From 9f57ba579e97cf5d5efe208b6dddef988c2d9643 Mon Sep 17 00:00:00 2001 From: Omar Sandoval Date: Fri, 10 Apr 2015 14:20:40 -0700 Subject: [PATCH] btrfs: unlock i_mutex after attempting to delete subvolume during send [ Upstream commit 909e26dce3f7600f5e293ac0522c28790a0c8c9c ] Whenever the check for a send in progress introduced in commit 521e0546c970 (btrfs: protect snapshots from deleting during send) is hit, we return without unlocking inode->i_mutex. This is easy to see with lockdep enabled: [ +0.000059] ================================================ [ +0.000028] [ BUG: lock held when returning to user space! ] [ +0.000029] 4.0.0-rc5-00096-g3c435c1 #93 Not tainted [ +0.000026] ------------------------------------------------ [ +0.000029] btrfs/211 is leaving the kernel with locks still held! [ +0.000029] 1 lock held by btrfs/211: [ +0.000023] #0: (&type->i_mutex_dir_key){+.+.+.}, at: [] btrfs_ioctl_snap_destroy+0x2df/0x7a0 Make sure we unlock it in the error path. Reviewed-by: Filipe Manana Reviewed-by: David Sterba Cc: stable@vger.kernel.org Signed-off-by: Omar Sandoval Signed-off-by: Chris Mason Signed-off-by: Sasha Levin --- fs/btrfs/ioctl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 5c414fe7f9be42..fce3b5b9a2bb10 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -2431,7 +2431,7 @@ static noinline int btrfs_ioctl_snap_destroy(struct file *file, "Attempt to delete subvolume %llu during send", dest->root_key.objectid); err = -EPERM; - goto out_dput; + goto out_unlock_inode; } d_invalidate(dentry); @@ -2526,6 +2526,7 @@ static noinline int btrfs_ioctl_snap_destroy(struct file *file, root_flags & ~BTRFS_ROOT_SUBVOL_DEAD); spin_unlock(&dest->root_item_lock); } +out_unlock_inode: mutex_unlock(&inode->i_mutex); if (!err) { shrink_dcache_sb(root->fs_info->sb);