1. 24 1月, 2019 2 次提交
  2. 29 12月, 2018 1 次提交
  3. 27 12月, 2018 14 次提交
    • J
      f2fs: sanity check of xattr entry size · 64beba05
      Jaegeuk Kim 提交于
      There is a security report where f2fs_getxattr() has a hole to expose wrong
      memory region when the image is malformed like this.
      
      f2fs_getxattr: entry->e_name_len: 4, size: 12288, buffer_size: 16384, len: 4
      
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NJaegeuk Kim <jaegeuk@kernel.org>
      64beba05
    • S
      f2fs: fix use-after-free issue when accessing sbi->stat_info · 60aa4d55
      Sahitya Tummala 提交于
      iput() on sbi->node_inode can update sbi->stat_info
      in the below context, if the f2fs_write_checkpoint()
      has failed with error.
      
      f2fs_balance_fs_bg+0x1ac/0x1ec
      f2fs_write_node_pages+0x4c/0x260
      do_writepages+0x80/0xbc
      __writeback_single_inode+0xdc/0x4ac
      writeback_single_inode+0x9c/0x144
      write_inode_now+0xc4/0xec
      iput+0x194/0x22c
      f2fs_put_super+0x11c/0x1e8
      generic_shutdown_super+0x70/0xf4
      kill_block_super+0x2c/0x5c
      kill_f2fs_super+0x44/0x50
      deactivate_locked_super+0x60/0x8c
      deactivate_super+0x68/0x74
      cleanup_mnt+0x40/0x78
      
      Fix this by moving f2fs_destroy_stats() further below iput() in
      both f2fs_put_super() and f2fs_fill_super() paths.
      Signed-off-by: NSahitya Tummala <stummala@codeaurora.org>
      Reviewed-by: NChao Yu <yuchao0@huawei.com>
      Signed-off-by: NJaegeuk Kim <jaegeuk@kernel.org>
      60aa4d55
    • C
      f2fs: check PageWriteback flag for ordered case · bae0ee7a
      Chao Yu 提交于
      For all ordered cases in f2fs_wait_on_page_writeback(), we need to
      check PageWriteback status, so let's clean up to relocate the check
      into f2fs_wait_on_page_writeback().
      Signed-off-by: NChao Yu <yuchao0@huawei.com>
      Signed-off-by: NJaegeuk Kim <jaegeuk@kernel.org>
      bae0ee7a
    • M
      f2fs: fix validation of the block count in sanity_check_raw_super · 88960068
      Martin Blumenstingl 提交于
      Treat "block_count" from struct f2fs_super_block as 64-bit little endian
      value in sanity_check_raw_super() because struct f2fs_super_block
      declares "block_count" as "__le64".
      
      This fixes a bug where the superblock validation fails on big endian
      devices with the following error:
        F2FS-fs (sda1): Wrong segment_count / block_count (61439 > 0)
        F2FS-fs (sda1): Can't find valid F2FS filesystem in 1th superblock
        F2FS-fs (sda1): Wrong segment_count / block_count (61439 > 0)
        F2FS-fs (sda1): Can't find valid F2FS filesystem in 2th superblock
      As result of this the partition cannot be mounted.
      
      With this patch applied the superblock validation works fine and the
      partition can be mounted again:
        F2FS-fs (sda1): Mounted with checkpoint version = 7c84
      
      My little endian x86-64 hardware was able to mount the partition without
      this fix.
      To confirm that mounting f2fs filesystems works on big endian machines
      again I tested this on a 32-bit MIPS big endian (lantiq) device.
      
      Fixes: 0cfe75c5 ("f2fs: enhance sanity_check_raw_super() to avoid potential overflows")
      Cc: stable@vger.kernel.org
      Signed-off-by: NMartin Blumenstingl <martin.blumenstingl@googlemail.com>
      Reviewed-by: NChao Yu <yuchao0@huawei.com>
      Signed-off-by: NJaegeuk Kim <jaegeuk@kernel.org>
      88960068
    • J
      f2fs: fix missing unlock(sbi->gc_mutex) · 8f31b466
      Jaegeuk Kim 提交于
      This fixes missing unlock call.
      
      Cc: <stable@vger.kernel.org>
      Reviewed-by: NChao Yu <yuchao0@huawei.com>
      Signed-off-by: NJaegeuk Kim <jaegeuk@kernel.org>
      8f31b466
    • C
      f2fs: fix to dirty inode synchronously · b32e0190
      Chao Yu 提交于
      If user change inode's i_flags via ioctl, let's add it into global
      dirty list, so that checkpoint can guarantee its persistence before
      fsync, it can make checkpoint keeping strong consistency.
      Signed-off-by: NChao Yu <yuchao0@huawei.com>
      Signed-off-by: NJaegeuk Kim <jaegeuk@kernel.org>
      b32e0190
    • C
      f2fs: clean up structure extent_node · c0362117
      Chao Yu 提交于
      The union in struct extent_node wass only to indicate below fields
      
      	struct rb_node rb_node;
      	union {
      		struct {
      			unsigned int fofs;
      			unsigned int len;
      		...
      	...
      
      can be parsed as fields in struct rb_entry, but they were never be
      used explicitly before, so let's remove them for cleanup.
      Signed-off-by: NChao Yu <yuchao0@huawei.com>
      Signed-off-by: NJaegeuk Kim <jaegeuk@kernel.org>
      c0362117
    • Q
      f2fs: fix block address for __check_sit_bitmap · 9249dded
      Qiuyang Sun 提交于
      Should use lstart (logical start address) instead of start (in dev) here.
      This fixes a bug in multi-device scenarios.
      Signed-off-by: NQiuyang Sun <sunqiuyang@huawei.com>
      Reviewed-by: NChao Yu <yuchao0@huawei.com>
      Signed-off-by: NJaegeuk Kim <jaegeuk@kernel.org>
      9249dded
    • S
      f2fs: fix sbi->extent_list corruption issue · e4589fa5
      Sahitya Tummala 提交于
      When there is a failure in f2fs_fill_super() after/during
      the recovery of fsync'd nodes, it frees the current sbi and
      retries again. This time the mount is successful, but the files
      that got recovered before retry, still holds the extent tree,
      whose extent nodes list is corrupted since sbi and sbi->extent_list
      is freed up. The list_del corruption issue is observed when the
      file system is getting unmounted and when those recoverd files extent
      node is being freed up in the below context.
      
      list_del corruption. prev->next should be fffffff1e1ef5480, but was (null)
      <...>
      kernel BUG at kernel/msm-4.14/lib/list_debug.c:53!
      lr : __list_del_entry_valid+0x94/0xb4
      pc : __list_del_entry_valid+0x94/0xb4
      <...>
      Call trace:
      __list_del_entry_valid+0x94/0xb4
      __release_extent_node+0xb0/0x114
      __free_extent_tree+0x58/0x7c
      f2fs_shrink_extent_tree+0xdc/0x3b0
      f2fs_leave_shrinker+0x28/0x7c
      f2fs_put_super+0xfc/0x1e0
      generic_shutdown_super+0x70/0xf4
      kill_block_super+0x2c/0x5c
      kill_f2fs_super+0x44/0x50
      deactivate_locked_super+0x60/0x8c
      deactivate_super+0x68/0x74
      cleanup_mnt+0x40/0x78
      __cleanup_mnt+0x1c/0x28
      task_work_run+0x48/0xd0
      do_notify_resume+0x678/0xe98
      work_pending+0x8/0x14
      
      Fix this by not creating extents for those recovered files if shrinker is
      not registered yet. Once mount is successful and shrinker is registered,
      those files can have extents again.
      Signed-off-by: NSahitya Tummala <stummala@codeaurora.org>
      Signed-off-by: NJaegeuk Kim <jaegeuk@kernel.org>
      e4589fa5
    • C
      f2fs: clean up checkpoint flow · 8ec18bff
      Chao Yu 提交于
      This patch cleans up checkpoint flow a bit:
      - remove unneeded circulation of flushing meta pages.
      - don't flush nat_bits pages in prior to other checkpoint pages.
      - add bug_on to check remained meta pages after flushing.
      Signed-off-by: NChao Yu <yuchao0@huawei.com>
      Signed-off-by: NJaegeuk Kim <jaegeuk@kernel.org>
      8ec18bff
    • J
      f2fs: flush stale issued discard candidates · 76c7bfb3
      Jaegeuk Kim 提交于
      Sometimes, I could observe # of issuing_discard to be 1 which blocks background
      jobs due to is_idle()=false.
      The only way to get out of it was to trigger gc_urgent. This patch avoids that
      by checking any candidates as done in the list.
      Signed-off-by: NJaegeuk Kim <jaegeuk@kernel.org>
      76c7bfb3
    • J
      f2fs: correct wrong spelling, issing_* · 72691af6
      Jaegeuk Kim 提交于
      Let's use "queued" instead of "issuing".
      Reviewed-by: NChao Yu <yuchao0@huawei.com>
      Signed-off-by: NJaegeuk Kim <jaegeuk@kernel.org>
      72691af6
    • J
      f2fs: use kvmalloc, if kmalloc is failed · 5222595d
      Jaegeuk Kim 提交于
      One report says memalloc failure during mount.
      
       (unwind_backtrace) from [<c010cd4c>] (show_stack+0x10/0x14)
       (show_stack) from [<c049c6b8>] (dump_stack+0x8c/0xa0)
       (dump_stack) from [<c024fcf0>] (warn_alloc+0xc4/0x160)
       (warn_alloc) from [<c0250218>] (__alloc_pages_nodemask+0x3f4/0x10d0)
       (__alloc_pages_nodemask) from [<c0270450>] (kmalloc_order_trace+0x2c/0x120)
       (kmalloc_order_trace) from [<c03fa748>] (build_node_manager+0x35c/0x688)
       (build_node_manager) from [<c03de494>] (f2fs_fill_super+0xf0c/0x16cc)
       (f2fs_fill_super) from [<c02a5864>] (mount_bdev+0x15c/0x188)
       (mount_bdev) from [<c03da624>] (f2fs_mount+0x18/0x20)
       (f2fs_mount) from [<c02a68b8>] (mount_fs+0x158/0x19c)
       (mount_fs) from [<c02c3c9c>] (vfs_kern_mount+0x78/0x134)
       (vfs_kern_mount) from [<c02c76ac>] (do_mount+0x474/0xca4)
       (do_mount) from [<c02c8264>] (SyS_mount+0x94/0xbc)
       (SyS_mount) from [<c0108180>] (ret_fast_syscall+0x0/0x48)
      Reviewed-by: NChao Yu <yuchao0@huawei.com>
      Signed-off-by: NJaegeuk Kim <jaegeuk@kernel.org>
      5222595d
    • Y
      f2fs: remove redundant comment of unused wio_mutex · af56b487
      Yunlong Song 提交于
      Commit 089842de ("f2fs: remove codes of unused wio_mutex") removes codes
      of unused wio_mutex, but missing the comment, so delete it.
      Signed-off-by: NYunlong Song <yunlong.song@huawei.com>
      Reviewed-by: NChao Yu <yuchao0@huawei.com>
      Signed-off-by: NJaegeuk Kim <jaegeuk@kernel.org>
      af56b487
  4. 14 12月, 2018 3 次提交
  5. 28 11月, 2018 1 次提交
  6. 27 11月, 2018 19 次提交