btrfs: qgroup: fix quota disable during rescan
authorJustin Maggard <jmaggard10@gmail.com>
Fri, 6 Nov 2015 18:36:42 +0000 (10:36 -0800)
committerChris Mason <clm@fb.com>
Wed, 25 Nov 2015 13:22:08 +0000 (05:22 -0800)
There's a race condition that leads to a NULL pointer dereference if you
disable quotas while a quota rescan is running.  To fix this, we just need
to wait for the quota rescan worker to actually exit before tearing down
the quota structures.

Signed-off-by: Justin Maggard <jmaggard@netgear.com>
Signed-off-by: Chris Mason <clm@fb.com>
fs/btrfs/qgroup.c

index 93e12c18ffd736ec77351ecb0443bbfec606a938..fd0a196c8f74b99b8cc0d5a0bd70d32693be7499 100644 (file)
@@ -993,9 +993,10 @@ int btrfs_quota_disable(struct btrfs_trans_handle *trans,
        mutex_lock(&fs_info->qgroup_ioctl_lock);
        if (!fs_info->quota_root)
                goto out;
-       spin_lock(&fs_info->qgroup_lock);
        fs_info->quota_enabled = 0;
        fs_info->pending_quota_state = 0;
+       btrfs_qgroup_wait_for_completion(fs_info);
+       spin_lock(&fs_info->qgroup_lock);
        quota_root = fs_info->quota_root;
        fs_info->quota_root = NULL;
        fs_info->qgroup_flags &= ~BTRFS_QGROUP_STATUS_FLAG_ON;