review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	ChenXiaoSong <chenxiaosong2@huawei.com>
	Wed, 16 Nov 2022 14:23:54 +0000 (22:23 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 8 Dec 2022 10:28:38 +0000 (11:28 +0100)
commit	044da1a371a0da579e805e89c96865f62d8f6f69
tree	e2c7dc8c2e2917913fa3b9d353a497bbf9b78626	tree \| snapshot
parent	da86809ab822f5aef6764e146ae667898dc02469	commit \| diff

btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()

[ Upstream commit f7e942b5bb35d8e3af54053d19a6bf04143a3955 ]

Syzkaller reported BUG as follows:

  BUG: sleeping function called from invalid context at
       include/linux/sched/mm.h:274
  Call Trace:
   <TASK>
   dump_stack_lvl+0xcd/0x134
   __might_resched.cold+0x222/0x26b
   kmem_cache_alloc+0x2e7/0x3c0
   update_qgroup_limit_item+0xe1/0x390
   btrfs_qgroup_inherit+0x147b/0x1ee0
   create_subvol+0x4eb/0x1710
   btrfs_mksubvol+0xfe5/0x13f0
   __btrfs_ioctl_snap_create+0x2b0/0x430
   btrfs_ioctl_snap_create_v2+0x25a/0x520
   btrfs_ioctl+0x2a1c/0x5ce0
   __x64_sys_ioctl+0x193/0x200
   do_syscall_64+0x35/0x80

Fix this by calling qgroup_dirty() on @dstqgroup, and update limit item in
btrfs_run_qgroups() later outside of the spinlock context.

CC: stable@vger.kernel.org # 4.9+
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: ChenXiaoSong <chenxiaosong2@huawei.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>