Subject: + ocfs2-fix-possible-double-free-in-ocfs2_write_begin_nolock.patch added to -mm tree
To: xuejiufei@xxxxxxxxxx,jeff.liu@xxxxxxxxxx,jlbec@xxxxxxxxxxxx,mfasheh@xxxxxxxx
From: akpm@xxxxxxxxxxxxxxxxxxxx
Date: Wed, 30 Oct 2013 15:52:36 -0700
The patch titled
Subject: ocfs2: fix possible double free in ocfs2_write_begin_nolock
has been added to the -mm tree. Its filename is
ocfs2-fix-possible-double-free-in-ocfs2_write_begin_nolock.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/ocfs2-fix-possible-double-free-in-ocfs2_write_begin_nolock.patch
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/ocfs2-fix-possible-double-free-in-ocfs2_write_begin_nolock.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/SubmitChecklist when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Xue jiufei <xuejiufei@xxxxxxxxxx>
Subject: ocfs2: fix possible double free in ocfs2_write_begin_nolock
When ocfs2_write_cluster_by_desc() failed in ocfs2_write_begin_nolock()
because of ENOSPC, it goes to out_quota, freeing data_ac(meta_ac). Then
it calls ocfs2_try_to_free_truncate_log() to free space. If enough space
freed, it will try to write again. Unfortunately, some error happenes
before ocfs2_lock_allocators(), it goes to out and free data_ac(meta_ac)
again.
Signed-off-by: joyce <xuejiufei@xxxxxxxxxx>
Reviewed-by: Jie Liu <jeff.liu@xxxxxxxxxx>
Cc: Joel Becker <jlbec@xxxxxxxxxxxx>
Cc: Mark Fasheh <mfasheh@xxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
fs/ocfs2/aops.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff -puN fs/ocfs2/aops.c~ocfs2-fix-possible-double-free-in-ocfs2_write_begin_nolock fs/ocfs2/aops.c
--- a/fs/ocfs2/aops.c~ocfs2-fix-possible-double-free-in-ocfs2_write_begin_nolock
+++ a/fs/ocfs2/aops.c
@@ -1898,10 +1898,14 @@ out_commit:
out:
ocfs2_free_write_ctxt(wc);
- if (data_ac)
+ if (data_ac) {
ocfs2_free_alloc_context(data_ac);
- if (meta_ac)
+ data_ac = NULL;
+ }
+ if (meta_ac) {
ocfs2_free_alloc_context(meta_ac);
+ meta_ac = NULL;
+ }
if (ret == -ENOSPC && try_free) {
/*
_
Patches currently in -mm which might be from xuejiufei@xxxxxxxxxx are
ocfs2-skip-locks-in-the-blocked-list.patch
ocfs2-delay-migration-when-the-lockres-is-in-migration-state.patch
ocfs2-fix-possible-double-free-in-ocfs2_write_begin_nolock.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
