Patch "btrfs: qgroup: fix quota root leak after quota disable failure" has been added to the 5.15-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    btrfs: qgroup: fix quota root leak after quota disable failure

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     btrfs-qgroup-fix-quota-root-leak-after-quota-disable.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit fc3adf32717ab4f619282a18abecdc4faba15d36
Author: Filipe Manana <fdmanana@xxxxxxxx>
Date:   Thu Jun 20 12:32:00 2024 +0100

    btrfs: qgroup: fix quota root leak after quota disable failure
    
    [ Upstream commit a7e4c6a3031c74078dba7fa36239d0f4fe476c53 ]
    
    If during the quota disable we fail when cleaning the quota tree or when
    deleting the root from the root tree, we jump to the 'out' label without
    ever dropping the reference on the quota root, resulting in a leak of the
    root since fs_info->quota_root is no longer pointing to the root (we have
    set it to NULL just before those steps).
    
    Fix this by always doing a btrfs_put_root() call under the 'out' label.
    This is a problem that exists since qgroups were first added in 2012 by
    commit bed92eae26cc ("Btrfs: qgroup implementation and prototypes"), but
    back then we missed a kfree on the quota root and free_extent_buffer()
    calls on its root and commit root nodes, since back then roots were not
    yet reference counted.
    
    Reviewed-by: Boris Burkov <boris@xxxxxx>
    Reviewed-by: Qu Wenruo <wqu@xxxxxxxx>
    Signed-off-by: Filipe Manana <fdmanana@xxxxxxxx>
    Reviewed-by: David Sterba <dsterba@xxxxxxxx>
    Signed-off-by: David Sterba <dsterba@xxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c
index c50cabf69415f..1f5ab51e18dc4 100644
--- a/fs/btrfs/qgroup.c
+++ b/fs/btrfs/qgroup.c
@@ -1196,7 +1196,7 @@ int btrfs_quota_enable(struct btrfs_fs_info *fs_info)
 
 int btrfs_quota_disable(struct btrfs_fs_info *fs_info)
 {
-	struct btrfs_root *quota_root;
+	struct btrfs_root *quota_root = NULL;
 	struct btrfs_trans_handle *trans = NULL;
 	int ret = 0;
 
@@ -1290,9 +1290,9 @@ int btrfs_quota_disable(struct btrfs_fs_info *fs_info)
 	btrfs_free_tree_block(trans, btrfs_root_id(quota_root),
 			      quota_root->node, 0, 1);
 
-	btrfs_put_root(quota_root);
 
 out:
+	btrfs_put_root(quota_root);
 	mutex_unlock(&fs_info->qgroup_ioctl_lock);
 	if (ret && trans)
 		btrfs_end_transaction(trans);




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux