From: Haisu Wang haisuwang@tencent.com
mainline inclusion from mainline-v6.12-rc7 commit 2b084d8205949dd804e279df8e68531da78be1e8 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IARV5C CVE: CVE-2024-46733
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
The dealloc flag may be cleared and the extent won't reach the disk in cow_file_range when errors path. The reserved qgroup space is freed in commit 30479f31d44d ("btrfs: fix qgroup reserve leaks in cow_file_range"). However, the length of untouched region to free needs to be adjusted with the correct remaining region size.
Fixes: 30479f31d44d ("btrfs: fix qgroup reserve leaks in cow_file_range") CC: stable@vger.kernel.org # 6.11+ Reviewed-by: Qu Wenruo wqu@suse.com Reviewed-by: Boris Burkov boris@bur.io Signed-off-by: Haisu Wang haisuwang@tencent.com Reviewed-by: David Sterba dsterba@suse.com Signed-off-by: David Sterba dsterba@suse.com Conflicts: fs/btrfs/inode.c [Just context differences.] Signed-off-by: Yifan Qiao qiaoyifan4@huawei.com --- fs/btrfs/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index e164d3ba065f..46036fecb3cb 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1150,7 +1150,7 @@ static noinline int cow_file_range(struct inode *inode, locked_page, clear_bits | EXTENT_CLEAR_DATA_RESV, page_ops); - btrfs_qgroup_free_data(inode, NULL, start, cur_alloc_size); + btrfs_qgroup_free_data(inode, NULL, start, end - start + 1); goto out; }