Skip to content

Commit 30a61dd

Browse files
chaseyuJaegeuk Kim
authored and
Jaegeuk Kim
committed
f2fs: fix race condition in between free nid allocator/initializer
In below concurrent case, allocated nid can be loaded into free nid cache and be allocated again. Thread A Thread B - f2fs_create - f2fs_new_inode - alloc_nid - __insert_nid_to_list(ALLOC_NID_LIST) - f2fs_balance_fs_bg - build_free_nids - __build_free_nids - scan_nat_page - add_free_nid - __lookup_nat_cache - f2fs_add_link - init_inode_metadata - new_inode_page - new_node_page - set_node_addr - alloc_nid_done - __remove_nid_from_list(ALLOC_NID_LIST) - __insert_nid_to_list(FREE_NID_LIST) This patch makes nat cache lookup and free nid list operation being atomical to avoid this race condition. Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
1 parent 5f4c3de commit 30a61dd

File tree

1 file changed

+45
-18
lines changed

1 file changed

+45
-18
lines changed

Diff for: fs/f2fs/node.c

+45-18
Original file line numberDiff line numberDiff line change
@@ -1761,40 +1761,67 @@ static void __remove_nid_from_list(struct f2fs_sb_info *sbi,
17611761
static bool add_free_nid(struct f2fs_sb_info *sbi, nid_t nid, bool build)
17621762
{
17631763
struct f2fs_nm_info *nm_i = NM_I(sbi);
1764-
struct free_nid *i;
1764+
struct free_nid *i, *e;
17651765
struct nat_entry *ne;
1766-
int err;
1766+
int err = -EINVAL;
1767+
bool ret = false;
17671768

17681769
/* 0 nid should not be used */
17691770
if (unlikely(nid == 0))
17701771
return false;
17711772

1772-
if (build) {
1773-
/* do not add allocated nids */
1774-
ne = __lookup_nat_cache(nm_i, nid);
1775-
if (ne && (!get_nat_flag(ne, IS_CHECKPOINTED) ||
1776-
nat_get_blkaddr(ne) != NULL_ADDR))
1777-
return false;
1778-
}
1779-
17801773
i = f2fs_kmem_cache_alloc(free_nid_slab, GFP_NOFS);
17811774
i->nid = nid;
17821775
i->state = NID_NEW;
17831776

1784-
if (radix_tree_preload(GFP_NOFS)) {
1785-
kmem_cache_free(free_nid_slab, i);
1786-
return true;
1787-
}
1777+
if (radix_tree_preload(GFP_NOFS))
1778+
goto err;
17881779

17891780
spin_lock(&nm_i->nid_list_lock);
1781+
1782+
if (build) {
1783+
/*
1784+
* Thread A Thread B
1785+
* - f2fs_create
1786+
* - f2fs_new_inode
1787+
* - alloc_nid
1788+
* - __insert_nid_to_list(ALLOC_NID_LIST)
1789+
* - f2fs_balance_fs_bg
1790+
* - build_free_nids
1791+
* - __build_free_nids
1792+
* - scan_nat_page
1793+
* - add_free_nid
1794+
* - __lookup_nat_cache
1795+
* - f2fs_add_link
1796+
* - init_inode_metadata
1797+
* - new_inode_page
1798+
* - new_node_page
1799+
* - set_node_addr
1800+
* - alloc_nid_done
1801+
* - __remove_nid_from_list(ALLOC_NID_LIST)
1802+
* - __insert_nid_to_list(FREE_NID_LIST)
1803+
*/
1804+
ne = __lookup_nat_cache(nm_i, nid);
1805+
if (ne && (!get_nat_flag(ne, IS_CHECKPOINTED) ||
1806+
nat_get_blkaddr(ne) != NULL_ADDR))
1807+
goto err_out;
1808+
1809+
e = __lookup_free_nid_list(nm_i, nid);
1810+
if (e) {
1811+
if (e->state == NID_NEW)
1812+
ret = true;
1813+
goto err_out;
1814+
}
1815+
}
1816+
ret = true;
17901817
err = __insert_nid_to_list(sbi, i, FREE_NID_LIST, true);
1818+
err_out:
17911819
spin_unlock(&nm_i->nid_list_lock);
17921820
radix_tree_preload_end();
1793-
if (err) {
1821+
err:
1822+
if (err)
17941823
kmem_cache_free(free_nid_slab, i);
1795-
return true;
1796-
}
1797-
return true;
1824+
return ret;
17981825
}
17991826

18001827
static void remove_free_nid(struct f2fs_sb_info *sbi, nid_t nid)

0 commit comments

Comments
 (0)