From: Jérôme Glisse <jglisse@xxxxxxxxxx>
Use put_user_page() when page reference was taken through GUP.
Signed-off-by: Jérôme Glisse <jglisse@xxxxxxxxxx>
Cc: linux-fsdevel@xxxxxxxxxxxxxxx
Cc: linux-block@xxxxxxxxxxxxxxx
Cc: linux-mm@xxxxxxxxx
Cc: John Hubbard <jhubbard@xxxxxxxxxx>
Cc: Jan Kara <jack@xxxxxxx>
Cc: Dan Williams <dan.j.williams@xxxxxxxxx>
Cc: Alexander Viro <viro@xxxxxxxxxxxxxxxxxx>
Cc: Johannes Thumshirn <jthumshirn@xxxxxxx>
Cc: Christoph Hellwig <hch@xxxxxx>
Cc: Jens Axboe <axboe@xxxxxxxxx>
Cc: Ming Lei <ming.lei@xxxxxxxxxx>
Cc: Dave Chinner <david@xxxxxxxxxxxxx>
Cc: Jason Gunthorpe <jgg@xxxxxxxx>
Cc: Matthew Wilcox <willy@xxxxxxxxxxxxx>
---
fs/splice.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/fs/splice.c b/fs/splice.c
index 4a0b522a0cb4..c9c350d37912 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -371,6 +371,7 @@ static ssize_t default_file_splice_read(struct file *in, loff_t *ppos,
unsigned int nr_pages;
size_t offset, base, copied = 0;
ssize_t res;
+ bool gup;
int i;
if (pipe->nrbufs == pipe->buffers)
@@ -383,7 +384,7 @@ static ssize_t default_file_splice_read(struct file *in, loff_t *ppos,
offset = *ppos & ~PAGE_MASK;
iov_iter_pipe(&to, READ, pipe, len + offset);
-
+ gup = iov_iter_get_pages_use_gup(&to);
res = iov_iter_get_pages_alloc(&to, &pages, len + offset, &base);
if (res <= 0)
return -ENOMEM;
@@ -419,8 +420,12 @@ static ssize_t default_file_splice_read(struct file *in, loff_t *ppos,
if (vec != __vec)
kfree(vec);
out:
- for (i = 0; i < nr_pages; i++)
- put_page(pages[i]);
+ for (i = 0; i < nr_pages; i++) {
+ if (gup)
+ put_user_page(pages[i]);
+ else
+ put_page(pages[i]);
+ }
kvfree(pages);
iov_iter_advance(&to, copied); /* truncates and discards */
return res;
--
2.20.1
