Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v7.0.10 2026-05-23T11:09:16+00:00 2026-05-23T11:09:16+00:00 Yongpeng Yang yangyongpeng@xiaomi.com 2026-04-10T15:05:39+00:00 urn:sha1:ea3ab43a1f3cf2c7cecd75c8be1ee99a5e94a92e [ Upstream commit 5909bedbed38c558bee7cb6758ceedf9bc3a9194 ] In f2fs_sbi_show(), the extension_list, extension_count and hot_ext_count are read without holding sbi->sb_lock. If a concurrent sysfs store modifies the extension list via f2fs_update_extension_list(), the show path may read inconsistent count and array contents, potentially leading to out-of-bounds access or displaying stale data. Fix this by holding sb_lock around the entire extension list read and format operation. Fixes: b6a06cbbb5f7 ("f2fs: support hot file extension") Signed-off-by: Yongpeng Yang <yangyongpeng@xiaomi.com> Reviewed-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2026-05-14T13:31:18+00:00 Guangshuo Li lgs201920130244@gmail.com 2026-04-10T12:47:26+00:00 urn:sha1:4976d9e57eb238c55f66357241b26b2dee880842 commit b635f2ecdb5ad34f9c967cabb704d6bed9382fd0 upstream. In f2fs_init_sysfs(), all failure paths after kset_register() jump to put_kobject, which unconditionally releases both f2fs_tune and f2fs_feat. If kobject_init_and_add(&f2fs_feat, ...) fails, f2fs_tune has not been initialized yet, so calling kobject_put(&f2fs_tune) is invalid. Fix this by splitting the unwind path so each error path only releases objects that were successfully initialized. Fixes: a907f3a68ee26ba4 ("f2fs: add a sysfs entry to reclaim POSIX_FADV_NOREUSE pages") Cc: stable@vger.kernel.org Signed-off-by: Guangshuo Li <lgs201920130244@gmail.com> Reviewed-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2026-02-10T20:53:21+00:00 Chao Yu chao@kernel.org 2026-02-04T03:05:01+00:00 urn:sha1:52190933c37a96164b271f3f30c16099d9eb8c09 This patch introduces /sys/fs/f2fs/<disk>/critical_task_priority, w/ this new sysfs interface, we can tune priority of f2fs_ckpt thread and f2fs_gc thread. Signed-off-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> 2026-01-31T03:24:39+00:00 Chao Yu chao@kernel.org 2026-01-30T13:28:08+00:00 urn:sha1:07de55cbf5762cb4a7e9e0db7aba5c10c8cfe079 If userspace thread has held f2fs rw semaphore, due to its low priority, it could be runnable or preempted state for long time, during the time, it will block high priority thread which is trying to grab the same rw semaphore, e.g. cp_rwsem, io_rwsem... To fix such issue, let's detect thread's priority when it tries to grab f2fs_rwsem lock, if the priority is lower than a priority threshold, let's uplift the priority before it enters into critical region of lock, and restore the priority after it leaves from critical region. Meanwhile, introducing two new sysfs nodes: - /sys/fs/f2fs/<disk>/adjust_lock_priority, it is used to control whether the functionality is enable or not. ========== ================== Flag_Value Flag_Description ========== ================== 0x00000000 Disabled (default) 0x00000001 cp_rwsem 0x00000002 node_change 0x00000004 node_write 0x00000008 gc_lock 0x00000010 cp_global 0x00000020 io_rwsem ========== ================== - /sys/fs/f2fs/<disk>/lock_duration_priority, it is used to control priority threshold. Signed-off-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> 2026-01-27T02:45:58+00:00 Chao Yu chao@kernel.org 2026-01-20T09:18:26+00:00 urn:sha1:252cf8c4d679fc40cdb934da6c5128e5943fec3f Commit d36de29f4bb5 ("f2fs: sysfs: introduce inject_lock_timeout") introduces a bug as below, fix it. cat /sys/fs/f2fs/vdx/inject_lock_timeout s/fs/f2fs/vdx/inject_lock_timeout: Invalid argument Signed-off-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> 2026-01-07T03:17:09+00:00 Chao Yu chao@kernel.org 2026-01-06T06:31:17+00:00 urn:sha1:0eda086de85e140f53c6123a4c00662f4e614ee4 Sysfs entry name is gc_pin_file_thresh instead of gc_pin_file_threshold, fix it. Cc: stable@kernel.org Fixes: c521a6ab4ad7 ("f2fs: fix to limit gc_pin_file_threshold") Signed-off-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> 2026-01-07T03:17:08+00:00 Yongpeng Yang yangyongpeng@xiaomi.com 2026-01-07T02:33:46+00:00 urn:sha1:98ea0039dbfdd00e5cc1b9a8afa40434476c0955 Some f2fs sysfs attributes suffer from out-of-bounds memory access and incorrect handling of integer values whose size is not 4 bytes. For example: vm:~# echo 65537 > /sys/fs/f2fs/vde/carve_out vm:~# cat /sys/fs/f2fs/vde/carve_out 65537 vm:~# echo 4294967297 > /sys/fs/f2fs/vde/atgc_age_threshold vm:~# cat /sys/fs/f2fs/vde/atgc_age_threshold 1 carve_out maps to {struct f2fs_sb_info}->carve_out, which is a 8-bit integer. However, the sysfs interface allows setting it to a value larger than 255, resulting in an out-of-range update. atgc_age_threshold maps to {struct atgc_management}->age_threshold, which is a 64-bit integer, but its sysfs interface cannot correctly set values larger than UINT_MAX. The root causes are: 1. __sbi_store() treats all default values as unsigned int, which prevents updating integers larger than 4 bytes and causes out-of-bounds writes for integers smaller than 4 bytes. 2. f2fs_sbi_show() also assumes all default values are unsigned int, leading to out-of-bounds reads and incorrect access to integers larger than 4 bytes. This patch introduces {struct f2fs_attr}->size to record the actual size of the integer associated with each sysfs attribute. With this information, sysfs read and write operations can correctly access and update values according to their real data size, avoiding memory corruption and truncation. Fixes: b59d0bae6ca3 ("f2fs: add sysfs support for controlling the gc_thread") Cc: stable@kernel.org Signed-off-by: Jinbao Liu <liujinbao1@xiaomi.com> Signed-off-by: Yongpeng Yang <yangyongpeng@xiaomi.com> Reviewed-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> 2026-01-07T03:17:08+00:00 Chao Yu chao@kernel.org 2026-01-04T02:07:29+00:00 urn:sha1:d36de29f4bb59b24e57ff22403baae6fc7e89bd8 This patch adds a new sysfs node in /sys/fs/f2fs/<disk>/inject_lock_timeout, it relies on CONFIG_F2FS_FAULT_INJECTION kernel config. It can be used to simulate different type of timeout in lock duration. ========== =============================== Flag_Value Flag_Description ========== =============================== 0x00000000 No timeout (default) 0x00000001 Simulate running time 0x00000002 Simulate IO type sleep time 0x00000003 Simulate Non-IO type sleep time 0x00000004 Simulate runnable time ========== =============================== Signed-off-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> 2026-01-07T03:17:06+00:00 Chao Yu chao@kernel.org 2026-01-04T02:07:17+00:00 urn:sha1:e4b75621fc439399b94c4265cb54d2bda1177397 This patch add a new sysfs node in /sys/fs/f2fs/<device>/max_lock_elapsed_time. This is a threshold, once a thread enters critical region that lock covers, total elapsed time exceeds this threshold, f2fs will print tracepoint to dump information of related context. This sysfs entry can be used to control the value of threshold, by default, the value is 500 ms. Signed-off-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org> 2025-12-04T02:00:04+00:00 Yongpeng Yang yangyongpeng@xiaomi.com 2025-11-10T08:22:22+00:00 urn:sha1:89732017890e8ce0826e18c743b71dc564d3a674 This patch adds a sysfs entry showing the max zones that F2FS can write concurrently. Signed-off-by: Yongpeng Yang <yangyongpeng@xiaomi.com> Reviewed-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>