This is a note to let you know that I've just added the patch titled cifs: Release folio lock on fscache read hit. to the 6.1-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: cifs-release-folio-lock-on-fscache-read-hit.patch and it can be found in the queue-6.1 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 69513dd669e243928f7450893190915a88f84a2b Mon Sep 17 00:00:00 2001 From: Russell Harmon via samba-technical <samba-technical@xxxxxxxxxxxxxxx> Date: Thu, 10 Aug 2023 00:19:22 -0700 Subject: cifs: Release folio lock on fscache read hit. From: Russell Harmon via samba-technical <samba-technical@xxxxxxxxxxxxxxx> commit 69513dd669e243928f7450893190915a88f84a2b upstream. Under the current code, when cifs_readpage_worker is called, the call contract is that the callee should unlock the page. This is documented in the read_folio section of Documentation/filesystems/vfs.rst as: > The filesystem should unlock the folio once the read has completed, > whether it was successful or not. Without this change, when fscache is in use and cache hit occurs during a read, the page lock is leaked, producing the following stack on subsequent reads (via mmap) to the page: $ cat /proc/3890/task/12864/stack [<0>] folio_wait_bit_common+0x124/0x350 [<0>] filemap_read_folio+0xad/0xf0 [<0>] filemap_fault+0x8b1/0xab0 [<0>] __do_fault+0x39/0x150 [<0>] do_fault+0x25c/0x3e0 [<0>] __handle_mm_fault+0x6ca/0xc70 [<0>] handle_mm_fault+0xe9/0x350 [<0>] do_user_addr_fault+0x225/0x6c0 [<0>] exc_page_fault+0x84/0x1b0 [<0>] asm_exc_page_fault+0x27/0x30 This requires a reboot to resolve; it is a deadlock. Note however that the call to cifs_readpage_from_fscache does mark the page clean, but does not free the folio lock. This happens in __cifs_readpage_from_fscache on success. Releasing the lock at that point however is not appropriate as cifs_readahead also calls cifs_readpage_from_fscache and *does* unconditionally release the lock after its return. This change therefore effectively makes cifs_readpage_worker work like cifs_readahead. Signed-off-by: Russell Harmon <russ@xxxxxx> Acked-by: Paulo Alcantara (SUSE) <pc@xxxxxxxxxxxxx> Reviewed-by: David Howells <dhowells@xxxxxxxxxx> Cc: stable@xxxxxxxxxxxxxxx Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/smb/client/file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/smb/client/file.c +++ b/fs/smb/client/file.c @@ -4885,9 +4885,9 @@ static int cifs_readpage_worker(struct f io_error: kunmap(page); - unlock_page(page); read_complete: + unlock_page(page); return rc; } Patches currently in stable-queue which might be from samba-technical@xxxxxxxxxxxxxxx are queue-6.1/cifs-release-folio-lock-on-fscache-read-hit.patch