f2fs: fix double lock for inode page during roll-foward recovery

If the inode is same and its data index are needed to truncate, we can fall into
double lock for its inode page via get_dnode_of_data.

Error case is like this.

1. write data 1, 2, 3, 4, 5 in inode #4.
2. write data 100, 102, 103, 104, 105 in dnode #6 of inode #4.
3. sync
4. update data 100->106 in dnode #6.
5. fsync inode #4.
6. power-cut

-> Then,
1. go back to #3's checkpoint
2. in do_recover_data, get_dnode_of_data() gets inode #4.
3. detect 100->106 in dnode #6.
4. check_index_in_prev_nodes tries to truncate 100 in dnode #6.
5. to trigger truncate_hole, get_dnode_of_data should grab inode #4.
6. detect *kernel hang*

This patch should resolve that bug.

Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>

diff --git a/fs/f2fs/recovery.c b/fs/f2fs/recovery.c
index 6c5a74a45f338c141751f662dd57d7ce777e2f26..e587ee128e178000a71e07b9ad85cf049e7a08dd 100644 (file)
--- a/fs/f2fs/recovery.c
+++ b/fs/f2fs/recovery.c
@@ -279,16 +279,30 @@ got_it:
        ino = ino_of_node(node_page);
        f2fs_put_page(node_page, 1);
 
-       /* Deallocate previous index in the node page */
-       inode = f2fs_iget(sbi->sb, ino);
-       if (IS_ERR(inode))
-               return PTR_ERR(inode);
+       if (ino != dn->inode->i_ino) {
+               /* Deallocate previous index in the node page */
+               inode = f2fs_iget(sbi->sb, ino);
+               if (IS_ERR(inode))
+                       return PTR_ERR(inode);
+       } else {
+               inode = dn->inode;
+       }
 
        bidx = start_bidx_of_node(offset, F2FS_I(inode)) +
-                                       le16_to_cpu(sum.ofs_in_node);
+                       le16_to_cpu(sum.ofs_in_node);
 
-       truncate_hole(inode, bidx, bidx + 1);
-       iput(inode);
+       if (ino != dn->inode->i_ino) {
+               truncate_hole(inode, bidx, bidx + 1);
+               iput(inode);
+       } else {
+               struct dnode_of_data tdn;
+               set_new_dnode(&tdn, inode, dn->inode_page, NULL, 0);
+               if (get_dnode_of_data(&tdn, bidx, LOOKUP_NODE))
+                       return 0;
+               if (tdn.data_blkaddr != NULL_ADDR)
+                       truncate_data_blocks_range(&tdn, 1);
+               f2fs_put_page(tdn.node_page, 1);
+       }
        return 0;
 }