From: wangzijie wangzijie1@honor.com
[ Upstream commit 23361bd54966b437e1ed3eb1a704572f4b279e58 ]
When we get wrong extent info data, and look up extent_node in rb tree, it will cause infinite loop (CONFIG_F2FS_CHECK_FS=n). Avoiding this by return NULL and print some kernel messages in that case.
Signed-off-by: wangzijie wangzijie1@honor.com Reviewed-by: Chao Yu chao@kernel.org Signed-off-by: Jaegeuk Kim jaegeuk@kernel.org Signed-off-by: Sasha Levin sashal@kernel.org ---
LLM Generated explanations, may be completely bogus:
YES - `fs/f2fs/extent_cache.c:601-613` now detects overlapping/ext corrupt extents while walking the rb-tree, reports the corruption with `f2fs_err_ratelimited`, and returns `NULL` instead of spinning forever; without this fix, the loop never advances when `f2fs_bug_on()` only warns (see `fs/f2fs/f2fs.h:34-41`), so CONFIG_F2FS_CHECK_FS=n kernels hit a hard hang. - The new error path still raises `f2fs_bug_on()` so debug builds keep the existing BUG_ON crash semantics, but production builds finally break out and mark the filesystem dirty, preventing a livelock while still flagging the corruption for fsck—meeting stable’s “serious user- visible bug” criterion. - Callers already cope with a `NULL` return from `__insert_extent_tree()` (e.g. `fs/f2fs/extent_cache.c:744-763`, 817-830), because allocation failures had to be tolerated before; the change therefore carries minimal regression risk and stays confined to extent-cache error handling rather than touching normal fast paths.
Given the severe hang it eliminates and the very localized, low-risk fix, this is a solid candidate for backporting to the stable trees.
fs/f2fs/extent_cache.c | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/fs/f2fs/extent_cache.c b/fs/f2fs/extent_cache.c index 199c1e7a83ef3..ba0a07bfd3463 100644 --- a/fs/f2fs/extent_cache.c +++ b/fs/f2fs/extent_cache.c @@ -604,7 +604,13 @@ static struct extent_node *__insert_extent_tree(struct f2fs_sb_info *sbi, p = &(*p)->rb_right; leftmost = false; } else { + f2fs_err_ratelimited(sbi, "%s: corrupted extent, type: %d, " + "extent node in rb tree [%u, %u, %u], age [%llu, %llu], " + "extent node to insert [%u, %u, %u], age [%llu, %llu]", + __func__, et->type, en->ei.fofs, en->ei.blk, en->ei.len, en->ei.age, + en->ei.last_blocks, ei->fofs, ei->blk, ei->len, ei->age, ei->last_blocks); f2fs_bug_on(sbi, 1); + return NULL; } }