Hello!

   Today looking for a way to do atomic page-unmap + removing page from
   page cache, I found 32 bit integer overflow in invalidate_inode_pages2_range.
   Attached program demonstrates the problem (on x86 with 2.6.14
   I quickly get SOFT Lockup trace and after a few seconds entire
   userspace locks up (not sure why)).
   Seems that all 2.6 kernels are having same problem, 2.6.5 has similar
   (though not identical) code.

   Please consider this patch below:

--- linux-2.6.14/mm/truncate.c.orig	2005-11-23 16:34:21.000000000 +0200
+++ linux-2.6.14/mm/truncate.c	2005-11-23 16:37:18.000000000 +0200
@@ -291,8 +291,8 @@
 					 * Zap the rest of the file in one hit.
 					 */
 					unmap_mapping_range(mapping,
-					    page_index << PAGE_CACHE_SHIFT,
-					    (end - page_index + 1)
+					   (loff_t)page_index<<PAGE_CACHE_SHIFT,
+					   (loff_t)(end - page_index + 1)
 							<< PAGE_CACHE_SHIFT,
 					    0);
 					did_range_unmap = 1;
@@ -301,8 +301,8 @@
 					 * Just zap this page
 					 */
 					unmap_mapping_range(mapping,
-					  page_index << PAGE_CACHE_SHIFT,
-					  PAGE_CACHE_SIZE, 0);
+					  (loff_t)page_index<<PAGE_CACHE_SHIFT,
+					  PAGE_CACHE_SIZE, 0);
 				}
 			}
 			was_dirty = test_clear_page_dirty(page);


Bye,
    Oleg