btrfs: don't skip remaining extrefs if dir not found during log replay

commit 24e066ded45b8147b79c7455ac43a5bff7b5f378 upstream.

During log replay, at add_inode_ref(), if we have an extref item that
contains multiple extrefs and one of them points to a directory that does
not exist in the subvolume tree, we are supposed to ignore it and process
the remaining extrefs encoded in the extref item, since each extref can
point to a different parent inode. However when that happens we just
return from the function and ignore the remaining extrefs.

The problem has been around since extrefs were introduced, in commit
f186373fef00 ("btrfs: extended inode refs"), but it's hard to hit in
practice because getting extref items encoding multiple extref requires
getting a hash collision when computing the offset of the extref's
key. The offset if computed like this:

  key.offset = btrfs_extref_hash(dir_ino, name->name, name->len);

and btrfs_extref_hash() is just a wrapper around crc32c().

Fix this by moving to next iteration of the loop when we don't find
the parent directory that an extref points to.

Fixes: f186373fef00 ("btrfs: extended inode refs")
CC: stable@vger.kernel.org # 6.1+
Reviewed-by: Boris Burkov <boris@bur.io>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
index 141ed263b3ac9022c76e5a5a45a37b375a075065..b4b4f969630d991b9dccc82d1034e49559394169 100644 (file)
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -1400,6 +1400,8 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans,
                if (log_ref_ver) {
                        ret = extref_get_fields(eb, ref_ptr, &name,
                                                &ref_index, &parent_objectid);
+                       if (ret)
+                               goto out;
                        /*
                         * parent object can change from one array
                         * item to another.
@@ -1416,16 +1418,23 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans,
                                         * the loop when getting the first
                                         * parent dir.
                                         */
-                                       if (ret == -ENOENT)
+                                       if (ret == -ENOENT) {
+                                               /*
+                                                * The next extref may refer to
+                                                * another parent dir that
+                                                * exists, so continue.
+                                                */
                                                ret = 0;
+                                               goto next;
+                                       }
                                        goto out;
                                }
                        }
                } else {
                        ret = ref_get_fields(eb, ref_ptr, &name, &ref_index);
+                       if (ret)
+                               goto out;
                }
-               if (ret)
-                       goto out;
 
                ret = inode_in_dir(root, path, btrfs_ino(dir), btrfs_ino(inode),
                                   ref_index, &name);
@@ -1459,10 +1468,11 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans,
                }
                /* Else, ret == 1, we already have a perfect match, we're done. */
 
+next:
                ref_ptr = (unsigned long)(ref_ptr + ref_struct_size) + name.len;
                kfree(name.name);
                name.name = NULL;
-               if (log_ref_ver) {
+               if (log_ref_ver && dir) {
                        iput(&dir->vfs_inode);
                        dir = NULL;
                }