Comment 74 for bug 249340

If you look at the history for this file:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=history;f=mm/filemap.c;h=54e9686508550b198b4779df048bbfe46b2ddb08;hb=HEAD

You'll see that http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=64649a58919e66ec21792dbb6c48cb3da22cbd7f was backported.

I think the backport is wrong. Let me explain why:
The first filemap_set_next_iovec() finds a {NULL, 0} iovec
Then if "!segment_eq(get_fs(), KERNEL_DS)" (write is from userspace), the variable bytes will be equal to 0 (because cur_iov->iov_len - iov_base == 0).
Then it will goto zero_length_segment
And here the patch changed the behaviour, before the test was ">= 0" so it included the case where the iovec was empty, and then it finished by calling filemap_set_next_iovec() which would advance from at least one iovec before continuing.
Now it test for "> 0" so nothing will happen before the continue instruction. Hence the infinite loop.