• Mark Fasheh's avatar
    btrfs: handle non-fatal errors in btrfs_qgroup_inherit() · 918c2ee1
    Mark Fasheh authored
    create_pending_snapshot() will go readonly on _any_ error return from
    btrfs_qgroup_inherit(). If qgroups are enabled, a user can crash their fs by
    just making a snapshot and asking it to inherit from an invalid qgroup. For
    example:
    
    $ btrfs sub snap -i 1/10 /btrfs/ /btrfs/foo
    
    Will cause a transaction abort.
    
    Fix this by only throwing errors in btrfs_qgroup_inherit() when we know
    going readonly is acceptable.
    
    The following xfstests test case reproduces this bug:
    
      seq=`basename $0`
      seqres=$RESULT_DIR/$seq
      echo "QA output created by $seq"
    
      here=`pwd`
      tmp=/tmp/$$
      status=1	# failure is the default!
      trap "_cleanup; exit \$status" 0 1 2 3 15
    
      _cleanup()
      {
      	cd /
      	rm -f $tmp.*
      }
    
      # get standard environment, filters and checks
      . ./common/rc
      . ./common/filter
    
      # remove previous $seqres.full before test
      rm -f $seqres.full
    
      # real QA test starts here
      _supported_fs btrfs
      _supported_os Linux
      _require_scratch
    
      rm -f $seqres.full
    
      _scratch_mkfs
      _scratch_mount
      _run_btrfs_util_prog quota enable $SCRATCH_MNT
      # The qgroup '1/10' does not exist and should be silently ignored
      _run_btrfs_util_prog subvolume snapshot -i 1/10 $SCRATCH_MNT $SCRATCH_MNT/snap1
    
      _scratch_unmount
    
      echo "Silence is golden"
    
      status=0
      exit
    Signed-off-by: default avatarMark Fasheh <mfasheh@suse.de>
    Reviewed-by: default avatarQu Wenruo <quwenruo@cn.fujitsu.com>
    Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
    918c2ee1
qgroup.c 66.2 KB