1. Patchew
  2. linux
  3. View series

[PATCH] ext4: Prevent successful remount as r/w after filesystem abort

Fanqi Yu posted 1 patch 2 months, 2 weeks ago 
fs/ext4/super.c | 7 +++++++
1 file changed, 7 insertions(+)
[PATCH] ext4: Prevent successful remount as r/w after filesystem abort
Posted by Fanqi Yu 2 months, 2 weeks ago 
While the order of writing to the shutdown and read-only flags has been
enforced by a write memory barrier, the read side in remount does not
have a pairing read barrier.

In the event of a fs forced shutdown remounting as read-only,
remounting it again as read-write can succeed when the flag reads are
reordered such that sb_rdonly() returns true and
ext4_forced_shutdown() returns false.

Commit 4418e14112e3 ("ext4: Fix fsync error handling after filesystem
abort") has added the other barriers related to these two flags but
seems to have missed this one.

Signed-off-by: Fanqi Yu <fanqi.yu@columbia.edu>
---
 fs/ext4/super.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 044135796f2b..c5d3f8969dec 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -6542,6 +6542,13 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
 	flush_work(&sbi->s_sb_upd_work);
 
 	if ((bool)(fc->sb_flags & SB_RDONLY) != sb_rdonly(sb)) {
+
+		/*
+		 * Make sure we read the updated s_ext4_flags.
+		 * Pairs with smp_wmb() in ext4_handle_error().
+		 */
+		smp_rmb();
+
 		if (ext4_forced_shutdown(sb)) {
 			err = -EROFS;
 			goto restore_opts;
-- 
2.34.1
Re: [PATCH] ext4: Prevent successful remount as r/w after filesystem abort
Posted by Jan Kara 2 months, 1 week ago 
On Sun 15-09-24 17:08:04, Fanqi Yu wrote:
> While the order of writing to the shutdown and read-only flags has been
> enforced by a write memory barrier, the read side in remount does not
> have a pairing read barrier.
> 
> In the event of a fs forced shutdown remounting as read-only,
> remounting it again as read-write can succeed when the flag reads are
> reordered such that sb_rdonly() returns true and
> ext4_forced_shutdown() returns false.
> 
> Commit 4418e14112e3 ("ext4: Fix fsync error handling after filesystem
> abort") has added the other barriers related to these two flags but
> seems to have missed this one.
> 
> Signed-off-by: Fanqi Yu <fanqi.yu@columbia.edu>

Thanks for the patch but there's a changed queued in ext4 tree [1] which
removes setting of SB_RDONLY flag in emergency remount because it has other
problems as well. And after this change the memory ordering problem you
speak about is not an issue anymore.

								Honza

[1] https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?h=dev&id=d3476f3dad4ad68ae5f6b008ea6591d1520da5d8

> ---
>  fs/ext4/super.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
> index 044135796f2b..c5d3f8969dec 100644
> --- a/fs/ext4/super.c
> +++ b/fs/ext4/super.c
> @@ -6542,6 +6542,13 @@ static int __ext4_remount(struct fs_context *fc, struct super_block *sb)
>  	flush_work(&sbi->s_sb_upd_work);
>  
>  	if ((bool)(fc->sb_flags & SB_RDONLY) != sb_rdonly(sb)) {
> +
> +		/*
> +		 * Make sure we read the updated s_ext4_flags.
> +		 * Pairs with smp_wmb() in ext4_handle_error().
> +		 */
> +		smp_rmb();
> +
>  		if (ext4_forced_shutdown(sb)) {
>  			err = -EROFS;
>  			goto restore_opts;
> -- 
> 2.34.1
> 
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.