* [PATCH] Btrfs: fix qgroup double free after failure to reserve metadata for delalloc
@ 2019-10-15 9:54 fdmanana
2019-10-17 18:14 ` David Sterba
0 siblings, 1 reply; 2+ messages in thread
From: fdmanana @ 2019-10-15 9:54 UTC (permalink / raw)
To: linux-btrfs
From: Filipe Manana <fdmanana@suse.com>
If we fail to reserve metadata for delalloc operations we end up releasing
the previously reserved qgroup amount twice, once explicitly under the
'out_qgroup' label by calling btrfs_qgroup_free_meta_prealloc() and once
again, under label 'out_fail', by calling btrfs_inode_rsv_release() with a
value of 'true' for its 'qgroup_free' argument, which results in
btrfs_qgroup_free_meta_prealloc() being called again, so we end up having
a double free.
Also if we fail to reserve the necessary qgroup amount, we jump to the
label 'out_fail', which calls btrfs_inode_rsv_release() and that in turns
calls btrfs_qgroup_free_meta_prealloc(), even though we weren't able to
reserve any qgroup amount. So we freed some amount we never reserved.
So fix this by removing the call to btrfs_inode_rsv_release() in the
failure path, since it's not necessary at all as we haven't changed the
inode's block reserve in any way at this point.
Fixes: c8eaeac7b73434 ("btrfs: reserve delalloc metadata differently")
Signed-off-by: Filipe Manana <fdmanana@suse.com>
---
fs/btrfs/delalloc-space.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/fs/btrfs/delalloc-space.c b/fs/btrfs/delalloc-space.c
index d949d7d2abed..fe68d0e078bd 100644
--- a/fs/btrfs/delalloc-space.c
+++ b/fs/btrfs/delalloc-space.c
@@ -381,7 +381,6 @@ int btrfs_delalloc_reserve_metadata(struct btrfs_inode *inode, u64 num_bytes)
out_qgroup:
btrfs_qgroup_free_meta_prealloc(root, qgroup_reserve);
out_fail:
- btrfs_inode_rsv_release(inode, true);
if (delalloc_lock)
mutex_unlock(&inode->delalloc_mutex);
return ret;
--
2.11.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] Btrfs: fix qgroup double free after failure to reserve metadata for delalloc
2019-10-15 9:54 [PATCH] Btrfs: fix qgroup double free after failure to reserve metadata for delalloc fdmanana
@ 2019-10-17 18:14 ` David Sterba
0 siblings, 0 replies; 2+ messages in thread
From: David Sterba @ 2019-10-17 18:14 UTC (permalink / raw)
To: fdmanana; +Cc: linux-btrfs
On Tue, Oct 15, 2019 at 10:54:39AM +0100, fdmanana@kernel.org wrote:
> From: Filipe Manana <fdmanana@suse.com>
>
> If we fail to reserve metadata for delalloc operations we end up releasing
> the previously reserved qgroup amount twice, once explicitly under the
> 'out_qgroup' label by calling btrfs_qgroup_free_meta_prealloc() and once
> again, under label 'out_fail', by calling btrfs_inode_rsv_release() with a
> value of 'true' for its 'qgroup_free' argument, which results in
> btrfs_qgroup_free_meta_prealloc() being called again, so we end up having
> a double free.
>
> Also if we fail to reserve the necessary qgroup amount, we jump to the
> label 'out_fail', which calls btrfs_inode_rsv_release() and that in turns
> calls btrfs_qgroup_free_meta_prealloc(), even though we weren't able to
> reserve any qgroup amount. So we freed some amount we never reserved.
>
> So fix this by removing the call to btrfs_inode_rsv_release() in the
> failure path, since it's not necessary at all as we haven't changed the
> inode's block reserve in any way at this point.
>
> Fixes: c8eaeac7b73434 ("btrfs: reserve delalloc metadata differently")
> Signed-off-by: Filipe Manana <fdmanana@suse.com>
Thanks, added to 5.4-rc queue.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-10-17 18:14 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-15 9:54 [PATCH] Btrfs: fix qgroup double free after failure to reserve metadata for delalloc fdmanana
2019-10-17 18:14 ` David Sterba
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).