On Thu, 21 Apr 2022 10:37:35 +0800, Xiaoguang Wang wrote:
> When tcmu_vma_fault() gets one page successfully, before the current
> context completes page fault procedure, find_free_blocks() may run in
> and call unmap_mapping_range() to unmap this page. Assume when
> find_free_blocks() completes its job firstly, previous page fault
> procedure starts to run again and completes, then one truncated page has
> beed mapped to use space, but note that tcmu_vma_fault() has gotten one
> refcount for this page, so any other subsystem won't use this page,
> unless later the use space addr is unmapped.
>
> [...]
Applied to 5.19/scsi-queue, thanks!
[1/1] scsi: target: tcmu: Fix possible data corruption
https://git.kernel.org/mkp/scsi/c/bb9b9eb0ae2e
--
Martin K. Petersen Oracle Linux Engineering
