Re: [f2fs-dev] [PATCH v2 2/2] f2fs: fix infinite loop in __insert_extent_tree()

[wangzijie <wangzijie1@honor.com>]

>On 9/16/25 16:26, wangzijie wrote:
>>> On 9/16/25 15:09, wangzijie wrote:
>>>>> On 9/16/25 13:22, wangzijie wrote:
>>>>>>> On 09/15, wangzijie wrote:
>>>>>>>> When we get wrong extent info data, and look up extent_node in rb tree,
>>>>>>>> it will cause infinite loop (CONFIG_F2FS_CHECK_FS=n). Avoiding this by
>>>>>>>> return NULL.
>>>>>>>
>>>>>>> This is the exact buggy case which we should fix the original one. Have
>>>>>>> you seen this error? In that case, can we consider writing some kernel
>>>>>>> message and handle the error properly?
>>>>>>
>>>>>> Hi Jaegeuk,
>>>>>> The original one is the bug I mentioned in the first patch of this patch set
>>>>>> ("f2fs: fix zero-sized extent for precache extents"). 
>>>>>
>>>>> Zijie,
>>>>>
>>>>> Did you suffer this problem in product? right?
>>>>
>>>> Hi Chao,
>>>> Yes, and I can confirm that infinite loop cases I suffered are caused by the bug I
>>>> mentioned in the first patch of this patch set. But I'm not sure if there are
>>>> other cases that can cause this infinite loop.
>>>>
>>>>>>
>>>>>> When we use a wrong extent_info(zero-sized) to do update, and there exists a
>>>>>> extent_node which has same fofs as the wrong one, we will skip "invalidate all extent
>>>>>> nodes in range [fofs, fofs + len - 1]"(en->ei.fofs = end = tei->fofs + tei->len = tei->fofs),
>>>>>> which cause the infinite loop in __insert_extent_tree().
>>>>>>
>>>>>> So we can add f2fs_bug_on() when there occurs zero-sized extent
>>>>>> in f2fs_update_read_extent_cache_range(), and give up this zero-sized
>>>>>> extent update to handle other unknown buggy cases. Do you think this will be better?
>>>>>>
>>>>>> And do we need to solve this infinite loop?
>>>>>
>>>>> IMO, it's worth to end such loop if there is any corrupted extent in rbtree to
>>>>> avoid kernel hang, no matter it is caused by software bug or hardware flaw
>>>>> potentially.
>>>>>
>>>>> Thanks,
>>>>
>>>> And do you think we need this?
>>>> "add f2fs_bug_on() when there occurs zero-sized extent in f2fs_update_read_extent_cache_range(),
>>>> and give up this zero-sized extent update to handle other unknown buggy cases".
>>>
>>> Oh, I was testing below patch..., does this what you want to do?
>>>
>>> I think we can keep all your patches, and appending below patch to detect any
>>> potential cases who will update a zero-sized extent.
>>>
>>> >From 439d61ef3715fafa5c9f2d1b7f8026cdd2564ca7 Mon Sep 17 00:00:00 2001
>>> From: Chao Yu <chao@kernel.org>
>>> Date: Tue, 16 Sep 2025 11:52:30 +0800
>>> Subject: [PATCH] f2fs: add sanity check on ei.len in
>>> __update_extent_tree_range()
>>>
>>> Add a sanity check in __update_extent_tree_range() to detect any
>>> zero-sized extent update.
>>>
>>> Signed-off-by: Chao Yu <chao@kernel.org>
>>> ---
>>> fs/f2fs/extent_cache.c | 9 +++++++++
>>> 1 file changed, 9 insertions(+)
>>>
>>> diff --git a/fs/f2fs/extent_cache.c b/fs/f2fs/extent_cache.c
>>> index 199c1e7a83ef..9544323767be 100644
>>> --- a/fs/f2fs/extent_cache.c
>>> +++ b/fs/f2fs/extent_cache.c
>>> @@ -664,6 +664,15 @@ static void __update_extent_tree_range(struct inode *inode,
>>> 	if (!et)
>>> 		return;
>>>
>>> +	if (unlikely(len == 0)) {
>>> +		f2fs_bug_on(sbi, 1);
>>> +		f2fs_err_ratelimited(sbi, "%s: extent len is zero, type: %d, "
>>> +			"extent [%u, %u, %u], age [%llu, %llu]",
>>> +			__func__, type, tei->fofs, tei->blk, tei->len,
>>> +			tei->age, tei->last_blocks);
>>> +		return;
>>> +	}
>>> +
>>> 	if (type == EX_READ)
>>> 		trace_f2fs_update_read_extent_tree_range(inode, fofs, len,
>>> 						tei->blk, 0);
>>> -- 
>>> 2.49.0
>> 
>> Yes, that's exactly what I want to do.
>> Maybe we should relocate f2fs_bug_on()?
>> 
>> 	if (unlikely(len == 0)) {
>> 		f2fs_err_ratelimited(sbi, "%s: extent len is zero, type: %d, "
>> 			"extent [%u, %u, %u], age [%llu, %llu]",
>> 			__func__, type, tei->fofs, tei->blk, tei->len,
>> 			tei->age, tei->last_blocks);
>> 		f2fs_bug_on(sbi, 1);
>> 		return;
>> 	}
>
>Yeah, looks better.
>
>I don't see any problem in my test, will send a formal patch, let me add
>Signed-off-by of you if you don't mind. :)
>
>Thanks,

OK, thanks for your help.

>> 
>>>>
>>>>
>>>>
>>>>>>
>>>>>>
>>>>>>>>
>>>>>>>> Signed-off-by: wangzijie <wangzijie1@honor.com>
>>>>>>>> ---
>>>>>>>>  fs/f2fs/extent_cache.c | 1 +
>>>>>>>>  1 file changed, 1 insertion(+)
>>>>>>>>
>>>>>>>> diff --git a/fs/f2fs/extent_cache.c b/fs/f2fs/extent_cache.c
>>>>>>>> index 199c1e7a8..6ed6f3d1d 100644
>>>>>>>> --- a/fs/f2fs/extent_cache.c
>>>>>>>> +++ b/fs/f2fs/extent_cache.c
>>>>>>>> @@ -605,6 +605,7 @@ static struct extent_node *__insert_extent_tree(struct f2fs_sb_info *sbi,
>>>>>>>>  			leftmost = false;
>>>>>>>>  		} else {
>>>>>>>>  			f2fs_bug_on(sbi, 1);
>>>>>>>> +			return NULL;
>>>>>>>>  		}
>>>>>>>>  	}
>>>>>>>>  
>>>>>>>> -- 
>>>>>>>> 2.25.1
>>>>
>> 


_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel