On Tue, Feb 04, 2014 at 03:14:49PM -0800, a...@linux-foundation.org wrote:
> @@ -307,14 +331,15 @@ void truncate_inode_pages_range(struct a
> index = start;
> for ( ; ; ) {
> cond_resched();
> - if (!pagevec_lookup(&pvec, mapping, index,
> - min(end - index, (pgoff_t)PAGEVEC_SIZE))) {
> + if (!__pagevec_lookup(&pvec, mapping, index,
> + min(end - index, (pgoff_t)PAGEVEC_SIZE),
> + indices)) {
> if (index == start)
> break;
> index = start;
> continue;
> }
> - if (index == start && pvec.pages[0]->index >= end) {
> + if (index == start && indices[0] >= end) {
> pagevec_release(&pvec);
> break;
> }
There is a missing pagevec_remove_exceptionals(), which can crash the
kernel when pagevec_release() passes the non-page pointers to the page
allocator.
Andrew, could you please include this incremental fix?
---
From: Johannes Weiner <han...@cmpxchg.org>
Subject: [patch] mm + fs: prepare for non-page entries in page cache radix
trees fix
__pagevec_lookup() stores exceptional entries in the pagevec. They
must be pruned before passing the pagevec along to pagevec_release()
or the kernel crashes when these non-page pointers reach the page
allocator.
Add a missing pagevec_remove_exceptionals() in the truncate path.
Signed-off-by: Johannes Weiner <han...@cmpxchg.org>
---
mm/truncate.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/mm/truncate.c b/mm/truncate.c
index b0f4d4bee8ab..5fafca2ed3d2 100644
--- a/mm/truncate.c
+++ b/mm/truncate.c
@@ -340,6 +340,7 @@ void truncate_inode_pages_range(struct address_space
*mapping,
continue;
}
if (index == start && indices[0] >= end) {
+ pagevec_remove_exceptionals(&pvec);
pagevec_release(&pvec);
break;
}
--
1.9.0
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
