Due to commit d2311e698578 ("btrfs: relocation: Delay reloc tree
deletion after merge_reloc_roots"), reloc tree lifespan is extended.
Although we always set root->reloc_root to NULL before we drop the reloc
tree, but that's not multi-core safe since we have no proper memory
barrier to ensure other cores can see the same root->reloc_root.
The proper root fix should be some proper root refcount, and make
btrfs_drop_snapshot() to wait for all other root owner to release the
root before dropping it.
But for now, let's just check the DEAD_RELOC_ROOT bit before accessing
root->reloc_root.
Qu Wenruo (3):
btrfs: relocation: Fix a KASAN use-after-free bug due to extended
reloc tree lifespan
btrfs: relocation: Fix KASAN report on create_reloc_tree due to
extended reloc tree lifepsan
btrfs: relocation: Fix a KASAN report on btrfs_reloc_pre_snapshot()
due to extended reloc root lifespan
fs/btrfs/relocation.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
--
2.24.0
