Message ID | 20191015095439.6511-1-fdmanana@kernel.org (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | Btrfs: fix qgroup double free after failure to reserve metadata for delalloc | expand |
On Tue, Oct 15, 2019 at 10:54:39AM +0100, fdmanana@kernel.org wrote: > From: Filipe Manana <fdmanana@suse.com> > > If we fail to reserve metadata for delalloc operations we end up releasing > the previously reserved qgroup amount twice, once explicitly under the > 'out_qgroup' label by calling btrfs_qgroup_free_meta_prealloc() and once > again, under label 'out_fail', by calling btrfs_inode_rsv_release() with a > value of 'true' for its 'qgroup_free' argument, which results in > btrfs_qgroup_free_meta_prealloc() being called again, so we end up having > a double free. > > Also if we fail to reserve the necessary qgroup amount, we jump to the > label 'out_fail', which calls btrfs_inode_rsv_release() and that in turns > calls btrfs_qgroup_free_meta_prealloc(), even though we weren't able to > reserve any qgroup amount. So we freed some amount we never reserved. > > So fix this by removing the call to btrfs_inode_rsv_release() in the > failure path, since it's not necessary at all as we haven't changed the > inode's block reserve in any way at this point. > > Fixes: c8eaeac7b73434 ("btrfs: reserve delalloc metadata differently") > Signed-off-by: Filipe Manana <fdmanana@suse.com> Thanks, added to 5.4-rc queue.
diff --git a/fs/btrfs/delalloc-space.c b/fs/btrfs/delalloc-space.c index d949d7d2abed..fe68d0e078bd 100644 --- a/fs/btrfs/delalloc-space.c +++ b/fs/btrfs/delalloc-space.c @@ -381,7 +381,6 @@ int btrfs_delalloc_reserve_metadata(struct btrfs_inode *inode, u64 num_bytes) out_qgroup: btrfs_qgroup_free_meta_prealloc(root, qgroup_reserve); out_fail: - btrfs_inode_rsv_release(inode, true); if (delalloc_lock) mutex_unlock(&inode->delalloc_mutex); return ret;