Unverified Commit da51139d authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!14942 fix CVE-2024-57892 

Merge Pull Request from: @ci-robot 
 
PR sync from: Xiangwei Li <liwei728@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/5J7EAGHLYD4OULZMM74NN6U4A72ESHY6/ 
Dennis Lam (1):
  ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv

Joseph Qi (1):
  ocfs2: correct return value of ocfs2_local_free_info()


-- 
2.25.1
 
https://gitee.com/src-openeuler/kernel/issues/IBID30 
 
Link:https://gitee.com/openeuler/kernel/pulls/14942

 

Reviewed-by: default avatarYuan Can <yuancan@huawei.com>
Signed-off-by: default avatarYuan Can <yuancan@huawei.com>
parents 797ab005 12486ef7

fs/ocfs2/quota_global.c

+1 −1
Original line number Diff line number Diff line
@@ -881,7 +881,7 @@ static int ocfs2_get_next_id(struct super_block *sb, struct kqid *qid) 
	int status = 0;



	trace_ocfs2_get_next_id(from_kqid(&init_user_ns, *qid), type);

	if (!sb_has_quota_loaded(sb, type)) {

	if (!sb_has_quota_active(sb, type)) {

		status = -ESRCH;

		goto out;

	}

fs/ocfs2/quota_local.c

+4 −6
Original line number Diff line number Diff line
@@ -811,7 +811,7 @@ static int ocfs2_local_free_info(struct super_block *sb, int type) 
	struct ocfs2_quota_chunk *chunk;

	struct ocfs2_local_disk_chunk *dchunk;

	int mark_clean = 1, len;

	int status;

	int status = 0;



	iput(oinfo->dqi_gqinode);

	ocfs2_simple_drop_lockres(OCFS2_SB(sb), &oinfo->dqi_gqlock);
@@ -853,17 +853,15 @@ static int ocfs2_local_free_info(struct super_block *sb, int type) 
				 oinfo->dqi_libh,

				 olq_update_info,

				 info);

	if (status < 0) {

	if (status < 0)

		mlog_errno(status);

		goto out;

	}



out:

	ocfs2_inode_unlock(sb_dqopt(sb)->files[type], 1);

	brelse(oinfo->dqi_libh);

	brelse(oinfo->dqi_lqi_bh);

	kfree(oinfo);

	return 0;

	info->dqi_priv = NULL;

	return status;

}



static void olq_set_dquot(struct buffer_head *bh, void *private)