回复: [PATCH] f2fs: fix a race condition between f2fs_write_end_io and f2fs_del_fsync_node_entry
From: Zac
Date: Wed Jun 17 2020 - 22:39:42 EST
> On 2020/6/17 17:04, zhaowuyun@xxxxxxxxxxxx wrote:
> > From: Wuyun Zhao <zhaowuyun@xxxxxxxxxxxx>
> >
> > Under some condition, the __write_node_page will submit a page which is
> not
> > f2fs_in_warm_node_list and will not call f2fs_add_fsync_node_entry.
> > f2fs_gc continue to run to invoke f2fs_iget -> do_read_inode to read the
> same node page
> > and set code node, which make f2fs_in_warm_node_list become true,
> > that will cause f2fs_bug_on in f2fs_del_fsync_node_entry when
> f2fs_write_end_io called.
> Could you please add below race condition description into commit
> message?
>
> - f2fs_write_end_io
> - f2fs_iget
> - do_read_inode
> - set_cold_node
> recover cold node flag
> - f2fs_in_warm_node_list
> - is_cold_node
> if node is cold, assume we have added
> node to fsync_node_list during writepages()
> - f2fs_del_fsync_node_entry
> - f2fs_bug_on() due to node page
> is not in fsync_node_list
Ok, will add the commit message.
> BTW, I'm curious about why we can lose cold flag for non-dir inode?
> any clue to reproduce this bug (I mean losing cold flag)?
it's a f2fs image with 25600MB
flash this image to device
the device will resize it according to the userdata partition size which is
about 94GB
the device mount the f2fs partition
then hit this f2fs_bug_on
seems that the cold flag is not been set when mkfs
I think the issue is that
1. the node page in the storage is without cold bit
2. f2fs_disable_checkpoint -> f2fs_gc -> f2fs_get_node_page, this page won't
be set cold flag
3. f2fs_move_node_page -> __write_node_page to write this page
4. f2fs_gc -> f2fs_iget -> do_read_inode to read this page and set cold flag
> >
> > [ 34.966133] Call trace:
> > [ 34.969902] f2fs_del_fsync_node_entry+0x100/0x108
> > [ 34.976071] f2fs_write_end_io+0x1e0/0x288
> > [ 34.981539] bio_endio+0x248/0x270
> > [ 34.986289] blk_update_request+0x2b0/0x4d8
> > [ 34.991841] scsi_end_request+0x40/0x440
> > [ 34.997126] scsi_io_completion+0xa4/0x748
> > [ 35.002593] scsi_finish_command+0xdc/0x110
> > [ 35.008143] scsi_softirq_done+0x118/0x150
> > [ 35.013610] blk_done_softirq+0x8c/0xe8
> > [ 35.018811] __do_softirq+0x2e8/0x578
> > [ 35.023828] irq_exit+0xfc/0x120
> > [ 35.028398] handle_IPI+0x1d8/0x330
> > [ 35.033233] gic_handle_irq+0x110/0x1d4
> > [ 35.038433] el1_irq+0xb4/0x130
> > [ 35.042917] kmem_cache_alloc+0x3f0/0x418
> > [ 35.048288] radix_tree_node_alloc+0x50/0xf8
> > [ 35.053933] __radix_tree_create+0xf8/0x188
> > [ 35.059484] __radix_tree_insert+0x3c/0x128
> > [ 35.065035] add_gc_inode+0x90/0x118
> > [ 35.069967] f2fs_gc+0x1b80/0x2d70
> > [ 35.074718] f2fs_disable_checkpoint+0x94/0x1d0
> > [ 35.080621] f2fs_fill_super+0x10c4/0x1b88
> > [ 35.086088] mount_bdev+0x194/0x1e0
> > [ 35.090923] f2fs_mount+0x40/0x50
> > [ 35.095589] mount_fs+0xb4/0x190
> > [ 35.100159] vfs_kern_mount+0x80/0x1d8
> > [ 35.105260] do_mount+0x478/0xf18
> > [ 35.109926] ksys_mount+0x90/0xd0
> > [ 35.114592] __arm64_sys_mount+0x24/0x38
> >
> > Signed-off-by: Wuyun Zhao <zhaowuyun@xxxxxxxxxxxx>
>
> Reviewed-by: Chao Yu <yuchao0@xxxxxxxxxx>
>
> Thanks,
>
> > ---
> > fs/f2fs/inode.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c
> > index be6ac33..0df5c8c 100644
> > --- a/fs/f2fs/inode.c
> > +++ b/fs/f2fs/inode.c
> > @@ -402,6 +402,7 @@ static int do_read_inode(struct inode *inode)
> >
> > /* try to recover cold bit for non-dir inode */
> > if (!S_ISDIR(inode->i_mode) && !is_cold_node(node_page)) {
> > + f2fs_wait_on_page_writeback(node_page, NODE, true, true);
> > set_cold_node(node_page, false);
> > set_page_dirty(node_page);
> > }
> >