OpenCloudOS-Kernel/fs/f2fs
Chao Yu 649ec8b30d f2fs: fix to don't set SB_RDONLY in f2fs_handle_critical_error()
[ Upstream commit 930c6ab93492c4b15436524e704950b364b2930c ]

syzbot reports a f2fs bug as below:

------------[ cut here ]------------
WARNING: CPU: 1 PID: 58 at kernel/rcu/sync.c:177 rcu_sync_dtor+0xcd/0x180 kernel/rcu/sync.c:177
CPU: 1 UID: 0 PID: 58 Comm: kworker/1:2 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0
Workqueue: events destroy_super_work
RIP: 0010:rcu_sync_dtor+0xcd/0x180 kernel/rcu/sync.c:177
Call Trace:
 percpu_free_rwsem+0x41/0x80 kernel/locking/percpu-rwsem.c:42
 destroy_super_work+0xec/0x130 fs/super.c:282
 process_one_work kernel/workqueue.c:3231 [inline]
 process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312
 worker_thread+0x86d/0xd40 kernel/workqueue.c:3390
 kthread+0x2f0/0x390 kernel/kthread.c:389
 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

As Christian Brauner pointed out [1]: the root cause is f2fs sets
SB_RDONLY flag in internal function, rather than setting the flag
covered w/ sb->s_umount semaphore via remount procedure, then below
race condition causes this bug:

- freeze_super()
 - sb_wait_write(sb, SB_FREEZE_WRITE)
 - sb_wait_write(sb, SB_FREEZE_PAGEFAULT)
 - sb_wait_write(sb, SB_FREEZE_FS)
					- f2fs_handle_critical_error
					 - sb->s_flags |= SB_RDONLY
- thaw_super
 - thaw_super_locked
  - sb_rdonly() is true, so it skips
    sb_freeze_unlock(sb, SB_FREEZE_FS)
  - deactivate_locked_super

Since f2fs has almost the same logic as ext4 [2] when handling critical
error in filesystem if it mounts w/ errors=remount-ro option:
- set CP_ERROR_FLAG flag which indicates filesystem is stopped
- record errors to superblock
- set SB_RDONLY falg
Once we set CP_ERROR_FLAG flag, all writable interfaces can detect the
flag and stop any further updates on filesystem. So, it is safe to not
set SB_RDONLY flag, let's remove the logic and keep in line w/ ext4 [3].

[1] https://lore.kernel.org/all/20240729-himbeeren-funknetz-96e62f9c7aee@brauner
[2] https://lore.kernel.org/all/20240729132721.hxih6ehigadqf7wx@quack3
[3] https://lore.kernel.org/linux-ext4/20240805201241.27286-1-jack@suse.cz

Fixes: b62e71be21 ("f2fs: support errors=remount-ro|continue|panic mountoption")
Reported-by: syzbot+20d7e439f76bbbd863a7@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/000000000000b90a8e061e21d12f@google.com/
Cc: Jan Kara <jack@suse.cz>
Cc: Christian Brauner <brauner@kernel.org>
Signed-off-by: Chao Yu <chao@kernel.org>
Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-10-04 16:29:37 +02:00
..
Kconfig fs: add CONFIG_BUFFER_HEAD 2023-08-02 09:13:09 -06:00
Makefile f2fs: separate out iostat feature 2021-08-23 10:25:51 -07:00
acl.c fs: port i_{g,u}id_into_vfs{g,u}id() to mnt_idmap 2023-01-19 09:24:29 +01:00
acl.h fs: port ->set_acl() to pass mnt_idmap 2023-01-19 09:24:27 +01:00
checkpoint.c f2fs: fix to update user block counts in block_operations() 2024-08-03 08:54:36 +02:00
compress.c f2fs: compress: don't redirty sparse cluster during {,de}compress 2024-10-04 16:29:37 +02:00
data.c f2fs: compress: do sanity check on cluster when CONFIG_F2FS_CHECK_FS is on 2024-10-04 16:29:37 +02:00
debug.c f2fs: use BLKS_PER_SEG, BLKS_PER_SEC, and SEGS_PER_SEC 2024-06-12 11:12:28 +02:00
dir.c f2fs: support printk_ratelimited() in f2fs_printk() 2024-06-12 11:12:27 +02:00
extent_cache.c f2fs: fix to cover read extent cache access with lock 2024-08-19 06:04:29 +02:00
f2fs.h f2fs: get rid of online repaire on corrupted directory 2024-10-04 16:29:37 +02:00
file.c f2fs: compress: don't redirty sparse cluster during {,de}compress 2024-10-04 16:29:37 +02:00
gc.c f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC 2024-08-19 06:04:29 +02:00
gc.h f2fs: Fix system crash due to lack of free space in LFS 2023-04-10 10:58:45 -07:00
hash.c f2fs: don't use casefolded comparison for "." and ".." 2022-05-17 11:19:23 -07:00
inline.c f2fs: fix to do sanity check on blocks for inline_data inode 2024-09-08 07:54:47 +02:00
inode.c f2fs: prevent atomic file from being dirtied before commit 2024-10-04 16:29:37 +02:00
iostat.c f2fs: add async reset zone command support 2023-06-12 13:04:09 -07:00
iostat.h f2fs: use iostat_lat_type directly as a parameter in the iostat_update_and_unbind_ctx() 2023-02-07 10:39:28 -08:00
namei.c f2fs: get rid of online repaire on corrupted directory 2024-10-04 16:29:37 +02:00
node.c f2fs: fix to release node block count in error path of f2fs_new_node_page() 2024-06-12 11:12:30 +02:00
node.h f2fs: use BLKS_PER_SEG, BLKS_PER_SEC, and SEGS_PER_SEC 2024-06-12 11:12:28 +02:00
recovery.c f2fs: use BLKS_PER_SEG, BLKS_PER_SEC, and SEGS_PER_SEC 2024-06-12 11:12:28 +02:00
segment.c f2fs: prevent atomic file from being dirtied before commit 2024-10-04 16:29:37 +02:00
segment.h f2fs: fix start segno of large section 2024-08-03 08:54:35 +02:00
shrinker.c f2fs: add block_age-based extent cache 2022-12-12 14:53:56 -08:00
super.c f2fs: fix to don't set SB_RDONLY in f2fs_handle_critical_error() 2024-10-04 16:29:37 +02:00
sysfs.c f2fs: check validation of fault attrs in f2fs_build_fault_attr() 2024-07-11 12:49:09 +02:00
verity.c f2fs-for-6.3-rc1 2023-02-27 16:18:51 -08:00
xattr.c f2fs: reduce expensive checkpoint trigger frequency 2024-10-04 16:29:36 +02:00
xattr.h f2fs: cleanup MIN_INLINE_XATTR_SIZE 2023-06-26 06:07:10 -07:00