On Thu, Aug 27, 2015 at 04:27:22PM -0500, Eric Sandeen wrote:
> As the code stands today, if xfs_trans_reserve() fails, we
> goto out_dqrele, which does not free the allocated transaction.
>
> Fix up the goto targets to undo everything properly.
>
> Addresses-Coverity-Id: 145571
> Signed-off-by: Eric Sandeen <sandeen@xxxxxxxxxx>
> ---
Reviewed-by: Brian Foster <bfoster@xxxxxxxxxx>
>
> Full disclosure: build tested only, as these are error paths
> which we don't easily fail...
>
> diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c
> index 766b23f..8294132 100644
> --- a/fs/xfs/xfs_iops.c
> +++ b/fs/xfs/xfs_iops.c
> @@ -609,7 +609,7 @@ xfs_setattr_nonsize(
> tp = xfs_trans_alloc(mp, XFS_TRANS_SETATTR_NOT_SIZE);
> error = xfs_trans_reserve(tp, &M_RES(mp)->tr_ichange, 0, 0);
> if (error)
> - goto out_dqrele;
> + goto out_trans_cancel;
>
> xfs_ilock(ip, XFS_ILOCK_EXCL);
>
> @@ -640,7 +640,7 @@ xfs_setattr_nonsize(
> NULL, capable(CAP_FOWNER) ?
> XFS_QMOPT_FORCE_RES : 0);
> if (error) /* out of quota */
> - goto out_trans_cancel;
> + goto out_unlock;
> }
> }
>
> @@ -729,10 +729,10 @@ xfs_setattr_nonsize(
>
> return 0;
>
> +out_unlock:
> + xfs_iunlock(ip, XFS_ILOCK_EXCL);
> out_trans_cancel:
> xfs_trans_cancel(tp);
> - xfs_iunlock(ip, XFS_ILOCK_EXCL);
> -out_dqrele:
> xfs_qm_dqrele(udqp);
> xfs_qm_dqrele(gdqp);
> return error;
>
> _______________________________________________
> xfs mailing list
> xfs@xxxxxxxxxxx
> http://oss.sgi.com/mailman/listinfo/xfs
|