Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp3556558pxb; Mon, 1 Mar 2021 13:15:09 -0800 (PST) X-Google-Smtp-Source: ABdhPJz+hrGCMGcnzmuiVx7fjvnHwwfaVqAXkTFNknUYyQkvsU62590yHKBd/HpM8OstsLgMq9VB X-Received: by 2002:a17:906:1956:: with SMTP id b22mr18305159eje.114.1614633309298; Mon, 01 Mar 2021 13:15:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614633309; cv=none; d=google.com; s=arc-20160816; b=zKGmw2rWu8k50OGcJEJVahRNOS3NtP6+zr9HwF8S2rk7B3M7QZA8gZMo0RXm4NTPWK s8HxyOeKlgAm5RjeTCAD8RN3t3yIrcxvx8zIxqXG3OwVcmJrFV1Nfiqx15EWLfJRqtqE R57u9vB/GctIHHWwOOmrnWI6ad4j+wB29KMyNRPWGsIE315BKbr8vf4kHKxVNAISceee b7aqoPGVXIclCFNfqEpPTwzL6jW40pwE5LNrGI4PsglaqPK2rSzFLqVRqN510BLj05Gg bjfOWtxN4kzyvRUwTnEd2SNEHEIgBqXU9gWqz+3Spo0m9ZIa9HijxEJrM9Fo0cZTJpQp kOVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=H+XYx5E3UXBnIsJ6OGlEYzS6KkTuOrsE3yMl/fj10KI=; b=A4vWNugrG5W3sCioEwaiuO6wLiUGaii0dG58FI4G8pTYotGJIktirdXVK8xd2zDYdf 9ENLqPIbAdD3aJqe4Y2okHtzD/SXWKIaH4i8n0tUbwJdD9Et8PEOwr3cns2UQyrtxHZH ZCRhMrLwU1iXSF4edVbpM7X3+5J148oHkTNeuVe8U00Ma3hnhZBD0FcxbPfPUFdpeYl7 zk1e/x6iB4O1CMDzW8D0mk+huh9o57AwtPN4rdnfxNzVJB+M/vuilXiSKj0ljA686lwC Dq9WEpjNhV9qw6W57py3Vabh7np4PpVg7BO57/hyU+PPSxGH+HNwqGQwbYUi7dI4YBGT kLvA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="FSHcwh/b"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g23si4731177ejx.623.2021.03.01.13.14.45; Mon, 01 Mar 2021 13:15:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="FSHcwh/b"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238551AbhCAVMx (ORCPT + 99 others); Mon, 1 Mar 2021 16:12:53 -0500 Received: from mail.kernel.org ([198.145.29.99]:51394 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237874AbhCARNk (ORCPT ); Mon, 1 Mar 2021 12:13:40 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id D1F6965040; Mon, 1 Mar 2021 16:44:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1614617083; bh=PwN933gPPevAAg+uLs2jjYHurEtvBOnm7AALFcQx3QM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=FSHcwh/bDCEaXKE6PghpMtX6nZE3DIyok2BmIYtdHmKURGMOhQR+NwE3TYSk5LTR+ KLTsdIPk4MO+k63Z22y/YwRvKbfWLxb9KmmpIT4WcvzGioLEDtDlcPEy6K4kYfsjah 8OMTh9+el+OcTDUMKxwahCkFJ+gRnBSgQ1Kw8vhE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Josef Bacik , David Sterba Subject: [PATCH 4.19 197/247] btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root Date: Mon, 1 Mar 2021 17:13:37 +0100 Message-Id: <20210301161041.295282534@linuxfoundation.org> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210301161031.684018251@linuxfoundation.org> References: <20210301161031.684018251@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Josef Bacik commit 867ed321f90d06aaba84e2c91de51cd3038825ef upstream. While testing my error handling patches, I added a error injection site at btrfs_inc_extent_ref, to validate the error handling I added was doing the correct thing. However I hit a pretty ugly corruption while doing this check, with the following error injection stack trace: btrfs_inc_extent_ref btrfs_copy_root create_reloc_root btrfs_init_reloc_root btrfs_record_root_in_trans btrfs_start_transaction btrfs_update_inode btrfs_update_time touch_atime file_accessed btrfs_file_mmap This is because we do not catch the error from btrfs_inc_extent_ref, which in practice would be ENOMEM, which means we lose the extent references for a root that has already been allocated and inserted, which is the problem. Fix this by aborting the transaction if we fail to do the reference modification. CC: stable@vger.kernel.org # 4.4+ Signed-off-by: Josef Bacik Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Greg Kroah-Hartman --- fs/btrfs/ctree.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -267,9 +267,10 @@ int btrfs_copy_root(struct btrfs_trans_h ret = btrfs_inc_ref(trans, root, cow, 1); else ret = btrfs_inc_ref(trans, root, cow, 0); - - if (ret) + if (ret) { + btrfs_abort_transaction(trans, ret); return ret; + } btrfs_mark_buffer_dirty(cow); *cow_ret = cow;