Btrfs: set trans to null in reserve_metadata_bytes if we commit the transaction

btrfs_commit_transaction will free our trans, but because we pass trans to shrink_delalloc we could possibly have a use after free situation. So instead if we commit the transaction, set trans to null and set committed to true so we don't keep trying to commit a transaction. This fixes a panic I could reproduce at will. Thanks, Signed-off-by: N Josef Bacik <josef@redhat.com>

Btrfs: set trans to null in reserve_metadata_bytes if we commit the transaction
btrfs_commit_transaction will free our trans, but because we pass trans to shrink_delalloc we could possibly have a use after free situation. So instead if we commit the transaction, set trans to null and set committed to true so we don't keep trying to commit a transaction. This fixes a panic I could reproduce at will. Thanks, Signed-off-by: N Josef Bacik <josef@redhat.com>
38227933 · Josef Bacik · 0e78340f · 38227933
隐藏空白更改
内联并排

Showing with 6 addition and 3 deletion

fs/btrfs/extent-tree.c fs/btrfs/extent-tree.c +6 -3

未找到文件。
--- a/fs/btrfs/extent-tree.c
+++ b/fs/btrfs/extent-tree.c
@@ -3157,6 +3157,7 @@ static int reserve_metadata_bytes(struct btrfs_trans_handle *trans,
 	int retries = 0;
 	int ret = 0;
 	bool reserved = false;
+	bool committed = false;

 again:
 	ret = -ENOSPC;
@@ -3249,17 +3250,19 @@ static int reserve_metadata_bytes(struct btrfs_trans_handle *trans,
 		goto out;

 	ret = -EAGAIN;
-	if (trans)
+	if (trans || committed)
 		goto out;

-
 	ret = -ENOSPC;
 	trans = btrfs_join_transaction(root, 1);
 	if (IS_ERR(trans))
 		goto out;
 	ret = btrfs_commit_transaction(trans, root);
-	if (!ret)
+	if (!ret) {
+		trans = NULL;
+		committed = true;
 		goto again;
+	}

 out:
 	if (reserved) {