quota: Fix possible oops in __dquot_initialize()

When quotaon(8) races with __dquot_initialize() or dqget() fails because of EIO, ENOSPC, or similar error, we could possibly dereference NULL pointer in inode->i_dquot[cnt]. Add proper checking. Reported-by: Dmitry Monakhov <dmonakhov@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
mariux64 · Oct 27, 2010 · 4408ea4 · 4408ea4
1 parent a4c18ad
commit 4408ea4
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
@@ -1386,6 +1386,9 @@ static void __dquot_initialize(struct inode *inode, int type)
 		/* Avoid races with quotaoff() */
 		if (!sb_has_quota_active(sb, cnt))
 			continue;
+		/* We could race with quotaon or dqget() could have failed */
+		if (!got[cnt])
+			continue;
 		if (!inode->i_dquot[cnt]) {
 			inode->i_dquot[cnt] = got[cnt];
 			got[cnt] = NULL;