Gitweb:     
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6866bef40d06f7c2baac3a855b1917a8ca75456c
Commit:     6866bef40d06f7c2baac3a855b1917a8ca75456c
Parent:     23c76983e23628c7762137a00651e3e371aa97d3
Author:     Jens Axboe <[EMAIL PROTECTED]>
AuthorDate: Tue Oct 16 10:01:29 2007 +0200
Committer:  Jens Axboe <[EMAIL PROTECTED]>
CommitDate: Tue Oct 16 10:01:29 2007 +0200

    splice: fix double kunmap() in vmsplice copy path
    
    The out label should not include the unmap, the only way to jump
    there already has unmapped the source.
    
    00002000
           f7c21a00 00000000 00000000 c0489036 00018e32 00000002 00000000
    00001000
    Call Trace:
     [<c0487dd9>] pipe_to_user+0xca/0xd3
     [<c0488233>] __splice_from_pipe+0x53/0x1bd
     [<c0454947>] ------------[ cut here ]------------
    filemap_fault+0x221/0x380
     [<c0487d0f>] pipe_to_user+0x0/0xd3
     [<c0489036>] sys_vmsplice+0x3b7/0x422
     [<c045ec3f>] kernel BUG at mm/highmem.c:206!
    handle_mm_fault+0x4d5/0x8eb
     [<c041ed5b>] kmap_atomic+0x1c/0x20
     [<c045d33d>] unmap_vmas+0x3d1/0x584
     [<c045f717>] free_pgtables+0x90/0xa0
     [<c041d84b>] pgd_dtor+0x0/0x1
     [<c044d665>] audit_syscall_exit+0x2aa/0x2c6
     [<c0407817>] do_syscall_trace+0x124/0x169
     [<c0404df2>] syscall_call+0x7/0xb
     =======================
    Code: 2d 00 d0 5b 00 25 00 00 e0 ff 29 invalid opcode: 0000 [#1]
    c2 89 d0 c1 e8 0c 8b 14 85 a0 6c 7c c0 4a 85 d2 89 14 85 a0 6c 7c c0 74 07
    31 c9 4a 75 15 eb 04 <0f> 0b eb fe 31 c9 81 3d 78 38 6d c0 78 38 6d c0 0f
    95 c1 b0 01
    EIP: [<c045bbc3>] kunmap_high+0x51/0x8e SS:ESP 0068:f5960df0
    SMP
    Modules linked in: netconsole autofs4 hidp nfs lockd nfs_acl rfcomm l2cap
    bluetooth sunrpc ipv6 ib_iser rdma_cm ib_cm iw_cmib_sa ib_mad ib_core
    ib_addr iscsi_tcp libiscsi scsi_transport_iscsi dm_mirror dm_multipath
    dm_mod video output sbs batteryac parport_pc lp parport sg i2c_piix4
    i2c_core floppy cfi_probe gen_probe scb2_flash mtd chipreg tg3 e1000 button
    ide_cd serio_raw cdrom aic7xxx scsi_transport_spi sd_mod scsi_mod ext3 jbd
    ehci_hcd ohci_hcd uhci_hcd
    CPU:    3
    EIP:    0060:[<c045bbc3>]    Not tainted VLI
    EFLAGS: 00010246   (2.6.23 #1)
    EIP is at kunmap_high+0x51/0x8e
    
    Signed-off-by: Jens Axboe <[EMAIL PROTECTED]>
---
 fs/splice.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/fs/splice.c b/fs/splice.c
index e95a362..02c39ae 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1390,10 +1390,10 @@ static int pipe_to_user(struct pipe_inode_info *pipe, 
struct pipe_buffer *buf,
        if (copy_to_user(sd->u.userptr, src + buf->offset, sd->len))
                ret = -EFAULT;
 
+       buf->ops->unmap(pipe, buf, src);
 out:
        if (ret > 0)
                sd->u.userptr += ret;
-       buf->ops->unmap(pipe, buf, src);
        return ret;
 }
 
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to