btrfs: Prevent scrub recheck from racing with dev replace
authorQu Wenruo <quwenruo@cn.fujitsu.com>
Wed, 29 Mar 2017 01:33:22 +0000 (09:33 +0800)
committerDavid Sterba <dsterba@suse.com>
Tue, 18 Apr 2017 12:07:26 +0000 (14:07 +0200)
commite501bfe323356ea3f7ef79d4b0d95389b70a7193
tree870724f193b99f9388dce8e7cbdfcb96b3cfeed5
parentae6529c35bcc1c65c12131cef2aea63d8e2ea950
btrfs: Prevent scrub recheck from racing with dev replace

scrub_setup_recheck_block() calls btrfs_map_sblock() and then accesses
bbio without protection of bio_counter.

This can lead to use-after-free if racing with dev replace cancel.

Fix it by increasing bio_counter before calling btrfs_map_sblock() and
decreasing the bio_counter when corresponding recover is finished.

Cc: Liu Bo <bo.li.liu@oracle.com>
Reported-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: Qu Wenruo <quwenruo@cn.fujitsu.com>
Signed-off-by: David Sterba <dsterba@suse.com>
fs/btrfs/scrub.c