Commit 0fba7be1 authored by Boris Burkov's avatar Boris Burkov Committed by David Sterba
Browse files

btrfs: check folio mapping after unlock in put_file_data() 



When we call btrfs_read_folio() we get an unlocked folio, so it is possible
for a different thread to concurrently modify folio->mapping. We must
check that this hasn't happened once we do have the lock.

CC: stable@vger.kernel.org # 6.12+
Reviewed-by: default avatarQu Wenruo <wqu@suse.com>
Signed-off-by: default avatarBoris Burkov <boris@bur.io>
Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
parent 3e74859e

fs/btrfs/send.c

+6 −0
Original line number Diff line number Diff line
@@ -5280,6 +5280,7 @@ static int put_file_data(struct send_ctx *sctx, u64 offset, u32 len) 
		unsigned cur_len = min_t(unsigned, len,

					 PAGE_SIZE - pg_offset);



again:

		folio = filemap_lock_folio(mapping, index);

		if (IS_ERR(folio)) {

			page_cache_sync_readahead(mapping,
@@ -5312,6 +5313,11 @@ static int put_file_data(struct send_ctx *sctx, u64 offset, u32 len) 
				ret = -EIO;

				break;

			}

			if (folio->mapping != mapping) {

				folio_unlock(folio);

				folio_put(folio);

				goto again;

			}

		}



		memcpy_from_folio(sctx->send_buf + sctx->send_size, folio,