Skip to content

Commit ba8dac3

Browse files
chaseyuJaegeuk Kim
chaseyu
authored and
Jaegeuk Kim
committed
f2fs: fix to zero post-eof page
fstest reports a f2fs bug: generic/363 42s ... [failed, exit status 1]- output mismatch (see /share/git/fstests/results//generic/363.out.bad) --- tests/generic/363.out 2025-01-12 21:57:40.271440542 +0800 +++ /share/git/fstests/results//generic/363.out.bad 2025-05-19 19:55:58.000000000 +0800 @@ -1,2 +1,78 @@ QA output created by 363 fsx -q -S 0 -e 1 -N 100000 +READ BAD DATA: offset = 0xd6fb, size = 0xf044, fname = /mnt/f2fs/junk +OFFSET GOOD BAD RANGE +0x1540d 0x0000 0x2a25 0x0 +operation# (mod 256) for the bad data may be 37 +0x1540e 0x0000 0x2527 0x1 ... (Run 'diff -u /share/git/fstests/tests/generic/363.out /share/git/fstests/results//generic/363.out.bad' to see the entire diff) Ran: generic/363 Failures: generic/363 Failed 1 of 1 tests The root cause is user can update post-eof page via mmap [1], however, f2fs missed to zero post-eof page in below operations, so, once it expands i_size, then it will include dummy data locates previous post-eof page, so during below operations, we need to zero post-eof page. Operations which can include dummy data after previous i_size after expanding i_size: - write - mapwrite [1] - truncate - fallocate * preallocate * zero_range * insert_range * collapse_range - clone_range (doesn’t support in f2fs) - copy_range (doesn’t support in f2fs) [1] https://man7.org/linux/man-pages/man2/mmap.2.html 'BUG section' Cc: [email protected] Signed-off-by: Chao Yu <[email protected]> Reviewed-by: Zhiguo Niu <[email protected]> Signed-off-by: Jaegeuk Kim <[email protected]>
1 parent 6dea74e commit ba8dac3

File tree

1 file changed

+38
-0
lines changed

1 file changed

+38
-0
lines changed

fs/f2fs/file.c

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,17 @@
3535
#include <trace/events/f2fs.h>
3636
#include <uapi/linux/f2fs.h>
3737

38+
static void f2fs_zero_post_eof_page(struct inode *inode, loff_t new_size)
39+
{
40+
loff_t old_size = i_size_read(inode);
41+
42+
if (old_size >= new_size)
43+
return;
44+
45+
/* zero or drop pages only in range of [old_size, new_size] */
46+
truncate_pagecache(inode, old_size);
47+
}
48+
3849
static vm_fault_t f2fs_filemap_fault(struct vm_fault *vmf)
3950
{
4051
struct inode *inode = file_inode(vmf->vma->vm_file);
@@ -103,8 +114,13 @@ static vm_fault_t f2fs_vm_page_mkwrite(struct vm_fault *vmf)
103114

104115
f2fs_bug_on(sbi, f2fs_has_inline_data(inode));
105116

117+
filemap_invalidate_lock(inode->i_mapping);
118+
f2fs_zero_post_eof_page(inode, (folio->index + 1) << PAGE_SHIFT);
119+
filemap_invalidate_unlock(inode->i_mapping);
120+
106121
file_update_time(vmf->vma->vm_file);
107122
filemap_invalidate_lock_shared(inode->i_mapping);
123+
108124
folio_lock(folio);
109125
if (unlikely(folio->mapping != inode->i_mapping ||
110126
folio_pos(folio) > i_size_read(inode) ||
@@ -1109,6 +1125,8 @@ int f2fs_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
11091125
f2fs_down_write(&fi->i_gc_rwsem[WRITE]);
11101126
filemap_invalidate_lock(inode->i_mapping);
11111127

1128+
if (attr->ia_size > old_size)
1129+
f2fs_zero_post_eof_page(inode, attr->ia_size);
11121130
truncate_setsize(inode, attr->ia_size);
11131131

11141132
if (attr->ia_size <= old_size)
@@ -1227,6 +1245,10 @@ static int f2fs_punch_hole(struct inode *inode, loff_t offset, loff_t len)
12271245
if (ret)
12281246
return ret;
12291247

1248+
filemap_invalidate_lock(inode->i_mapping);
1249+
f2fs_zero_post_eof_page(inode, offset + len);
1250+
filemap_invalidate_unlock(inode->i_mapping);
1251+
12301252
pg_start = ((unsigned long long) offset) >> PAGE_SHIFT;
12311253
pg_end = ((unsigned long long) offset + len) >> PAGE_SHIFT;
12321254

@@ -1510,6 +1532,8 @@ static int f2fs_do_collapse(struct inode *inode, loff_t offset, loff_t len)
15101532
f2fs_down_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]);
15111533
filemap_invalidate_lock(inode->i_mapping);
15121534

1535+
f2fs_zero_post_eof_page(inode, offset + len);
1536+
15131537
f2fs_lock_op(sbi);
15141538
f2fs_drop_extent_tree(inode);
15151539
truncate_pagecache(inode, offset);
@@ -1631,6 +1655,10 @@ static int f2fs_zero_range(struct inode *inode, loff_t offset, loff_t len,
16311655
if (ret)
16321656
return ret;
16331657

1658+
filemap_invalidate_lock(mapping);
1659+
f2fs_zero_post_eof_page(inode, offset + len);
1660+
filemap_invalidate_unlock(mapping);
1661+
16341662
pg_start = ((unsigned long long) offset) >> PAGE_SHIFT;
16351663
pg_end = ((unsigned long long) offset + len) >> PAGE_SHIFT;
16361664

@@ -1762,6 +1790,8 @@ static int f2fs_insert_range(struct inode *inode, loff_t offset, loff_t len)
17621790
/* avoid gc operation during block exchange */
17631791
f2fs_down_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]);
17641792
filemap_invalidate_lock(mapping);
1793+
1794+
f2fs_zero_post_eof_page(inode, offset + len);
17651795
truncate_pagecache(inode, offset);
17661796

17671797
while (!ret && idx > pg_start) {
@@ -1819,6 +1849,10 @@ static int f2fs_expand_inode_data(struct inode *inode, loff_t offset,
18191849
if (err)
18201850
return err;
18211851

1852+
filemap_invalidate_lock(inode->i_mapping);
1853+
f2fs_zero_post_eof_page(inode, offset + len);
1854+
filemap_invalidate_unlock(inode->i_mapping);
1855+
18221856
f2fs_balance_fs(sbi, true);
18231857

18241858
pg_start = ((unsigned long long)offset) >> PAGE_SHIFT;
@@ -4860,6 +4894,10 @@ static ssize_t f2fs_write_checks(struct kiocb *iocb, struct iov_iter *from)
48604894
err = file_modified(file);
48614895
if (err)
48624896
return err;
4897+
4898+
filemap_invalidate_lock(inode->i_mapping);
4899+
f2fs_zero_post_eof_page(inode, iocb->ki_pos + iov_iter_count(from));
4900+
filemap_invalidate_unlock(inode->i_mapping);
48634901
return count;
48644902
}
48654903

0 commit comments

Comments
 (0)