This is a note to let you know that I've just added the patch titled ext4: add helper to check quota inums to the 6.1-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: ext4-add-helper-to-check-quota-inums.patch and it can be found in the queue-6.1 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 07342ec259df2a35d6a34aebce010567a80a0e15 Mon Sep 17 00:00:00 2001 From: Baokun Li <libaokun1@xxxxxxxxxx> Date: Wed, 26 Oct 2022 12:23:08 +0800 Subject: ext4: add helper to check quota inums From: Baokun Li <libaokun1@xxxxxxxxxx> commit 07342ec259df2a35d6a34aebce010567a80a0e15 upstream. Before quota is enabled, a check on the preset quota inums in ext4_super_block is added to prevent wrong quota inodes from being loaded. In addition, when the quota fails to be enabled, the quota type and quota inum are printed to facilitate fault locating. Signed-off-by: Baokun Li <libaokun1@xxxxxxxxxx> Reviewed-by: Jason Yan <yanaijie@xxxxxxxxxx> Reviewed-by: Jan Kara <jack@xxxxxxx> Link: https://lore.kernel.org/r/20221026042310.3839669-3-libaokun1@xxxxxxxxxx Signed-off-by: Theodore Ts'o <tytso@xxxxxxx> Cc: stable@xxxxxxxxxx Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/ext4/super.c | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -6887,6 +6887,20 @@ static int ext4_quota_on(struct super_bl return err; } +static inline bool ext4_check_quota_inum(int type, unsigned long qf_inum) +{ + switch (type) { + case USRQUOTA: + return qf_inum == EXT4_USR_QUOTA_INO; + case GRPQUOTA: + return qf_inum == EXT4_GRP_QUOTA_INO; + case PRJQUOTA: + return qf_inum >= EXT4_GOOD_OLD_FIRST_INO; + default: + BUG(); + } +} + static int ext4_quota_enable(struct super_block *sb, int type, int format_id, unsigned int flags) { @@ -6903,9 +6917,16 @@ static int ext4_quota_enable(struct supe if (!qf_inums[type]) return -EPERM; + if (!ext4_check_quota_inum(type, qf_inums[type])) { + ext4_error(sb, "Bad quota inum: %lu, type: %d", + qf_inums[type], type); + return -EUCLEAN; + } + qf_inode = ext4_iget(sb, qf_inums[type], EXT4_IGET_SPECIAL); if (IS_ERR(qf_inode)) { - ext4_error(sb, "Bad quota inode # %lu", qf_inums[type]); + ext4_error(sb, "Bad quota inode: %lu, type: %d", + qf_inums[type], type); return PTR_ERR(qf_inode); } @@ -6944,8 +6965,9 @@ int ext4_enable_quotas(struct super_bloc if (err) { ext4_warning(sb, "Failed to enable quota tracking " - "(type=%d, err=%d). Please run " - "e2fsck to fix.", type, err); + "(type=%d, err=%d, ino=%lu). " + "Please run e2fsck to fix.", type, + err, qf_inums[type]); for (type--; type >= 0; type--) { struct inode *inode; Patches currently in stable-queue which might be from libaokun1@xxxxxxxxxx are queue-6.1/ext4-fix-use-after-free-in-ext4_orphan_cleanup.patch queue-6.1/ext4-fix-bug_on-in-__es_tree_search-caused-by-bad-boot-loader-inode.patch queue-6.1/ext4-add-inode-table-check-in-__ext4_get_inode_loc-to-aovid-possible-infinite-loop.patch queue-6.1/ext4-add-helper-to-check-quota-inums.patch queue-6.1/ext4-add-ext4_iget_bad-flag-to-prevent-unexpected-bad-inode.patch queue-6.1/ext4-correct-inconsistent-error-msg-in-nojournal-mode.patch queue-6.1/ext4-fix-bug_on-in-__es_tree_search-caused-by-bad-quota-inode.patch