Re: [PATCH v3 6/7] mm/memfd_luo: remove folio from page cache when accounting fails
From: Pasha Tatashin
Date: Wed Apr 01 2026 - 21:34:38 EST
On Thu, Mar 26, 2026 at 4:48 AM Chenghao Duan <duanchenghao@xxxxxxxxxx> wrote:
>
> In memfd_luo_retrieve_folios(), when shmem_inode_acct_blocks() fails
> after successfully adding the folio to the page cache, the code jumps
> to unlock_folio without removing the folio from the page cache.
>
> This leaves the folio permanently abandoned in the page cache:
> - The folio was added via shmem_add_to_page_cache() which set up
> mapping, index, and incremented nrpages/shmem stats.
> - folio_unlock() and folio_put() do not remove it from the cache.
> - folio_add_lru() was never called, so it cannot be reclaimed.
>
> Fix by adding a remove_from_cache label that calls filemap_remove_folio()
> before unlocking, matching the error handling pattern in
> shmem_alloc_and_add_folio().
>
> This issue was identified by the AI review.
> https://sashiko.dev/#/patchset/20260323110747.193569-1-duanchenghao@xxxxxxxxxx
>
> Signed-off-by: Chenghao Duan <duanchenghao@xxxxxxxxxx>
> ---
> mm/memfd_luo.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/mm/memfd_luo.c b/mm/memfd_luo.c
> index b4cea3670689..f8e8f99b1848 100644
> --- a/mm/memfd_luo.c
> +++ b/mm/memfd_luo.c
> @@ -446,7 +446,7 @@ static int memfd_luo_retrieve_folios(struct file *file,
> if (err) {
> pr_err("shmem: failed to account folio index %ld(%ld pages): %d\n",
> i, npages, err);
> - goto unlock_folio;
> + goto remove_from_cache;
> }
>
> nr_added_pages += npages;
> @@ -459,6 +459,8 @@ static int memfd_luo_retrieve_folios(struct file *file,
>
> return 0;
>
> +remove_from_cache:
> + filemap_remove_folio(folio);
> unlock_folio:
Reviewed-by: Pasha Tatashin <pasha.tatashin@xxxxxxxxxx>
Thanks,
Pasha