folio can't be NULL here now that __filemap_get_folio returns an
ERR_PTR. Remove the conditional folio_put after the out_retry
label and add a new label for the cases where we have a valid folio.
Fixes: 66dabbb65d67 ("mm: return an ERR_PTR from __filemap_get_folio")
Reported-by: syzbot+48011b86c8ea329af1b9@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Christoph Hellwig <hch@xxxxxx>
---
mm/filemap.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/mm/filemap.c b/mm/filemap.c
index a34abfe8c65430..ae597f63a9bc54 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -3298,7 +3298,7 @@ vm_fault_t filemap_fault(struct vm_fault *vmf)
}
if (!lock_folio_maybe_drop_mmap(vmf, folio, &fpin))
- goto out_retry;
+ goto out_retry_put_folio;
/* Did it get truncated? */
if (unlikely(folio->mapping != mapping)) {
@@ -3334,7 +3334,7 @@ vm_fault_t filemap_fault(struct vm_fault *vmf)
*/
if (fpin) {
folio_unlock(folio);
- goto out_retry;
+ goto out_retry_put_folio;
}
if (mapping_locked)
filemap_invalidate_unlock_shared(mapping);
@@ -3363,7 +3363,7 @@ vm_fault_t filemap_fault(struct vm_fault *vmf)
fpin = maybe_unlock_mmap_for_io(vmf, fpin);
error = filemap_read_folio(file, mapping->a_ops->read_folio, folio);
if (fpin)
- goto out_retry;
+ goto out_retry_put_folio;
folio_put(folio);
if (!error || error == AOP_TRUNCATED_PAGE)
@@ -3372,14 +3372,14 @@ vm_fault_t filemap_fault(struct vm_fault *vmf)
return VM_FAULT_SIGBUS;
+out_retry_put_folio:
+ folio_put(folio);
out_retry:
/*
* We dropped the mmap_lock, we need to return to the fault handler to
* re-find the vma and come back and find our hopefully still populated
* page.
*/
- if (folio)
- folio_put(folio);
if (mapping_locked)
filemap_invalidate_unlock_shared(mapping);
if (fpin)
--
2.39.2
