Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1973252ybh; Tue, 14 Jul 2020 12:01:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwFka61hd94IkXJB2HmlNvV1xDXFOzH+7qIsBns4UELs6jDFJo1xQCdky2tyhYTNFeOeVgg X-Received: by 2002:a17:906:1394:: with SMTP id f20mr6071605ejc.114.1594753317625; Tue, 14 Jul 2020 12:01:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594753317; cv=none; d=google.com; s=arc-20160816; b=CV3XSb2acsbXDbVu2j1mwxH7e9h+gXNde9TZ+G9T3IysP4BFtgo4mc64N2yIynsjZC 7LlTT0hJCmzMl+rft2z/IIS8z+8cK/4VYp4cCY1fk5+b4l+P7r2HJoWPpn+tPKccQR/9 PodNWX/BRchCToSeoDOgw7eaEHLJRg689BHUQ62y61K1PSyj2ro/NxfKROJBRDMbn5Ar qmGLXMbVPKn+uh8NWxJd7uKddRohQnuJ/637ce4kAf2vhqT0W/3kFl9ZhMJ1F3f0tqru m7QBoNuY/vAbKrusgo41JR6u4twGBOqXSfbjqaheEWXe8Q9NA6LakQFYVe35CsDEwOQL YJqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=70bwdC/yEU5KYP45QawCJ1pK9VeO2rT+0/RfPeSxFxk=; b=Z3wi39kV8uBzSWmvktJynxjw6FoN+Q0dj+HDgJb+EAVIFaoC35IkH72BaHAJvoJdD5 M9S6LkworTYzYMvLpp9Qb5VEyO8JYvm9JVc6WWGoCoq7PVhobQk+YJ0X3EKL8YgbTbA/ v9q2Wusv6f7xDZAVSki+Buo8f/VhiakvGsRp2qEkXcODRv2iQNtDAEn2jg07rec6iZ4N /vLnTHhCbircll2Wi7xSfW+M04HyvbnK51rv587qgWoM/NAefwSZtKqgsuhBFzPtukky gavxLQGVmRRBmz9CQPwK6VP2Z0iGPbkQ6QqtjaEC+HnJTvkt8MmPy+Pj1xKK1UuEXEba lf7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=i4JOabC4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p5si11650260ejx.318.2020.07.14.12.01.33; Tue, 14 Jul 2020 12:01:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=i4JOabC4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730953AbgGNS7K (ORCPT + 99 others); Tue, 14 Jul 2020 14:59:10 -0400 Received: from mail.kernel.org ([198.145.29.99]:57656 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731085AbgGNS7F (ORCPT ); Tue, 14 Jul 2020 14:59:05 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2C4F222AAF; Tue, 14 Jul 2020 18:59:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1594753144; bh=St2pw05xyaaVWoBdM5zmWV914ertFmW8ms8PzxGR/e4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=i4JOabC4H/QdLcfOhKRWdlCDhnFL0ZBJE0RvWq1jHxo4XRvgnW5mBZvMFdp4IB5Md OspwaRc29b0w2AkMjTborENyECLgIedxgxQCV7oNjE+rlAWjmgrGTVar5v0OqEtzVu eiiklu9IMRckTqUOCrEboujGIqqNEiGZPHpv7ofI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Filipe Manana , Josef Bacik , David Sterba Subject: [PATCH 5.7 137/166] btrfs: fix double put of block group with nocow Date: Tue, 14 Jul 2020 20:45:02 +0200 Message-Id: <20200714184122.393557082@linuxfoundation.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200714184115.844176932@linuxfoundation.org> References: <20200714184115.844176932@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Josef Bacik commit 230ed397435e85b54f055c524fcb267ae2ce3bc4 upstream. While debugging a patch that I wrote I was hitting use-after-free panics when accessing block groups on unmount. This turned out to be because in the nocow case if we bail out of doing the nocow for whatever reason we need to call btrfs_dec_nocow_writers() if we called the inc. This puts our block group, but a few error cases does if (nocow) { btrfs_dec_nocow_writers(); goto error; } unfortunately, error is error: if (nocow) btrfs_dec_nocow_writers(); so we get a double put on our block group. Fix this by dropping the error cases calling of btrfs_dec_nocow_writers(), as it's handled at the error label now. Fixes: 762bf09893b4 ("btrfs: improve error handling in run_delalloc_nocow") CC: stable@vger.kernel.org # 5.4+ Reviewed-by: Filipe Manana Signed-off-by: Josef Bacik Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Greg Kroah-Hartman --- fs/btrfs/inode.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1690,12 +1690,8 @@ out_check: ret = fallback_to_cow(inode, locked_page, cow_start, found_key.offset - 1, page_started, nr_written); - if (ret) { - if (nocow) - btrfs_dec_nocow_writers(fs_info, - disk_bytenr); + if (ret) goto error; - } cow_start = (u64)-1; } @@ -1711,9 +1707,6 @@ out_check: ram_bytes, BTRFS_COMPRESS_NONE, BTRFS_ORDERED_PREALLOC); if (IS_ERR(em)) { - if (nocow) - btrfs_dec_nocow_writers(fs_info, - disk_bytenr); ret = PTR_ERR(em); goto error; }