From: Chenghao Duan Date: Thu, 26 Mar 2026 08:47:26 +0000 (+0800) Subject: mm/memfd_luo: remove folio from page cache when accounting fails X-Git-Url: http://git.ipfire.org/index.cgi?a=commitdiff_plain;h=dc44f32fde25c401da6c4746c389ec552ddbc30f;p=thirdparty%2Fkernel%2Flinux.git mm/memfd_luo: remove folio from page cache when accounting fails In memfd_luo_retrieve_folios(), when shmem_inode_acct_blocks() fails after successfully adding the folio to the page cache, the code jumps to unlock_folio without removing the folio from the page cache. While the folio eventually will be freed when the file is released by memfd_luo_retrieve(), it is a good idea to directly remove a folio that was not fully added to the file. This avoids the possibility of accounting mismatches in shmem or filemap core. Fix by adding a remove_from_cache label that calls filemap_remove_folio() before unlocking, matching the error handling pattern in shmem_alloc_and_add_folio(). This issue was identified by AI review: https://sashiko.dev/#/patchset/20260323110747.193569-1-duanchenghao@kylinos.cn [pratyush@kernel.org: changelog alterations] Link: https://lore.kernel.org/2vxzzf3lfujq.fsf@kernel.org Link: https://lore.kernel.org/20260326084727.118437-7-duanchenghao@kylinos.cn Signed-off-by: Chenghao Duan Reviewed-by: Pasha Tatashin Reviewed-by: Pratyush Yadav Cc: Haoran Jiang Cc: Mike Rapoport (Microsoft) Signed-off-by: Andrew Morton --- diff --git a/mm/memfd_luo.c b/mm/memfd_luo.c index eb611527dedd..b02b503c750d 100644 --- a/mm/memfd_luo.c +++ b/mm/memfd_luo.c @@ -461,7 +461,7 @@ static int memfd_luo_retrieve_folios(struct file *file, if (err) { pr_err("shmem: failed to account folio index %ld(%ld pages): %d\n", i, npages, err); - goto unlock_folio; + goto remove_from_cache; } nr_added_pages += npages; @@ -474,6 +474,8 @@ static int memfd_luo_retrieve_folios(struct file *file, return 0; +remove_from_cache: + filemap_remove_folio(folio); unlock_folio: folio_unlock(folio); folio_put(folio);