From ebfffb995330baf066dfe1339e12045c956190d9 Mon Sep 17 00:00:00 2001 From: Sahitya Tummala Date: Mon, 26 Nov 2018 09:03:00 +0530 Subject: [PATCH] f2fs: fix sbi->extent_list corruption issue When there is a failure in f2fs_fill_super() after/during the recovery of fsync'd nodes, it frees the current sbi and retries again. This time the mount is successful, but the files that got recovered before retry, still holds the extent tree, whose extent nodes list is corrupted since sbi and sbi->extent_list is freed up. The list_del corruption issue is observed when the file system is getting unmounted and when those recoverd files extent node is being freed up in the below context. list_del corruption. prev->next should be fffffff1e1ef5480, but was (null) <...> kernel BUG at kernel/msm-4.14/lib/list_debug.c:53! task: fffffff1f46f2280 task.stack: ffffff8008068000 lr : __list_del_entry_valid+0x94/0xb4 pc : __list_del_entry_valid+0x94/0xb4 <...> Call trace: __list_del_entry_valid+0x94/0xb4 __release_extent_node+0xb0/0x114 __free_extent_tree+0x58/0x7c f2fs_shrink_extent_tree+0xdc/0x3b0 f2fs_leave_shrinker+0x28/0x7c f2fs_put_super+0xfc/0x1e0 generic_shutdown_super+0x70/0xf4 kill_block_super+0x2c/0x5c kill_f2fs_super+0x44/0x50 deactivate_locked_super+0x60/0x8c deactivate_super+0x68/0x74 cleanup_mnt+0x40/0x78 __cleanup_mnt+0x1c/0x28 task_work_run+0x48/0xd0 do_notify_resume+0x678/0xe98 work_pending+0x8/0x14 Fix this by cleaning up inodes, extent tree and nodes of those recovered files before freeing up sbi and before next retry. Change-Id: Ib7c9d055250faad25774d3113f2bc003c854839b Signed-off-by: Sahitya Tummala --- fs/f2fs/f2fs.h | 1 + fs/f2fs/shrinker.c | 2 +- fs/f2fs/super.c | 13 ++++++++++++- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index 02480fce8ec4..e376bd6150f8 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -3172,6 +3172,7 @@ struct rb_entry *__lookup_rb_tree_ret(struct rb_root *root, bool __check_rb_tree_consistence(struct f2fs_sb_info *sbi, struct rb_root *root); unsigned int f2fs_shrink_extent_tree(struct f2fs_sb_info *sbi, int nr_shrink); +unsigned long __count_extent_cache(struct f2fs_sb_info *sbi); bool f2fs_init_extent_tree(struct inode *inode, struct f2fs_extent *i_ext); void f2fs_drop_extent_tree(struct inode *inode); unsigned int f2fs_destroy_extent_node(struct inode *inode); diff --git a/fs/f2fs/shrinker.c b/fs/f2fs/shrinker.c index 0b5664a1a6cc..75e353bfe4a3 100644 --- a/fs/f2fs/shrinker.c +++ b/fs/f2fs/shrinker.c @@ -33,7 +33,7 @@ static unsigned long __count_free_nids(struct f2fs_sb_info *sbi) return count > 0 ? count : 0; } -static unsigned long __count_extent_cache(struct f2fs_sb_info *sbi) +unsigned long __count_extent_cache(struct f2fs_sb_info *sbi) { return atomic_read(&sbi->total_zombie_tree) + atomic_read(&sbi->total_ext_node); diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index ecd760311721..00137aa5a03b 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -2637,6 +2637,16 @@ static void f2fs_tuning_parameters(struct f2fs_sb_info *sbi) } } +static void f2fs_cleanup_inodes(struct f2fs_sb_info *sbi) +{ + struct super_block *sb = sbi->sb; + + sync_filesystem(sb); + shrink_dcache_sb(sb); + evict_inodes(sb); + f2fs_shrink_extent_tree(sbi, __count_extent_cache(sbi)); +} + static int f2fs_fill_super(struct super_block *sb, void *data, int silent) { struct f2fs_sb_info *sbi; @@ -3011,6 +3021,8 @@ free_meta: * falls into an infinite loop in sync_meta_pages(). */ truncate_inode_pages_final(META_MAPPING(sbi)); + /* cleanup recovery and quota inodes */ + f2fs_cleanup_inodes(sbi); #ifdef CONFIG_QUOTA free_sysfs: #endif @@ -3057,7 +3069,6 @@ free_sbi: /* give only one another chance */ if (retry) { retry = false; - shrink_dcache_sb(sb); goto try_onemore; } return err;