When block layer fails to map iov, it calls bio_unmap_user to undo
Petr Vandrovec [Wed, 19 Nov 2008 10:12:14 +0000 (11:12 +0100)]
mapping.  Which is good if pages were mapped - but if they were provided
by someone else and just copied then bad things happen - pages are
released once here, and once by caller, leading to user triggerable BUG
at include/linux/mm.h:246.

Signed-off-by: Petr Vandrovec <petr@vandrovec.name>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>

block/blk-map.c

index 0f4b4b8..2990447 100644 (file)
@@ -224,7 +224,7 @@ int blk_rq_map_user_iov(struct request_queue *q, struct request *rq,
                 */
                bio_get(bio);
                bio_endio(bio, 0);
-               bio_unmap_user(bio);
+               __blk_rq_unmap_user(bio);
                return -EINVAL;
        }