diff mbox series

btrfs: always do the basic checks for btrfs_qgroup_inherit structure

Message ID 47d3dd33f637b70f230fa31f98dbf9ff066b58bb.1719207446.git.wqu@suse.com (mailing list archive)
State New, archived
Headers show
Series btrfs: always do the basic checks for btrfs_qgroup_inherit structure | expand

Commit Message

Qu Wenruo June 24, 2024, 5:40 a.m. UTC 
[BUG]
Syzbot reports the following regression detected by KASAN:

==================================================================
BUG: KASAN: slab-out-of-bounds in btrfs_qgroup_inherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277
Read of size 8 at addr ffff88814628ca50 by task syz-executor318/5171

CPU: 0 PID: 5171 Comm: syz-executor318 Not tainted 6.10.0-rc2-syzkaller-00010-g2ab795141095 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
 print_address_description mm/kasan/report.c:377 [inline]
 print_report+0x169/0x550 mm/kasan/report.c:488
 kasan_report+0x143/0x180 mm/kasan/report.c:601
 btrfs_qgroup_inherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277
 create_pending_snapshot+0x1359/0x29b0 fs/btrfs/transaction.c:1854
 create_pending_snapshots+0x195/0x1d0 fs/btrfs/transaction.c:1922
 btrfs_commit_transaction+0xf20/0x3740 fs/btrfs/transaction.c:2382
 create_snapshot+0x6a1/0x9e0 fs/btrfs/ioctl.c:875
 btrfs_mksubvol+0x58f/0x710 fs/btrfs/ioctl.c:1029
 btrfs_mksnapshot+0xb5/0xf0 fs/btrfs/ioctl.c:1075
 __btrfs_ioctl_snap_create+0x387/0x4b0 fs/btrfs/ioctl.c:1340
 btrfs_ioctl_snap_create_v2+0x1f2/0x3a0 fs/btrfs/ioctl.c:1422
 btrfs_ioctl+0x99e/0xc60
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:907 [inline]
 __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fcbf1992509
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fcbf1928218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007fcbf1a1f618 RCX: 00007fcbf1992509
RDX: 0000000020000280 RSI: 0000000050009417 RDI: 0000000000000003
RBP: 00007fcbf1a1f610 R08: 00007ffea1298e97 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcbf19eb660
R13: 00000000200002b8 R14: 00007fcbf19e60c0 R15: 0030656c69662f2e
 </TASK>

And it also pinned it down to this commit:

commit b5357cb268c41b4e2b7383d2759fc562f5b58c33
Author: Qu Wenruo <wqu@suse.com>
Date:   Sat Apr 20 07:50:27 2024 +0000

    btrfs: qgroup: do not check qgroup inherit if qgroup is disabled

[CAUSE]
That offending commit skips the whole qgroup inherit check if qgroup is
not enabled.

But that also skips the very basic checks like
num_ref_copies/num_excl_copies and the structure size checks.

Meaning if a qgroup enable/disable race is happening at the background,
and we pass a btrfs_qgroup_inherit structure when the qgroup is
disabled, the check would be completely skipped.

Then at the time of transaction commitment, qgroup is re-enabled and
btrfs_qgroup_inherit() is going to use the incorrect structure and
causing the above KASAN error.

[FIX]
Make btrfs_qgroup_check_inherit() only skip the source qgroup checks.
So that even if invalid btrfs_qgroup_inherit structure is passed in, we
can still reject invalid ones no matter if qgroup is enabled or not.

Furthermore we do already have an extra safenet inside
btrfs_qgroup_inherit(), which would just ignore invalid qgroup sources,
so even if we only skip the qgroup source check we're still safe.

Reported-by: syzbot+a0d1f7e26910be4dc171@syzkaller.appspotmail.com
Fixes: b5357cb268c4 ("btrfs: qgroup: do not check qgroup inherit if qgroup is disabled")
Signed-off-by: Qu Wenruo <wqu@suse.com>
---
 fs/btrfs/qgroup.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

Comments

Jeongjun Park June 24, 2024, 8:55 a.m. UTC | #1 
Qu Wenruo <wqu@suse.com> wrotten:
> [FIX]
> Make btrfs_qgroup_check_inherit() only skip the source qgroup checks.
> So that even if invalid btrfs_qgroup_inherit structure is passed in, we
> can still reject invalid ones no matter if qgroup is enabled or not.

> Furthermore we do already have an extra safenet inside
> btrfs_qgroup_inherit(), which would just ignore invalid qgroup sources,
> so even if we only skip the qgroup source check we're still safe.

> Reported-by: syzbot+a0d1f7e26910be4dc171@syzkaller.appspotmail.com
> Fixes: b5357cb268c4 ("btrfs: qgroup: do not check qgroup inherit if qgroup is disabled")
> Signed-off-by: Qu Wenruo <wqu@suse.com>

Signed-off-by: Jeongjun Park <aha310510@gmail.com>

Great. This patch is the best way I think.

Regards.
Jeongjun Park.
David Sterba June 24, 2024, 5:03 p.m. UTC | #2 
On Mon, Jun 24, 2024 at 03:10:53PM +0930, Qu Wenruo wrote:
> [BUG]
> Syzbot reports the following regression detected by KASAN:
> 
> ==================================================================
> BUG: KASAN: slab-out-of-bounds in btrfs_qgroup_inherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277
> Read of size 8 at addr ffff88814628ca50 by task syz-executor318/5171
> 
> CPU: 0 PID: 5171 Comm: syz-executor318 Not tainted 6.10.0-rc2-syzkaller-00010-g2ab795141095 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
> Call Trace:
>  <TASK>
>  __dump_stack lib/dump_stack.c:88 [inline]
>  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
>  print_address_description mm/kasan/report.c:377 [inline]
>  print_report+0x169/0x550 mm/kasan/report.c:488
>  kasan_report+0x143/0x180 mm/kasan/report.c:601
>  btrfs_qgroup_inherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277
>  create_pending_snapshot+0x1359/0x29b0 fs/btrfs/transaction.c:1854
>  create_pending_snapshots+0x195/0x1d0 fs/btrfs/transaction.c:1922
>  btrfs_commit_transaction+0xf20/0x3740 fs/btrfs/transaction.c:2382
>  create_snapshot+0x6a1/0x9e0 fs/btrfs/ioctl.c:875
>  btrfs_mksubvol+0x58f/0x710 fs/btrfs/ioctl.c:1029
>  btrfs_mksnapshot+0xb5/0xf0 fs/btrfs/ioctl.c:1075
>  __btrfs_ioctl_snap_create+0x387/0x4b0 fs/btrfs/ioctl.c:1340
>  btrfs_ioctl_snap_create_v2+0x1f2/0x3a0 fs/btrfs/ioctl.c:1422
>  btrfs_ioctl+0x99e/0xc60
>  vfs_ioctl fs/ioctl.c:51 [inline]
>  __do_sys_ioctl fs/ioctl.c:907 [inline]
>  __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893
>  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
>  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
>  entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x7fcbf1992509
> Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
> RSP: 002b:00007fcbf1928218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
> RAX: ffffffffffffffda RBX: 00007fcbf1a1f618 RCX: 00007fcbf1992509
> RDX: 0000000020000280 RSI: 0000000050009417 RDI: 0000000000000003
> RBP: 00007fcbf1a1f610 R08: 00007ffea1298e97 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcbf19eb660
> R13: 00000000200002b8 R14: 00007fcbf19e60c0 R15: 0030656c69662f2e
>  </TASK>
> 
> And it also pinned it down to this commit:
> 
> commit b5357cb268c41b4e2b7383d2759fc562f5b58c33
> Author: Qu Wenruo <wqu@suse.com>
> Date:   Sat Apr 20 07:50:27 2024 +0000
> 
>     btrfs: qgroup: do not check qgroup inherit if qgroup is disabled

For commit reference please use the COMMIT ("subject") without the mail
headers.

> 
> [CAUSE]
> That offending commit skips the whole qgroup inherit check if qgroup is
> not enabled.
> 
> But that also skips the very basic checks like
> num_ref_copies/num_excl_copies and the structure size checks.
> 
> Meaning if a qgroup enable/disable race is happening at the background,
> and we pass a btrfs_qgroup_inherit structure when the qgroup is
> disabled, the check would be completely skipped.
> 
> Then at the time of transaction commitment, qgroup is re-enabled and
> btrfs_qgroup_inherit() is going to use the incorrect structure and
> causing the above KASAN error.
> 
> [FIX]
> Make btrfs_qgroup_check_inherit() only skip the source qgroup checks.
> So that even if invalid btrfs_qgroup_inherit structure is passed in, we
> can still reject invalid ones no matter if qgroup is enabled or not.
> 
> Furthermore we do already have an extra safenet inside
> btrfs_qgroup_inherit(), which would just ignore invalid qgroup sources,
> so even if we only skip the qgroup source check we're still safe.
> 
> Reported-by: syzbot+a0d1f7e26910be4dc171@syzkaller.appspotmail.com
> Fixes: b5357cb268c4 ("btrfs: qgroup: do not check qgroup inherit if qgroup is disabled")
> Signed-off-by: Qu Wenruo <wqu@suse.com>

Reviewed-by: David Sterba <dsterba@suse.com>
Boris Burkov June 24, 2024, 6:38 p.m. UTC | #3 
On Mon, Jun 24, 2024 at 03:10:53PM +0930, Qu Wenruo wrote:
> [BUG]
> Syzbot reports the following regression detected by KASAN:
> 
> ==================================================================
> BUG: KASAN: slab-out-of-bounds in btrfs_qgroup_inherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277
> Read of size 8 at addr ffff88814628ca50 by task syz-executor318/5171
> 
> CPU: 0 PID: 5171 Comm: syz-executor318 Not tainted 6.10.0-rc2-syzkaller-00010-g2ab795141095 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
> Call Trace:
>  <TASK>
>  __dump_stack lib/dump_stack.c:88 [inline]
>  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
>  print_address_description mm/kasan/report.c:377 [inline]
>  print_report+0x169/0x550 mm/kasan/report.c:488
>  kasan_report+0x143/0x180 mm/kasan/report.c:601
>  btrfs_qgroup_inherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277
>  create_pending_snapshot+0x1359/0x29b0 fs/btrfs/transaction.c:1854
>  create_pending_snapshots+0x195/0x1d0 fs/btrfs/transaction.c:1922
>  btrfs_commit_transaction+0xf20/0x3740 fs/btrfs/transaction.c:2382
>  create_snapshot+0x6a1/0x9e0 fs/btrfs/ioctl.c:875
>  btrfs_mksubvol+0x58f/0x710 fs/btrfs/ioctl.c:1029
>  btrfs_mksnapshot+0xb5/0xf0 fs/btrfs/ioctl.c:1075
>  __btrfs_ioctl_snap_create+0x387/0x4b0 fs/btrfs/ioctl.c:1340
>  btrfs_ioctl_snap_create_v2+0x1f2/0x3a0 fs/btrfs/ioctl.c:1422
>  btrfs_ioctl+0x99e/0xc60
>  vfs_ioctl fs/ioctl.c:51 [inline]
>  __do_sys_ioctl fs/ioctl.c:907 [inline]
>  __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893
>  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
>  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
>  entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x7fcbf1992509
> Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
> RSP: 002b:00007fcbf1928218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
> RAX: ffffffffffffffda RBX: 00007fcbf1a1f618 RCX: 00007fcbf1992509
> RDX: 0000000020000280 RSI: 0000000050009417 RDI: 0000000000000003
> RBP: 00007fcbf1a1f610 R08: 00007ffea1298e97 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcbf19eb660
> R13: 00000000200002b8 R14: 00007fcbf19e60c0 R15: 0030656c69662f2e
>  </TASK>
> 
> And it also pinned it down to this commit:
> 
> commit b5357cb268c41b4e2b7383d2759fc562f5b58c33
> Author: Qu Wenruo <wqu@suse.com>
> Date:   Sat Apr 20 07:50:27 2024 +0000
> 
>     btrfs: qgroup: do not check qgroup inherit if qgroup is disabled
> 
> [CAUSE]
> That offending commit skips the whole qgroup inherit check if qgroup is
> not enabled.
> 
> But that also skips the very basic checks like
> num_ref_copies/num_excl_copies and the structure size checks.
> 
> Meaning if a qgroup enable/disable race is happening at the background,
> and we pass a btrfs_qgroup_inherit structure when the qgroup is
> disabled, the check would be completely skipped.
> 
> Then at the time of transaction commitment, qgroup is re-enabled and
> btrfs_qgroup_inherit() is going to use the incorrect structure and
> causing the above KASAN error.
> 
> [FIX]
> Make btrfs_qgroup_check_inherit() only skip the source qgroup checks.
> So that even if invalid btrfs_qgroup_inherit structure is passed in, we
> can still reject invalid ones no matter if qgroup is enabled or not.
> 
> Furthermore we do already have an extra safenet inside
> btrfs_qgroup_inherit(), which would just ignore invalid qgroup sources,
> so even if we only skip the qgroup source check we're still safe.
> 
> Reported-by: syzbot+a0d1f7e26910be4dc171@syzkaller.appspotmail.com
> Fixes: b5357cb268c4 ("btrfs: qgroup: do not check qgroup inherit if qgroup is disabled")

LGTM, thanks!
Reviewed-by: Boris Burkov <boris@bur.io>

> Signed-off-by: Qu Wenruo <wqu@suse.com>
> ---
>  fs/btrfs/qgroup.c | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c
> index 3edbe5bb19c6..45f4facc6f96 100644
> --- a/fs/btrfs/qgroup.c
> +++ b/fs/btrfs/qgroup.c
> @@ -3166,8 +3166,6 @@ int btrfs_qgroup_check_inherit(struct btrfs_fs_info *fs_info,
>  			       struct btrfs_qgroup_inherit *inherit,
>  			       size_t size)
>  {
> -	if (!btrfs_qgroup_enabled(fs_info))
> -		return 0;
>  	if (inherit->flags & ~BTRFS_QGROUP_INHERIT_FLAGS_SUPP)
>  		return -EOPNOTSUPP;
>  	if (size < sizeof(*inherit) || size > PAGE_SIZE)
> @@ -3188,6 +3186,14 @@ int btrfs_qgroup_check_inherit(struct btrfs_fs_info *fs_info,
>  	if (size != struct_size(inherit, qgroups, inherit->num_qgroups))
>  		return -EINVAL;
>  
> +	/*
> +	 * Skip the inherit source qgroups check if qgroup is not enabled.
> +	 * Qgroup can still be later enabled causing problems, but in that case
> +	 * btrfs_qgroup_inherit() would just ignore those invalid ones.
> +	 */
> +	if (!btrfs_qgroup_enabled(fs_info))
> +		return 0;
> +
>  	/*
>  	 * Now check all the remaining qgroups, they should all:
>  	 *
> -- 
> 2.45.2
>
Boris Burkov June 24, 2024, 6:39 p.m. UTC | #4 
On Mon, Jun 24, 2024 at 03:10:53PM +0930, Qu Wenruo wrote:
> [BUG]
> Syzbot reports the following regression detected by KASAN:
> 
> ==================================================================
> BUG: KASAN: slab-out-of-bounds in btrfs_qgroup_inherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277
> Read of size 8 at addr ffff88814628ca50 by task syz-executor318/5171
> 
> CPU: 0 PID: 5171 Comm: syz-executor318 Not tainted 6.10.0-rc2-syzkaller-00010-g2ab795141095 #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
> Call Trace:
>  <TASK>
>  __dump_stack lib/dump_stack.c:88 [inline]
>  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
>  print_address_description mm/kasan/report.c:377 [inline]
>  print_report+0x169/0x550 mm/kasan/report.c:488
>  kasan_report+0x143/0x180 mm/kasan/report.c:601
>  btrfs_qgroup_inherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277
>  create_pending_snapshot+0x1359/0x29b0 fs/btrfs/transaction.c:1854
>  create_pending_snapshots+0x195/0x1d0 fs/btrfs/transaction.c:1922
>  btrfs_commit_transaction+0xf20/0x3740 fs/btrfs/transaction.c:2382
>  create_snapshot+0x6a1/0x9e0 fs/btrfs/ioctl.c:875
>  btrfs_mksubvol+0x58f/0x710 fs/btrfs/ioctl.c:1029
>  btrfs_mksnapshot+0xb5/0xf0 fs/btrfs/ioctl.c:1075
>  __btrfs_ioctl_snap_create+0x387/0x4b0 fs/btrfs/ioctl.c:1340
>  btrfs_ioctl_snap_create_v2+0x1f2/0x3a0 fs/btrfs/ioctl.c:1422
>  btrfs_ioctl+0x99e/0xc60
>  vfs_ioctl fs/ioctl.c:51 [inline]
>  __do_sys_ioctl fs/ioctl.c:907 [inline]
>  __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893
>  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
>  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
>  entry_SYSCALL_64_after_hwframe+0x77/0x7f
> RIP: 0033:0x7fcbf1992509
> Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 81 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
> RSP: 002b:00007fcbf1928218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
> RAX: ffffffffffffffda RBX: 00007fcbf1a1f618 RCX: 00007fcbf1992509
> RDX: 0000000020000280 RSI: 0000000050009417 RDI: 0000000000000003
> RBP: 00007fcbf1a1f610 R08: 00007ffea1298e97 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcbf19eb660
> R13: 00000000200002b8 R14: 00007fcbf19e60c0 R15: 0030656c69662f2e
>  </TASK>
> 
> And it also pinned it down to this commit:
> 
> commit b5357cb268c41b4e2b7383d2759fc562f5b58c33
> Author: Qu Wenruo <wqu@suse.com>
> Date:   Sat Apr 20 07:50:27 2024 +0000
> 
>     btrfs: qgroup: do not check qgroup inherit if qgroup is disabled
> 
> [CAUSE]
> That offending commit skips the whole qgroup inherit check if qgroup is
> not enabled.
> 
> But that also skips the very basic checks like
> num_ref_copies/num_excl_copies and the structure size checks.
> 
> Meaning if a qgroup enable/disable race is happening at the background,
> and we pass a btrfs_qgroup_inherit structure when the qgroup is
> disabled, the check would be completely skipped.
> 
> Then at the time of transaction commitment, qgroup is re-enabled and
> btrfs_qgroup_inherit() is going to use the incorrect structure and
> causing the above KASAN error.
> 
> [FIX]
> Make btrfs_qgroup_check_inherit() only skip the source qgroup checks.
> So that even if invalid btrfs_qgroup_inherit structure is passed in, we
> can still reject invalid ones no matter if qgroup is enabled or not.
> 
> Furthermore we do already have an extra safenet inside
> btrfs_qgroup_inherit(), which would just ignore invalid qgroup sources,
> so even if we only skip the qgroup source check we're still safe.
> 
> Reported-by: syzbot+a0d1f7e26910be4dc171@syzkaller.appspotmail.com
> Fixes: b5357cb268c4 ("btrfs: qgroup: do not check qgroup inherit if qgroup is disabled")

LGTM, thanks!
Reviewed-by: Boris Burkov <boris@bur.io>

> Signed-off-by: Qu Wenruo <wqu@suse.com>
> ---
>  fs/btrfs/qgroup.c | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c
> index 3edbe5bb19c6..45f4facc6f96 100644
> --- a/fs/btrfs/qgroup.c
> +++ b/fs/btrfs/qgroup.c
> @@ -3166,8 +3166,6 @@ int btrfs_qgroup_check_inherit(struct btrfs_fs_info *fs_info,
>  			       struct btrfs_qgroup_inherit *inherit,
>  			       size_t size)
>  {
> -	if (!btrfs_qgroup_enabled(fs_info))
> -		return 0;
>  	if (inherit->flags & ~BTRFS_QGROUP_INHERIT_FLAGS_SUPP)
>  		return -EOPNOTSUPP;
>  	if (size < sizeof(*inherit) || size > PAGE_SIZE)
> @@ -3188,6 +3186,14 @@ int btrfs_qgroup_check_inherit(struct btrfs_fs_info *fs_info,
>  	if (size != struct_size(inherit, qgroups, inherit->num_qgroups))
>  		return -EINVAL;
>  
> +	/*
> +	 * Skip the inherit source qgroups check if qgroup is not enabled.
> +	 * Qgroup can still be later enabled causing problems, but in that case
> +	 * btrfs_qgroup_inherit() would just ignore those invalid ones.
> +	 */
> +	if (!btrfs_qgroup_enabled(fs_info))
> +		return 0;
> +
>  	/*
>  	 * Now check all the remaining qgroups, they should all:
>  	 *
> -- 
> 2.45.2
>
diff mbox series

Patch

diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c
index 3edbe5bb19c6..45f4facc6f96 100644
--- a/fs/btrfs/qgroup.c
+++ b/fs/btrfs/qgroup.c
@@ -3166,8 +3166,6 @@  int btrfs_qgroup_check_inherit(struct btrfs_fs_info *fs_info,
 			       struct btrfs_qgroup_inherit *inherit,
 			       size_t size)
 {
-	if (!btrfs_qgroup_enabled(fs_info))
-		return 0;
 	if (inherit->flags & ~BTRFS_QGROUP_INHERIT_FLAGS_SUPP)
 		return -EOPNOTSUPP;
 	if (size < sizeof(*inherit) || size > PAGE_SIZE)
@@ -3188,6 +3186,14 @@  int btrfs_qgroup_check_inherit(struct btrfs_fs_info *fs_info,
 	if (size != struct_size(inherit, qgroups, inherit->num_qgroups))
 		return -EINVAL;
 
+	/*
+	 * Skip the inherit source qgroups check if qgroup is not enabled.
+	 * Qgroup can still be later enabled causing problems, but in that case
+	 * btrfs_qgroup_inherit() would just ignore those invalid ones.
+	 */
+	if (!btrfs_qgroup_enabled(fs_info))
+		return 0;
+
 	/*
 	 * Now check all the remaining qgroups, they should all:
 	 *