Patch "f2fs: fix to set/clear I_LINKABLE under i_lock" has been added to the 4.19-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Thu, 04 Mar 2021 22:39:55 -0500

This is a note to let you know that I've just added the patch titled

    f2fs: fix to set/clear I_LINKABLE under i_lock

to the 4.19-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     f2fs-fix-to-set-clear-i_linkable-under-i_lock.patch
and it can be found in the queue-4.19 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 1700a106dca16123c3b72f7c64c48ff5d391502a
Author: Chao Yu <yuchao0@xxxxxxxxxx>
Date:   Tue Jan 12 09:55:09 2021 +0800

    f2fs: fix to set/clear I_LINKABLE under i_lock
    
    [ Upstream commit 46085f37fc9e12d5c3539fb768b5ad7951e72acf ]
    
    fsstress + fault injection test case reports a warning message as
    below:
    
    WARNING: CPU: 13 PID: 6226 at fs/inode.c:361 inc_nlink+0x32/0x40
    Call Trace:
     f2fs_init_inode_metadata+0x25c/0x4a0 [f2fs]
     f2fs_add_inline_entry+0x153/0x3b0 [f2fs]
     f2fs_add_dentry+0x75/0x80 [f2fs]
     f2fs_do_add_link+0x108/0x160 [f2fs]
     f2fs_rename2+0x6ab/0x14f0 [f2fs]
     vfs_rename+0x70c/0x940
     do_renameat2+0x4d8/0x4f0
     __x64_sys_renameat2+0x4b/0x60
     do_syscall_64+0x33/0x80
     entry_SYSCALL_64_after_hwframe+0x44/0xa9
    
    Following race case can cause this:
    Thread A                                Kworker
    - f2fs_rename
     - f2fs_create_whiteout
      - __f2fs_tmpfile
       - f2fs_i_links_write
        - f2fs_mark_inode_dirty_sync
         - mark_inode_dirty_sync
                                            - writeback_single_inode
                                             - __writeback_single_inode
                                              - spin_lock(&inode->i_lock)
       - inode->i_state |= I_LINKABLE
                                              - inode->i_state &= ~dirty
                                              - spin_unlock(&inode->i_lock)
     - f2fs_add_link
      - f2fs_do_add_link
       - f2fs_add_dentry
        - f2fs_add_inline_entry
         - f2fs_init_inode_metadata
          - f2fs_i_links_write
           - inc_nlink
            - WARN_ON(!(inode->i_state & I_LINKABLE))
    
    Fix to add i_lock to avoid i_state update race condition.
    
    Signed-off-by: Chao Yu <yuchao0@xxxxxxxxxx>
    Signed-off-by: Jaegeuk Kim <jaegeuk@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
index 8617e742d087..e20a0f9e6845 100644
--- a/fs/f2fs/namei.c
+++ b/fs/f2fs/namei.c
@@ -772,7 +772,11 @@ static int __f2fs_tmpfile(struct inode *dir, struct dentry *dentry,
 
 	if (whiteout) {
 		f2fs_i_links_write(inode, false);
+
+		spin_lock(&inode->i_lock);
 		inode->i_state |= I_LINKABLE;
+		spin_unlock(&inode->i_lock);
+
 		*whiteout = inode;
 	} else {
 		d_tmpfile(dentry, inode);
@@ -966,7 +970,11 @@ static int f2fs_rename(struct inode *old_dir, struct dentry *old_dentry,
 		err = f2fs_add_link(old_dentry, whiteout);
 		if (err)
 			goto put_out_dir;
+
+		spin_lock(&whiteout->i_lock);
 		whiteout->i_state &= ~I_LINKABLE;
+		spin_unlock(&whiteout->i_lock);
+
 		iput(whiteout);
 	}
 






