Patch "btrfs: fix leak of qgroup extent records after transaction abort" has been added to the 5.15-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    btrfs: fix leak of qgroup extent records after transaction abort

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     btrfs-fix-leak-of-qgroup-extent-records-after-transa.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit e889b0b319a8f077d83a493209c9a0ff93c16830
Author: Filipe Manana <fdmanana@xxxxxxxx>
Date:   Mon Jun 3 12:49:08 2024 +0100

    btrfs: fix leak of qgroup extent records after transaction abort
    
    [ Upstream commit fb33eb2ef0d88e75564983ef057b44c5b7e4fded ]
    
    Qgroup extent records are created when delayed ref heads are created and
    then released after accounting extents at btrfs_qgroup_account_extents(),
    called during the transaction commit path.
    
    If a transaction is aborted we free the qgroup records by calling
    btrfs_qgroup_destroy_extent_records() at btrfs_destroy_delayed_refs(),
    unless we don't have delayed references. We are incorrectly assuming
    that no delayed references means we don't have qgroup extents records.
    
    We can currently have no delayed references because we ran them all
    during a transaction commit and the transaction was aborted after that
    due to some error in the commit path.
    
    So fix this by ensuring we btrfs_qgroup_destroy_extent_records() at
    btrfs_destroy_delayed_refs() even if we don't have any delayed references.
    
    Reported-by: syzbot+0fecc032fa134afd49df@xxxxxxxxxxxxxxxxxxxxxxxxx
    Link: https://lore.kernel.org/linux-btrfs/0000000000004e7f980619f91835@xxxxxxxxxx/
    Fixes: 81f7eb00ff5b ("btrfs: destroy qgroup extent records on transaction abort")
    CC: stable@xxxxxxxxxxxxxxx # 6.1+
    Reviewed-by: Josef Bacik <josef@xxxxxxxxxxxxxx>
    Reviewed-by: Qu Wenruo <wqu@xxxxxxxx>
    Signed-off-by: Filipe Manana <fdmanana@xxxxxxxx>
    Signed-off-by: David Sterba <dsterba@xxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
index c1dfde886b1e3..092ebed754b0c 100644
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -4707,19 +4707,11 @@ static int btrfs_destroy_delayed_refs(struct btrfs_transaction *trans,
 				      struct btrfs_fs_info *fs_info)
 {
 	struct rb_node *node;
-	struct btrfs_delayed_ref_root *delayed_refs;
+	struct btrfs_delayed_ref_root *delayed_refs = &trans->delayed_refs;
 	struct btrfs_delayed_ref_node *ref;
 	int ret = 0;
 
-	delayed_refs = &trans->delayed_refs;
-
 	spin_lock(&delayed_refs->lock);
-	if (atomic_read(&delayed_refs->num_entries) == 0) {
-		spin_unlock(&delayed_refs->lock);
-		btrfs_debug(fs_info, "delayed_refs has NO entry");
-		return ret;
-	}
-
 	while ((node = rb_first_cached(&delayed_refs->href_root)) != NULL) {
 		struct btrfs_delayed_ref_head *head;
 		struct rb_node *n;




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux