• Chao Yu's avatar
    f2fs: fix potential panic during fstrim · 638164a2
    Chao Yu authored
    As Ju Hyung Park reported:
    
    "When 'fstrim' is called for manual trim, a BUG() can be triggered
    randomly with this patch.
    
    I'm seeing this issue on both x86 Desktop and arm64 Android phone.
    
    On x86 Desktop, this was caused during Ubuntu boot-up. I have a
    cronjob installed which calls 'fstrim -v /' during boot. On arm64
    Android, this was caused during GC looping with 1ms gc_min_sleep_time
    & gc_max_sleep_time."
    
    Root cause of this issue is that f2fs_wait_discard_bios can only be
    used by f2fs_put_super, because during put_super there must be no
    other referrers, so it can ignore discard entry's reference count
    when removing the entry, otherwise in other caller we will hit bug_on
    in __remove_discard_cmd as there may be other issuer added reference
    count in discard entry.
    
    Thread A				Thread B
    					- issue_discard_thread
    - f2fs_ioc_fitrim
     - f2fs_trim_fs
      - f2fs_wait_discard_bios
       - __issue_discard_cmd
        - __submit_discard_cmd
    					 - __wait_discard_cmd
    					  - dc->ref++
    					  - __wait_one_discard_bio
       - __wait_discard_cmd
        - __remove_discard_cmd
         - f2fs_bug_on(sbi, dc->ref)
    
    Fixes: 969d1b18Reported-by: default avatarJu Hyung Park <qkrwngud825@gmail.com>
    Signed-off-by: default avatarChao Yu <yuchao0@huawei.com>
    Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
    638164a2
super.c 67.3 KB