From 101086e88a0f15e897af144f6118a2555dbcb60d Mon Sep 17 00:00:00 2001
From: "J. R. Okajima" <hooanon05g@gmail.com>
Date: Fri, 20 May 2016 15:16:25 +0100
Subject: [PATCH] UBUNTU: SAUCE: AUFS: mm/mmap: fix oopsing on remap_file_pages
 aufs mmap: bugfix, mainly for linux-4.5-rc5, remap_file_pages(2) emulation

BugLink: http://bugs.launchpad.net/bugs/1558120

This is essentially same to the past commit for aufs3.9
  f84155f 2014-06-11 aufs mmap: bugfix remap_file_pages(2)

But the remap_file_pages(2) changed drastically in linux-4.0 by
  c8d78c1 2015-02-10 mm: replace remap_file_pages() syscall with emulation
and then a bugfix was commited in linux-4.5-rc5.
  48f7df3 2016-02-18 mm: fix regression in remap_file_pages() emulation

After the bugfix in 4.5-rc5, Colin Ian King found and reported this aufs
bug.

See-also: https://github.com/sfjro/aufs4-linux/pull/1
Signed-off-by: J. R. Okajima <hooanon05g@gmail.com>
(cherry picked from https://github.com/sfjro/aufs4-linux.git commit 1ecc0837923753cb234f8c3deffec3400cf78731)
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
 mm/mmap.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/mm/mmap.c b/mm/mmap.c
index 550cd934497f..ddaa3a0d3067 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -2644,6 +2644,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
 	struct vm_area_struct *vma;
 	unsigned long populate = 0;
 	unsigned long ret = -EINVAL;
+	struct file *file, *prfile;
 
 	pr_warn_once("%s (%d) uses deprecated remap_file_pages() syscall. "
 			"See Documentation/vm/remap_file_pages.txt.\n",
@@ -2712,9 +2713,26 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
 	}
 
 	vma_get_file(vma);
+	file = vma->vm_file;
+	prfile = vma->vm_prfile;
 	ret = do_mmap_pgoff(vma->vm_file, start, size,
 			prot, flags, pgoff, &populate);
-	vma_fput(vma);
+	if (!IS_ERR_VALUE(ret) && file && prfile) {
+		struct vm_area_struct *new_vma;
+
+		new_vma = find_vma(mm, ret);
+		if (!new_vma->vm_prfile)
+			new_vma->vm_prfile = prfile;
+		if (new_vma != vma)
+			get_file(prfile);
+	}
+	/*
+	 * two fput()s instead of vma_fput(vma),
+	 * coz vma may not be available anymore.
+	 */
+	fput(file);
+	if (prfile)
+		fput(prfile);
 out:
 	up_write(&mm->mmap_sem);
 	if (populate)
-- 
2.39.2