Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1968759ybh; Tue, 14 Jul 2020 11:56:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzO5dTed10bAkI9dkTh7ly20tgWaeDz8K8iQ9Ays6tsLTNi+GJyO8UrSPEhPKrDTWykJ7Zr X-Received: by 2002:aa7:d58c:: with SMTP id r12mr6312070edq.160.1594752978113; Tue, 14 Jul 2020 11:56:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594752978; cv=none; d=google.com; s=arc-20160816; b=agxU1ViOdm+fnTdKDpluPCnfybTs58NDjhva74c7bDbpLNyY9i8f9mojK9Ipb17+JU 6GVON0uLxBMJGBJCyj55svXSKA9a3/vuDHE2XUeGPPAbWT1M/ytNAD9hCxEH+DQ7nNbs FpLPKE+79p8EhrNEdrwxjCY/+DmQAOdelH1RFLrVdqW3vdBCm6UqBximeNzHtCPSpSnG MfOkMiUVs0waiyZWXrv7d5tmfr9dCZ2W+UzmGnt1bB8dwRD9HXYlXST6RucguMr4wbM3 vIZ18hntccfU+AmGqLq5h8aeoBIFTsxghMQw8f3CIJnZcqCLcmAZe/oRp9DG+2V9KwdN 7aGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Ap6Ro293hAPEUPV8iKsUW0vIrw6VVjRQe2zYnkDz6Zg=; b=idyy9tN9KY1gykV285HsPpBEjlYDnmk3beDr8GvCFPCWu3poJlwmNpo5ELbdpJuxUD g3BtzMcfthfuKvcINb2ZjYekize1BrChj+FyPJX3Imuf70VG65Xk51IHVualDWE1GLuh hEzFWspxcwv5sH8XM0xL6PIQUxDGuZozQ7koha0eidV5s+2HfuVMwqzgsMy8Z7CdK4rz D6igdKnrCy3Ha9QxvH4ETMzHQNKy8iwYDG3hvHbngx/bIyG19GkpPkK8e8iuDfLVjbta kOS/3wQR70KHzBoSW5uv4piPVNqQQxrqCRdbKqvc1lP9gDMAwL0DIoUUts9Ao/NpCOmJ iH9g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fTjQleT0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g14si12016782ejw.376.2020.07.14.11.55.54; Tue, 14 Jul 2020 11:56:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=fTjQleT0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730524AbgGNSw1 (ORCPT + 99 others); Tue, 14 Jul 2020 14:52:27 -0400 Received: from mail.kernel.org ([198.145.29.99]:49136 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730511AbgGNSwY (ORCPT ); Tue, 14 Jul 2020 14:52:24 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 81BB422B42; Tue, 14 Jul 2020 18:52:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1594752744; bh=iv8j59IizSFovtJeOSAaB86Jk9Z6jur6Paq2/nEHfOw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fTjQleT0YE61FAUpMxBNDHU/uOjYvrMHPtX8J06celY8+9W9iWjz/VkvGkCPzcDnX psyhMS55CEkKJIqdEHHCbl711T5wS4d06NFV047rCWpHpWTmVjwwQ5bM2MxrBBJ+9o kGrqiCHJYciE5KEU57q+dCqHUaYCA41GGyjKeZm4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Filipe Manana , Josef Bacik , David Sterba Subject: [PATCH 5.4 094/109] btrfs: fix double put of block group with nocow Date: Tue, 14 Jul 2020 20:44:37 +0200 Message-Id: <20200714184110.060376603@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200714184105.507384017@linuxfoundation.org> References: <20200714184105.507384017@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Josef Bacik commit 230ed397435e85b54f055c524fcb267ae2ce3bc4 upstream. While debugging a patch that I wrote I was hitting use-after-free panics when accessing block groups on unmount. This turned out to be because in the nocow case if we bail out of doing the nocow for whatever reason we need to call btrfs_dec_nocow_writers() if we called the inc. This puts our block group, but a few error cases does if (nocow) { btrfs_dec_nocow_writers(); goto error; } unfortunately, error is error: if (nocow) btrfs_dec_nocow_writers(); so we get a double put on our block group. Fix this by dropping the error cases calling of btrfs_dec_nocow_writers(), as it's handled at the error label now. Fixes: 762bf09893b4 ("btrfs: improve error handling in run_delalloc_nocow") CC: stable@vger.kernel.org # 5.4+ Reviewed-by: Filipe Manana Signed-off-by: Josef Bacik Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Greg Kroah-Hartman --- fs/btrfs/inode.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1657,12 +1657,8 @@ out_check: ret = fallback_to_cow(inode, locked_page, cow_start, found_key.offset - 1, page_started, nr_written); - if (ret) { - if (nocow) - btrfs_dec_nocow_writers(fs_info, - disk_bytenr); + if (ret) goto error; - } cow_start = (u64)-1; } @@ -1678,9 +1674,6 @@ out_check: ram_bytes, BTRFS_COMPRESS_NONE, BTRFS_ORDERED_PREALLOC); if (IS_ERR(em)) { - if (nocow) - btrfs_dec_nocow_writers(fs_info, - disk_bytenr); ret = PTR_ERR(em); goto error; }