fuse: don't check refcount after stealing page

[ Upstream commit 32f98877c57bee6bc27f443a96f49678a2cd6a50 ]

page_count() is unstable.  Unless there has been an RCU grace period
between when the page was removed from the page cache and now, a
speculative reference may exist from the page cache.

Reported-by: Matthew Wilcox <willy@infradead.org>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index f580695b7bb9abe6b45509a1fc04a1eaff1a66dc..1b9c4c19bed29e2705f209e244786697a198d3d5 100644 (file)
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -824,7 +824,6 @@ static int fuse_check_page(struct page *page)
 {
        if (page_mapcount(page) ||
            page->mapping != NULL ||
-           page_count(page) != 1 ||
            (page->flags & PAGE_FLAGS_CHECK_AT_PREP &
             ~(1 << PG_locked |
               1 << PG_referenced |