|
Jiri Slaby |
b6c063 |
From: Theodore Ts'o <tytso@mit.edu>
|
|
Jiri Slaby |
b6c063 |
Date: Fri, 5 May 2023 22:20:29 -0400
|
|
Jiri Slaby |
b6c063 |
Subject: [PATCH] ext4: improve error recovery code paths in __ext4_remount()
|
|
Jiri Slaby |
b6c063 |
References: bsc#1012628
|
|
Jiri Slaby |
b6c063 |
Patch-mainline: 6.3.3
|
|
Jiri Slaby |
b6c063 |
Git-commit: 4c0b4818b1f636bc96359f7817a2d8bab6370162
|
|
Jiri Slaby |
b6c063 |
|
|
Jiri Slaby |
b6c063 |
commit 4c0b4818b1f636bc96359f7817a2d8bab6370162 upstream.
|
|
Jiri Slaby |
b6c063 |
|
|
Jiri Slaby |
b6c063 |
If there are failures while changing the mount options in
|
|
Jiri Slaby |
b6c063 |
__ext4_remount(), we need to restore the old mount options.
|
|
Jiri Slaby |
b6c063 |
|
|
Jiri Slaby |
b6c063 |
This commit fixes two problem. The first is there is a chance that we
|
|
Jiri Slaby |
b6c063 |
will free the old quota file names before a potential failure leading
|
|
Jiri Slaby |
b6c063 |
to a use-after-free. The second problem addressed in this commit is
|
|
Jiri Slaby |
b6c063 |
if there is a failed read/write to read-only transition, if the quota
|
|
Jiri Slaby |
b6c063 |
has already been suspended, we need to renable quota handling.
|
|
Jiri Slaby |
b6c063 |
|
|
Jiri Slaby |
b6c063 |
Cc: stable@kernel.org
|
|
Jiri Slaby |
b6c063 |
Link: https://lore.kernel.org/r/20230506142419.984260-2-tytso@mit.edu
|
|
Jiri Slaby |
b6c063 |
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
Jiri Slaby |
b6c063 |
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Jiri Slaby |
b6c063 |
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
|
|
Jiri Slaby |
b6c063 |
---
|
|
Jiri Slaby |
b6c063 |
fs/ext4/super.c | 13 ++++++++++---
|
|
Jiri Slaby |
b6c063 |
1 file changed, 10 insertions(+), 3 deletions(-)
|
|
Jiri Slaby |
b6c063 |
|
|
Jiri Slaby |
b6c063 |
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
|
|
Jiri Slaby |
b6c063 |
index 88240a16..d6ac61f4 100644
|
|
Jiri Slaby |
b6c063 |
--- a/fs/ext4/super.c
|
|
Jiri Slaby |
b6c063 |
+++ b/fs/ext4/super.c
|
|
Jiri Slaby |
b6c063 |
@@ -6579,9 +6579,6 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
|
|
Jiri Slaby |
b6c063 |
}
|
|
Jiri Slaby |
b6c063 |
|
|
Jiri Slaby |
b6c063 |
#ifdef CONFIG_QUOTA
|
|
Jiri Slaby |
b6c063 |
- /* Release old quota file names */
|
|
Jiri Slaby |
b6c063 |
- for (i = 0; i < EXT4_MAXQUOTAS; i++)
|
|
Jiri Slaby |
b6c063 |
- kfree(old_opts.s_qf_names[i]);
|
|
Jiri Slaby |
b6c063 |
if (enable_quota) {
|
|
Jiri Slaby |
b6c063 |
if (sb_any_quota_suspended(sb))
|
|
Jiri Slaby |
b6c063 |
dquot_resume(sb, -1);
|
|
Jiri Slaby |
b6c063 |
@@ -6591,6 +6588,9 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
|
|
Jiri Slaby |
b6c063 |
goto restore_opts;
|
|
Jiri Slaby |
b6c063 |
}
|
|
Jiri Slaby |
b6c063 |
}
|
|
Jiri Slaby |
b6c063 |
+ /* Release old quota file names */
|
|
Jiri Slaby |
b6c063 |
+ for (i = 0; i < EXT4_MAXQUOTAS; i++)
|
|
Jiri Slaby |
b6c063 |
+ kfree(old_opts.s_qf_names[i]);
|
|
Jiri Slaby |
b6c063 |
#endif
|
|
Jiri Slaby |
b6c063 |
if (!test_opt(sb, BLOCK_VALIDITY) && sbi->s_system_blks)
|
|
Jiri Slaby |
b6c063 |
ext4_release_system_zone(sb);
|
|
Jiri Slaby |
b6c063 |
@@ -6601,6 +6601,13 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
|
|
Jiri Slaby |
b6c063 |
return 0;
|
|
Jiri Slaby |
b6c063 |
|
|
Jiri Slaby |
b6c063 |
restore_opts:
|
|
Jiri Slaby |
b6c063 |
+ /*
|
|
Jiri Slaby |
b6c063 |
+ * If there was a failing r/w to ro transition, we may need to
|
|
Jiri Slaby |
b6c063 |
+ * re-enable quota
|
|
Jiri Slaby |
b6c063 |
+ */
|
|
Jiri Slaby |
b6c063 |
+ if ((sb->s_flags & SB_RDONLY) && !(old_sb_flags & SB_RDONLY) &&
|
|
Jiri Slaby |
b6c063 |
+ sb_any_quota_suspended(sb))
|
|
Jiri Slaby |
b6c063 |
+ dquot_resume(sb, -1);
|
|
Jiri Slaby |
b6c063 |
sb->s_flags = old_sb_flags;
|
|
Jiri Slaby |
b6c063 |
sbi->s_mount_opt = old_opts.s_mount_opt;
|
|
Jiri Slaby |
b6c063 |
sbi->s_mount_opt2 = old_opts.s_mount_opt2;
|
|
Jiri Slaby |
b6c063 |
--
|
|
Jiri Slaby |
b6c063 |
2.35.3
|
|
Jiri Slaby |
b6c063 |
|