[PATCH] block: fix bio_copy_user_iov() for SG_DXFER_TO_FROM_DEV case

From: Mingming Gu
Date: Fri Apr 12 2024 - 23:46:33 EST

Next message: Nicolin Chen: "[PATCH RFCv1 01/14] iommufd: Move iommufd_object to public iommufd header"
Previous message: kernel test robot: "[paulmck-rcu:dev.2024.04.10a] BUILD SUCCESS 9d7b65d10e3f9f6c251da7e8a0e2be8036f0af08"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Commit "block: Fix WARNING in _copy_from_iter" is insufficient to make
SG_IO ioctl with a transfer direction of SG_DXFER_TO_FROM_DEV work;
the passed in iterator should be advanced after bio_copy_from_iter().
Otherwise its caller, blk_rq_map_user_iov(), will return -EINVAL due
to a wrong loop condition.

Instead of using a copy of the passed iterator, save iter->data_source
and restore it after bio_copy_from_iter().

Signed-off-by: Mingming Gu <mmgu@xxxxxxxxxxxxxxxxxx>
---
block/blk-map.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/block/blk-map.c b/block/blk-map.c
index 71210cd..eca02d9 100644
--- a/block/blk-map.c
+++ b/block/blk-map.c
@@ -211,11 +211,12 @@ static int bio_copy_user_iov(struct request *rq, struct rq_map_data *map_data,
if (ret)
goto cleanup;
} else if (map_data && map_data->from_user) {
- struct iov_iter iter2 = *iter;
+ bool tmp = iter->data_source;

/* This is the copy-in part of SG_DXFER_TO_FROM_DEV. */
- iter2.data_source = ITER_SOURCE;
- ret = bio_copy_from_iter(bio, &iter2);
+ iter->data_source = ITER_SOURCE;
+ ret = bio_copy_from_iter(bio, iter);
+ iter->data_source = tmp;
if (ret)
goto cleanup;
} else {
--
2.7.4

Next message: Nicolin Chen: "[PATCH RFCv1 01/14] iommufd: Move iommufd_object to public iommufd header"
Previous message: kernel test robot: "[paulmck-rcu:dev.2024.04.10a] BUILD SUCCESS 9d7b65d10e3f9f6c251da7e8a0e2be8036f0af08"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]