This is a note to let you know that I've just added the patch titled ovl: fix reference counting in ovl_mmap error path to the 5.11-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: ovl-fix-reference-counting-in-ovl_mmap-error-path.patch and it can be found in the queue-5.11 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 2896900e22f8212606a1837d89a6bbce314ceeda Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= <christian.koenig@xxxxxxx> Date: Fri, 23 Apr 2021 14:28:54 -0700 Subject: ovl: fix reference counting in ovl_mmap error path MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Christian König <christian.koenig@xxxxxxx> commit 2896900e22f8212606a1837d89a6bbce314ceeda upstream. mmap_region() now calls fput() on the vma->vm_file. Fix this by using vma_set_file() so it doesn't need to be handled manually here any more. Link: https://lkml.kernel.org/r/20210421132012.82354-2-christian.koenig@xxxxxxx Fixes: 1527f926fd04 ("mm: mmap: fix fput in error path v2") Signed-off-by: Christian König <christian.koenig@xxxxxxx> Reviewed-by: Daniel Vetter <daniel.vetter@xxxxxxxx> Cc: Jan Harkes <jaharkes@xxxxxxxxxx> Cc: Miklos Szeredi <miklos@xxxxxxxxxx> Cc: Jason Gunthorpe <jgg@xxxxxxxx> Cc: <stable@xxxxxxxxxxxxxxx> [5.11+] Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/overlayfs/file.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) --- a/fs/overlayfs/file.c +++ b/fs/overlayfs/file.c @@ -430,20 +430,11 @@ static int ovl_mmap(struct file *file, s if (WARN_ON(file != vma->vm_file)) return -EIO; - vma->vm_file = get_file(realfile); + vma_set_file(vma, realfile); old_cred = ovl_override_creds(file_inode(file)->i_sb); ret = call_mmap(vma->vm_file, vma); revert_creds(old_cred); - - if (ret) { - /* Drop reference count from new vm_file value */ - fput(realfile); - } else { - /* Drop reference count from previous vm_file value */ - fput(file); - } - ovl_file_accessed(file); return ret; Patches currently in stable-queue which might be from christian.koenig@xxxxxxx are queue-5.11/ovl-fix-reference-counting-in-ovl_mmap-error-path.patch queue-5.11/coda-fix-reference-counting-in-coda_file_mmap-error-path.patch