btrfs: Ensure btrfs_init_dev_replace_tgtdev sees up to date values

btrfs_init_dev_replace_tgtdev reads certain values from the source
device (such as commit_total_bytes) which are updated during transaction
commit. Currently this function is called before committing any pending
transaction, leading to possibly reading outdated values.

Fix this by moving the function below the transaction commit, at this
point the EXCL_OP bit it set hence once transaction is complete the
total size of the device cannot be changed (it's usually changed by
resize/remove ops which are blocked).

Fixes: 9e271ae27e44 ("Btrfs: kernel operation should come after user input has been verified")
Signed-off-by: Nikolay Borisov <nborisov@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>

diff --git a/fs/btrfs/dev-replace.c b/fs/btrfs/dev-replace.c
index eb8b5cb2c40d5bc8bb97f382d75359fadf083c23..149e6139182b804ed6b784fdba9322fc983a41dc 100644 (file)
--- a/fs/btrfs/dev-replace.c
+++ b/fs/btrfs/dev-replace.c
@@ -414,11 +414,6 @@ static int btrfs_dev_replace_start(struct btrfs_fs_info *fs_info,
                return -ETXTBSY;
        }
 
-       ret = btrfs_init_dev_replace_tgtdev(fs_info, tgtdev_name,
-                                           src_device, &tgt_device);
-       if (ret)
-               return ret;
-
        /*
         * Here we commit the transaction to make sure commit_total_bytes
         * of all the devices are updated.
@@ -432,6 +427,11 @@ static int btrfs_dev_replace_start(struct btrfs_fs_info *fs_info,
                return PTR_ERR(trans);
        }
 
+       ret = btrfs_init_dev_replace_tgtdev(fs_info, tgtdev_name,
+                                           src_device, &tgt_device);
+       if (ret)
+               return ret;
+
        need_unlock = true;
        down_write(&dev_replace->rwsem);
        switch (dev_replace->replace_state) {