btrfs: check the root node for uptodate before returning it

commit 120de408e4b97504a2d9b5ca534b383de2c73d49 upstream.

Now that we clear the extent buffer uptodate if we fail to write it out
we need to check to see if our root node is uptodate before we search
down it.  Otherwise we could return stale data (or potentially corrupt
data that was caught by the write verification step) and think that the
path is OK to search down.

CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
index 519cf145f9bd176596bef40a03a17a6b3e81b07e..5addd1e36a8ee1699b5f8be4a4b48c36aeabe282 100644 (file)
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -2589,12 +2589,9 @@ static struct extent_buffer *btrfs_search_slot_get_root(struct btrfs_root *root,
 {
        struct btrfs_fs_info *fs_info = root->fs_info;
        struct extent_buffer *b;
-       int root_lock;
+       int root_lock = 0;
        int level = 0;
 
-       /* We try very hard to do read locks on the root */
-       root_lock = BTRFS_READ_LOCK;
-
        if (p->search_commit_root) {
                /*
                 * The commit roots are read only so we always do read locks,
@@ -2632,6 +2629,9 @@ static struct extent_buffer *btrfs_search_slot_get_root(struct btrfs_root *root,
                goto out;
        }
 
+       /* We try very hard to do read locks on the root */
+       root_lock = BTRFS_READ_LOCK;
+
        /*
         * If the level is set to maximum, we can skip trying to get the read
         * lock.
@@ -2658,6 +2658,17 @@ static struct extent_buffer *btrfs_search_slot_get_root(struct btrfs_root *root,
        level = btrfs_header_level(b);
 
 out:
+       /*
+        * The root may have failed to write out at some point, and thus is no
+        * longer valid, return an error in this case.
+        */
+       if (!extent_buffer_uptodate(b)) {
+               if (root_lock)
+                       btrfs_tree_unlock_rw(b, root_lock);
+               free_extent_buffer(b);
+               return ERR_PTR(-EIO);
+       }
+
        p->nodes[level] = b;
        if (!p->skip_locking)
                p->locks[level] = root_lock;