mmap_region() now calls fput() on the vma->vm_file.
So we need to drop the extra reference on the coda file instead of the host file.
Signed-off-by: Christian König christian.koenig@amd.com Fixes: 1527f926fd04 ("mm: mmap: fix fput in error path v2") CC: stable@vger.kernel.org # 5.11+ --- fs/coda/file.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/fs/coda/file.c b/fs/coda/file.c index 128d63df5bfb..ef5ca22bfb3e 100644 --- a/fs/coda/file.c +++ b/fs/coda/file.c @@ -175,10 +175,10 @@ coda_file_mmap(struct file *coda_file, struct vm_area_struct *vma) ret = call_mmap(vma->vm_file, vma);
if (ret) { - /* if call_mmap fails, our caller will put coda_file so we - * should drop the reference to the host_file that we got. + /* if call_mmap fails, our caller will put host_file so we + * should drop the reference to the coda_file that we got. */ - fput(host_file); + fput(coda_file); kfree(cvm_ops); } else { /* here we add redirects for the open/close vm_operations */
mmap_region() now calls fput() on the vma->vm_file.
Fix this by using vma_set_file() so it doesn't need to be handled manually here any more.
Signed-off-by: Christian König christian.koenig@amd.com Fixes: 1527f926fd04 ("mm: mmap: fix fput in error path v2") CC: stable@vger.kernel.org # 5.11+ --- fs/overlayfs/file.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-)
diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c index dbfb35fb0ff7..3847cdc069b5 100644 --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -430,20 +430,11 @@ static int ovl_mmap(struct file *file, struct vm_area_struct *vma) if (WARN_ON(file != vma->vm_file)) return -EIO;
- vma->vm_file = get_file(realfile); + vma_set_file(vma, realfile);
old_cred = ovl_override_creds(file_inode(file)->i_sb); ret = call_mmap(vma->vm_file, vma); revert_creds(old_cred); - - if (ret) { - /* Drop reference count from new vm_file value */ - fput(realfile); - } else { - /* Drop reference count from previous vm_file value */ - fput(file); - } - ovl_file_accessed(file);
return ret;
On Wed, Apr 21, 2021 at 03:20:12PM +0200, Christian König wrote:
Reviewed-by: Daniel Vetter daniel.vetter@ffwll.ch
On Wed, Apr 21, 2021 at 03:20:11PM +0200, Christian König wrote:
Reviewed-by: Daniel Vetter daniel.vetter@ffwll.ch
Looks good to me.
I'm also maintaining an out of tree coda module build that people sometimes use, which has workarounds for differences between the various kernel versions.
Do you have a reference to the corresponding mmap_region change? If it is merged already I'll probably be able to find it. Is this mmap_region change expected to be backported to any lts kernels?
Jan
On April 21, 2021 9:20:11 AM EDT, "Christian König" ckoenig.leichtzumerken@gmail.com wrote:
Hi Jan,
Am 22.04.21 um 14:27 schrieb Jan Harkes:
That is the following upstream commit in Linus tree:
commit 1527f926fd04490f648c42f42b45218a04754f87 Author: Christian König christian.koenig@amd.com Date: Fri Oct 9 15:08:55 2020 +0200
mm: mmap: fix fput in error path v2
But I don't think we should backport that.
And sorry for the noise. We had so many places which expected different behavior that I didn't noticed that two occasions in the fs code actually rely on the current behavior.
For your out of tree module you could make the code version independent by setting the vma back to the original file in case of an error. That should work with both behaviors in mmap_region.
Thanks, Christian.
On Thu, Apr 22, 2021 at 02:39:41PM +0200, Christian König wrote:
Awesome, I'll give that a try, it may very well be a cleaner solution either way.
And thank you for following up after your original patch and finding the filesystems that mess around with those mappings. I'm sure it would have taken me a while to figure out why file refcounts would go weird for some people, especially because this only happens in the error path.
Jan
Am 22.04.21 um 15:51 schrieb Jan Harkes:
Kudos goes to Miklos for figured out why the refcount for overlayfs was suddenly wrong.
And please also see the follow up commit:
commit 295992fb815e791d14b18ef7cdbbaf1a76211a31 (able/vma_file) Author: Christian König christian.koenig@amd.com Date: Mon Sep 14 15:09:33 2020 +0200
mm: introduce vma_set_file function v5
It adds a new vma_set_file() function which implements the necessary refcount dance for changing the vma file in a clean manner.
Thanks, Christian.
Jan
dri-devel@lists.freedesktop.org
-
Christian König -
Daniel Vetter -
Jan Harkes