From: Chao Yu via Linux-f2fs-devel <linux-f2fs-devel@lists.sourceforge.net>
To: jaegeuk@kernel.org
Cc: syzbot+b01a36acd7007e273a83@syzkaller.appspotmail.com,
linux-kernel@vger.kernel.org, Leo Stone <leocstone@gmail.com>,
linux-f2fs-devel@lists.sourceforge.net
Subject: [f2fs-dev] [PATCH v4] f2fs: add check for deleted inode
Date: Wed, 12 Feb 2025 15:27:42 +0800 [thread overview]
Message-ID: <20250212072742.977248-1-chao@kernel.org> (raw)
From: Leo Stone <leocstone@gmail.com>
The syzbot reproducer mounts a f2fs image, then tries to unlink an
existing file. However, the unlinked file already has a link count of 0
when it is read for the first time in do_read_inode().
Add a check to sanity_check_inode() for i_nlink == 0.
[Chao Yu: rebase the code and fix orphan inode recovery issue]
Reported-by: syzbot+b01a36acd7007e273a83@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=b01a36acd7007e273a83
Fixes: 39a53e0ce0df ("f2fs: add superblock and major in-memory structure")
Signed-off-by: Leo Stone <leocstone@gmail.com>
Signed-off-by: Chao Yu <chao@kernel.org>
---
fs/f2fs/checkpoint.c | 4 ++++
fs/f2fs/f2fs.h | 1 +
fs/f2fs/inode.c | 6 ++++++
3 files changed, 11 insertions(+)
diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c
index bd890738b94d..ada2c548645c 100644
--- a/fs/f2fs/checkpoint.c
+++ b/fs/f2fs/checkpoint.c
@@ -751,6 +751,8 @@ int f2fs_recover_orphan_inodes(struct f2fs_sb_info *sbi)
if (is_sbi_flag_set(sbi, SBI_IS_WRITABLE))
f2fs_info(sbi, "orphan cleanup on readonly fs");
+ set_sbi_flag(sbi, SBI_ORPHAN_RECOVERY);
+
start_blk = __start_cp_addr(sbi) + 1 + __cp_payload(sbi);
orphan_blocks = __start_sum_addr(sbi) - 1 - __cp_payload(sbi);
@@ -778,9 +780,11 @@ int f2fs_recover_orphan_inodes(struct f2fs_sb_info *sbi)
}
f2fs_put_page(page, 1);
}
+
/* clear Orphan Flag */
clear_ckpt_flags(sbi, CP_ORPHAN_PRESENT_FLAG);
out:
+ clear_sbi_flag(sbi, SBI_ORPHAN_RECOVERY);
set_sbi_flag(sbi, SBI_IS_RECOVERED);
return err;
diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index 05879c6dc4d6..1c75081c0c14 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -1322,6 +1322,7 @@ enum {
SBI_IS_CLOSE, /* specify unmounting */
SBI_NEED_FSCK, /* need fsck.f2fs to fix */
SBI_POR_DOING, /* recovery is doing or not */
+ SBI_ORPHAN_RECOVERY, /* orphan inodes recovery is doing */
SBI_NEED_SB_WRITE, /* need to recover superblock */
SBI_NEED_CP, /* need to checkpoint */
SBI_IS_SHUTDOWN, /* shutdown by ioctl */
diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c
index d6ad7810df69..02f1b69d03d8 100644
--- a/fs/f2fs/inode.c
+++ b/fs/f2fs/inode.c
@@ -386,6 +386,12 @@ static bool sanity_check_inode(struct inode *inode, struct page *node_page)
}
}
+ if (inode->i_nlink == 0 && !is_sbi_flag_set(sbi, SBI_ORPHAN_RECOVERY)) {
+ f2fs_warn(sbi, "%s: inode (ino=%lx) has a link count of 0",
+ __func__, inode->i_ino);
+ return false;
+ }
+
return true;
}
--
2.48.1.502.g6dc24dfdaf-goog
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
WARNING: multiple messages have this Message-ID (diff)
From: Chao Yu <chao@kernel.org>
To: jaegeuk@kernel.org
Cc: linux-f2fs-devel@lists.sourceforge.net,
linux-kernel@vger.kernel.org, Leo Stone <leocstone@gmail.com>,
syzbot+b01a36acd7007e273a83@syzkaller.appspotmail.com,
Chao Yu <chao@kernel.org>
Subject: [PATCH v4] f2fs: add check for deleted inode
Date: Wed, 12 Feb 2025 15:27:42 +0800 [thread overview]
Message-ID: <20250212072742.977248-1-chao@kernel.org> (raw)
From: Leo Stone <leocstone@gmail.com>
The syzbot reproducer mounts a f2fs image, then tries to unlink an
existing file. However, the unlinked file already has a link count of 0
when it is read for the first time in do_read_inode().
Add a check to sanity_check_inode() for i_nlink == 0.
[Chao Yu: rebase the code and fix orphan inode recovery issue]
Reported-by: syzbot+b01a36acd7007e273a83@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=b01a36acd7007e273a83
Fixes: 39a53e0ce0df ("f2fs: add superblock and major in-memory structure")
Signed-off-by: Leo Stone <leocstone@gmail.com>
Signed-off-by: Chao Yu <chao@kernel.org>
---
fs/f2fs/checkpoint.c | 4 ++++
fs/f2fs/f2fs.h | 1 +
fs/f2fs/inode.c | 6 ++++++
3 files changed, 11 insertions(+)
diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c
index bd890738b94d..ada2c548645c 100644
--- a/fs/f2fs/checkpoint.c
+++ b/fs/f2fs/checkpoint.c
@@ -751,6 +751,8 @@ int f2fs_recover_orphan_inodes(struct f2fs_sb_info *sbi)
if (is_sbi_flag_set(sbi, SBI_IS_WRITABLE))
f2fs_info(sbi, "orphan cleanup on readonly fs");
+ set_sbi_flag(sbi, SBI_ORPHAN_RECOVERY);
+
start_blk = __start_cp_addr(sbi) + 1 + __cp_payload(sbi);
orphan_blocks = __start_sum_addr(sbi) - 1 - __cp_payload(sbi);
@@ -778,9 +780,11 @@ int f2fs_recover_orphan_inodes(struct f2fs_sb_info *sbi)
}
f2fs_put_page(page, 1);
}
+
/* clear Orphan Flag */
clear_ckpt_flags(sbi, CP_ORPHAN_PRESENT_FLAG);
out:
+ clear_sbi_flag(sbi, SBI_ORPHAN_RECOVERY);
set_sbi_flag(sbi, SBI_IS_RECOVERED);
return err;
diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index 05879c6dc4d6..1c75081c0c14 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -1322,6 +1322,7 @@ enum {
SBI_IS_CLOSE, /* specify unmounting */
SBI_NEED_FSCK, /* need fsck.f2fs to fix */
SBI_POR_DOING, /* recovery is doing or not */
+ SBI_ORPHAN_RECOVERY, /* orphan inodes recovery is doing */
SBI_NEED_SB_WRITE, /* need to recover superblock */
SBI_NEED_CP, /* need to checkpoint */
SBI_IS_SHUTDOWN, /* shutdown by ioctl */
diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c
index d6ad7810df69..02f1b69d03d8 100644
--- a/fs/f2fs/inode.c
+++ b/fs/f2fs/inode.c
@@ -386,6 +386,12 @@ static bool sanity_check_inode(struct inode *inode, struct page *node_page)
}
}
+ if (inode->i_nlink == 0 && !is_sbi_flag_set(sbi, SBI_ORPHAN_RECOVERY)) {
+ f2fs_warn(sbi, "%s: inode (ino=%lx) has a link count of 0",
+ __func__, inode->i_ino);
+ return false;
+ }
+
return true;
}
--
2.48.1.502.g6dc24dfdaf-goog
next reply other threads:[~2025-02-12 7:28 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-12 7:27 Chao Yu via Linux-f2fs-devel [this message]
2025-02-12 7:27 ` [PATCH v4] f2fs: add check for deleted inode Chao Yu
2025-02-12 16:47 ` [f2fs-dev] " Jaegeuk Kim via Linux-f2fs-devel
2025-02-12 16:47 ` Jaegeuk Kim
2025-02-13 2:00 ` [f2fs-dev] " Chao Yu via Linux-f2fs-devel
2025-02-13 2:00 ` Chao Yu
2025-02-13 17:38 ` [f2fs-dev] " Jaegeuk Kim via Linux-f2fs-devel
2025-02-13 17:38 ` Jaegeuk Kim
2025-02-14 1:44 ` [f2fs-dev] " Chao Yu via Linux-f2fs-devel
2025-02-14 1:44 ` Chao Yu
2025-02-24 10:47 ` [f2fs-dev] " Chao Yu via Linux-f2fs-devel
2025-02-24 10:47 ` Chao Yu
2025-02-26 3:28 ` [f2fs-dev] " Jaegeuk Kim via Linux-f2fs-devel
2025-02-26 3:28 ` Jaegeuk Kim
2025-02-26 3:49 ` [f2fs-dev] " Chao Yu via Linux-f2fs-devel
2025-02-26 3:49 ` Chao Yu
2025-02-26 17:15 ` [f2fs-dev] " Jaegeuk Kim via Linux-f2fs-devel
2025-02-26 17:15 ` Jaegeuk Kim
2025-02-28 1:49 ` [f2fs-dev] " Chao Yu via Linux-f2fs-devel
2025-02-28 1:49 ` Chao Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250212072742.977248-1-chao@kernel.org \
--to=linux-f2fs-devel@lists.sourceforge.net \
--cc=chao@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=leocstone@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=syzbot+b01a36acd7007e273a83@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.