From 2de28a0bdd7be7176cfc8b286aa4e7393a9615a5 Mon Sep 17 00:00:00 2001
From: Minchan Kim <minchan@kernel.org>
Date: Thu, 18 Mar 2021 09:32:48 -0700
Subject: [PATCH] ANDROID: mm: page_pinner: use put_user_page at
 fuse_copy_finish

fuse could use get_user_pages_fast by iov_iter_get_pages at
fuse_copy_fill so close the false positive by attributing
it by put_user_page.

Page pinned via pid 670, ts 4554195916 ns
PFN 83125 Block 162 type Movable Flags 0xfffffc008001e(referenced|uptodate|dirty|lru|swapbacked)
 try_grab_compound_head+0x1e8/0x240
 internal_get_user_pages_fast+0x66d/0xca0
 iov_iter_get_pages+0xd4/0x3a0
 fuse_copy_fill+0x197/0x200
 fuse_copy_one+0x6e/0xf0
 fuse_dev_do_read.constprop.0+0x435/0x7e0
 fuse_dev_read+0x5d/0x90
 new_sync_read+0x115/0x1a0
 vfs_read+0xf4/0x180
 ksys_read+0x5f/0xe0
 do_syscall_64+0x33/0x80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

Bug: 183414571
Signed-off-by: Minchan Kim <minchan@kernel.org>
Signed-off-by: Minchan Kim <minchan@google.com>
Change-Id: Idc80d4a34b546f25e8f6dbc68313d39586e914d9
---
 fs/fuse/dev.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index 15baef8fdc7a..94da3cfca7f8 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -684,7 +684,11 @@ static void fuse_copy_finish(struct fuse_copy_state *cs)
 			flush_dcache_page(cs->pg);
 			set_page_dirty_lock(cs->pg);
 		}
-		put_page(cs->pg);
+		/*
+		 * The page could be GUP page(see iov_iter_get_pages in
+		 * fuse_copy_fill) so use put_user_page to release it.
+		 */
+		put_user_page(cs->pg);
 	}
 	cs->pg = NULL;
 }