btrfs: clamp to avoid squota underflow

author Boris Burkov <boris@bur.io>

Mon, 11 May 2026 20:06:24 +0000 (13:06 -0700)

committer David Sterba <dsterba@suse.com>

Sat, 16 May 2026 01:07:20 +0000 (03:07 +0200)
author Boris Burkov <boris@bur.io>
Mon, 11 May 2026 20:06:24 +0000 (13:06 -0700)
committer David Sterba <dsterba@suse.com>
Sat, 16 May 2026 01:07:20 +0000 (03:07 +0200)
diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c

index 5f33727a79722123dad7e2136ffc0d25734b9abb..e9e7091e1452f57baa206bf76f0280659e05c9c3 100644 (file)
--- a/fs/btrfs/qgroup.c
+++ b/fs/btrfs/qgroup.c
@@ -4967,8 +4967,19 @@ int btrfs_record_squota_delta(struct btrfs_fs_info *fs_info,
         list_for_each_entry(qg, &qgroup_list, iterator) {
                 struct btrfs_qgroup_list *glist;
  
-               qg->excl += num_bytes * sign;
-               qg->rfer += num_bytes * sign;
+               ASSERT(qg->excl == qg->rfer);
+               if (WARN_ON_ONCE(sign < 0 && qg->excl < num_bytes)) {
+                       btrfs_warn(fs_info,
+                                  "squota underflow qg %hu/%llu excl %llu num_bytes %llu",
+                                  btrfs_qgroup_level(qg->qgroupid),
+                                  btrfs_qgroup_subvolid(qg->qgroupid),
+                                  qg->excl, num_bytes);
+                       qg->excl = 0;
+                       qg->rfer = 0;
+               } else {
+                       qg->excl += num_bytes * sign;
+                       qg->rfer += num_bytes * sign;
+               }
                 qgroup_dirty(fs_info, qg);
  
                 list_for_each_entry(glist, &qg->groups, next_group)
author	Boris Burkov <boris@bur.io>
	Mon, 11 May 2026 20:06:24 +0000 (13:06 -0700)
committer	David Sterba <dsterba@suse.com>
	Sat, 16 May 2026 01:07:20 +0000 (03:07 +0200)