On Sun, 08 Apr 2018, Eric Biggers wrote:
@@ -480,6 +487,7 @@ static int shm_release(struct inode *ino, struct file *file) struct shm_file_data *sfd = shm_file_data(file); put_ipc_ns(sfd->ns); + fput(sfd->file); shm_file_data(file) = NULL; kfree(sfd); return 0; @@ -1432,7 +1440,7 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, file->f_mapping = shp->shm_file->f_mapping; sfd->id = shp->shm_perm.id; sfd->ns = get_ipc_ns(ns); - sfd->file = shp->shm_file; + sfd->file = get_file(shp->shm_file); sfd->vm_ops = NULL;
This probably merits a comment as it is adhoc to remap_file_pages(), but otherwise: Acked-by: Davidlohr Bueso <dbueso@xxxxxxx>
