Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp28406pxb; Tue, 12 Apr 2022 15:53:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzZxhPVHdA8+vTlz2mmCbdg4yWIEzi8JmjMOTo5BYbJnNvX2413Pr8nZhVOq4XCjf7Ifaq6 X-Received: by 2002:a17:90b:38c4:b0:1c7:cce4:8e70 with SMTP id nn4-20020a17090b38c400b001c7cce48e70mr7392323pjb.51.1649804004946; Tue, 12 Apr 2022 15:53:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649804004; cv=none; d=google.com; s=arc-20160816; b=bSLQpBBP5KOCJwqOdFzZxJelONAmge0F4EM4Cnh1b82ZmwVC+8D2Hvj5Wvll+RixN9 8fKwGxS3dX5LkX3uL5xLQoxtXuMmCGS/wGzL3+NG6suwy0boBPgR0CJps+TUUbC2GdEh 9ivcnmNARVfuMLrSrEGHn3Te3QK+OFMrurR09Yzs3UDi0LeYvg/YI4zQL/8DSE6EZsQG r+vgnT2xwx/ffA0xJagV1K/Tl9hgC1900WnTRcDb3ulZxHkKvhIrnbuF9yfLiBTmqXVG nNsEQ6MR6G2GvTAFrfwm5PTWdvqEpQ59Mfgm+6fFAVrqhfwsYxnfcW6WwVEhiPd6uExI XMWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=N1/60ADOzH8tYdurjFkrgFcx4+BioumKwaoL2F+3IQI=; b=Z8As+VL+WVT3oEd85YPE7OK99U0vuYbAjqhuYPXXfJggtQyRUhDaeDI4ZEZn2be2PQ lF0hMOy3AVGVguL8H/zWbEU5VdyKzqjFIqb/BFYBFIewy+0H6MQI9YhJPcEycYgIFDkI 7PTRIoOPIz3vdaW2rubO5BvMGky0KPDyY3B+P+gbr21kDnzeXREiJvVudQfD6Tp4/goL WGwozmDEZ3nZBGwfvpbOjIZp4yrxaIg4xMsjGOrLvswe0JbHa2kFtHg6JNo6Hn6xKQcj G/kVVIQs6BVWYQ2kKbNHP1x/Kfi6dW7tg6jrTgb3XETIAye6TxAvylO6V5MIusJ/APYn 7uAA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=E01osOvg; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id lr7-20020a17090b4b8700b001cba11df7afsi6876461pjb.3.2022.04.12.15.53.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Apr 2022 15:53:24 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=E01osOvg; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 64C301C8D9D; Tue, 12 Apr 2022 14:35:10 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352265AbiDLH2Z (ORCPT + 99 others); Tue, 12 Apr 2022 03:28:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57138 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1351744AbiDLHMx (ORCPT ); Tue, 12 Apr 2022 03:12:53 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8483717045; Mon, 11 Apr 2022 23:52:06 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 1FE5061045; Tue, 12 Apr 2022 06:52:06 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2C2F6C385A6; Tue, 12 Apr 2022 06:52:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1649746325; bh=Tx2cWBmqfuUvRqNfdWN2a2/BKlydxGPZPMXIhiHkc6Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=E01osOvgC5MOD0XIu1acgLZzOjP/3/jC2OrJItPjymMfnQLXy+anZWpStyICN4C40 w2pw7Gzd+i8e9GMg57F5tMCDKS1Al+uBPwZ+nnEbBovxypLBOcJMLaHdYU+HxoP16G UDYseO026582off8QPERb5rvV5MKjF7DfNUFT0LU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Qu Wenruo , Ethan Lien , David Sterba Subject: [PATCH 5.15 225/277] btrfs: fix qgroup reserve overflow the qgroup limit Date: Tue, 12 Apr 2022 08:30:28 +0200 Message-Id: <20220412062948.555052743@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220412062942.022903016@linuxfoundation.org> References: <20220412062942.022903016@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ethan Lien commit b642b52d0b50f4d398cb4293f64992d0eed2e2ce upstream. We use extent_changeset->bytes_changed in qgroup_reserve_data() to record how many bytes we set for EXTENT_QGROUP_RESERVED state. Currently the bytes_changed is set as "unsigned int", and it will overflow if we try to fallocate a range larger than 4GiB. The result is we reserve less bytes and eventually break the qgroup limit. Unlike regular buffered/direct write, which we use one changeset for each ordered extent, which can never be larger than 256M. For fallocate, we use one changeset for the whole range, thus it no longer respects the 256M per extent limit, and caused the problem. The following example test script reproduces the problem: $ cat qgroup-overflow.sh #!/bin/bash DEV=/dev/sdj MNT=/mnt/sdj mkfs.btrfs -f $DEV mount $DEV $MNT # Set qgroup limit to 2GiB. btrfs quota enable $MNT btrfs qgroup limit 2G $MNT # Try to fallocate a 3GiB file. This should fail. echo echo "Try to fallocate a 3GiB file..." fallocate -l 3G $MNT/3G.file # Try to fallocate a 5GiB file. echo echo "Try to fallocate a 5GiB file..." fallocate -l 5G $MNT/5G.file # See we break the qgroup limit. echo sync btrfs qgroup show -r $MNT umount $MNT When running the test: $ ./qgroup-overflow.sh (...) Try to fallocate a 3GiB file... fallocate: fallocate failed: Disk quota exceeded Try to fallocate a 5GiB file... qgroupid         rfer         excl     max_rfer --------         ----         ----     -------- 0/5           5.00GiB      5.00GiB      2.00GiB Since we have no control of how bytes_changed is used, it's better to set it to u64. CC: stable@vger.kernel.org # 4.14+ Reviewed-by: Qu Wenruo Signed-off-by: Ethan Lien Reviewed-by: David Sterba Signed-off-by: David Sterba Signed-off-by: Greg Kroah-Hartman --- fs/btrfs/extent_io.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/btrfs/extent_io.h +++ b/fs/btrfs/extent_io.h @@ -117,7 +117,7 @@ struct btrfs_bio_ctrl { */ struct extent_changeset { /* How many bytes are set/cleared in this operation */ - unsigned int bytes_changed; + u64 bytes_changed; /* Changed ranges */ struct ulist range_changed;