btrfs: fix changeset leak on mmap write after failure to reserve metadata

If the call to btrfs_delalloc_reserve_metadata() fails we jump to the
'out_noreserve' label and there we never free the extent_changeset
allocated by the previous call to btrfs_check_data_free_space() (if
qgroups are enabled). Fix this by calling extent_changeset_free() under
the 'out_noreserve' label.

Fixes: 6599716de2d6 ("btrfs: fix -ENOSPC mmap write failure on NOCOW files/extents")
Reported-by: syzbot+2f8aa76e6acc9fce6638@syzkaller.appspotmail.com
Link: https://lore.kernel.org/linux-btrfs/693a635a.a70a0220.33cd7b.0029.GAE@google.com/
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>

diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
index 1e0ff3d7210db0f4b496a8dec14db1dea00e9213..e42fd2beb1e39c26834888451f67663d9871ec10 100644 (file)
--- a/fs/btrfs/file.c
+++ b/fs/btrfs/file.c
@@ -2019,13 +2019,14 @@ out:
        else
                btrfs_delalloc_release_space(inode, data_reserved, page_start,
                                             reserved_space, true);
-       extent_changeset_free(data_reserved);
 out_noreserve:
        if (only_release_metadata)
                btrfs_check_nocow_unlock(inode);
 
        sb_end_pagefault(inode->vfs_inode.i_sb);
 
+       extent_changeset_free(data_reserved);
+
        if (ret < 0)
                return vmf_error(ret);