diff options
| author | Badari Pulavarty | 2005-06-25 23:55:42 +0200 |
|---|---|---|
| committer | Linus Torvalds | 2005-06-26 01:24:39 +0200 |
| commit | b0cfbd995d091b10841eeb948976f5d1fbf13cdd (patch) | |
| tree | a693416656084c99581c8ef6d2ca830b0cfe13a9 /mm/filemap.c | |
| parent | [PATCH] fix fsync(dir) return value for ram-based filesystems (diff) | |
| download | kernel-qcow2-linux-b0cfbd995d091b10841eeb948976f5d1fbf13cdd.tar.gz kernel-qcow2-linux-b0cfbd995d091b10841eeb948976f5d1fbf13cdd.tar.xz kernel-qcow2-linux-b0cfbd995d091b10841eeb948976f5d1fbf13cdd.zip | |
[PATCH] fix for generic_file_write iov problem
Here is the fix for the problem described in
http://bugzilla.kernel.org/show_bug.cgi?id=4721
Basically, problem is generic_file_buffered_write() is accessing beyond end
of the iov[] vector after handling the last vector. If we happen to cross
page boundary, we get a fault.
I think this simple patch is good enough. If we really don't want to
depend on the "count", then we need pass nr_segs to
filemap_set_next_iovec() and decrement it and check it.
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'mm/filemap.c')
| -rw-r--r-- | mm/filemap.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/mm/filemap.c b/mm/filemap.c index b573607b7112..c11418dd94e8 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -1954,7 +1954,9 @@ generic_file_buffered_write(struct kiocb *iocb, const struct iovec *iov, if (unlikely(nr_segs > 1)) { filemap_set_next_iovec(&cur_iov, &iov_base, status); - buf = cur_iov->iov_base + iov_base; + if (count) + buf = cur_iov->iov_base + + iov_base; } else { iov_base += status; } |