@@ -282,26 +282,30 @@ static int ovl_fsync(struct file *file, loff_t start, loff_t end, int datasync)
static int ovl_mmap(struct file *file, struct vm_area_struct *vma)
{
- struct fd real;
+ struct file *realfile = file->private_data;
const struct cred *old_cred;
int ret;
- ret = ovl_real_fdget(file, &real);
- if (ret)
- return ret;
+ if (!realfile->f_op->mmap)
+ return -ENODEV;
- /* transfer ref: */
- fput(vma->vm_file);
- vma->vm_file = get_file(real.file);
- fdput(real);
+ if (WARN_ON(file != vma->vm_file))
+ return -EIO;
- if (!vma->vm_file->f_op->mmap)
- return -ENODEV;
+ vma->vm_file = get_file(realfile);
old_cred = ovl_override_creds(file_inode(file)->i_sb);
ret = call_mmap(vma->vm_file, vma);
revert_creds(old_cred);
+ if (ret) {
+ /* Drop reference count from new vm_file value */
+ fput(realfile);
+ } else {
+ /* Drop reference count from previous vm_file value */
+ fput(file);
+ }
+
ovl_file_accessed(file);
return ret;