git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Boris Burkov <boris@bur.io>
	Fri, 1 Dec 2023 21:00:10 +0000 (13:00 -0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 10 Jan 2024 16:10:35 +0000 (17:10 +0100)
commit	ab220f4f5c704a6165694efbbaa657ec17e498f4
tree	85f59864face87eb8839785b197e382e919433d4	tree
parent	0f74dde5be2c345333f5b5e903c01ae78c7b8505	commit \| diff

btrfs: fix qgroup_free_reserved_data int overflow

[ Upstream commit 9e65bfca24cf1d77e4a5c7a170db5867377b3fe7 ]

The reserved data counter and input parameter is a u64, but we
inadvertently accumulate it in an int. Overflowing that int results in
freeing the wrong amount of data and breaking reserve accounting.

Unfortunately, this overflow rot spreads from there, as the qgroup
release/free functions rely on returning an int to take advantage of
negative values for error codes.

Therefore, the full fix is to return the "released" or "freed" amount by
a u64 argument and to return 0 or negative error code via the return
value.

Most of the call sites simply ignore the return value, though some
of them handle the error and count the returned bytes. Change all of
them accordingly.

CC: stable@vger.kernel.org # 6.1+
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Boris Burkov <boris@bur.io>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

fs/btrfs/delalloc-space.c		diff \| blob \| blame \| history
fs/btrfs/file.c		diff \| blob \| blame \| history
fs/btrfs/inode.c		diff \| blob \| blame \| history
fs/btrfs/ordered-data.c		diff \| blob \| blame \| history
fs/btrfs/qgroup.c		diff \| blob \| blame \| history
fs/btrfs/qgroup.h		diff \| blob \| blame \| history