From 5477c097740beedf7cdfcaa0d2f090d668d0f573 Mon Sep 17 00:00:00 2001 From: Zhiguo Niu Date: Wed, 7 Feb 2024 10:01:01 +0800 Subject: [PATCH] f2fs: correct counting methods of free_segments in __set_inuse There is a corner scenario on a small-capacity partition with 64MB size: 1. The main area has a total of 24 segments, and there are no free segments left shown from the free_segmap bitmap and free_secmap in free_segmap_info. --------------------------------------------------------------------- bitmap value: ffffffffffffffff --------------------------------------------------------------------- 2. When doing gc, an out-of-bounds segment with segno=24 is allocated. Because CONFIG_F2FS_CHECK_FS is not enabled, f2fs_bug_on in get_new_segment just print warning log but the subsequent process continues to run. --------------------------------------------------------------------- got_it: /* set it as dirty segment in free segmap */ f2fs_bug_on(sbi, test_bit(segno, free_i->free_segmap)); __set_inuse(sbi, segno); ---------------------------------------------------------------------- 3. __set_inuse directly sets free_i->free_segments--, As a result, free_i->free_segments=-1, as shown in the following coredump information: ---------------------------------------------------------------------- crash_arm64> struct free_segmap_info 0xffffff8084d9a000 -x struct free_segmap_info { start_segno = 0x7, free_segments = 0xffffffff, free_sections = 0x0, ---------------------------------------------------------------------- This is unreasonable and will cause free_segments and free_sections counts mismatch if there are segments released as free. So same counting methods like free_sections should be used to free_segments. Signed-off-by: Zhiguo Niu Signed-off-by: Jaegeuk Kim --- fs/f2fs/segment.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/segment.h b/fs/f2fs/segment.h index febcfbadcdfa..3bf2ce46fa09 100644 --- a/fs/f2fs/segment.h +++ b/fs/f2fs/segment.h @@ -461,8 +461,8 @@ static inline void __set_inuse(struct f2fs_sb_info *sbi, struct free_segmap_info *free_i = FREE_I(sbi); unsigned int secno = GET_SEC_FROM_SEG(sbi, segno); - set_bit(segno, free_i->free_segmap); - free_i->free_segments--; + if (!test_and_set_bit(segno, free_i->free_segmap)) + free_i->free_segments--; if (!test_and_set_bit(secno, free_i->free_secmap)) free_i->free_sections--; }