Commit 80d2a63e authored Jun 27, 2024 by Yang Erkun

cifs: fix pagecache leak when do writepages

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IA8BHB


CVE: NA

--------------------------------

After commit f3dc1bdb6b0b("cifs: Fix writeback data corruption"), the
writepages for cifs will find all folio needed writepage with two phase.
The first folio will be found in cifs_writepages_begin, and the latter
various folios will be found in cifs_extend_writeback.

All those will first get folio, and for normal case, once we set page
writeback and after do really write, we should put the reference, folio
found in cifs_extend_writeback do this with folio_batch_release. But the
folio found in cifs_writepages_begin never get the chance do it. And
every writepages call, we will leak a folio(found this problem while do
xfstests over cifs, the latter show that we will leak about 600M+ every
we run generic/074).

echo 3 > /proc/sys/vm/drop_caches ; cat /proc/meminfo | grep file
Active(file):      34092 kB
Inactive(file):   176192 kB
./check generic/074 (smb v1)
...
generic/074 50s ...  53s
Ran: generic/074
Passed all 1 tests

echo 3 > /proc/sys/vm/drop_caches ; cat /proc/meminfo | grep file
Active(file):      35036 kB
Inactive(file):   854708 kB

Besides, the exist path seem never handle this folio correctly, fix it too
with this patch.

The problem does not exist in mainline since writepages path for cifs
has changed to netfs(3ee1a1fc3981 ("cifs: Cut over to using netfslib")).
It's had to backport all related change, so try fix this problem with this
single patch.

Fixes: f3dc1bdb6b0b ("cifs: Fix writeback data corruption")
Cc: stable@kernel.org # v6.6~6.9
Signed-off-by: Yang Erkun <yangerkun@huawei.com>

parent 6c45e911

fs/smb/client/file.c

+13 −3

Original line number	Diff line number	Diff line
		@@ -2856,17 +2856,21 @@ static ssize_t cifs_write_back_from_locked_folio(struct address_space *mapping,
		rc = cifs_get_writable_file(CIFS_I(inode), FIND_WR_ANY, &cfile);
		if (rc) {
		cifs_dbg(VFS, "No writable handle in writepages rc=%d\n", rc);
		folio_unlock(folio);
		goto err_xid;
		}

		rc = server->ops->wait_mtu_credits(server, cifs_sb->ctx->wsize,
		&wsize, credits);
		if (rc != 0)
		if (rc != 0) {
		folio_unlock(folio);
		goto err_close;
		}

		wdata = cifs_writedata_alloc(cifs_writev_complete);
		if (!wdata) {
		rc = -ENOMEM;
		folio_unlock(folio);
		goto err_uncredit;
		}

		@@ -3013,17 +3017,22 @@ static ssize_t cifs_writepages_begin(struct address_space *mapping,
		lock_again:
		if (wbc->sync_mode != WB_SYNC_NONE) {
		ret = folio_lock_killable(folio);
		if (ret < 0)
		if (ret < 0) {
		folio_put(folio);
		return ret;
		}
		} else {
		if (!folio_trylock(folio))
		if (!folio_trylock(folio)) {
		folio_put(folio);
		goto search_again;
		}
		}

		if (folio->mapping != mapping \|\|
		!folio_test_dirty(folio)) {
		start += folio_size(folio);
		folio_unlock(folio);
		folio_put(folio);
		goto search_again;
		}

		@@ -3053,6 +3062,7 @@ static ssize_t cifs_writepages_begin(struct address_space *mapping,
		out:
		if (ret > 0)
		*_start = start + ret;
		folio_put(folio);
		return ret;
		}