On Wed, 8 Feb 2023 22:07:33 +0000 Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote:
> On Mon, Feb 06, 2023 at 05:04:07PM -0800, Andrew Morton wrote:
> > +struct page *shmem_read_mapping_page_gfp(struct address_space *mapping,
> > + pgoff_t index, gfp_t gfp)
> > +{
> > + struct folio *folio = shmem_read_folio_gfp(mapping, index, gfp);
> > + struct page *page = folio_file_page(folio, index);
> > +
>
> Ugh, insufficiently cautious.
>
> This should have been
>
> struct folio *folio = shmem_read_folio_gfp(mapping, index, gfp);
> struct page *page;
>
> if (IS_ERR(folio))
> return &folio->page;
> page = folio_file_page(folio, index);
>
> Unfortunately I have to go out now, but that's the solution to the
> latest syzbot splat I saw. I'll do you a proper -fix patch later
> if you don't get to it first.
>
No probs, thanks.
(although that trick of doing &randomgarbagepointeroftypefoliostar->page
still makes my brain bleed)
From: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Subject: shmem-add-shmem_read_folio-and-shmem_read_folio_gfp-fix
Date: Wed Feb 8 07:54:45 PM PST 2023
fix shmem_read_mapping_page_gfp(), per Matthew
Link: https://lkml.kernel.org/r/Y+QdJTuzxeBYejw2@xxxxxxxxxxxxxxxxxxxx
Cc: Charan Teja Kalla <quic_charante@xxxxxxxxxxx>
Cc: David Rientjes <rientjes@xxxxxxxxxx>
Cc: Hugh Dickins <hughd@xxxxxxxxxx>
Cc: Mark Hemment <markhemm@xxxxxxxxxxxxxx>
Cc: "Matthew Wilcox (Oracle)" <willy@xxxxxxxxxxxxx>
Cc: Michal Hocko <mhocko@xxxxxxxx>
Cc: Pavankumar Kondeti <quic_pkondeti@xxxxxxxxxxx>
Cc: Shakeel Butt <shakeelb@xxxxxxxxxx>
Cc: Suren Baghdasaryan <surenb@xxxxxxxxxx>
Cc: Vlastimil Babka <vbabka@xxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
--- a/mm/shmem.c~shmem-add-shmem_read_folio-and-shmem_read_folio_gfp-fix
+++ a/mm/shmem.c
@@ -4354,8 +4354,12 @@ struct page *shmem_read_mapping_page_gfp
pgoff_t index, gfp_t gfp)
{
struct folio *folio = shmem_read_folio_gfp(mapping, index, gfp);
- struct page *page = folio_file_page(folio, index);
+ struct page *page;
+ if (IS_ERR(folio))
+ return &folio->page;
+
+ page = folio_file_page(folio, index);
if (PageHWPoison(page)) {
folio_put(folio);
return ERR_PTR(-EIO);
_
