evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/fs/f2fs
History
Chao Yu 045aac482a f2fs: fix to do sanity check with current segment number 
[ Upstream commit 042be0f849e5fc24116d0afecfaf926eed5cac63 ]

https://bugzilla.kernel.org/show_bug.cgi?id=200219

Reproduction way:
- mount image
- run poc code
- umount image

F2FS-fs (loop1): Bitmap was wrongly set, blk:15364
------------[ cut here ]------------
kernel BUG at /home/yuchao/git/devf2fs/segment.c:2061!
invalid opcode: 0000 [#1] PREEMPT SMP
CPU: 2 PID: 17686 Comm: umount Tainted: G        W  O      4.18.0-rc2+ #39
Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
EIP: update_sit_entry+0x459/0x4e0 [f2fs]
Code: e8 1c b5 fd ff 0f 0b 0f 0b 8b 45 e4 c7 44 24 08 9c 7a 6c f8 c7 44 24 04 bc 4a 6c f8 89 44 24 0c 8b 06 89 04 24 e8 f7 b4 fd ff <0f> 0b 8b 45 e4 0f b6 d2 89 54 24 10 c7 44 24 08 60 7a 6c f8 c7 44
EAX: 00000032 EBX: 000000f8 ECX: 00000002 EDX: 00000001
ESI: d7177000 EDI: f520fe68 EBP: d6477c6c ESP: d6477c34
DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010282
CR0: 80050033 CR2: b7fbe000 CR3: 2a99b3c0 CR4: 000406f0
Call Trace:
 f2fs_allocate_data_block+0x124/0x580 [f2fs]
 do_write_page+0x78/0x150 [f2fs]
 f2fs_do_write_node_page+0x25/0xa0 [f2fs]
 __write_node_page+0x2bf/0x550 [f2fs]
 f2fs_sync_node_pages+0x60e/0x6d0 [f2fs]
 ? sync_inode_metadata+0x2f/0x40
 ? f2fs_write_checkpoint+0x28f/0x7d0 [f2fs]
 ? up_write+0x1e/0x80
 f2fs_write_checkpoint+0x2a9/0x7d0 [f2fs]
 ? mark_held_locks+0x5d/0x80
 ? _raw_spin_unlock_irq+0x27/0x50
 kill_f2fs_super+0x68/0x90 [f2fs]
 deactivate_locked_super+0x3d/0x70
 deactivate_super+0x40/0x60
 cleanup_mnt+0x39/0x70
 __cleanup_mnt+0x10/0x20
 task_work_run+0x81/0xa0
 exit_to_usermode_loop+0x59/0xa7
 do_fast_syscall_32+0x1f5/0x22c
 entry_SYSENTER_32+0x53/0x86
EIP: 0xb7f95c51
Code: c1 1e f7 ff ff 89 e5 8b 55 08 85 d2 8b 81 64 cd ff ff 74 02 89 02 5d c3 8b 0c 24 c3 8b 1c 24 c3 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76
EAX: 00000000 EBX: 0871ab90 ECX: bfb2cd00 EDX: 00000000
ESI: 00000000 EDI: 0871ab90 EBP: 0871ab90 ESP: bfb2cd7c
DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000246
Modules linked in: f2fs(O) crc32_generic bnep rfcomm bluetooth ecdh_generic snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq pcbc joydev aesni_intel snd_seq_device aes_i586 snd_timer crypto_simd snd cryptd soundcore mac_hid serio_raw video i2c_piix4 parport_pc ppdev lp parport hid_generic psmouse usbhid hid e1000 [last unloaded: f2fs]
---[ end trace d423f83982cfcdc5 ]---

The reason is, different log headers using the same segment, once
one log's next block address is used by another log, it will cause
panic as above.

Main area: 24 segs, 24 secs 24 zones
  - COLD  data: 0, 0, 0
  - WARM  data: 1, 1, 1
  - HOT   data: 20, 20, 20
  - Dir   dnode: 22, 22, 22
  - File   dnode: 22, 22, 22
  - Indir nodes: 21, 21, 21

So this patch adds sanity check to detect such condition to avoid
this issue.

Signed-off-by: Chao Yu <yuchao0@huawei.com>

Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>

Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-04-27 09:33:58 +02:00
..
acl.c f2fs: fix wrong return value of f2fs_acl_create 2019-02-20 10:13:06 +01:00
acl.h
checkpoint.c f2fs: fix invalid memory access 2019-01-26 09:42:48 +01:00
crypto.c f2fs crypto: replace some BUG_ON()'s with error checks 2017-10-27 10:23:18 +02:00
crypto_fname.c f2fs crypto: replace some BUG_ON()'s with error checks 2017-10-27 10:23:18 +02:00
crypto_key.c fscrypt: fix dereference of NULL user_key_payload 2017-10-27 10:23:18 +02:00
crypto_policy.c fscrypt: fix context consistency check when key(s) unavailable 2017-05-25 14:30:11 +02:00
data.c f2fs: fix to do sanity check with block address in main area v2 2019-01-26 09:42:48 +01:00
debug.c f2fs: set ->owner for debugfs status file's file_operations 2017-01-06 11:16:13 +01:00
dir.c f2fs: fix to convert inline directory correctly 2019-01-26 09:42:45 +01:00
extent_cache.c f2fs: fix a bug caused by NULL extent tree 2018-03-03 10:19:41 +01:00
f2fs.h f2fs: fix to do sanity check with block address in main area 2019-01-26 09:42:48 +01:00
f2fs_crypto.h fscrypt: remove broken support for detecting keyring key revocation 2017-03-31 09:49:54 +02:00
file.c f2fs: move dir data flush to write checkpoint process 2019-02-20 10:13:06 +01:00
gc.c f2fs: relax node version check for victim data in gc 2018-03-22 09:23:22 +01:00
gc.h f2fs: support synchronous gc in ioctl 2015-10-09 16:20:56 -07:00
hash.c f2fs: check entire encrypted bigname when finding a dentry 2017-05-25 14:30:11 +02:00
inline.c f2fs: fix to do sanity check with reserved blkaddr of inline inode 2019-01-26 09:42:48 +01:00
inode.c f2fs: fix to do sanity check with block address in main area v2 2019-01-26 09:42:48 +01:00
Kconfig f2fs: fix typo 2015-08-21 22:43:32 -07:00
Makefile f2fs: maintain extent cache in separated file 2015-08-04 14:09:58 -07:00
namei.c do d_instantiate/unlock_new_inode combinations safely 2018-05-30 07:48:52 +02:00
node.c f2fs: read page index before freeing 2019-02-06 19:43:05 +01:00
node.h f2fs: use crc and cp version to determine roll-forward recovery 2019-01-26 09:42:46 +01:00
recovery.c f2fs: introduce and spread verify_blkaddr 2019-01-26 09:42:48 +01:00
segment.c f2fs: introduce and spread verify_blkaddr 2019-01-26 09:42:48 +01:00
segment.h f2fs: fix to do sanity check with block address in main area 2019-01-26 09:42:48 +01:00
shrinker.c f2fs: shrink free_nids entries 2015-08-20 09:00:06 -07:00
super.c f2fs: fix to do sanity check with current segment number 2019-04-27 09:33:58 +02:00
trace.c f2fs: do not use mutex lock in atomic context 2019-04-27 09:33:49 +02:00
trace.h
xattr.c f2fs: xattr simplifications 2015-11-13 20:34:34 -05:00
xattr.h f2fs crypto: add encryption xattr support 2015-05-28 15:41:47 -07:00