1. 31 May, 2018 35 commits
    • Colin Ian King's avatar
      f2fs: fix spelling mistake: "extenstion" -> "extension" · 4580038e
      Colin Ian King authored
      Trivial fix to spelling mistake in extension list text
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Reviewed-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      4580038e
    • Jaegeuk Kim's avatar
      f2fs: enhance sanity_check_raw_super() to avoid potential overflows · 0cfe75c5
      Jaegeuk Kim authored
      In order to avoid the below overflow issue, we should have checked the
      boundaries in superblock before reaching out to allocation. As Linus suggested,
      the right place should be sanity_check_raw_super().
      
      Dr Silvio Cesare of InfoSect reported:
      
      There are integer overflows with using the cp_payload superblock field in the
      f2fs filesystem potentially leading to memory corruption.
      
      include/linux/f2fs_fs.h
      
      struct f2fs_super_block {
      ...
              __le32 cp_payload;
      
      fs/f2fs/f2fs.h
      
      typedef u32 block_t;    /*
                               * should not change u32, since it is the on-disk block
                               * address format, __le32.
                               */
      ...
      
      static inline block_t __cp_payload(struct f2fs_sb_info *sbi)
      {
              return le32_to_cpu(F2FS_RAW_SUPER(sbi)->cp_payload);
      }
      
      fs/f2fs/checkpoint.c
      
              block_t start_blk, orphan_blocks, i, j;
      ...
              start_blk = __start_cp_addr(sbi) + 1 + __cp_payload(sbi);
              orphan_blocks = __start_sum_addr(sbi) - 1 - __cp_payload(sbi);
      
      +++ integer overflows
      
      ...
              unsigned int cp_blks = 1 + __cp_payload(sbi);
      ...
              sbi->ckpt = kzalloc(cp_blks * blk_size, GFP_KERNEL);
      
      +++ integer overflow leading to incorrect heap allocation.
      
              int cp_payload_blks = __cp_payload(sbi);
      ...
              ckpt->cp_pack_start_sum = cpu_to_le32(1 + cp_payload_blks +
                              orphan_blocks);
      
      +++ sign bug and integer overflow
      
      ...
              for (i = 1; i < 1 + cp_payload_blks; i++)
      
      +++ integer overflow
      
      ...
      
            sbi->max_orphans = (sbi->blocks_per_seg - F2FS_CP_PACKS -
                              NR_CURSEG_TYPE - __cp_payload(sbi)) *
                                      F2FS_ORPHANS_PER_BLOCK;
      
      +++ integer overflow
      Reported-by: default avatarGreg KH <greg@kroah.com>
      Reported-by: default avatarSilvio Cesare <silvio.cesare@gmail.com>
      Suggested-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Reviewed-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      0cfe75c5
    • Chao Yu's avatar
      f2fs: treat volatile file's data as hot one · b4c3ca8b
      Chao Yu authored
      Volatile file's data will be updated oftenly, so it'd better to place
      its data into hot data segment.
      
      In addition, for atomic file, we change to check FI_ATOMIC_FILE instead
      of FI_HOT_DATA to make code readability better.
      Signed-off-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      b4c3ca8b
    • Chao Yu's avatar
      f2fs: introduce release_discard_addr() for cleanup · af8ff65b
      Chao Yu authored
      Introduce release_discard_addr() to include common codes for cleanup.
      Signed-off-by: default avatarChao Yu <yuchao0@huawei.com>
      [Fengguang Wu: declare static function, reported by kbuild test robot]
      Signed-off-by: default avatarFengguang Wu <fengguang.wu@intel.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      af8ff65b
    • Chao Yu's avatar
      f2fs: fix potential overflow · a9af3fdc
      Chao Yu authored
      In build_sit_entries(), if valid_blocks in SIT block is smaller than
      valid_blocks in journal, for below calculation:
      
      sbi->discard_blks += old_valid_blocks - se->valid_blocks;
      
      There will be two times potential overflow:
      - old_valid_blocks - se->valid_blocks will overflow, and be a very
      large number.
      - sbi->discard_blks += result will overflow again, comes out a correct
      result accidently.
      
      Anyway, it should be fixed.
      
      Fixes: d600af23 ("f2fs: avoid unneeded loop in build_sit_entries")
      Fixes: 1f43e2ad ("f2fs: introduce CP_TRIMMED_FLAG to avoid unneeded discard")
      Signed-off-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      a9af3fdc
    • Chao Yu's avatar
      f2fs: rename dio_rwsem to i_gc_rwsem · b2532c69
      Chao Yu authored
      RW semphore dio_rwsem in struct f2fs_inode_info is introduced to avoid
      race between dio and data gc, but now, it is more wildly used to avoid
      foreground operation vs data gc. So rename it to i_gc_rwsem to improve
      its readability.
      Signed-off-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      b2532c69
    • Yunlei He's avatar
      f2fs: move mnt_want_write_file after range check · b82f6e34
      Yunlei He authored
      This patch move mnt_want_write_file after range check,
      it's needless to check arguments with it.
      Signed-off-by: default avatarYunlei He <heyunlei@huawei.com>
      Reviewed-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      b82f6e34
    • Yunlei He's avatar
      f2fs: fix missing clear FI_NO_PREALLOC in some error case · cba41be0
      Yunlei He authored
      This patch fix missing clear FI_NO_PREALLOC in some error case
      Signed-off-by: default avatarYunlei He <heyunlei@huawei.com>
      Reviewed-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      cba41be0
    • Jaegeuk Kim's avatar
      f2fs: enforce fsync_mode=strict for renamed directory · ade990f9
      Jaegeuk Kim authored
      This is to give a option for user to be able to recover B/foo in the below
      case.
      
      mkdir A
      sync()
      rename(A, B)
      creat (B/foo)
      fsync (B/foo)
      ---crash---
      Sugessted-by: default avatarVelayudhan Pillai <vijay@cs.utexas.edu>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      ade990f9
    • Jaegeuk Kim's avatar
      f2fs: sanity check for total valid node blocks · 8a29c126
      Jaegeuk Kim authored
      This patch enhances sanity check for SIT entries.
      
      syzbot hit the following crash on upstream commit
      83beed7b (Fri Apr 20 17:56:32 2018 +0000)
      Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal
      syzbot dashboard link: https://syzkaller.appspot.com/bug?extid=bf9253040425feb155ad
      
      syzkaller reproducer: https://syzkaller.appspot.com/x/repro.syz?id=5692130282438656
      Raw console output: https://syzkaller.appspot.com/x/log.txt?id=5095924598571008
      Kernel config: https://syzkaller.appspot.com/x/.config?id=1808800213120130118
      compiler: gcc (GCC) 8.0.1 20180413 (experimental)
      
      IMPORTANT: if you fix the bug, please add the following tag to the commit:
      Reported-by: syzbot+bf9253040425feb155ad@syzkaller.appspotmail.com
      It will help syzbot understand when the bug is fixed. See footer for details.
      If you forward the report, please keep this part and the footer.
      
      F2FS-fs (loop0): invalid crc value
      F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
      F2FS-fs (loop0): Mounted with checkpoint version = d
      F2FS-fs (loop0): Bitmap was wrongly cleared, blk:9740
      ------------[ cut here ]------------
      kernel BUG at fs/f2fs/segment.c:1884!
      invalid opcode: 0000 [#1] SMP KASAN
      Dumping ftrace buffer:
         (ftrace buffer empty)
      Modules linked in:
      CPU: 1 PID: 4508 Comm: syz-executor0 Not tainted 4.17.0-rc1+ #10
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      RIP: 0010:update_sit_entry+0x1215/0x1590 fs/f2fs/segment.c:1882
      RSP: 0018:ffff8801af526708 EFLAGS: 00010282
      RAX: ffffed0035ea4cc0 RBX: ffff8801ad454f90 RCX: 0000000000000000
      RDX: 0000000000000000 RSI: ffffffff82eeb87e RDI: ffffed0035ea4cb6
      RBP: ffff8801af526760 R08: ffff8801ad4a2480 R09: ffffed003b5e4f90
      R10: ffffed003b5e4f90 R11: ffff8801daf27c87 R12: ffff8801adb8d380
      R13: 0000000000000001 R14: 0000000000000008 R15: 00000000ffffffff
      FS:  00000000014af940(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00007f06bc223000 CR3: 00000001adb02000 CR4: 00000000001406e0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       allocate_data_block+0x66f/0x2050 fs/f2fs/segment.c:2663
       do_write_page+0x105/0x1b0 fs/f2fs/segment.c:2727
       write_node_page+0x129/0x350 fs/f2fs/segment.c:2770
       __write_node_page+0x7da/0x1370 fs/f2fs/node.c:1398
       sync_node_pages+0x18cf/0x1eb0 fs/f2fs/node.c:1652
       block_operations+0x429/0xa60 fs/f2fs/checkpoint.c:1088
       write_checkpoint+0x3ba/0x5380 fs/f2fs/checkpoint.c:1405
       f2fs_sync_fs+0x2fb/0x6a0 fs/f2fs/super.c:1077
       __sync_filesystem fs/sync.c:39 [inline]
       sync_filesystem+0x265/0x310 fs/sync.c:67
       generic_shutdown_super+0xd7/0x520 fs/super.c:429
       kill_block_super+0xa4/0x100 fs/super.c:1191
       kill_f2fs_super+0x9f/0xd0 fs/f2fs/super.c:3030
       deactivate_locked_super+0x97/0x100 fs/super.c:316
       deactivate_super+0x188/0x1b0 fs/super.c:347
       cleanup_mnt+0xbf/0x160 fs/namespace.c:1174
       __cleanup_mnt+0x16/0x20 fs/namespace.c:1181
       task_work_run+0x1e4/0x290 kernel/task_work.c:113
       tracehook_notify_resume include/linux/tracehook.h:191 [inline]
       exit_to_usermode_loop+0x2bd/0x310 arch/x86/entry/common.c:166
       prepare_exit_to_usermode arch/x86/entry/common.c:196 [inline]
       syscall_return_slowpath arch/x86/entry/common.c:265 [inline]
       do_syscall_64+0x6ac/0x800 arch/x86/entry/common.c:290
       entry_SYSCALL_64_after_hwframe+0x49/0xbe
      RIP: 0033:0x457d97
      RSP: 002b:00007ffd46f9c8e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
      RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000457d97
      RDX: 00000000014b09a3 RSI: 0000000000000002 RDI: 00007ffd46f9da50
      RBP: 00007ffd46f9da50 R08: 0000000000000000 R09: 0000000000000009
      R10: 0000000000000005 R11: 0000000000000246 R12: 00000000014b0940
      R13: 0000000000000000 R14: 0000000000000002 R15: 000000000000658e
      RIP: update_sit_entry+0x1215/0x1590 fs/f2fs/segment.c:1882 RSP: ffff8801af526708
      ---[ end trace f498328bb02610a2 ]---
      
      Reported-and-tested-by: syzbot+bf9253040425feb155ad@syzkaller.appspotmail.com
      Reported-and-tested-by: syzbot+7d6d31d3bc702f566ce3@syzkaller.appspotmail.com
      Reported-and-tested-by: syzbot+0a725420475916460f12@syzkaller.appspotmail.com
      Reviewed-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      8a29c126
    • Jaegeuk Kim's avatar
      f2fs: sanity check on sit entry · b2ca374f
      Jaegeuk Kim authored
      syzbot hit the following crash on upstream commit
      87ef1202 (Wed Apr 18 19:48:17 2018 +0000)
      Merge tag 'ceph-for-4.17-rc2' of git://github.com/ceph/ceph-client
      syzbot dashboard link: https://syzkaller.appspot.com/bug?extid=83699adeb2d13579c31e
      
      C reproducer: https://syzkaller.appspot.com/x/repro.c?id=5805208181407744
      syzkaller reproducer: https://syzkaller.appspot.com/x/repro.syz?id=6005073343676416
      Raw console output: https://syzkaller.appspot.com/x/log.txt?id=6555047731134464
      Kernel config: https://syzkaller.appspot.com/x/.config?id=1808800213120130118
      compiler: gcc (GCC) 8.0.1 20180413 (experimental)
      
      IMPORTANT: if you fix the bug, please add the following tag to the commit:
      Reported-by: syzbot+83699adeb2d13579c31e@syzkaller.appspotmail.com
      It will help syzbot understand when the bug is fixed. See footer for details.
      If you forward the report, please keep this part and the footer.
      
      F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
      F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
      F2FS-fs (loop0): invalid crc value
      BUG: unable to handle kernel paging request at ffffed006b2a50c0
      PGD 21ffee067 P4D 21ffee067 PUD 21fbeb067 PMD 0
      Oops: 0000 [#1] SMP KASAN
      Dumping ftrace buffer:
         (ftrace buffer empty)
      Modules linked in:
      CPU: 0 PID: 4514 Comm: syzkaller989480 Not tainted 4.17.0-rc1+ #8
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      RIP: 0010:build_sit_entries fs/f2fs/segment.c:3653 [inline]
      RIP: 0010:build_segment_manager+0x7ef7/0xbf70 fs/f2fs/segment.c:3852
      RSP: 0018:ffff8801b102e5b0 EFLAGS: 00010a06
      RAX: 1ffff1006b2a50c0 RBX: 0000000000000004 RCX: 0000000000000001
      RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8801ac74243e
      RBP: ffff8801b102f410 R08: ffff8801acbd46c0 R09: fffffbfff14d9af8
      R10: fffffbfff14d9af8 R11: ffff8801acbd46c0 R12: ffff8801ac742a80
      R13: ffff8801d9519100 R14: dffffc0000000000 R15: ffff880359528600
      FS:  0000000001e04880(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: ffffed006b2a50c0 CR3: 00000001ac6ac000 CR4: 00000000001406f0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       f2fs_fill_super+0x4095/0x7bf0 fs/f2fs/super.c:2803
       mount_bdev+0x30c/0x3e0 fs/super.c:1165
       f2fs_mount+0x34/0x40 fs/f2fs/super.c:3020
       mount_fs+0xae/0x328 fs/super.c:1268
       vfs_kern_mount.part.34+0xd4/0x4d0 fs/namespace.c:1037
       vfs_kern_mount fs/namespace.c:1027 [inline]
       do_new_mount fs/namespace.c:2517 [inline]
       do_mount+0x564/0x3070 fs/namespace.c:2847
       ksys_mount+0x12d/0x140 fs/namespace.c:3063
       __do_sys_mount fs/namespace.c:3077 [inline]
       __se_sys_mount fs/namespace.c:3074 [inline]
       __x64_sys_mount+0xbe/0x150 fs/namespace.c:3074
       do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
       entry_SYSCALL_64_after_hwframe+0x49/0xbe
      RIP: 0033:0x443d6a
      RSP: 002b:00007ffd312813c8 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5
      RAX: ffffffffffffffda RBX: 0000000020000c00 RCX: 0000000000443d6a
      RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffd312813d0
      RBP: 0000000000000003 R08: 0000000020016a00 R09: 000000000000000a
      R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000004
      R13: 0000000000402c60 R14: 0000000000000000 R15: 0000000000000000
      RIP: build_sit_entries fs/f2fs/segment.c:3653 [inline] RSP: ffff8801b102e5b0
      RIP: build_segment_manager+0x7ef7/0xbf70 fs/f2fs/segment.c:3852 RSP: ffff8801b102e5b0
      CR2: ffffed006b2a50c0
      ---[ end trace a2034989e196ff17 ]---
      
      Reported-and-tested-by: syzbot+83699adeb2d13579c31e@syzkaller.appspotmail.com
      Reviewed-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      b2ca374f
    • Jaegeuk Kim's avatar
      f2fs: avoid bug_on on corrupted inode · 5d64600d
      Jaegeuk Kim authored
      syzbot has tested the proposed patch but the reproducer still triggered crash:
      kernel BUG at fs/f2fs/inode.c:LINE!
      
      F2FS-fs (loop1): invalid crc value
      F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0)
      F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
      F2FS-fs (loop5): invalid crc value
      ------------[ cut here ]------------
      kernel BUG at fs/f2fs/inode.c:238!
      invalid opcode: 0000 [#1] SMP KASAN
      Dumping ftrace buffer:
         (ftrace buffer empty)
      Modules linked in:
      CPU: 1 PID: 4886 Comm: syz-executor1 Not tainted 4.17.0-rc1+ #1
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      RIP: 0010:do_read_inode fs/f2fs/inode.c:238 [inline]
      RIP: 0010:f2fs_iget+0x3307/0x3ca0 fs/f2fs/inode.c:313
      RSP: 0018:ffff8801c44a70e8 EFLAGS: 00010293
      RAX: ffff8801ce208040 RBX: ffff8801b3621080 RCX: ffffffff82eace18
      F2FS-fs (loop2): Magic Mismatch, valid(0xf2f52010) - read(0x0)
      RDX: 0000000000000000 RSI: ffffffff82eaf047 RDI: 0000000000000007
      RBP: ffff8801c44a7410 R08: ffff8801ce208040 R09: ffffed0039ee4176
      R10: ffffed0039ee4176 R11: ffff8801cf720bb7 R12: ffff8801c0efa000
      R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000
      FS:  00007f753aa9d700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
      ------------[ cut here ]------------
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      kernel BUG at fs/f2fs/inode.c:238!
      CR2: 0000000001b03018 CR3: 00000001c8b74000 CR4: 00000000001406e0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       f2fs_fill_super+0x4377/0x7bf0 fs/f2fs/super.c:2842
       mount_bdev+0x30c/0x3e0 fs/super.c:1165
       f2fs_mount+0x34/0x40 fs/f2fs/super.c:3020
       mount_fs+0xae/0x328 fs/super.c:1268
       vfs_kern_mount.part.34+0xd4/0x4d0 fs/namespace.c:1037
       vfs_kern_mount fs/namespace.c:1027 [inline]
       do_new_mount fs/namespace.c:2517 [inline]
       do_mount+0x564/0x3070 fs/namespace.c:2847
       ksys_mount+0x12d/0x140 fs/namespace.c:3063
       __do_sys_mount fs/namespace.c:3077 [inline]
       __se_sys_mount fs/namespace.c:3074 [inline]
       __x64_sys_mount+0xbe/0x150 fs/namespace.c:3074
       do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
       entry_SYSCALL_64_after_hwframe+0x49/0xbe
      RIP: 0033:0x457daa
      RSP: 002b:00007f753aa9cba8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
      RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000000457daa
      RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f753aa9cbf0
      RBP: 0000000000000064 R08: 0000000020016a00 R09: 0000000020000000
      R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
      R13: 0000000000000064 R14: 00000000006fcb80 R15: 0000000000000000
      RIP: do_read_inode fs/f2fs/inode.c:238 [inline] RSP: ffff8801c44a70e8
      RIP: f2fs_iget+0x3307/0x3ca0 fs/f2fs/inode.c:313 RSP: ffff8801c44a70e8
      invalid opcode: 0000 [#2] SMP KASAN
      ---[ end trace 1cbcbec2156680bc ]---
      
      Reported-and-tested-by: syzbot+41a1b341571f0952badb@syzkaller.appspotmail.com
      Reviewed-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      5d64600d
    • Jaegeuk Kim's avatar
      f2fs: give message and set need_fsck given broken node id · a4f843bd
      Jaegeuk Kim authored
      syzbot hit the following crash on upstream commit
      83beed7b (Fri Apr 20 17:56:32 2018 +0000)
      Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal
      syzbot dashboard link: https://syzkaller.appspot.com/bug?extid=d154ec99402c6f628887
      
      C reproducer: https://syzkaller.appspot.com/x/repro.c?id=5414336294027264
      syzkaller reproducer: https://syzkaller.appspot.com/x/repro.syz?id=5471683234234368
      Raw console output: https://syzkaller.appspot.com/x/log.txt?id=5436660795834368
      Kernel config: https://syzkaller.appspot.com/x/.config?id=1808800213120130118
      compiler: gcc (GCC) 8.0.1 20180413 (experimental)
      
      IMPORTANT: if you fix the bug, please add the following tag to the commit:
      Reported-by: syzbot+d154ec99402c6f628887@syzkaller.appspotmail.com
      It will help syzbot understand when the bug is fixed. See footer for details.
      If you forward the report, please keep this part and the footer.
      
      F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
      F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
      F2FS-fs (loop0): invalid crc value
      ------------[ cut here ]------------
      kernel BUG at fs/f2fs/node.c:1185!
      invalid opcode: 0000 [#1] SMP KASAN
      Dumping ftrace buffer:
         (ftrace buffer empty)
      Modules linked in:
      CPU: 1 PID: 4549 Comm: syzkaller704305 Not tainted 4.17.0-rc1+ #10
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      RIP: 0010:__get_node_page+0xb68/0x16e0 fs/f2fs/node.c:1185
      RSP: 0018:ffff8801d960e820 EFLAGS: 00010293
      RAX: ffff8801d88205c0 RBX: 0000000000000003 RCX: ffffffff82f6cc06
      RDX: 0000000000000000 RSI: ffffffff82f6d5e8 RDI: 0000000000000004
      RBP: ffff8801d960ec30 R08: ffff8801d88205c0 R09: ffffed003b5e46c2
      R10: 0000000000000003 R11: 0000000000000003 R12: ffff8801a86e00c0
      R13: 0000000000000001 R14: ffff8801a86e0530 R15: ffff8801d9745240
      FS:  000000000072c880(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 00007f3d403209b8 CR3: 00000001d8f3f000 CR4: 00000000001406e0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       get_node_page fs/f2fs/node.c:1237 [inline]
       truncate_xattr_node+0x152/0x2e0 fs/f2fs/node.c:1014
       remove_inode_page+0x200/0xaf0 fs/f2fs/node.c:1039
       f2fs_evict_inode+0xe86/0x1710 fs/f2fs/inode.c:547
       evict+0x4a6/0x960 fs/inode.c:557
       iput_final fs/inode.c:1519 [inline]
       iput+0x62d/0xa80 fs/inode.c:1545
       f2fs_fill_super+0x5f4e/0x7bf0 fs/f2fs/super.c:2849
       mount_bdev+0x30c/0x3e0 fs/super.c:1164
       f2fs_mount+0x34/0x40 fs/f2fs/super.c:3020
       mount_fs+0xae/0x328 fs/super.c:1267
       vfs_kern_mount.part.34+0xd4/0x4d0 fs/namespace.c:1037
       vfs_kern_mount fs/namespace.c:1027 [inline]
       do_new_mount fs/namespace.c:2518 [inline]
       do_mount+0x564/0x3070 fs/namespace.c:2848
       ksys_mount+0x12d/0x140 fs/namespace.c:3064
       __do_sys_mount fs/namespace.c:3078 [inline]
       __se_sys_mount fs/namespace.c:3075 [inline]
       __x64_sys_mount+0xbe/0x150 fs/namespace.c:3075
       do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
       entry_SYSCALL_64_after_hwframe+0x49/0xbe
      RIP: 0033:0x443dea
      RSP: 002b:00007ffcc7882368 EFLAGS: 00000297 ORIG_RAX: 00000000000000a5
      RAX: ffffffffffffffda RBX: 0000000020000c00 RCX: 0000000000443dea
      RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007ffcc7882370
      RBP: 0000000000000003 R08: 0000000020016a00 R09: 000000000000000a
      R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000004
      R13: 0000000000402ce0 R14: 0000000000000000 R15: 0000000000000000
      RIP: __get_node_page+0xb68/0x16e0 fs/f2fs/node.c:1185 RSP: ffff8801d960e820
      ---[ end trace 4edbeb71f002bb76 ]---
      
      Reported-and-tested-by: syzbot+d154ec99402c6f628887@syzkaller.appspotmail.com
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      a4f843bd
    • Eric Biggers's avatar
      f2fs: fix features filename in sysfs documentation · 9ac19faa
      Eric Biggers authored
      The file is called "features", not "feature".
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Reviewed-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      9ac19faa
    • Chao Yu's avatar
      f2fs: clean up commit_inmem_pages() · cf52b27a
      Chao Yu authored
      This patch moves error handling from commit_inmem_pages() into
      __commit_inmem_page() for cleanup, no logic change.
      Signed-off-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      cf52b27a
    • Sheng Yong's avatar
      f2fs: do not check F2FS_INLINE_DOTS in recover · eff15c2a
      Sheng Yong authored
      Only dir may have F2FS_INLINE_DOTS flag, so there is no need to check
      the flag in recover flow.
      Signed-off-by: default avatarSheng Yong <shengyong1@huawei.com>
      Reviewed-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      eff15c2a
    • Sheng Yong's avatar
      f2fs: remove duplicated dquot_initialize and fix error handling · a515d12f
      Sheng Yong authored
      This patch removes duplicated dquot_initialize in recover_orphan_inode(),
      and fix the error handling if dquot_initialize fails.
      Signed-off-by: default avatarSheng Yong <shengyong1@huawei.com>
      Reviewed-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      a515d12f
    • Chao Yu's avatar
      f2fs: fix to detect failure of dquot_initialize · c22aecd7
      Chao Yu authored
      dquot_initialize() can fail due to any exception inside quota subsystem,
      f2fs needs to be aware of it, and return correct return value to caller.
      Signed-off-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      c22aecd7
    • Yunlei He's avatar
      f2fs: stop issue discard if something wrong with f2fs · d6184774
      Yunlei He authored
      v4->v5: move data corruption check to __submit_discard_cmd, in order to
      control discard io submitted more accurately, besides, increase async
      thread wait time if data corruption detected.
      
      This patch stop async thread and umount process to issue discard
      if something wrong with f2fs, which is similar to fstrim.
      Signed-off-by: default avatarYunlei He <heyunlei@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      d6184774
    • Chao Yu's avatar
      f2fs: fix return value in f2fs_ioc_commit_atomic_write · b169c3c5
      Chao Yu authored
      In f2fs_ioc_commit_atomic_write, if file is volatile, return -EINVAL to
      indicate that commit failure.
      Signed-off-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      b169c3c5
    • Yunlei He's avatar
      f2fs: allocate hot_data for atomic write more strictly · 054afda9
      Yunlei He authored
      If a file not set type as hot, has dirty pages more than
      threshold 64 before starting atomic write, may be lose hot
      flag.
      
      v1->v2: move set FI_ATOMIC_FILE flag behind flush dirty pages too,
      in case of dirty pages before starting atomic use atomic mode to
      write back.
      Signed-off-by: default avatarYunlei He <heyunlei@huawei.com>
      Reviewed-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      054afda9
    • Sheng Yong's avatar
      f2fs: check if inmem_pages list is empty correctly · d0891e84
      Sheng Yong authored
      `cur' will never be NULL, we should check inmem_pages list instead.
      Signed-off-by: default avatarSheng Yong <shengyong1@huawei.com>
      Reviewed-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      d0891e84
    • Chao Yu's avatar
      f2fs: fix race in between GC and atomic open · 27319ba4
      Chao Yu authored
      Thread					GC thread
      - f2fs_ioc_start_atomic_write
       - get_dirty_pages
       - filemap_write_and_wait_range
      					- f2fs_gc
      					 - do_garbage_collect
      					  - gc_data_segment
      					   - move_data_page
      					    - f2fs_is_atomic_file
      					    - set_page_dirty
       - set_inode_flag(, FI_ATOMIC_FILE)
      
      Dirty data page can still be generated by GC in race condition as
      above call stack.
      
      This patch adds fi->dio_rwsem[WRITE] in f2fs_ioc_start_atomic_write
      to avoid such race.
      Signed-off-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      27319ba4
    • Souptick Joarder's avatar
      fs: f2fs: Adding new return type vm_fault_t · ea4d479b
      Souptick Joarder authored
      Use new return type vm_fault_t for page_mkwrite
      and fault handler.
      Signed-off-by: default avatarSouptick Joarder <jrdr.linux@gmail.com>
      Reviewed-by: default avatarMatthew Wilcox <mawilcox@microsoft.com>
      Acked-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      ea4d479b
    • Zhikang Zhang's avatar
      f2fs: change le32 to le16 of f2fs_inode->i_extra_size · d6964949
      Zhikang Zhang authored
      In the structure of f2fs_inode, i_extra_size's type is __le16,
      so we should keep type consistent when using it.
      
      Fixes: 704956ec ("f2fs: support inode checksum")
      Signed-off-by: default avatarZhikang Zhang <zhangzhikang1@huawei.com>
      Signed-off-by: default avatarYunlei He <heyunlei@huawei.com>
      Reviewed-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      d6964949
    • Zhikang Zhang's avatar
      f2fs: check cur_valid_map_mir & raw_sit block count when flush sit entries · 56b07e7e
      Zhikang Zhang authored
      We should check valid_map_mir and block count to ensure
      the flushed raw_sit is correct.
      Signed-off-by: default avatarZhikang Zhang <zhangzhikang1@huawei.com>
      Signed-off-by: default avatarYunlei He <heyunlei@huawei.com>
      Reviewed-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      56b07e7e
    • Chao Yu's avatar
      f2fs: correct return value of f2fs_trim_fs · 3d165dc3
      Chao Yu authored
      Correct return value in two cases:
      - return EINVAL if end boundary is out-of-range.
      - return EIO if fs needs off-line check.
      Signed-off-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      3d165dc3
    • Chao Yu's avatar
      f2fs: fix to show missing bits in FS_IOC_GETFLAGS · 76481158
      Chao Yu authored
      This patch fixes to show missing encrypt/inline_data flag in
      FS_IOC_GETFLAGS like ext4 does.
      Signed-off-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      76481158
    • Chao Yu's avatar
      f2fs: remove unneeded F2FS_PROJINHERIT_FL · c807a7cb
      Chao Yu authored
      Now F2FS_FL_USER_VISIBLE and F2FS_FL_USER_MODIFIABLE has included
      F2FS_PROJINHERIT_FL, so remove unneeded F2FS_PROJINHERIT_FL when
      using visible/modifiable flag macro.
      Signed-off-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      c807a7cb
    • Chao Yu's avatar
      f2fs: don't use GFP_ZERO for page caches · 81114baa
      Chao Yu authored
      Related to https://lkml.org/lkml/2018/4/8/661
      
      Sometimes, we need to write meta data to new allocated block address,
      then we will allocate a zeroed page in inner inode's address space, and
      fill partial data in it, and leave other place with zero value which means
      some fields are initial status.
      
      There are two inner inodes (meta inode and node inode) setting __GFP_ZERO,
      I have just checked them, for both of them, we can avoid using __GFP_ZERO,
      and do initialization by ourselves to avoid unneeded/redundant zeroing
      from mm.
      
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      81114baa
    • Yunlei He's avatar
      f2fs: issue all big range discards in umount process · 241b493d
      Yunlei He authored
      This patch modify max_requests to UINT_MAX, to issue
      all big range discards in umount.
      Signed-off-by: default avatarYunlei He <heyunlei@huawei.com>
      Reviewed-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      241b493d
    • Chao Yu's avatar
      f2fs: remove redundant block plug · 47cca3d6
      Chao Yu authored
      For buffered IO, we don't need to use block plug to cache bio,
      for direct IO, generic f2fs_direct_IO has already added block
      plug, so let's remove redundant one in .write_iter.
      
      As Yunlei described in his patch:
      
      -f2fs_file_write_iter
        -blk_start_plug
          -__generic_file_write_iter
      	...
      	  -do_blockdev_direct_IO
      	    -blk_start_plug
      		...
      	    -blk_finish_plug
      	...
        -blk_finish_plug
      
      which may conduct performance decrease in our platform
      Signed-off-by: default avatarYunlei He <heyunlei@huawei.com>
      Signed-off-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      47cca3d6
    • Yunlong Song's avatar
      f2fs: remove unmatched zero_user_segment when convert inline dentry · 80452498
      Yunlong Song authored
      Since the layout of regular dentry block is different from inline dentry
      block, zero_user_segment starting from MAX_INLINE_DATA(dir) is not
      correct for regular dentry block, besides, bitmap is already copied and
      used, so there is no necessary to zero page at all, so just remove the
      zero_user_segment is OK.
      Signed-off-by: default avatarYunlong Song <yunlong.song@huawei.com>
      Reviewed-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      80452498
    • Chao Yu's avatar
      f2fs: introduce private inode status mapping · 59c84408
      Chao Yu authored
      Previously, we use generic FS_*_FL defined by vfs to indicate inode status
      for each bit of i_flags, so f2fs's flag status definition is tied to vfs'
      one, it will be hard for f2fs to reuse bits f2fs never used to indicate
      new status..
      
      In order to solve this issue, we introduce private inode status mapping,
      Note, for these bits have already been persisted into disk, we should
      never change their definition, for other ones, we can remap them for
      later new coming status.
      Signed-off-by: default avatarChao Yu <yuchao0@huawei.com>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      59c84408
    • Jaegeuk Kim's avatar
      f2fs: run fstrim asynchronously if runtime discard is on · e555da9f
      Jaegeuk Kim authored
      We don't need to wait for whole bunch of discard candidates in fstrim, since
      runtime discard will issue them in idle time.
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      e555da9f
  2. 30 May, 2018 3 commits
  3. 29 May, 2018 2 commits