{"id":2171675,"url":"http://patchwork.ozlabs.org/api/1.2/patches/2171675/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-ext4/patch/20251205055914.1393799-1-kartikey406@gmail.com/","project":{"id":8,"url":"http://patchwork.ozlabs.org/api/1.2/projects/8/?format=json","name":"Linux ext4 filesystem development","link_name":"linux-ext4","list_id":"linux-ext4.vger.kernel.org","list_email":"linux-ext4@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20251205055914.1393799-1-kartikey406@gmail.com>","list_archive_url":null,"date":"2025-12-05T05:59:14","name":"[v3] ext4: unmap invalidated folios from page tables in mpage_release_unused_pages()","commit_ref":null,"pull_url":null,"state":"awaiting-upstream","archived":false,"hash":"b72c45dedec1a29e494567aea4379c585b4100bf","submitter":{"id":91725,"url":"http://patchwork.ozlabs.org/api/1.2/people/91725/?format=json","name":"Deepanshu Kartikey","email":"kartikey406@gmail.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/linux-ext4/patch/20251205055914.1393799-1-kartikey406@gmail.com/mbox/","series":[{"id":484484,"url":"http://patchwork.ozlabs.org/api/1.2/series/484484/?format=json","web_url":"http://patchwork.ozlabs.org/project/linux-ext4/list/?series=484484","date":"2025-12-05T05:59:14","name":"[v3] ext4: unmap invalidated folios from page tables in mpage_release_unused_pages()","version":3,"mbox":"http://patchwork.ozlabs.org/series/484484/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2171675/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2171675/checks/","tags":{},"related":[],"headers":{"Return-Path":"\n ","X-Original-To":["incoming@patchwork.ozlabs.org","linux-ext4@vger.kernel.org"],"Delivered-To":["patchwork-incoming@legolas.ozlabs.org","patchwork-incoming@ozlabs.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20230601 header.b=VGGdRQpf;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=ozlabs.org\n (client-ip=150.107.74.76; helo=mail.ozlabs.org;\n envelope-from=srs0=egfd=6l=vger.kernel.org=linux-ext4+bounces-12161-patchwork-incoming=ozlabs.org@ozlabs.org;\n receiver=patchwork.ozlabs.org)","gandalf.ozlabs.org;\n arc=pass smtp.remote-ip=\"2600:3c0a:e001:db::12fc:5321\"\n arc.chain=subspace.kernel.org","gandalf.ozlabs.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com","gandalf.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20230601 header.b=VGGdRQpf;\n\tdkim-atps=neutral","gandalf.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=linux-ext4+bounces-12161-patchwork-incoming=ozlabs.org@vger.kernel.org;\n receiver=ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=\"VGGdRQpf\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=209.85.210.176","smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=gmail.com"],"Received":["from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4dN11C0zvsz1xwJ\n\tfor ; Fri, 05 Dec 2025 16:59:42 +1100 (AEDT)","from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])\n\tby gandalf.ozlabs.org (Postfix) with ESMTP id 4dN1190Fnfz4wCk\n\tfor ; Fri, 05 Dec 2025 16:59:41 +1100 (AEDT)","by gandalf.ozlabs.org (Postfix)\n\tid 4dN11900gRz4wHW; Fri, 05 Dec 2025 16:59:41 +1100 (AEDT)","from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby gandalf.ozlabs.org (Postfix) with ESMTPS id 4dN1146SMrz4wCk\n\tfor ; Fri, 05 Dec 2025 16:59:36 +1100 (AEDT)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 66B523116780\n\tfor ; Fri, 5 Dec 2025 05:59:27 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 4D5D42F3621;\n\tFri, 5 Dec 2025 05:59:26 +0000 (UTC)","from mail-pf1-f176.google.com (mail-pf1-f176.google.com\n [209.85.210.176])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id 9B41313D539\n\tfor ; Fri, 5 Dec 2025 05:59:23 +0000 (UTC)","by mail-pf1-f176.google.com with SMTP id\n d2e1a72fcca58-7d26a7e5639so2130770b3a.1\n for ;\n Thu, 04 Dec 2025 21:59:23 -0800 (PST)","from deepanshu-kernel-hacker..\n ([2405:201:682f:389d:7d03:7bff:42c:9a84])\n by smtp.gmail.com with ESMTPSA id\n 41be03b00d2f7-bf6a2364693sm3469759a12.26.2025.12.04.21.59.18\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Thu, 04 Dec 2025 21:59:22 -0800 (PST)"],"ARC-Seal":["i=2; a=rsa-sha256; d=ozlabs.org; s=201707; t=1764914380; cv=pass;\n\tb=VQ1jMbyZiKKzVE2jENS+BZPUg7pmjb/AxgPflG7xcycqQ0S5CaNXxrtLFCUtRWXy1jn60eqkCXGLJFf5aT8lJJ4n99zx+qtLXvv1ug59+5sWBFWSI71wtHzeusxoDJY28AS7v38DkhpKo4k1H1O3xab5JUk5NimZo+KfM9tL73OCXO4cIjueyE41o4rKSCT6MgeQUS+p5URan+dUS560mM4gLLObQibs4ORjeNY4U5jRvPSehdf5xLtgMrS/5807l1o3W0BR63j1t9L0uhCwFqWEkDVpKzXQ3FWGjAzwqv9K/cDdv1f6ccdRpBOmRIOlzub4S1/KFoZFtARBUPVDwg==","i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1764914366; cv=none;\n b=KfbYaI/yNT85xph1A5WgtuIMjbfAGyufAIkUPSzBgRPUqjNFaLs9venuMn556BXnGwGFhWP1kcQ+ZNekuXPbkZk3EbjfhI/SEYey/3CJYZCJXpeHcBGw3TJljH+WIthBgFs7q/eC9jB2azPFb+N1wHpXRnsq30xFsfhZ05E/Jr8="],"ARC-Message-Signature":["i=2; a=rsa-sha256; d=ozlabs.org; s=201707;\n\tt=1764914380; c=relaxed/relaxed;\n\tbh=VFAk5wktF2UPyOn0DQ7lF1B8QLbujwtGCDKJwa1qmTI=;\n\th=From:To:Cc:Subject:Date:Message-ID:MIME-Version;\n b=gYQQsLvdfR0+qU3GLEmCAZfI9Hmlnmlm0DQEP/Zl41PEXRRo/31sCmce8h5lQsu4udNaSlzpdcjWO4nm6rvMVnBcwDcqGamKr+ICm1LiVXn/Aad2IeJrSGhkzAx+0SGjr+BCAardpSQgKTa2UaWYMAAZGkuFqihk811yVI0k0bD+kcEnnET0bOZ1uuqxpzHV+5hz5I/ZkB6h69xVpSNxjYZTTBZ02H6WUVIqUO6sz5v6BSoMlWrvdbv3R7oDL8JwPphRc0kTT43AVy8uEzbWL+tOjvBAAKHC6PXo4kYpYHyB78mFuD6aVbV3WD4nmowRvTptXGoF1vZ3Ma0PVDTvnQ==","i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1764914366; c=relaxed/simple;\n\tbh=v3qKnkp64bhmNVNTkIDedzgiGCfEjfMUA4wc3TYHZAY=;\n\th=From:To:Cc:Subject:Date:Message-ID:MIME-Version;\n b=j2imiysb/XcBDCku2Vx7k/MnWoFeqwIJsxteLaN5Lu9T04z9lGkHKXYs5rt0/DnxRYUnHzMA+OCbZyATph6OzwujSH7eVgZ0QP2uY5ISC71Vh79vpjbEtEZdCzfSkD/fd2sNp2fFHFE/tHF4mQw013eRSyrJTg8ePqLKELCIX0s="],"ARC-Authentication-Results":["i=2; gandalf.ozlabs.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com; dkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20230601 header.b=VGGdRQpf; dkim-atps=neutral;\n spf=pass (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=linux-ext4+bounces-12161-patchwork-incoming=ozlabs.org@vger.kernel.org;\n receiver=ozlabs.org) smtp.mailfrom=vger.kernel.org","i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=gmail.com;\n spf=pass smtp.mailfrom=gmail.com;\n dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com\n header.b=VGGdRQpf; arc=none smtp.client-ip=209.85.210.176"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20230601; t=1764914363; x=1765519163;\n darn=vger.kernel.org;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:from:to:cc:subject:date:message-id:reply-to;\n bh=VFAk5wktF2UPyOn0DQ7lF1B8QLbujwtGCDKJwa1qmTI=;\n b=VGGdRQpfoWMtELD8rWabJmyrua0ogyJYd/NiHnZLxC9d53SGtOrpiS8NrN8uhno0JZ\n 3VMR4Dj/2VI8tgREBXcfN4rkfXH1bx4sMDqB6DzLBw7BG+WamM6PsljMawWw3xyxgGCG\n AFfqNNKr56+tSAxB5Dy15wZqjCvmTgOzGzhcGx2bSuYKg79NB/B5A2Eh/iRa2iRuFATW\n Z0igJCYRjFcK0L2LuN2a7mGCopC/uTVjG9UP8tKeTW+zJ1x18UF5EHI95dGHyznzZwMw\n faZ/6rhgIfpa5Gc0HHpm1oyrtm73rqgzsip2n8VfYTm3eekgIEZpXD/4lYug4xAZPHIB\n EaMg==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20230601; t=1764914363; x=1765519163;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n :message-id:reply-to;\n bh=VFAk5wktF2UPyOn0DQ7lF1B8QLbujwtGCDKJwa1qmTI=;\n b=LLmjprMJO39mmiMSFQRBNR7b7Xe2Id1xEidyda9Hx37ck8qqF/nuaEke2sVfA3XBEu\n 2Yq+giQWDLEwUsE7xGrvcao8l4KvfvEO+Uc1ZaUMmmw5cWnb3fu8J7OQRRsGmskBMgG/\n MkyufEMQM0i30BwHmcYWalBBaEIjAgrwmrgP1w7JQejPX99B94t6Zfvd6mrdEB42uuvu\n iCBI2np7TQ2UenyDlWKKNjeCcArs9422QXOJXG+6E2Mao/UYqOgCspdC3zecM4OaOHAu\n KMAYWMmCZ+SUvjUrzb7KufxcpM9NRK5wSvhqhuIKzap+1htQPdO7FGVdIx0nV8zTUS93\n f9nQ==","X-Gm-Message-State":"AOJu0YzaMXV17hNSq13ccmpOHJw2EwDZf3dLQ/99IR/16GjOy4isytjF\n\tTU/VpUGRBfD9X8QFsd3pid7NFkYEBq4/2dxqeyYbx92bXQ0h6jhfv/Lq","X-Gm-Gg":"ASbGnct2EboSYxUqbmr1ElbFxq1dNHcYkpAoC7Zrf7YJMbxFTNTF0OijGYBCJT0m+aZ\n\tmka7GoUIm88cH7taXfT07T9gj2W8W7oU5UBxQHkQMoaFPCP34B8YwFA5mW6ZP49vTrG0DMbXMGF\n\tWUNIp9pAAe731a13QZmu4PsL2F/iB8DJ/n1SARDe6bcNc1Y/PaCJxegZsRfvDXh7i+M3PXpZmgz\n\t+5bjCo5GkfPPDD2BDAE6DaSkhshrxfufX6l5DMxNqey1GL1DhE2MJ/xr2WrASspPhs1I1/51Py+\n\tFfkSD6sZuSvXOSi32u/lj1td1n83g+6RzhY+KLlPXKWM1oOg9IX3eOmQ1OC4EqTjbPUU2o05fcS\n\tssAl5SHu9j/NX9ABBKwTmMxqhUv03ZWbqYYBaE13wPS3JDKpcg6aIxq0jxEnxZzH7itac/AM9qx\n\tVQQii34DiTpmYteLNY4Pe9G3optrc7oR7a7XnIoeHGFtfJX5RCWAxOa61Zl/FjdZHVv1t6YLcbq\n\t8m3","X-Google-Smtp-Source":"\n AGHT+IErHmTOgxQdfHXp41sLKOKxSJ4zHAhFZyhwuy4ysXGwWzRghuqw0arHP6wu7kMlAl94HE0eaA==","X-Received":"by 2002:a05:6a20:6a1a:b0:35d:d477:a7ff with SMTP id\n adf61e73a8af0-363f5d3eacemr10179646637.21.1764914362786;\n Thu, 04 Dec 2025 21:59:22 -0800 (PST)","From":"Deepanshu Kartikey ","To":"tytso@mit.edu,\n\tadilger.kernel@dilger.ca,\n\twilly@infradead.org","Cc":"linux-ext4@vger.kernel.org,\n\tlinux-kernel@vger.kernel.org,\n\tyi.zhang@huaweicloud.com,\n\tdjwong@kernel.org,\n\tDeepanshu Kartikey ,\n\tsyzbot+b0a0670332b6b3230a0a@syzkaller.appspotmail.com","Subject":"[PATCH v3] ext4: unmap invalidated folios from page tables in\n mpage_release_unused_pages()","Date":"Fri, 5 Dec 2025 11:29:14 +0530","Message-ID":"<20251205055914.1393799-1-kartikey406@gmail.com>","X-Mailer":"git-send-email 2.43.0","Precedence":"bulk","X-Mailing-List":"linux-ext4@vger.kernel.org","List-Id":"","List-Subscribe":"","List-Unsubscribe":"","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","X-Spam-Status":"No, score=-1.1 required=5.0 tests=ARC_SIGNED,ARC_VALID,\n\tDKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DMARC_PASS,\n\tFREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,\n\tMAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=disabled\n\tversion=4.0.1","X-Spam-Checker-Version":"SpamAssassin 4.0.1 (2024-03-25) on gandalf.ozlabs.org"},"content":"When delayed block allocation fails (e.g., due to filesystem corruption\ndetected in ext4_map_blocks()), the writeback error handler calls\nmpage_release_unused_pages(invalidate=true) which invalidates affected\nfolios by clearing their uptodate flag via folio_clear_uptodate().\n\nHowever, these folios may still be mapped in process page tables. If a\nsubsequent operation (such as ftruncate calling ext4_block_truncate_page)\ntriggers a write fault, the existing page table entry allows access to\nthe now-invalidated folio. This leads to ext4_page_mkwrite() being called\nwith a non-uptodate folio, which then gets marked dirty, triggering:\n\n WARNING: CPU: 0 PID: 5 at mm/page-writeback.c:2960\n __folio_mark_dirty+0x578/0x880\n\n Call Trace:\n fault_dirty_shared_page+0x16e/0x2d0\n do_wp_page+0x38b/0xd20\n handle_pte_fault+0x1da/0x450\n\nThe sequence leading to this warning is:\n\n1. Process writes to mmap'd file, folio becomes uptodate and dirty\n2. Writeback begins, but delayed allocation fails due to corruption\n3. mpage_release_unused_pages(invalidate=true) is called:\n - block_invalidate_folio() clears dirty flag\n - folio_clear_uptodate() clears uptodate flag\n - But folio remains mapped in page tables\n4. Later, ftruncate triggers ext4_block_truncate_page()\n5. This causes a write fault on the still-mapped folio\n6. ext4_page_mkwrite() is called with folio that is !uptodate\n7. block_page_mkwrite() marks buffers dirty\n8. fault_dirty_shared_page() tries to mark folio dirty\n9. block_dirty_folio() calls __folio_mark_dirty(warn=1)\n10. WARNING triggers: WARN_ON_ONCE(warn && !uptodate && !dirty)\n\nFix this by unmapping folios from page tables before invalidating them\nusing unmap_mapping_pages(). This ensures that subsequent accesses\ntrigger new page faults rather than reusing invalidated folios through\nstale page table entries.\n\nNote that this results in data loss for any writes to the mmap'd region\nthat couldn't be written back, but this is expected behavior when\nwriteback fails due to filesystem corruption. The existing error message\nalready states \"This should not happen!! Data will be lost\".\n\nChanges in v3:\n- Complete redesign based on feedback from Matthew Wilcox and Ted Ts'o\n- Moved fix from ext4_page_mkwrite() to mpage_release_unused_pages()\n- Now unmaps folios from page tables before invalidation using\n unmap_mapping_pages()\n- Prevents non-uptodate folios from being accessible via stale PTEs\n- No performance impact (only affects error path with invalidate=true)\n- Removed folio_lock() overhead from page fault path\n\nChanges in v2:\n- Corrected explanation of when folios become non-uptodate\n- Added detailed description of mpage_release_unused_pages() invocation\n- Clarified that folio_clear_uptodate() is explicitly called during\n error handling, not a side effect\n\nReported-by: syzbot+b0a0670332b6b3230a0a@syzkaller.appspotmail.com\nTested-by: syzbot+b0a0670332b6b3230a0a@syzkaller.appspotmail.com\nCloses: https://syzkaller.appspot.com/bug?extid=b0a0670332b6b3230a0a\nSuggested-by: Matthew Wilcox \nSigned-off-by: Deepanshu Kartikey \n---\n fs/ext4/inode.c | 11 ++++++++++-\n 1 file changed, 10 insertions(+), 1 deletion(-)","diff":"diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c\nindex e99306a8f47c..16f73c0c33c4 100644\n--- a/fs/ext4/inode.c\n+++ b/fs/ext4/inode.c\n@@ -1749,8 +1749,17 @@ static void mpage_release_unused_pages(struct mpage_da_data *mpd,\n \t\t\tBUG_ON(!folio_test_locked(folio));\n \t\t\tBUG_ON(folio_test_writeback(folio));\n \t\t\tif (invalidate) {\n-\t\t\t\tif (folio_mapped(folio))\n+\t\t\t\tif (folio_mapped(folio)) {\n \t\t\t\t\tfolio_clear_dirty_for_io(folio);\n+\t\t\t\t\t/*\n+\t\t\t\t\t * Unmap folio from page tables to prevent subsequent\n+\t\t\t\t\t * accesses through stale PTEs. This ensures future\n+\t\t\t\t\t * accesses trigger new page faults rather than reusing\n+\t\t\t\t\t * the invalidated folio.\n+\t\t\t\t\t */\n+\t\t\t\t\tunmap_mapping_pages(folio->mapping, folio->index,\n+\t\t\t\t\t\t\t folio_nr_pages(folio), false);\n+\t\t\t\t}\n \t\t\t\tblock_invalidate_folio(folio, 0,\n \t\t\t\t\t\tfolio_size(folio));\n \t\t\t\tfolio_clear_uptodate(folio);\n","prefixes":["v3"]}