Commit 8e587ab4 authored Mar 19, 2025 by Sidong Yang Committed by David Sterba Apr 01, 2025

btrfs: ioctl: don't free iov when btrfs_encoded_read() returns -EAGAIN



Fix a bug in encoded read that mistakenly frees the iov in case
btrfs_encoded_read() returns -EAGAIN assuming the structure will be
reused.  This can happen when when receiving requests concurrently, the
io_uring subsystem does not reset the data, and the last free will
happen in btrfs_uring_read_finished().

Handle the -EAGAIN error and skip freeing iov.

CC: stable@vger.kernel.org # 6.13+
Signed-off-by: Sidong Yang <sidong.yang@furiosa.ai>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>

parent 35fec108

fs/btrfs/ioctl.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -4902,6 +4902,8 @@ static int btrfs_uring_encoded_read(struct io_uring_cmd *cmd, unsigned int issue

		ret = btrfs_encoded_read(&kiocb, &data->iter, &data->args, &cached_state,
		&disk_bytenr, &disk_io_size);
		if (ret == -EAGAIN)
		goto out_acct;
		if (ret < 0 && ret != -EIOCBQUEUED)
		goto out_free;