2021-04-21 17:16:03

by Christian König

[permalink] [raw]
Subject: [PATCH 2/2] ovl: fix reference counting in ovl_mmap error path

mmap_region() now calls fput() on the vma->vm_file.

Fix this by using vma_set_file() so it doesn't need to be
handled manually here any more.

Signed-off-by: Christian König <[email protected]>
Fixes: 1527f926fd04 ("mm: mmap: fix fput in error path v2")
CC: [email protected] # 5.11+
---
fs/overlayfs/file.c | 11 +----------
1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c
index dbfb35fb0ff7..3847cdc069b5 100644
--- a/fs/overlayfs/file.c
+++ b/fs/overlayfs/file.c
@@ -430,20 +430,11 @@ static int ovl_mmap(struct file *file, struct vm_area_struct *vma)
if (WARN_ON(file != vma->vm_file))
return -EIO;

- vma->vm_file = get_file(realfile);
+ vma_set_file(vma, realfile);

old_cred = ovl_override_creds(file_inode(file)->i_sb);
ret = call_mmap(vma->vm_file, vma);
revert_creds(old_cred);
-
- if (ret) {
- /* Drop reference count from new vm_file value */
- fput(realfile);
- } else {
- /* Drop reference count from previous vm_file value */
- fput(file);
- }
-
ovl_file_accessed(file);

return ret;
--
2.25.1


2021-04-22 08:16:02

by Daniel Vetter

[permalink] [raw]
Subject: Re: [PATCH 2/2] ovl: fix reference counting in ovl_mmap error path

On Wed, Apr 21, 2021 at 03:20:12PM +0200, Christian K?nig wrote:
> mmap_region() now calls fput() on the vma->vm_file.
>
> Fix this by using vma_set_file() so it doesn't need to be
> handled manually here any more.
>
> Signed-off-by: Christian K?nig <[email protected]>
> Fixes: 1527f926fd04 ("mm: mmap: fix fput in error path v2")
> CC: [email protected] # 5.11+
> ---
> fs/overlayfs/file.c | 11 +----------
> 1 file changed, 1 insertion(+), 10 deletions(-)
>
> diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c
> index dbfb35fb0ff7..3847cdc069b5 100644
> --- a/fs/overlayfs/file.c
> +++ b/fs/overlayfs/file.c
> @@ -430,20 +430,11 @@ static int ovl_mmap(struct file *file, struct vm_area_struct *vma)
> if (WARN_ON(file != vma->vm_file))
> return -EIO;
>
> - vma->vm_file = get_file(realfile);
> + vma_set_file(vma, realfile);

Reviewed-by: Daniel Vetter <[email protected]>

>
> old_cred = ovl_override_creds(file_inode(file)->i_sb);
> ret = call_mmap(vma->vm_file, vma);
> revert_creds(old_cred);
> -
> - if (ret) {
> - /* Drop reference count from new vm_file value */
> - fput(realfile);
> - } else {
> - /* Drop reference count from previous vm_file value */
> - fput(file);
> - }
> -
> ovl_file_accessed(file);
>
> return ret;
> --
> 2.25.1
>
> _______________________________________________
> dri-devel mailing list
> [email protected]
> https://lists.freedesktop.org/mailman/listinfo/dri-devel

--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch