In the Linux kernel, the following vulnerability has been resolved:
f2fs: zone: fix to avoid inconsistence in between SIT and SSA
w/ below testcase, it will cause inconsistence in between SIT and SSA.
createnullblk 512 2 1024 1024 mkfs.f2fs -m /dev/nullb0 mount /dev/nullb0 /mnt/f2fs/ touch /mnt/f2fs/file f2fs_io pinfile set /mnt/f2fs/file fallocate -l 4GiB /mnt/f2fs/file
F2FS-fs (nullb0): Inconsistent segment (0) type [1, 0] in SSA and SIT CPU: 5 UID: 0 PID: 2398 Comm: fallocate Tainted: G O 6.13.0-rc1 #84 Tainted: [O]=OOTMODULE Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 Call Trace: <TASK> dumpstacklvl+0xb3/0xd0 dumpstack+0x14/0x20 f2fshandlecriticalerror+0x18c/0x220 [f2fs] f2fsstopcheckpoint+0x38/0x50 [f2fs] dogarbagecollect+0x674/0x6e0 [f2fs] f2fsgcrange+0x12b/0x230 [f2fs] f2fsallocatepinningsection+0x5c/0x150 [f2fs] f2fsexpandinodedata+0x1cc/0x3c0 [f2fs] f2fsfallocate+0x3c3/0x410 [f2fs] vfsfallocate+0x15f/0x4b0 _x64sysfallocate+0x4a/0x80 x64syscall+0x15e8/0x1b80 dosyscall64+0x68/0x130 entrySYSCALL64afterhwframe+0x67/0x6f RIP: 0033:0x7f9dba5197ca F2FS-fs (nullb0): Stopped filesystem due to reason: 4
The reason is f2fsgcrange() may try to migrate block in curseg, however, its SSA block is not uptodate due to the last summary block data is still in cache of curseg.
In this patch, we add a condition in f2fsgcrange() to check whether section is opened or not, and skip block migration for opened section.