Re: [PATCH] xfs: release dquot buffer after dqflush failure
From: Yingjie Gao
Date: Fri Jun 26 2026 - 09:41:59 EST
在 2026/6/26 01:55, Darrick J. Wong 写道:
> On Thu, Jun 25, 2026 at 09:16:23PM +0800, Yingjie Gao wrote:
>> xfs_qm_dqpurge() gets a locked buffer from xfs_dquot_use_attached_buf().
>> If xfs_qm_dqflush() fails, the error path skips xfs_buf_relse() and then
>> calls xfs_dquot_detach_buf(), which tries to lock the same buffer again.
>>
>> Release the buffer after xfs_qm_dqflush() returns so the error path drops
>> the caller hold and unlocks the buffer before the dquot is detached,
>> matching the other dqflush callers.
>>
>> Fixes: a40fe30868ba ("xfs: separate dquot buffer reads from xfs_dqflush")
>> Cc: stable@xxxxxxxxxxxxxxx # v6.13+
>> Signed-off-by: Yingjie Gao <gaoyingjie@xxxxxxxxxxxxx>
>
> Looks fine, though scanning this function further, I suspect that "goto
> out_funlock" in the "resurrect the refcount from the dead" isn't quite
> right either.
Thanks for taking a look.
I checked the "resurrect the refcount from the dead" path and sent a
separate fix for it:
https://lore.kernel.org/linux-xfs/20260626095253.3445540-1-gaoyingjie@xxxxxxxxxxxxx/
Thanks,
Yingjie
>
> Reviewed-by: "Darrick J. Wong" <djwong@xxxxxxxxxx>
>
> --D
>
>> ---
>> fs/xfs/xfs_qm.c | 5 ++---
>> 1 file changed, 2 insertions(+), 3 deletions(-)
>>
>> diff --git a/fs/xfs/xfs_qm.c b/fs/xfs/xfs_qm.c
>> index aa0d2976f1c3..896b24f87ac9 100644
>> --- a/fs/xfs/xfs_qm.c
>> +++ b/fs/xfs/xfs_qm.c
>> @@ -166,10 +166,9 @@ xfs_qm_dqpurge(
>> * does it on success.
>> */
>> error = xfs_qm_dqflush(dqp, bp);
>> - if (!error) {
>> + if (!error)
>> error = xfs_bwrite(bp);
>> - xfs_buf_relse(bp);
>> - }
>> + xfs_buf_relse(bp);
>> xfs_dqflock(dqp);
>> }
>> xfs_dquot_detach_buf(dqp);
>> --
>> 2.20.1
>>
>>
>