[PATCH 5/6] btrfs: handle -EAGAIN from btrfs_duplicate_item and refresh stale leaf pointer

Linux Btrfs filesystem development
 help / color / mirror / Atom feed

From: robbieko <robbieko@synology.com>
To: linux-btrfs@vger.kernel.org
Cc: robbieko <robbieko@synology.com>
Subject: [PATCH 5/6] btrfs: handle -EAGAIN from btrfs_duplicate_item and refresh stale leaf pointer
Date: Mon, 13 Apr 2026 14:52:36 +0800	[thread overview]
Message-ID: <20260413065249.2320122-6-robbieko@synology.com> (raw)
In-Reply-To: <20260413065249.2320122-1-robbieko@synology.com>

In the 'punch a hole' case of btrfs_delete_raid_extent(),
btrfs_duplicate_item() can return -EAGAIN when the leaf needs to be
split and the path becomes invalid. The old code treats any error as
fatal and breaks out of the loop.

Additionally, btrfs_duplicate_item() may trigger setup_leaf_for_split()
which can reallocate the leaf node. The code continues using the old
leaf pointer, leading to use-after-free or stale data access.

Fix both issues by:
- Handling -EAGAIN specifically: release the path and retry the loop.
- Refreshing leaf = path->nodes[0] after successful duplication.

Signed-off-by: robbieko <robbieko@synology.com>
---
 fs/btrfs/raid-stripe-tree.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/fs/btrfs/raid-stripe-tree.c b/fs/btrfs/raid-stripe-tree.c
index 5909ad35a1b0..1e8392a6c5a4 100644
--- a/fs/btrfs/raid-stripe-tree.c
+++ b/fs/btrfs/raid-stripe-tree.c
@@ -194,9 +194,19 @@ int btrfs_delete_raid_extent(struct btrfs_trans_handle *trans, u64 start, u64 le

 			/* The "right" item. */
 			ret = btrfs_duplicate_item(trans, stripe_root, path, &newkey);
+			if (ret == -EAGAIN) {
+				btrfs_release_path(path);
+				continue;
+			}
 			if (ret)
 				break;

+			/*
+			 * btrfs_duplicate_item() may have triggered a leaf
+			 * split via setup_leaf_for_split(), so we must refresh
+			 * our leaf pointer from the path.
+			 */
+			leaf = path->nodes[0];
 			item_size = btrfs_item_size(leaf, path->slots[0]);
 			extent = btrfs_item_ptr(leaf, path->slots[0],
 						struct btrfs_stripe_extent);
-- 
2.43.0

Disclaimer: The contents of this e-mail message and any attachments are confidential and are intended solely for addressee. The information may also be legally privileged. This transmission is sent in trust, for the sole purpose of delivery to the intended recipient. If you have received this transmission in error, any use, reproduction or dissemination of this transmission is strictly prohibited. If you are not the intended recipient, please immediately notify the sender by reply e-mail or phone and delete this message and its attachments, if any.

next prev parent reply	other threads:[~2026-04-13  6:53 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-13  6:52 [PATCH 0/6] btrfs: fix multiple bugs in raid-stripe-tree deletion path robbieko
2026-04-13  6:52 ` [PATCH 1/6] btrfs: copy devid in btrfs_partially_delete_raid_extent() robbieko
2026-04-13  9:14   ` Johannes Thumshirn
2026-04-13  6:52 ` [PATCH 2/6] btrfs: fix raid stripe search missing entries at leaf boundaries robbieko
2026-04-13 10:02   ` Johannes Thumshirn
2026-04-13 19:09   ` David Sterba
2026-04-13  6:52 ` [PATCH 3/6] btrfs: fix wrong min_objectid in btrfs_previous_item() call robbieko
2026-04-13  9:43   ` Johannes Thumshirn
2026-04-13  6:52 ` [PATCH 4/6] btrfs: replace ASSERT with proper error handling in stripe lookup fallback robbieko
2026-04-13  9:49   ` Johannes Thumshirn
2026-04-13 19:06     ` David Sterba
2026-04-13  6:52 ` robbieko [this message]
2026-04-13  9:54   ` [PATCH 5/6] btrfs: handle -EAGAIN from btrfs_duplicate_item and refresh stale leaf pointer Johannes Thumshirn
2026-04-13  6:52 ` [PATCH 6/6] btrfs: check return value of btrfs_partially_delete_raid_extent() robbieko
2026-04-13 10:00   ` Johannes Thumshirn
2026-04-13  9:11 ` [PATCH 0/6] btrfs: fix multiple bugs in raid-stripe-tree deletion path Johannes Thumshirn
2026-04-13 19:16 ` David Sterba
2026-04-17  2:18 ` David Sterba

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:5909ad35a1b dfblob:1e8392a6c5a )
 OR (
bs:"[PATCH 5/6] btrfs: handle -EAGAIN from btrfs_duplicate_item and refresh stale leaf pointer" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260413065249.2320122-6-robbieko@synology.com \
    --to=robbieko@synology.com \
    --cc=linux-btrfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox