From patchwork Mon May 16 09:31:15 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amir Goldstein X-Patchwork-Id: 95701 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 2332F1007D1 for ; Mon, 16 May 2011 19:31:19 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753385Ab1EPJbR (ORCPT ); Mon, 16 May 2011 05:31:17 -0400 Received: from mail-vx0-f174.google.com ([209.85.220.174]:56945 "EHLO mail-vx0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753029Ab1EPJbQ (ORCPT ); Mon, 16 May 2011 05:31:16 -0400 Received: by vxi39 with SMTP id 39so3002981vxi.19 for ; Mon, 16 May 2011 02:31:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to:cc :content-type; bh=hG/1A7O2370T+Hn9yMbYDPk5b2P/XeWw5YI/PUufdkE=; b=HLtTSmjQozVRrLK8jsPa7kG/zunF9Iu/dkqjv/MMmQu5YSm45FebiN2EnT0NVoKcfa zaAotA9/enAPhybGfxvAJJu5uYHF4jM2AFae9E67fvOhrxK67k9n0aA9zLxfUhdAxzlF Ow2Y6si4/5hbXeDd7NE8Ji8w5jS1heI1aupsU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:cc:content-type; b=F5c8K+jThtaOvibDi5zMfvHv0bY6+HdHeyPrGjHlKc8lEtFpyERG+a/4q9AdTojFfb qNiDVAs4l7SHmeoB8FnPru+SKpjnQhl5U1sAIm/sXXECeZtNjE8NrnHhVXifHaet1iB6 OIfla9FGhJ2Uc1wCc/JHvbSb7S4ZnhAsDzSx0= MIME-Version: 1.0 Received: by 10.52.92.45 with SMTP id cj13mr3893069vdb.105.1305538275941; Mon, 16 May 2011 02:31:15 -0700 (PDT) Received: by 10.52.160.225 with HTTP; Mon, 16 May 2011 02:31:15 -0700 (PDT) Date: Mon, 16 May 2011 12:31:15 +0300 Message-ID: Subject: [PATCH] ext4: fix NULL pointer dereference in ext4_quota_off From: Amir Goldstein To: Ext4 Developers List Cc: Theodore Tso , Jan Kara Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org This fixes a bug in commit 21f97697 (ext4: remove unnecessary [cm]time update of quota file) The above commit was merged for 2.6.39-rc3 and introduced a crash in xfstest 232 (Run fsstress with quotas enabled and verify accounted quotas in the end). Signed-off-by: Amir Goldstein Reported-by: Amir Goldstein Signed-off-by: Amir Goldstein Signed-off-by: Jan Kara Signed-off-by: "Theodore Ts'o" --- This fix solves the crash on my system, but the test still fails with the following output: QA output created by 232 Testing fsstress fsstress -n 2000 -d outdir -p 7 seed = S Comparing user usage 3a4,493 > #1 -- 2456 0 0 13 0 0 > #10 -- 0 0 0 1 0 0 > #10098 -- 556 0 0 1 0 0 > #1023 -- 20 0 0 1 0 0 > #10253 -- 0 0 0 1 0 0 > #1026286 -- 4 0 0 1 0 0 > #103086187 -- 4 0 0 1 0 0 > #1036 -- 0 0 0 1 0 0 > #1052282 -- 4 0 0 1 0 0 > #1057 -- 260 0 0 1 0 0 I checked with kernel 2.6.38 and the test passes. I also tried reverting the commit, but the test still fails. In any case, the fix resolved the following crash: [ 1319.112544] EXT4-fs (sda8): mounted filesystem with ordered data mode. Opts: acl,user_xattr,usrquota,grpquota [ 1319.270023] EXT4-fs (sda8): re-mounted. Opts: (null) [ 1319.271464] EXT4-fs (sda8): re-mounted. Opts: (null) [ 1368.214854] BUG: unable to handle kernel NULL pointer dereference at 0000000000000018 [ 1368.219348] IP: [] ext4_quota_off+0x42/0xd0 [ 1368.221628] PGD 0 [ 1368.222978] Oops: 0000 [#2] SMP [ 1368.222978] last sysfs file: /sys/devices/system/cpu/cpu3/cache/index2/shared_cpu_map [ 1368.222978] CPU 0 [ 1368.222978] Modules linked in: binfmt_misc parport_pc ppdev snd_hda_codec_realtek snd_hda_intel snd_hda_codec i915 snd_hwdep snd_pcm drm_kms_helper drm snd_seq_midi snd_rawmidi e1000e snd_seq_midi_event i2c_algo_bit snd_seq lp firewire_ohci firewire_core snd_timer snd_seq_device snd soundcore snd_page_alloc psmouse parport pata_marvell usbhid hid video intel_agp intel_gtt tpm_tis crc_itu_t serio_raw tpm tpm_bios [ 1368.222978] [ 1368.222978] Pid: 2691, comm: quotaon Tainted: G M D 2.6.39-rc7 #9 /DQ35JO [ 1368.222978] RIP: 0010:[] [] ext4_quota_off+0x42/0xd0 [ 1368.222978] RSP: 0018:ffff8800c4bb3e28 EFLAGS: 00010292 [ 1368.222978] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000018 [ 1368.222978] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000246 [ 1368.222978] RBP: ffff8800c4bb3e48 R08: 0000000000000001 R09: 0000000000000000 [ 1368.222978] R10: 0000000000000000 R11: 0000000000000000 R12: ffff880114576000 [ 1368.222978] R13: ffff880114576000 R14: 0000000000000001 R15: 0000000000000000 [ 1368.222978] FS: 00007f5c2bf97720(0000) GS:ffff88012bc00000(0000) knlGS:0000000000000000 [ 1368.222978] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 1368.222978] CR2: 0000000000000018 CR3: 00000000c693f000 CR4: 00000000000006f0 [ 1368.222978] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1368.222978] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1368.222978] Process quotaon (pid: 2691, threadinfo ffff8800c4bb2000, task ffff880116bc5ee0) [ 1368.222978] Stack: [ 1368.222978] 0000000000800003 0000000000000001 ffff880114576000 00000000ffffffda [ 1368.222978] ffff8800c4bb3ef8 ffffffff811c9e05 0000000000000000 0000000000000000 [ 1368.222978] ffff8800c4bb3e78 ffff880114576068 ffff880115009800 ffff880114576068 [ 1368.222978] Call Trace: [ 1368.222978] [] do_quotactl+0x4e5/0x560 [ 1368.222978] [] ? down_read+0x4c/0x70 [ 1368.222978] [] ? get_super+0x9f/0xd0 [ 1368.222978] [] ? iput+0x48/0x200 [ 1368.222978] [] sys_quotactl+0xcc/0x1a0 [ 1368.222978] [] ? filp_close+0x66/0x90 [ 1368.222978] [] ? trace_hardirqs_on_thunk+0x3a/0x3f [ 1368.222978] [] system_call_fastpath+0x16/0x1b [ 1368.222978] Code: 89 74 24 18 0f 1f 44 00 00 48 63 c6 49 89 fc 41 89 f6 48 8b 9c c7 60 03 00 00 48 8b 87 90 04 00 00 f6 40 73 08 0f 85 7e 00 00 00 [ 1368.222978] 8b 7b 18 be 01 00 00 00 e8 c0 fb ff ff 48 3d 00 f0 ff ff 49 [ 1368.222978] RIP [] ext4_quota_off+0x42/0xd0 [ 1368.222978] RSP [ 1368.222978] CR2: 0000000000000018 [ 1368.310246] ---[ end trace 62a147f050ade229 ]--- fs/ext4/super.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) handle = ext4_journal_start(inode, 1); diff --git a/fs/ext4/super.c b/fs/ext4/super.c index fc827bb..2689351 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -4681,6 +4681,9 @@ static int ext4_quota_off(struct super_block *sb, int type) if (test_opt(sb, DELALLOC)) sync_filesystem(sb); + if (!inode) + goto out; + /* Update modification times of quota files when userspace can * start looking at them */