Patch "shmem: update folio if shmem_replace_page() updates the page" has been added to the 5.19-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Mon, 29 Aug 2022 09:49:10 +0200

This is a note to let you know that I've just added the patch titled

    shmem: update folio if shmem_replace_page() updates the page

to the 5.19-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     shmem-update-folio-if-shmem_replace_page-updates-the-page.patch
and it can be found in the queue-5.19 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 9dfb3b8d655022760ca68af11821f1c63aa547c3 Mon Sep 17 00:00:00 2001
From: "Matthew Wilcox (Oracle)" <willy@xxxxxxxxxxxxx>
Date: Sat, 30 Jul 2022 05:25:18 +0100
Subject: shmem: update folio if shmem_replace_page() updates the page

From: Matthew Wilcox (Oracle) <willy@xxxxxxxxxxxxx>

commit 9dfb3b8d655022760ca68af11821f1c63aa547c3 upstream.

If we allocate a new page, we need to make sure that our folio matches
that new page.

If we do end up in this code path, we store the wrong page in the shmem
inode's page cache, and I would rather imagine that data corruption
ensues.

This will be solved by changing shmem_replace_page() to
shmem_replace_folio(), but this is the minimal fix.

Link: https://lkml.kernel.org/r/20220730042518.1264767-1-willy@xxxxxxxxxxxxx
Fixes: da08e9b79323 ("mm/shmem: convert shmem_swapin_page() to shmem_swapin_folio()")
Signed-off-by: Matthew Wilcox (Oracle) <willy@xxxxxxxxxxxxx>
Reviewed-by: William Kucharski <william.kucharski@xxxxxxxxxx>
Cc: Hugh Dickins <hughd@xxxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 mm/shmem.c |    1 +
 1 file changed, 1 insertion(+)

--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -1771,6 +1771,7 @@ static int shmem_swapin_folio(struct ino
 
 	if (shmem_should_replace_folio(folio, gfp)) {
 		error = shmem_replace_page(&page, gfp, info, index);
+		folio = page_folio(page);
 		if (error)
 			goto failed;
 	}


Patches currently in stable-queue which might be from willy@xxxxxxxxxxxxx are

queue-5.19/mm-gup-fix-foll_force-cow-security-issue-and-remove-foll_cow.patch
queue-5.19/shmem-update-folio-if-shmem_replace_page-updates-the-page.patch
queue-5.19/loop-check-for-overflow-while-configuring-loop.patch
queue-5.19/bootmem-remove-the-vmemmap-pages-from-kmemleak-in-put_page_bootmem.patch






