From: Matthew Wilcox (Oracle) willy@infradead.org
commit 9dfb3b8d655022760ca68af11821f1c63aa547c3 upstream.
If we allocate a new page, we need to make sure that our folio matches that new page.
If we do end up in this code path, we store the wrong page in the shmem inode's page cache, and I would rather imagine that data corruption ensues.
This will be solved by changing shmem_replace_page() to shmem_replace_folio(), but this is the minimal fix.
Link: https://lkml.kernel.org/r/20220730042518.1264767-1-willy@infradead.org Fixes: da08e9b79323 ("mm/shmem: convert shmem_swapin_page() to shmem_swapin_folio()") Signed-off-by: Matthew Wilcox (Oracle) willy@infradead.org Reviewed-by: William Kucharski william.kucharski@oracle.com Cc: Hugh Dickins hughd@google.com Cc: stable@vger.kernel.org Signed-off-by: Andrew Morton akpm@linux-foundation.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- mm/shmem.c | 1 + 1 file changed, 1 insertion(+)
--- a/mm/shmem.c +++ b/mm/shmem.c @@ -1771,6 +1771,7 @@ static int shmem_swapin_folio(struct ino
if (shmem_should_replace_folio(folio, gfp)) { error = shmem_replace_page(&page, gfp, info, index); + folio = page_folio(page); if (error) goto failed; }