ext4: improve error recovery code paths in __ext4_remount()

commit 4c0b4818b1f636bc96359f7817a2d8bab6370162 upstream.

If there are failures while changing the mount options in
__ext4_remount(), we need to restore the old mount options.

This commit fixes two problem.  The first is there is a chance that we
will free the old quota file names before a potential failure leading
to a use-after-free.  The second problem addressed in this commit is
if there is a failed read/write to read-only transition, if the quota
has already been suspended, we need to renable quota handling.

Cc: stable@kernel.org
Link: https://lore.kernel.org/r/20230506142419.984260-2-tytso@mit.edu
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 4c2965b8cb056b370feaf92673369c182b65d0fc..e6cd2bf9508e4ffd58fb064edb8e6a2025ef37a5 100644 (file)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -5985,9 +5985,6 @@ static int ext4_remount(struct super_block *sb, int *flags, char *data)
        }
 
 #ifdef CONFIG_QUOTA
-       /* Release old quota file names */
-       for (i = 0; i < EXT4_MAXQUOTAS; i++)
-               kfree(old_opts.s_qf_names[i]);
        if (enable_quota) {
                if (sb_any_quota_suspended(sb))
                        dquot_resume(sb, -1);
@@ -5997,6 +5994,9 @@ static int ext4_remount(struct super_block *sb, int *flags, char *data)
                                goto restore_opts;
                }
        }
+       /* Release old quota file names */
+       for (i = 0; i < EXT4_MAXQUOTAS; i++)
+               kfree(old_opts.s_qf_names[i]);
 #endif
        if (!test_opt(sb, BLOCK_VALIDITY) && sbi->s_system_blks)
                ext4_release_system_zone(sb);
@@ -6017,6 +6017,13 @@ static int ext4_remount(struct super_block *sb, int *flags, char *data)
        return 0;
 
 restore_opts:
+       /*
+        * If there was a failing r/w to ro transition, we may need to
+        * re-enable quota
+        */
+       if ((sb->s_flags & SB_RDONLY) && !(old_sb_flags & SB_RDONLY) &&
+           sb_any_quota_suspended(sb))
+               dquot_resume(sb, -1);
        sb->s_flags = old_sb_flags;
        sbi->s_mount_opt = old_opts.s_mount_opt;
        sbi->s_mount_opt2 = old_opts.s_mount_opt2;