[PATCH] fix for generic_file_write iov problem

Hi Andrew,

Here is the fix for the problem described in 

	http://bugzilla.kernel.org/show_bug.cgi?id=4721


Basically, problem is generic_file_buffered_write() is accessing
beyond end of the iov[] vector after handling the last vector.
If we happen to cross page boundary, we get a fault.

I think this simple patch is good enough. If we really don't
want to depend on the "count", then we need pass nr_segs to 
filemap_set_next_iovec() and decrement it and check it.

What do you think ?

Thanks,
Badari

--- linux-2.6.12-rc6.org/mm/filemap.c	2005-06-17 15:10:05.000000000 -0700
+++ linux-2.6.12-rc6/mm/filemap.c	2005-06-17 15:10:29.000000000 -0700
@@ -2023,7 +2023,8 @@ generic_file_buffered_write(struct kiocb
 				if (unlikely(nr_segs > 1)) {
 					filemap_set_next_iovec(&cur_iov,
 							&iov_base, status);
-					buf = cur_iov->iov_base + iov_base;
+					if (count)
+						buf = cur_iov->iov_base + iov_base;
 				}
 			}
 		}

Prev by Date: Re: forcedeth as a module only?
Next by Date: [PATCH] Hidden SMBus bridge on Toshiba Tecra M2
Previous by thread: kernel bugzilla
Next by thread: [PATCH] Hidden SMBus bridge on Toshiba Tecra M2
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]