From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Douglas Gilbert <dgilbert@interlog.com>,
Jens Axboe <axboe@kernel.dk>
Subject: [PATCH 4.15 10/45] blk_rq_map_user_iov: fix error override
Date: Fri, 23 Feb 2018 19:28:49 +0100 [thread overview]
Message-ID: <20180223170716.977053392@linuxfoundation.org> (raw)
In-Reply-To: <20180223170715.197760019@linuxfoundation.org>
4.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Douglas Gilbert <dgilbert@interlog.com>
commit 69e0927b3774563c19b5fb32e91d75edc147fb62 upstream.
During stress tests by syzkaller on the sg driver the block layer
infrequently returns EINVAL. Closer inspection shows the block
layer was trying to return ENOMEM (which is much more
understandable) but for some reason overroad that useful error.
Patch below does not show this (unchanged) line:
ret =__blk_rq_map_user_iov(rq, map_data, &i, gfp_mask, copy);
That 'ret' was being overridden when that function failed.
Signed-off-by: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-map.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/block/blk-map.c
+++ b/block/blk-map.c
@@ -119,7 +119,7 @@ int blk_rq_map_user_iov(struct request_q
unsigned long align = q->dma_pad_mask | queue_dma_alignment(q);
struct bio *bio = NULL;
struct iov_iter i;
- int ret;
+ int ret = -EINVAL;
if (!iter_is_iovec(iter))
goto fail;
@@ -148,7 +148,7 @@ unmap_rq:
__blk_rq_unmap_user(bio);
fail:
rq->bio = NULL;
- return -EINVAL;
+ return ret;
}
EXPORT_SYMBOL(blk_rq_map_user_iov);
next prev parent reply other threads:[~2018-02-23 18:28 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-23 18:28 [PATCH 4.15 00/45] 4.15.6-stable review Greg Kroah-Hartman
2018-02-23 18:28 ` [PATCH 4.15 01/45] tun: fix tun_napi_alloc_frags() frag allocator Greg Kroah-Hartman
2018-02-23 18:28 ` [PATCH 4.15 02/45] ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE Greg Kroah-Hartman
2018-02-23 18:28 ` [PATCH 4.15 03/45] ptr_ring: try vmalloc() when kmalloc() fails Greg Kroah-Hartman
2018-02-23 18:28 ` [PATCH 4.15 04/45] selinux: ensure the context is NUL terminated in security_context_to_sid_core() Greg Kroah-Hartman
2018-02-23 18:28 ` [PATCH 4.15 05/45] selinux: skip bounded transition processing if the policy isnt loaded Greg Kroah-Hartman
2018-02-23 18:28 ` [PATCH 4.15 06/45] media: pvrusb2: properly check endpoint types Greg Kroah-Hartman
2018-02-23 18:28 ` [PATCH 4.15 07/45] crypto: x86/twofish-3way - Fix %rbp usage Greg Kroah-Hartman
2018-02-23 18:28 ` [PATCH 4.15 08/45] staging: android: ion: Add __GFP_NOWARN for system contig heap Greg Kroah-Hartman
2018-02-23 18:28 ` [PATCH 4.15 09/45] staging: android: ion: Switch from WARN to pr_warn Greg Kroah-Hartman
2018-02-23 18:28 ` Greg Kroah-Hartman [this message]
2018-02-23 18:28 ` [PATCH 4.15 11/45] KVM: x86: fix escape of guest dr6 to the host Greg Kroah-Hartman
2018-02-23 18:28 ` [PATCH 4.15 12/45] kcov: detect double association with a single task Greg Kroah-Hartman
2018-02-23 18:28 ` [PATCH 4.15 13/45] netfilter: x_tables: fix int overflow in xt_alloc_table_info() Greg Kroah-Hartman
2018-02-23 18:28 ` [PATCH 4.15 14/45] netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target} Greg Kroah-Hartman
2018-02-23 18:28 ` [PATCH 4.15 15/45] netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check() Greg Kroah-Hartman
2018-02-23 18:28 ` [PATCH 4.15 16/45] netfilter: on sockopt() acquire sock lock only in the required scope Greg Kroah-Hartman
2018-02-23 18:28 ` [PATCH 4.15 17/45] netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1() Greg Kroah-Hartman
2018-02-23 18:28 ` [PATCH 4.15 18/45] netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert Greg Kroah-Hartman
2018-02-23 18:28 ` [PATCH 4.15 19/45] rds: tcp: correctly sequence cleanup on netns deletion Greg Kroah-Hartman
2018-02-23 18:28 ` [PATCH 4.15 20/45] rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 21/45] net: avoid skb_warn_bad_offload on IS_ERR Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 22/45] net_sched: gen_estimator: fix lockdep splat Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 23/45] soc: qcom: rmtfs_mem: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 24/45] ASoC: ux500: add MODULE_LICENSE tag Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 25/45] video: fbdev/mmp: add MODULE_LICENSE Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 26/45] ARM: 8743/1: bL_switcher: add MODULE_LICENSE tag Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 27/45] arm64: dts: add #cooling-cells to CPU nodes Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 28/45] dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 29/45] ANDROID: binder: remove WARN() for redundant txn error Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 30/45] ANDROID: binder: synchronize_rcu() when using POLLFREE Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 31/45] staging: android: ashmem: Fix a race condition in pin ioctls Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 32/45] binder: check for binder_thread allocation failure in binder_poll() Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 33/45] binder: replace "%p" with "%pK" Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 34/45] staging: fsl-mc: fix build testing on x86 Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 35/45] staging: iio: adc: ad7192: fix external frequency setting Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 36/45] staging: iio: ad5933: switch buffer mode to software Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 37/45] xhci: Fix NULL pointer in xhci debugfs Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 38/45] xhci: Fix xhci debugfs devices node disappearance after hibernation Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 39/45] xhci: xhci debugfs device nodes werent removed after device plugged out Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 40/45] xhci: fix xhci debugfs errors in xhci_stop Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 41/45] usbip: keep usbip_device sockfd state in sync with tcp_socket Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 42/45] crypto: s5p-sss - Fix kernel Oops in AES-ECB mode Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 43/45] mei: me: add cannon point device ids Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 44/45] mei: me: add cannon point device ids for 4th device Greg Kroah-Hartman
2018-02-23 18:29 ` [PATCH 4.15 45/45] vmalloc: fix __GFP_HIGHMEM usage for vmalloc_32 on 32b systems Greg Kroah-Hartman
2018-02-23 23:57 ` [PATCH 4.15 00/45] 4.15.6-stable review kernelci.org bot
2018-02-24 0:38 ` Shuah Khan
2018-02-24 8:26 ` Greg Kroah-Hartman
2018-02-24 17:58 ` Guenter Roeck
2018-02-25 9:59 ` Greg Kroah-Hartman
2018-02-25 3:37 ` Dan Rue
2018-02-25 9:58 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180223170716.977053392@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=axboe@kernel.dk \
--cc=dgilbert@interlog.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).