ext4: don't use kfree() on rcu protected pointer sbi->s_qf_names
During ext4 mount api rework the commite6e268cb68
("ext4: move quota configuration out of handle_mount_opt()") introduced a bug where we would kfree(sbi->s_qf_names[i]) before assigning the new quota name in ext4_apply_quota_options(). This is wrong because we're using kfree() on rcu prointer that could be simultaneously accessed from ext4_show_quota_options() during remount. Fix it by using rcu_replace_pointer() to replace the old qname with the new one and then kfree_rcu() the old quota name. Also use get_qf_name() instead of sbi->s_qf_names in strcmp() to silence the sparse warning. Fixes:e6e268cb68
("ext4: move quota configuration out of handle_mount_opt()") Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Lukas Czerner <lczerner@redhat.com> Link: https://lore.kernel.org/r/20220104143518.134465-1-lczerner@redhat.com Signed-off-by: Theodore Ts'o <tytso@mit.edu>
This commit is contained in:
parent
173b6e383d
commit
13b215a9e6
@ -2636,8 +2636,10 @@ static void ext4_apply_quota_options(struct fs_context *fc,
|
||||
|
||||
qname = ctx->s_qf_names[i]; /* May be NULL */
|
||||
ctx->s_qf_names[i] = NULL;
|
||||
kfree(sbi->s_qf_names[i]);
|
||||
rcu_assign_pointer(sbi->s_qf_names[i], qname);
|
||||
qname = rcu_replace_pointer(sbi->s_qf_names[i], qname,
|
||||
lockdep_is_held(&sb->s_umount));
|
||||
if (qname)
|
||||
kfree_rcu(qname);
|
||||
set_opt(sb, QUOTA);
|
||||
}
|
||||
}
|
||||
@ -2691,7 +2693,7 @@ static int ext4_check_quota_consistency(struct fs_context *fc,
|
||||
goto err_jquota_change;
|
||||
|
||||
if (sbi->s_qf_names[i] && ctx->s_qf_names[i] &&
|
||||
strcmp(sbi->s_qf_names[i],
|
||||
strcmp(get_qf_name(sb, sbi, i),
|
||||
ctx->s_qf_names[i]) != 0)
|
||||
goto err_jquota_specified;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user