[PATCH] netfs: add missing folio_end_private_2() to netfs_pgpriv2_copy_folio()

Next message: Suzuki K Poulose: "Re: [PATCH v13 31/48] KVM: arm64: WARN on injected undef exceptions"
Previous message: Hannes Reinecke: "Re: [PATCH v4 10/15] nvme-tcp: Use CCR to recover controller that hits an error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Max Kellermann

Date: Mon Mar 30 2026 - 07:04:41 EST

This deprecated PG_private_2 copy-to-cache path can leak folio private
state on rolling-buffer allocation failure.

netfs_pgpriv2_copy_to_cache() sets PG_private_2 first, then
netfs_pgpriv2_copy_folio() tries to append the folio to the tracking
buffer. If that append fails, it just returns without calling
folio_end_private_2(). The folio is then no longer tracked for copy
completion, but later invalidate/release paths still block on that bit
in netfs_invalidate_folio() and netfs_release_folio(), so the folio
can become permanently stuck/unreclaimable.

Fixes: ee4cdf7ba857 ("netfs: Speed up buffered reading")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Max Kellermann <max.kellermann@xxxxxxxxx>
---
fs/netfs/read_pgpriv2.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/fs/netfs/read_pgpriv2.c b/fs/netfs/read_pgpriv2.c
index a1489aa29f78..ab73fa62378b 100644
--- a/fs/netfs/read_pgpriv2.c
+++ b/fs/netfs/read_pgpriv2.c
@@ -55,6 +55,7 @@ static void netfs_pgpriv2_copy_folio(struct netfs_io_request *creq, struct folio
/* Attach the folio to the rolling buffer. */
if (rolling_buffer_append(&creq->buffer, folio, 0) < 0) {
clear_bit(NETFS_RREQ_FOLIO_COPY_TO_CACHE, &creq->flags);
+ folio_end_private_2(folio);
return;
}

--
2.47.3