Module Name: src
Committed By: bouyer
Date: Thu Sep 27 07:47:57 UTC 2012
Modified Files:
src/sys/ufs/ufs: ufs_quota2.c
Log Message:
Fix quota2 list corruption issue when defaultquotas are 0 (deny any file
and block allocation).
When quota2_check() is called with an uid not yet in the list,
getinoquota2() will call quota2_q2ealloc() to allocate a new entry for this
uid. quota2_q2ealloc() will remove an entry from the free list and
put it at the head of the corresponding hash list, and flush the block
containing the header if it's not the one also containing the allocated entry.
quota2_q2ealloc() then return the alocated entry and corresponding block
to caller (getinoquota2() here), which returns it to quota2_check().
quota2_check() then checks if the allocation can succeed, and returns and
error if not and calls brelse() on the buffer (because from his POW no
change was made to the entry), effectively discarding changes
to the entry that may have been made by quota2_q2ealloc().
Fix by always bwrite()ing the entry in quota2_q2ealloc(), and re-reading
the entry in caller.
To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/sys/ufs/ufs/ufs_quota2.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/ufs/ufs/ufs_quota2.c
diff -u src/sys/ufs/ufs/ufs_quota2.c:1.34 src/sys/ufs/ufs/ufs_quota2.c:1.35
--- src/sys/ufs/ufs/ufs_quota2.c:1.34 Mon Feb 13 06:23:41 2012
+++ src/sys/ufs/ufs/ufs_quota2.c Thu Sep 27 07:47:56 2012
@@ -1,4 +1,4 @@
-/* $NetBSD: ufs_quota2.c,v 1.34 2012/02/13 06:23:41 dholland Exp $ */
+/* $NetBSD: ufs_quota2.c,v 1.35 2012/09/27 07:47:56 bouyer Exp $ */
/*-
* Copyright (c) 2010 Manuel Bouyer
* All rights reserved.
@@ -26,7 +26,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ufs_quota2.c,v 1.34 2012/02/13 06:23:41 dholland Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ufs_quota2.c,v 1.35 2012/09/27 07:47:56 bouyer Exp $");
#include <sys/buf.h>
#include <sys/param.h>
@@ -290,8 +290,7 @@ quota2_umount(struct mount *mp, int flag
}
static int
-quota2_q2ealloc(struct ufsmount *ump, int type, uid_t uid, struct dquot *dq,
- struct buf **bpp, struct quota2_entry **q2ep)
+quota2_q2ealloc(struct ufsmount *ump, int type, uid_t uid, struct dquot *dq)
{
int error, error2;
struct buf *hbp, *bp;
@@ -361,8 +360,7 @@ quota2_q2ealloc(struct ufsmount *ump, in
if (hbp != bp) {
bwrite(hbp);
}
- *q2ep = q2e;
- *bpp = bp;
+ bwrite(bp);
return 0;
}
@@ -416,18 +414,17 @@ getinoquota2(struct inode *ip, bool allo
}
/* need to alloc a new on-disk quot */
mutex_enter(&dqlock);
- error = quota2_q2ealloc(ump, i, ino_ids[i], dq,
- &bpp[i], &q2ep[i]);
+ error = quota2_q2ealloc(ump, i, ino_ids[i], dq);
mutex_exit(&dqlock);
if (error)
return error;
- } else {
- error = getq2e(ump, i, dq->dq2_lblkno,
- dq->dq2_blkoff, &bpp[i], &q2ep[i],
- modify ? B_MODIFY : 0);
- if (error)
- return error;
}
+ KASSERT(dq->dq2_lblkno != 0 || dq->dq2_blkoff != 0);
+ error = getq2e(ump, i, dq->dq2_lblkno,
+ dq->dq2_blkoff, &bpp[i], &q2ep[i],
+ modify ? B_MODIFY : 0);
+ if (error)
+ return error;
}
return 0;
}
@@ -622,13 +619,14 @@ quota2_handle_cmd_put(struct ufsmount *u
if (dq->dq2_lblkno == 0 && dq->dq2_blkoff == 0) {
/* need to alloc a new on-disk quot */
mutex_enter(&dqlock);
- error = quota2_q2ealloc(ump, key->qk_idtype, key->qk_id, dq,
- &bp, &q2ep);
+ error = quota2_q2ealloc(ump, key->qk_idtype, key->qk_id, dq);
mutex_exit(&dqlock);
- } else {
- error = getq2e(ump, key->qk_idtype, dq->dq2_lblkno,
- dq->dq2_blkoff, &bp, &q2ep, B_MODIFY);
+ if (error)
+ goto out_il;
}
+ KASSERT(dq->dq2_lblkno != 0 || dq->dq2_blkoff != 0);
+ error = getq2e(ump, key->qk_idtype, dq->dq2_lblkno,
+ dq->dq2_blkoff, &bp, &q2ep, B_MODIFY);
if (error)
goto out_il;
