From: Christian König christian.koenig@amd.com Subject: ovl: fix reference counting in ovl_mmap error path
mmap_region() now calls fput() on the vma->vm_file.
Fix this by using vma_set_file() so it doesn't need to be handled manually here any more.
Link: https://lkml.kernel.org/r/20210421132012.82354-2-christian.koenig@amd.com Fixes: 1527f926fd04 ("mm: mmap: fix fput in error path v2") Signed-off-by: Christian König christian.koenig@amd.com Reviewed-by: Daniel Vetter daniel.vetter@ffwll.ch Cc: Jan Harkes jaharkes@cs.cmu.edu Cc: Miklos Szeredi miklos@szeredi.hu Cc: Jason Gunthorpe jgg@ziepe.ca Cc: stable@vger.kernel.org [5.11+] Signed-off-by: Andrew Morton akpm@linux-foundation.org ---
fs/overlayfs/file.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-)
--- a/fs/overlayfs/file.c~ovl-fix-reference-counting-in-ovl_mmap-error-path +++ a/fs/overlayfs/file.c @@ -430,20 +430,11 @@ static int ovl_mmap(struct file *file, s if (WARN_ON(file != vma->vm_file)) return -EIO;
- vma->vm_file = get_file(realfile); + vma_set_file(vma, realfile);
old_cred = ovl_override_creds(file_inode(file)->i_sb); ret = call_mmap(vma->vm_file, vma); revert_creds(old_cred); - - if (ret) { - /* Drop reference count from new vm_file value */ - fput(realfile); - } else { - /* Drop reference count from previous vm_file value */ - fput(file); - } - ovl_file_accessed(file);
return ret; _