From: Sasha Levin <sashal@kernel.org>
To: stable@vger.kernel.org
Cc: jianqi.ren.cn@windriver.com, Sasha Levin <sashal@kernel.org>
Subject: Re: [PATCH 6.1.y] f2fs: fix to cover read extent cache access with lock
Date: Mon, 12 May 2025 14:05:44 -0400 [thread overview]
Message-ID: <20250511195936-bcaf6f53ebd59af9@stable.kernel.org> (raw)
In-Reply-To: <20250509024654.3233384-1-jianqi.ren.cn@windriver.com>
[ Sasha's backport helper bot ]
Hi,
✅ All tests passed successfully. No issues detected.
No action required from the submitter.
The upstream commit SHA1 provided is correct: d7409b05a64f212735f0d33f5f1602051a886eab
WARNING: Author mismatch between patch and upstream commit:
Backport author: <jianqi.ren.cn@windriver.com>
Commit author: Chao Yu<chao@kernel.org>
Status in newer kernel trees:
6.14.y | Present (exact SHA1)
6.12.y | Present (exact SHA1)
6.6.y | Present (different SHA1: 263df78166d3)
Note: The patch differs from the upstream commit:
---
1: d7409b05a64f2 ! 1: ac73e346ab4ec f2fs: fix to cover read extent cache access with lock
@@ Metadata
## Commit message ##
f2fs: fix to cover read extent cache access with lock
+ [ Upstream commit d7409b05a64f212735f0d33f5f1602051a886eab ]
+
syzbot reports a f2fs bug as below:
BUG: KASAN: slab-use-after-free in sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46
@@ Commit message
Closes: https://lore.kernel.org/linux-f2fs-devel/00000000000009beea061740a531@google.com
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
+ [Minor conflict resolved due to code context change.]
+ Signed-off-by: Jianqi Ren <jianqi.ren.cn@windriver.com>
+ Signed-off-by: He Zhe <zhe.he@windriver.com>
## fs/f2fs/extent_cache.c ##
@@
@@ fs/f2fs/extent_cache.c
{
struct f2fs_sb_info *sbi = F2FS_I_SB(inode);
- struct f2fs_inode_info *fi = F2FS_I(inode);
-- struct extent_tree *et = fi->extent_tree[EX_READ];
- struct extent_info *ei;
--
-- if (!et)
-- return true;
+ struct f2fs_extent *i_ext = &F2FS_INODE(ipage)->i_ext;
+ struct extent_info ei;
-- ei = &et->largest;
-- if (!ei->len)
+- if (!fi->extent_tree[EX_READ])
- return true;
+ get_read_extent_info(&ei, i_ext);
-- /* Let's drop, if checkpoint got corrupted. */
-- if (is_set_ckpt_flags(sbi, CP_ERROR_FLAG)) {
-- ei->len = 0;
-- et->largest_updated = true;
+- ei = &fi->extent_tree[EX_READ]->largest;
+ if (!ei.len)
- return true;
-- }
++ return true;
-- if (!f2fs_is_valid_blkaddr(sbi, ei->blk, DATA_GENERIC_ENHANCE) ||
-- !f2fs_is_valid_blkaddr(sbi, ei->blk + ei->len - 1,
+- if (ei->len &&
+- (!f2fs_is_valid_blkaddr(sbi, ei->blk,
+- DATA_GENERIC_ENHANCE) ||
+- !f2fs_is_valid_blkaddr(sbi, ei->blk + ei->len - 1,
+- DATA_GENERIC_ENHANCE))) {
+- set_sbi_flag(sbi, SBI_NEED_FSCK);
+ if (!f2fs_is_valid_blkaddr(sbi, ei.blk, DATA_GENERIC_ENHANCE) ||
+ !f2fs_is_valid_blkaddr(sbi, ei.blk + ei.len - 1,
- DATA_GENERIC_ENHANCE)) {
++ DATA_GENERIC_ENHANCE)) {
f2fs_warn(sbi, "%s: inode (ino=%lx) extent info [%u, %u, %u] is incorrect, run fsck to fix",
__func__, inode->i_ino,
- ei->blk, ei->fofs, ei->len);
@@ fs/f2fs/extent_cache.c: void f2fs_init_read_extent_tree(struct inode *inode, str
- set_inode_flag(inode, FI_NO_EXTENT);
}
- void f2fs_init_age_extent_tree(struct inode *inode)
+ void f2fs_init_extent_tree(struct inode *inode)
## fs/f2fs/f2fs.h ##
@@ fs/f2fs/f2fs.h: void f2fs_leave_shrinker(struct f2fs_sb_info *sbi);
@@ fs/f2fs/f2fs.h: void f2fs_leave_shrinker(struct f2fs_sb_info *sbi);
*/
-bool sanity_check_extent_cache(struct inode *inode);
+bool sanity_check_extent_cache(struct inode *inode, struct page *ipage);
- void f2fs_init_extent_tree(struct inode *inode);
- void f2fs_drop_extent_tree(struct inode *inode);
- void f2fs_destroy_extent_node(struct inode *inode);
+ struct rb_entry *f2fs_lookup_rb_tree(struct rb_root_cached *root,
+ struct rb_entry *cached_re, unsigned int ofs);
+ struct rb_node **f2fs_lookup_rb_tree_for_insert(struct f2fs_sb_info *sbi,
## fs/f2fs/inode.c ##
@@ fs/f2fs/inode.c: static int do_read_inode(struct inode *inode)
@@ fs/f2fs/inode.c: static int do_read_inode(struct inode *inode)
- /* Need all the flag bits */
- f2fs_init_read_extent_tree(inode, node_page);
-- f2fs_init_age_extent_tree(inode);
-
- if (!sanity_check_extent_cache(inode)) {
+ if (!sanity_check_extent_cache(inode, node_page)) {
@@ fs/f2fs/inode.c: static int do_read_inode(struct inode *inode)
+ /* Need all the flag bits */
+ f2fs_init_read_extent_tree(inode, node_page);
-+ f2fs_init_age_extent_tree(inode);
+
f2fs_put_page(node_page, 1);
---
Results of testing on various branches:
| Branch | Patch Apply | Build Test |
|---------------------------|-------------|------------|
| stable/linux-6.1.y | Success | Success |
prev parent reply other threads:[~2025-05-12 18:05 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-09 2:46 [PATCH 6.1.y] f2fs: fix to cover read extent cache access with lock jianqi.ren.cn
2025-05-12 18:05 ` Sasha Levin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250511195936-bcaf6f53ebd59af9@stable.kernel.org \
--to=sashal@kernel.org \
--cc=jianqi.ren.cn@windriver.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox