fs/f2fs/data.c | 28 ++++++++++++---------------- 1 file changed, 12 insertions(+), 16 deletions(-)
We missed to unlock folio in error path of f2fs_read_data_large_folio(),
fix it.
With below testcase, it can reproduce the bug.
touch /mnt/f2fs/file
truncate -s $((1024*1024*1024)) /mnt/f2fs/file
f2fs_io setflags immutable /mnt/f2fs/file
sync
echo 3 > /proc/sys/vm/drop_caches
time dd if=/mnt/f2fs/file of=/dev/null bs=1M count=1024
f2fs_io clearflags immutable /mnt/f2fs/file
echo 1 > /proc/sys/vm/drop_caches
time dd if=/mnt/f2fs/file of=/dev/null bs=1M count=1024
time dd if=/mnt/f2fs/file of=/dev/null bs=1M count=1024
Signed-off-by: Chao Yu <chao@kernel.org>
---
Changelog:
- this patch is based on Nanzhe Zhao's patchset
fs/f2fs/data.c | 28 ++++++++++++----------------
1 file changed, 12 insertions(+), 16 deletions(-)
diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
index eeeb70bff101..a2c4769d0ae1 100644
--- a/fs/f2fs/data.c
+++ b/fs/f2fs/data.c
@@ -2462,11 +2462,11 @@ static int f2fs_read_data_large_folio(struct inode *inode,
int ret = 0;
bool folio_in_bio;
- if (!IS_IMMUTABLE(inode))
- return -EOPNOTSUPP;
-
- if (f2fs_compressed_file(inode))
+ if (!IS_IMMUTABLE(inode) || f2fs_compressed_file(inode)) {
+ if (folio)
+ folio_unlock(folio);
return -EOPNOTSUPP;
+ }
map.m_seg_type = NO_CHECK_TYPE;
@@ -2569,22 +2569,18 @@ static int f2fs_read_data_large_folio(struct inode *inode,
last_block_in_bio = block_nr;
}
trace_f2fs_read_folio(folio, DATA);
- if (rac) {
- if (!folio_in_bio) {
- if (!ret)
- folio_mark_uptodate(folio);
- folio_unlock(folio);
- }
- folio = readahead_folio(rac);
- goto next_folio;
- }
+
err_out:
- /* Nothing was submitted. */
- if (!bio) {
+ if (!folio_in_bio) {
if (!ret)
folio_mark_uptodate(folio);
folio_unlock(folio);
- return ret;
+ if (ret)
+ return ret;
+ }
+ if (rac) {
+ folio = readahead_folio(rac);
+ goto next_folio;
}
out:
f2fs_submit_read_bio(F2FS_I_SB(inode), bio, DATA);
--
2.40.1On 01/12, Chao Yu wrote:
> We missed to unlock folio in error path of f2fs_read_data_large_folio(),
> fix it.
>
> With below testcase, it can reproduce the bug.
>
> touch /mnt/f2fs/file
> truncate -s $((1024*1024*1024)) /mnt/f2fs/file
> f2fs_io setflags immutable /mnt/f2fs/file
> sync
> echo 3 > /proc/sys/vm/drop_caches
> time dd if=/mnt/f2fs/file of=/dev/null bs=1M count=1024
> f2fs_io clearflags immutable /mnt/f2fs/file
> echo 1 > /proc/sys/vm/drop_caches
> time dd if=/mnt/f2fs/file of=/dev/null bs=1M count=1024
> time dd if=/mnt/f2fs/file of=/dev/null bs=1M count=1024
>
> Signed-off-by: Chao Yu <chao@kernel.org>
> ---
> Changelog:
> - this patch is based on Nanzhe Zhao's patchset
Please rebase on top of dev-test?
> fs/f2fs/data.c | 28 ++++++++++++----------------
> 1 file changed, 12 insertions(+), 16 deletions(-)
>
> diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
> index eeeb70bff101..a2c4769d0ae1 100644
> --- a/fs/f2fs/data.c
> +++ b/fs/f2fs/data.c
> @@ -2462,11 +2462,11 @@ static int f2fs_read_data_large_folio(struct inode *inode,
> int ret = 0;
> bool folio_in_bio;
>
> - if (!IS_IMMUTABLE(inode))
> - return -EOPNOTSUPP;
> -
> - if (f2fs_compressed_file(inode))
> + if (!IS_IMMUTABLE(inode) || f2fs_compressed_file(inode)) {
> + if (folio)
> + folio_unlock(folio);
> return -EOPNOTSUPP;
> + }
>
> map.m_seg_type = NO_CHECK_TYPE;
>
> @@ -2569,22 +2569,18 @@ static int f2fs_read_data_large_folio(struct inode *inode,
> last_block_in_bio = block_nr;
> }
> trace_f2fs_read_folio(folio, DATA);
> - if (rac) {
> - if (!folio_in_bio) {
> - if (!ret)
> - folio_mark_uptodate(folio);
> - folio_unlock(folio);
> - }
> - folio = readahead_folio(rac);
> - goto next_folio;
> - }
> +
> err_out:
> - /* Nothing was submitted. */
> - if (!bio) {
> + if (!folio_in_bio) {
> if (!ret)
> folio_mark_uptodate(folio);
> folio_unlock(folio);
> - return ret;
> + if (ret)
> + return ret;
> + }
> + if (rac) {
> + folio = readahead_folio(rac);
> + goto next_folio;
> }
> out:
> f2fs_submit_read_bio(F2FS_I_SB(inode), bio, DATA);
> --
> 2.40.1
© 2016 - 2026 Red Hat, Inc.