From: Pekka Enberg This fixes a bug that was introduced when we switched to rescanning all the vmas of a mm. We need to check that the vma host file points to the same inode we are revoking; otherwise we end up revoking all shared mappings. Signed-off-by: Pekka Enberg Signed-off-by: Andrew Morton --- fs/revoke.c | 17 +++++++++++++---- 1 files changed, 13 insertions(+), 4 deletions(-) diff -puN fs/revoke.c~revoke-core-code-fix-shared-mapping-revoke-revoke-only-revoke-mappings-for-the-given-inode fs/revoke.c --- a/fs/revoke.c~revoke-core-code-fix-shared-mapping-revoke-revoke-only-revoke-mappings-for-the-given-inode +++ a/fs/revoke.c @@ -161,15 +161,24 @@ static int revoke_fds(struct task_struct } static inline bool need_revoke(struct vm_area_struct *vma, + struct inode *inode, struct file *to_exclude) { + struct file *file = vma->vm_file; + if (vma->vm_flags & VM_REVOKED) return false; + if (!file) + return false; + + if (file->f_path.dentry->d_inode != inode) + return false; + if (!(vma->vm_flags & VM_SHARED)) return false; - return vma->vm_file != to_exclude; + return file != to_exclude; } /* @@ -227,7 +236,7 @@ static int revoke_mm(struct mm_struct *m goto out; } for (vma = mm->mmap; vma != NULL; vma = vma->vm_next) { - if (!need_revoke(vma, to_exclude)) + if (!need_revoke(vma, mapping->host, to_exclude)) continue; err = revoke_vma(vma, &details); @@ -253,7 +262,7 @@ static void revoke_mapping_tree(struct a vma_prio_tree_foreach(vma, &iter, &mapping->i_mmap, 0, ULONG_MAX) { int err; - if (likely(!need_revoke(vma, to_exclude))) + if (likely(!need_revoke(vma, mapping->host, to_exclude))) continue; err = revoke_mm(vma->vm_mm, mapping, to_exclude); @@ -283,7 +292,7 @@ static void revoke_mapping_list(struct a list_for_each_entry(vma, &mapping->i_mmap_nonlinear, shared.vm_set.list) { int err; - if (likely(!need_revoke(vma, to_exclude))) + if (likely(!need_revoke(vma, mapping->host, to_exclude))) continue; err = revoke_mm(vma->vm_mm, mapping, to_exclude); _