From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-f2fs-devel@lists.sourceforge.net
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable <stable@kernel.org>, Jaegeuk Kim <jaegeuk@kernel.org>
Subject: [f2fs-dev] [PATCH] f2fs: fix potential deadlock in f2fs_convert_inline_inode
Date: Tue, 24 Feb 2026 02:04:23 +0100 [thread overview]
Message-ID: <2026022422-robotics-conform-9b68@gregkh> (raw)
f2fs_convert_inline_inode() holds the page lock of the inline data page
and then calls f2fs_lock_op(), which acquires cp_rwsem in read mode.
At the same time, f2fs_write_checkpoint() can acquire cp_rwsem in write
mode and then will wait for page locks, like during
f2fs_write_node_pages() or data flushing, leading to a deadlock.
Fix this by acquiring the lock_op before locking the page. This ensures
the correct lock ordering, op before page, and avoids the deadlock.
Cc: Jaegeuk Kim <jaegeuk@kernel.org>
Cc: Chao Yu <chao@kernel.org>
Cc: stable <stable@kernel.org>
Assisted-by: gkh_clanker_2000
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
This issue was found by running a tool to compare a past kernel CVE to
try to find any potential places in the existing codebase that was
missed with the original fix. I do not know if this patch or text
really is correct, but the code paths seems sane.
Note that the majority of the changelog text came from an untrusted and
experimental LLM model that is known for making crap up. So it might be
totally lying here, and if so, I am very sorry for wasting anyone's time
and I'll just go back to running this on code that I actually understand
and know how to verify myself, but I figured it was worth at least
asking you all about it.
fs/f2fs/inline.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/fs/f2fs/inline.c b/fs/f2fs/inline.c
index 0a1052d5ee62..98bc920a4f35 100644
--- a/fs/f2fs/inline.c
+++ b/fs/f2fs/inline.c
@@ -232,12 +232,14 @@ int f2fs_convert_inline_inode(struct inode *inode)
if (err)
return err;
- folio = f2fs_grab_cache_folio(inode->i_mapping, 0, false);
- if (IS_ERR(folio))
- return PTR_ERR(folio);
-
f2fs_lock_op(sbi, &lc);
+ folio = f2fs_grab_cache_folio(inode->i_mapping, 0, false);
+ if (IS_ERR(folio)) {
+ f2fs_unlock_op(sbi, &lc);
+ return PTR_ERR(folio);
+ }
+
ifolio = f2fs_get_inode_folio(sbi, inode->i_ino);
if (IS_ERR(ifolio)) {
err = PTR_ERR(ifolio);
--
2.53.0
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
next reply other threads:[~2026-02-24 1:20 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-24 1:04 Greg Kroah-Hartman [this message]
2026-03-09 7:36 ` [f2fs-dev] [PATCH] f2fs: fix potential deadlock in f2fs_convert_inline_inode Chao Yu via Linux-f2fs-devel
2026-03-11 18:30 ` Jaegeuk Kim via Linux-f2fs-devel
2026-03-12 1:15 ` Chao Yu via Linux-f2fs-devel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2026022422-robotics-conform-9b68@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=jaegeuk@kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox