Hi Greg,
> Nope, this broke the build, sorry. If you want it in 4.4-stable, please
> provide a backported patch.
The issue is the missing page_ref_count function which used to be
atomic_read(&page->_count).
I am not fully sure how to properly provide a patch for old kernels. Below
is a manually created patch that compiles and has the same logic. Please
let me know if that patch is not suitable.
Note, this patch is only for 4.4 and earlier.
Thanks
---8<---
For asynchronous operation, SGs are allocated without a page mapped to
them or with a page that is not used (ref-counted). If the SGL is freed,
the code must only call put_page for an SG if there was a page assigned
and ref-counted in the first place.
This fixes a kernel crash when using io_submit with more than one iocb
using the sendmsg and sendpage (vmsplice/splice) interface.
Signed-off-by: Stephan Mueller <smueller@xxxxxxxxxx>
---
--- linux-4.4.86.old/crypto/algif_skcipher.c 2017-09-04 22:44:09.682778994 +0200
+++ linux-4.4.86/crypto/algif_skcipher.c 2017-09-04 23:01:22.761253808 +0200
@@ -86,8 +86,13 @@ static void skcipher_free_async_sgls(str
}
sgl = sreq->tsg;
n = sg_nents(sgl);
- for_each_sg(sgl, sg, n, i)
- put_page(sg_page(sg));
+ for_each_sg(sgl, sg, n, i) {
+ struct page *page = sg_page(sg);
+
+ /* some SGs may not have a page mapped */
+ if (page && atomic_read(&page->_count))
+ put_page(page);
+ }
kfree(sreq->tsg);
}