From 780a49826343fe788f310366710dc44f2137719d Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 20 Apr 2012 21:49:41 -0400
Subject: [PATCH] --- yaml --- r: 299452 b: refs/heads/master c:
 936af1576e4c24b466380fc2b8d93352161d13b0 h: refs/heads/master v: v3

---
 [refs]         |  2 +-
 trunk/fs/aio.c | 15 ++++++++++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/[refs] b/[refs]
index da72336a7ce3..8d438f4829e4 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 6be5ceb02e98eaf6cfc4f8b12a896d04023f340d
+refs/heads/master: 936af1576e4c24b466380fc2b8d93352161d13b0
diff --git a/trunk/fs/aio.c b/trunk/fs/aio.c
index 99bd790e8cd2..976e33d97413 100644
--- a/trunk/fs/aio.c
+++ b/trunk/fs/aio.c
@@ -92,8 +92,10 @@ static void aio_free_ring(struct kioctx *ctx)
 	for (i=0; i<info->nr_pages; i++)
 		put_page(info->ring_pages[i]);
 
-	if (info->mmap_size)
+	if (info->mmap_size) {
+		BUG_ON(ctx->mm != current->mm);
 		vm_munmap(ctx->mm, info->mmap_base, info->mmap_size);
+	}
 
 	if (info->ring_pages && info->ring_pages != info->internal_pages)
 		kfree(info->ring_pages);
@@ -386,6 +388,17 @@ void exit_aio(struct mm_struct *mm)
 				"exit_aio:ioctx still alive: %d %d %d\n",
 				atomic_read(&ctx->users), ctx->dead,
 				ctx->reqs_active);
+		/*
+		 * We don't need to bother with munmap() here -
+		 * exit_mmap(mm) is coming and it'll unmap everything.
+		 * Since aio_free_ring() uses non-zero ->mmap_size
+		 * as indicator that it needs to unmap the area,
+		 * just set it to 0; aio_free_ring() is the only
+		 * place that uses ->mmap_size, so it's safe.
+		 * That way we get all munmap done to current->mm -
+		 * all other callers have ctx->mm == current->mm.
+		 */
+		ctx->ring_info.mmap_size = 0;
 		put_ioctx(ctx);
 	}
 }