Re: + mm-fs-prepare-for-non-page-entries-in-page-cache-radix-trees.patch added to -mm tree

From: Johannes Weiner
Date: Tue Mar 04 2014 - 16:57:58 EST

Next message: Sebastian Reichel: "Re: [PATCHv1 1/2] rx51_battery: convert to iio consumer"
Previous message: Andy Lutomirski: "Re: [PATCH v4 5/6] timerfd: Add support for deferrable timers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 04, 2014 at 03:14:49PM -0800, akpm@xxxxxxxxxxxxxxxxxxxx wrote:
> @@ -307,14 +331,15 @@ void truncate_inode_pages_range(struct a
> index = start;
> for ( ; ; ) {
> cond_resched();
> - if (!pagevec_lookup(&pvec, mapping, index,
> - min(end - index, (pgoff_t)PAGEVEC_SIZE))) {
> + if (!__pagevec_lookup(&pvec, mapping, index,
> + min(end - index, (pgoff_t)PAGEVEC_SIZE),
> + indices)) {
> if (index == start)
> break;
> index = start;
> continue;
> }
> - if (index == start && pvec.pages[0]->index >= end) {
> + if (index == start && indices[0] >= end) {
> pagevec_release(&pvec);
> break;
> }

There is a missing pagevec_remove_exceptionals(), which can crash the
kernel when pagevec_release() passes the non-page pointers to the page
allocator.

Andrew, could you please include this incremental fix?

---
From: Johannes Weiner <hannes@xxxxxxxxxxx>
Subject: [patch] mm + fs: prepare for non-page entries in page cache radix
trees fix

__pagevec_lookup() stores exceptional entries in the pagevec. They
must be pruned before passing the pagevec along to pagevec_release()
or the kernel crashes when these non-page pointers reach the page
allocator.

Add a missing pagevec_remove_exceptionals() in the truncate path.

Signed-off-by: Johannes Weiner <hannes@xxxxxxxxxxx>
---
mm/truncate.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/mm/truncate.c b/mm/truncate.c
index b0f4d4bee8ab..5fafca2ed3d2 100644
--- a/mm/truncate.c
+++ b/mm/truncate.c
@@ -340,6 +340,7 @@ void truncate_inode_pages_range(struct address_space *mapping,
continue;
}
if (index == start && indices[0] >= end) {
+ pagevec_remove_exceptionals(&pvec);
pagevec_release(&pvec);
break;
}
--
1.9.0

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sebastian Reichel: "Re: [PATCHv1 1/2] rx51_battery: convert to iio consumer"
Previous message: Andy Lutomirski: "Re: [PATCH v4 5/6] timerfd: Add support for deferrable timers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]