Commit 48b50624aec4 ("backing-file: clean up the API") unintentionally
changed the argument in the ->accessed() callback from the user file to
the backing file.
Fixes: 48b50624aec4 ("backing-file: clean up the API")
Reported-by: syzbot+8d1206605b05ca9a0e6a@xxxxxxxxxxxxxxxxxxxxxxxxx
Closes: https://lore.kernel.org/linux-unionfs/67447b3c.050a0220.1cc393.0085.GAE@xxxxxxxxxx/
Tested-by: syzbot+8d1206605b05ca9a0e6a@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Amir Goldstein <amir73il@xxxxxxxxx>
---
fs/backing-file.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/backing-file.c b/fs/backing-file.c
index 526ddb4d6f76..cbdad8b68474 100644
--- a/fs/backing-file.c
+++ b/fs/backing-file.c
@@ -327,6 +327,7 @@ int backing_file_mmap(struct file *file, struct vm_area_struct *vma,
struct backing_file_ctx *ctx)
{
const struct cred *old_cred;
+ struct file *user_file = vma->vm_file;
int ret;
if (WARN_ON_ONCE(!(file->f_mode & FMODE_BACKING)))
@@ -342,7 +343,7 @@ int backing_file_mmap(struct file *file, struct vm_area_struct *vma,
revert_creds_light(old_cred);
if (ctx->accessed)
- ctx->accessed(vma->vm_file);
+ ctx->accessed(user_file);
return ret;
}
--
2.34.1
