Flush lru cache to avoid folio->mapping uaf in case of inode teardown. Reported-and-tested-by: syzbot+d79afb004be235636ee8@xxxxxxxxxxxxxxxxxxxxxxxxx Signed-off-by: Hillf Danton <hdanton@xxxxxxxx> --- Post for comments because lru_add_drain_all() is too haevy a hammer. --- x/mm/truncate.c +++ y/mm/truncate.c @@ -419,6 +419,9 @@ void truncate_inode_pages_range(struct a truncate_folio_batch_exceptionals(mapping, &fbatch, indices); folio_batch_release(&fbatch); } + + if (mapping_exiting(mapping)) + lru_add_drain_all(); } EXPORT_SYMBOL(truncate_inode_pages_range); --
