Commit b13ee668 authored Jan 23, 2025 by Jens Axboe

block: don't revert iter for -EIOCBQUEUED



blkdev_read_iter() has a few odd checks, like gating the position and
count adjustment on whether or not the result is bigger-than-or-equal to
zero (where bigger than makes more sense), and not checking the return
value of blkdev_direct_IO() before doing an iov_iter_revert(). The
latter can lead to attempting to revert with a negative value, which
when passed to iov_iter_revert() as an unsigned value will lead to
throwing a WARN_ON() because unroll is bigger than MAX_RW_COUNT.

Be sane and don't revert for -EIOCBQUEUED, like what is done in other
spots.

Cc: stable@vger.kernel.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>

parent 7004a2e4

block/fops.c

+3 −2

Original line number	Diff line number	Diff line
		@@ -783,10 +783,11 @@ static ssize_t blkdev_read_iter(struct kiocb iocb, struct iov_iter to)
		file_accessed(iocb->ki_filp);

		ret = blkdev_direct_IO(iocb, to);
		if (ret >= 0) {
		if (ret > 0) {
		iocb->ki_pos += ret;
		count -= ret;
		}
		if (ret != -EIOCBQUEUED)
		iov_iter_revert(to, count - iov_iter_count(to));
		if (ret < 0 \|\| !count)
		goto reexpand;