• Filipe Manana's avatar
    Btrfs: fix qgroup double free after failure to reserve metadata for delalloc · c7967fc1
    Filipe Manana authored
    If we fail to reserve metadata for delalloc operations we end up releasing
    the previously reserved qgroup amount twice, once explicitly under the
    'out_qgroup' label by calling btrfs_qgroup_free_meta_prealloc() and once
    again, under label 'out_fail', by calling btrfs_inode_rsv_release() with a
    value of 'true' for its 'qgroup_free' argument, which results in
    btrfs_qgroup_free_meta_prealloc() being called again, so we end up having
    a double free.
    
    Also if we fail to reserve the necessary qgroup amount, we jump to the
    label 'out_fail', which calls btrfs_inode_rsv_release() and that in turns
    calls btrfs_qgroup_free_meta_prealloc(), even though we weren't able to
    reserve any qgroup amount. So we freed some amount we never reserved.
    
    So fix this by removing the call to btrfs_inode_rsv_release() in the
    failure path, since it's not necessary at all as we haven't changed the
    inode's block reserve in any way at this point.
    
    Fixes: c8eaeac7 ("btrfs: reserve delalloc metadata differently")
    CC: stable@vger.kernel.org # 5.2+
    Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
    Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
    Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
    c7967fc1
delalloc-space.c 15.7 KB