Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp86390pxf; Tue, 30 Mar 2021 20:25:11 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxXC4vaotQ3NHMSJQyI4vGI/3aHr4F+oZNgCfThDLtOPGlzfoGWd6Mqg7absP6qp1UdED83 X-Received: by 2002:a17:906:1386:: with SMTP id f6mr1261654ejc.45.1617161111631; Tue, 30 Mar 2021 20:25:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617161111; cv=none; d=google.com; s=arc-20160816; b=hCu8DXAwmCBXp1mEED9cCdl3HvAn8tKTfZFX+ABUQbgNCD6wsF37i7Y/xQdfgmhR4g bbOoyS3C3vx0Z43vVIVSB3oH88bl4WZyT+eUGAhLEs4b+YC2H2d0xQVKeS2mJGHOl5jF trrQMLi0LKUIgJkBBkHQvIWXhV+hfaGyGD92sDXNDCxE8eoMrHnVYF6eqZy070tIJFcZ fvsxc9I56WoDJ9CzIRZyt/xBQ5eqXPxj5bPBy0R+YfelY0Ev5iFhqS+ZCk3FBvWCU7ui vF2glsBWnXTa9JHz9/j1Z8Aju5hQAsbU2C6f4FceCL8xrEMpTQ97WxH5MKAv9iJxCskt JfTQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=sGSB+CiPSxDzifHrM2rgsdlu8s2hhr4irp3ahMlMKIM=; b=ABv72y0x6XCJpW0gVMDKXjf7lP3cXpu9k86VJVASp2dHa5jzq6yVau5VDYUdbaA/5b eFd/JBR1ysQn5DccfPLSFZ9ITanXTv9CjNv0AjKt4+6v8urwOKtBDqPfJmmWs+CB7Zu/ EoL/atkl6NpScNEHR5SXU+JnxslYBosdGFozctAo6bO/rdgSDrd2I7BVJGWJ6Asy6wEu eGf9dB4a74SkVnzrnUp5R/xIqk2xdvh7NRPgwKjCNQrV7yqpvmzjA/d3lcSm2Xa9BytS EE1fpflYQVvYV/x0WtsMPaYHGC7uvYk7ZKq7EUXYqS0LRCPHOchZbsQYrkaxgbdy+APH zejQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g7si681753edb.286.2021.03.30.20.24.47; Tue, 30 Mar 2021 20:25:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=huawei.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232805AbhCaDYF (ORCPT + 99 others); Tue, 30 Mar 2021 23:24:05 -0400 Received: from szxga04-in.huawei.com ([45.249.212.190]:14650 "EHLO szxga04-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233473AbhCaDXu (ORCPT ); Tue, 30 Mar 2021 23:23:50 -0400 Received: from DGGEMS408-HUB.china.huawei.com (unknown [172.30.72.58]) by szxga04-in.huawei.com (SkyGuard) with ESMTP id 4F9BRT708fznVqS; Wed, 31 Mar 2021 11:21:09 +0800 (CST) Received: from huawei.com (10.175.127.227) by DGGEMS408-HUB.china.huawei.com (10.3.19.208) with Microsoft SMTP Server id 14.3.498.0; Wed, 31 Mar 2021 11:23:38 +0800 From: Zhang Yi To: CC: , , , Subject: [PATCH] ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() Date: Wed, 31 Mar 2021 11:31:38 +0800 Message-ID: <20210331033138.918975-1-yi.zhang@huawei.com> X-Mailer: git-send-email 2.25.4 MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-Originating-IP: [10.175.127.227] X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org When CONFIG_QUOTA is enabled, if we failed to mount the filesystem due to some error happens behind ext4_orphan_cleanup(), it will end up triggering a after free issue of super_block. The problem is that ext4_orphan_cleanup() will set SB_ACTIVE flag if CONFIG_QUOTA is enabled, after we cleanup the truncated inodes, the last iput() will put them into the lru list, and these inodes' pages may probably dirty and will be write back by the writeback thread, so it could be raced by freeing super_block in the error path of mount_bdev(). After check the setting of SB_ACTIVE flag in ext4_orphan_cleanup(), it was used to ensure updating the quota file properly, but evict inode and trash data immediately in the last iput does not affect the quotafile, so setting the SB_ACTIVE flag seems not required[1]. Fix this issue by just remove the SB_ACTIVE setting. [1] https://lore.kernel.org/linux-ext4/99cce8ca-e4a0-7301-840f-2ace67c551f3@huawei.com/T/#m04990cfbc4f44592421736b504afcc346b2a7c00 Signed-off-by: Zhang Yi Tested-by: Jan Kara --- fs/ext4/super.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/fs/ext4/super.c b/fs/ext4/super.c index b9693680463a..2a33c53b57d8 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -3023,9 +3023,6 @@ static void ext4_orphan_cleanup(struct super_block *sb, sb->s_flags &= ~SB_RDONLY; } #ifdef CONFIG_QUOTA - /* Needed for iput() to work correctly and not trash data */ - sb->s_flags |= SB_ACTIVE; - /* * Turn on quotas which were not enabled for read-only mounts if * filesystem has quota feature, so that they are updated correctly. -- 2.25.4