btrfs: ioctl: don't free iov when btrfs_encoded_read() returns -EAGAIN

Fix a bug in encoded read that mistakenly frees the iov in case
btrfs_encoded_read() returns -EAGAIN assuming the structure will be
reused.  This can happen when when receiving requests concurrently, the
io_uring subsystem does not reset the data, and the last free will
happen in btrfs_uring_read_finished().

Handle the -EAGAIN error and skip freeing iov.

CC: stable@vger.kernel.org # 6.13+
Signed-off-by: Sidong Yang <sidong.yang@furiosa.ai>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>

diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index a13d81bb56a089a5eb458d3339f486a58c15678c..63aeacc549457487674c014dda1085bfd161ef5b 100644 (file)
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -4902,6 +4902,8 @@ static int btrfs_uring_encoded_read(struct io_uring_cmd *cmd, unsigned int issue
 
        ret = btrfs_encoded_read(&kiocb, &data->iter, &data->args, &cached_state,
                                 &disk_bytenr, &disk_io_size);
+       if (ret == -EAGAIN)
+               goto out_acct;
        if (ret < 0 && ret != -EIOCBQUEUED)
                goto out_free;