| From stable-bounces@linux.kernel.org Fri Jul 20 06:22:09 2007 |
| From: Jens Axboe <jens.axboe@oracle.com> |
| Date: Fri, 20 Jul 2007 15:21:36 +0200 |
| Subject: splice: fix double page unlock |
| To: stable@kernel.org |
| Message-ID: <20070720132136.GD11657@kernel.dk> |
| Content-Disposition: inline |
| |
| From: Jens Axboe <jens.axboe@oracle.com> |
| |
| If add_to_page_cache_lru() fails, the page will not be locked. But |
| splice jumps to an error path that does a page release and unlock, |
| causing a BUG() in unlock_page(). |
| |
| Fix this by adding one more label that just releases the page. This bug |
| was actually triggered on EL5 by gurudas pai <gurudas.pai@oracle.com> |
| using fio. |
| |
| Signed-off-by: Jens Axboe <jens.axboe@oracle.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| fs/splice.c | 5 +++-- |
| 1 file changed, 3 insertions(+), 2 deletions(-) |
| |
| --- a/fs/splice.c |
| +++ b/fs/splice.c |
| @@ -601,7 +601,7 @@ find_page: |
| ret = add_to_page_cache_lru(page, mapping, index, |
| GFP_KERNEL); |
| if (unlikely(ret)) |
| - goto out; |
| + goto out_release; |
| } |
| |
| ret = mapping->a_ops->prepare_write(file, page, offset, offset+this_len); |
| @@ -657,8 +657,9 @@ find_page: |
| */ |
| mark_page_accessed(page); |
| out: |
| - page_cache_release(page); |
| unlock_page(page); |
| +out_release: |
| + page_cache_release(page); |
| out_ret: |
| return ret; |
| } |