refcount));
...@@ -781,7 +781,7 @@ ext3_xattr_block_set(handle_t *handle, struct inode *inode, ...@@ -781,7 +781,7 @@ ext3_xattr_block_set(handle_t *handle, struct inode *inode,
error = ext3_journal_dirty_metadata(handle, error = ext3_journal_dirty_metadata(handle,
new_bh); new_bh);
if (error) if (error)
goto cleanup; goto cleanup_dquot;
} }
mb_cache_entry_release(ce); mb_cache_entry_release(ce);
ce = NULL; ce = NULL;
...@@ -841,6 +841,10 @@ ext3_xattr_block_set(handle_t *handle, struct inode *inode, ...@@ -841,6 +841,10 @@ ext3_xattr_block_set(handle_t *handle, struct inode *inode,
return error; return error;
cleanup_dquot:
DQUOT_FREE_BLOCK(inode, 1);
goto cleanup;
bad_block: bad_block:
ext3_error(inode->i_sb, __FUNCTION__, ext3_error(inode->i_sb, __FUNCTION__,
"inode %ld: bad block %d", inode->i_ino, "inode %ld: bad block %d", inode->i_ino,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment