git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Joanne Koong <joannelkoong@gmail.com>
	Tue, 17 Mar 2026 20:39:35 +0000 (13:39 -0700)
committer	Christian Brauner <brauner@kernel.org>
	Wed, 18 Mar 2026 09:42:08 +0000 (10:42 +0100)
commit	bd71fb3fea9945987053968f028a948997cba8cc
tree	e22de7dfaa29fb278bbaf3f11e92a24c520114d5	tree \| snapshot
parent	c465f5591aa84a6f85d66d152e28b92844a45d4f	commit \| diff

iomap: fix invalid folio access when i_blkbits differs from I/O granularity

Commit aa35dd5cbc06 ("iomap: fix invalid folio access after
folio_end_read()") partially addressed invalid folio access for folios
without an ifs attached, but it did not handle the case where
1 << inode->i_blkbits matches the folio size but is different from the
granularity used for the IO, which means IO can be submitted for less
than the full folio for the !ifs case.

In this case, the condition:

if (*bytes_submitted == folio_len)
ctx->cur_folio = NULL;

in iomap_read_folio_iter() will not invalidate ctx->cur_folio, and
iomap_read_end() will still be called on the folio even though the IO
helper owns it and will finish the read on it.

Fix this by unconditionally invalidating ctx->cur_folio for the !ifs
case.

Reported-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Tested-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Link: https://lore.kernel.org/linux-fsdevel/b3dfe271-4e3d-4922-b618-e73731242bca@wdc.com/
Fixes: b2f35ac4146d ("iomap: add caller-provided callbacks for read and readahead")
Cc: stable@vger.kernel.org
Signed-off-by: Joanne Koong <joannelkoong@gmail.com>
Link: https://patch.msgid.link/20260317203935.830549-1-joannelkoong@gmail.com
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Christian Brauner <brauner@kernel.org>