| Message ID | 20230304193949.296391-3-sj@kernel.org (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | mm/damon/paddr: Fix folio-use-after-put bugs | expand |
On Sat, Mar 04, 2023 at 07:39:49PM +0000, SeongJae Park wrote: > damon_pa_mark_accessed_or_deactivate() is accessing a folio via > folio_nr_pages() after folio_put() for the folio has invoked. Fix it. > > Fixes: f70da5ee8fe1 ("mm/damon: convert damon_pa_mark_accessed_or_deactivate() to use folios") > Cc: <stable@vger.kernel.org> # 6.3.x > Signed-off-by: SeongJae Park <sj@kernel.org> Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org>
On 2023/3/5 3:39, SeongJae Park wrote: > damon_pa_mark_accessed_or_deactivate() is accessing a folio via > folio_nr_pages() after folio_put() for the folio has invoked. Fix it. > Reviewed-by: Kefeng Wang <wangkefeng.wang@huawei.com> > Fixes: f70da5ee8fe1 ("mm/damon: convert damon_pa_mark_accessed_or_deactivate() to use folios") > Cc: <stable@vger.kernel.org> # 6.3.x > Signed-off-by: SeongJae Park <sj@kernel.org> > --- > mm/damon/paddr.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/mm/damon/paddr.c b/mm/damon/paddr.c > index 10f159b315ea..0db724aec5cb 100644 > --- a/mm/damon/paddr.c > +++ b/mm/damon/paddr.c > @@ -277,8 +277,8 @@ static inline unsigned long damon_pa_mark_accessed_or_deactivate( > folio_mark_accessed(folio); > else > folio_deactivate(folio); > - folio_put(folio); > applied += folio_nr_pages(folio); > + folio_put(folio); > } > return applied * PAGE_SIZE; > }
diff --git a/mm/damon/paddr.c b/mm/damon/paddr.c index 10f159b315ea..0db724aec5cb 100644 --- a/mm/damon/paddr.c +++ b/mm/damon/paddr.c @@ -277,8 +277,8 @@ static inline unsigned long damon_pa_mark_accessed_or_deactivate( folio_mark_accessed(folio); else folio_deactivate(folio); - folio_put(folio); applied += folio_nr_pages(folio); + folio_put(folio); } return applied * PAGE_SIZE; }
damon_pa_mark_accessed_or_deactivate() is accessing a folio via folio_nr_pages() after folio_put() for the folio has invoked. Fix it. Fixes: f70da5ee8fe1 ("mm/damon: convert damon_pa_mark_accessed_or_deactivate() to use folios") Cc: <stable@vger.kernel.org> # 6.3.x Signed-off-by: SeongJae Park <sj@kernel.org> --- mm/damon/paddr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)