From eea7feb072f5914ecafa95b3d83be0c229244d90 Mon Sep 17 00:00:00 2001 From: Jan Kara Date: Thu, 13 May 2010 22:14:53 +0200 Subject: [PATCH] ocfs2: Fix use after free on remount read-only We also have to cancel quota syncing thread on remount read only because at that moment quota is being turned off. Otherwise quota syncing thread will try to access already freed quota structures. Signed-off-by: Jan Kara --- fs/ocfs2/super.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c index 2c26ce251cb3..66f9984a983c 100644 --- a/fs/ocfs2/super.c +++ b/fs/ocfs2/super.c @@ -883,9 +883,15 @@ static int ocfs2_susp_quotas(struct ocfs2_super *osb, int unsuspend) sb_dqopt(sb)->files[type], type, QFMT_OCFS2, DQUOT_SUSPENDED); - else + else { + struct ocfs2_mem_dqinfo *oinfo; + + /* Cancel periodic syncing before suspending */ + oinfo = sb_dqinfo(sb, type)->dqi_priv; + cancel_delayed_work_sync(&oinfo->dqi_sync_work); status = vfs_quota_disable(sb, type, DQUOT_SUSPENDED); + } if (status < 0) break; }