1. 15 May, 2024 3 commits
    • Filipe Manana's avatar
      btrfs: zoned: fix use-after-free due to race with dev replace · 0090d6e1
      Filipe Manana authored
      While loading a zone's info during creation of a block group, we can race
      with a device replace operation and then trigger a use-after-free on the
      device that was just replaced (source device of the replace operation).
      
      This happens because at btrfs_load_zone_info() we extract a device from
      the chunk map into a local variable and then use the device while not
      under the protection of the device replace rwsem. So if there's a device
      replace operation happening when we extract the device and that device
      is the source of the replace operation, we will trigger a use-after-free
      if before we finish using the device the replace operation finishes and
      frees the device.
      
      Fix this by enlarging the critical section under the protection of the
      device replace rwsem so that all uses of the device are done inside the
      critical section.
      
      CC: stable@vger.kernel.org # 6.1.x: 15c12fcc: btrfs: zoned: introduce a zone_info struct in btrfs_load_block_group_zone_info
      CC: stable@vger.kernel.org # 6.1.x: 09a46725: btrfs: zoned: factor out per-zone logic from btrfs_load_block_group_zone_info
      CC: stable@vger.kernel.org # 6.1.x: 9e0e3e74: btrfs: zoned: factor out single bg handling from btrfs_load_block_group_zone_info
      CC: stable@vger.kernel.org # 6.1.x: 87463f7e: btrfs: zoned: factor out DUP bg handling from btrfs_load_block_group_zone_info
      CC: stable@vger.kernel.org # 6.1.x
      Reviewed-by: default avatarJohannes Thumshirn <johannes.thumshirn@wdc.com>
      Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      0090d6e1
    • Boris Burkov's avatar
      btrfs: qgroup: fix qgroup id collision across mounts · 2b8aa78c
      Boris Burkov authored
      If we delete subvolumes whose ID is the largest in the filesystem, then
      unmount and mount again, then btrfs_init_root_free_objectid on the
      tree_root will select a subvolid smaller than that one and thus allow
      reusing it.
      
      If we are also using qgroups (and particularly squotas) it is possible
      to delete the subvol without deleting the qgroup. In that case, we will
      be able to create a new subvol whose id already has a level 0 qgroup.
      This will result in re-using that qgroup which would then lead to
      incorrect accounting.
      
      Fixes: 6ed05643 ("btrfs: create qgroup earlier in snapshot creation")
      CC: stable@vger.kernel.org # 6.7+
      Reviewed-by: default avatarQu Wenruo <wqu@suse.com>
      Signed-off-by: default avatarBoris Burkov <boris@bur.io>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      2b8aa78c
    • David Sterba's avatar
      btrfs: qgroup: update rescan message levels and error codes · 1fa7603d
      David Sterba authored
      On filesystems without enabled quotas there's still a warning message in
      the logs when rescan is called. In that case it's not a problem that
      should be reported, rescan can be called unconditionally.  Change the
      error code to ENOTCONN which is used for 'quotas not enabled' elsewhere.
      
      Remove message (also a warning) when rescan is called during an ongoing
      rescan, this brings no useful information and the error code is
      sufficient.
      
      Change message levels to debug for now, they can be removed eventually.
      
      CC: stable@vger.kernel.org # 6.6+
      Reviewed-by: default avatarBoris Burkov <boris@bur.io>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      1fa7603d
  2. 07 May, 2024 37 commits