We missed to unlock folio in error path of f2fs_read_data_large_folio(), fix it.
With below testcase, it can reproduce the bug. touch /mnt/f2fs/file truncate -s $((1024*1024*1024)) /mnt/f2fs/file f2fs_io setflags immutable /mnt/f2fs/file sync echo 3 > /proc/sys/vm/drop_caches time dd if=/mnt/f2fs/file of=/dev/null bs=1M count=1024 f2fs_io clearflags immutable /mnt/f2fs/file echo 1 > /proc/sys/vm/drop_caches time dd if=/mnt/f2fs/file of=/dev/null bs=1M count=1024 time dd if=/mnt/f2fs/file of=/dev/null bs=1M count=1024 Signed-off-by: Chao Yu <[email protected]> --- Changelog: - this patch is based on Nanzhe Zhao's patchset fs/f2fs/data.c | 28 ++++++++++++---------------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index eeeb70bff101..a2c4769d0ae1 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -2462,11 +2462,11 @@ static int f2fs_read_data_large_folio(struct inode *inode, int ret = 0; bool folio_in_bio; - if (!IS_IMMUTABLE(inode)) - return -EOPNOTSUPP; - - if (f2fs_compressed_file(inode)) + if (!IS_IMMUTABLE(inode) || f2fs_compressed_file(inode)) { + if (folio) + folio_unlock(folio); return -EOPNOTSUPP; + } map.m_seg_type = NO_CHECK_TYPE; @@ -2569,22 +2569,18 @@ static int f2fs_read_data_large_folio(struct inode *inode, last_block_in_bio = block_nr; } trace_f2fs_read_folio(folio, DATA); - if (rac) { - if (!folio_in_bio) { - if (!ret) - folio_mark_uptodate(folio); - folio_unlock(folio); - } - folio = readahead_folio(rac); - goto next_folio; - } + err_out: - /* Nothing was submitted. */ - if (!bio) { + if (!folio_in_bio) { if (!ret) folio_mark_uptodate(folio); folio_unlock(folio); - return ret; + if (ret) + return ret; + } + if (rac) { + folio = readahead_folio(rac); + goto next_folio; } out: f2fs_submit_read_bio(F2FS_I_SB(inode), bio, DATA); -- 2.40.1 _______________________________________________ Linux-f2fs-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
