[PATCH][SRU][WILY][XENIAL][YAKKETY][V2] UBUNTU: SAUCE: mm/mmap: fix oopsing on remap_file_pages aufs mmap: bugfix, mainly for linux-4.5-rc5, remap_file_pages(2) emulation

Colin King colin.king at canonical.com
Fri May 20 14:16:25 UTC 2016 

From: "J. R. Okajima" <hooanon05g at gmail.com>

BugLink: http://bugs.launchpad.net/bugs/1558120

This is essentially same to the past commit for aufs3.9
  f84155f 2014-06-11 aufs mmap: bugfix remap_file_pages(2)

But the remap_file_pages(2) changed drastically in linux-4.0 by
  c8d78c1 2015-02-10 mm: replace remap_file_pages() syscall with emulation
and then a bugfix was commited in linux-4.5-rc5.
  48f7df3 2016-02-18 mm: fix regression in remap_file_pages() emulation

After the bugfix in 4.5-rc5, Colin Ian King found and reported this aufs
bug.

See-also: https://github.com/sfjro/aufs4-linux/pull/1
Signed-off-by: J. R. Okajima <hooanon05g at gmail.com>
(cherry picked from commit ea98b4d56b605fc4fc35a9f05c597e36308197b0)
Signed-off-by: Colin Ian King <colin.king at canonical.com>
---
 mm/mmap.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/mm/mmap.c b/mm/mmap.c
index f8854ad..f8c73f6 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -2630,6 +2630,7 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
 	struct vm_area_struct *vma;
 	unsigned long populate = 0;
 	unsigned long ret = -EINVAL;
+	struct file *file, *prfile;
 
 	pr_warn_once("%s (%d) uses deprecated remap_file_pages() syscall. "
 			"See Documentation/vm/remap_file_pages.txt.\n",
@@ -2698,9 +2699,26 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
 	}
 
 	vma_get_file(vma);
+	file = vma->vm_file;
+	prfile = vma->vm_prfile;
 	ret = do_mmap_pgoff(vma->vm_file, start, size,
 			prot, flags, pgoff, &populate);
-	vma_fput(vma);
+	if (!IS_ERR_VALUE(ret) && file && prfile) {
+		struct vm_area_struct *new_vma;
+
+		new_vma = find_vma(mm, ret);
+		if (!new_vma->vm_prfile)
+			new_vma->vm_prfile = prfile;
+		if (new_vma != vma)
+			get_file(prfile);
+	}
+	/*
+	 * two fput()s instead of vma_fput(vma),
+	 * coz vma may not be available anymore.
+	 */
+	fput(file);
+	if (prfile)
+		fput(prfile);
 out:
 	up_write(&mm->mmap_sem);
 	if (populate)
-- 
2.8.1

More information about the kernel-team mailing list