[PATCH 3.19.y-ckt 075/251] Btrfs: don't invalidate root dentry when subvolume deletion fails

[Kamal Mostafa]

3.19.8-ckt4 -stable review patch.  If anyone has any objections, please let me 
know.

------------------

From: Omar Sandoval <osan...@osandov.com>

commit 64ad6c488975d7516230cf7849190a991fd615ae upstream.

Since commit bafc9b754f75 ("vfs: More precise tests in d_invalidate"),
mounted subvolumes can be deleted because d_invalidate() won't fail.
However, we run into problems when we attempt to delete the default
subvolume while it is mounted as the root filesystem:

        # btrfs subvol list /
        ID 257 gen 306 top level 5 path rootvol
        ID 267 gen 334 top level 5 path snap1
        # btrfs subvol get-default /
        ID 267 gen 334 top level 5 path snap1
        # btrfs inspect-internal rootid /
        267
        # mount -o subvol=/ /dev/vda1 /mnt
        # btrfs subvol del /mnt/snap1
        Delete subvolume (no-commit): '/mnt/snap1'
        ERROR: cannot delete '/mnt/snap1' - Operation not permitted
        # findmnt /
        findmnt: can't read /proc/mounts: No such file or directory
        # ls /proc
        #

Markus reported that this same scenario simply led to a kernel oops.

This happens because in btrfs_ioctl_snap_destroy(), we call
d_invalidate() before we check may_destroy_subvol(), which means that we
detach the submounts and drop the dentry before erroring out. Instead,
we should only invalidate the dentry once the deletion has succeeded.
Additionally, the shrink_dcache_sb() isn't necessary; d_invalidate()
will prune the dcache for the deleted subvolume.

Fixes: bafc9b754f75 ("vfs: More precise tests in d_invalidate")
Reported-by: Markus Schauler <mschau...@gmail.com>
Signed-off-by: Omar Sandoval <osan...@osandov.com>
Signed-off-by: Chris Mason <c...@fb.com>
Signed-off-by: Kamal Mostafa <ka...@canonical.com>
---
 fs/btrfs/ioctl.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 334b0a9..0dc23cd 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -2406,8 +2406,6 @@ static noinline int btrfs_ioctl_snap_destroy(struct file 
*file,
                goto out_unlock_inode;
        }
 
-       d_invalidate(dentry);
-
        down_write(&root->fs_info->subvol_sem);
 
        err = may_destroy_subvol(dest);
@@ -2501,7 +2499,7 @@ out_up_write:
 out_unlock_inode:
        mutex_unlock(&inode->i_mutex);
        if (!err) {
-               shrink_dcache_sb(root->fs_info->sb);
+               d_invalidate(dentry);
                btrfs_invalidate_inodes(dest);
                d_delete(dentry);
                ASSERT(dest->send_in_progress == 0);
-- 
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/