Commit 39200e59 authored Mar 12, 2021 by Josef Bacik Committed by David Sterba Apr 19, 2021

btrfs: validate root::reloc_root after recording root in trans



If we fail to setup a root->reloc_root in a different thread that path
will error out, however it still leaves root->reloc_root NULL but would
still appear set up in the transaction.  Subsequent calls to
btrfs_record_root_in_transaction would succeed without attempting to
create the reloc root, as the transid has already been updated.

Handle this case by making sure we have a root->reloc_root set after a
btrfs_record_root_in_transaction call so we don't end up dereferencing a
NULL pointer.

Reported-by: Zygo Blaxell <ce3g8jdj@umail.furryterror.org>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>

parent 84c50ba5

fs/btrfs/relocation.c

+15 −0

Original line number	Diff line number	Diff line
		@@ -2082,6 +2082,13 @@ struct btrfs_root select_reloc_root(struct btrfs_trans_handle trans,
		return ERR_PTR(ret);
		root = root->reloc_root;

		/*
		* We could have raced with another thread which failed, so
		* root->reloc_root may not be set, return ENOENT in this case.
		*/
		if (!root)
		return ERR_PTR(-ENOENT);

		if (next->new_bytenr != root->node->start) {
		/*
		* We just created the reloc root, so we shouldn't have
		@@ -2579,6 +2586,14 @@ static int relocate_tree_block(struct btrfs_trans_handle *trans,
		ret = btrfs_record_root_in_trans(trans, root);
		if (ret)
		goto out;
		/*
		* Another thread could have failed, need to check if we
		* have reloc_root actually set.
		*/
		if (!root->reloc_root) {
		ret = -ENOENT;
		goto out;
		}
		root = root->reloc_root;
		node->new_bytenr = root->node->start;
		btrfs_put_root(node->root);