xfs: fix double IRELE in xfs_dqrele_inode

xfs_dqrele_inode calls xfs_iput to release the ilock and a reference
and then also calls IRELE which does a second decrement of the reference
count.  This leads to a premature freeing of inodes when quotas were turned
off while the filesystem was mounted.

Thanks to Utako Kusaka for reporting the bug and provinding a good testcase.

Signed-off-by: Christoph Hellwig <[email protected]>
Reported-by: Utako Kusaka <[email protected]>
Reviewed-by: Alex Elder <[email protected]>
Signed-off-by: Alex Elder <[email protected]>

diff --git a/fs/xfs/quota/xfs_qm_syscalls.c b/fs/xfs/quota/xfs_qm_syscalls.c
index 4e4276b956e8c5f925490dec8e4dfb320ed071a2..5d1a3b98a6e68875a47dc283483a9be376cdce42 100644 (file)
--- a/fs/xfs/quota/xfs_qm_syscalls.c
+++ b/fs/xfs/quota/xfs_qm_syscalls.c
@@ -876,7 +876,6 @@ xfs_dqrele_inode(
                ip->i_gdquot = NULL;
        }
        xfs_iput(ip, XFS_ILOCK_EXCL);
-       IRELE(ip);
 
        return 0;
 }