block: don't revert iter for -EIOCBQUEUED

blkdev_read_iter() has a few odd checks, like gating the position and
count adjustment on whether or not the result is bigger-than-or-equal to
zero (where bigger than makes more sense), and not checking the return
value of blkdev_direct_IO() before doing an iov_iter_revert(). The
latter can lead to attempting to revert with a negative value, which
when passed to iov_iter_revert() as an unsigned value will lead to
throwing a WARN_ON() because unroll is bigger than MAX_RW_COUNT.

Be sane and don't revert for -EIOCBQUEUED, like what is done in other
spots.

Cc: stable@vger.kernel.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>

diff --git a/block/fops.c b/block/fops.c
index 6d5c4fc5a2168082a75b1ed21766b13d548ee4a9..be9f1dbea9ce0a7a80b370b6933cd4c3bcdf9c01 100644 (file)
--- a/block/fops.c
+++ b/block/fops.c
@@ -783,11 +783,12 @@ static ssize_t blkdev_read_iter(struct kiocb *iocb, struct iov_iter *to)
                file_accessed(iocb->ki_filp);
 
                ret = blkdev_direct_IO(iocb, to);
-               if (ret >= 0) {
+               if (ret > 0) {
                        iocb->ki_pos += ret;
                        count -= ret;
                }
-               iov_iter_revert(to, count - iov_iter_count(to));
+               if (ret != -EIOCBQUEUED)
+                       iov_iter_revert(to, count - iov_iter_count(to));
                if (ret < 0 || !count)
                        goto reexpand;
        }