[PATCH] Fix for shmem_truncate_range() BUG_ON()

Ran into BUG() while doing madvise(REMOVE) testing.  If we are punching a
hole into shared memory segment using madvise(REMOVE) and the entire hole
is below the indirect blocks, we hit following assert.

	        BUG_ON(limit <= SHMEM_NR_DIRECT);

Signed-off-by: Badari Pulavarty <pbadari@us.ibm.com>
Cc: Hugh Dickins <hugh@veritas.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

diff --git a/mm/shmem.c b/mm/shmem.c
index 4bb28d2..70da7a0 100644 (file)
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -515,7 +515,12 @@ static void shmem_truncate_range(struct inode *inode, loff_t start, loff_t end)
                        size = SHMEM_NR_DIRECT;
                nr_swaps_freed = shmem_free_swp(ptr+idx, ptr+size);
        }
-       if (!topdir)
+
+       /*
+        * If there are no indirect blocks or we are punching a hole
+        * below indirect blocks, nothing to be done.
+        */
+       if (!topdir || (punch_hole && (limit <= SHMEM_NR_DIRECT)))
                goto done2;
 
        BUG_ON(limit <= SHMEM_NR_DIRECT);