From: Michal Schmidt <mschmidt@redhat.com> Subject: [RHEL 5.1 PATCH] BZ 222031: Some db2 operations cause system to hang Date: Fri, 30 Mar 2007 14:05:20 +0200 Bugzilla: 222031 Message-Id: <460CFD00.6010703@redhat.com> Changelog: [mm] Some db2 operations cause system to hang Red Hat BZ: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=222031 Description: Calling madvise(...,...,MADV_REMOVE) on a region extending past a VMA can cause an infinite loop in the kernel or even a kernel panic. The patch is upstream: Commit: 00e9fa2d6421fbbefb4c02821a1e779a3ce47781 Author: Nick Piggin <npiggin@suse.de> Fri, 16 Mar 2007 13:38:10 -0800 [PATCH] mm: fix madvise infinine loop A testcase is available. I checked that the patch fixes the bug. diff -Nurp linux-2.6.18.i686.orig/mm/madvise.c linux-2.6.18.i686/mm/madvise.c --- linux-2.6.18.i686.orig/mm/madvise.c 2006-09-20 05:42:06.000000000 +0200 +++ linux-2.6.18.i686/mm/madvise.c 2007-03-29 15:32:34.000000000 +0200 @@ -155,11 +155,14 @@ static long madvise_dontneed(struct vm_a * Other filesystems return -ENOSYS. */ static long madvise_remove(struct vm_area_struct *vma, + struct vm_area_struct **prev, unsigned long start, unsigned long end) { struct address_space *mapping; loff_t offset, endoff; + *prev = vma; + if (vma->vm_flags & (VM_LOCKED|VM_NONLINEAR|VM_HUGETLB)) return -EINVAL; @@ -199,7 +202,7 @@ madvise_vma(struct vm_area_struct *vma, error = madvise_behavior(vma, prev, start, end, behavior); break; case MADV_REMOVE: - error = madvise_remove(vma, start, end); + error = madvise_remove(vma, prev, start, end); break; case MADV_WILLNEED: