#
a898cb62 |
|
07-Feb-2024 |
Jan Kara <jack@suse.cz> |
quota: Detect loops in quota tree Syzbot has found that when it creates corrupted quota files where the quota tree contains a loop, we will deadlock when tryling to insert a dquot. Add loop detection into functions traversing the quota tree. Signed-off-by: Jan Kara <jack@suse.cz>
|
#
a1e1b2be |
|
22-Jan-2024 |
Jan Kara <jack@suse.cz> |
quota: Drop GFP_NOFS instances under dquot->dq_lock and dqio_sem Quota code acquires dquot->dq_lock whenever reading / writing dquot. When reading / writing quota info we hold dqio_sem. Since these locks can be acquired during inode reclaim (through dquot_drop() -> dqput() -> dquot_release()) we are setting nofs allocation context whenever acquiring these locks. Hence there's no need to use GFP_NOFS allocations in quota code doing IO. Just switch it to GFP_KERNEL. Signed-off-by: Jan Kara <jack@suse.cz>
|
#
191249f7 |
|
23-Sep-2022 |
Zhihao Cheng <chengzhihao1@huawei.com> |
quota: Add more checking after reading from quota file It would be better to do more sanity checking (eg. dqdh_entries, block no.) for the content read from quota file, which can prevent corrupting the quota file. Link: https://lore.kernel.org/r/20220923134555.2623931-4-chengzhihao1@huawei.com Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: Jan Kara <jack@suse.cz>
|
#
3fc61e0e |
|
23-Sep-2022 |
Zhihao Cheng <chengzhihao1@huawei.com> |
quota: Replace all block number checking with helper function Cleanup all block checking places, replace them with helper function do_check_range(). Link: https://lore.kernel.org/r/20220923134555.2623931-3-chengzhihao1@huawei.com Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: Jan Kara <jack@suse.cz>
|
#
6c8ea8b8 |
|
23-Sep-2022 |
Zhihao Cheng <chengzhihao1@huawei.com> |
quota: Check next/prev free block number after reading from quota file Following process: Init: v2_read_file_info: <3> dqi_free_blk 0 dqi_free_entry 5 dqi_blks 6 Step 1. chown bin f_a -> dquot_acquire -> v2_write_dquot: qtree_write_dquot do_insert_tree find_free_dqentry get_free_dqblk write_blk(info->dqi_blocks) // info->dqi_blocks = 6, failure. The content in physical block (corresponding to blk 6) is random. Step 2. chown root f_a -> dquot_transfer -> dqput_all -> dqput -> ext4_release_dquot -> v2_release_dquot -> qtree_delete_dquot: dquot_release remove_tree free_dqentry put_free_dqblk(6) info->dqi_free_blk = blk // info->dqi_free_blk = 6 Step 3. drop cache (buffer head for block 6 is released) Step 4. chown bin f_b -> dquot_acquire -> commit_dqblk -> v2_write_dquot: qtree_write_dquot do_insert_tree find_free_dqentry get_free_dqblk dh = (struct qt_disk_dqdbheader *)buf blk = info->dqi_free_blk // 6 ret = read_blk(info, blk, buf) // The content of buf is random info->dqi_free_blk = le32_to_cpu(dh->dqdh_next_free) // random blk Step 5. chown bin f_c -> notify_change -> ext4_setattr -> dquot_transfer: dquot = dqget -> acquire_dquot -> ext4_acquire_dquot -> dquot_acquire -> commit_dqblk -> v2_write_dquot -> dq_insert_tree: do_insert_tree find_free_dqentry get_free_dqblk blk = info->dqi_free_blk // If blk < 0 and blk is not an error code, it will be returned as dquot transfer_to[USRQUOTA] = dquot // A random negative value __dquot_transfer(transfer_to) dquot_add_inodes(transfer_to[cnt]) spin_lock(&dquot->dq_dqb_lock) // page fault , which will lead to kernel page fault: Quota error (device sda): qtree_write_dquot: Error -8000 occurred while creating quota BUG: unable to handle page fault for address: ffffffffffffe120 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page Oops: 0002 [#1] PREEMPT SMP CPU: 0 PID: 5974 Comm: chown Not tainted 6.0.0-rc1-00004 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:_raw_spin_lock+0x3a/0x90 Call Trace: dquot_add_inodes+0x28/0x270 __dquot_transfer+0x377/0x840 dquot_transfer+0xde/0x540 ext4_setattr+0x405/0x14d0 notify_change+0x68e/0x9f0 chown_common+0x300/0x430 __x64_sys_fchownat+0x29/0x40 In order to avoid accessing invalid quota memory address, this patch adds block number checking of next/prev free block read from quota file. Fetch a reproducer in [Link]. Link: https://bugzilla.kernel.org/show_bug.cgi?id=216372 Fixes: 1da177e4c3f4152 ("Linux-2.6.12-rc2") CC: stable@vger.kernel.org Link: https://lore.kernel.org/r/20220923134555.2623931-2-chengzhihao1@huawei.com Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: Jan Kara <jack@suse.cz>
|
#
d0e36a62 |
|
08-Oct-2021 |
Zhang Yi <yi.zhang@huawei.com> |
quota: correct error number in free_dqentry() Fix the error path in free_dqentry(), pass out the error number if the block to free is not correct. Fixes: 1ccd14b9c271 ("quota: Split off quota tree handling into a separate file") Link: https://lore.kernel.org/r/20211008093821.1001186-3-yi.zhang@huawei.com Signed-off-by: Zhang Yi <yi.zhang@huawei.com> Cc: stable@kernel.org Signed-off-by: Jan Kara <jack@suse.cz>
|
#
9bf3d203 |
|
08-Oct-2021 |
Zhang Yi <yi.zhang@huawei.com> |
quota: check block number when reading the block in quota file The block number in the quota tree on disk should be smaller than the v2_disk_dqinfo.dqi_blocks. If the quota file was corrupted, we may be allocating an 'allocated' block and that would lead to a loop in a tree, which will probably trigger oops later. This patch adds a check for the block number in the quota tree to prevent such potential issue. Link: https://lore.kernel.org/r/20211008093821.1001186-2-yi.zhang@huawei.com Signed-off-by: Zhang Yi <yi.zhang@huawei.com> Cc: stable@kernel.org Signed-off-by: Jan Kara <jack@suse.cz>
|
#
ce1b06c5 |
|
17-Jun-2021 |
Zhen Lei <thunder.leizhen@huawei.com> |
quota: remove unnecessary oom message Fixes scripts/checkpatch.pl warning: WARNING: Possible unnecessary 'out of memory' message Remove it can help us save a bit of memory. After that, the static function getdqbuf() becomes unnecessary, get rid of it and instead call kmalloc() directly. Link: https://lore.kernel.org/r/20210618014720.1977-2-thunder.leizhen@huawei.com Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com> Signed-off-by: Jan Kara <jack@suse.cz>
|
#
10f04d40 |
|
02-Nov-2020 |
Jan Kara <jack@suse.cz> |
quota: Don't overflow quota file offsets The on-disk quota format supports quota files with upto 2^32 blocks. Be careful when computing quota file offsets in the quota files from block numbers as they can overflow 32-bit types. Since quota files larger than 4GB would require ~26 millions of quota users, this is mostly a theoretical concern now but better be careful, fuzzers would find the problem sooner or later anyway... Reviewed-by: Andreas Dilger <adilger@dilger.ca> Signed-off-by: Jan Kara <jack@suse.cz>
|
#
09c434b8 |
|
19-May-2019 |
Thomas Gleixner <tglx@linutronix.de> |
treewide: Add SPDX license identifier for more missed files Add SPDX license identifiers to all files which: - Have no license information of any form - Have MODULE_LICENCE("GPL*") inside which was used in the initial scan/conversion to ignore the file These files fall under the project license, GPL v2 only. The resulting SPDX license identifier is: GPL-2.0-only Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
7b9ca4c6 |
|
07-Aug-2017 |
Jan Kara <jack@suse.cz> |
quota: Reduce contention on dq_data_lock dq_data_lock is currently used to protect all modifications of quota accounting information, consistency of quota accounting on the inode, and dquot pointers from inode. As a result contention on the lock can be pretty heavy. Reduce the contention on the lock by protecting quota accounting information by a new dquot->dq_dqb_lock and consistency of quota accounting with inode usage by inode->i_lock. This change reduces time to create 500000 files on ext4 on ramdisk by 50 different processes in separate directories by 6% when user quota is turned on. When those 50 processes belong to 50 different users, the improvement is about 9%. Signed-off-by: Jan Kara <jack@suse.cz>
|
#
bc8230ee |
|
08-Jun-2017 |
Jan Kara <jack@suse.cz> |
quota: Convert dqio_mutex to rwsem Convert dqio_mutex to rwsem and call it dqio_sem. No functional changes yet. Signed-off-by: Jan Kara <jack@suse.cz>
|
#
0066373d |
|
25-Jan-2016 |
Jan Kara <jack@suse.cz> |
quota_v2: Implement get_next_id() for V2 quota format Implement functions to get id of next existing quota structure in quota file for quota tree based formats and thus for V2 quota format. Signed-off-by: Jan Kara <jack@suse.cz>
|
#
69a25ee2 |
|
11-Feb-2015 |
Konstantin Khlebnikov <koct9i@gmail.com> |
quota: paranoia: check quota tree root Root level in quota tree must be already allocated otherwise this block could be used for something else. Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> Signed-off-by: Jan Kara <jack@suse.cz>
|
#
4c376dca |
|
16-Sep-2012 |
Eric W. Biederman <ebiederm@xmission.com> |
userns: Convert struct dquot dq_id to be a struct kqid Change struct dquot dq_id to a struct kqid and remove the now unecessary dq_type. Make minimal changes to dquot, quota_tree, quota_v1, quota_v2, ext3, ext4, and ocfs2 to deal with the change in quota structures and signatures. The ocfs2 changes are larger than most because of the extensive tracing throughout the ocfs2 quota code that prints out dq_id. quota_tree.c:get_index is modified to take a struct kqid instead of a qid_t because all of it's callers pass in dquot->dq_id and it allows me to introduce only a single conversion. The rest of the changes are either just replacing dq_type with dq_id.type, adding conversions to deal with the change in type and occassionally adding qid_eq to allow quota id comparisons in a user namespace safe way. Cc: Mark Fasheh <mfasheh@suse.com> Cc: Joel Becker <jlbec@evilplan.org> Cc: Jan Kara <jack@suse.cz> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andreas Dilger <adilger.kernel@dilger.ca> Cc: Theodore Tso <tytso@mit.edu> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
#
055adcbd |
|
23-Nov-2010 |
Joe Perches <joe@perches.com> |
quota: Use %pV and __attribute__((format (printf in __quota_error and fix fallout Use %pV in __quota_error so a single printk can not be interleaved with other logging messages. Add __attribute__((format (printf, 3, 4))) so format and arguments can be verified by compiler. Make sure printk formats and arguments match. Block # needed a pointer dereference. Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Jan Kara <jack@suse.cz>
|
#
fb5ffb0e |
|
20-Jul-2010 |
Jiaying Zhang <jiayingz@google.com> |
quota: Change quota error message to print out disk and function name The current quota error message doesn't always print the disk name, so it is hard to identify the "bad" disk when quota error happens. This patch changes the standardized quota error message to print out disk name and function name. It also uses a combination of cpp macro and inline function to provide better type checking and to lower the text size of the message. [Jan Kara: Export __quota_error] Signed-off-by: Jiaying Zhang <jiayingz@google.com> Signed-off-by: Jan Kara <jack@suse.cz>
|
#
1907131b |
|
17-May-2010 |
Jiaying Zhang <jiayingz@google.com> |
dquot: Detect partial write error to quota file in write_blk() and add printk_ratelimit for quota error messages This patch changes quota_tree.c:write_blk() to detect error caused by partial write to quota file and add a macro to limit control printed quota error messages so we won't fill up dmesg with a corrupted quota file. Signed-off-by: Jiaying Zhang <jiayingz@google.com> Signed-off-by: Jan Kara <jack@suse.cz>
|
#
dde95888 |
|
26-Apr-2010 |
Dmitry Monakhov <dmonakhov@openvz.org> |
quota: Make quota stat accounting lockless. Quota stats is mostly writable data structure. Let's alloc percpu bucket for each value. NOTE: dqstats_read() function is racy against dqstats_{inc,dec} and may return inconsistent value. But this is ok since absolute accuracy is not required. Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org> Signed-off-by: Jan Kara <jack@suse.cz>
|
#
268157ba |
|
27-Jan-2009 |
Jan Kara <jack@suse.cz> |
quota: Coding style fixes Wrap long lines, remove assignments from conditions, rewrite two overcomplicated for loops. Signed-off-by: Jan Kara <jack@suse.cz>
|
#
7a2435d8 |
|
26-Jan-2009 |
Jan Kara <jack@suse.cz> |
quota: Remove superfluous inlines Remove inlines of large functions to decrease code size (saved 1543 bytes). Signed-off-by: Jan Kara <jack@suse.cz>
|
#
d26ac1a8 |
|
26-Jan-2009 |
Jan Kara <jack@suse.cz> |
quota: Remove dqbuf_t and other cleanups Remove bogus typedef which is just a definition of char *. Remove unnecessary type casts. Substitute freedqbuf() with kfree. Signed-off-by: Jan Kara <jack@suse.cz>
|
#
884d179d |
|
26-Jan-2009 |
Jan Kara <jack@suse.cz> |
quota: Move quota files into separate directory Quota subsystem has more and more files. It's time to create a dir for it. Signed-off-by: Jan Kara <jack@suse.cz>
|