https://bugzilla.kernel.org/show_bug.cgi?id=219254 Bug ID: 219254 Summary: Missing memory barrier in __ext4_remount for checking ext4_forced_shutdown Product: File System Version: 2.5 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P3 Component: ext4 Assignee: fs_ext4@xxxxxxxxxxxxxxxxxxxx Reporter: fanqi.yu@xxxxxxxxxxxx Regression: No Hi, In other places of the kernel, accesses to SB_RDONLY and EXT4_FLAGS_SHUTDOWN are ordered by smp_wmb() for writes and smp_rmb() for reads: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4418e14112e3ca85e8492a4489a3552b0cc526a8 There seems to be a missing smp_rmb() here between sb_rdonly(sb) and ext4_forced_shutdown(sb): https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/fs/ext4/super.c?h=v6.11-rc7#n6506 The affected scenario: Normally a remount-ro-after-error file system would not be able to be remounted as rw again because the ext4_forced_shutdown(sb) check will return -EROFS. On a relaxed memory architecture, it is possible to see ext4_forced_shutdown(sb) as false despite sb_rdonly(sb) being true (i.e. the write to EXT4_FLAGS_SHUTDOWN not being propagated in time to the reader). __ext4_remount therefore misses the shutdown check and can remount the fs as rw without giving any errors. I am not sure about the severity of this but it is probably something hard to find otherwise so I thought it might be useful to share it here and see what you guys think. Thank you very much for your time! -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug.
