git.baikalelectronics.ru Git - kernel.git/commit

author	ChenXiaoSong <chenxiaosong2@huawei.com>
	Wed, 16 Nov 2022 14:23:54 +0000 (22:23 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 8 Dec 2022 10:23:02 +0000 (11:23 +0100)
commit	3f558edd780a499d2fdf37270a6e41ec0caa6409
tree	253575559cff4a4e4e51c26a9b249a60fce6069d	tree \| snapshot
parent	3b271ba8086136016759b1fa8c3ff8d7f92585bd	commit \| diff

btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()

[ Upstream commit cb4e6a0ae5409826b24dd7e1b028ca5f0c5ec013 ]

Syzkaller reported BUG as follows:

  BUG: sleeping function called from invalid context at
       include/linux/sched/mm.h:274
  Call Trace:
   <TASK>
   dump_stack_lvl+0xcd/0x134
   __might_resched.cold+0x222/0x26b
   kmem_cache_alloc+0x2e7/0x3c0
   update_qgroup_limit_item+0xe1/0x390
   btrfs_qgroup_inherit+0x147b/0x1ee0
   create_subvol+0x4eb/0x1710
   btrfs_mksubvol+0xfe5/0x13f0
   __btrfs_ioctl_snap_create+0x2b0/0x430
   btrfs_ioctl_snap_create_v2+0x25a/0x520
   btrfs_ioctl+0x2a1c/0x5ce0
   __x64_sys_ioctl+0x193/0x200
   do_syscall_64+0x35/0x80

Fix this by calling qgroup_dirty() on @dstqgroup, and update limit item in
btrfs_run_qgroups() later outside of the spinlock context.

CC: stable@vger.kernel.org # 4.9+
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: ChenXiaoSong <chenxiaosong2@huawei.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>