| Message ID | c879a52b-835c-4fa0-902b-8b2e9196dcbd@oracle.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | v2 [PATCH] ocfs2: fix panic in failed foilio allocation | expand |
On Fri, Apr 11, 2025 at 11:31:24AM -0500, Mark Tinguely wrote: > In the page to order 0 folio conversion series, the commit > 7e119cff9d0a, "ocfs2: convert w_pages to w_folios" and > commit 9a5e08652dc4b, "ocfs2: use an array of folios > instead of an array of pages", saves -ENOMEM in the > folio array upon allocation failure and calls the folio > array free code. The folio array free code expects either > valid folio pointers or NULL. Finding the -ENOMEM will > result in a panic. Fix by NULLing the error folio entry. > > Signed-off-by: Mark Tinguely <mark.tinguely@oracle.com> > Cc: stable@vger.kernel.org > Cc: Changwei Ge <gechangwei@live.cn> > Cc: Joel Becker <jlbec@evilplan.org> > Cc: Junxiao Bi <junxiao.bi@oracle.com> > Cc: Mark Fasheh <mark@fasheh.com> > Cc: Matthew Wilcox <willy@infradead.org> Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org>
On 2025/4/12 00:31, Mark Tinguely wrote: > In the page to order 0 folio conversion series, the commit > 7e119cff9d0a, "ocfs2: convert w_pages to w_folios" and > commit 9a5e08652dc4b, "ocfs2: use an array of folios > instead of an array of pages", saves -ENOMEM in the > folio array upon allocation failure and calls the folio > array free code. The folio array free code expects either > valid folio pointers or NULL. Finding the -ENOMEM will > result in a panic. Fix by NULLing the error folio entry. > > Signed-off-by: Mark Tinguely <mark.tinguely@oracle.com> Fixes: 7e119cff9d0a ("ocfs2: convert w_pages to w_folios") Fixes: 9a5e08652dc4b ("ocfs2: use an array of folios instead of an array of pages") Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com> > Cc: stable@vger.kernel.org > Cc: Changwei Ge <gechangwei@live.cn> > Cc: Joel Becker <jlbec@evilplan.org> > Cc: Junxiao Bi <junxiao.bi@oracle.com> > Cc: Mark Fasheh <mark@fasheh.com> > Cc: Matthew Wilcox <willy@infradead.org> > --- > v2: sorry, ocfs2_grab_folios() needs the same change. > the other callers do not need the change. > --- > fs/ocfs2/alloc.c | 1 + > fs/ocfs2/aops.c | 1 + > 2 files changed, 2 insertions(+) > > diff --git a/fs/ocfs2/alloc.c b/fs/ocfs2/alloc.c > index b8ac85b548c7..821cb7874685 100644 > --- a/fs/ocfs2/alloc.c > +++ b/fs/ocfs2/alloc.c > @@ -6918,6 +6918,7 @@ static int ocfs2_grab_folios(struct inode *inode, loff_t start, loff_t end, > if (IS_ERR(folios[numfolios])) { > ret = PTR_ERR(folios[numfolios]); > mlog_errno(ret); > + folios[numfolios] = NULL; > goto out; > } > diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c > index 40b6bce12951..89aadc6cdd87 100644 > --- a/fs/ocfs2/aops.c > +++ b/fs/ocfs2/aops.c > @@ -1071,6 +1071,7 @@ static int ocfs2_grab_folios_for_write(struct address_space *mapping, > if (IS_ERR(wc->w_folios[i])) { > ret = PTR_ERR(wc->w_folios[i]); > mlog_errno(ret); > + wc->w_folios[i] = NULL; > goto out; > } > }
diff --git a/fs/ocfs2/alloc.c b/fs/ocfs2/alloc.c index b8ac85b548c7..821cb7874685 100644 --- a/fs/ocfs2/alloc.c +++ b/fs/ocfs2/alloc.c @@ -6918,6 +6918,7 @@ static int ocfs2_grab_folios(struct inode *inode, loff_t start, loff_t end, if (IS_ERR(folios[numfolios])) { ret = PTR_ERR(folios[numfolios]); mlog_errno(ret); + folios[numfolios] = NULL; goto out; } diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c index 40b6bce12951..89aadc6cdd87 100644 --- a/fs/ocfs2/aops.c +++ b/fs/ocfs2/aops.c @@ -1071,6 +1071,7 @@ static int ocfs2_grab_folios_for_write(struct address_space *mapping, if (IS_ERR(wc->w_folios[i])) { ret = PTR_ERR(wc->w_folios[i]); mlog_errno(ret); + wc->w_folios[i] = NULL; goto out; }
In the page to order 0 folio conversion series, the commit 7e119cff9d0a, "ocfs2: convert w_pages to w_folios" and commit 9a5e08652dc4b, "ocfs2: use an array of folios instead of an array of pages", saves -ENOMEM in the folio array upon allocation failure and calls the folio array free code. The folio array free code expects either valid folio pointers or NULL. Finding the -ENOMEM will result in a panic. Fix by NULLing the error folio entry. Signed-off-by: Mark Tinguely <mark.tinguely@oracle.com> Cc: stable@vger.kernel.org Cc: Changwei Ge <gechangwei@live.cn> Cc: Joel Becker <jlbec@evilplan.org> Cc: Junxiao Bi <junxiao.bi@oracle.com> Cc: Mark Fasheh <mark@fasheh.com> Cc: Matthew Wilcox <willy@infradead.org> --- v2: sorry, ocfs2_grab_folios() needs the same change. the other callers do not need the change. --- fs/ocfs2/alloc.c | 1 + fs/ocfs2/aops.c | 1 + 2 files changed, 2 insertions(+) }