From: Xue jiufei <xuejiufei@huawei.com>
Date: Tue, 12 Nov 2013 23:07:06 +0000 (-0800)
Subject: ocfs2: fix possible double free in ocfs2_write_begin_nolock
X-Git-Tag: firefly_0821_release~176^2~4993^2~249
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=b1214e4757b7d5fcea483b927e130361d41430a5;p=firefly-linux-kernel-4.4.55.git

ocfs2: fix possible double free in ocfs2_write_begin_nolock

When ocfs2_write_cluster_by_desc() failed in ocfs2_write_begin_nolock()
because of ENOSPC, it goes to out_quota, freeing data_ac(meta_ac).  Then
it calls ocfs2_try_to_free_truncate_log() to free space.  If enough
space freed, it will try to write again.  Unfortunately, some error
happenes before ocfs2_lock_allocators(), it goes to out and free
data_ac(meta_ac) again.

Signed-off-by: joyce <xuejiufei@huawei.com>
Reviewed-by: Jie Liu <jeff.liu@oracle.com>
Acked-by: Joel Becker <jlbec@evilplan.org>
Cc: Mark Fasheh <mfasheh@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---

diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c
index c20360002f29..f959a1532767 100644
--- a/fs/ocfs2/aops.c
+++ b/fs/ocfs2/aops.c
@@ -1898,10 +1898,14 @@ out_commit:
 out:
 	ocfs2_free_write_ctxt(wc);
 
-	if (data_ac)
+	if (data_ac) {
 		ocfs2_free_alloc_context(data_ac);
-	if (meta_ac)
+		data_ac = NULL;
+	}
+	if (meta_ac) {
 		ocfs2_free_alloc_context(meta_ac);
+		meta_ac = NULL;
+	}
 
 	if (ret == -ENOSPC && try_free) {
 		/*