From: Hugh Dickins <hugh@veritas.com>
Date: Tue, 29 Jul 2008 02:50:18 +0000 (+0000)
Subject: tmpfs: fix kernel BUG in shmem_delete_inode
X-Git-Tag: v2.6.26.1~7
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a3676137382ae2dbc6a469ead4cd37ccf970aede;p=platform%2Fkernel%2Flinux-stable.git

tmpfs: fix kernel BUG in shmem_delete_inode

commit 14fcc23fdc78e9d32372553ccf21758a9bd56fa1 upstream

SuSE's insserve initscript ordering program hits kernel BUG at mm/shmem.c:814
on 2.6.26.  It's using posix_fadvise on directories, and the shmem_readpage
method added in 2.6.23 is letting POSIX_FADV_WILLNEED allocate useless pages
to a tmpfs directory, incrementing i_blocks count but never decrementing it.

Fix this by assigning shmem_aops (pointing to readpage and writepage and
set_page_dirty) only when it's needed, on a regular file or a long symlink.

Many thanks to Kel for outstanding bugreport and steps to reproduce it.

Reported-by: Kel Modderman <kel@otaku42.de>
Tested-by: Kel Modderman <kel@otaku42.de>
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

diff --git a/mm/shmem.c b/mm/shmem.c
index e2a6ae1a44e9..8f8412bab0fb 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -1503,7 +1503,6 @@ shmem_get_inode(struct super_block *sb, int mode, dev_t dev)
 		inode->i_uid = current->fsuid;
 		inode->i_gid = current->fsgid;
 		inode->i_blocks = 0;
-		inode->i_mapping->a_ops = &shmem_aops;
 		inode->i_mapping->backing_dev_info = &shmem_backing_dev_info;
 		inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
 		inode->i_generation = get_seconds();
@@ -1518,6 +1517,7 @@ shmem_get_inode(struct super_block *sb, int mode, dev_t dev)
 			init_special_inode(inode, mode, dev);
 			break;
 		case S_IFREG:
+			inode->i_mapping->a_ops = &shmem_aops;
 			inode->i_op = &shmem_inode_operations;
 			inode->i_fop = &shmem_file_operations;
 			mpol_shared_policy_init(&info->policy,
@@ -1907,6 +1907,7 @@ static int shmem_symlink(struct inode *dir, struct dentry *dentry, const char *s
 			return error;
 		}
 		unlock_page(page);
+		inode->i_mapping->a_ops = &shmem_aops;
 		inode->i_op = &shmem_symlink_inode_operations;
 		kaddr = kmap_atomic(page, KM_USER0);
 		memcpy(kaddr, symname, len);