The loop driver takes a copy of the data which it is writing.  When this
happens on the try_to_free_pages() path, loop can easily consume ALL memory
and bio_copy() will fail to allocate a page.

Loop forgets to check the bio_copy() return value and oopses.

Fix this by dropping PF_MEMALLOC and throttling to the block writeout speed.

The patch exports blk_congestion_wait() to modules for this.  This is a
needed export: several filesystems have a "try to allocate and yield if it
failed" loop and blk_congestion_wait() is a more appropriate way of
implementing the sleep in this situation.



 drivers/block/loop.c |   17 ++++++++++++++++-
 kernel/ksyms.c       |    1 +
 2 files changed, 17 insertions(+), 1 deletion(-)

diff -puN drivers/block/loop.c~loop-hack drivers/block/loop.c
--- 25/drivers/block/loop.c~loop-hack	2003-02-27 01:09:33.000000000 -0800
+++ 25-akpm/drivers/block/loop.c	2003-02-27 01:09:33.000000000 -0800
@@ -447,7 +447,22 @@ static struct bio *loop_get_buffer(struc
 		goto out_bh;
 	}
 
-	bio = bio_copy(rbh, GFP_NOIO, rbh->bi_rw & WRITE);
+	/*
+	 * When called on the page reclaim -> writepage path, this code can
+	 * trivially consume all memory.  So we drop PF_MEMALLOC to avoid
+	 * stealing all the page reserves and throttle to the writeout rate.
+	 * pdflush will have been woken by page reclaim.  Let it do its work.
+	 */
+	do {
+		int flags = current->flags;
+
+		current->flags &= ~PF_MEMALLOC;
+		bio = bio_copy(rbh, (GFP_ATOMIC & ~__GFP_HIGH) | __GFP_NOWARN,
+					rbh->bi_rw & WRITE);
+		current->flags = flags;
+		if (bio == NULL)
+			blk_congestion_wait(WRITE, HZ/10);
+	} while (bio == NULL);
 
 	bio->bi_end_io = loop_end_io_transfer;
 	bio->bi_private = rbh;
diff -puN kernel/ksyms.c~loop-hack kernel/ksyms.c
--- 25/kernel/ksyms.c~loop-hack	2003-02-27 01:14:14.000000000 -0800
+++ 25-akpm/kernel/ksyms.c	2003-02-27 01:15:06.000000000 -0800
@@ -119,6 +119,7 @@ EXPORT_SYMBOL(find_vma);
 EXPORT_SYMBOL(get_unmapped_area);
 EXPORT_SYMBOL(init_mm);
 EXPORT_SYMBOL(blk_queue_bounce);
+EXPORT_SYMBOL(blk_congestion_wait);
 #ifdef CONFIG_HIGHMEM
 EXPORT_SYMBOL(kmap_high);
 EXPORT_SYMBOL(kunmap_high);

_