Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / mainline / linux / 5846a3c26873e86b034c702a8bc202aa76082369^! / . / fs / btrfs / inode.c
commit5846a3c26873e86b034c702a8bc202aa76082369[log] [tgz]
authorQu Wenruo <quwenruo@cn.fujitsu.com>Mon Oct 26 14:11:18 2015 +0800
committerChris Mason <clm@fb.com>Mon Oct 26 19:44:39 2015 -0700
tree8495bf1ae8236d363579751a63414ba31c498a0d
parent696249132158014d594896df3a81390616069c5c [diff] [blame]
btrfs: qgroup: Fix a race in delayed_ref which leads to abort trans

Between btrfs_allocerved_file_extent() and
btrfs_add_delayed_qgroup_reserve(), there is a window that delayed_refs
are run and delayed ref head maybe freed before
btrfs_add_delayed_qgroup_reserve().

This will cause btrfs_dad_delayed_qgroup_reserve() to return -ENOENT,
and cause transaction to be aborted.

This patch will record qgroup reserve space info into delayed_ref_head
at btrfs_add_delayed_ref(), to eliminate the race window.

Reported-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Qu Wenruo <quwenruo@cn.fujitsu.com>
Signed-off-by: Chris Mason <clm@fb.com>

diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 6f030c2..4439fbb 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c

@@ -2127,17 +2127,13 @@
 	ins.type = BTRFS_EXTENT_ITEM_KEY;
 	ret = btrfs_alloc_reserved_file_extent(trans, root,
 					root->root_key.objectid,
-					btrfs_ino(inode), file_pos, &ins);
-	if (ret < 0)
-		goto out;
+					btrfs_ino(inode), file_pos,
+					ram_bytes, &ins);
 	/*
-	 * Release the reserved range from inode dirty range map, and
-	 * move it to delayed ref codes, as now accounting only happens at
-	 * commit_transaction() time.
+	 * Release the reserved range from inode dirty range map, as it is
+	 * already moved into delayed_ref_head
 	 */
 	btrfs_qgroup_release_data(inode, file_pos, ram_bytes);
-	ret = btrfs_add_delayed_qgroup_reserve(root->fs_info, trans,
-			root->objectid, disk_bytenr, ram_bytes);
 out:
 	btrfs_free_path(path);