Re: [BUG] ocfs2: slab-out-of-bounds in down_read_trylock from quota-on path

Next message: Andrew Morton: "Re: [PATCH mm-unstable v4 5/5] mm/khugepaged: unify khugepaged and madv_collapse with collapse_single_pmd()"
Previous message: Peter Zijlstra: "Re: [PATCH 3/5] compiler_attributes: Add overflow_behavior macros __ob_trap and __ob_wrap"
In reply to: Pedro Demarchi Gomes: "Re: [BUG] ocfs2: slab-out-of-bounds in down_read_trylock from quota-on path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Shuangpeng

Date: Wed Apr 01 2026 - 16:37:52 EST

>
> Hi Shuangpeng,
>
> This looks like a quota format mismatch rather than an OCFS2 bug itself.
>
> Your reproducer creates an F2FS image with quota format id = 3, which is
> specific to OCFS2. When quotactl() is issued, the following path is taken:
>
> f2fs_quota_on
> -> dquot_load_quota_inode
> -> dquot_load_quota_sb
> -> ocfs2_local_check_quota_file
>
> Inside dquot_load_quota_sb(), find_quota_format(id) resolves the format based
> solely on the on-disk id. Since id = 3 corresponds to ocfs2_quota_format, the
> quota subsystem ends up invoking OCFS2-specific handlers on an F2FS inode.
>
> So the root cause is that the quota framework does not validate whether the
> quota format is compatible with the filesystem.

Thank you for the clarification. In that case, do you think it would make sense for
me to CC the quota subsystem in the follow-up?