diff options
author | Filipe Manana <fdmanana@suse.com> | 2019-10-15 10:54:39 +0100 |
---|---|---|
committer | David Sterba <dsterba@suse.com> | 2019-10-17 20:13:44 +0200 |
commit | c7967fc1499beb9b70bb9d33525fb0b384af8883 (patch) | |
tree | 51d003e83e940287aea5b7362c2aad557108690a /fs | |
parent | 1b2442b4ae0f234daeadd90e153b466332c466d8 (diff) | |
download | linux-c7967fc1499beb9b70bb9d33525fb0b384af8883.tar.gz linux-c7967fc1499beb9b70bb9d33525fb0b384af8883.tar.bz2 linux-c7967fc1499beb9b70bb9d33525fb0b384af8883.zip |
Btrfs: fix qgroup double free after failure to reserve metadata for delalloc
If we fail to reserve metadata for delalloc operations we end up releasing
the previously reserved qgroup amount twice, once explicitly under the
'out_qgroup' label by calling btrfs_qgroup_free_meta_prealloc() and once
again, under label 'out_fail', by calling btrfs_inode_rsv_release() with a
value of 'true' for its 'qgroup_free' argument, which results in
btrfs_qgroup_free_meta_prealloc() being called again, so we end up having
a double free.
Also if we fail to reserve the necessary qgroup amount, we jump to the
label 'out_fail', which calls btrfs_inode_rsv_release() and that in turns
calls btrfs_qgroup_free_meta_prealloc(), even though we weren't able to
reserve any qgroup amount. So we freed some amount we never reserved.
So fix this by removing the call to btrfs_inode_rsv_release() in the
failure path, since it's not necessary at all as we haven't changed the
inode's block reserve in any way at this point.
Fixes: c8eaeac7b73434 ("btrfs: reserve delalloc metadata differently")
CC: stable@vger.kernel.org # 5.2+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/btrfs/delalloc-space.c | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/fs/btrfs/delalloc-space.c b/fs/btrfs/delalloc-space.c index 571e7b31ea2f..db9f2c58eb4a 100644 --- a/fs/btrfs/delalloc-space.c +++ b/fs/btrfs/delalloc-space.c @@ -381,7 +381,6 @@ int btrfs_delalloc_reserve_metadata(struct btrfs_inode *inode, u64 num_bytes) out_qgroup: btrfs_qgroup_free_meta_prealloc(root, qgroup_reserve); out_fail: - btrfs_inode_rsv_release(inode, true); if (delalloc_lock) mutex_unlock(&inode->delalloc_mutex); return ret; |