+++ /dev/null
-From 6bfe3959b0e7a526f5c64747801a8613f002f05a Mon Sep 17 00:00:00 2001
-From: Anand Jain <anand.jain@oracle.com>
-Date: Mon, 31 Jul 2023 19:16:35 +0800
-Subject: btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super
-
-From: Anand Jain <anand.jain@oracle.com>
-
-commit 6bfe3959b0e7a526f5c64747801a8613f002f05a upstream.
-
-The function btrfs_validate_super() should verify the metadata_uuid in
-the provided superblock argument. Because, all its callers expect it to
-do that.
-
-Such as in the following stacks:
-
- write_all_supers()
- sb = fs_info->super_for_commit;
- btrfs_validate_write_super(.., sb)
- btrfs_validate_super(.., sb, ..)
-
- scrub_one_super()
- btrfs_validate_super(.., sb, ..)
-
-And
- check_dev_super()
- btrfs_validate_super(.., sb, ..)
-
-However, it currently verifies the fs_info::super_copy::metadata_uuid
-instead. Fix this using the correct metadata_uuid in the superblock
-argument.
-
-CC: stable@vger.kernel.org # 5.4+
-Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
-Tested-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
-Signed-off-by: Anand Jain <anand.jain@oracle.com>
-Reviewed-by: David Sterba <dsterba@suse.com>
-Signed-off-by: David Sterba <dsterba@suse.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- fs/btrfs/disk-io.c | 8 +++-----
- 1 file changed, 3 insertions(+), 5 deletions(-)
-
---- a/fs/btrfs/disk-io.c
-+++ b/fs/btrfs/disk-io.c
-@@ -2503,13 +2503,11 @@ static int validate_super(struct btrfs_f
- ret = -EINVAL;
- }
-
-- if (btrfs_fs_incompat(fs_info, METADATA_UUID) &&
-- memcmp(fs_info->fs_devices->metadata_uuid,
-- fs_info->super_copy->metadata_uuid, BTRFS_FSID_SIZE)) {
-+ if (memcmp(fs_info->fs_devices->metadata_uuid, btrfs_sb_fsid_ptr(sb),
-+ BTRFS_FSID_SIZE) != 0) {
- btrfs_err(fs_info,
- "superblock metadata_uuid doesn't match metadata uuid of fs_devices: %pU != %pU",
-- fs_info->super_copy->metadata_uuid,
-- fs_info->fs_devices->metadata_uuid);
-+ btrfs_sb_fsid_ptr(sb), fs_info->fs_devices->metadata_uuid);
- ret = -EINVAL;
- }
-
+++ /dev/null
-From a6496849671a5bc9218ecec25a983253b34351b1 Mon Sep 17 00:00:00 2001
-From: Boris Burkov <boris@bur.io>
-Date: Fri, 21 Jul 2023 09:02:07 -0700
-Subject: btrfs: fix start transaction qgroup rsv double free
-
-From: Boris Burkov <boris@bur.io>
-
-commit a6496849671a5bc9218ecec25a983253b34351b1 upstream.
-
-btrfs_start_transaction reserves metadata space of the PERTRANS type
-before it identifies a transaction to start/join. This allows flushing
-when reserving that space without a deadlock. However, it results in a
-race which temporarily breaks qgroup rsv accounting.
-
-T1 T2
-start_transaction
-do_stuff
- start_transaction
- qgroup_reserve_meta_pertrans
-commit_transaction
- qgroup_free_meta_all_pertrans
- hit an error starting txn
- goto reserve_fail
- qgroup_free_meta_pertrans (already freed!)
-
-The basic issue is that there is nothing preventing another commit from
-committing before start_transaction finishes (in fact sometimes we
-intentionally wait for it) so any error path that frees the reserve is
-at risk of this race.
-
-While this exact space was getting freed anyway, and it's not a huge
-deal to double free it (just a warning, the free code catches this), it
-can result in incorrectly freeing some other pertrans reservation in
-this same reservation, which could then lead to spuriously granting
-reservations we might not have the space for. Therefore, I do believe it
-is worth fixing.
-
-To fix it, use the existing prealloc->pertrans conversion mechanism.
-When we first reserve the space, we reserve prealloc space and only when
-we are sure we have a transaction do we convert it to pertrans. This way
-any racing commits do not blow away our reservation, but we still get a
-pertrans reservation that is freed when _this_ transaction gets committed.
-
-This issue can be reproduced by running generic/269 with either qgroups
-or squotas enabled via mkfs on the scratch device.
-
-Reviewed-by: Josef Bacik <josef@toxicpanda.com>
-CC: stable@vger.kernel.org # 5.10+
-Signed-off-by: Boris Burkov <boris@bur.io>
-Signed-off-by: David Sterba <dsterba@suse.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- fs/btrfs/transaction.c | 19 ++++++++++++++++---
- 1 file changed, 16 insertions(+), 3 deletions(-)
-
---- a/fs/btrfs/transaction.c
-+++ b/fs/btrfs/transaction.c
-@@ -594,8 +594,13 @@ start_transaction(struct btrfs_root *roo
- u64 delayed_refs_bytes = 0;
-
- qgroup_reserved = num_items * fs_info->nodesize;
-- ret = btrfs_qgroup_reserve_meta_pertrans(root, qgroup_reserved,
-- enforce_qgroups);
-+ /*
-+ * Use prealloc for now, as there might be a currently running
-+ * transaction that could free this reserved space prematurely
-+ * by committing.
-+ */
-+ ret = btrfs_qgroup_reserve_meta_prealloc(root, qgroup_reserved,
-+ enforce_qgroups, false);
- if (ret)
- return ERR_PTR(ret);
-
-@@ -709,6 +714,14 @@ again:
- h->reloc_reserved = reloc_reserved;
- }
-
-+ /*
-+ * Now that we have found a transaction to be a part of, convert the
-+ * qgroup reservation from prealloc to pertrans. A different transaction
-+ * can't race in and free our pertrans out from under us.
-+ */
-+ if (qgroup_reserved)
-+ btrfs_qgroup_convert_reserved_meta(root, qgroup_reserved);
-+
- got_it:
- if (!current->journal_info)
- current->journal_info = h;
-@@ -747,7 +760,7 @@ alloc_fail:
- btrfs_block_rsv_release(fs_info, &fs_info->trans_block_rsv,
- num_bytes, NULL);
- reserve_fail:
-- btrfs_qgroup_free_meta_pertrans(root, qgroup_reserved);
-+ btrfs_qgroup_free_meta_prealloc(root, qgroup_reserved);
- return ERR_PTR(ret);
- }
-
+++ /dev/null
-From e28b02118b94e42be3355458a2406c6861e2dd32 Mon Sep 17 00:00:00 2001
-From: Boris Burkov <boris@bur.io>
-Date: Fri, 21 Jul 2023 09:02:06 -0700
-Subject: btrfs: free qgroup rsv on io failure
-
-From: Boris Burkov <boris@bur.io>
-
-commit e28b02118b94e42be3355458a2406c6861e2dd32 upstream.
-
-If we do a write whose bio suffers an error, we will never reclaim the
-qgroup reserved space for it. We allocate the space in the write_iter
-codepath, then release the reservation as we allocate the ordered
-extent, but we only create a delayed ref if the ordered extent finishes.
-If it has an error, we simply leak the rsv. This is apparent in running
-any error injecting (dmerror) fstests like btrfs/146 or btrfs/160. Such
-tests fail due to dmesg on umount complaining about the leaked qgroup
-data space.
-
-When we clean up other aspects of space on failed ordered_extents, also
-free the qgroup rsv.
-
-Reviewed-by: Josef Bacik <josef@toxicpanda.com>
-CC: stable@vger.kernel.org # 5.10+
-Signed-off-by: Boris Burkov <boris@bur.io>
-Signed-off-by: David Sterba <dsterba@suse.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- fs/btrfs/inode.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
---- a/fs/btrfs/inode.c
-+++ b/fs/btrfs/inode.c
-@@ -2804,6 +2804,13 @@ out:
- btrfs_free_reserved_extent(fs_info,
- ordered_extent->disk_bytenr,
- ordered_extent->disk_num_bytes, 1);
-+ /*
-+ * Actually free the qgroup rsv which was released when
-+ * the ordered extent was created.
-+ */
-+ btrfs_qgroup_free_refroot(fs_info, inode->root->root_key.objectid,
-+ ordered_extent->qgroup_rsv,
-+ BTRFS_QGROUP_RSV_DATA);
- }
- }
-
ata-sata_gemini-add-missing-module_description.patch
ata-pata_ftide010-add-missing-module_description.patch
fuse-nlookup-missing-decrement-in-fuse_direntplus_link.patch
-btrfs-fix-start-transaction-qgroup-rsv-double-free.patch
-btrfs-free-qgroup-rsv-on-io-failure.patch
btrfs-don-t-start-transaction-when-joining-with-trans_join_nostart.patch
btrfs-use-the-correct-superblock-to-compare-fsid-in-btrfs_validate_super.patch
-btrfs-compare-the-correct-fsid-metadata_uuid-in-btrfs_validate_super.patch
mtd-rawnand-brcmnand-fix-crash-during-the-panic_write.patch
mtd-rawnand-brcmnand-fix-potential-out-of-bounds-access-in-oob-write.patch
mtd-rawnand-brcmnand-fix-potential-false-time-out-warning.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
