On Tue, Feb 04, 2014 at 03:14:49PM -0800, akpm@xxxxxxxxxxxxxxxxxxxx wrote:
> @@ -307,14 +331,15 @@ void truncate_inode_pages_range(struct a
> index = start;
> for ( ; ; ) {
> cond_resched();
> - if (!pagevec_lookup(&pvec, mapping, index,
> - min(end - index, (pgoff_t)PAGEVEC_SIZE))) {
> + if (!__pagevec_lookup(&pvec, mapping, index,
> + min(end - index, (pgoff_t)PAGEVEC_SIZE),
> + indices)) {
> if (index == start)
> break;
> index = start;
> continue;
> }
> - if (index == start && pvec.pages[0]->index >= end) {
> + if (index == start && indices[0] >= end) {
> pagevec_release(&pvec);
> break;
> }
There is a missing pagevec_remove_exceptionals(), which can crash the
kernel when pagevec_release() passes the non-page pointers to the page
allocator.
Andrew, could you please include this incremental fix?
---
From: Johannes Weiner <hannes@xxxxxxxxxxx>
Subject: [patch] mm + fs: prepare for non-page entries in page cache radix
trees fix
__pagevec_lookup() stores exceptional entries in the pagevec. They
must be pruned before passing the pagevec along to pagevec_release()
or the kernel crashes when these non-page pointers reach the page
allocator.
Add a missing pagevec_remove_exceptionals() in the truncate path.
Signed-off-by: Johannes Weiner <hannes@xxxxxxxxxxx>
---
mm/truncate.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/mm/truncate.c b/mm/truncate.c
index b0f4d4bee8ab..5fafca2ed3d2 100644
--- a/mm/truncate.c
+++ b/mm/truncate.c
@@ -340,6 +340,7 @@ void truncate_inode_pages_range(struct address_space *mapping,
continue;
}
if (index == start && indices[0] >= end) {
+ pagevec_remove_exceptionals(&pvec);
pagevec_release(&pvec);
break;
}
--
1.9.0
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>