Hello!
Today looking for a way to do atomic page-unmap + removing page from
page cache, I found 32 bit integer overflow in invalidate_inode_pages2_range.
Attached program demonstrates the problem (on x86 with 2.6.14
I quickly get SOFT Lockup trace and after a few seconds entire
userspace locks up (not sure why)).
Seems that all 2.6 kernels are having same problem, 2.6.5 has similar
(though not identical) code.
Please consider this patch below:
--- linux-2.6.14/mm/truncate.c.orig 2005-11-23 16:34:21.000000000 +0200
+++ linux-2.6.14/mm/truncate.c 2005-11-23 16:37:18.000000000 +0200
@@ -291,8 +291,8 @@
* Zap the rest of the file in one hit.
*/
unmap_mapping_range(mapping,
- page_index << PAGE_CACHE_SHIFT,
- (end - page_index + 1)
+ (loff_t)page_index<<PAGE_CACHE_SHIFT,
+ (loff_t)(end - page_index + 1)
<< PAGE_CACHE_SHIFT,
0);
did_range_unmap = 1;
@@ -301,8 +301,8 @@
* Just zap this page
*/
unmap_mapping_range(mapping,
- page_index << PAGE_CACHE_SHIFT,
- PAGE_CACHE_SIZE, 0);
+ (loff_t)page_index<<PAGE_CACHE_SHIFT,
+ PAGE_CACHE_SIZE, 0);
}
}
was_dirty = test_clear_page_dirty(page);
Bye,
Oleg