From 5846a3c26873e86b034c702a8bc202aa76082369 Mon Sep 17 00:00:00 2001 From: Qu Wenruo Date: Mon, 26 Oct 2015 14:11:18 +0800 Subject: btrfs: qgroup: Fix a race in delayed_ref which leads to abort trans Between btrfs_allocerved_file_extent() and btrfs_add_delayed_qgroup_reserve(), there is a window that delayed_refs are run and delayed ref head maybe freed before btrfs_add_delayed_qgroup_reserve(). This will cause btrfs_dad_delayed_qgroup_reserve() to return -ENOENT, and cause transaction to be aborted. This patch will record qgroup reserve space info into delayed_ref_head at btrfs_add_delayed_ref(), to eliminate the race window. Reported-by: Filipe Manana Signed-off-by: Qu Wenruo Signed-off-by: Chris Mason --- fs/btrfs/inode.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) (limited to 'fs/btrfs/inode.c') diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 6f030c299de8..4439fbb4ff45 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -2127,17 +2127,13 @@ static int insert_reserved_file_extent(struct btrfs_trans_handle *trans, ins.type = BTRFS_EXTENT_ITEM_KEY; ret = btrfs_alloc_reserved_file_extent(trans, root, root->root_key.objectid, - btrfs_ino(inode), file_pos, &ins); - if (ret < 0) - goto out; + btrfs_ino(inode), file_pos, + ram_bytes, &ins); /* - * Release the reserved range from inode dirty range map, and - * move it to delayed ref codes, as now accounting only happens at - * commit_transaction() time. + * Release the reserved range from inode dirty range map, as it is + * already moved into delayed_ref_head */ btrfs_qgroup_release_data(inode, file_pos, ram_bytes); - ret = btrfs_add_delayed_qgroup_reserve(root->fs_info, trans, - root->objectid, disk_bytenr, ram_bytes); out: btrfs_free_path(path); -- cgit v1.2.3