From: Badari Pulavarty Date: Sat, 25 Jun 2005 21:55:42 +0000 (-0700) Subject: [PATCH] fix for generic_file_write iov problem X-Git-Tag: v2.6.13-rc1~68^2~162 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b0cfbd995d091b10841eeb948976f5d1fbf13cdd;p=linux-2.6 [PATCH] fix for generic_file_write iov problem Here is the fix for the problem described in http://bugzilla.kernel.org/show_bug.cgi?id=4721 Basically, problem is generic_file_buffered_write() is accessing beyond end of the iov[] vector after handling the last vector. If we happen to cross page boundary, we get a fault. I think this simple patch is good enough. If we really don't want to depend on the "count", then we need pass nr_segs to filemap_set_next_iovec() and decrement it and check it. Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/mm/filemap.c b/mm/filemap.c index b573607b71..c11418dd94 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -1954,7 +1954,9 @@ generic_file_buffered_write(struct kiocb *iocb, const struct iovec *iov, if (unlikely(nr_segs > 1)) { filemap_set_next_iovec(&cur_iov, &iov_base, status); - buf = cur_iov->iov_base + iov_base; + if (count) + buf = cur_iov->iov_base + + iov_base; } else { iov_base += status; }