aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBadari Pulavarty <pbadari@us.ibm.com>2005-06-25 17:55:42 -0400
committerLinus Torvalds <torvalds@ppc970.osdl.org>2005-06-25 19:24:39 -0400
commitb0cfbd995d091b10841eeb948976f5d1fbf13cdd (patch)
treea693416656084c99581c8ef6d2ca830b0cfe13a9
parent8ae0b77811d97552b3b3c745e97de18849583bf7 (diff)
[PATCH] fix for generic_file_write iov problem
Here is the fix for the problem described in http://bugzilla.kernel.org/show_bug.cgi?id=4721 Basically, problem is generic_file_buffered_write() is accessing beyond end of the iov[] vector after handling the last vector. If we happen to cross page boundary, we get a fault. I think this simple patch is good enough. If we really don't want to depend on the "count", then we need pass nr_segs to filemap_set_next_iovec() and decrement it and check it. Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--mm/filemap.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/mm/filemap.c b/mm/filemap.c
index b573607b7112..c11418dd94e8 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -1954,7 +1954,9 @@ generic_file_buffered_write(struct kiocb *iocb, const struct iovec *iov,
1954 if (unlikely(nr_segs > 1)) { 1954 if (unlikely(nr_segs > 1)) {
1955 filemap_set_next_iovec(&cur_iov, 1955 filemap_set_next_iovec(&cur_iov,
1956 &iov_base, status); 1956 &iov_base, status);
1957 buf = cur_iov->iov_base + iov_base; 1957 if (count)
1958 buf = cur_iov->iov_base +
1959 iov_base;
1958 } else { 1960 } else {
1959 iov_base += status; 1961 iov_base += status;
1960 } 1962 }