--- /dev/null
+From 19ea40dddf1833db868533958ca066f368862211 Mon Sep 17 00:00:00 2001
+From: Qu Wenruo <wqu@suse.com>
+Date: Tue, 14 Sep 2021 14:57:59 +0800
+Subject: btrfs: unlock newly allocated extent buffer after error
+
+From: Qu Wenruo <wqu@suse.com>
+
+commit 19ea40dddf1833db868533958ca066f368862211 upstream.
+
+[BUG]
+There is a bug report that injected ENOMEM error could leave a tree
+block locked while we return to user-space:
+
+ BTRFS info (device loop0): enabling ssd optimizations
+ FAULT_INJECTION: forcing a failure.
+ name failslab, interval 1, probability 0, space 0, times 0
+ CPU: 0 PID: 7579 Comm: syz-executor Not tainted 5.15.0-rc1 #16
+ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
+ rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
+ Call Trace:
+ __dump_stack lib/dump_stack.c:88 [inline]
+ dump_stack_lvl+0x8d/0xcf lib/dump_stack.c:106
+ fail_dump lib/fault-inject.c:52 [inline]
+ should_fail+0x13c/0x160 lib/fault-inject.c:146
+ should_failslab+0x5/0x10 mm/slab_common.c:1328
+ slab_pre_alloc_hook.constprop.99+0x4e/0xc0 mm/slab.h:494
+ slab_alloc_node mm/slub.c:3120 [inline]
+ slab_alloc mm/slub.c:3214 [inline]
+ kmem_cache_alloc+0x44/0x280 mm/slub.c:3219
+ btrfs_alloc_delayed_extent_op fs/btrfs/delayed-ref.h:299 [inline]
+ btrfs_alloc_tree_block+0x38c/0x670 fs/btrfs/extent-tree.c:4833
+ __btrfs_cow_block+0x16f/0x7d0 fs/btrfs/ctree.c:415
+ btrfs_cow_block+0x12a/0x300 fs/btrfs/ctree.c:570
+ btrfs_search_slot+0x6b0/0xee0 fs/btrfs/ctree.c:1768
+ btrfs_insert_empty_items+0x80/0xf0 fs/btrfs/ctree.c:3905
+ btrfs_new_inode+0x311/0xa60 fs/btrfs/inode.c:6530
+ btrfs_create+0x12b/0x270 fs/btrfs/inode.c:6783
+ lookup_open+0x660/0x780 fs/namei.c:3282
+ open_last_lookups fs/namei.c:3352 [inline]
+ path_openat+0x465/0xe20 fs/namei.c:3557
+ do_filp_open+0xe3/0x170 fs/namei.c:3588
+ do_sys_openat2+0x357/0x4a0 fs/open.c:1200
+ do_sys_open+0x87/0xd0 fs/open.c:1216
+ do_syscall_x64 arch/x86/entry/common.c:50 [inline]
+ do_syscall_64+0x34/0xb0 arch/x86/entry/common.c:80
+ entry_SYSCALL_64_after_hwframe+0x44/0xae
+ RIP: 0033:0x46ae99
+ Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48
+ 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d
+ 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
+ RSP: 002b:00007f46711b9c48 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
+ RAX: ffffffffffffffda RBX: 000000000078c0a0 RCX: 000000000046ae99
+ RDX: 0000000000000000 RSI: 00000000000000a1 RDI: 0000000020005800
+ RBP: 00007f46711b9c80 R08: 0000000000000000 R09: 0000000000000000
+ R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000017
+ R13: 0000000000000000 R14: 000000000078c0a0 R15: 00007ffc129da6e0
+
+ ================================================
+ WARNING: lock held when returning to user space!
+ 5.15.0-rc1 #16 Not tainted
+ ------------------------------------------------
+ syz-executor/7579 is leaving the kernel with locks still held!
+ 1 lock held by syz-executor/7579:
+ #0: ffff888104b73da8 (btrfs-tree-01/1){+.+.}-{3:3}, at:
+ __btrfs_tree_lock+0x2e/0x1a0 fs/btrfs/locking.c:112
+
+[CAUSE]
+In btrfs_alloc_tree_block(), after btrfs_init_new_buffer(), the new
+extent buffer @buf is locked, but if later operations like adding
+delayed tree ref fail, we just free @buf without unlocking it,
+resulting above warning.
+
+[FIX]
+Unlock @buf in out_free_buf: label.
+
+Reported-by: Hao Sun <sunhao.th@gmail.com>
+Link: https://lore.kernel.org/linux-btrfs/CACkBjsZ9O6Zr0KK1yGn=1rQi6Crh1yeCRdTSBxx9R99L4xdn-Q@mail.gmail.com/
+CC: stable@vger.kernel.org # 5.4+
+Signed-off-by: Qu Wenruo <wqu@suse.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Denis Efremov <denis.e.efremov@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/extent-tree.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/btrfs/extent-tree.c
++++ b/fs/btrfs/extent-tree.c
+@@ -8595,6 +8595,7 @@ struct extent_buffer *btrfs_alloc_tree_b
+ out_free_delayed:
+ btrfs_free_delayed_extent_op(extent_op);
+ out_free_buf:
++ btrfs_tree_unlock(buf);
+ free_extent_buffer(buf);
+ out_free_reserved:
+ btrfs_free_reserved_extent(fs_info, ins.objectid, ins.offset, 0);
--- /dev/null
+From b1489186cc8391e0c1e342f9fbc3eedf6b944c61 Mon Sep 17 00:00:00 2001
+From: Josh Triplett <josh@joshtriplett.org>
+Date: Mon, 7 Jun 2021 12:15:24 -0700
+Subject: ext4: add check to prevent attempting to resize an fs with sparse_super2
+
+From: Josh Triplett <josh@joshtriplett.org>
+
+commit b1489186cc8391e0c1e342f9fbc3eedf6b944c61 upstream.
+
+The in-kernel ext4 resize code doesn't support filesystem with the
+sparse_super2 feature. It fails with errors like this and doesn't finish
+the resize:
+EXT4-fs (loop0): resizing filesystem from 16640 to 7864320 blocks
+EXT4-fs warning (device loop0): verify_reserved_gdb:760: reserved GDT 2 missing grp 1 (32770)
+EXT4-fs warning (device loop0): ext4_resize_fs:2111: error (-22) occurred during file system resize
+EXT4-fs (loop0): resized filesystem to 2097152
+
+To reproduce:
+mkfs.ext4 -b 4096 -I 256 -J size=32 -E resize=$((256*1024*1024)) -O sparse_super2 ext4.img 65M
+truncate -s 30G ext4.img
+mount ext4.img /mnt
+python3 -c 'import fcntl, os, struct ; fd = os.open("/mnt", os.O_RDONLY | os.O_DIRECTORY) ; fcntl.ioctl(fd, 0x40086610, struct.pack("Q", 30 * 1024 * 1024 * 1024 // 4096), False) ; os.close(fd)'
+dmesg | tail
+e2fsck ext4.img
+
+The userspace resize2fs tool has a check for this case: it checks if the
+filesystem has sparse_super2 set and if the kernel provides
+/sys/fs/ext4/features/sparse_super2. However, the former check requires
+manually reading and parsing the filesystem superblock.
+
+Detect this case in ext4_resize_begin and error out early with a clear
+error message.
+
+Signed-off-by: Josh Triplett <josh@joshtriplett.org>
+Link: https://lore.kernel.org/r/74b8ae78405270211943cd7393e65586c5faeed1.1623093259.git.josh@joshtriplett.org
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ext4/resize.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/fs/ext4/resize.c
++++ b/fs/ext4/resize.c
+@@ -74,6 +74,11 @@ int ext4_resize_begin(struct super_block
+ return -EPERM;
+ }
+
++ if (ext4_has_feature_sparse_super2(sb)) {
++ ext4_msg(sb, KERN_ERR, "Online resizing not supported with sparse_super2");
++ return -EOPNOTSUPP;
++ }
++
+ if (test_and_set_bit_lock(EXT4_FLAGS_RESIZING,
+ &EXT4_SB(sb)->s_ext4_flags))
+ ret = -EBUSY;
projects / thirdparty / kernel / stable-queue.git / commitdiff
