提交 15512377 编写于 作者: J Jan Kara

quota: Fix possible corruption of dqi_flags

dqi_flags modifications are protected by dq_data_lock. However the
modifications in vfs_load_quota_inode() and in mark_info_dirty() were
not which could lead to corruption of dqi_flags. Since modifications to
dqi_flags are rare, this is hard to observe in practice but in theory it
could happen. Fix the problem by always using dq_data_lock for
protection.
Signed-off-by: NJan Kara <jack@suse.cz>
上级 f98bbe37
...@@ -389,7 +389,9 @@ static inline int clear_dquot_dirty(struct dquot *dquot) ...@@ -389,7 +389,9 @@ static inline int clear_dquot_dirty(struct dquot *dquot)
void mark_info_dirty(struct super_block *sb, int type) void mark_info_dirty(struct super_block *sb, int type)
{ {
set_bit(DQF_INFO_DIRTY_B, &sb_dqopt(sb)->info[type].dqi_flags); spin_lock(&dq_data_lock);
sb_dqopt(sb)->info[type].dqi_flags |= DQF_INFO_DIRTY;
spin_unlock(&dq_data_lock);
} }
EXPORT_SYMBOL(mark_info_dirty); EXPORT_SYMBOL(mark_info_dirty);
...@@ -2316,8 +2318,11 @@ static int vfs_load_quota_inode(struct inode *inode, int type, int format_id, ...@@ -2316,8 +2318,11 @@ static int vfs_load_quota_inode(struct inode *inode, int type, int format_id,
error = dqopt->ops[type]->read_file_info(sb, type); error = dqopt->ops[type]->read_file_info(sb, type);
if (error < 0) if (error < 0)
goto out_file_init; goto out_file_init;
if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) {
spin_lock(&dq_data_lock);
dqopt->info[type].dqi_flags |= DQF_SYS_FILE; dqopt->info[type].dqi_flags |= DQF_SYS_FILE;
spin_unlock(&dq_data_lock);
}
spin_lock(&dq_state_lock); spin_lock(&dq_state_lock);
dqopt->flags |= dquot_state_flag(flags, type); dqopt->flags |= dquot_state_flag(flags, type);
spin_unlock(&dq_state_lock); spin_unlock(&dq_state_lock);
......
...@@ -189,7 +189,6 @@ static int v1_write_file_info(struct super_block *sb, int type) ...@@ -189,7 +189,6 @@ static int v1_write_file_info(struct super_block *sb, int type)
int ret; int ret;
down_write(&dqopt->dqio_sem); down_write(&dqopt->dqio_sem);
dqopt->info[type].dqi_flags &= ~DQF_INFO_DIRTY;
ret = sb->s_op->quota_read(sb, type, (char *)&dqblk, ret = sb->s_op->quota_read(sb, type, (char *)&dqblk,
sizeof(struct v1_disk_dqblk), v1_dqoff(0)); sizeof(struct v1_disk_dqblk), v1_dqoff(0));
if (ret != sizeof(struct v1_disk_dqblk)) { if (ret != sizeof(struct v1_disk_dqblk)) {
...@@ -197,8 +196,11 @@ static int v1_write_file_info(struct super_block *sb, int type) ...@@ -197,8 +196,11 @@ static int v1_write_file_info(struct super_block *sb, int type)
ret = -EIO; ret = -EIO;
goto out; goto out;
} }
spin_lock(&dq_data_lock);
dqopt->info[type].dqi_flags &= ~DQF_INFO_DIRTY;
dqblk.dqb_itime = dqopt->info[type].dqi_igrace; dqblk.dqb_itime = dqopt->info[type].dqi_igrace;
dqblk.dqb_btime = dqopt->info[type].dqi_bgrace; dqblk.dqb_btime = dqopt->info[type].dqi_bgrace;
spin_unlock(&dq_data_lock);
ret = sb->s_op->quota_write(sb, type, (char *)&dqblk, ret = sb->s_op->quota_write(sb, type, (char *)&dqblk,
sizeof(struct v1_disk_dqblk), v1_dqoff(0)); sizeof(struct v1_disk_dqblk), v1_dqoff(0));
if (ret == sizeof(struct v1_disk_dqblk)) if (ret == sizeof(struct v1_disk_dqblk))
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册