On Fri, 2026-06-05 at 03:31 -0700, Breno Leitao wrote:
> rds_info_getsockopt() pins the destination user pages with FOLL_WRITE and
> the RDS_INFO_* producers memcpy the snapshot into them through
> kmap_atomic(). Because that copy goes through the kernel direct map, the
> dirty bit on the user PTE is never set, so unpin_user_pages() releases the
> pages without marking them dirty. A file-backed destination page can then
> be reclaimed without writeback, silently discarding the copied data.
>
> Use unpin_user_pages_dirty_lock() with make_dirty=true so the modified
> pages are marked dirty before they are unpinned.
>
> Signed-off-by: Breno Leitao <[email protected]>
Hi Breno,
Thanks for following up with the Sashiko report. Since this is a bug fix, it
should carry a fixes tag. This is a long
standing bug that's been present since the codes original appearance in
a8c879a7ee98 ("RDS: Info and stats"). So it
should carry that in a fixes tag:
Fixes: a8c879a7ee98 ("RDS: Info and stats")
Other than that it looks fine to me. Thanks for catching this.
Allison
> ---
> net/rds/info.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/rds/info.c b/net/rds/info.c
> index f1b29994934a..17061f6ff74e 100644
> --- a/net/rds/info.c
> +++ b/net/rds/info.c
> @@ -235,7 +235,7 @@ int rds_info_getsockopt(struct socket *sock, int optname,
> char __user *optval,
>
> out:
> if (pages)
> - unpin_user_pages(pages, nr_pages);
> + unpin_user_pages_dirty_lock(pages, nr_pages, true);
> kfree(pages);
>
> return ret;
>
