From: Jan Kara <jack@suse.cz>
To: Dmitry Monakhov <dmonakhov@openvz.org>
Cc: Jan Kara <jack@suse.cz>, linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH] quota: workaround IO errors on dquot_initialize
Date: Tue, 19 Oct 2010 00:33:33 +0200 [thread overview]
Message-ID: <20101018223333.GB30303@quack.suse.cz> (raw)
In-Reply-To: <AANLkTinr-5SB5pqP9vg0m1Yma3Q5io+3zFOG+uXLB6js@mail.gmail.com>
> From 79d9128c551b3d452cbc788553b70dbf200f2a04 Mon Sep 17 00:00:00 2001
> From: Dmitry Monakhov <dmonakhov@gmail.com>
> Date: Sun, 10 Oct 2010 00:48:28 +0400
> Subject: [PATCH] quota: workaround IO errors on dquot_initialize
>
> Due to IO errors we may not have dquot object.
This can happen also when quotaon() races with __dquot_initialize...
> ---
> fs/quota/dquot.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
> index 5b262d3..e0f2924 100644
> --- a/fs/quota/dquot.c
> +++ b/fs/quota/dquot.c
> @@ -1394,7 +1394,7 @@ static void __dquot_initialize(struct inode *inode, int type)
> * did a write before quota was turned on
> */
> rsv = inode_get_rsv_space(inode);
> - if (unlikely(rsv))
> + if (unlikely(rsv && got[cnt]))
We should check inode->i_dquot[cnt] instead because got[cnt] just got zeroed
three lines above... In the end I have the following patch:
commit 5ccc70ff4af855a85d7f1d7c843a6eea10693329
Author: Jan Kara <jack@suse.cz>
Date: Tue Oct 19 00:24:21 2010 +0200
quota: Fix possible oops in __dquot_initialize()
When quotaon(8) races with __dquot_initialize() or dqget() fails because
of EIO, ENOSPC, or similar error, we could possibly dereference NULL pointer
in inode->i_dquot[cnt]. Add proper checking.
Reported-by: Dmitry Monakhov <dmonakhov@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
index 1bc38f5..08b1493 100644
--- a/fs/quota/dquot.c
+++ b/fs/quota/dquot.c
@@ -1386,6 +1386,9 @@ static void __dquot_initialize(struct inode *inode, int type)
/* Avoid races with quotaoff() */
if (!sb_has_quota_active(sb, cnt))
continue;
+ /* We could race with quotaon or dqget() could have failed */
+ if (!got[cnt])
+ continue;
if (!inode->i_dquot[cnt]) {
inode->i_dquot[cnt] = got[cnt];
got[cnt] = NULL;
Honza
--
Jan Kara <jack@suse.cz>
SUSE Labs, CR
prev parent reply other threads:[~2010-10-18 22:34 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-11 16:49 [PATCH] quota: workaround IO errors on dquot_initialize Dmitry Monakhov
2010-10-18 22:33 ` Jan Kara [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101018223333.GB30303@quack.suse.cz \
--to=jack@suse.cz \
--cc=dmonakhov@openvz.org \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).