fix braino in generic_file_read_iter()
Wrong sign of iov_iter_revert() argument. Unfortunately, slipped through
the testing, since most of the time we don't do anything to the iterator
afterwards and potential oops on walking the iter->iov too far backwards
is too infrequent to be easily triggered.
Add a sanity check in iov_iter_revert() to catch bugs like this one;
fortunately, the same braino hadn't happened in other callers, but we'd
better have a warning if such thing crops up.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
diff --git a/lib/iov_iter.c b/lib/iov_iter.c
index 60abc44..fc9fb29 100644
--- a/lib/iov_iter.c
+++ b/lib/iov_iter.c
@@ -790,6 +790,8 @@ void iov_iter_revert(struct iov_iter *i, size_t unroll)
{
if (!unroll)
return;
+ if (WARN_ON(unroll > MAX_RW_COUNT))
+ return;
i->count += unroll;
if (unlikely(i->type & ITER_PIPE)) {
struct pipe_inode_info *pipe = i->pipe;
diff --git a/mm/filemap.c b/mm/filemap.c
index cc480c0..d6e67be 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -2048,7 +2048,7 @@ generic_file_read_iter(struct kiocb *iocb, struct iov_iter *iter)
iocb->ki_pos += retval;
count -= retval;
}
- iov_iter_revert(iter, iov_iter_count(iter) - count);
+ iov_iter_revert(iter, count - iov_iter_count(iter));
/*
* Btrfs can have a short DIO read if we encounter