btrfs: don't skip remaining extrefs if dir not found during log replay

During log replay, at add_inode_ref(), if we have an extref item that
contains multiple extrefs and one of them points to a directory that does
not exist in the subvolume tree, we are supposed to ignore it and process
the remaining extrefs encoded in the extref item, since each extref can
point to a different parent inode. However when that happens we just
return from the function and ignore the remaining extrefs.

The problem has been around since extrefs were introduced, in commit
f186373fef00 ("btrfs: extended inode refs"), but it's hard to hit in
practice because getting extref items encoding multiple extref requires
getting a hash collision when computing the offset of the extref's
key. The offset if computed like this:

  key.offset = btrfs_extref_hash(dir_ino, name->name, name->len);

and btrfs_extref_hash() is just a wrapper around crc32c().

Fix this by moving to next iteration of the loop when we don't find
the parent directory that an extref points to.

Fixes: f186373fef00 ("btrfs: extended inode refs")
CC: stable@vger.kernel.org # 6.1+
Reviewed-by: Boris Burkov <boris@bur.io>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>

diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
index e3c77f3d092c2796583513d9b7e1ceee42deb93b..467b69a4ef3bdd093e31476baef9d9268636f2e4 100644 (file)
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -1433,6 +1433,8 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans,
                if (log_ref_ver) {
                        ret = extref_get_fields(eb, ref_ptr, &name,
                                                &ref_index, &parent_objectid);
+                       if (ret)
+                               goto out;
                        /*
                         * parent object can change from one array
                         * item to another.
@@ -1449,16 +1451,23 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans,
                                         * the loop when getting the first
                                         * parent dir.
                                         */
-                                       if (ret == -ENOENT)
+                                       if (ret == -ENOENT) {
+                                               /*
+                                                * The next extref may refer to
+                                                * another parent dir that
+                                                * exists, so continue.
+                                                */
                                                ret = 0;
+                                               goto next;
+                                       }
                                        goto out;
                                }
                        }
                } else {
                        ret = ref_get_fields(eb, ref_ptr, &name, &ref_index);
+                       if (ret)
+                               goto out;
                }
-               if (ret)
-                       goto out;
 
                ret = inode_in_dir(root, path, btrfs_ino(dir), btrfs_ino(inode),
                                   ref_index, &name);
@@ -1492,10 +1501,11 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans,
                }
                /* Else, ret == 1, we already have a perfect match, we're done. */
 
+next:
                ref_ptr = (unsigned long)(ref_ptr + ref_struct_size) + name.len;
                kfree(name.name);
                name.name = NULL;
-               if (log_ref_ver) {
+               if (log_ref_ver && dir) {
                        iput(&dir->vfs_inode);
                        dir = NULL;
                }