On Aug 16, 2017, at 9:41 AM, Jan Kara <jack@xxxxxxx> wrote:
>
> dqi_flags modifications are protected by dq_data_lock.
It would be useful to annotate dqi_flags with a comment that dq_data_lock
is protecting it (along with any other fields similarly protected).
> However the
> modifications in vfs_load_quota_inode() and in mark_info_dirty() were
> not which could lead to corruption of dqi_flags. Since modifications to
> dqi_flags are rare, this is hard to observe in practice but in theory it
> could happen. Fix the problem by always using dq_data_lock for
> protection.
>
What about v1_write_file_info()? It is also modifying dqi_flags, but
it doesn't get dq_data_lock either.
> Signed-off-by: Jan Kara <jack@xxxxxxx>
> ---
> fs/quota/dquot.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c
> index 5e77c4da69a6..e1a155e8db15 100644
> --- a/fs/quota/dquot.c
> +++ b/fs/quota/dquot.c
> @@ -389,7 +389,9 @@ static inline int clear_dquot_dirty(struct dquot *dquot)
>
> void mark_info_dirty(struct super_block *sb, int type)
> {
> - set_bit(DQF_INFO_DIRTY_B, &sb_dqopt(sb)->info[type].dqi_flags);
> + spin_lock(&dq_data_lock);
> + sb_dqopt(sb)->info[type].dqi_flags |= DQF_INFO_DIRTY;
> + spin_unlock(&dq_data_lock);
> }
> EXPORT_SYMBOL(mark_info_dirty);
>
> @@ -2316,8 +2318,11 @@ static int vfs_load_quota_inode(struct inode *inode, int type, int format_id,
> error = dqopt->ops[type]->read_file_info(sb, type);
> if (error < 0)
> goto out_file_init;
> - if (dqopt->flags & DQUOT_QUOTA_SYS_FILE)
> + if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) {
> + spin_lock(&dq_data_lock);
> dqopt->info[type].dqi_flags |= DQF_SYS_FILE;
> + spin_unlock(&dq_data_lock);
> + }
> spin_lock(&dq_state_lock);
> dqopt->flags |= dquot_state_flag(flags, type);
> spin_unlock(&dq_state_lock);
> --
> 2.12.3
>
Cheers, Andreas
Attachment:
signature.asc
Description: Message signed with OpenPGP
