[PATCH] fix for generic_file_write iov problem

Here is the fix for the problem described in

	http://bugzilla.kernel.org/show_bug.cgi?id=4721

Basically, problem is generic_file_buffered_write() is accessing beyond end
of the iov[] vector after handling the last vector.  If we happen to cross
page boundary, we get a fault.

I think this simple patch is good enough.  If we really don't want to
depend on the "count", then we need pass nr_segs to
filemap_set_next_iovec() and decrement it and check it.

Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

diff --git a/mm/filemap.c b/mm/filemap.c
index b573607b7112228142e77323f5f461593f7c36bb..c11418dd94e810f4c8d9c4aa7ed2fae6d8aba290 100644 (file)
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -1954,7 +1954,9 @@ generic_file_buffered_write(struct kiocb *iocb, const struct iovec *iov,
                                if (unlikely(nr_segs > 1)) {
                                        filemap_set_next_iovec(&cur_iov,
                                                        &iov_base, status);
-                                       buf = cur_iov->iov_base + iov_base;
+                                       if (count)
+                                               buf = cur_iov->iov_base +
+                                                       iov_base;
                                } else {
                                        iov_base += status;
                                }