erofs: fix missing xas_retry() in fscache mode

[ Upstream commit 37020bbb71d911431e16c2c940b97cf86ae4f2f6 ]

The xarray iteration only holds the RCU read lock and thus may encounter
XA_RETRY_ENTRY if there's process modifying the xarray concurrently.
This will cause oops when referring to the invalid entry.

Fix this by adding the missing xas_retry(), which will make the
iteration wind back to the root node if XA_RETRY_ENTRY is encountered.

Fixes: d435d53228dd ("erofs: change to use asynchronous io for fscache readpage/readahead")
Suggested-by: David Howells <dhowells@redhat.com>
Reviewed-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Reviewed-by: Jia Zhu <zhujia.zj@bytedance.com>
Signed-off-by: Jingbo Xu <jefflexu@linux.alibaba.com>
Link: https://lore.kernel.org/r/20221114121943.29987-1-jefflexu@linux.alibaba.com
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/fs/erofs/fscache.c b/fs/erofs/fscache.c
index 79af25f0a56c4525f620680da511bf577ed3a9d7..46ab2b3f9a3c9db8b4560d1da57cd7f247486bb7 100644 (file)
--- a/fs/erofs/fscache.c
+++ b/fs/erofs/fscache.c
@@ -69,11 +69,15 @@ static void erofs_fscache_rreq_unlock_folios(struct netfs_io_request *rreq)
 
        rcu_read_lock();
        xas_for_each(&xas, folio, last_page) {
-               unsigned int pgpos =
-                       (folio_index(folio) - start_page) * PAGE_SIZE;
-               unsigned int pgend = pgpos + folio_size(folio);
+               unsigned int pgpos, pgend;
                bool pg_failed = false;
 
+               if (xas_retry(&xas, folio))
+                       continue;
+
+               pgpos = (folio_index(folio) - start_page) * PAGE_SIZE;
+               pgend = pgpos + folio_size(folio);
+
                for (;;) {
                        if (!subreq) {
                                pg_failed = true;