UBUNTU: SAUCE: AUFS: mm/mmap: fix oopsing on remap_file_pages aufs mmap: bugfix,...

BugLink: http://bugs.launchpad.net/bugs/1558120
This is essentially same to the past commit for aufs3.9
  f84155f 2014-06-11 aufs mmap: bugfix remap_file_pages(2)

But the remap_file_pages(2) changed drastically in linux-4.0 by
  c8d78c1 2015-02-10 mm: replace remap_file_pages() syscall with emulation
and then a bugfix was commited in linux-4.5-rc5.
  48f7df3 2016-02-18 mm: fix regression in remap_file_pages() emulation

After the bugfix in 4.5-rc5, Colin Ian King found and reported this aufs
bug.

See-also: https://github.com/sfjro/aufs4-linux/pull/1
Signed-off-by: J. R. Okajima <hooanon05g@gmail.com>
(cherry picked from https://github.com/sfjro/aufs4-linux.git commit 1ecc0837923753cb234f8c3deffec3400cf78731)
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>

diff --git a/mm/mmap.c b/mm/mmap.c
index 550cd934497fd01bad15cba7a454c4664135cb40..ddaa3a0d30679c094ee31e85a5a32becb309baf0 100644 (file)
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -2644,6 +2644,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
        struct vm_area_struct *vma;
        unsigned long populate = 0;
        unsigned long ret = -EINVAL;
+       struct file *file, *prfile;
 
        pr_warn_once("%s (%d) uses deprecated remap_file_pages() syscall. "
                        "See Documentation/vm/remap_file_pages.txt.\n",
@@ -2712,9 +2713,26 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
        }
 
        vma_get_file(vma);
+       file = vma->vm_file;
+       prfile = vma->vm_prfile;
        ret = do_mmap_pgoff(vma->vm_file, start, size,
                        prot, flags, pgoff, &populate);
-       vma_fput(vma);
+       if (!IS_ERR_VALUE(ret) && file && prfile) {
+               struct vm_area_struct *new_vma;
+
+               new_vma = find_vma(mm, ret);
+               if (!new_vma->vm_prfile)
+                       new_vma->vm_prfile = prfile;
+               if (new_vma != vma)
+                       get_file(prfile);
+       }
+       /*
+        * two fput()s instead of vma_fput(vma),
+        * coz vma may not be available anymore.
+        */
+       fput(file);
+       if (prfile)
+               fput(prfile);
 out:
        up_write(&mm->mmap_sem);
        if (populate)