From nobody Fri Jun 12 22:48:40 2026 Received: from n169-113.mail.139.com (n169-113.mail.139.com [120.232.169.113]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 17E60384CEA; Tue, 12 May 2026 07:54:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=120.232.169.113 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778572485; cv=none; b=XoNstmsYDGWdMpGXywihQ+GZ5WCnEwLeCe52L3qIWviTsrtCVf3pGR+54H0yD1fsK1//EfEle2JkjoPZ/7KlIZYqUVItRDsecqzaJVN3UFAOra2m4rLA9vSFFSJui7sXiRmlLReQA9SFBcSWLhDeEpCMKX9oeO0ziqAClRlxdIg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778572485; c=relaxed/simple; bh=6EDL9raGXfByox3oaH/k4k5wGOqaWkoJs4ZpYC3v3+0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gXozknTlM7kjKRIelq5CIOV8n7nM1y+4cKoh+hdGp584cSvDTjU9teRU/x/g4kB+PyBi/6MWiEDRknlQn/7IL8DQArYFUDYJbEwk+s9Wcu8OwVXJBuJHZozOA/E66akb18uxOZubwI8VLOsdLKSYTetd2MFQ07iZMJB19QBHhW4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=139.com; spf=pass smtp.mailfrom=139.com; dkim=pass (1024-bit key) header.d=139.com header.i=@139.com header.b=rzoFvf/Z; arc=none smtp.client-ip=120.232.169.113 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=139.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=139.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=139.com header.i=@139.com header.b="rzoFvf/Z" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=139.com; s=dkim; l=0; h=from:subject:message-id:to:cc:mime-version; bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=; b=rzoFvf/ZslP86NaenDIxwzW6sksISYbHcEOEyJSe3Rf8AutC2bDo48ZDJlnkfLynnQZJrbxM5jzgw HFOB0p7lVUH4kwo18tHMHQxc8VzgW82FWYxmOLaPOK+izZARDbwZ7QrfVa6D+PgpQwIStBWzQgSIKW Vk5B/rqTEfMdsym0= X-RM-TagInfo: emlType=0 X-RM-SPAM: X-RM-SPAM-FLAG: 00000000 Received: from (unknown[183.241.54.211]) by rmsmtp-lg-appmail-34-12048 (RichMail) with SMTP id 2f106a02dbb77b4-017d6; Tue, 12 May 2026 15:50:23 +0800 (CST) X-RM-TRANSID: 2f106a02dbb77b4-017d6 From: Bin Lan To: gregkh@linuxfoundation.org, sashal@kernel.org, stable@vger.kernel.org Cc: linux-kernel@vger.kernel.org, lanbincn@139.com, zhiguo.niu@unisoc.com, baocong.liu@unisoc.com, chao@kernel.org, jaegeuk@kernel.org, daehojeong@google.com Subject: [PATCH 6.1.y 1/2] f2fs: compress: change the first parameter of page_array_{alloc,free} to sbi Date: Tue, 12 May 2026 15:50:09 +0800 Message-ID: <20260512075010.29584-2-lanbincn@139.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260512075010.29584-1-lanbincn@139.com> References: <20260512075010.29584-1-lanbincn@139.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Zhiguo Niu [ Upstream commit 8e2a9b656474d67c55010f2c003ea2cf889a19ff ] No logic changes, just cleanup and prepare for fixing the UAF issue in f2fs_free_dic. Signed-off-by: Zhiguo Niu Signed-off-by: Baocong Liu Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim Signed-off-by: Bin Lan --- fs/f2fs/compress.c | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/fs/f2fs/compress.c b/fs/f2fs/compress.c index 84585dba86a5..656c11a821c2 100644 --- a/fs/f2fs/compress.c +++ b/fs/f2fs/compress.c @@ -23,20 +23,18 @@ static struct kmem_cache *cic_entry_slab; static struct kmem_cache *dic_entry_slab; =20 -static void *page_array_alloc(struct inode *inode, int nr) +static void *page_array_alloc(struct f2fs_sb_info *sbi, int nr) { - struct f2fs_sb_info *sbi =3D F2FS_I_SB(inode); unsigned int size =3D sizeof(struct page *) * nr; =20 if (likely(size <=3D sbi->page_array_slab_size)) return f2fs_kmem_cache_alloc(sbi->page_array_slab, - GFP_F2FS_ZERO, false, F2FS_I_SB(inode)); + GFP_F2FS_ZERO, false, sbi); return f2fs_kzalloc(sbi, size, GFP_NOFS); } =20 -static void page_array_free(struct inode *inode, void *pages, int nr) +static void page_array_free(struct f2fs_sb_info *sbi, void *pages, int nr) { - struct f2fs_sb_info *sbi =3D F2FS_I_SB(inode); unsigned int size =3D sizeof(struct page *) * nr; =20 if (!pages) @@ -145,13 +143,13 @@ int f2fs_init_compress_ctx(struct compress_ctx *cc) if (cc->rpages) return 0; =20 - cc->rpages =3D page_array_alloc(cc->inode, cc->cluster_size); + cc->rpages =3D page_array_alloc(F2FS_I_SB(cc->inode), cc->cluster_size); return cc->rpages ? 0 : -ENOMEM; } =20 void f2fs_destroy_compress_ctx(struct compress_ctx *cc, bool reuse) { - page_array_free(cc->inode, cc->rpages, cc->cluster_size); + page_array_free(F2FS_I_SB(cc->inode), cc->rpages, cc->cluster_size); cc->rpages =3D NULL; cc->nr_rpages =3D 0; cc->nr_cpages =3D 0; @@ -640,6 +638,7 @@ static void *f2fs_vmap(struct page **pages, unsigned in= t count) =20 static int f2fs_compress_pages(struct compress_ctx *cc) { + struct f2fs_sb_info *sbi =3D F2FS_I_SB(cc->inode); struct f2fs_inode_info *fi =3D F2FS_I(cc->inode); const struct f2fs_compress_ops *cops =3D f2fs_cops[fi->i_compress_algorithm]; @@ -660,7 +659,7 @@ static int f2fs_compress_pages(struct compress_ctx *cc) cc->nr_cpages =3D DIV_ROUND_UP(max_len, PAGE_SIZE); cc->valid_nr_cpages =3D cc->nr_cpages; =20 - cc->cpages =3D page_array_alloc(cc->inode, cc->nr_cpages); + cc->cpages =3D page_array_alloc(sbi, cc->nr_cpages); if (!cc->cpages) { ret =3D -ENOMEM; goto destroy_compress_ctx; @@ -742,7 +741,7 @@ static int f2fs_compress_pages(struct compress_ctx *cc) if (cc->cpages[i]) f2fs_compress_free_page(cc->cpages[i]); } - page_array_free(cc->inode, cc->cpages, cc->nr_cpages); + page_array_free(sbi, cc->cpages, cc->nr_cpages); cc->cpages =3D NULL; destroy_compress_ctx: if (cops->destroy_compress_ctx) @@ -1308,7 +1307,7 @@ static int f2fs_write_compressed_pages(struct compres= s_ctx *cc, cic->magic =3D F2FS_COMPRESSED_PAGE_MAGIC; cic->inode =3D inode; atomic_set(&cic->pending_pages, cc->valid_nr_cpages); - cic->rpages =3D page_array_alloc(cc->inode, cc->cluster_size); + cic->rpages =3D page_array_alloc(sbi, cc->cluster_size); if (!cic->rpages) goto out_put_cic; =20 @@ -1401,13 +1400,13 @@ static int f2fs_write_compressed_pages(struct compr= ess_ctx *cc, spin_unlock(&fi->i_size_lock); =20 f2fs_put_rpages(cc); - page_array_free(cc->inode, cc->cpages, cc->nr_cpages); + page_array_free(sbi, cc->cpages, cc->nr_cpages); cc->cpages =3D NULL; f2fs_destroy_compress_ctx(cc, false); return 0; =20 out_destroy_crypt: - page_array_free(cc->inode, cic->rpages, cc->cluster_size); + page_array_free(sbi, cic->rpages, cc->cluster_size); =20 for (--i; i >=3D 0; i--) fscrypt_finalize_bounce_page(&cc->cpages[i]); @@ -1425,7 +1424,7 @@ static int f2fs_write_compressed_pages(struct compres= s_ctx *cc, f2fs_compress_free_page(cc->cpages[i]); cc->cpages[i] =3D NULL; } - page_array_free(cc->inode, cc->cpages, cc->nr_cpages); + page_array_free(sbi, cc->cpages, cc->nr_cpages); cc->cpages =3D NULL; return -EAGAIN; } @@ -1455,7 +1454,7 @@ void f2fs_compress_write_end_io(struct bio *bio, stru= ct page *page) end_page_writeback(cic->rpages[i]); } =20 - page_array_free(cic->inode, cic->rpages, cic->nr_rpages); + page_array_free(sbi, cic->rpages, cic->nr_rpages); kmem_cache_free(cic_entry_slab, cic); } =20 @@ -1593,7 +1592,7 @@ static int f2fs_prepare_decomp_mem(struct decompress_= io_ctx *dic, if (!allow_memalloc_for_decomp(F2FS_I_SB(dic->inode), pre_alloc)) return 0; =20 - dic->tpages =3D page_array_alloc(dic->inode, dic->cluster_size); + dic->tpages =3D page_array_alloc(F2FS_I_SB(dic->inode), dic->cluster_size= ); if (!dic->tpages) return -ENOMEM; =20 @@ -1655,7 +1654,7 @@ struct decompress_io_ctx *f2fs_alloc_dic(struct compr= ess_ctx *cc) if (!dic) return ERR_PTR(-ENOMEM); =20 - dic->rpages =3D page_array_alloc(cc->inode, cc->cluster_size); + dic->rpages =3D page_array_alloc(sbi, cc->cluster_size); if (!dic->rpages) { kmem_cache_free(dic_entry_slab, dic); return ERR_PTR(-ENOMEM); @@ -1676,7 +1675,7 @@ struct decompress_io_ctx *f2fs_alloc_dic(struct compr= ess_ctx *cc) dic->rpages[i] =3D cc->rpages[i]; dic->nr_rpages =3D cc->cluster_size; =20 - dic->cpages =3D page_array_alloc(dic->inode, dic->nr_cpages); + dic->cpages =3D page_array_alloc(sbi, dic->nr_cpages); if (!dic->cpages) { ret =3D -ENOMEM; goto out_free; @@ -1711,6 +1710,7 @@ static void f2fs_free_dic(struct decompress_io_ctx *d= ic, bool bypass_destroy_callback) { int i; + struct f2fs_sb_info *sbi =3D F2FS_I_SB(dic->inode); =20 f2fs_release_decomp_mem(dic, bypass_destroy_callback, true); =20 @@ -1722,7 +1722,7 @@ static void f2fs_free_dic(struct decompress_io_ctx *d= ic, continue; f2fs_compress_free_page(dic->tpages[i]); } - page_array_free(dic->inode, dic->tpages, dic->cluster_size); + page_array_free(sbi, dic->tpages, dic->cluster_size); } =20 if (dic->cpages) { @@ -1731,10 +1731,10 @@ static void f2fs_free_dic(struct decompress_io_ctx = *dic, continue; f2fs_compress_free_page(dic->cpages[i]); } - page_array_free(dic->inode, dic->cpages, dic->nr_cpages); + page_array_free(sbi, dic->cpages, dic->nr_cpages); } =20 - page_array_free(dic->inode, dic->rpages, dic->nr_rpages); + page_array_free(sbi, dic->rpages, dic->nr_rpages); kmem_cache_free(dic_entry_slab, dic); } =20 --=20 2.43.0 From nobody Fri Jun 12 22:48:40 2026 Received: from n169-113.mail.139.com (n169-113.mail.139.com [120.232.169.113]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 521C8384CDA; Tue, 12 May 2026 07:54:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=120.232.169.113 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778572486; cv=none; b=jVFD3DD4IPu+gc99EFeI4kHUCZhkq0kWOqGu/lhTz0FqMQuNXfIyJlqz3mH47vT6i8IHHTWWb3dhH7BgL2o9QvRgOs5psCrn8wRfVXf+gD9ZaXP4eEck6WS1vlqPmqHgMQFPTUXF+PcNXV8G4blAlmYXGRGexJ9HMi0/+hROAu4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778572486; c=relaxed/simple; bh=BBd3oPN/GygXJFiJyRdVBk9Kwg5oz3+YzlP56uzXf08=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ZC5mLi7VSfQRwB7WQWvx53vLaKwAMAgXQV/TxrhUxawOi2eRKVJYCIPySHzX8YnQMlUj6M5AZTb0yK91cs6vpL0wx1RMp4axwqYkd3CY3cTn4btthzWNhQjo71H84dhfOzPuynBfejU9N7v9L7Q5SHd/d0OeOuojIEhLpw7CTSE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=139.com; spf=pass smtp.mailfrom=139.com; dkim=pass (1024-bit key) header.d=139.com header.i=@139.com header.b=QMUz3MML; arc=none smtp.client-ip=120.232.169.113 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=139.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=139.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=139.com header.i=@139.com header.b="QMUz3MML" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=139.com; s=dkim; l=0; h=from:subject:message-id:to:cc:mime-version; bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=; b=QMUz3MMLPvxdB5oHjT4ogZDWz3xKRGKowz9u/DXHgfZ1+3wxjPXNOX7/QEI2lFz6YCyYdw+0BfGJX BaQlh4DPAJA7pnwAORq5UVC3lpqvsEitZwxrm9js9+NxBDG1LDRb8Jm1T0RY5G8a7j2ZHgeiTGq2sM rwS3WZv9MTXdSk8E= X-RM-TagInfo: emlType=0 X-RM-SPAM: X-RM-SPAM-FLAG: 00000000 Received: from (unknown[183.241.54.211]) by rmsmtp-lg-appmail-34-12048 (RichMail) with SMTP id 2f106a02dbb77b4-017d8; Tue, 12 May 2026 15:50:24 +0800 (CST) X-RM-TRANSID: 2f106a02dbb77b4-017d8 From: Bin Lan To: gregkh@linuxfoundation.org, sashal@kernel.org, stable@vger.kernel.org Cc: linux-kernel@vger.kernel.org, lanbincn@139.com, zhiguo.niu@unisoc.com, baocong.liu@unisoc.com, chao@kernel.org, jaegeuk@kernel.org, daehojeong@google.com Subject: [PATCH 6.1.y 2/2] f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic Date: Tue, 12 May 2026 15:50:10 +0800 Message-ID: <20260512075010.29584-3-lanbincn@139.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260512075010.29584-1-lanbincn@139.com> References: <20260512075010.29584-1-lanbincn@139.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Zhiguo Niu [ Upstream commit 39868685c2a94a70762bc6d77dc81d781d05bff5 ] The decompress_io_ctx may be released asynchronously after I/O completion. If this file is deleted immediately after read, and the kworker of processing post_read_wq has not been executed yet due to high workloads, It is possible that the inode(f2fs_inode_info) is evicted and freed before it is used f2fs_free_dic. The UAF case as below: Thread A Thread B - f2fs_decompress_end_io - f2fs_put_dic - queue_work add free_dic work to post_read_wq - do_unlink - iput - evict - call_rcu This file is deleted after read. Thread C kworker to process post_read_wq - rcu_do_batch - f2fs_free_inode - kmem_cache_free inode is freed by rcu - process_scheduled_works - f2fs_late_free_dic - f2fs_free_dic - f2fs_release_decomp_mem read (dic->inode)->i_compress_algorit= hm This patch store compress_algorithm and sbi in dic to avoid inode UAF. In addition, the previous solution is deprecated in [1] may cause system ha= ng. [1] https://lore.kernel.org/all/c36ab955-c8db-4a8b-a9d0-f07b5f426c3f@kernel= .org Cc: Daeho Jeong Fixes: bff139b49d9f ("f2fs: handle decompress only post processing in softi= rq") Signed-off-by: Zhiguo Niu Signed-off-by: Baocong Liu Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim [ No changes are made to the code logic; F2FS_I_SB(dic->inode) is replaced with dic->sbi in v6.1. ] Signed-off-by: Bin Lan --- fs/f2fs/compress.c | 40 ++++++++++++++++++++-------------------- fs/f2fs/f2fs.h | 2 ++ 2 files changed, 22 insertions(+), 20 deletions(-) diff --git a/fs/f2fs/compress.c b/fs/f2fs/compress.c index 656c11a821c2..a49baab05013 100644 --- a/fs/f2fs/compress.c +++ b/fs/f2fs/compress.c @@ -211,14 +211,14 @@ static int lzo_decompress_pages(struct decompress_io_= ctx *dic) dic->rbuf, &dic->rlen); if (ret !=3D LZO_E_OK) { printk_ratelimited("%sF2FS-fs (%s): lzo decompress failed, ret:%d\n", - KERN_ERR, F2FS_I_SB(dic->inode)->sb->s_id, ret); + KERN_ERR, dic->sbi->sb->s_id, ret); return -EIO; } =20 if (dic->rlen !=3D PAGE_SIZE << dic->log_cluster_size) { printk_ratelimited("%sF2FS-fs (%s): lzo invalid rlen:%zu, " "expected:%lu\n", KERN_ERR, - F2FS_I_SB(dic->inode)->sb->s_id, + dic->sbi->sb->s_id, dic->rlen, PAGE_SIZE << dic->log_cluster_size); return -EIO; @@ -307,14 +307,14 @@ static int lz4_decompress_pages(struct decompress_io_= ctx *dic) dic->clen, dic->rlen); if (ret < 0) { printk_ratelimited("%sF2FS-fs (%s): lz4 decompress failed, ret:%d\n", - KERN_ERR, F2FS_I_SB(dic->inode)->sb->s_id, ret); + KERN_ERR, dic->sbi->sb->s_id, ret); return -EIO; } =20 if (ret !=3D PAGE_SIZE << dic->log_cluster_size) { printk_ratelimited("%sF2FS-fs (%s): lz4 invalid ret:%d, " "expected:%lu\n", KERN_ERR, - F2FS_I_SB(dic->inode)->sb->s_id, ret, + dic->sbi->sb->s_id, ret, PAGE_SIZE << dic->log_cluster_size); return -EIO; } @@ -437,7 +437,7 @@ static int zstd_init_decompress_ctx(struct decompress_i= o_ctx *dic) =20 workspace_size =3D zstd_dstream_workspace_bound(max_window_size); =20 - workspace =3D f2fs_kvmalloc(F2FS_I_SB(dic->inode), + workspace =3D f2fs_kvmalloc(dic->sbi, workspace_size, GFP_NOFS); if (!workspace) return -ENOMEM; @@ -445,7 +445,7 @@ static int zstd_init_decompress_ctx(struct decompress_i= o_ctx *dic) stream =3D zstd_init_dstream(max_window_size, workspace, workspace_size); if (!stream) { printk_ratelimited("%sF2FS-fs (%s): %s zstd_init_dstream failed\n", - KERN_ERR, F2FS_I_SB(dic->inode)->sb->s_id, + KERN_ERR, dic->sbi->sb->s_id, __func__); kvfree(workspace); return -EIO; @@ -482,7 +482,7 @@ static int zstd_decompress_pages(struct decompress_io_c= tx *dic) ret =3D zstd_decompress_stream(stream, &outbuf, &inbuf); if (zstd_is_error(ret)) { printk_ratelimited("%sF2FS-fs (%s): %s zstd_decompress_stream failed, re= t: %d\n", - KERN_ERR, F2FS_I_SB(dic->inode)->sb->s_id, + KERN_ERR, dic->sbi->sb->s_id, __func__, zstd_get_error_code(ret)); return -EIO; } @@ -490,7 +490,7 @@ static int zstd_decompress_pages(struct decompress_io_c= tx *dic) if (dic->rlen !=3D outbuf.pos) { printk_ratelimited("%sF2FS-fs (%s): %s ZSTD invalid rlen:%zu, " "expected:%lu\n", KERN_ERR, - F2FS_I_SB(dic->inode)->sb->s_id, + dic->sbi->sb->s_id, __func__, dic->rlen, PAGE_SIZE << dic->log_cluster_size); return -EIO; @@ -759,7 +759,7 @@ static void f2fs_release_decomp_mem(struct decompress_i= o_ctx *dic, =20 void f2fs_decompress_cluster(struct decompress_io_ctx *dic, bool in_task) { - struct f2fs_sb_info *sbi =3D F2FS_I_SB(dic->inode); + struct f2fs_sb_info *sbi =3D dic->sbi; struct f2fs_inode_info *fi =3D F2FS_I(dic->inode); const struct f2fs_compress_ops *cops =3D f2fs_cops[fi->i_compress_algorithm]; @@ -832,7 +832,7 @@ void f2fs_end_read_compressed_page(struct page *page, b= ool failed, { struct decompress_io_ctx *dic =3D (struct decompress_io_ctx *)page_private(page); - struct f2fs_sb_info *sbi =3D F2FS_I_SB(dic->inode); + struct f2fs_sb_info *sbi =3D dic->sbi; =20 dec_page_count(sbi, F2FS_RD_DATA); =20 @@ -1585,14 +1585,13 @@ static inline bool allow_memalloc_for_decomp(struct= f2fs_sb_info *sbi, static int f2fs_prepare_decomp_mem(struct decompress_io_ctx *dic, bool pre_alloc) { - const struct f2fs_compress_ops *cops =3D - f2fs_cops[F2FS_I(dic->inode)->i_compress_algorithm]; + const struct f2fs_compress_ops *cops =3D f2fs_cops[dic->compress_algorith= m]; int i; =20 - if (!allow_memalloc_for_decomp(F2FS_I_SB(dic->inode), pre_alloc)) + if (!allow_memalloc_for_decomp(dic->sbi, pre_alloc)) return 0; =20 - dic->tpages =3D page_array_alloc(F2FS_I_SB(dic->inode), dic->cluster_size= ); + dic->tpages =3D page_array_alloc(dic->sbi, dic->cluster_size); if (!dic->tpages) return -ENOMEM; =20 @@ -1624,10 +1623,9 @@ static int f2fs_prepare_decomp_mem(struct decompress= _io_ctx *dic, static void f2fs_release_decomp_mem(struct decompress_io_ctx *dic, bool bypass_destroy_callback, bool pre_alloc) { - const struct f2fs_compress_ops *cops =3D - f2fs_cops[F2FS_I(dic->inode)->i_compress_algorithm]; + const struct f2fs_compress_ops *cops =3D f2fs_cops[dic->compress_algorith= m]; =20 - if (!allow_memalloc_for_decomp(F2FS_I_SB(dic->inode), pre_alloc)) + if (!allow_memalloc_for_decomp(dic->sbi, pre_alloc)) return; =20 if (!bypass_destroy_callback && cops->destroy_decompress_ctx) @@ -1662,6 +1660,8 @@ struct decompress_io_ctx *f2fs_alloc_dic(struct compr= ess_ctx *cc) =20 dic->magic =3D F2FS_COMPRESSED_PAGE_MAGIC; dic->inode =3D cc->inode; + dic->sbi =3D sbi; + dic->compress_algorithm =3D F2FS_I(cc->inode)->i_compress_algorithm; atomic_set(&dic->remaining_pages, cc->nr_cpages); dic->cluster_idx =3D cc->cluster_idx; dic->cluster_size =3D cc->cluster_size; @@ -1710,7 +1710,8 @@ static void f2fs_free_dic(struct decompress_io_ctx *d= ic, bool bypass_destroy_callback) { int i; - struct f2fs_sb_info *sbi =3D F2FS_I_SB(dic->inode); + /* use sbi in dic to avoid UFA of dic->inode*/ + struct f2fs_sb_info *sbi =3D dic->sbi; =20 f2fs_release_decomp_mem(dic, bypass_destroy_callback, true); =20 @@ -1753,8 +1754,7 @@ static void f2fs_put_dic(struct decompress_io_ctx *di= c, bool in_task) f2fs_free_dic(dic, false); } else { INIT_WORK(&dic->free_work, f2fs_late_free_dic); - queue_work(F2FS_I_SB(dic->inode)->post_read_wq, - &dic->free_work); + queue_work(dic->sbi->post_read_wq, &dic->free_work); } } } diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index bbb86e215698..faa6efe1ceaf 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -1546,6 +1546,7 @@ struct compress_io_ctx { struct decompress_io_ctx { u32 magic; /* magic number to indicate page is compressed */ struct inode *inode; /* inode the context belong to */ + struct f2fs_sb_info *sbi; /* f2fs_sb_info pointer */ pgoff_t cluster_idx; /* cluster index number */ unsigned int cluster_size; /* page count in cluster */ unsigned int log_cluster_size; /* log of cluster size */ @@ -1586,6 +1587,7 @@ struct decompress_io_ctx { =20 bool failed; /* IO error occurred before decompression? */ bool need_verity; /* need fs-verity verification after decompression? */ + unsigned char compress_algorithm; /* backup algorithm type */ void *private; /* payload buffer for specified decompression algorithm = */ void *private2; /* extra payload buffer */ struct work_struct verity_work; /* work to verify the decompressed pages = */ --=20 2.43.0