Fix the bug 8691 reported in http://bugzilla.kernel.org/show_bug.cgi?id=8691. Also the following bug.
#define _GNU_SOURCE #include <sys/mman.h> #include <unistd.h> #include <stdio.h> int main(int argc, unsigned char* argv[]) { void *ptr,*ptr1; if ((ptr=mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_ANONYMOUS|MAP_SHARED, 0, 4096*4)) == MAP_FAILED) { printf("failed to mmap\n"); return -1; } printf("%s:%d\n",__FILE__,__LINE__); *(unsigned long *)(ptr)= 10; /* bus error */ printf("%s:%d\n",__FILE__,__LINE__); /* can't reach here*/ return 0; } Signed-off-by: Ming Lei <[EMAIL PROTECTED]> --- diff --git a/mm/shmem.c b/mm/shmem.c index 51b3d6c..7e14bce 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -1327,15 +1327,23 @@ failed: return error; } +static struct vfsmount *shm_mnt; + static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf) { struct inode *inode = vma->vm_file->f_path.dentry->d_inode; int error; int ret; - - if (((loff_t)vmf->pgoff << PAGE_CACHE_SHIFT) >= i_size_read(inode)) - return VM_FAULT_SIGBUS; - + loff_t new_size = 0; + + new_size = ((loff_t)vmf->pgoff << PAGE_CACHE_SHIFT); + if (new_size >= i_size_read(inode)) { + if (vma->vm_file->f_path.mnt == shm_mnt) { + inode->i_size = new_size + PAGE_SIZE; + }else{ + return VM_FAULT_SIGBUS; + } + } error = shmem_getpage(inode, vmf->pgoff, &vmf->page, SGP_FAULT, &ret); if (error) return ((error == -ENOMEM) ? VM_FAULT_OOM : VM_FAULT_SIGBUS); @@ -2462,7 +2470,6 @@ static struct file_system_type tmpfs_fs_type = { .get_sb = shmem_get_sb, .kill_sb = kill_litter_super, }; -static struct vfsmount *shm_mnt; static int __init init_tmpfs(void) { -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/