mm: shmem: avoid unpaired folio_unlock() in shmem_swapin_folio()

Kemeng Shi · gregkh · commit 1be8e41962f1 · 2026-03-25T11:08:56.000+01:00
commit e08d5f5 upstream. If we get a folio from swap_cache_get_folio() successfully but encounter a failure before the folio is locked, we will unlock the folio which was not previously locked. Put the folio and set it to NULL when a failure occurs before the folio is locked to fix the issue. Link: https://lkml.kernel.org/r/20250516170939.965736-1-shikemeng@huaweicloud.com Link: https://lkml.kernel.org/r/20250516170939.965736-2-shikemeng@huaweicloud.com Fixes: 0583135 ("mm: shmem: fix potential data corruption during shmem swapin") Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com> Reviewed-by: Baolin Wang <baolin.wang@linux.alibaba.com> Reviewed-by: Kairui Song <kasong@tencent.com> Cc: Hugh Dickins <hughd@google.com> Cc: kernel test robot <oliver.sang@intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> [ hughd: removed series cover letter comments ] Signed-off-by: Hugh Dickins <hughd@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
diff --git a/mm/shmem.c b/mm/shmem.c
@@ -2198,6 +2198,8 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index,
 		 */
 		split_order = shmem_split_large_entry(inode, index, swap, gfp);
 		if (split_order < 0) {
+			folio_put(folio);
+			folio = NULL;
 			error = split_order;
 			goto failed;
 		}

Original file line number	Diff line number	Diff line change
`@@ -2198,6 +2198,8 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index,`
`2198`	`2198`	`*/`
`2199`	`2199`	`split_order = shmem_split_large_entry(inode, index, swap, gfp);`
`2200`	`2200`	`if (split_order < 0) {`
	`2201`	`+ folio_put(folio);`
	`2202`	`+ folio = NULL;`
`2201`	`2203`	`error = split_order;`
`2202`	`2204`	`goto failed;`
`2203`	`2205`	`}`