lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20260112013052.7623-1-chao@kernel.org>
Date: Mon, 12 Jan 2026 09:30:52 +0800
From: Chao Yu <chao@...nel.org>
To: jaegeuk@...nel.org
Cc: linux-f2fs-devel@...ts.sourceforge.net,
	linux-kernel@...r.kernel.org,
	Chao Yu <chao@...nel.org>
Subject: [PATCH] f2fs: fix to unlock folio in f2fs_read_data_large_folio()

We missed to unlock folio in error path of f2fs_read_data_large_folio(),
fix it.

With below testcase, it can reproduce the bug.

touch /mnt/f2fs/file
truncate -s $((1024*1024*1024)) /mnt/f2fs/file
f2fs_io setflags immutable /mnt/f2fs/file
sync
echo 3 > /proc/sys/vm/drop_caches
time dd if=/mnt/f2fs/file of=/dev/null bs=1M count=1024
f2fs_io clearflags immutable /mnt/f2fs/file
echo 1 > /proc/sys/vm/drop_caches
time dd if=/mnt/f2fs/file of=/dev/null bs=1M count=1024
time dd if=/mnt/f2fs/file of=/dev/null bs=1M count=1024

Signed-off-by: Chao Yu <chao@...nel.org>
---
Changelog:
- this patch is based on Nanzhe Zhao's patchset
 fs/f2fs/data.c | 28 ++++++++++++----------------
 1 file changed, 12 insertions(+), 16 deletions(-)

diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
index eeeb70bff101..a2c4769d0ae1 100644
--- a/fs/f2fs/data.c
+++ b/fs/f2fs/data.c
@@ -2462,11 +2462,11 @@ static int f2fs_read_data_large_folio(struct inode *inode,
 	int ret = 0;
 	bool folio_in_bio;
 
-	if (!IS_IMMUTABLE(inode))
-		return -EOPNOTSUPP;
-
-	if (f2fs_compressed_file(inode))
+	if (!IS_IMMUTABLE(inode) || f2fs_compressed_file(inode)) {
+		if (folio)
+			folio_unlock(folio);
 		return -EOPNOTSUPP;
+	}
 
 	map.m_seg_type = NO_CHECK_TYPE;
 
@@ -2569,22 +2569,18 @@ static int f2fs_read_data_large_folio(struct inode *inode,
 		last_block_in_bio = block_nr;
 	}
 	trace_f2fs_read_folio(folio, DATA);
-	if (rac) {
-		if (!folio_in_bio) {
-			if (!ret)
-				folio_mark_uptodate(folio);
-			folio_unlock(folio);
-		}
-		folio = readahead_folio(rac);
-		goto next_folio;
-	}
+
 err_out:
-	/* Nothing was submitted. */
-	if (!bio) {
+	if (!folio_in_bio) {
 		if (!ret)
 			folio_mark_uptodate(folio);
 		folio_unlock(folio);
-		return ret;
+		if (ret)
+			return ret;
+	}
+	if (rac) {
+		folio = readahead_folio(rac);
+		goto next_folio;
 	}
 out:
 	f2fs_submit_read_bio(F2FS_I_SB(inode), bio, DATA);
-- 
2.40.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ