In memfd_luo_retrieve_folios(), when shmem_inode_acct_blocks() fails
after successfully adding the folio to the page cache, the code jumps
to unlock_folio without removing the folio from the page cache.
While the folio eventually will be freed when the file is released by
memfd_luo_retrieve(), it is a good idea to directly remove a folio that
was not fully added to the file. This avoids the possibility of
accounting mismatches in shmem or filemap core.
Fix by adding a remove_from_cache label that calls
filemap_remove_folio() before unlocking, matching the error handling
pattern in shmem_alloc_and_add_folio().
This issue was identified by AI review:
https://sashiko.dev/#/patchset/
20260323110747.193569-1-duanchenghao@kylinos.cn
[pratyush@kernel.org: changelog alterations]
Link: https://lore.kernel.org/2vxzzf3lfujq.fsf@kernel.org
Link: https://lore.kernel.org/20260326084727.118437-7-duanchenghao@kylinos.cn
Signed-off-by: Chenghao Duan <duanchenghao@kylinos.cn>
Reviewed-by: Pasha Tatashin <pasha.tatashin@soleen.com>
Reviewed-by: Pratyush Yadav <pratyush@kernel.org>
Cc: Haoran Jiang <jianghaoran@kylinos.cn>
Cc: Mike Rapoport (Microsoft) <rppt@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
if (err) {
pr_err("shmem: failed to account folio index %ld(%ld pages): %d\n",
i, npages, err);
- goto unlock_folio;
+ goto remove_from_cache;
}
nr_added_pages += npages;
return 0;
+remove_from_cache:
+ filemap_remove_folio(folio);
unlock_folio:
folio_unlock(folio);
folio_put(folio);
projects / thirdparty / kernel / linux.git / commitdiff
