From nobody Tue Dec 16 16:38:44 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D846F26FDBD for ; Thu, 11 Dec 2025 13:12:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765458777; cv=none; b=sWVsYXjV4ZZImTFKSwm4KkLj5N73pqiM57Un/1NYMl8AYUTkLoeO87VQNcS9JP1WWT4kNcqJpiFx1apToDIQM4eUAel1TnpSEwXymY2tBqiZQ7PDavWHlOdsvMKOdJXBCt1bdfe91TLS1caPtiWi1pLSD5rWPmW4GANh2d8d3ZE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765458777; c=relaxed/simple; bh=iQ9M488CihDtrJvUvwfieWujSKkq29mho/gA+joxi9E=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=QM7iIASf5pH7YsyYeMT3wtSzQNPaYB4n6nKyUCl1dA+ODhvv4XOg04proNGNB7ghd7WF6EH30R8w/76R4ZIliPS4QwQTvzjS0u08MlbsSz9wiygiRXB17lEUfwe5kwLzhapM9tOxafWgcW5TfDbhT+IbeMgWwc631b4iKp+hTxc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=cTpgnfS1; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b=b3tuZEpm; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="cTpgnfS1"; dkim=pass (2048-bit key) header.d=redhat.com header.i=@redhat.com header.b="b3tuZEpm" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1765458774; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kDFEc4fN1lJI19el6jFqqGDNA26jFoyWc0WKoX0DUKA=; b=cTpgnfS1m1OGqQU/nlKuUl34pF2JtO01GJHHsvl5T6kDMwseRBA06K+H6FeecxrJf2VVFl ZWqiTxRwMNL04EGXGMczgtqUDqrmYulY1gG1jnyPdM0sV54ClPWBJseTqXVoxQVXIIn3O1 pgUkRfpeeZTXwodoDhHCpfkSRcfbeHw= Received: from mail-pf1-f197.google.com (mail-pf1-f197.google.com [209.85.210.197]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-551-zLF73WUcM628NLjG5eI3pQ-1; Thu, 11 Dec 2025 08:12:53 -0500 X-MC-Unique: zLF73WUcM628NLjG5eI3pQ-1 X-Mimecast-MFC-AGG-ID: zLF73WUcM628NLjG5eI3pQ_1765458772 Received: by mail-pf1-f197.google.com with SMTP id d2e1a72fcca58-7b6b194cf71so54560b3a.3 for ; Thu, 11 Dec 2025 05:12:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=google; t=1765458772; x=1766063572; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kDFEc4fN1lJI19el6jFqqGDNA26jFoyWc0WKoX0DUKA=; b=b3tuZEpmKS+PgqW5qwlSDcgthr0ngHEYop5/z0ype9bgQV5SU+hCB8XBt0lObpckww OtLs0+rTOHQPw3lZUhho40IedQUIDybUybaCkO/GqzXTSLk3uyB9adPTMTSyFJxV43bV XfL311lPf41wrID8uwIhDCGNpl5TBOZcO1bogkHJhE40G4Cmris9yXEUCz9CvaSVvVmn pAdUKBxl4DadIpDxps5ttD1/NtdJ5Xaz2mtVTqk7g9YGZOQhiWBPnKhKolzEja0fYSaR GZ7bx8917mD7GRV4jKfGaLwd0xW2wxz42nQ3uTjzGsdVJs4NoPI+uLX41a6wJXIeluof Vq1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1765458772; x=1766063572; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=kDFEc4fN1lJI19el6jFqqGDNA26jFoyWc0WKoX0DUKA=; b=pFes95BPSAQMAHp5XhRGENENCkl6xY2jWt//NvTqokUmZy/Tm0UDnUQsBroxed7irf JRq4BCNXtgZDbMb4mHYNFV5ySYpRx0xa5SmkLdip5sZ3Bub6zbLTH3fEEmXfe7GM4TMv SWRExEYFHQ9jCGmsBt23W1Azn3KCOSssWPd7B8kWXjDtWXWBkvGYsZsWW4o8lELYuxFa 8I5MGZbfOzb0hm0RTN9PtVyBHLNQpLFZ6qNP+t/bszFus2oigCwXD9TLRnvaldHQHlON bnRUP82Ecx3psp5arAWZx8Cu0xHbAB1vucDJOCNG1Bf+tkTUQveDuL/OZNTeoFcu5EOk hmig== X-Forwarded-Encrypted: i=1; AJvYcCULZUsn9JTPr4CISNUI4Wab5fbyKESpE3eRX+H9l1896QUhL7XpC8qMIeLPVsLhSUXRExqgCJnAjZjAoJI=@vger.kernel.org X-Gm-Message-State: AOJu0YxCzpn2w0WWt2/+D9CNy/YFlTWUQXXoWOmqmJKBW6gxBbBe7CaV Hq97Nj4qGRdn9u5aIn36JXFcYwvAggV2KOHkTWpcZ5JuejOKou4gp5NmGujd07pJPHX0HvzzWIk eqsNU74H90BLmwrryEZsK+s1u8MEsesH6CYfcf/FiarIuBCpSBancRZPLsOfLx5aY X-Gm-Gg: AY/fxX6L6JHiniWZnwuHVLf4+hqVvEY7MkuCVbXQ29fZPmIVblax1SoWDLL3MUEmvt5 Qy2pQc6EZihMEg13LqP2gyVxX13gi4QibnTf5P1OuJ5PvGS5i47DjWVPJD6cwP79BLj4UkS48CO SK5kYxdvIBn0H1bSqY4G7oTS+joeb8w47a9oBzdTuDyEoqRQ1yKs7PIEFwXVeA5q/kVmZ3gPHhN tqCRr6vReRVBguL1jfUQDmq4jvpoCrUx3vVzNKFXGx3KCtAGpQSdxsTt5DkaBtgh92j1KSUwh4p V/mGceLf80Vuvp6d/ig5yOStOaSWiF1plKNHWhEQVtDAbF1cfCJepDRINmji8wT+bH4Jo5io/6B A9xExNg9jvSCKsluFnOecEP/uabPiqEwwo/xklw== X-Received: by 2002:aa7:8893:0:b0:77f:2f7c:b709 with SMTP id d2e1a72fcca58-7f22c93a493mr5989985b3a.5.1765458772274; Thu, 11 Dec 2025 05:12:52 -0800 (PST) X-Google-Smtp-Source: AGHT+IHrO3U5PID+k1jzbVzuSa+Ezk+JgNL8rux/aTorTtqute2usQKxqDshXflJAKXqIgH0ZySa3w== X-Received: by 2002:aa7:8893:0:b0:77f:2f7c:b709 with SMTP id d2e1a72fcca58-7f22c93a493mr5989963b3a.5.1765458771940; Thu, 11 Dec 2025 05:12:51 -0800 (PST) Received: from dkarn-thinkpadp16vgen1.punetw6.csb ([2402:e280:3e0d:a45:3861:8b7f:6ae1:6229]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7f4c5093d5csm2514732b3a.49.2025.12.11.05.12.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Dec 2025 05:12:51 -0800 (PST) From: Deepakkumar Karn To: jack@suse.cz Cc: brauner@kernel.org, dkarn@redhat.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk Subject: [PATCH v2] fs/buffer: add alert in try_to_free_buffers() for folios without buffers Date: Thu, 11 Dec 2025 18:42:11 +0530 Message-ID: <20251211131211.308021-1-dkarn@redhat.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" try_to_free_buffers() can be called on folios with no buffers attached when filemap_release_folio() is invoked on a folio belonging to a mapping with AS_RELEASE_ALWAYS set but no release_folio operation defined. In such cases, folio_needs_release() returns true because of the AS_RELEASE_ALWAYS flag, but the folio has no private buffer data. This causes try_to_free_buffers() to call drop_buffers() on a folio with no buffers, leading to a null pointer dereference. Adding a check in try_to_free_buffers() to return early if the folio has no buffers attached, with WARN_ON_ONCE() to alert about the misconfiguration. This provides defensive hardening. Signed-off-by: Deepakkumar Karn Reviewed-by: Jan Kara --- fs/buffer.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/buffer.c b/fs/buffer.c index 838c0c571022..28e4d53f1717 100644 --- a/fs/buffer.c +++ b/fs/buffer.c @@ -2948,6 +2948,10 @@ bool try_to_free_buffers(struct folio *folio) if (folio_test_writeback(folio)) return false; =20 + /* Misconfigured folio check */ + if (WARN_ON_ONCE(!folio_buffers(folio))) + return true; + if (mapping =3D=3D NULL) { /* can this still happen? */ ret =3D drop_buffers(folio, &buffers_to_free); goto out; --=20 2.52.0