1 files changed, 19 insertions, 10 deletions
diff --git a/mm/madvise.c b/mm/madvise.c
index 1ccbba5b6674..14d260fa0d17 100644
--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -11,8 +11,11 @@
 #include <linux/mempolicy.h>
 #include <linux/page-isolation.h>
 #include <linux/hugetlb.h>
+#include <linux/falloc.h>
 #include <linux/sched.h>
 #include <linux/ksm.h>
+#include <linux/fs.h>
+#include <linux/file.h>
 /*
 * Any behaviour which results in changes to the vma->vm_flags needs to
@@ -200,33 +203,39 @@ static long madvise_remove(struct vm_area_struct *vma,
                                struct vm_area_struct **prev,
                                unsigned long start, unsigned long end)
 {
-        struct address_space *mapping;
+        loff_t offset;
-        loff_t offset, endoff;
        int error;
+        struct file *f;
        *prev = NULL;   /* tell sys_madvise we drop mmap_sem */
        if (vma->vm_flags & (VM_LOCKED|VM_NONLINEAR|VM_HUGETLB))
                return -EINVAL;
-        if (!vma->vm_file || !vma->vm_file->f_mapping
+        f = vma->vm_file;
-                || !vma->vm_file->f_mapping->host) {
+        if (!f || !f->f_mapping || !f->f_mapping->host) {
                        return -EINVAL;
        }
        if ((vma->vm_flags & (VM_SHARED|VM_WRITE)) != (VM_SHARED|VM_WRITE))
                return -EACCES;
-        mapping = vma->vm_file->f_mapping;
        offset = (loff_t)(start - vma->vm_start)
                        + ((loff_t)vma->vm_pgoff << PAGE_SHIFT);
-        endoff = (loff_t)(end - vma->vm_start - 1)
-                        + ((loff_t)vma->vm_pgoff << PAGE_SHIFT);
-        /* vmtruncate_range needs to take i_mutex */
+        /*
+         * Filesystem's fallocate may need to take i_mutex.  We need to
+         * explicitly grab a reference because the vma (and hence the
+         * vma's reference to the file) can go away as soon as we drop
+         * mmap_sem.
+         */
+        get_file(f);
        up_read(&current->mm->mmap_sem);
-        error = vmtruncate_range(mapping->host, offset, endoff);
+        error = do_fallocate(f,
+                                FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
+                                offset, end - start);
+        fput(f);
        down_read(&current->mm->mmap_sem);
        return error;
 }

diff --git a/mm/madvise.c b/mm/madvise.c index 1ccbba5b6674..14d260fa0d17 100644 --- a/mm/madvise.c +++ b/mm/madvise.c
@@ -11,8 +11,11 @@
11	#include <linux/mempolicy.h>	11	#include <linux/mempolicy.h>
12	#include <linux/page-isolation.h>	12	#include <linux/page-isolation.h>
13	#include <linux/hugetlb.h>	13	#include <linux/hugetlb.h>
		14	#include <linux/falloc.h>
14	#include <linux/sched.h>	15	#include <linux/sched.h>
15	#include <linux/ksm.h>	16	#include <linux/ksm.h>
		17	#include <linux/fs.h>
		18	#include <linux/file.h>
16		19
17	/*	20	/*
18	* Any behaviour which results in changes to the vma->vm_flags needs to	21	* Any behaviour which results in changes to the vma->vm_flags needs to
@@ -200,33 +203,39 @@ static long madvise_remove(struct vm_area_struct *vma,
200	struct vm_area_struct **prev,	203	struct vm_area_struct **prev,
201	unsigned long start, unsigned long end)	204	unsigned long start, unsigned long end)
202	{	205	{
203	struct address_space *mapping;	206	loff_t offset;
204	loff_t offset, endoff;
205	int error;	207	int error;
		208	struct file *f;
206		209
207	prev = NULL; / tell sys_madvise we drop mmap_sem */	210	prev = NULL; / tell sys_madvise we drop mmap_sem */
208		211
209	if (vma->vm_flags & (VM_LOCKED\|VM_NONLINEAR\|VM_HUGETLB))	212	if (vma->vm_flags & (VM_LOCKED\|VM_NONLINEAR\|VM_HUGETLB))
210	return -EINVAL;	213	return -EINVAL;
211		214
212	if (!vma->vm_file \|\| !vma->vm_file->f_mapping	215	f = vma->vm_file;
213	\|\| !vma->vm_file->f_mapping->host) {	216
		217	if (!f \|\| !f->f_mapping \|\| !f->f_mapping->host) {
214	return -EINVAL;	218	return -EINVAL;
215	}	219	}
216		220
217	if ((vma->vm_flags & (VM_SHARED\|VM_WRITE)) != (VM_SHARED\|VM_WRITE))	221	if ((vma->vm_flags & (VM_SHARED\|VM_WRITE)) != (VM_SHARED\|VM_WRITE))
218	return -EACCES;	222	return -EACCES;
219		223
220	mapping = vma->vm_file->f_mapping;
221
222	offset = (loff_t)(start - vma->vm_start)	224	offset = (loff_t)(start - vma->vm_start)
223	+ ((loff_t)vma->vm_pgoff << PAGE_SHIFT);	225	+ ((loff_t)vma->vm_pgoff << PAGE_SHIFT);
224	endoff = (loff_t)(end - vma->vm_start - 1)
225	+ ((loff_t)vma->vm_pgoff << PAGE_SHIFT);
226		226
227	/* vmtruncate_range needs to take i_mutex */	227	/*
		228	* Filesystem's fallocate may need to take i_mutex. We need to
		229	* explicitly grab a reference because the vma (and hence the
		230	* vma's reference to the file) can go away as soon as we drop
		231	* mmap_sem.
		232	*/
		233	get_file(f);
228	up_read(&current->mm->mmap_sem);	234	up_read(&current->mm->mmap_sem);
229	error = vmtruncate_range(mapping->host, offset, endoff);	235	error = do_fallocate(f,
		236	FALLOC_FL_PUNCH_HOLE \| FALLOC_FL_KEEP_SIZE,
		237	offset, end - start);
		238	fput(f);
230	down_read(&current->mm->mmap_sem);	239	down_read(&current->mm->mmap_sem);
231	return error;	240	return error;
232	}	241	}