Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 37302d4c authored by Theodore Ts'o's avatar Theodore Ts'o Committed by Greg Kroah-Hartman
Browse files

ext4: improve error recovery code paths in __ext4_remount() 

commit 4c0b4818b1f636bc96359f7817a2d8bab6370162 upstream.

If there are failures while changing the mount options in
__ext4_remount(), we need to restore the old mount options.

This commit fixes two problem.  The first is there is a chance that we
will free the old quota file names before a potential failure leading
to a use-after-free.  The second problem addressed in this commit is
if there is a failed read/write to read-only transition, if the quota
has already been suspended, we need to renable quota handling.

Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20230506142419.984260-2-tytso@mit.edu


Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent a733c466

fs/ext4/super.c

+10 −3
Original line number Diff line number Diff line
@@ -5501,9 +5501,6 @@ static int ext4_remount(struct super_block *sb, int *flags, char *data) 
	}



#ifdef CONFIG_QUOTA

	/* Release old quota file names */

	for (i = 0; i < EXT4_MAXQUOTAS; i++)

		kfree(old_opts.s_qf_names[i]);

	if (enable_quota) {

		if (sb_any_quota_suspended(sb))

			dquot_resume(sb, -1);
@@ -5513,6 +5510,9 @@ static int ext4_remount(struct super_block *sb, int *flags, char *data) 
				goto restore_opts;

		}

	}

	/* Release old quota file names */

	for (i = 0; i < EXT4_MAXQUOTAS; i++)

		kfree(old_opts.s_qf_names[i]);

#endif

	if (!test_opt(sb, BLOCK_VALIDITY) && sbi->system_blks)

		ext4_release_system_zone(sb);
@@ -5529,6 +5529,13 @@ static int ext4_remount(struct super_block *sb, int *flags, char *data) 
	return 0;



restore_opts:

	/*

	 * If there was a failing r/w to ro transition, we may need to

	 * re-enable quota

	 */

	if ((sb->s_flags & SB_RDONLY) && !(old_sb_flags & SB_RDONLY) &&

	    sb_any_quota_suspended(sb))

		dquot_resume(sb, -1);

	sb->s_flags = old_sb_flags;

	sbi->s_mount_opt = old_opts.s_mount_opt;

	sbi->s_mount_opt2 = old_opts.s_mount_opt2;