Commit 13b215a9 authored by Lukas Czerner's avatar Lukas Czerner Committed by Theodore Ts'o

ext4: don't use kfree() on rcu protected pointer sbi->s_qf_names

During ext4 mount api rework the commit e6e268cb ("ext4: move quota
configuration out of handle_mount_opt()") introduced a bug where we
would kfree(sbi->s_qf_names[i]) before assigning the new quota name in
ext4_apply_quota_options().

This is wrong because we're using kfree() on rcu prointer that could be
simultaneously accessed from ext4_show_quota_options() during remount.
Fix it by using rcu_replace_pointer() to replace the old qname with the
new one and then kfree_rcu() the old quota name.

Also use get_qf_name() instead of sbi->s_qf_names in strcmp() to silence
the sparse warning.

Fixes: e6e268cb ("ext4: move quota configuration out of handle_mount_opt()")
Reported-by: default avatarkernel test robot <lkp@intel.com>
Signed-off-by: default avatarLukas Czerner <lczerner@redhat.com>
Link: https://lore.kernel.org/r/20220104143518.134465-1-lczerner@redhat.comSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
parent 173b6e38
...@@ -2636,8 +2636,10 @@ static void ext4_apply_quota_options(struct fs_context *fc, ...@@ -2636,8 +2636,10 @@ static void ext4_apply_quota_options(struct fs_context *fc,
qname = ctx->s_qf_names[i]; /* May be NULL */ qname = ctx->s_qf_names[i]; /* May be NULL */
ctx->s_qf_names[i] = NULL; ctx->s_qf_names[i] = NULL;
kfree(sbi->s_qf_names[i]); qname = rcu_replace_pointer(sbi->s_qf_names[i], qname,
rcu_assign_pointer(sbi->s_qf_names[i], qname); lockdep_is_held(&sb->s_umount));
if (qname)
kfree_rcu(qname);
set_opt(sb, QUOTA); set_opt(sb, QUOTA);
} }
} }
...@@ -2691,7 +2693,7 @@ static int ext4_check_quota_consistency(struct fs_context *fc, ...@@ -2691,7 +2693,7 @@ static int ext4_check_quota_consistency(struct fs_context *fc,
goto err_jquota_change; goto err_jquota_change;
if (sbi->s_qf_names[i] && ctx->s_qf_names[i] && if (sbi->s_qf_names[i] && ctx->s_qf_names[i] &&
strcmp(sbi->s_qf_names[i], strcmp(get_qf_name(sb, sbi, i),
ctx->s_qf_names[i]) != 0) ctx->s_qf_names[i]) != 0)
goto err_jquota_specified; goto err_jquota_specified;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment