From: Sasha Levin <sashal@kernel.org>
To: stable@vger.kernel.org
Cc: jianqi.ren.cn@windriver.com, Sasha Levin <sashal@kernel.org>
Subject: Re: [PATCH 6.1.y] f2fs: fix to cover read extent cache access with lock
Date: Mon, 12 May 2025 14:05:44 -0400 [thread overview]
Message-ID: <20250511195936-bcaf6f53ebd59af9@stable.kernel.org> (raw)
In-Reply-To: <20250509024654.3233384-1-jianqi.ren.cn@windriver.com>
[ Sasha's backport helper bot ]
Hi,
✅ All tests passed successfully. No issues detected.
No action required from the submitter.
The upstream commit SHA1 provided is correct: d7409b05a64f212735f0d33f5f1602051a886eab
WARNING: Author mismatch between patch and upstream commit:
Backport author: <jianqi.ren.cn@windriver.com>
Commit author: Chao Yu<chao@kernel.org>
Status in newer kernel trees:
6.14.y | Present (exact SHA1)
6.12.y | Present (exact SHA1)
6.6.y | Present (different SHA1: 263df78166d3)
Note: The patch differs from the upstream commit:
---
1: d7409b05a64f2 ! 1: ac73e346ab4ec f2fs: fix to cover read extent cache access with lock
@@ Metadata
## Commit message ##
f2fs: fix to cover read extent cache access with lock
+ [ Upstream commit d7409b05a64f212735f0d33f5f1602051a886eab ]
+
syzbot reports a f2fs bug as below:
BUG: KASAN: slab-use-after-free in sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46
@@ Commit message
Closes: https://lore.kernel.org/linux-f2fs-devel/00000000000009beea061740a531@google.com
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
+ [Minor conflict resolved due to code context change.]
+ Signed-off-by: Jianqi Ren <jianqi.ren.cn@windriver.com>
+ Signed-off-by: He Zhe <zhe.he@windriver.com>
## fs/f2fs/extent_cache.c ##
@@
@@ fs/f2fs/extent_cache.c
{
struct f2fs_sb_info *sbi = F2FS_I_SB(inode);
- struct f2fs_inode_info *fi = F2FS_I(inode);
-- struct extent_tree *et = fi->extent_tree[EX_READ];
- struct extent_info *ei;
--
-- if (!et)
-- return true;
+ struct f2fs_extent *i_ext = &F2FS_INODE(ipage)->i_ext;
+ struct extent_info ei;
-- ei = &et->largest;
-- if (!ei->len)
+- if (!fi->extent_tree[EX_READ])
- return true;
+ get_read_extent_info(&ei, i_ext);
-- /* Let's drop, if checkpoint got corrupted. */
-- if (is_set_ckpt_flags(sbi, CP_ERROR_FLAG)) {
-- ei->len = 0;
-- et->largest_updated = true;
+- ei = &fi->extent_tree[EX_READ]->largest;
+ if (!ei.len)
- return true;
-- }
++ return true;
-- if (!f2fs_is_valid_blkaddr(sbi, ei->blk, DATA_GENERIC_ENHANCE) ||
-- !f2fs_is_valid_blkaddr(sbi, ei->blk + ei->len - 1,
+- if (ei->len &&
+- (!f2fs_is_valid_blkaddr(sbi, ei->blk,
+- DATA_GENERIC_ENHANCE) ||
+- !f2fs_is_valid_blkaddr(sbi, ei->blk + ei->len - 1,
+- DATA_GENERIC_ENHANCE))) {
+- set_sbi_flag(sbi, SBI_NEED_FSCK);
+ if (!f2fs_is_valid_blkaddr(sbi, ei.blk, DATA_GENERIC_ENHANCE) ||
+ !f2fs_is_valid_blkaddr(sbi, ei.blk + ei.len - 1,
- DATA_GENERIC_ENHANCE)) {
++ DATA_GENERIC_ENHANCE)) {
f2fs_warn(sbi, "%s: inode (ino=%lx) extent info [%u, %u, %u] is incorrect, run fsck to fix",
__func__, inode->i_ino,
- ei->blk, ei->fofs, ei->len);
@@ fs/f2fs/extent_cache.c: void f2fs_init_read_extent_tree(struct inode *inode, str
- set_inode_flag(inode, FI_NO_EXTENT);
}
- void f2fs_init_age_extent_tree(struct inode *inode)
+ void f2fs_init_extent_tree(struct inode *inode)
## fs/f2fs/f2fs.h ##
@@ fs/f2fs/f2fs.h: void f2fs_leave_shrinker(struct f2fs_sb_info *sbi);
@@ fs/f2fs/f2fs.h: void f2fs_leave_shrinker(struct f2fs_sb_info *sbi);
*/
-bool sanity_check_extent_cache(struct inode *inode);
+bool sanity_check_extent_cache(struct inode *inode, struct page *ipage);
- void f2fs_init_extent_tree(struct inode *inode);
- void f2fs_drop_extent_tree(struct inode *inode);
- void f2fs_destroy_extent_node(struct inode *inode);
+ struct rb_entry *f2fs_lookup_rb_tree(struct rb_root_cached *root,
+ struct rb_entry *cached_re, unsigned int ofs);
+ struct rb_node **f2fs_lookup_rb_tree_for_insert(struct f2fs_sb_info *sbi,
## fs/f2fs/inode.c ##
@@ fs/f2fs/inode.c: static int do_read_inode(struct inode *inode)
@@ fs/f2fs/inode.c: static int do_read_inode(struct inode *inode)
- /* Need all the flag bits */
- f2fs_init_read_extent_tree(inode, node_page);
-- f2fs_init_age_extent_tree(inode);
-
- if (!sanity_check_extent_cache(inode)) {
+ if (!sanity_check_extent_cache(inode, node_page)) {
@@ fs/f2fs/inode.c: static int do_read_inode(struct inode *inode)
+ /* Need all the flag bits */
+ f2fs_init_read_extent_tree(inode, node_page);
-+ f2fs_init_age_extent_tree(inode);
+
f2fs_put_page(node_page, 1);
---
Results of testing on various branches:
| Branch | Patch Apply | Build Test |
|---------------------------|-------------|------------|
| stable/linux-6.1.y | Success | Success |
prev parent reply other threads:[~2025-05-12 18:05 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-09 2:46 [f2fs-dev] [PATCH 6.1.y] f2fs: fix to cover read extent cache access with lock jianqi.ren.cn--- via Linux-f2fs-devel
2025-05-09 2:46 ` jianqi.ren.cn
2025-05-12 18:05 ` Sasha Levin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250511195936-bcaf6f53ebd59af9@stable.kernel.org \
--to=sashal@kernel.org \
--cc=jianqi.ren.cn@windriver.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.