Re: [f2fs-dev] [PATCH 3/3] f2fs: fix to do sanity check on i_nid for inline_data inode
On 2024/5/11 8:38, Jaegeuk Kim wrote: On 05/10, Chao Yu wrote: On 2024/5/10 11:36, Jaegeuk Kim wrote: On 05/10, Chao Yu wrote: On 2024/5/9 23:52, Jaegeuk Kim wrote: On 05/06, Chao Yu wrote: syzbot reports a f2fs bug as below: [ cut here ] kernel BUG at fs/f2fs/inline.c:258! CPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted 6.9.0-rc6-syzkaller-00012-g9e4bc4bcae01 #0 RIP: 0010:f2fs_write_inline_data+0x781/0x790 fs/f2fs/inline.c:258 Call Trace: f2fs_write_single_data_page+0xb65/0x1d60 fs/f2fs/data.c:2834 f2fs_write_cache_pages fs/f2fs/data.c:3133 [inline] __f2fs_write_data_pages fs/f2fs/data.c:3288 [inline] f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3315 do_writepages+0x35b/0x870 mm/page-writeback.c:2612 __writeback_single_inode+0x165/0x10b0 fs/fs-writeback.c:1650 writeback_sb_inodes+0x905/0x1260 fs/fs-writeback.c:1941 wb_writeback+0x457/0xce0 fs/fs-writeback.c:2117 wb_do_writeback fs/fs-writeback.c:2264 [inline] wb_workfn+0x410/0x1090 fs/fs-writeback.c:2304 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0xa12/0x17c0 kernel/workqueue.c:3335 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416 kthread+0x2f2/0x390 kernel/kthread.c:388 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 The root cause is: inline_data inode can be fuzzed, so that there may be valid blkaddr in its direct node, once f2fs triggers background GC to migrate the block, it will hit f2fs_bug_on() during dirty page writeback. Let's add sanity check on i_nid field for inline_data inode, meanwhile, forbid to migrate inline_data inode's data block to fix this issue. Reported-by: syzbot+848062ba19c8782ca...@syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-f2fs-devel/d103ce06174d7...@google.com Signed-off-by: Chao Yu --- fs/f2fs/f2fs.h | 2 +- fs/f2fs/gc.c | 6 ++ fs/f2fs/inline.c | 17 - fs/f2fs/inode.c | 2 +- 4 files changed, 24 insertions(+), 3 deletions(-) diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index fced2b7652f4..c876813b5532 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -4146,7 +4146,7 @@ extern struct kmem_cache *f2fs_inode_entry_slab; * inline.c */ bool f2fs_may_inline_data(struct inode *inode); -bool f2fs_sanity_check_inline_data(struct inode *inode); +bool f2fs_sanity_check_inline_data(struct inode *inode, struct page *ipage); bool f2fs_may_inline_dentry(struct inode *inode); void f2fs_do_read_inline_data(struct page *page, struct page *ipage); void f2fs_truncate_inline_inode(struct inode *inode, diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c index e86c7f01539a..041957750478 100644 --- a/fs/f2fs/gc.c +++ b/fs/f2fs/gc.c @@ -1563,6 +1563,12 @@ static int gc_data_segment(struct f2fs_sb_info *sbi, struct f2fs_summary *sum, continue; } + if (f2fs_has_inline_data(inode)) { + iput(inode); + set_sbi_flag(sbi, SBI_NEED_FSCK); + continue; Any race condtion to get this as false alarm? Since there is no reproducer for the bug, I doubt it was caused by metadata fuzzing, something like this: - inline inode has one valid blkaddr in i_addr or in dnode reference by i_nid; - SIT/SSA entry of the block is valid; - background GC migrates the block; - kworker writeback it, and trigger the bug_on(). Wasn't detected by sanity_check_inode? I fuzzed non-inline inode w/ below metadata fields: - i_blocks = 1 - i_size = 2048 - i_inline |= 0x02 sanity_check_inode() doesn't complain. I mean, the below sanity_check_inode() can cover the fuzzed case? I'm wondering I didn't figure out a generic way in sanity_check_inode() to catch all fuzzed cases. e.g. case #1 - blkaddr, its dnode, SSA and SIT are consistent - dnode.footer.ino points to inline inode - inline inode doesn't link to the donde Something like fuzzed special file, please check details in below commit: 9056d6489f5a ("f2fs: fix to do sanity check on inode type during garbage collection") case #2 - blkaddr, its dnode, SSA and SIT are consistent - blkaddr locates in inline inode's i_addr Thanks, whether we really need to check it in the gc path. Thanks, Thoughts? Thanks, + } + err = f2fs_gc_pinned_control(inode, gc_type, segno); if (err == -EAGAIN) { iput(inode); diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c index ac00423f117b..067600fed3d4 100644 --- a/fs/f2fs/inline.c +++ b/fs/f2fs/inline.c @@ -33,11 +33,26 @@ bool f2fs_may_inline_data(struct inode *inode) return !f2fs_post_read_required(inode); } -bool f2fs_sanity_check_inline_data(struct inode *inode) +static bool has_node_blocks(struct inode *ino
Re: [f2fs-dev] [PATCH V2] f2fs: fix some ambiguous comments
Hello: This patch was applied to jaegeuk/f2fs.git (dev) by Jaegeuk Kim : On Fri, 26 Apr 2024 20:01:29 +0800 you wrote: > After commit d7e9a9037de2 ("f2fs: Support Block Size == Page Size"), > Some comments are confused and just correct with block size is 4KB. > > Signed-off-by: Zhiguo Niu > --- > v2: add comments "support 64 TB disk size for 16K page size" > > [...] Here is the summary with links: - [f2fs-dev,V2] f2fs: fix some ambiguous comments https://git.kernel.org/jaegeuk/f2fs/c/991b6bdf1b00 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
Re: [f2fs-dev] [PATCH v2 2/3] f2fs: fix to add missing iput() in gc_data_segment()
Hello: This patch was applied to jaegeuk/f2fs.git (dev) by Jaegeuk Kim : On Fri, 10 May 2024 11:43:33 +0800 you wrote: > During gc_data_segment(), if inode state is abnormal, it missed to call > iput(), fix it. > > Fixes: b73e52824c89 ("f2fs: reposition unlock_new_inode to prevent accessing > invalid inode") > Fixes: 9056d6489f5a ("f2fs: fix to do sanity check on inode type during > garbage collection") > Signed-off-by: Chao Yu > > [...] Here is the summary with links: - [f2fs-dev,v2,2/3] f2fs: fix to add missing iput() in gc_data_segment() https://git.kernel.org/jaegeuk/f2fs/c/a798ff17cd2d You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
Re: [f2fs-dev] [PATCH] f2fs: use f2fs_{err, info}_ratelimited() for cleanup
Hello: This patch was applied to jaegeuk/f2fs.git (dev) by Jaegeuk Kim : On Mon, 6 May 2024 18:47:42 +0800 you wrote: > Commit b1c9d3f833ba ("f2fs: support printk_ratelimited() in f2fs_printk()") > missed some cases, cover all remains for cleanup. > > Signed-off-by: Chao Yu > --- > fs/f2fs/compress.c | 54 +- > fs/f2fs/segment.c | 5 ++--- > 2 files changed, 26 insertions(+), 33 deletions(-) Here is the summary with links: - [f2fs-dev] f2fs: use f2fs_{err, info}_ratelimited() for cleanup https://git.kernel.org/jaegeuk/f2fs/c/a78118406d52 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
Re: [f2fs-dev] [PATCH v2 5/5] f2fs: compress: don't allow unaligned truncation on released compress inode
Hello: This patch was applied to jaegeuk/f2fs.git (dev) by Jaegeuk Kim : On Tue, 7 May 2024 14:20:19 +0800 you wrote: > f2fs image may be corrupted after below testcase: > - mkfs.f2fs -O extra_attr,compression -f /dev/vdb > - mount /dev/vdb /mnt/f2fs > - touch /mnt/f2fs/file > - f2fs_io setflags compression /mnt/f2fs/file > - dd if=/dev/zero of=/mnt/f2fs/file bs=4k count=4 > - f2fs_io release_cblocks /mnt/f2fs/file > - truncate -s 8192 /mnt/f2fs/file > - umount /mnt/f2fs > - fsck.f2fs /dev/vdb > > [...] Here is the summary with links: - [f2fs-dev,v2,5/5] f2fs: compress: don't allow unaligned truncation on released compress inode https://git.kernel.org/jaegeuk/f2fs/c/29ed2b5dd521 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
Re: [f2fs-dev] [PATCH v2] f2fs: allow dirty sections with zero valid block for checkpoint disabled
Hello: This patch was applied to jaegeuk/f2fs.git (dev) by Jaegeuk Kim : On Fri, 10 May 2024 06:49:08 -0700 you wrote: > From: Daeho Jeong > > Following the semantic for dirty segments in checkpoint disabled mode, > apply the same rule to dirty sections. > > Signed-off-by: Daeho Jeong > > [...] Here is the summary with links: - [f2fs-dev,v2] f2fs: allow dirty sections with zero valid block for checkpoint disabled https://git.kernel.org/jaegeuk/f2fs/c/f2526c5cf1d9 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
Re: [f2fs-dev] [PATCH 1/2] f2fs: remove unused GC_FAILURE_PIN
Hello: This series was applied to jaegeuk/f2fs.git (dev) by Jaegeuk Kim : On Mon, 6 May 2024 18:45:37 +0800 you wrote: > After commit 3db1de0e582c ("f2fs: change the current atomic write way"), > we removed all GC_FAILURE_ATOMIC usage, let's change i_gc_failures[] > array to i_pin_failure for cleanup. > > Meanwhile, let's define i_current_depth and i_gc_failures as union > variable due to they won't be valid at the same time. > > [...] Here is the summary with links: - [f2fs-dev,1/2] f2fs: remove unused GC_FAILURE_PIN https://git.kernel.org/jaegeuk/f2fs/c/968c4f72b23c - [f2fs-dev,2/2] f2fs: fix to limit gc_pin_file_threshold https://git.kernel.org/jaegeuk/f2fs/c/c521a6ab4ad7 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
Re: [f2fs-dev] [PATCH v2] f2fs: fix block migration when section is not aligned to pow2
Hello: This patch was applied to jaegeuk/f2fs.git (dev) by Jaegeuk Kim : On Sun, 28 Apr 2024 21:51:42 -0600 you wrote: > As for zoned-UFS, f2fs section size is forced to zone size. And zone > size may not aligned to pow2. > > Fixes: 859fca6b706e ("f2fs: swap: support migrating swapfile in aligned write > mode") > Signed-off-by: Liao Yuanhong > Signed-off-by: Wu Bo > > [...] Here is the summary with links: - [f2fs-dev,v2] f2fs: fix block migration when section is not aligned to pow2 https://git.kernel.org/jaegeuk/f2fs/c/aa4074e8fec4 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
Re: [f2fs-dev] [PATCH] f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
Hello: This patch was applied to jaegeuk/f2fs.git (dev) by Jaegeuk Kim : On Thu, 25 Apr 2024 16:58:38 +0800 you wrote: > syzbot reports a kernel bug as below: > > F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 > == > BUG: KASAN: slab-out-of-bounds in f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline] > BUG: KASAN: slab-out-of-bounds in current_nat_addr fs/f2fs/node.h:213 [inline] > BUG: KASAN: slab-out-of-bounds in f2fs_get_node_info+0xece/0x1200 > fs/f2fs/node.c:600 > Read of size 1 at addr 88807a58c76c by task syz-executor280/5076 > > [...] Here is the summary with links: - [f2fs-dev] f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() https://git.kernel.org/jaegeuk/f2fs/c/20faaf30e555 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
Re: [f2fs-dev] [PATCH] f2fs: fix to avoid allocating WARM_DATA segment for direct IO
Hello: This patch was applied to jaegeuk/f2fs.git (dev) by Jaegeuk Kim : On Fri, 26 Apr 2024 17:33:48 +0800 you wrote: > If active_log is not 6, we never use WARM_DATA segment, let's > avoid allocating WARM_DATA segment for direct IO. > > Signed-off-by: Yunlei He > Signed-off-by: Chao Yu > --- > fs/f2fs/data.c| 3 ++- > fs/f2fs/f2fs.h| 2 +- > fs/f2fs/file.c| 5 +++-- > fs/f2fs/segment.c | 11 +-- > 4 files changed, 15 insertions(+), 6 deletions(-) Here is the summary with links: - [f2fs-dev] f2fs: fix to avoid allocating WARM_DATA segment for direct IO https://git.kernel.org/jaegeuk/f2fs/c/a320b2f08b3b You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
Re: [f2fs-dev] [PATCH v2] f2fs: zone: fix to don't trigger OPU on pinfile for direct IO
Hello: This patch was applied to jaegeuk/f2fs.git (dev) by Jaegeuk Kim : On Sun, 28 Apr 2024 09:12:36 +0800 you wrote: > Otherwise, it breaks pinfile's sematics. > > Cc: Daeho Jeong > Signed-off-by: Chao Yu > --- > v2: > - fix to disallow OPU on pinfile no matter what device type f2fs uses. > fs/f2fs/data.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) Here is the summary with links: - [f2fs-dev,v2] f2fs: zone: fix to don't trigger OPU on pinfile for direct IO https://git.kernel.org/jaegeuk/f2fs/c/48d180e2bf5a You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
Re: [f2fs-dev] [PATCH v3 5/5] f2fs: compress: don't allow unaligned truncation on released compress inode
Hello: This patch was applied to jaegeuk/f2fs.git (dev) by Jaegeuk Kim : On Fri, 10 May 2024 11:33:39 +0800 you wrote: > f2fs image may be corrupted after below testcase: > - mkfs.f2fs -O extra_attr,compression -f /dev/vdb > - mount /dev/vdb /mnt/f2fs > - touch /mnt/f2fs/file > - f2fs_io setflags compression /mnt/f2fs/file > - dd if=/dev/zero of=/mnt/f2fs/file bs=4k count=4 > - f2fs_io release_cblocks /mnt/f2fs/file > - truncate -s 8192 /mnt/f2fs/file > - umount /mnt/f2fs > - fsck.f2fs /dev/vdb > > [...] Here is the summary with links: - [f2fs-dev,v3,5/5] f2fs: compress: don't allow unaligned truncation on released compress inode https://git.kernel.org/jaegeuk/f2fs/c/29ed2b5dd521 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
Re: [f2fs-dev] [PATCH 1/5] f2fs: compress: fix to update i_compr_blocks correctly
Hello: This series was applied to jaegeuk/f2fs.git (dev) by Jaegeuk Kim : On Mon, 6 May 2024 18:41:36 +0800 you wrote: > Previously, we account reserved blocks and compressed blocks into > @compr_blocks, then, f2fs_i_compr_blocks_update(,compr_blocks) will > update i_compr_blocks incorrectly, fix it. > > Meanwhile, for the case all blocks in cluster were reserved, fix to > update dn->ofs_in_node correctly. > > [...] Here is the summary with links: - [f2fs-dev,1/5] f2fs: compress: fix to update i_compr_blocks correctly https://git.kernel.org/jaegeuk/f2fs/c/186e7d71534d - [f2fs-dev,2/5] f2fs: compress: fix error path of inc_valid_block_count() https://git.kernel.org/jaegeuk/f2fs/c/043c832371cd - [f2fs-dev,3/5] f2fs: compress: fix typo in f2fs_reserve_compress_blocks() https://git.kernel.org/jaegeuk/f2fs/c/a3a0bc6c2239 - [f2fs-dev,4/5] f2fs: compress: fix to cover {reserve, release}_compress_blocks() w/ cp_rwsem lock https://git.kernel.org/jaegeuk/f2fs/c/0a4ed2d97cb6 - [f2fs-dev,5/5] f2fs: compress: don't allow unaligned truncation on released compress inode (no matching commit) You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
Re: [f2fs-dev] [PATCH v2] f2fs: check validation of fault attrs in f2fs_build_fault_attr()
Hello: This patch was applied to jaegeuk/f2fs.git (dev) by Jaegeuk Kim : On Tue, 7 May 2024 11:38:47 +0800 you wrote: > - It missed to check validation of fault attrs in parse_options(), > let's fix to add check condition in f2fs_build_fault_attr(). > - Use f2fs_build_fault_attr() in __sbi_store() to clean up code. > > Signed-off-by: Chao Yu > --- > v2: > - add static for f2fs_build_fault_attr(). > fs/f2fs/f2fs.h | 12 > fs/f2fs/super.c | 27 --- > fs/f2fs/sysfs.c | 14 ++ > 3 files changed, 38 insertions(+), 15 deletions(-) Here is the summary with links: - [f2fs-dev,v2] f2fs: check validation of fault attrs in f2fs_build_fault_attr() https://git.kernel.org/jaegeuk/f2fs/c/4ed886b187f4 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
Re: [f2fs-dev] [PATCH] f2fs: remove redundant parameter in is_next_segment_free()
Hello: This patch was applied to jaegeuk/f2fs.git (dev) by Jaegeuk Kim : On Thu, 25 Apr 2024 22:55:28 +0800 you wrote: > is_next_segment_free() takes a redundant `type` parameter. Remove it. > > Signed-off-by: Yifan Zhao > --- > fs/f2fs/segment.c | 5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) Here is the summary with links: - [f2fs-dev] f2fs: remove redundant parameter in is_next_segment_free() https://git.kernel.org/jaegeuk/f2fs/c/ecd69be71aad You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
Re: [f2fs-dev] [PATCH v2 1/3] f2fs: fix to release node block count in error path of f2fs_new_node_page()
Hello: This patch was applied to jaegeuk/f2fs.git (dev) by Jaegeuk Kim : On Tue, 7 May 2024 11:31:00 +0800 you wrote: > It missed to call dec_valid_node_count() to release node block count > in error path, fix it. > > Fixes: 141170b759e0 ("f2fs: fix to avoid use f2fs_bug_on() in > f2fs_new_node_page()") > Signed-off-by: Chao Yu > --- > v2: > - avoid comppile warning if CONFIG_F2FS_CHECK_FS is off. > fs/f2fs/node.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Here is the summary with links: - [f2fs-dev,v2,1/3] f2fs: fix to release node block count in error path of f2fs_new_node_page() https://git.kernel.org/jaegeuk/f2fs/c/0fa4e57c1db2 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
[f2fs-dev] Patchwork summary for: f2fs
Hello: The following patches were marked "accepted", because they were applied to jaegeuk/f2fs.git (dev): Patch: [f2fs-dev] f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() Submitter: Chao Yu Committer: Jaegeuk Kim Patchwork: https://patchwork.kernel.org/project/f2fs/list/?series=847755 Lore link: https://lore.kernel.org/r/20240425085838.4032657-1-c...@kernel.org Series: [f2fs-dev,1/5] f2fs: compress: fix to update i_compr_blocks correctly Submitter: Chao Yu Committer: Jaegeuk Kim Patchwork: https://patchwork.kernel.org/project/f2fs/list/?series=850750 Lore link: https://lore.kernel.org/r/20240506104140.776986-1-c...@kernel.org Patches: [f2fs-dev,1/5] f2fs: compress: fix to update i_compr_blocks correctly [f2fs-dev,2/5] f2fs: compress: fix error path of inc_valid_block_count() [f2fs-dev,3/5] f2fs: compress: fix typo in f2fs_reserve_compress_blocks() [f2fs-dev,4/5] f2fs: compress: fix to cover {reserve, release}_compress_blocks() w/ cp_rwsem lock Patch: [f2fs-dev] f2fs: use f2fs_{err, info}_ratelimited() for cleanup Submitter: Chao Yu Committer: Jaegeuk Kim Patchwork: https://patchwork.kernel.org/project/f2fs/list/?series=850755 Lore link: https://lore.kernel.org/r/20240506104742.778789-1-c...@kernel.org Series: [f2fs-dev,1/2] f2fs: remove unused GC_FAILURE_PIN Submitter: Chao Yu Committer: Jaegeuk Kim Patchwork: https://patchwork.kernel.org/project/f2fs/list/?series=850751 Lore link: https://lore.kernel.org/r/20240506104538.778116-1-c...@kernel.org Patches: [f2fs-dev,1/2] f2fs: remove unused GC_FAILURE_PIN [f2fs-dev,2/2] f2fs: fix to limit gc_pin_file_threshold Patch: [f2fs-dev,v2] f2fs: allow dirty sections with zero valid block for checkpoint disabled Submitter: Daeho Jeong Committer: Jaegeuk Kim Patchwork: https://patchwork.kernel.org/project/f2fs/list/?series=852303 Lore link: https://lore.kernel.org/r/20240510134908.3271725-1-daeh...@gmail.com Series: [f2fs-dev,1/3] f2fs: fix to release node block count in error path of f2fs_new_node_page() Submitter: Chao Yu Patchwork: https://patchwork.kernel.org/project/f2fs/list/?series=850747 Lore link: https://lore.kernel.org/r/20240506103313.773503-1-c...@kernel.org Patches: [f2fs-dev,1/3] f2fs: fix to release node block count in error path of f2fs_new_node_page() [f2fs-dev,2/3] f2fs: fix to add missing iput() in gc_data_segment() Patch: None Submitter: Chao Yu Committer: Jaegeuk Kim Patchwork: https://patchwork.kernel.org/project/f2fs/list/?series=852104 Lore link: https://lore.kernel.org/r/20240510034333.358653-1-c...@kernel.org Patch: [f2fs-dev] f2fs: remove redundant parameter in is_next_segment_free() Submitter: Yifan Zhao Committer: Jaegeuk Kim Patchwork: https://patchwork.kernel.org/project/f2fs/list/?series=847902 Lore link: https://lore.kernel.org/r/20240425145528.2925372-1-zhaoyi...@sjtu.edu.cn Patch: [f2fs-dev,v2] f2fs: check validation of fault attrs in f2fs_build_fault_attr() Submitter: Chao Yu Committer: Jaegeuk Kim Patchwork: https://patchwork.kernel.org/project/f2fs/list/?series=851002 Lore link: https://lore.kernel.org/r/20240507033847.1047251-1-c...@kernel.org Patch: [f2fs-dev,v2] f2fs: zone: fix to don't trigger OPU on pinfile for direct IO Submitter: Chao Yu Committer: Jaegeuk Kim Patchwork: https://patchwork.kernel.org/project/f2fs/list/?series=848561 Lore link: https://lore.kernel.org/r/20240428011236.1008917-1-c...@kernel.org Patch: [f2fs-dev,v2,1/3] f2fs: fix to release node block count in error path of f2fs_new_node_page() Submitter: Chao Yu Committer: Jaegeuk Kim Patchwork: https://patchwork.kernel.org/project/f2fs/list/?series=851001 Lore link: https://lore.kernel.org/r/20240507033100.1044884-1-c...@kernel.org Patch: [f2fs-dev] f2fs: fix to avoid allocating WARM_DATA segment for direct IO Submitter: Chao Yu Committer: Jaegeuk Kim Patchwork: https://patchwork.kernel.org/project/f2fs/list/?series=848172 Lore link: https://lore.kernel.org/r/20240426093348.377018-1-c...@kernel.org Patch: [f2fs-dev,v2] f2fs: fix block migration when section is not aligned to pow2 Submitter: Wu Bo Committer: Jaegeuk Kim Patchwork: https://patchwork.kernel.org/project/f2fs/list/?series=848699 Lore link: https://lore.kernel.org/r/20240429035142.706356-1-bo...@vivo.com Patch: None Submitter: Chao Yu Committer: Jaegeuk Kim Patchwork: https://patchwork.kernel.org/project/f2fs/list/?series=851033 Lore link: https://lore.kernel.org/r/20240507062019.1097683-1-c...@kernel.org Patch: None Submitter: Chao Yu Committer: Jaegeuk Kim Patchwork: https://patchwork.kernel.org/project/f2fs/list/?series=852103 Lore link: https://lore.kernel.org/r/2024051009.300331-1-c...@kernel.org Patch: [f2fs-dev,V2] f2fs: fix some ambiguous comments Submitter: 牛志国 (Zhiguo Niu) Committer: Jaegeuk Kim Patchwork
Re: [f2fs-dev] [PATCH 1/3] f2fs: fix to release node block count in error path of f2fs_new_node_page()
Hello: This series was applied to jaegeuk/f2fs.git (dev) by Jaegeuk Kim : On Mon, 6 May 2024 18:33:11 +0800 you wrote: > It missed to call dec_valid_node_count() to release node block count > in error path, fix it. > > Fixes: 141170b759e0 ("f2fs: fix to avoid use f2fs_bug_on() in > f2fs_new_node_page()") > Signed-off-by: Chao Yu > --- > fs/f2fs/node.c | 12 ++-- > 1 file changed, 6 insertions(+), 6 deletions(-) Here is the summary with links: - [f2fs-dev,1/3] f2fs: fix to release node block count in error path of f2fs_new_node_page() (no matching commit) - [f2fs-dev,2/3] f2fs: fix to add missing iput() in gc_data_segment() https://git.kernel.org/jaegeuk/f2fs/c/a798ff17cd2d - [f2fs-dev,3/3] f2fs: fix to do sanity check on i_nid for inline_data inode (no matching commit) You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
Re: [f2fs-dev] [PATCH 3/3] f2fs: fix to do sanity check on i_nid for inline_data inode
On 05/10, Chao Yu wrote: > On 2024/5/10 11:36, Jaegeuk Kim wrote: > > On 05/10, Chao Yu wrote: > > > On 2024/5/9 23:52, Jaegeuk Kim wrote: > > > > On 05/06, Chao Yu wrote: > > > > > syzbot reports a f2fs bug as below: > > > > > > > > > > [ cut here ] > > > > > kernel BUG at fs/f2fs/inline.c:258! > > > > > CPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted > > > > > 6.9.0-rc6-syzkaller-00012-g9e4bc4bcae01 #0 > > > > > RIP: 0010:f2fs_write_inline_data+0x781/0x790 fs/f2fs/inline.c:258 > > > > > Call Trace: > > > > >f2fs_write_single_data_page+0xb65/0x1d60 fs/f2fs/data.c:2834 > > > > >f2fs_write_cache_pages fs/f2fs/data.c:3133 [inline] > > > > >__f2fs_write_data_pages fs/f2fs/data.c:3288 [inline] > > > > >f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3315 > > > > >do_writepages+0x35b/0x870 mm/page-writeback.c:2612 > > > > >__writeback_single_inode+0x165/0x10b0 fs/fs-writeback.c:1650 > > > > >writeback_sb_inodes+0x905/0x1260 fs/fs-writeback.c:1941 > > > > >wb_writeback+0x457/0xce0 fs/fs-writeback.c:2117 > > > > >wb_do_writeback fs/fs-writeback.c:2264 [inline] > > > > >wb_workfn+0x410/0x1090 fs/fs-writeback.c:2304 > > > > >process_one_work kernel/workqueue.c:3254 [inline] > > > > >process_scheduled_works+0xa12/0x17c0 kernel/workqueue.c:3335 > > > > >worker_thread+0x86d/0xd70 kernel/workqueue.c:3416 > > > > >kthread+0x2f2/0x390 kernel/kthread.c:388 > > > > >ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 > > > > >ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 > > > > > > > > > > The root cause is: inline_data inode can be fuzzed, so that there may > > > > > be valid blkaddr in its direct node, once f2fs triggers background GC > > > > > to migrate the block, it will hit f2fs_bug_on() during dirty page > > > > > writeback. > > > > > > > > > > Let's add sanity check on i_nid field for inline_data inode, > > > > > meanwhile, > > > > > forbid to migrate inline_data inode's data block to fix this issue. > > > > > > > > > > Reported-by: syzbot+848062ba19c8782ca...@syzkaller.appspotmail.com > > > > > Closes: > > > > > https://lore.kernel.org/linux-f2fs-devel/d103ce06174d7...@google.com > > > > > Signed-off-by: Chao Yu > > > > > --- > > > > >fs/f2fs/f2fs.h | 2 +- > > > > >fs/f2fs/gc.c | 6 ++ > > > > >fs/f2fs/inline.c | 17 - > > > > >fs/f2fs/inode.c | 2 +- > > > > >4 files changed, 24 insertions(+), 3 deletions(-) > > > > > > > > > > diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h > > > > > index fced2b7652f4..c876813b5532 100644 > > > > > --- a/fs/f2fs/f2fs.h > > > > > +++ b/fs/f2fs/f2fs.h > > > > > @@ -4146,7 +4146,7 @@ extern struct kmem_cache *f2fs_inode_entry_slab; > > > > > * inline.c > > > > > */ > > > > >bool f2fs_may_inline_data(struct inode *inode); > > > > > -bool f2fs_sanity_check_inline_data(struct inode *inode); > > > > > +bool f2fs_sanity_check_inline_data(struct inode *inode, struct page > > > > > *ipage); > > > > >bool f2fs_may_inline_dentry(struct inode *inode); > > > > >void f2fs_do_read_inline_data(struct page *page, struct page > > > > > *ipage); > > > > >void f2fs_truncate_inline_inode(struct inode *inode, > > > > > diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c > > > > > index e86c7f01539a..041957750478 100644 > > > > > --- a/fs/f2fs/gc.c > > > > > +++ b/fs/f2fs/gc.c > > > > > @@ -1563,6 +1563,12 @@ static int gc_data_segment(struct f2fs_sb_info > > > > > *sbi, struct f2fs_summary *sum, > > > > > continue; > > > > > } > > > > > + if (f2fs_has_inline_data(inode)) { > > > > > + iput(inode); > > > > > + set_sbi_flag(sbi, SBI_NEED_FSCK); > > > > > + continue; > > > > > > > > Any race condtion to get this as false alarm? > > > > > > Since there is no reproducer for the bug, I doubt it was caused by > > > metadata > > > fuzzing, something like this: > > > > > > - inline inode has one valid blkaddr in i_addr or in dnode reference by > > > i_nid; > > > - SIT/SSA entry of the block is valid; > > > - background GC migrates the block; > > > - kworker writeback it, and trigger the bug_on(). > > > > Wasn't detected by sanity_check_inode? > > I fuzzed non-inline inode w/ below metadata fields: > - i_blocks = 1 > - i_size = 2048 > - i_inline |= 0x02 > > sanity_check_inode() doesn't complain. I mean, the below sanity_check_inode() can cover the fuzzed case? I'm wondering whether we really need to check it in the gc path. > > Thanks, > > > > > > > > > Thoughts? > > > > > > Thanks, > > > > > > > > > > > > + } > > > > > + > > > > > err = f2fs_gc_pinned_control(inode, gc_type, > > > > > segno); > > > > > if (err == -EAGAIN) { > > > > > iput(inode); > > > > > diff --g
Re: [f2fs-dev] [PATCH 3/3] f2fs: fix to do sanity check on i_nid for inline_data inode
On 2024/5/10 11:36, Jaegeuk Kim wrote: On 05/10, Chao Yu wrote: On 2024/5/9 23:52, Jaegeuk Kim wrote: On 05/06, Chao Yu wrote: syzbot reports a f2fs bug as below: [ cut here ] kernel BUG at fs/f2fs/inline.c:258! CPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted 6.9.0-rc6-syzkaller-00012-g9e4bc4bcae01 #0 RIP: 0010:f2fs_write_inline_data+0x781/0x790 fs/f2fs/inline.c:258 Call Trace: f2fs_write_single_data_page+0xb65/0x1d60 fs/f2fs/data.c:2834 f2fs_write_cache_pages fs/f2fs/data.c:3133 [inline] __f2fs_write_data_pages fs/f2fs/data.c:3288 [inline] f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:3315 do_writepages+0x35b/0x870 mm/page-writeback.c:2612 __writeback_single_inode+0x165/0x10b0 fs/fs-writeback.c:1650 writeback_sb_inodes+0x905/0x1260 fs/fs-writeback.c:1941 wb_writeback+0x457/0xce0 fs/fs-writeback.c:2117 wb_do_writeback fs/fs-writeback.c:2264 [inline] wb_workfn+0x410/0x1090 fs/fs-writeback.c:2304 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0xa12/0x17c0 kernel/workqueue.c:3335 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416 kthread+0x2f2/0x390 kernel/kthread.c:388 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 The root cause is: inline_data inode can be fuzzed, so that there may be valid blkaddr in its direct node, once f2fs triggers background GC to migrate the block, it will hit f2fs_bug_on() during dirty page writeback. Let's add sanity check on i_nid field for inline_data inode, meanwhile, forbid to migrate inline_data inode's data block to fix this issue. Reported-by: syzbot+848062ba19c8782ca...@syzkaller.appspotmail.com Closes: https://lore.kernel.org/linux-f2fs-devel/d103ce06174d7...@google.com Signed-off-by: Chao Yu --- fs/f2fs/f2fs.h | 2 +- fs/f2fs/gc.c | 6 ++ fs/f2fs/inline.c | 17 - fs/f2fs/inode.c | 2 +- 4 files changed, 24 insertions(+), 3 deletions(-) diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index fced2b7652f4..c876813b5532 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -4146,7 +4146,7 @@ extern struct kmem_cache *f2fs_inode_entry_slab; * inline.c */ bool f2fs_may_inline_data(struct inode *inode); -bool f2fs_sanity_check_inline_data(struct inode *inode); +bool f2fs_sanity_check_inline_data(struct inode *inode, struct page *ipage); bool f2fs_may_inline_dentry(struct inode *inode); void f2fs_do_read_inline_data(struct page *page, struct page *ipage); void f2fs_truncate_inline_inode(struct inode *inode, diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c index e86c7f01539a..041957750478 100644 --- a/fs/f2fs/gc.c +++ b/fs/f2fs/gc.c @@ -1563,6 +1563,12 @@ static int gc_data_segment(struct f2fs_sb_info *sbi, struct f2fs_summary *sum, continue; } + if (f2fs_has_inline_data(inode)) { + iput(inode); + set_sbi_flag(sbi, SBI_NEED_FSCK); + continue; Any race condtion to get this as false alarm? Since there is no reproducer for the bug, I doubt it was caused by metadata fuzzing, something like this: - inline inode has one valid blkaddr in i_addr or in dnode reference by i_nid; - SIT/SSA entry of the block is valid; - background GC migrates the block; - kworker writeback it, and trigger the bug_on(). Wasn't detected by sanity_check_inode? I fuzzed non-inline inode w/ below metadata fields: - i_blocks = 1 - i_size = 2048 - i_inline |= 0x02 sanity_check_inode() doesn't complain. Thanks, Thoughts? Thanks, + } + err = f2fs_gc_pinned_control(inode, gc_type, segno); if (err == -EAGAIN) { iput(inode); diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c index ac00423f117b..067600fed3d4 100644 --- a/fs/f2fs/inline.c +++ b/fs/f2fs/inline.c @@ -33,11 +33,26 @@ bool f2fs_may_inline_data(struct inode *inode) return !f2fs_post_read_required(inode); } -bool f2fs_sanity_check_inline_data(struct inode *inode) +static bool has_node_blocks(struct inode *inode, struct page *ipage) +{ + struct f2fs_inode *ri = F2FS_INODE(ipage); + int i; + + for (i = 0; i < DEF_NIDS_PER_INODE; i++) { + if (ri->i_nid[i]) + return true; + } + return false; +} + +bool f2fs_sanity_check_inline_data(struct inode *inode, struct page *ipage) { if (!f2fs_has_inline_data(inode)) return false; + if (has_node_blocks(inode, ipage)) + return false; + if (!support_inline_data(inode)) return true; diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c index c26effdce9aa..1423cd27a477 100644 --- a/fs/f2fs/inode.c +++ b/fs/f2fs/inode.c @@ -343,7 +343,7 @@ static bool sanity_check_inode(st
[f2fs-dev] [PATCH v2] f2fs: allow dirty sections with zero valid block for checkpoint disabled
From: Daeho Jeong Following the semantic for dirty segments in checkpoint disabled mode, apply the same rule to dirty sections. Signed-off-by: Daeho Jeong --- v2: simplified codes with the same logic --- fs/f2fs/segment.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index 6474b7338e81..cb0718cc1e47 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -771,8 +771,10 @@ static void __locate_dirty_segment(struct f2fs_sb_info *sbi, unsigned int segno, block_t valid_blocks = get_valid_blocks(sbi, segno, true); - f2fs_bug_on(sbi, unlikely(!valid_blocks || - valid_blocks == CAP_BLKS_PER_SEC(sbi))); + f2fs_bug_on(sbi, + (!is_sbi_flag_set(sbi, SBI_CP_DISABLED) && + !valid_blocks) || + valid_blocks == CAP_BLKS_PER_SEC(sbi)); if (!IS_CURSEC(sbi, secno)) set_bit(secno, dirty_i->dirty_secmap); -- 2.45.0.118.g7fe29c98d7-goog ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
[f2fs-dev] [PATCH v5 01/12] f2fs: drop usage of page_index
From: Kairui Song page_index is needed for mixed usage of page cache and swap cache, for pure page cache usage, the caller can just use page->index instead. It can't be a swap cache page here, so just drop it. [ This commit will not be needed once f2fs converted f2fs_mpage_readpages() to use folio] Signed-off-by: Kairui Song Cc: Chao Yu Cc: Jaegeuk Kim Cc: linux-f2fs-devel@lists.sourceforge.net --- fs/f2fs/data.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 961e6ff77c72..c0e1459702e6 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -2057,7 +2057,7 @@ static int f2fs_read_single_page(struct inode *inode, struct page *page, sector_t block_nr; int ret = 0; - block_in_file = (sector_t)page_index(page); + block_in_file = (sector_t)page->index; last_block = block_in_file + nr_pages; last_block_in_file = bytes_to_blks(inode, f2fs_readpage_limit(inode) + blocksize - 1); -- 2.45.0 ___ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel