CVE-2023-54153

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ext4: turn quotas off if mount failed after enabling quotas<br /> <br /> Yi found during a review of the patch "ext4: don&amp;#39;t BUG on inconsistent<br /> journal feature" that when ext4_mark_recovery_complete() returns an error<br /> value, the error handling path does not turn off the enabled quotas,<br /> which triggers the following kmemleak:<br /> <br /> ================================================================<br /> unreferenced object 0xffff8cf68678e7c0 (size 64):<br /> comm "mount", pid 746, jiffies 4294871231 (age 11.540s)<br /> hex dump (first 32 bytes):<br /> 00 90 ef 82 f6 8c ff ff 00 00 00 00 41 01 00 00 ............A...<br /> c7 00 00 00 bd 00 00 00 0a 00 00 00 48 00 00 00 ............H...<br /> backtrace:<br /> [] __kmem_cache_alloc_node+0x4d4/0x880<br /> [] kmalloc_trace+0x39/0x140<br /> [] v2_read_file_info+0x18a/0x3a0<br /> [] dquot_load_quota_sb+0x2ed/0x770<br /> [] dquot_load_quota_inode+0xc6/0x1c0<br /> [] ext4_enable_quotas+0x17e/0x3a0 [ext4]<br /> [] __ext4_fill_super+0x3448/0x3910 [ext4]<br /> [] ext4_fill_super+0x13d/0x340 [ext4]<br /> [] get_tree_bdev+0x1dc/0x370<br /> [] ext4_get_tree+0x1d/0x30 [ext4]<br /> [] vfs_get_tree+0x31/0x160<br /> [] do_new_mount+0x1d5/0x480<br /> [] path_mount+0x22e/0xbe0<br /> [] do_mount+0x95/0xc0<br /> [] __x64_sys_mount+0xc4/0x160<br /> [] do_syscall_64+0x3f/0x90<br /> ================================================================<br /> <br /> To solve this problem, we add a "failed_mount10" tag, and call<br /> ext4_quota_off_umount() in this tag to release the enabled qoutas.