[PATCH AUTOSEL 5.2 69/70] f2fs: fix to drop meta/node pages during umount

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Chao Yu <yuchao0@huawei.com>, Jaegeuk Kim <jaegeuk@kernel.org>,
	Sasha Levin <sashal@kernel.org>,
	linux-f2fs-devel@lists.sourceforge.net
Subject: [PATCH AUTOSEL 5.2 69/70] f2fs: fix to drop meta/node pages during umount
Date: Tue, 24 Sep 2019 12:45:48 -0400	[thread overview]
Message-ID: <20190924164549.27058-69-sashal@kernel.org> (raw)
In-Reply-To: <20190924164549.27058-1-sashal@kernel.org>

From: Chao Yu <yuchao0@huawei.com>

[ Upstream commit a8933b6b68f775b5774e7b075447fae13f4d01fe ]

As reported in bugzilla:

https://bugzilla.kernel.org/show_bug.cgi?id=204193

A null pointer dereference bug is triggered in f2fs under kernel-5.1.3.

 kasan_report.cold+0x5/0x32
 f2fs_write_end_io+0x215/0x650
 bio_endio+0x26e/0x320
 blk_update_request+0x209/0x5d0
 blk_mq_end_request+0x2e/0x230
 lo_complete_rq+0x12c/0x190
 blk_done_softirq+0x14a/0x1a0
 __do_softirq+0x119/0x3e5
 irq_exit+0x94/0xe0
 call_function_single_interrupt+0xf/0x20

During umount, we will access NULL sbi->node_inode pointer in
f2fs_write_end_io():

	f2fs_bug_on(sbi, page->mapping == NODE_MAPPING(sbi) &&
				page->index != nid_of_node(page));

The reason is if disable_checkpoint mount option is on, meta dirty
pages can remain during umount, and then be flushed by iput() of
meta_inode, however node_inode has been iput()ed before
meta_inode's iput().

Since checkpoint is disabled, all meta/node datas are useless and
should be dropped in next mount, so in umount, let's adjust
drop_inode() to give a hint to iput_final() to drop all those dirty
datas correctly.

Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/f2fs/super.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index 4b47ac994daf5..afca410fa7094 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -894,7 +894,21 @@ static struct inode *f2fs_alloc_inode(struct super_block *sb)
 
 static int f2fs_drop_inode(struct inode *inode)
 {
+	struct f2fs_sb_info *sbi = F2FS_I_SB(inode);
 	int ret;
+
+	/*
+	 * during filesystem shutdown, if checkpoint is disabled,
+	 * drop useless meta/node dirty pages.
+	 */
+	if (unlikely(is_sbi_flag_set(sbi, SBI_CP_DISABLED))) {
+		if (inode->i_ino == F2FS_NODE_INO(sbi) ||
+			inode->i_ino == F2FS_META_INO(sbi)) {
+			trace_f2fs_drop_inode(inode, 1);
+			return 1;
+		}
+	}
+
 	/*
 	 * This is to avoid a deadlock condition like below.
 	 * writeback_single_inode(inode)
-- 
2.20.1

next prev parent reply	other threads:[~2019-09-24 16:48 UTC|newest]

Thread overview: 70+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-24 16:44 [PATCH AUTOSEL 5.2 01/70] drm/vkms: Fix crc worker races Sasha Levin
2019-09-24 16:44 ` [PATCH AUTOSEL 5.2 02/70] drm/bridge: tc358767: Increase AUX transfer length limit Sasha Levin
2019-09-24 16:44 ` [PATCH AUTOSEL 5.2 03/70] drm/bridge: adv7511: Attach to DSI host at probe time Sasha Levin
2019-09-24 16:44 ` [PATCH AUTOSEL 5.2 04/70] drm/kms: Catch mode_object lifetime errors Sasha Levin
2019-09-24 16:44 ` [PATCH AUTOSEL 5.2 05/70] drm/vkms: Avoid assigning 0 for possible_crtc Sasha Levin
2019-09-24 16:44 ` [PATCH AUTOSEL 5.2 06/70] drm/panel: simple: fix AUO g185han01 horizontal blanking Sasha Levin
2019-09-24 16:44 ` [PATCH AUTOSEL 5.2 07/70] drm/amd/display: add monitor patch to add T7 delay Sasha Levin
2019-09-24 16:44 ` [PATCH AUTOSEL 5.2 08/70] video: ssd1307fb: Start page range at page_offset Sasha Levin
2019-09-24 16:44 ` [PATCH AUTOSEL 5.2 09/70] drm/tinydrm/Kconfig: drivers: Select BACKLIGHT_CLASS_DEVICE Sasha Levin
2019-09-24 16:44 ` [PATCH AUTOSEL 5.2 10/70] drm/stm: attach gem fence to atomic state Sasha Levin
2019-09-24 16:44 ` [PATCH AUTOSEL 5.2 11/70] drm/panel: check failure cases in the probe func Sasha Levin
2019-09-24 16:44 ` [PATCH AUTOSEL 5.2 12/70] drm/rockchip: Check for fast link training before enabling psr Sasha Levin
2019-09-24 16:44 ` [PATCH AUTOSEL 5.2 13/70] drm/amdgpu: Fix hard hang for S/G display BOs Sasha Levin
2019-09-24 16:44 ` [PATCH AUTOSEL 5.2 14/70] drm/radeon: Fix EEH during kexec Sasha Levin
2019-09-24 16:44 ` [PATCH AUTOSEL 5.2 15/70] gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() Sasha Levin
2019-09-24 16:44 ` [PATCH AUTOSEL 5.2 16/70] clk: imx8mq: Mark AHB clock as critical Sasha Levin
2019-09-24 16:44 ` [PATCH AUTOSEL 5.2 17/70] PCI: rpaphp: Avoid a sometimes-uninitialized warning Sasha Levin
2019-09-24 16:44 ` [PATCH AUTOSEL 5.2 18/70] pinctrl: stmfx: update pinconf settings Sasha Levin
2019-09-24 16:44 ` [PATCH AUTOSEL 5.2 19/70] ipmi_si: Only schedule continuously in the thread in maintenance mode Sasha Levin
2019-09-24 16:44 ` [PATCH AUTOSEL 5.2 20/70] clk: qoriq: Fix -Wunused-const-variable Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 21/70] clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 22/70] drm/amd/display: fix issue where 252-255 values are clipped Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 23/70] drm/amd/display: Fix frames_to_insert math Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 24/70] drm/amd/display: reprogram VM config when system resume Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 25/70] powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 26/70] drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 27/70] clk: actions: Don't reference clk_init_data after registration Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 28/70] clk: sirf: " Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 29/70] clk: meson: axg-audio: " Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 30/70] clk: sprd: " Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 31/70] clk: zx296718: " Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 32/70] powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 33/70] powerpc/rtas: use device model APIs and serialization during LPM Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 34/70] powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 35/70] powerpc/64s/radix: Remove redundant pfn_pte bitop, add VM_BUG_ON Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 36/70] powerpc/64s/radix: Fix memory hotplug section page table creation Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 37/70] powerpc/pseries/mobility: use cond_resched when updating device tree Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 38/70] powerpc/perf: fix imc allocation failure handling Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 39/70] pinctrl: tegra: Fix write barrier placement in pmx_writel Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 40/70] powerpc/eeh: Clear stale EEH_DEV_NO_HANDLER flag Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 41/70] vfio_pci: Restore original state on release Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 42/70] drm/nouveau/kms/tu102-: disable input lut when input is already FP16 Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 43/70] drm/nouveau/volt: Fix for some cards having 0 maximum voltage Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 44/70] pinctrl: amd: disable spurious-firing GPIO IRQs Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 45/70] clk: renesas: mstp: Set GENPD_FLAG_ALWAYS_ON for clock domain Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 46/70] clk: renesas: cpg-mssr: " Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 47/70] drm/amd/display: support spdif Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 48/70] selftests/powerpc: Retry on host facility unavailable Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 49/70] drm/amdgpu/si: fix ASIC tests Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 50/70] powerpc/64s/exception: machine check use correct cfar for late handler Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 51/70] pstore: fs superblock limits Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 52/70] powerpc/eeh: Clean up EEH PEs after recovery finishes Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 53/70] powerpc/imc: Dont create debugfs files for cpu-less nodes Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 54/70] clk: qcom: gcc-sdm845: Use floor ops for sdcc clks Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 55/70] powerpc/pseries: correctly track irq state in default idle Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 56/70] pinctrl: meson-gxbb: Fix wrong pinning definition for uart_c Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 57/70] mailbox: mediatek: cmdq: clear the event in cmdq initial flow Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 58/70] arm64: fix unreachable code issue with cmpxchg Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 59/70] clk: at91: select parent if main oscillator or bypass is enabled Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 60/70] clk: imx: pll14xx: avoid glitch when set rate Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 61/70] clk: imx: clk-pll14xx: unbypass PLL by default Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 62/70] clk: Make clk_bulk_get_all() return a valid "id" Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 63/70] powerpc: dump kernel log before carrying out fadump or kdump Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 64/70] mbox: qcom: add APCS child device for QCS404 Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 65/70] clk: sprd: add missing kfree Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 66/70] scsi: core: Reduce memory required for SCSI logging Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 67/70] dma-buf/sw_sync: Synchronize signal vs syncpt free Sasha Levin
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 68/70] drm: fix module name in edid_firmware log message Sasha Levin
2019-09-24 16:45 ` Sasha Levin [this message]
2019-09-24 16:45 ` [PATCH AUTOSEL 5.2 70/70] ext4: fix potential use after free after remounting with noblock_validity Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:4b47ac994daf dfblob:afca410fa709 )
 OR (
bs:"[PATCH AUTOSEL 5.2 69/70] f2fs: fix to drop meta/node pages during umount" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190924164549.27058-69-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=jaegeuk@kernel.org \
    --cc=linux-f2fs-devel@lists.sourceforge.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=yuchao0@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).