korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-30 23:54:04 +08:00
Code Issues Packages Projects Releases Wiki Activity
930c6ab934
linux/fs/f2fs
History
Chao Yu 930c6ab934 f2fs: fix to don't set SB_RDONLY in f2fs_handle_critical_error() 
syzbot reports a f2fs bug as below:

------------[ cut here ]------------
WARNING: CPU: 1 PID: 58 at kernel/rcu/sync.c:177 rcu_sync_dtor+0xcd/0x180 kernel/rcu/sync.c:177
CPU: 1 UID: 0 PID: 58 Comm: kworker/1:2 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0
Workqueue: events destroy_super_work
RIP: 0010:rcu_sync_dtor+0xcd/0x180 kernel/rcu/sync.c:177
Call Trace:
 percpu_free_rwsem+0x41/0x80 kernel/locking/percpu-rwsem.c:42
 destroy_super_work+0xec/0x130 fs/super.c:282
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x86d/0xd40 kernel/workqueue.c:3390
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

As Christian Brauner pointed out [1]: the root cause is f2fs sets
SB_RDONLY flag in internal function, rather than setting the flag
covered w/ sb->s_umount semaphore via remount procedure, then below
race condition causes this bug:

- freeze_super()
 - sb_wait_write(sb, SB_FREEZE_WRITE)
 - sb_wait_write(sb, SB_FREEZE_PAGEFAULT)
 - sb_wait_write(sb, SB_FREEZE_FS)
					- f2fs_handle_critical_error
					 - sb->s_flags |= SB_RDONLY
- thaw_super
 - thaw_super_locked
  - sb_rdonly() is true, so it skips
    sb_freeze_unlock(sb, SB_FREEZE_FS)
  - deactivate_locked_super

Since f2fs has almost the same logic as ext4 [2] when handling critical
error in filesystem if it mounts w/ errors=remount-ro option:
- set CP_ERROR_FLAG flag which indicates filesystem is stopped
- record errors to superblock
- set SB_RDONLY falg
Once we set CP_ERROR_FLAG flag, all writable interfaces can detect the
flag and stop any further updates on filesystem. So, it is safe to not
set SB_RDONLY flag, let's remove the logic and keep in line w/ ext4 [3].

[1] https://lore.kernel.org/all/20240729-himbeeren-funknetz-96e62f9c7aee@brauner
[2] https://lore.kernel.org/all/20240729132721.hxih6ehigadqf7wx@quack3
[3] https://lore.kernel.org/linux-ext4/20240805201241.27286-1-jack@suse.cz

Fixes: b62e71be21 ("f2fs: support errors=remount-ro|continue|panic mountoption")
Reported-by: syzbot+20d7e439f76bbbd863a7@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/000000000000b90a8e061e21d12f@google.com/
Cc: Jan Kara <jack@suse.cz>
Cc: Christian Brauner <brauner@kernel.org>
Signed-off-by: Chao Yu <chao@kernel.org>
Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
2024-09-11 03:36:43 +00:00
..
acl.c f2fs: Use in_group_or_capable() helper 2024-06-25 11:15:48 +02:00
acl.h fs: port ->set_acl() to pass mnt_idmap 2023-01-19 09:24:27 +01:00
checkpoint.c f2fs: convert f2fs_handle_page_eio() to use folio 2024-09-06 23:04:47 +00:00
compress.c f2fs: get rid of page->index 2024-09-06 23:04:48 +00:00
data.c f2fs: avoid unused block when dio write in LFS mode 2024-09-11 03:30:27 +00:00
debug.c f2fs: clean up val{>>,<<}F2FS_BLKSIZE_BITS 2024-08-21 00:56:27 +00:00
dir.c f2fs: get rid of page->index 2024-09-06 23:04:48 +00:00
extent_cache.c f2fs: fix several potential integer overflows in file offsets 2024-08-05 20:18:35 +00:00
f2fs.h f2fs: add valid block ratio not to do excessive GC for one time GC 2024-09-11 03:33:08 +00:00
file.c f2fs: fix to check atomic_file in f2fs ioctl interfaces 2024-09-11 03:30:27 +00:00
gc.c f2fs: add valid block ratio not to do excessive GC for one time GC 2024-09-11 03:33:08 +00:00
gc.h f2fs: add valid block ratio not to do excessive GC for one time GC 2024-09-11 03:33:08 +00:00
hash.c f2fs: don't use casefolded comparison for "." and ".." 2022-05-17 11:19:23 -07:00
inline.c f2fs: convert f2fs_write_inline_data() to use folio 2024-09-06 23:04:47 +00:00
inode.c f2fs: prevent atomic file from being dirtied before commit 2024-09-11 03:30:27 +00:00
iostat.c f2fs: add async reset zone command support 2023-06-12 13:04:09 -07:00
iostat.h f2fs: use iostat_lat_type directly as a parameter in the iostat_update_and_unbind_ctx() 2023-02-07 10:39:28 -08:00
Kconfig fs: add CONFIG_BUFFER_HEAD 2023-08-02 09:13:09 -06:00
Makefile f2fs: separate out iostat feature 2021-08-23 10:25:51 -07:00
namei.c f2fs: get rid of online repaire on corrupted directory 2024-09-11 03:30:27 +00:00
node.c f2fs: get rid of page->index 2024-09-06 23:04:48 +00:00
node.h f2fs: use BLKS_PER_SEG, BLKS_PER_SEC, and SEGS_PER_SEC 2024-02-27 09:41:12 -08:00
recovery.c f2fs update for 6.11-rc1 2024-07-23 15:21:19 -07:00
segment.c f2fs: add valid block ratio not to do excessive GC for one time GC 2024-09-11 03:33:08 +00:00
segment.h f2fs: add valid block ratio not to do excessive GC for one time GC 2024-09-11 03:33:08 +00:00
shrinker.c f2fs: add block_age-based extent cache 2022-12-12 14:53:56 -08:00
super.c f2fs: fix to don't set SB_RDONLY in f2fs_handle_critical_error() 2024-09-11 03:36:43 +00:00
sysfs.c f2fs: add valid block ratio not to do excessive GC for one time GC 2024-09-11 03:33:08 +00:00
verity.c f2fs: fix to use per-inode maxbytes and cleanup 2024-08-15 15:26:40 +00:00
xattr.c f2fs: reduce expensive checkpoint trigger frequency 2024-08-15 15:26:39 +00:00
xattr.h f2fs: move f2fs_xattr_handlers and f2fs_xattr_handler_map to .rodata 2023-10-09 16:24:18 +02:00