Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp801398pxb; Tue, 12 Apr 2022 13:51:37 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx7+X38nxX5gj4DFWNYAho/xKRpeKe81bzznP4FmtFcuQXmHnd47Ftm3+HX0HSNJByLAXNO X-Received: by 2002:a17:902:7795:b0:157:c50:53a6 with SMTP id o21-20020a170902779500b001570c5053a6mr27162623pll.40.1649796697153; Tue, 12 Apr 2022 13:51:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649796697; cv=none; d=google.com; s=arc-20160816; b=IVu9twTNpZWFsq8kFyVkofFLnJeIIeVz+JYNUk46S1EFg/vXSm+Pd7DMAyeDyarxSg RaV2oye0ZOnmCI/LCR3WtqyT6ty5nh5CNVTMPogiehgUsUQxCFYItnnYtJixMnx05BRu oGtYiysrs6v9YhS/vtVlkjF1NSJ1rlGhqiYzo01mbUvQTiUqWvrXyK2djpfQ6By03i0O bIiUVPqp9FSt/N3DNb4Y+LHtXOcpW3dS8X3t5+VLjc6Gk9ZQUGKNmahTWIx21RL5uN7s 3pNDnEuHFYGsMiLhKjbitAaWxIcDTwV5YXvJs71Qbh73VJsDdDHhfguAYixv2Mg6AxSG WHBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=N2b/MHuajEspi37I2lI+/SV/Pc0kFH0iXRq1lR6AJsE=; b=bUc15vvaa3EZJ8YbAoiywxvj/pz9qclC2FYiQQ09R9DKI7FzsDKNQgwzbGh8sj5oWZ CDZ4rkfSjU1hAkbZZr/f24WbV4Q7oy4yrcsV9OmH0I97khHBT0c63TgJ+wSM94Fu+sqs ZqxQDLjkIDNsN5ag7Phx1+nLv33h/XAuwqTTbpfNcJm5m1P6vjqYULZcsuMhExEpgCxA HBkJ4laDOrPEVN7cpagANXT0otMozcyitqdQMKwDLaviP6valIMBqBuL0gS+UELjmK/A QL65oX6abwn7WjqFereSsCazhgj+hvMzrTzXQxIVtU3ePL+G+YECVdyRwjKBOz5Od95z afpQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=qHL7ZgjA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id e17-20020a170903241100b001568acea014si9787579plo.261.2022.04.12.13.51.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Apr 2022 13:51:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=qHL7ZgjA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id E9724C7498; Tue, 12 Apr 2022 13:19:04 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1380673AbiDLIWc (ORCPT + 99 others); Tue, 12 Apr 2022 04:22:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43052 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1353776AbiDLHZy (ORCPT ); Tue, 12 Apr 2022 03:25:54 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7001A63F4; Tue, 12 Apr 2022 00:04:30 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 0B62160B65; Tue, 12 Apr 2022 07:04:30 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 150E5C385A1; Tue, 12 Apr 2022 07:04:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1649747069; bh=Sh3dOBmsLvqM/A9bPwyaG++I0BeeNMWpTYmy+3cxDe4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qHL7ZgjARe3vRhot1Yn2jk+8EbQ5EEaRO8xrbETC2a8AB4bSo6aUgZnZD0JK3pUA6 0KsIqMGwm2hr8tDjDonrgGJ5/zEDjxrp8YNcxVd7Tmniui3Mbuz8Adj2Bsv6DEirCK qnh8xDuFNX6ACFjZZO42QPtbBEKlJOGGu+ZI27Uo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Qu Wenruo , Ethan Lien , David Sterba Subject: [PATCH 5.16 231/285] btrfs: fix qgroup reserve overflow the qgroup limit Date: Tue, 12 Apr 2022 08:31:28 +0200 Message-Id: <20220412062950.326873309@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220412062943.670770901@linuxfoundation.org> References: <20220412062943.670770901@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ethan Lien commit b642b52d0b50f4d398cb4293f64992d0eed2e2ce upstream. We use extent_changeset->bytes_changed in qgroup_reserve_data() to record how many bytes we set for EXTENT_QGROUP_RESERVED state. Currently the bytes_changed is set as "unsigned int", and it will overflow if we try to fallocate a range larger than 4GiB. The result is we reserve less bytes and eventually break the qgroup limit. Unlike regular buffered/direct write, which we use one changeset for each ordered extent, which can never be larger than 256M. For fallocate, we use one changeset for the whole range, thus it no longer respects the 256M per extent limit, and caused the problem. The following example test script reproduces the problem: $ cat qgroup-overflow.sh #!/bin/bash DEV=/dev/sdj MNT=/mnt/sdj mkfs.btrfs -f $DEV mount $DEV $MNT # Set qgroup limit to 2GiB. btrfs quota enable $MNT btrfs qgroup limit 2G $MNT # Try to fallocate a 3GiB file. This should fail. echo echo "Try to fallocate a 3GiB file..." fallocate -l 3G $MNT/3G.file # Try to fallocate a 5GiB file. echo echo "Try to fallocate a 5GiB file..." fallocate -l 5G $MNT/5G.file # See we break the qgroup limit. echo sync btrfs qgroup show -r $MNT umount $MNT When running the test: $ ./qgroup-overflow.sh (...) Try to fallocate a 3GiB file... fallocate: fallocate failed: Disk quota exceeded Try to fallocate a 5GiB file... qgroupid         rfer         excl     max_rfer --------         ----         ----     -------- 0/5           5.00GiB      5.00GiB      2.00GiB Since we have no control of how bytes_changed is used, it's better to set it to u64. CC: stable@vger.kernel.org # 4.14+ Reviewed-by: Qu Wenruo Signed-off-by: Ethan Lien Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Greg Kroah-Hartman --- fs/btrfs/extent_io.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/btrfs/extent_io.h +++ b/fs/btrfs/extent_io.h @@ -118,7 +118,7 @@ struct btrfs_bio_ctrl { */ struct extent_changeset { /* How many bytes are set/cleared in this operation */ - unsigned int bytes_changed; + u64 bytes_changed; /* Changed ranges */ struct ulist range_changed;