From: Sidong Yang <sidong.yang@furiosa.ai>
Date: Wed, 19 Mar 2025 11:24:01 +0000 (+0000)
Subject: btrfs: ioctl: don't free iov when btrfs_encoded_read() returns -EAGAIN
X-Git-Tag: v6.15-rc3~41^2~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8e587ab43cb92a9e57f99ea8d6c069ee65863707;p=thirdparty%2Flinux.git

btrfs: ioctl: don't free iov when btrfs_encoded_read() returns -EAGAIN

Fix a bug in encoded read that mistakenly frees the iov in case
btrfs_encoded_read() returns -EAGAIN assuming the structure will be
reused.  This can happen when when receiving requests concurrently, the
io_uring subsystem does not reset the data, and the last free will
happen in btrfs_uring_read_finished().

Handle the -EAGAIN error and skip freeing iov.

CC: stable@vger.kernel.org # 6.13+
Signed-off-by: Sidong Yang <sidong.yang@furiosa.ai>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
---

diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index a13d81bb56a08..63aeacc549457 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -4902,6 +4902,8 @@ static int btrfs_uring_encoded_read(struct io_uring_cmd *cmd, unsigned int issue
 
 	ret = btrfs_encoded_read(&kiocb, &data->iter, &data->args, &cached_state,
 				 &disk_bytenr, &disk_io_size);
+	if (ret == -EAGAIN)
+		goto out_acct;
 	if (ret < 0 && ret != -EIOCBQUEUED)
 		goto out_free;