1. 23 Sep, 2024 1 commit
  2. 13 Sep, 2024 1 commit
  3. 12 Sep, 2024 1 commit
  4. 11 Sep, 2024 13 commits
  5. 06 Sep, 2024 18 commits
  6. 21 Aug, 2024 6 commits
    • Christophe JAILLET's avatar
      f2fs: Use sysfs_emit_at() to simplify code · f7a678bb
      Christophe JAILLET authored
      This file already uses sysfs_emit(). So be consistent and also use
      sysfs_emit_at().
      
      This slightly simplifies the code and makes it more readable.
      Reviewed-by: default avatarChao Yu <chao@kernel.org>
      Signed-off-by: default avatarChristophe JAILLET <christophe.jaillet@wanadoo.fr>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      f7a678bb
    • Chao Yu's avatar
      f2fs: atomic: fix to forbid dio in atomic_file · b2c160f4
      Chao Yu authored
      atomic write can only be used via buffered IO, let's fail direct IO on
      atomic_file and return -EOPNOTSUPP.
      Signed-off-by: default avatarChao Yu <chao@kernel.org>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      b2c160f4
    • Yeongjin Gil's avatar
      f2fs: compress: don't redirty sparse cluster during {,de}compress · f785cec2
      Yeongjin Gil authored
      In f2fs_do_write_data_page, when the data block is NULL_ADDR, it skips
      writepage considering that it has been already truncated.
      This results in an infinite loop as the PAGECACHE_TAG_TOWRITE tag is not
      cleared during the writeback process for a compressed file including
      NULL_ADDR in compress_mode=user.
      
      This is the reproduction process:
      
      1. dd if=/dev/zero bs=4096 count=1024 seek=1024 of=testfile
      2. f2fs_io compress testfile
      3. dd if=/dev/zero bs=4096 count=1 conv=notrunc of=testfile
      4. f2fs_io decompress testfile
      
      To prevent the problem, let's check whether the cluster is fully
      allocated before redirty its pages.
      
      Fixes: 5fdb322f ("f2fs: add F2FS_IOC_DECOMPRESS_FILE and F2FS_IOC_COMPRESS_FILE")
      Reviewed-by: default avatarSungjong Seo <sj1557.seo@samsung.com>
      Reviewed-by: default avatarSunmin Jeong <s_min.jeong@samsung.com>
      Tested-by: default avatarJaewook Kim <jw5454.kim@samsung.com>
      Signed-off-by: default avatarYeongjin Gil <youngjin.gil@samsung.com>
      Reviewed-by: default avatarChao Yu <chao@kernel.org>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      f785cec2
    • Shin'ichiro Kawasaki's avatar
      f2fs: check discard support for conventional zones · 43aec4d0
      Shin'ichiro Kawasaki authored
      As the helper function f2fs_bdev_support_discard() shows, f2fs checks if
      the target block devices support discard by calling
      bdev_max_discard_sectors() and bdev_is_zoned(). This check works well
      for most cases, but it does not work for conventional zones on zoned
      block devices. F2fs assumes that zoned block devices support discard,
      and calls __submit_discard_cmd(). When __submit_discard_cmd() is called
      for sequential write required zones, it works fine since
      __submit_discard_cmd() issues zone reset commands instead of discard
      commands. However, when __submit_discard_cmd() is called for
      conventional zones, __blkdev_issue_discard() is called even when the
      devices do not support discard.
      
      The inappropriate __blkdev_issue_discard() call was not a problem before
      the commit 30f1e724 ("block: move discard checks into the ioctl
      handler") because __blkdev_issue_discard() checked if the target devices
      support discard or not. If not, it returned EOPNOTSUPP. After the
      commit, __blkdev_issue_discard() no longer checks it. It always returns
      zero and sets NULL to the given bio pointer. This NULL pointer triggers
      f2fs_bug_on() in __submit_discard_cmd(). The BUG is recreated with the
      commands below at the umount step, where /dev/nullb0 is a zoned null_blk
      with 5GB total size, 128MB zone size and 10 conventional zones.
      
      $ mkfs.f2fs -f -m /dev/nullb0
      $ mount /dev/nullb0 /mnt
      $ for ((i=0;i<5;i++)); do dd if=/dev/zero of=/mnt/test bs=65536 count=1600 conv=fsync; done
      $ umount /mnt
      
      To fix the BUG, avoid the inappropriate __blkdev_issue_discard() call.
      When discard is requested for conventional zones, check if the device
      supports discard or not. If not, return EOPNOTSUPP.
      
      Fixes: 30f1e724 ("block: move discard checks into the ioctl handler")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarShin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
      Reviewed-by: default avatarDamien Le Moal <dlemoal@kernel.org>
      Reviewed-by: default avatarChao Yu <chao@kernel.org>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      43aec4d0
    • Chao Yu's avatar
      f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread() · c7f114d8
      Chao Yu authored
      syzbot reports a f2fs bug as below:
      
       __dump_stack lib/dump_stack.c:88 [inline]
       dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
       print_report+0xe8/0x550 mm/kasan/report.c:491
       kasan_report+0x143/0x180 mm/kasan/report.c:601
       kasan_check_range+0x282/0x290 mm/kasan/generic.c:189
       instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
       atomic_fetch_add_relaxed include/linux/atomic/atomic-instrumented.h:252 [inline]
       __refcount_add include/linux/refcount.h:184 [inline]
       __refcount_inc include/linux/refcount.h:241 [inline]
       refcount_inc include/linux/refcount.h:258 [inline]
       get_task_struct include/linux/sched/task.h:118 [inline]
       kthread_stop+0xca/0x630 kernel/kthread.c:704
       f2fs_stop_gc_thread+0x65/0xb0 fs/f2fs/gc.c:210
       f2fs_do_shutdown+0x192/0x540 fs/f2fs/file.c:2283
       f2fs_ioc_shutdown fs/f2fs/file.c:2325 [inline]
       __f2fs_ioctl+0x443a/0xbe60 fs/f2fs/file.c:4325
       vfs_ioctl fs/ioctl.c:51 [inline]
       __do_sys_ioctl fs/ioctl.c:907 [inline]
       __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893
       do_syscall_x64 arch/x86/entry/common.c:52 [inline]
       do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
       entry_SYSCALL_64_after_hwframe+0x77/0x7f
      
      The root cause is below race condition, it may cause use-after-free
      issue in sbi->gc_th pointer.
      
      - remount
       - f2fs_remount
        - f2fs_stop_gc_thread
         - kfree(gc_th)
      				- f2fs_ioc_shutdown
      				 - f2fs_do_shutdown
      				  - f2fs_stop_gc_thread
      				   - kthread_stop(gc_th->f2fs_gc_task)
         : sbi->gc_thread = NULL;
      
      We will call f2fs_do_shutdown() in two paths:
      - for f2fs_ioc_shutdown() path, we should grab sb->s_umount semaphore
      for fixing.
      - for f2fs_shutdown() path, it's safe since caller has already grabbed
      sb->s_umount semaphore.
      
      Reported-by: syzbot+1a8e2b31f2ac9bd3d148@syzkaller.appspotmail.com
      Closes: https://lore.kernel.org/linux-f2fs-devel/0000000000005c7ccb061e032b9b@google.com
      Fixes: 7950e9ac ("f2fs: stop gc/discard thread after fs shutdown")
      Signed-off-by: default avatarChao Yu <chao@kernel.org>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      c7f114d8
    • Chao Yu's avatar
      f2fs: atomic: fix to truncate pagecache before on-disk metadata truncation · ebd3309a
      Chao Yu authored
      We should always truncate pagecache while truncating on-disk data.
      
      Fixes: a46bebd5 ("f2fs: synchronize atomic write aborts")
      Signed-off-by: default avatarChao Yu <chao@kernel.org>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      ebd3309a