From: Greg Kroah-Hartman Date: Thu, 25 Jul 2024 14:23:19 +0000 (+0200) Subject: 6.1-stable patches X-Git-Tag: v4.19.319~10 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=920d2ac8a21318076cf79257090a3ccd07931e65;p=thirdparty%2Fkernel%2Fstable-queue.git 6.1-stable patches added patches: btrfs-do-not-bug_on-on-failure-to-get-dir-index-for-new-snapshot.patch --- diff --git a/queue-6.1/btrfs-do-not-bug_on-on-failure-to-get-dir-index-for-new-snapshot.patch b/queue-6.1/btrfs-do-not-bug_on-on-failure-to-get-dir-index-for-new-snapshot.patch new file mode 100644 index 00000000000..76a33a16b42 --- /dev/null +++ b/queue-6.1/btrfs-do-not-bug_on-on-failure-to-get-dir-index-for-new-snapshot.patch @@ -0,0 +1,57 @@ +From df9f278239046719c91aeb59ec0afb1a99ee8b2b Mon Sep 17 00:00:00 2001 +From: Filipe Manana +Date: Tue, 13 Jun 2023 16:42:16 +0100 +Subject: btrfs: do not BUG_ON on failure to get dir index for new snapshot + +From: Filipe Manana + +commit df9f278239046719c91aeb59ec0afb1a99ee8b2b upstream. + +During the transaction commit path, at create_pending_snapshot(), there +is no need to BUG_ON() in case we fail to get a dir index for the snapshot +in the parent directory. This should fail very rarely because the parent +inode should be loaded in memory already, with the respective delayed +inode created and the parent inode's index_cnt field already initialized. + +However if it fails, it may be -ENOMEM like the comment at +create_pending_snapshot() says or any error returned by +btrfs_search_slot() through btrfs_set_inode_index_count(), which can be +pretty much anything such as -EIO or -EUCLEAN for example. So the comment +is not correct when it says it can only be -ENOMEM. + +However doing a BUG_ON() here is overkill, since we can instead abort +the transaction and return the error. Note that any error returned by +create_pending_snapshot() will eventually result in a transaction +abort at cleanup_transaction(), called from btrfs_commit_transaction(), +but we can explicitly abort the transaction at this point instead so that +we get a stack trace to tell us that the call to btrfs_set_inode_index() +failed. + +So just abort the transaction and return in case btrfs_set_inode_index() +returned an error at create_pending_snapshot(). + +Reviewed-by: Johannes Thumshirn +Signed-off-by: Filipe Manana +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Sergio González Collado +Reported-by: syzbot+c56033c8c15c08286062@syzkaller.appspotmail.com +Signed-off-by: Greg Kroah-Hartman +--- + fs/btrfs/transaction.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/fs/btrfs/transaction.c ++++ b/fs/btrfs/transaction.c +@@ -1701,7 +1701,10 @@ static noinline int create_pending_snaps + * insert the directory item + */ + ret = btrfs_set_inode_index(BTRFS_I(parent_inode), &index); +- BUG_ON(ret); /* -ENOMEM */ ++ if (ret) { ++ btrfs_abort_transaction(trans, ret); ++ goto fail; ++ } + + /* check if there is a file/dir which has the same name. */ + dir_item = btrfs_lookup_dir_item(NULL, parent_root, path, diff --git a/queue-6.1/series b/queue-6.1/series index 1820432d8d3..f271d19a492 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -10,3 +10,4 @@ arm64-dts-qcom-ipq6018-disable-ss-instance-in-parkmode-for-usb.patch arm64-dts-qcom-sdm630-disable-ss-instance-in-parkmode-for-usb.patch alsa-pcm_dmaengine-don-t-synchronize-dma-channel-when-dma-is-paused.patch filelock-fix-fcntl-close-race-recovery-compat-path.patch +btrfs-do-not-bug_on-on-failure-to-get-dir-index-for-new-snapshot.patch