This deprecated PG_private_2 copy-to-cache path can leak folio private
state on rolling-buffer allocation failure.

netfs_pgpriv2_copy_to_cache() sets PG_private_2 first, then
netfs_pgpriv2_copy_folio() tries to append the folio to the tracking
buffer.  If that append fails, it just returns without calling
folio_end_private_2().  The folio is then no longer tracked for copy
completion, but later invalidate/release paths still block on that bit
in netfs_invalidate_folio() and netfs_release_folio(), so the folio
can become permanently stuck/unreclaimable.

Fixes: ee4cdf7ba857 ("netfs: Speed up buffered reading")
Cc: stable@vger.kernel.org
Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
---
 fs/netfs/read_pgpriv2.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/netfs/read_pgpriv2.c b/fs/netfs/read_pgpriv2.c
index a1489aa29f78..ab73fa62378b 100644
--- a/fs/netfs/read_pgpriv2.c
+++ b/fs/netfs/read_pgpriv2.c
@@ -55,6 +55,7 @@ static void netfs_pgpriv2_copy_folio(struct netfs_io_request *creq, struct folio
 	/* Attach the folio to the rolling buffer. */
 	if (rolling_buffer_append(&creq->buffer, folio, 0) < 0) {
 		clear_bit(NETFS_RREQ_FOLIO_COPY_TO_CACHE, &creq->flags);
+		folio_end_private_2(folio);
 		return;
 	}
 
-- 
2.47.3