On 2026/3/12 02:30, Jaegeuk Kim wrote:
On 03/09, Chao Yu wrote:
On 2/24/26 09:04, Greg Kroah-Hartman wrote:
f2fs_convert_inline_inode() holds the page lock of the inline data page
and then calls f2fs_lock_op(), which acquires cp_rwsem in read mode.
At the same time, f2fs_write_checkpoint() can acquire cp_rwsem in write
mode and then will wait for page locks, like during
f2fs_write_node_pages() or data flushing, leading to a deadlock.
- f2fs_convert_inline_inode - f2fs_write_checkpoint()
- f2fs_grab_cache_folio page #0
- block_operations
- f2fs_lock_all
- f2fs_lock_op
- f2fs_sync_node_pages
- flush_inline_data
- f2fs_filemap_get_folio page #0
flush_inline_data -> f2fs_filemap_get_folio(FGP_LOCK|FGP_NOWAIT) does not
wait for the lock, right?
Oh, I missed that, that explain why I never hit such deadlock. :)
Thanks,
It seems true, although I didn't hit such deadlock.
To Jaegeuk, what do you think?
Fix this by acquiring the lock_op before locking the page. This ensures
the correct lock ordering, op before page, and avoids the deadlock.
Cc: Jaegeuk Kim <[email protected]>
Cc: Chao Yu <[email protected]>
Cc: stable <[email protected]>
Assisted-by: gkh_clanker_2000
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
This issue was found by running a tool to compare a past kernel CVE to
try to find any potential places in the existing codebase that was
missed with the original fix. I do not know if this patch or text
really is correct, but the code paths seems sane.
Note that the majority of the changelog text came from an untrusted and
experimental LLM model that is known for making crap up. So it might be
totally lying here, and if so, I am very sorry for wasting anyone's time
and I'll just go back to running this on code that I actually understand
and know how to verify myself, but I figured it was worth at least
asking you all about it.
fs/f2fs/inline.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c
index 0a1052d5ee62..98bc920a4f35 100644
--- a/fs/f2fs/inline.c
+++ b/fs/f2fs/inline.c
@@ -232,12 +232,14 @@ int f2fs_convert_inline_inode(struct inode *inode)
if (err)
return err;
- folio = f2fs_grab_cache_folio(inode->i_mapping, 0, false);
- if (IS_ERR(folio))
- return PTR_ERR(folio);
-
f2fs_lock_op(sbi, &lc);
+ folio = f2fs_grab_cache_folio(inode->i_mapping, 0, false);
+ if (IS_ERR(folio)) {
+ f2fs_unlock_op(sbi, &lc);
+ return PTR_ERR(folio);
+ }
+
It will be better to adjust the unlock order in between cp_rwsem and folio lock?
out:
f2fs_folio_put(folio, true);
f2fs_unlock_op(sbi, &lc);
Thanks,
ifolio = f2fs_get_inode_folio(sbi, inode->i_ino);
if (IS_ERR(ifolio)) {
err = PTR_ERR(ifolio);
_______________________________________________
Linux-f2fs-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
