Comment 2 for bug 231746

There was a fix commited by Nick Piggin (http://linux.derkeiler.com/Mailing-Lists/Kernel/2008-03/msg08396.html) which was included in 2.6.25-rc6. Please apply this patch to standard 8.04 kernel.

--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -1725,21 +1725,27 @@ size_t iov_iter_copy_from_user(struct pa
}
EXPORT_SYMBOL(iov_iter_copy_from_user);

-static void __iov_iter_advance_iov(struct iov_iter *i, size_t bytes)
+void iov_iter_advance(struct iov_iter *i, size_t bytes)
{
+ BUG_ON(i->count < bytes);
+
if (likely(i->nr_segs == 1)) {
i->iov_offset += bytes;
+ i->count -= bytes;
} else {
const struct iovec *iov = i->iov;
size_t base = i->iov_offset;

/*
* The !iov->iov_len check ensures we skip over unlikely
- * zero-length segments.
+ * zero-length segments (without overruning the iovec).
*/
- while (bytes || !iov->iov_len) {
- int copy = min(bytes, iov->iov_len - base);
+ while (bytes || unlikely(!iov->iov_len && i->count)) {
+ int copy;

+ copy = min(bytes, iov->iov_len - base);
+ BUG_ON(!i->count || i->count < copy);
+ i->count -= copy;
bytes -= copy;
base += copy;
if (iov->iov_len == base) {
@@ -1751,14 +1757,6 @@ static void __iov_iter_advance_iov(struc
i->iov_offset = base;
}
}
-
-void iov_iter_advance(struct iov_iter *i, size_t bytes)
-{
- BUG_ON(i->count < bytes);
-
- __iov_iter_advance_iov(i, bytes);
- i->count -= bytes;
-}
EXPORT_SYMBOL(iov_iter_advance);

/*