ANDROID: mm/filemap: Fix missing put_page() for speculative page fault

find_get_page() returns a page with increased refcount, assuming a page exists at the given index. Ensure this refcount is dropped on error. Bug: 271079833 Fixes: 59d4d125 ("BACKPORT: FROMLIST: mm: implement speculative handling in filemap_fault()") Change-Id: Idc7b9e3f11f32a02bed4c6f4e11cec9200a5c790 Signed-off-by: Patrick Daly <quic_pdaly@quicinc.com> (cherry picked from commit 6232eecfa7ca0d8d0ca088da6d0edb2c3a879ff9) Signed-off-by: Zhenhua Huang <quic_zhenhuah@quicinc.com> Git-commit: 1d05213028b6dbdb8801e20f29b6a6f91c216033 Git-repo: https://android.googlesource.com/kernel/common/ Signed-off-by: Srinivasarao Pathipati <quic_c_spathi@quicinc.com>
2022-10-10 19:25:27 -07:00 · 2022-10-10 19:25:27 -07:00 · 290d702383
commit 290d702383
parent ea5f9d7e7e
1 changed files with 7 additions and 2 deletions
--- a/mm/filemap.c
+++ b/mm/filemap.c
@ -2524,11 +2524,14 @@ vm_fault_t filemap_fault(struct vm_fault *vmf)

 	if (vmf->flags & FAULT_FLAG_SPECULATIVE) {
 		page = find_get_page(mapping, offset);
-		if (unlikely(!page) || unlikely(PageReadahead(page)))
+		if (unlikely(!page))
 			return VM_FAULT_RETRY;

+		if (unlikely(PageReadahead(page)))
+			goto page_put;
+
 		if (!trylock_page(page))
-			return VM_FAULT_RETRY;
+			goto page_put;

 		if (unlikely(compound_head(page)->mapping != mapping))
 			goto page_unlock;
@ -2560,6 +2563,8 @@ vm_fault_t filemap_fault(struct vm_fault *vmf)
 		return VM_FAULT_LOCKED;
 page_unlock:
 		unlock_page(page);
+page_put:
+		put_page(page);
 		return VM_FAULT_RETRY;
 	}