Commit 53cc0b29 authored Nov 19, 2008 by Petr Vandrovec Committed by Jens Axboe Dec 03, 2008

When block layer fails to map iov, it calls bio_unmap_user to undo


mapping.  Which is good if pages were mapped - but if they were provided
by someone else and just copied then bad things happen - pages are
released once here, and once by caller, leading to user triggerable BUG
at include/linux/mm.h:246.

Signed-off-by: Petr Vandrovec <petr@vandrovec.name>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>

parent f6f7b52e

block/blk-map.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -224,7 +224,7 @@ int blk_rq_map_user_iov(struct request_queue q, struct request rq,
		*/
		bio_get(bio);
		bio_endio(bio, 0);
		bio_unmap_user(bio);
		__blk_rq_unmap_user(bio);
		return -EINVAL;
		}