fuse: release pipe buf after last use

ANBZ: torvalds#208 commit 4734417 upstream. Checking buf->flags should be done before the pipe_buf_release() is called on the pipe buffer, since releasing the buffer might modify the flags. This is exactly what page_cache_pipe_buf_release() does, and which results in the same VM_BUG_ON_PAGE(PageLRU(page)) that the original patch was trying to fix. Reported-by: Justin Forbes <[email protected]> Fixes: 712a951 ("fuse: fix page stealing") Cc: <[email protected]> # v2.6.35 Signed-off-by: Miklos Szeredi <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> Signed-off-by: Hongnan Li <[email protected]> Reviewed-by: Joseph Qi <[email protected]>
gatieme · Dec 27, 2021 · af269cf · af269cf
1 parent ebf104f
commit af269cf
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
@@ -931,17 +931,17 @@ static int fuse_try_move_page(struct fuse_copy_state *cs, struct page **pagep)
 		goto out_put_old;
 	}
 
+	get_page(newpage);
+
+	if (!(buf->flags & PIPE_BUF_FLAG_LRU))
+		lru_cache_add(newpage);
+
 	/*
 	 * Release while we have extra ref on stolen page.  Otherwise
 	 * anon_pipe_buf_release() might think the page can be reused.
 	 */
 	pipe_buf_release(cs->pipe, buf);
 
-	get_page(newpage);
-
-	if (!(buf->flags & PIPE_BUF_FLAG_LRU))
-		lru_cache_add(newpage);
-
 	err = 0;
 	spin_lock(&cs->req->waitq.lock);
 	if (test_bit(FR_ABORTED, &cs->req->flags))