While the order of writing to the shutdown and read-only flags has been
enforced by a write memory barrier, the read side in remount does not
have a pairing read barrier.
In the event of a fs forced shutdown remounting as read-only,
remounting it again as read-write can succeed when the flag reads are
reordered such that sb_rdonly() returns true and
ext4_forced_shutdown() returns false.
Commit 4418e14112e3 ("ext4: Fix fsync error handling after filesystem
abort") has added the other barriers related to these two flags but
seems to have missed this one.
Signed-off-by: Fanqi Yu <fanqi.yu@xxxxxxxxxxxx>
---
fs/ext4/super.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 044135796f2b..c5d3f8969dec 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -6542,6 +6542,13 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
flush_work(&sbi->s_sb_upd_work);
if ((bool)(fc->sb_flags & SB_RDONLY) != sb_rdonly(sb)) {
+
+ /*
+ * Make sure we read the updated s_ext4_flags.
+ * Pairs with smp_wmb() in ext4_handle_error().
+ */
+ smp_rmb();
+
if (ext4_forced_shutdown(sb)) {
err = -EROFS;
goto restore_opts;
--
2.34.1
