mm/truncate: make sure folio2 is large and has the same mapping after lock

It is possible that folio2 no longer belongs to the original mapping.

Link: https://lkml.kernel.org/r/56EBE3B6-99EA-470E-B2B3-92C9C13032DF@nvidia.com
Signed-off-by: Zi Yan <ziy@nvidia.com>
Cc: Baolin Wang <baolin.wang@linux.alibaba.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: John Hubbard <jhubbard@nvidia.com>
Cc: Kairui Song <kasong@tencent.com>
Cc: Kefeng Wang <wangkefeng.wang@huawei.com>
Cc: Kirill A. Shuemov <kirill.shutemov@linux.intel.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Miaohe Lin <linmiaohe@huawei.com>
Cc: Ryan Roberts <ryan.roberts@arm.com>
Cc: Yang Shi <yang@os.amperecomputing.com>
Cc: Yu Zhao <yuzhao@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

diff --git a/mm/truncate.c b/mm/truncate.c
index 031d0be19f42c24fb1ab6a71fb773ce851821cb2..0790b62275125a30a4e063f4219986c7adc301d5 100644 (file)
--- a/mm/truncate.c
+++ b/mm/truncate.c
@@ -244,8 +244,14 @@ bool truncate_inode_partial_folio(struct folio *folio, loff_t start, loff_t end)
                if (!folio_trylock(folio2))
                        goto out;
 
-               /* split result does not matter here */
-               try_folio_split(folio2, split_at2, NULL);
+               /*
+                * make sure folio2 is large and does not change its mapping.
+                * Its split result does not matter here.
+                */
+               if (folio_test_large(folio2) &&
+                   folio2->mapping == folio->mapping)
+                       try_folio_split(folio2, split_at2, NULL);
+
                folio_unlock(folio2);
 out:
                folio_put(folio2);