ocfs2: Fix use after free on remount read-only

We also have to cancel quota syncing thread on remount read only because
at that moment quota is being turned off. Otherwise quota syncing thread
will try to access already freed quota structures.

Signed-off-by: Jan Kara <jack@suse.cz>

diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c
index 2c26ce251cb3c3910ef887ef5e3e38d42ab3f392..66f9984a983c9696d6132499a8ab6ed9e31f37d2 100644 (file)
--- a/fs/ocfs2/super.c
+++ b/fs/ocfs2/super.c
@@ -883,9 +883,15 @@ static int ocfs2_susp_quotas(struct ocfs2_super *osb, int unsuspend)
                                        sb_dqopt(sb)->files[type],
                                        type, QFMT_OCFS2,
                                        DQUOT_SUSPENDED);
-               else
+               else {
+                       struct ocfs2_mem_dqinfo *oinfo;
+
+                       /* Cancel periodic syncing before suspending */
+                       oinfo = sb_dqinfo(sb, type)->dqi_priv;
+                       cancel_delayed_work_sync(&oinfo->dqi_sync_work);
                        status = vfs_quota_disable(sb, type,
                                                   DQUOT_SUSPENDED);
+               }
                if (status < 0)
                        break;
        }