From 15512377bd971ecc86f2eab40b841b265b5043de Mon Sep 17 00:00:00 2001 From: Jan Kara Date: Fri, 9 Jun 2017 11:56:06 +0200 Subject: quota: Fix possible corruption of dqi_flags dqi_flags modifications are protected by dq_data_lock. However the modifications in vfs_load_quota_inode() and in mark_info_dirty() were not which could lead to corruption of dqi_flags. Since modifications to dqi_flags are rare, this is hard to observe in practice but in theory it could happen. Fix the problem by always using dq_data_lock for protection. Signed-off-by: Jan Kara --- fs/quota/dquot.c | 9 +++++++-- fs/quota/quota_v1.c | 4 +++- 2 files changed, 10 insertions(+), 3 deletions(-) (limited to 'fs') diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c index 5e77c4da69a6..e1a155e8db15 100644 --- a/fs/quota/dquot.c +++ b/fs/quota/dquot.c @@ -389,7 +389,9 @@ static inline int clear_dquot_dirty(struct dquot *dquot) void mark_info_dirty(struct super_block *sb, int type) { - set_bit(DQF_INFO_DIRTY_B, &sb_dqopt(sb)->info[type].dqi_flags); + spin_lock(&dq_data_lock); + sb_dqopt(sb)->info[type].dqi_flags |= DQF_INFO_DIRTY; + spin_unlock(&dq_data_lock); } EXPORT_SYMBOL(mark_info_dirty); @@ -2316,8 +2318,11 @@ static int vfs_load_quota_inode(struct inode *inode, int type, int format_id, error = dqopt->ops[type]->read_file_info(sb, type); if (error < 0) goto out_file_init; - if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) + if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) { + spin_lock(&dq_data_lock); dqopt->info[type].dqi_flags |= DQF_SYS_FILE; + spin_unlock(&dq_data_lock); + } spin_lock(&dq_state_lock); dqopt->flags |= dquot_state_flag(flags, type); spin_unlock(&dq_state_lock); diff --git a/fs/quota/quota_v1.c b/fs/quota/quota_v1.c index b2d8e04e567a..7ac5298aba70 100644 --- a/fs/quota/quota_v1.c +++ b/fs/quota/quota_v1.c @@ -189,7 +189,6 @@ static int v1_write_file_info(struct super_block *sb, int type) int ret; down_write(&dqopt->dqio_sem); - dqopt->info[type].dqi_flags &= ~DQF_INFO_DIRTY; ret = sb->s_op->quota_read(sb, type, (char *)&dqblk, sizeof(struct v1_disk_dqblk), v1_dqoff(0)); if (ret != sizeof(struct v1_disk_dqblk)) { @@ -197,8 +196,11 @@ static int v1_write_file_info(struct super_block *sb, int type) ret = -EIO; goto out; } + spin_lock(&dq_data_lock); + dqopt->info[type].dqi_flags &= ~DQF_INFO_DIRTY; dqblk.dqb_itime = dqopt->info[type].dqi_igrace; dqblk.dqb_btime = dqopt->info[type].dqi_bgrace; + spin_unlock(&dq_data_lock); ret = sb->s_op->quota_write(sb, type, (char *)&dqblk, sizeof(struct v1_disk_dqblk), v1_dqoff(0)); if (ret == sizeof(struct v1_disk_dqblk)) -- cgit v1.2.1