On 2020/3/5 上午12:18, Josef Bacik wrote:
> We previously were checking if the root had a dead root before accessing
> root->reloc_root in order to avoid a UAF type bug. However this
> scenario happens after we've unset the reloc control, so we would have
> been saved if we'd simply checked for fs_info->reloc_control. At this
> point during relocation we no longer need to be creating new reloc
> roots, so simply move this check above the reloc_root checks to avoid
> any future races and confusion.
>
> Signed-off-by: Josef Bacik <josef@xxxxxxxxxxxxxx>
Right, for btrfs_init_reloc_root() checking rc before accessing root is
fine.
So,
Reviewed-by: Qu Wenruo <wqu@xxxxxxxx>
Although other location, like btrfs_reloc_post_snapshot() still needs
such check, as we have a window where just merged reloc roots but not
yet unset the reloc control.
Thanks,
Qu
> ---
> fs/btrfs/relocation.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
> index 507361e99316..2141519a9dd0 100644
> --- a/fs/btrfs/relocation.c
> +++ b/fs/btrfs/relocation.c
> @@ -1527,6 +1527,10 @@ int btrfs_init_reloc_root(struct btrfs_trans_handle *trans,
> int clear_rsv = 0;
> int ret;
>
> + if (!rc || !rc->create_reloc_tree ||
> + root->root_key.objectid == BTRFS_TREE_RELOC_OBJECTID)
> + return 0;
> +
> /*
> * The subvolume has reloc tree but the swap is finished, no need to
> * create/update the dead reloc tree
> @@ -1540,10 +1544,6 @@ int btrfs_init_reloc_root(struct btrfs_trans_handle *trans,
> return 0;
> }
>
> - if (!rc || !rc->create_reloc_tree ||
> - root->root_key.objectid == BTRFS_TREE_RELOC_OBJECTID)
> - return 0;
> -
> if (!trans->reloc_reserved) {
> rsv = trans->block_rsv;
> trans->block_rsv = rc->block_rsv;
>
Attachment:
signature.asc
Description: OpenPGP digital signature
