Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2519724pxj; Mon, 10 May 2021 05:05:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzJd7srk1CjR0XM7aBaVNeYSIdVP5d3MFbLt/lub8WspKUHjI8uW/ptPFRBjuiokmDRjVf1 X-Received: by 2002:a05:6e02:13a9:: with SMTP id h9mr9702124ilo.227.1620648325805; Mon, 10 May 2021 05:05:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620648325; cv=none; d=google.com; s=arc-20160816; b=kO0VbhQsrSfBFTgHAYqhsfcVtql9GHEGEiRNGF8Tlu6/4m/1lxljHgC7UT8ArE9H9N 7/sgl4IEpbRpOfWZRZTguKyX3NslnX4Vt2ZD7OHSBX6I91Ckmyxo0ugu7f1jerqkAnsc RBUU2kUGHcMlZUvqfe9DOxd8F8sffZM4zjv5WMySRCr6rZqhsY6ZGs8LKHxk2VsHlYE0 CKD5b3cCRsRCDSmEaW1Dwjy6LXvHnrBQpydSfxYwFXzcSPzFAHQpxlWC+gJ159MpIKGG jXn+vmVwoKy1APzGlyWyubLOtP2ak0Qlzf015Lp8+4OiBgUvJqXRD6ys7/P+fxHC9Ym8 J2uQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=9XKCZVOB0BFLZ1lPlSVmuoEWR7aSHpaQEAGowhA4Gd0=; b=lr2EMWywPc5b4ovMNRkRnRShHdoRV6aZeUosGjCdz1YMEOdaZMoTV0v3+TWvSLg4mZ chGp5n/7hxXrmK/tApvz6oleht0rh3aALA8BIZuWd1CT7/+mw56/NksBRpq1yS6G+1S0 sxZVu72wYNIgoV8jMsLAKxdd+bNp1nKEiuP/ciN+tRicCq8vPhOZWcw319z6ZIeh7xTD zNXgn8WFtrCDxujhEK5xdFsxNq2z5hMTaKHO1Kr55zAYLPacme6m4lAewN7b55ES5YlM AmV4qLOxuF+x9u13t5zUaHZS5JLELTSx6WcE5tKapKxONk/IxNMNMgmi5dGyEH1Lcqx7 3UPw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=qu2Y4sJR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n8si1075763jat.79.2021.05.10.05.05.12; Mon, 10 May 2021 05:05:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=qu2Y4sJR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243700AbhEJL4x (ORCPT + 99 others); Mon, 10 May 2021 07:56:53 -0400 Received: from mail.kernel.org ([198.145.29.99]:44332 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235707AbhEJLFz (ORCPT ); Mon, 10 May 2021 07:05:55 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 07B116145F; Mon, 10 May 2021 10:55:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1620644146; bh=5fA5HRacLtdKHi/l2HsSrYgNzOh+9o/Td1vWYrbgJiQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qu2Y4sJRL+xWsreKXTxch07jvSq6UV1VM34TmonQ5dd1G8T6D2Z3FEi8ecVoPYNqb OSijQi0jCDluXTWwSFkXd+WiMDDDjZLo6Nz7ZpSgPcYRlRwKmr2FMd1R48bDf14IOr vy2BnmmjS4OoBgJNPb2TUjQ7X2WB3p2mkmYtaWRE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, stable@kernel.org, Zhang Yi , Jan Kara , Theodore Tso Subject: [PATCH 5.11 306/342] ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() Date: Mon, 10 May 2021 12:21:36 +0200 Message-Id: <20210510102020.215216284@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210510102010.096403571@linuxfoundation.org> References: <20210510102010.096403571@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Zhang Yi commit 72ffb49a7b623c92a37657eda7cc46a06d3e8398 upstream. When CONFIG_QUOTA is enabled, if we failed to mount the filesystem due to some error happens behind ext4_orphan_cleanup(), it will end up triggering a after free issue of super_block. The problem is that ext4_orphan_cleanup() will set SB_ACTIVE flag if CONFIG_QUOTA is enabled, after we cleanup the truncated inodes, the last iput() will put them into the lru list, and these inodes' pages may probably dirty and will be write back by the writeback thread, so it could be raced by freeing super_block in the error path of mount_bdev(). After check the setting of SB_ACTIVE flag in ext4_orphan_cleanup(), it was used to ensure updating the quota file properly, but evict inode and trash data immediately in the last iput does not affect the quotafile, so setting the SB_ACTIVE flag seems not required[1]. Fix this issue by just remove the SB_ACTIVE setting. [1] https://lore.kernel.org/linux-ext4/99cce8ca-e4a0-7301-840f-2ace67c551f3@huawei.com/T/#m04990cfbc4f44592421736b504afcc346b2a7c00 Cc: stable@kernel.org Signed-off-by: Zhang Yi Tested-by: Jan Kara Reviewed-by: Jan Kara Link: https://lore.kernel.org/r/20210331033138.918975-1-yi.zhang@huawei.com Signed-off-by: Theodore Ts'o Signed-off-by: Greg Kroah-Hartman --- fs/ext4/super.c | 3 --- 1 file changed, 3 deletions(-) --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -3023,9 +3023,6 @@ static void ext4_orphan_cleanup(struct s sb->s_flags &= ~SB_RDONLY; } #ifdef CONFIG_QUOTA - /* Needed for iput() to work correctly and not trash data */ - sb->s_flags |= SB_ACTIVE; - /* * Turn on quotas which were not enabled for read-only mounts if * filesystem has quota feature, so that they are updated correctly.