[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1706523721-24657-1-git-send-email-zhiguo.niu@unisoc.com>
Date: Mon, 29 Jan 2024 18:22:01 +0800
From: Zhiguo Niu <zhiguo.niu@...soc.com>
To: <jaegeuk@...nel.org>, <chao@...nel.org>
CC: <linux-f2fs-devel@...ts.sourceforge.net>, <linux-kernel@...r.kernel.org>,
<niuzhiguo84@...il.com>, <zhiguo.niu@...soc.com>, <ke.wang@...soc.com>,
<hongyu.jin@...soc.com>
Subject: [PATCH 2/3] f2fs: fix panic issue in update_sit_entry
When CONFIG_F2FS_CHECK_FS is not enabled, f2fs_bug_on just printing
warning, get_new_segment may get an out-of-bounds segment when there
is no free segments. Then a block is allocated from this invalid
segment, update_sit_entry will access the invalid bitmap address,
cause system panic. Just as below call stack:
f2fs_allocate_data_block get a block address with 0x4000 and
partition size is 64MB
[ 13.401997] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
[ 13.402003] Mem abort info:
[ 13.402006] ESR = 0x96000005
[ 13.402009] EC = 0x25: DABT (current EL), IL = 32 bits
[ 13.402015] SET = 0, FnV = 0
[ 13.402018] EA = 0, S1PTW = 0
[ 13.402021] FSC = 0x05: level 1 translation fault
[ 13.402025] Data abort info:
[ 13.402027] ISV = 0, ISS = 0x00000005
[ 13.402030] CM = 0, WnR = 0
[ 13.402034] user pgtable: 4k pages, 39-bit VAs, pgdp=00000001066ab000
[ 13.402038] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000
[ 13.402052] Internal error: Oops: 96000005 [#1] PREEMPT SMP
[ 13.489854] pc : update_sit_entry+0x128/0x420
[ 13.490497] lr : f2fs_allocate_data_block+0x6b0/0xc2c
[ 13.491218] sp : ffffffc00e023440
[ 13.501530] Call trace:
[ 13.501930] update_sit_entry+0x128/0x420
[ 13.502523] f2fs_allocate_data_block+0x6b0/0xc2c
[ 13.503203] do_write_page+0xf0/0x1d4
[ 13.503752] f2fs_outplace_write_data+0x68/0xfc
[ 13.504408] f2fs_do_write_data_page+0x3a8/0x65c
[ 13.505076] move_data_page+0x294/0x7a8
[ 13.505647] gc_data_segment+0x4b8/0x800
[ 13.506229] do_garbage_collect+0x354/0x674
[ 13.506843] f2fs_gc+0x280/0x68c
[ 13.507340] f2fs_balance_fs+0x104/0x144
[ 13.507921] f2fs_create+0x310/0x3d8
[ 13.508458] path_openat+0x53c/0xc28
[ 13.508997] do_filp_open+0xbc/0x16c
[ 13.509535] do_sys_openat2+0xa0/0x2a0
So sanity check should be add in update_sit_entry.
Also remove some redundant judgment code.
Signed-off-by: Zhiguo Niu <zhiguo.niu@...soc.com>
---
fs/f2fs/segment.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index ad6511f..f373ff7 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -2399,6 +2399,8 @@ static void update_sit_entry(struct f2fs_sb_info *sbi, block_t blkaddr, int del)
#endif
segno = GET_SEGNO(sbi, blkaddr);
+ if (segno == NULL_SEGNO)
+ return;
se = get_seg_entry(sbi, segno);
new_vblocks = se->valid_blocks + del;
@@ -3464,8 +3466,7 @@ void f2fs_allocate_data_block(struct f2fs_sb_info *sbi, struct page *page,
* since SSR needs latest valid block information.
*/
update_sit_entry(sbi, *new_blkaddr, 1);
- if (GET_SEGNO(sbi, old_blkaddr) != NULL_SEGNO)
- update_sit_entry(sbi, old_blkaddr, -1);
+ update_sit_entry(sbi, old_blkaddr, -1);
/*
* If the current segment is full, flush it out and replace it with a
--
1.9.1
Powered by blists - more mailing lists