From b6c063ca780b747885a15c5f1b97df46815c249d Mon Sep 17 00:00:00 2001 From: Jiri Slaby Date: May 17 2023 19:16:07 +0000 Subject: ext4: improve error recovery code paths in __ext4_remount() (bsc#1012628). --- diff --git a/patches.kernel.org/6.3.3-231-ext4-improve-error-recovery-code-paths-in-__ext.patch b/patches.kernel.org/6.3.3-231-ext4-improve-error-recovery-code-paths-in-__ext.patch new file mode 100644 index 0000000..97412d0 --- /dev/null +++ b/patches.kernel.org/6.3.3-231-ext4-improve-error-recovery-code-paths-in-__ext.patch @@ -0,0 +1,68 @@ +From: Theodore Ts'o +Date: Fri, 5 May 2023 22:20:29 -0400 +Subject: [PATCH] ext4: improve error recovery code paths in __ext4_remount() +References: bsc#1012628 +Patch-mainline: 6.3.3 +Git-commit: 4c0b4818b1f636bc96359f7817a2d8bab6370162 + +commit 4c0b4818b1f636bc96359f7817a2d8bab6370162 upstream. + +If there are failures while changing the mount options in +__ext4_remount(), we need to restore the old mount options. + +This commit fixes two problem. The first is there is a chance that we +will free the old quota file names before a potential failure leading +to a use-after-free. The second problem addressed in this commit is +if there is a failed read/write to read-only transition, if the quota +has already been suspended, we need to renable quota handling. + +Cc: stable@kernel.org +Link: https://lore.kernel.org/r/20230506142419.984260-2-tytso@mit.edu +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Jiri Slaby +--- + fs/ext4/super.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/fs/ext4/super.c b/fs/ext4/super.c +index 88240a16..d6ac61f4 100644 +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -6579,9 +6579,6 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb) + } + + #ifdef CONFIG_QUOTA +- /* Release old quota file names */ +- for (i = 0; i < EXT4_MAXQUOTAS; i++) +- kfree(old_opts.s_qf_names[i]); + if (enable_quota) { + if (sb_any_quota_suspended(sb)) + dquot_resume(sb, -1); +@@ -6591,6 +6588,9 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb) + goto restore_opts; + } + } ++ /* Release old quota file names */ ++ for (i = 0; i < EXT4_MAXQUOTAS; i++) ++ kfree(old_opts.s_qf_names[i]); + #endif + if (!test_opt(sb, BLOCK_VALIDITY) && sbi->s_system_blks) + ext4_release_system_zone(sb); +@@ -6601,6 +6601,13 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb) + return 0; + + restore_opts: ++ /* ++ * If there was a failing r/w to ro transition, we may need to ++ * re-enable quota ++ */ ++ if ((sb->s_flags & SB_RDONLY) && !(old_sb_flags & SB_RDONLY) && ++ sb_any_quota_suspended(sb)) ++ dquot_resume(sb, -1); + sb->s_flags = old_sb_flags; + sbi->s_mount_opt = old_opts.s_mount_opt; + sbi->s_mount_opt2 = old_opts.s_mount_opt2; +-- +2.35.3 + diff --git a/series.conf b/series.conf index 76f54c8..ccc17e3 100644 --- a/series.conf +++ b/series.conf @@ -964,6 +964,7 @@ patches.kernel.org/6.3.3-228-ext4-fix-data-races-when-using-cached-status-ex.patch patches.kernel.org/6.3.3-229-ext4-avoid-deadlock-in-fs-reclaim-with-page-wri.patch patches.kernel.org/6.3.3-230-ext4-check-iomap-type-only-if-ext4_iomap_begin-.patch + patches.kernel.org/6.3.3-231-ext4-improve-error-recovery-code-paths-in-__ext.patch ######################################################## # Build fixes that apply to the vanilla kernel too.