diff options
| author | Omar Sandoval <osandov@fb.com> | 2024-01-04 11:48:47 -0800 |
|---|---|---|
| committer | David Sterba <dsterba@suse.com> | 2024-01-12 02:00:21 +0100 |
| commit | 3324d0547861b16cf436d54abba7052e0c8aa9de (patch) | |
| tree | d824794b53f6050ba78af828f876cbce3cc0a91b /lib/test_fortify/write_overflow-strlcpy-src.c | |
| parent | 7081929ab2572920e94d70be3d332e5c9f97095a (diff) | |
btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted
Sweet Tea spotted a race between subvolume deletion and snapshotting
that can result in the root item for the snapshot having the
BTRFS_ROOT_SUBVOL_DEAD flag set. The race is:
Thread 1 | Thread 2
----------------------------------------------|----------
btrfs_delete_subvolume |
btrfs_set_root_flags(BTRFS_ROOT_SUBVOL_DEAD)|
|btrfs_mksubvol
| down_read(subvol_sem)
| create_snapshot
| ...
| create_pending_snapshot
| copy root item from source
down_write(subvol_sem) |
This flag is only checked in send and swap activate, which this would
cause to fail mysteriously.
create_snapshot() now checks the root refs to reject a deleted
subvolume, so we can fix this by locking subvol_sem earlier so that the
BTRFS_ROOT_SUBVOL_DEAD flag and the root refs are updated atomically.
CC: stable@vger.kernel.org # 4.14+
Reported-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Reviewed-by: Sweet Tea Dorminy <sweettea-kernel@dorminy.me>
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: Omar Sandoval <osandov@fb.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Diffstat (limited to 'lib/test_fortify/write_overflow-strlcpy-src.c')
0 files changed, 0 insertions, 0 deletions