[PATCH 5.15.y] iomap: don't invalidate folios after writeback errors

[PATCH 5.15.y] iomap: don't invalidate folios after writeback errors

[driz2t]

[-- Attachment #1: Type: text/plain, Size: 191 bytes --]

Hi,

Please test this patch on stable 5.15.y.

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git 3330a8d33e086f76608bb4e80a3dc569d04a8814

Thanks,
Changjian Liu

[-- Attachment #2: c0ffed3897231d71f047.patch --]
[-- Type: application/octet-stream, Size: 2470 bytes --]

From e6e9ab04d37f607fe89ce5237c634ca463c11d38 Mon Sep 17 00:00:00 2001
From: Changjian Liu <driz2t@qq.com>
Date: Tue, 24 Mar 2026 19:32:14 +0800
Subject: [PATCH] iomap: don't invalidate folios after writeback errors

XFS has the unique behavior that on writeback errors it will completely
invalidate the affected folio and force the page cache to reread the
contents from disk. All other filesystems leave the page mapped and up
to date.

This is a rude awakening for user programs, since file contents will
appear to revert to old disk contents with no notification other than
an EIO on fsync. With multipage folios, we can now throw away *megabytes*
worth of data for a single write error.

Additionally, this behavior can cause a Use-After-Free (UAF) when
xfs_discard_folio invalidates multipage folios that could be undergoing
writeback. If writeback fails in the middle of a folio, we free the iop
attached to the folio, causing writeback completion on the earlier part
to trip over assertions.

Get rid of the whole behavior entirely by returning early in
xfs_discard_folio() if the filesystem is shutting down, and removing
the unconditional folio_clear_uptodate() call in iomap_writepage_map().

Signed-off-by: Changjian Liu <driz2t@qq.com>
---
 fs/iomap/buffered-io.c | 1 -
 fs/xfs/xfs_aops.c      | 4 +---
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c
index 87a4f5a2ded0..1f0bfe0b8bae 100644
--- a/fs/iomap/buffered-io.c
+++ b/fs/iomap/buffered-io.c
@@ -1350,7 +1350,6 @@ iomap_writepage_map(struct iomap_writepage_ctx *wpc,
 		if (wpc->ops->discard_page)
 			wpc->ops->discard_page(page, file_offset);
 		if (!count) {
-			ClearPageUptodate(page);
 			unlock_page(page);
 			goto done;
 		}
diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c
index c8c15c3c3147..56a5bd7ad8c4 100644
--- a/fs/xfs/xfs_aops.c
+++ b/fs/xfs/xfs_aops.c
@@ -450,7 +450,7 @@ xfs_discard_page(
 	int			error;
 
 	if (xfs_is_shutdown(mp))
-		goto out_invalidate;
+		return;
 
 	xfs_alert_ratelimited(mp,
 		"page discard on page "PTR_FMT", inode 0x%llx, offset %llu.",
@@ -460,8 +460,6 @@ xfs_discard_page(
 			i_blocks_per_page(inode, page) - pageoff_fsb);
 	if (error && !xfs_is_shutdown(mp))
 		xfs_alert(mp, "page discard unable to remove delalloc mapping.");
-out_invalidate:
-	iomap_invalidatepage(page, pageoff, PAGE_SIZE - pageoff);
 }
 
 static const struct iomap_writeback_ops xfs_writeback_ops = {
-- 
2.43.0

Re: [v5.15] WARNING in iomap_page_release

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+c0ffed3897231d71f047@syzkaller.appspotmail.com
Tested-by: syzbot+c0ffed3897231d71f047@syzkaller.appspotmail.com

Tested on:

commit:         3330a8d3 Linux 5.15.201
git tree:       git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
console output: https://syzkaller.appspot.com/x/log.txt?x=16f95372580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=30e28339904629ca
dashboard link: https://syzkaller.appspot.com/bug?extid=c0ffed3897231d71f047
compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=15b4506a580000

Note: testing is done by a robot and is best-effort only.