We missed to unlock folio in error path of f2fs_read_data_large_folio(), fix it.
With below testcase, it can reproduce the bug. touch /mnt/f2fs/file truncate -s $((1024*1024*1024)) /mnt/f2fs/file f2fs_io setflags immutable /mnt/f2fs/file sync echo 3 > /proc/sys/vm/drop_caches time dd if=/mnt/f2fs/file of=/dev/null bs=1M count=1024 f2fs_io clearflags immutable /mnt/f2fs/file echo 1 > /proc/sys/vm/drop_caches time dd if=/mnt/f2fs/file of=/dev/null bs=1M count=1024 time dd if=/mnt/f2fs/file of=/dev/null bs=1M count=1024 Signed-off-by: Chao Yu <[email protected]> --- v2: - rebase to last dev-test branch fs/f2fs/data.c | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index d685c889f7b6..d509172b51df 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -2453,11 +2453,11 @@ static int f2fs_read_data_large_folio(struct inode *inode, int ret = 0; bool folio_in_bio; - if (!IS_IMMUTABLE(inode)) - return -EOPNOTSUPP; - - if (f2fs_compressed_file(inode)) + if (!IS_IMMUTABLE(inode) || f2fs_compressed_file(inode)) { + if (folio) + folio_unlock(folio); return -EOPNOTSUPP; + } map.m_seg_type = NO_CHECK_TYPE; @@ -2565,18 +2565,16 @@ static int f2fs_read_data_large_folio(struct inode *inode, last_block_in_bio = block_nr; } trace_f2fs_read_folio(folio, DATA); +err_out: + if (!folio_in_bio) { + folio_end_read(folio, !ret); + if (ret) + return ret; + } if (rac) { - if (!folio_in_bio) - folio_end_read(folio, true); folio = readahead_folio(rac); goto next_folio; } -err_out: - /* Nothing was submitted. */ - if (!bio) { - folio_end_read(folio, !ret); - return ret; - } out: f2fs_submit_read_bio(F2FS_I_SB(inode), bio, DATA); if (ret) { -- 2.40.1 _______________________________________________ Linux-f2fs-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
