rds: mark snapshot pages dirty in rds_info_getsockopt()

rds_info_getsockopt() pins the destination user pages with FOLL_WRITE and
the RDS_INFO_* producers memcpy the snapshot into them through
kmap_atomic(). Because that copy goes through the kernel direct map, the
dirty bit on the user PTE is never set, so unpin_user_pages() releases the
pages without marking them dirty. A file-backed destination page can then
be reclaimed without writeback, silently discarding the copied data.

Use unpin_user_pages_dirty_lock() with make_dirty=true so the modified
pages are marked dirty before they are unpinned.

Fixes: a8c879a7ee98 ("RDS: Info and stats")
Signed-off-by: Breno Leitao <leitao@debian.org>
Reviewed-by: Allison Henderson <achender@kernel.org>
Link: https://patch.msgid.link/20260608-rds_fix-v1-1-006c88543408@debian.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/net/rds/info.c b/net/rds/info.c
index f1b29994934a0389a98fb9296ab4149c9a3b97fd..17061f6ff74e58c2cc35c6699aa182490a7fe0a6 100644 (file)
--- a/net/rds/info.c
+++ b/net/rds/info.c
@@ -235,7 +235,7 @@ call_func:
 
 out:
        if (pages)
-               unpin_user_pages(pages, nr_pages);
+               unpin_user_pages_dirty_lock(pages, nr_pages, true);
        kfree(pages);
 
        return ret;