[PATCH 4.0 100/105] Btrfs: send, dont leave without decrementing clone roots send_progress

From: Greg Kroah-Hartman
Date: Fri Jun 19 2015 - 16:44:19 EST

4.0-stable review patch. If anyone has any objections, please let me know.


From: Filipe Manana <fdmanana@xxxxxxxx>

commit 2f1f465ae6da244099af55c066e5355abd8ff620 upstream.

If the clone root was not readonly or the dead flag was set on it, we were
leaving without decrementing the root's send_progress counter (and before
we just incremented it). If a concurrent snapshot deletion was in progress
and ended up being aborted, it would be impossible to later attempt to
delete again the snapshot, since the root's send_in_progress counter could
never go back to 0.

We were also setting clone_sources_to_rollback to i + 1 too early - if we
bailed out because the clone root we got is not readonly or flagged as dead
we ended up later derreferencing a null pointer because we didn't assign
the clone root to sctx->clone_roots[i].root:

for (i = 0; sctx && i < clone_sources_to_rollback; i++)

So just don't increment the send_in_progress counter if the root is readonly
or flagged as dead.

Signed-off-by: Filipe Manana <fdmanana@xxxxxxxx>
Reviewed-by: David Sterba <dsterba@xxxxxxx>
Signed-off-by: Chris Mason <clm@xxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

fs/btrfs/send.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

--- a/fs/btrfs/send.c
+++ b/fs/btrfs/send.c
@@ -5852,9 +5852,7 @@ long btrfs_ioctl_send(struct file *mnt_f
ret = PTR_ERR(clone_root);
goto out;
- clone_sources_to_rollback = i + 1;
- clone_root->send_in_progress++;
if (!btrfs_root_readonly(clone_root) ||
btrfs_root_dead(clone_root)) {
@@ -5862,10 +5860,12 @@ long btrfs_ioctl_send(struct file *mnt_f
ret = -EPERM;
goto out;
+ clone_root->send_in_progress++;
srcu_read_unlock(&fs_info->subvol_srcu, index);

sctx->clone_roots[i].root = clone_root;
+ clone_sources_to_rollback = i + 1;
clone_sources_tmp = NULL;

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
Please read the FAQ at http://www.tux.org/lkml/