summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohannes Weiner <hannes@cmpxchg.org>2016-10-04 16:58:06 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2016-10-28 03:01:34 -0400
commitddafc880082e0e7b809ca84866eeddb2b5ef118e (patch)
tree7e842c03439a4b5cc2e2aafe3c8240d461f93d8f
parentf84311d7cd04cb1da9f0192417a584543be879a3 (diff)
downloadlinux-stable-ddafc880082e0e7b809ca84866eeddb2b5ef118e.tar.gz
linux-stable-ddafc880082e0e7b809ca84866eeddb2b5ef118e.tar.bz2
linux-stable-ddafc880082e0e7b809ca84866eeddb2b5ef118e.zip
mm: filemap: fix mapping->nrpages double accounting in fuse
commit 3ddf40e8c31964b744ff10abb48c8e36a83ec6e7 upstream. Commit 22f2ac51b6d6 ("mm: workingset: fix crash in shadow node shrinker caused by replace_page_cache_page()") switched replace_page_cache() from raw radix tree operations to page_cache_tree_insert() but didn't take into account that the latter function, unlike the raw radix tree op, handles mapping->nrpages. As a result, that counter is bumped for each page replacement rather than balanced out even. The mapping->nrpages counter is used to skip needless radix tree walks when invalidating, truncating, syncing inodes without pages, as well as statistics for userspace. Since the error is positive, we'll do more page cache tree walks than necessary; we won't miss a necessary one. And we'll report more buffer pages to userspace than there are. The error is limited to fuse inodes. Fixes: 22f2ac51b6d6 ("mm: workingset: fix crash in shadow node shrinker caused by replace_page_cache_page()") Signed-off-by: Johannes Weiner <hannes@cmpxchg.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Miklos Szeredi <miklos@szeredi.hu> Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Michal Hocko <mhocko@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--mm/filemap.c1
1 files changed, 0 insertions, 1 deletions
diff --git a/mm/filemap.c b/mm/filemap.c
index 7ad648c9780c..c588d1222b2a 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -590,7 +590,6 @@ int replace_page_cache_page(struct page *old, struct page *new, gfp_t gfp_mask)
__delete_from_page_cache(old, NULL, memcg);
error = page_cache_tree_insert(mapping, new, NULL);
BUG_ON(error);
- mapping->nrpages++;
/*
* hugetlb pages do not participate in page cache accounting.