btrfs: check the root node for uptodate before returning it
authorJosef Bacik <josef@toxicpanda.com>
Wed, 24 Nov 2021 19:14:24 +0000 (14:14 -0500)
committerDavid Sterba <dsterba@suse.com>
Fri, 7 Jan 2022 13:18:23 +0000 (14:18 +0100)
Now that we clear the extent buffer uptodate if we fail to write it out
we need to check to see if our root node is uptodate before we search
down it.  Otherwise we could return stale data (or potentially corrupt
data that was caught by the write verification step) and think that the
path is OK to search down.

CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: David Sterba <dsterba@suse.com>
fs/btrfs/ctree.c

index 9e02ac5..b54ea94 100644 (file)
@@ -1569,12 +1569,9 @@ static struct extent_buffer *btrfs_search_slot_get_root(struct btrfs_root *root,
                                                        int write_lock_level)
 {
        struct extent_buffer *b;
-       int root_lock;
+       int root_lock = 0;
        int level = 0;
 
-       /* We try very hard to do read locks on the root */
-       root_lock = BTRFS_READ_LOCK;
-
        if (p->search_commit_root) {
                b = root->commit_root;
                atomic_inc(&b->refs);
@@ -1594,6 +1591,9 @@ static struct extent_buffer *btrfs_search_slot_get_root(struct btrfs_root *root,
                goto out;
        }
 
+       /* We try very hard to do read locks on the root */
+       root_lock = BTRFS_READ_LOCK;
+
        /*
         * If the level is set to maximum, we can skip trying to get the read
         * lock.
@@ -1620,6 +1620,17 @@ static struct extent_buffer *btrfs_search_slot_get_root(struct btrfs_root *root,
        level = btrfs_header_level(b);
 
 out:
+       /*
+        * The root may have failed to write out at some point, and thus is no
+        * longer valid, return an error in this case.
+        */
+       if (!extent_buffer_uptodate(b)) {
+               if (root_lock)
+                       btrfs_tree_unlock_rw(b, root_lock);
+               free_extent_buffer(b);
+               return ERR_PTR(-EIO);
+       }
+
        p->nodes[level] = b;
        if (!p->skip_locking)
                p->locks[level] = root_lock;