<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/fs/f2fs/debug.c, branch linux-3.12.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>f2fs: set -&gt;owner for debugfs status file's file_operations</title>
<updated>2017-01-26T16:22:37+00:00</updated>
<author>
<name>Nicolai Stange</name>
<email>nicstange@gmail.com</email>
</author>
<published>2016-11-20T18:57:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=5b0d12d3f0fb677c0cfaaf0b6a934866ec2e3f9a'/>
<id>5b0d12d3f0fb677c0cfaaf0b6a934866ec2e3f9a</id>
<content type='text'>
commit 05e6ea2685c964db1e675a24a4f4e2adc22d2388 upstream.

The struct file_operations instance serving the f2fs/status debugfs file
lacks an initialization of its -&gt;owner.

This means that although that file might have been opened, the f2fs module
can still get removed. Any further operation on that opened file, releasing
included,  will cause accesses to unmapped memory.

Indeed, Mike Marshall reported the following:

  BUG: unable to handle kernel paging request at ffffffffa0307430
  IP: [&lt;ffffffff8132a224&gt;] full_proxy_release+0x24/0x90
  &lt;...&gt;
  Call Trace:
   [] __fput+0xdf/0x1d0
   [] ____fput+0xe/0x10
   [] task_work_run+0x8e/0xc0
   [] do_exit+0x2ae/0xae0
   [] ? __audit_syscall_entry+0xae/0x100
   [] ? syscall_trace_enter+0x1ca/0x310
   [] do_group_exit+0x44/0xc0
   [] SyS_exit_group+0x14/0x20
   [] do_syscall_64+0x61/0x150
   [] entry_SYSCALL64_slow_path+0x25/0x25
  &lt;...&gt;
  ---[ end trace f22ae883fa3ea6b8 ]---
  Fixing recursive fault but reboot is needed!

Fix this by initializing the f2fs/status file_operations' -&gt;owner with
THIS_MODULE.

This will allow debugfs to grab a reference to the f2fs module upon any
open on that file, thus preventing it from getting removed.

Fixes: 902829aa0b72 ("f2fs: move proc files to debugfs")
Reported-by: Mike Marshall &lt;hubcap@omnibond.com&gt;
Reported-by: Martin Brandenburg &lt;martin@omnibond.com&gt;
Signed-off-by: Nicolai Stange &lt;nicstange@gmail.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk@kernel.org&gt;
Signed-off-by: Jiri Slaby &lt;jslaby@suse.cz&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 05e6ea2685c964db1e675a24a4f4e2adc22d2388 upstream.

The struct file_operations instance serving the f2fs/status debugfs file
lacks an initialization of its -&gt;owner.

This means that although that file might have been opened, the f2fs module
can still get removed. Any further operation on that opened file, releasing
included,  will cause accesses to unmapped memory.

Indeed, Mike Marshall reported the following:

  BUG: unable to handle kernel paging request at ffffffffa0307430
  IP: [&lt;ffffffff8132a224&gt;] full_proxy_release+0x24/0x90
  &lt;...&gt;
  Call Trace:
   [] __fput+0xdf/0x1d0
   [] ____fput+0xe/0x10
   [] task_work_run+0x8e/0xc0
   [] do_exit+0x2ae/0xae0
   [] ? __audit_syscall_entry+0xae/0x100
   [] ? syscall_trace_enter+0x1ca/0x310
   [] do_group_exit+0x44/0xc0
   [] SyS_exit_group+0x14/0x20
   [] do_syscall_64+0x61/0x150
   [] entry_SYSCALL64_slow_path+0x25/0x25
  &lt;...&gt;
  ---[ end trace f22ae883fa3ea6b8 ]---
  Fixing recursive fault but reboot is needed!

Fix this by initializing the f2fs/status file_operations' -&gt;owner with
THIS_MODULE.

This will allow debugfs to grab a reference to the f2fs module upon any
open on that file, thus preventing it from getting removed.

Fixes: 902829aa0b72 ("f2fs: move proc files to debugfs")
Reported-by: Mike Marshall &lt;hubcap@omnibond.com&gt;
Reported-by: Martin Brandenburg &lt;martin@omnibond.com&gt;
Signed-off-by: Nicolai Stange &lt;nicstange@gmail.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk@kernel.org&gt;
Signed-off-by: Jiri Slaby &lt;jslaby@suse.cz&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>f2fs: use seq_puts()/seq_putc() rather than seq_printf() where possible</title>
<updated>2013-07-30T06:17:03+00:00</updated>
<author>
<name>Gu Zheng</name>
<email>guz.fnst@cn.fujitsu.com</email>
</author>
<published>2013-07-22T08:33:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=2d219c518882d2b2bac77742a6a8979c9dad051a'/>
<id>2d219c518882d2b2bac77742a6a8979c9dad051a</id>
<content type='text'>
For string without format specifiers, using seq_puts()/seq_putc()
instead of seq_printf().

Signed-off-by: Gu Zheng &lt;guz.fnst@cn.fujitsu.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk.kim@samsung.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
For string without format specifiers, using seq_puts()/seq_putc()
instead of seq_printf().

Signed-off-by: Gu Zheng &lt;guz.fnst@cn.fujitsu.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk.kim@samsung.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>f2fs: add a help func F2FS_STAT() to get the f2fs_stat_info</title>
<updated>2013-07-30T06:17:02+00:00</updated>
<author>
<name>Gu Zheng</name>
<email>guz.fnst@cn.fujitsu.com</email>
</author>
<published>2013-07-12T06:47:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=963d4f7d7be6f9dba77362941921c33034fee91e'/>
<id>963d4f7d7be6f9dba77362941921c33034fee91e</id>
<content type='text'>
Add a help func F2FS_STAT() to get the f2fs_stat_info.

Signed-off-by: Gu Zheng &lt;guz.fnst@cn.fujitsu.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk.kim@samsung.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Add a help func F2FS_STAT() to get the f2fs_stat_info.

Signed-off-by: Gu Zheng &lt;guz.fnst@cn.fujitsu.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk.kim@samsung.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>f2fs: use list_for_each_entry rather than list_for_each_entry_safe</title>
<updated>2013-05-28T06:03:02+00:00</updated>
<author>
<name>majianpeng</name>
<email>majianpeng@gmail.com</email>
</author>
<published>2013-05-14T12:06:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=145b04e5ed66033b5a3d315394dd1384e3f5f70a'/>
<id>145b04e5ed66033b5a3d315394dd1384e3f5f70a</id>
<content type='text'>
We can do this, since now we use a global mutex, f2fs_stat_mutex to protect its
list operations.

Signed-off-by: Jianpeng Ma &lt;majianpeng@gmail.com&gt;
[Jaegeuk Kim: add description]
Signed-off-by: Jaegeuk Kim &lt;jaegeuk.kim@samsung.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
We can do this, since now we use a global mutex, f2fs_stat_mutex to protect its
list operations.

Signed-off-by: Jianpeng Ma &lt;majianpeng@gmail.com&gt;
[Jaegeuk Kim: add description]
Signed-off-by: Jaegeuk Kim &lt;jaegeuk.kim@samsung.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>f2fs: remove useless #include &lt;linux/proc_fs.h&gt; as we're now using sysfs as debug entry.</title>
<updated>2013-04-30T03:07:32+00:00</updated>
<author>
<name>Haicheng Li</name>
<email>haicheng.li@linux.intel.com</email>
</author>
<published>2013-04-28T11:16:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=b743ba78ae4c7c6a6e08e623af824b6208f58019'/>
<id>b743ba78ae4c7c6a6e08e623af824b6208f58019</id>
<content type='text'>
Signed-off-by: Haicheng Li &lt;haicheng.li@linux.intel.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk.kim@samsung.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Signed-off-by: Haicheng Li &lt;haicheng.li@linux.intel.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk.kim@samsung.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>f2fs: change GC bitmaps to apply the section granularity</title>
<updated>2013-04-03T08:27:49+00:00</updated>
<author>
<name>Jaegeuk Kim</name>
<email>jaegeuk.kim@samsung.com</email>
</author>
<published>2013-03-31T04:26:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=5ec4e49f9bd753e2a6857a96e01f8ae5ff00b459'/>
<id>5ec4e49f9bd753e2a6857a96e01f8ae5ff00b459</id>
<content type='text'>
This patch removes a bitmap for victim segments selected by foreground GC, and
modifies the other bitmap for victim segments selected by background GC.

1) foreground GC bitmap
 : We don't need to manage this, since we just only one previous victim section
   number instead of the whole victim history.
   The f2fs uses the victim section number in order not to allocate currently
   GC'ed section to current active logs.

2) background GC bitmap
 : This bitmap is used to avoid selecting victims repeatedly by background GCs.
   In addition, the victims are able to be selected by foreground GCs, since
   there is no need to read victim blocks during foreground GCs.

   By the fact that the foreground GC reclaims segments in a section unit, it'd
   be better to manage this bitmap based on the section granularity.

Reviewed-by: Namjae Jeon &lt;namjae.jeon@samsung.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk.kim@samsung.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This patch removes a bitmap for victim segments selected by foreground GC, and
modifies the other bitmap for victim segments selected by background GC.

1) foreground GC bitmap
 : We don't need to manage this, since we just only one previous victim section
   number instead of the whole victim history.
   The f2fs uses the victim section number in order not to allocate currently
   GC'ed section to current active logs.

2) background GC bitmap
 : This bitmap is used to avoid selecting victims repeatedly by background GCs.
   In addition, the victims are able to be selected by foreground GCs, since
   there is no need to read victim blocks during foreground GCs.

   By the fact that the foreground GC reclaims segments in a section unit, it'd
   be better to manage this bitmap based on the section granularity.

Reviewed-by: Namjae Jeon &lt;namjae.jeon@samsung.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk.kim@samsung.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>f2fs: introduce TOTAL_SECS macro</title>
<updated>2013-04-03T07:23:10+00:00</updated>
<author>
<name>Jaegeuk Kim</name>
<email>jaegeuk.kim@samsung.com</email>
</author>
<published>2013-03-31T03:39:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=53cf95222fad7a962cc03fb61a33e37bcf4f5c9d'/>
<id>53cf95222fad7a962cc03fb61a33e37bcf4f5c9d</id>
<content type='text'>
Let's use a macro to get the total number of sections.

Reviewed-by: Namjae Jeon &lt;namjae.jeon@samsung.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk.kim@samsung.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Let's use a macro to get the total number of sections.

Reviewed-by: Namjae Jeon &lt;namjae.jeon@samsung.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk.kim@samsung.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>f2fs: add device name in debugfs</title>
<updated>2013-02-11T22:15:01+00:00</updated>
<author>
<name>majianpeng</name>
<email>majianpeng@gmail.com</email>
</author>
<published>2013-02-01T07:00:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=f83759e28372e593879f4dd20eb6c5ba6c4f393a'/>
<id>f83759e28372e593879f4dd20eb6c5ba6c4f393a</id>
<content type='text'>
In file status, it can't distinguish between different devices.
So add device name to do this function.

Signed-off-by: Jianpeng Ma &lt;majianpeng@gmail.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk.kim@samsung.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
In file status, it can't distinguish between different devices.
So add device name to do this function.

Signed-off-by: Jianpeng Ma &lt;majianpeng@gmail.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk.kim@samsung.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>f2fs: fix the debugfs entry creation path</title>
<updated>2013-01-15T11:19:15+00:00</updated>
<author>
<name>Namjae Jeon</name>
<email>linkinjeon@gmail.com</email>
</author>
<published>2013-01-15T10:58:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4589d25d015c2d02bb5f7075d0cbf6dcf23a33c0'/>
<id>4589d25d015c2d02bb5f7075d0cbf6dcf23a33c0</id>
<content type='text'>
As the "status" debugfs entry will be maintained for entire F2FS filesystem
irrespective of the number of partitions.
So, we can move the initialization to the init part of the f2fs and destroy will
be done from exit part. After making changes, for individual partition mount -
entry creation code will not be executed.

Signed-off-by: Jianpeng Ma &lt;majianpeng@gmail.com&gt;
Signed-off-by: Namjae Jeon &lt;namjae.jeon@samsung.com&gt;
Signed-off-by: Amit Sahrawat &lt;a.sahrawat@samsung.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk.kim@samsung.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
As the "status" debugfs entry will be maintained for entire F2FS filesystem
irrespective of the number of partitions.
So, we can move the initialization to the init part of the f2fs and destroy will
be done from exit part. After making changes, for individual partition mount -
entry creation code will not be executed.

Signed-off-by: Jianpeng Ma &lt;majianpeng@gmail.com&gt;
Signed-off-by: Namjae Jeon &lt;namjae.jeon@samsung.com&gt;
Signed-off-by: Amit Sahrawat &lt;a.sahrawat@samsung.com&gt;
Signed-off-by: Jaegeuk Kim &lt;jaegeuk.kim@samsung.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>f2fs: add global mutex_lock to protect f2fs_stat_list</title>
<updated>2013-01-15T11:18:29+00:00</updated>
<author>
<name>majianpeng</name>
<email>majianpeng@gmail.com</email>
</author>
<published>2013-01-14T12:08:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=66af62ce7588736ae65edfdb1c0df597775c4d21'/>
<id>66af62ce7588736ae65edfdb1c0df597775c4d21</id>
<content type='text'>
There is an race condition between umounting f2fs and reading f2fs/status, which
results in oops.

Fox example:
Thread A			Thread B
umount f2fs 			cat f2fs/status

f2fs_destroy_stats() {		stat_show() {
				 list_for_each_entry_safe(&amp;f2fs_stat_list)
 list_del(&amp;si-&gt;stat_list);
 mutex_lock(&amp;si-&gt;stat_lock);
 si-&gt;sbi = NULL;
 mutex_unlock(&amp;si-&gt;stat_lock);
 kfree(sbi-&gt;stat_info);
} 				 mutex_lock(&amp;si-&gt;stat_lock) &lt;- si is gone.
				 ...
				}

Solution with a global lock: f2fs_stat_mutex:
Thread A			Thread B
umount f2fs 			cat f2fs/status

f2fs_destroy_stats() {		stat_show() {
 mutex_lock(&amp;f2fs_stat_mutex);
 list_del(&amp;si-&gt;stat_list);
 mutex_unlock(&amp;f2fs_stat_mutex);
 kfree(sbi-&gt;stat_info);		 mutex_lock(&amp;f2fs_stat_mutex);
}				 list_for_each_entry_safe(&amp;f2fs_stat_list)
				 ...
				 mutex_unlock(&amp;f2fs_stat_mutex);
				}

Signed-off-by: Jianpeng Ma &lt;majianpeng@gmail.com&gt;
[jaegeuk.kim@samsung.com: fix typos, description, and remove the existing lock]
Signed-off-by: Jaegeuk Kim &lt;jaegeuk.kim@samsung.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
There is an race condition between umounting f2fs and reading f2fs/status, which
results in oops.

Fox example:
Thread A			Thread B
umount f2fs 			cat f2fs/status

f2fs_destroy_stats() {		stat_show() {
				 list_for_each_entry_safe(&amp;f2fs_stat_list)
 list_del(&amp;si-&gt;stat_list);
 mutex_lock(&amp;si-&gt;stat_lock);
 si-&gt;sbi = NULL;
 mutex_unlock(&amp;si-&gt;stat_lock);
 kfree(sbi-&gt;stat_info);
} 				 mutex_lock(&amp;si-&gt;stat_lock) &lt;- si is gone.
				 ...
				}

Solution with a global lock: f2fs_stat_mutex:
Thread A			Thread B
umount f2fs 			cat f2fs/status

f2fs_destroy_stats() {		stat_show() {
 mutex_lock(&amp;f2fs_stat_mutex);
 list_del(&amp;si-&gt;stat_list);
 mutex_unlock(&amp;f2fs_stat_mutex);
 kfree(sbi-&gt;stat_info);		 mutex_lock(&amp;f2fs_stat_mutex);
}				 list_for_each_entry_safe(&amp;f2fs_stat_list)
				 ...
				 mutex_unlock(&amp;f2fs_stat_mutex);
				}

Signed-off-by: Jianpeng Ma &lt;majianpeng@gmail.com&gt;
[jaegeuk.kim@samsung.com: fix typos, description, and remove the existing lock]
Signed-off-by: Jaegeuk Kim &lt;jaegeuk.kim@samsung.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
