btrfs: check the root node for uptodate before returning it

commit 120de408e4b97504a2d9b5ca534b383de2c73d49 upstream.

Now that we clear the extent buffer uptodate if we fail to write it out
we need to check to see if our root node is uptodate before we search
down it.  Otherwise we could return stale data (or potentially corrupt
data that was caught by the write verification step) and think that the
path is OK to search down.

CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
index 84627cbd5b5b5cc6a2ddad82be8bb9e1bcc4474e..95a6a63caf04756cd5490802ac6a81918775a81d 100644 (file)
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -1568,12 +1568,9 @@ static struct extent_buffer *btrfs_search_slot_get_root(struct btrfs_root *root,
 {
        struct btrfs_fs_info *fs_info = root->fs_info;
        struct extent_buffer *b;
-       int root_lock;
+       int root_lock = 0;
        int level = 0;
 
-       /* We try very hard to do read locks on the root */
-       root_lock = BTRFS_READ_LOCK;
-
        if (p->search_commit_root) {
                /*
                 * The commit roots are read only so we always do read locks,
@@ -1611,6 +1608,9 @@ static struct extent_buffer *btrfs_search_slot_get_root(struct btrfs_root *root,
                goto out;
        }
 
+       /* We try very hard to do read locks on the root */
+       root_lock = BTRFS_READ_LOCK;
+
        /*
         * If the level is set to maximum, we can skip trying to get the read
         * lock.
@@ -1637,6 +1637,17 @@ static struct extent_buffer *btrfs_search_slot_get_root(struct btrfs_root *root,
        level = btrfs_header_level(b);
 
 out:
+       /*
+        * The root may have failed to write out at some point, and thus is no
+        * longer valid, return an error in this case.
+        */
+       if (!extent_buffer_uptodate(b)) {
+               if (root_lock)
+                       btrfs_tree_unlock_rw(b, root_lock);
+               free_extent_buffer(b);
+               return ERR_PTR(-EIO);
+       }
+
        p->nodes[level] = b;
        if (!p->skip_locking)
                p->locks[level] = root_lock;