On Tue, Apr 30, 2019 at 12:09:32AM +0200, Andreas Gruenbacher wrote: > In iomap_write_end, we're not holding a page reference anymore when > calling the page_done callback, but the callback needs that reference to > access the page. To fix that, move the put_page call in > __generic_write_end into the callers of __generic_write_end. Then, in > iomap_write_end, put the page after calling the page_done callback. > > Reported-by: Jan Kara <jack@xxxxxxx> > Fixes: 63899c6f8851 ("iomap: add a page_done callback") > Signed-off-by: Andreas Gruenbacher <agruenba@xxxxxxxxxx> > Reviewed-by: Jan Kara <jack@xxxxxxx> > Reviewed-by: Christoph Hellwig <hch@xxxxxx> Looks ok, Reviewed-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx> --D > --- > fs/buffer.c | 2 +- > fs/iomap.c | 1 + > 2 files changed, 2 insertions(+), 1 deletion(-) > > diff --git a/fs/buffer.c b/fs/buffer.c > index e0d4c6a5e2d2..0faa41fb4c88 100644 > --- a/fs/buffer.c > +++ b/fs/buffer.c > @@ -2104,7 +2104,6 @@ void __generic_write_end(struct inode *inode, loff_t pos, unsigned copied, > } > > unlock_page(page); > - put_page(page); > > if (old_size < pos) > pagecache_isize_extended(inode, old_size, pos); > @@ -2160,6 +2159,7 @@ int generic_write_end(struct file *file, struct address_space *mapping, > { > copied = block_write_end(file, mapping, pos, len, copied, page, fsdata); > __generic_write_end(mapping->host, pos, copied, page); > + put_page(page); > return copied; > } > EXPORT_SYMBOL(generic_write_end); > diff --git a/fs/iomap.c b/fs/iomap.c > index f8c9722d1a97..62e3461704ce 100644 > --- a/fs/iomap.c > +++ b/fs/iomap.c > @@ -780,6 +780,7 @@ iomap_write_end(struct inode *inode, loff_t pos, unsigned len, > __generic_write_end(inode, pos, ret, page); > if (iomap->page_done) > iomap->page_done(inode, pos, copied, page, iomap); > + put_page(page); > > if (ret < len) > iomap_write_failed(inode, pos, len); > -- > 2.20.1 >