From: wangzijie <wangzijie1@honor.com>
To: <chao@kernel.org>
Cc: feng.han@honor.com, linux-kernel@vger.kernel.org,
linux-f2fs-devel@lists.sourceforge.net, jaegeuk@kernel.org,
wangzijie1@honor.com
Subject: Re: [f2fs-dev] [PATCH v2 2/2] f2fs: fix infinite loop in __insert_extent_tree()
Date: Tue, 16 Sep 2025 16:26:36 +0800 [thread overview]
Message-ID: <20250916082636.237935-1-wangzijie1@honor.com> (raw)
In-Reply-To: <62d7f4d3-cc9c-429f-8b7e-0e80e2aa24e4@kernel.org>
>On 9/16/25 15:09, wangzijie wrote:
>>> On 9/16/25 13:22, wangzijie wrote:
>>>>> On 09/15, wangzijie wrote:
>>>>>> When we get wrong extent info data, and look up extent_node in rb tree,
>>>>>> it will cause infinite loop (CONFIG_F2FS_CHECK_FS=n). Avoiding this by
>>>>>> return NULL.
>>>>>
>>>>> This is the exact buggy case which we should fix the original one. Have
>>>>> you seen this error? In that case, can we consider writing some kernel
>>>>> message and handle the error properly?
>>>>
>>>> Hi Jaegeuk,
>>>> The original one is the bug I mentioned in the first patch of this patch set
>>>> ("f2fs: fix zero-sized extent for precache extents").
>>>
>>> Zijie,
>>>
>>> Did you suffer this problem in product? right?
>>
>> Hi Chao,
>> Yes, and I can confirm that infinite loop cases I suffered are caused by the bug I
>> mentioned in the first patch of this patch set. But I'm not sure if there are
>> other cases that can cause this infinite loop.
>>
>>>>
>>>> When we use a wrong extent_info(zero-sized) to do update, and there exists a
>>>> extent_node which has same fofs as the wrong one, we will skip "invalidate all extent
>>>> nodes in range [fofs, fofs + len - 1]"(en->ei.fofs = end = tei->fofs + tei->len = tei->fofs),
>>>> which cause the infinite loop in __insert_extent_tree().
>>>>
>>>> So we can add f2fs_bug_on() when there occurs zero-sized extent
>>>> in f2fs_update_read_extent_cache_range(), and give up this zero-sized
>>>> extent update to handle other unknown buggy cases. Do you think this will be better?
>>>>
>>>> And do we need to solve this infinite loop?
>>>
>>> IMO, it's worth to end such loop if there is any corrupted extent in rbtree to
>>> avoid kernel hang, no matter it is caused by software bug or hardware flaw
>>> potentially.
>>>
>>> Thanks,
>>
>> And do you think we need this?
>> "add f2fs_bug_on() when there occurs zero-sized extent in f2fs_update_read_extent_cache_range(),
>> and give up this zero-sized extent update to handle other unknown buggy cases".
>
>Oh, I was testing below patch..., does this what you want to do?
>
>I think we can keep all your patches, and appending below patch to detect any
>potential cases who will update a zero-sized extent.
>
>>From 439d61ef3715fafa5c9f2d1b7f8026cdd2564ca7 Mon Sep 17 00:00:00 2001
>From: Chao Yu <chao@kernel.org>
>Date: Tue, 16 Sep 2025 11:52:30 +0800
>Subject: [PATCH] f2fs: add sanity check on ei.len in
> __update_extent_tree_range()
>
>Add a sanity check in __update_extent_tree_range() to detect any
>zero-sized extent update.
>
>Signed-off-by: Chao Yu <chao@kernel.org>
>---
> fs/f2fs/extent_cache.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
>diff --git a/fs/f2fs/extent_cache.c b/fs/f2fs/extent_cache.c
>index 199c1e7a83ef..9544323767be 100644
>--- a/fs/f2fs/extent_cache.c
>+++ b/fs/f2fs/extent_cache.c
>@@ -664,6 +664,15 @@ static void __update_extent_tree_range(struct inode *inode,
> if (!et)
> return;
>
>+ if (unlikely(len == 0)) {
>+ f2fs_bug_on(sbi, 1);
>+ f2fs_err_ratelimited(sbi, "%s: extent len is zero, type: %d, "
>+ "extent [%u, %u, %u], age [%llu, %llu]",
>+ __func__, type, tei->fofs, tei->blk, tei->len,
>+ tei->age, tei->last_blocks);
>+ return;
>+ }
>+
> if (type == EX_READ)
> trace_f2fs_update_read_extent_tree_range(inode, fofs, len,
> tei->blk, 0);
>--
>2.49.0
Yes, that's exactly what I want to do.
Maybe we should relocate f2fs_bug_on()?
if (unlikely(len == 0)) {
f2fs_err_ratelimited(sbi, "%s: extent len is zero, type: %d, "
"extent [%u, %u, %u], age [%llu, %llu]",
__func__, type, tei->fofs, tei->blk, tei->len,
tei->age, tei->last_blocks);
f2fs_bug_on(sbi, 1);
return;
}
>>
>>
>>
>>>>
>>>>
>>>>>>
>>>>>> Signed-off-by: wangzijie <wangzijie1@honor.com>
>>>>>> ---
>>>>>> fs/f2fs/extent_cache.c | 1 +
>>>>>> 1 file changed, 1 insertion(+)
>>>>>>
>>>>>> diff --git a/fs/f2fs/extent_cache.c b/fs/f2fs/extent_cache.c
>>>>>> index 199c1e7a8..6ed6f3d1d 100644
>>>>>> --- a/fs/f2fs/extent_cache.c
>>>>>> +++ b/fs/f2fs/extent_cache.c
>>>>>> @@ -605,6 +605,7 @@ static struct extent_node *__insert_extent_tree(struct f2fs_sb_info *sbi,
>>>>>> leftmost = false;
>>>>>> } else {
>>>>>> f2fs_bug_on(sbi, 1);
>>>>>> + return NULL;
>>>>>> }
>>>>>> }
>>>>>>
>>>>>> --
>>>>>> 2.25.1
>>
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next prev parent reply other threads:[~2025-09-16 8:26 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-15 3:52 [f2fs-dev] [PATCH v2 1/2] f2fs: fix zero-sized extent for precache extents wangzijie
2025-09-15 3:52 ` [f2fs-dev] [PATCH v2 2/2] f2fs: fix infinite loop in __insert_extent_tree() wangzijie
2025-09-15 8:05 ` Chao Yu via Linux-f2fs-devel
2025-09-16 2:21 ` Jaegeuk Kim via Linux-f2fs-devel
2025-09-16 5:22 ` wangzijie
2025-09-16 6:46 ` Chao Yu via Linux-f2fs-devel
2025-09-16 7:09 ` wangzijie
2025-09-16 7:28 ` Chao Yu via Linux-f2fs-devel
2025-09-16 8:26 ` wangzijie [this message]
2025-09-16 8:49 ` Chao Yu via Linux-f2fs-devel
2025-09-16 9:02 ` wangzijie
2025-09-16 12:12 ` Chao Yu via Linux-f2fs-devel
2025-09-16 12:36 ` wangzijie
2025-09-15 8:05 ` [f2fs-dev] [PATCH v2 1/2] f2fs: fix zero-sized extent for precache extents Chao Yu via Linux-f2fs-devel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250916082636.237935-1-wangzijie1@honor.com \
--to=wangzijie1@honor.com \
--cc=chao@kernel.org \
--cc=feng.han@honor.com \
--cc=jaegeuk@kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).