On Wed 03-05-23 17:45:25, Christoph Hellwig wrote:
> folio can't be NULL here now that __filemap_get_folio returns an
> ERR_PTR. Remove the conditional folio_put after the out_retry
> label and add a new label for the cases where we have a valid folio.
>
> Fixes: 66dabbb65d67 ("mm: return an ERR_PTR from __filemap_get_folio")
> Reported-by: syzbot+48011b86c8ea329af1b9@xxxxxxxxxxxxxxxxxxxxxxxxx
> Signed-off-by: Christoph Hellwig <hch@xxxxxx>
Looks good to me. Feel free to add:
Reviewed-by: Jan Kara <jack@xxxxxxx>
Honza
> ---
> mm/filemap.c | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/mm/filemap.c b/mm/filemap.c
> index a34abfe8c65430..ae597f63a9bc54 100644
> --- a/mm/filemap.c
> +++ b/mm/filemap.c
> @@ -3298,7 +3298,7 @@ vm_fault_t filemap_fault(struct vm_fault *vmf)
> }
>
> if (!lock_folio_maybe_drop_mmap(vmf, folio, &fpin))
> - goto out_retry;
> + goto out_retry_put_folio;
>
> /* Did it get truncated? */
> if (unlikely(folio->mapping != mapping)) {
> @@ -3334,7 +3334,7 @@ vm_fault_t filemap_fault(struct vm_fault *vmf)
> */
> if (fpin) {
> folio_unlock(folio);
> - goto out_retry;
> + goto out_retry_put_folio;
> }
> if (mapping_locked)
> filemap_invalidate_unlock_shared(mapping);
> @@ -3363,7 +3363,7 @@ vm_fault_t filemap_fault(struct vm_fault *vmf)
> fpin = maybe_unlock_mmap_for_io(vmf, fpin);
> error = filemap_read_folio(file, mapping->a_ops->read_folio, folio);
> if (fpin)
> - goto out_retry;
> + goto out_retry_put_folio;
> folio_put(folio);
>
> if (!error || error == AOP_TRUNCATED_PAGE)
> @@ -3372,14 +3372,14 @@ vm_fault_t filemap_fault(struct vm_fault *vmf)
>
> return VM_FAULT_SIGBUS;
>
> +out_retry_put_folio:
> + folio_put(folio);
> out_retry:
> /*
> * We dropped the mmap_lock, we need to return to the fault handler to
> * re-find the vma and come back and find our hopefully still populated
> * page.
> */
> - if (folio)
> - folio_put(folio);
> if (mapping_locked)
> filemap_invalidate_unlock_shared(mapping);
> if (fpin)
> --
> 2.39.2
>
--
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR
