diff mbox series

[4.19,60/69] fuse: release pipe buf after last use

Message ID	20211129181705.603467667@linuxfoundation.org
State	Superseded
Headers	show Return-Path: <stable-owner@kernel.org> From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, stable@vger.kernel.org, Justin Forbes <jmforbes@linuxtx.org>, Miklos Szeredi <mszeredi@redhat.com> Subject: [PATCH 4.19 60/69] fuse: release pipe buf after last use Date: Mon, 29 Nov 2021 19:18:42 +0100 Message-Id: <20211129181705.603467667@linuxfoundation.org> In-Reply-To: <20211129181703.670197996@linuxfoundation.org> References: <20211129181703.670197996@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	None \| expand [4.19,02/69] USB: serial: option: add Fibocom FM101-GL variants [4.19,03/69] usb: dwc2: hcd_queue: Fix use of floating point literal [4.19,05/69] usb: hub: Fix locking issues with address0_mutex [4.19,07/69] ALSA: ctxfi: Fix out-of-range access [4.19,10/69] staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() [4.19,11/69] fuse: fix page stealing [4.19,12/69] xen: dont continue xenstore initialization in case of errors [4.19,13/69] xen: detect uninitialized xenbus in xenbus_init [4.19,14/69] tracing: Fix pid filtering when triggers are attached [4.19,15/69] xtensa: use CONFIG_USE_OF instead of CONFIG_OF [4.19,18/69] PCI: aardvark: Wait for endpoint to be ready before training link [4.19,19/69] PCI: aardvark: Train link immediately after enabling training [4.19,20/69] PCI: aardvark: Improve link training [4.19,25/69] PCI: aardvark: Fix compilation on s390 [4.19,28/69] PCI: aardvark: Configure PCIe resources from ranges DT property [4.19,29/69] PCI: aardvark: Fix PCIe Max Payload Size setting [4.19,31/69] PCI: aardvark: Fix checking for link up via LTSSM state [4.19,33/69] pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup [4.19,35/69] arm64: dts: marvell: armada-37xx: declare PCIe reset pin [4.19,38/69] ARM: dts: BCM5301X: Fix I2C controller interrupt [4.19,39/69] ARM: dts: BCM5301X: Add interrupt properties to GPIO node [4.19,43/69] firmware: arm_scmi: pm: Propagate return value to caller [4.19,46/69] scsi: mpt3sas: Fix kernel panic during drive powercycle test [4.19,47/69] drm/vc4: fix error code in vc4_create_object() [4.19,48/69] ipv6: fix typos in __ip6_finish_output() [4.19,49/69] net/smc: Ensure the active closing peer first closes clcsock [4.19,52/69] MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 [4.19,53/69] net/smc: Dont call clcsock shutdown twice when smc shutdown [4.19,54/69] net: hns3: fix VF RSS failed problem after PF enable multi-TCs [4.19,55/69] vhost/vsock: fix incorrect used length reported to the guest [4.19,57/69] s390/mm: validate VMA in PGSTE manipulation functions [4.19,58/69] hugetlbfs: flush TLBs correctly after huge_pmd_unshare [4.19,60/69] fuse: release pipe buf after last use [4.19,61/69] xen: sync include/xen/interface/io/ring.h with Xens newest version [4.19,62/69] xen/blkfront: read response from backend only once [4.19,63/69] xen/blkfront: dont take local copy of a request from the ring page [4.19,65/69] xen/netfront: read response from backend only once [4.19,66/69] xen/netfront: dont read data from request on the ring page [4.19,67/69] xen/netfront: disentangle tx_skb_freelist

Commit Message

Greg KH Nov. 29, 2021, 6:18 p.m. UTC

From: Miklos Szeredi <mszeredi@redhat.com>

commit 473441720c8616dfaf4451f9c7ea14f0eb5e5d65 upstream.

Checking buf->flags should be done before the pipe_buf_release() is called
on the pipe buffer, since releasing the buffer might modify the flags.

This is exactly what page_cache_pipe_buf_release() does, and which results
in the same VM_BUG_ON_PAGE(PageLRU(page)) that the original patch was
trying to fix.

Reported-by: Justin Forbes <jmforbes@linuxtx.org>
Fixes: 712a951025c0 ("fuse: fix page stealing")
Cc: <stable@vger.kernel.org> # v2.6.35
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/fuse/dev.c |   10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff mbox series

Patch

--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -905,17 +905,17 @@  static int fuse_try_move_page(struct fus
 		goto out_put_old;
 	}
 
+	get_page(newpage);
+
+	if (!(buf->flags & PIPE_BUF_FLAG_LRU))
+		lru_cache_add_file(newpage);
+
 	/*
 	 * Release while we have extra ref on stolen page.  Otherwise
 	 * anon_pipe_buf_release() might think the page can be reused.
 	 */
 	pipe_buf_release(cs->pipe, buf);
 
-	get_page(newpage);
-
-	if (!(buf->flags & PIPE_BUF_FLAG_LRU))
-		lru_cache_add_file(newpage);
-
 	err = 0;
 	spin_lock(&cs->req->waitq.lock);
 	if (test_bit(FR_ABORTED, &cs->req->flags))