[PATCH] fix for generic_file_write iov problem

From: Badari Pulavarty
Date: Fri Jun 17 2005 - 17:34:20 EST

Next message: Daniele Gaffuri: "[PATCH] Hidden SMBus bridge on Toshiba Tecra M2"
Previous message: Christian Kujau: "Re: forcedeth as a module only?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Andrew,

Here is the fix for the problem described in

http://bugzilla.kernel.org/show_bug.cgi?id=4721

Basically, problem is generic_file_buffered_write() is accessing
beyond end of the iov[] vector after handling the last vector.
If we happen to cross page boundary, we get a fault.

I think this simple patch is good enough. If we really don't
want to depend on the "count", then we need pass nr_segs to
filemap_set_next_iovec() and decrement it and check it.

What do you think ?

Thanks,
Badari

--- linux-2.6.12-rc6.org/mm/filemap.c 2005-06-17 15:10:05.000000000 -0700
+++ linux-2.6.12-rc6/mm/filemap.c 2005-06-17 15:10:29.000000000 -0700
@@ -2023,7 +2023,8 @@ generic_file_buffered_write(struct kiocb
if (unlikely(nr_segs > 1)) {
filemap_set_next_iovec(&cur_iov,
&iov_base, status);
- buf = cur_iov->iov_base + iov_base;
+ if (count)
+ buf = cur_iov->iov_base + iov_base;
}
}
}

Next message: Daniele Gaffuri: "[PATCH] Hidden SMBus bridge on Toshiba Tecra M2"
Previous message: Christian Kujau: "Re: forcedeth as a module only?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]