Received: by 2002:a05:6a10:9e8c:0:0:0:0 with SMTP id y12csp229521pxx; Wed, 28 Oct 2020 03:29:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwZSxk8qm+lkiaNy9PHiHo38StoofT3t6tk5c62uCAuBBrCVysKoRwioBP1TUUa3wxv32lW X-Received: by 2002:a17:907:7244:: with SMTP id ds4mr2120631ejc.172.1603880982969; Wed, 28 Oct 2020 03:29:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1603880982; cv=none; d=google.com; s=arc-20160816; b=ypXAGwt0dWbKLEqp21/+b3oMNXiQmn4prQVjtGHvqjbiMqP/Xahu7zikSbaVVed9WN 75/1VB0IycmoGg6w3npVNbeIQCX9KW5wBOLmIxHbYTv5K0iK1zyO95sQCoPK1APYfzWu o4bko7LLv86WJz5jX4f/gDcqh5uFAzoo1Lqt3/4Nrp4BpTOTdxoRTP5X9W7w0oMQ6ccT E6sdPY8E8u0tGrIjUp8bPt9o5J4CyNWOLgprY5+/4XdVWBawa8zHXShwtmaHnF80j3uw 6+iWnPlk/SHz9NLNZNB9SWVmwVhP0Ic+/jEHC+VjFUKj6vqe+DxZOAmbJpmkIjPquwyN OeXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=qjBcsL1OJDwpQ0Bz76EUeeyssin/mFOlJyQq1HChogY=; b=TqzaX74R40BgkekpdhRz0ZdKBe9E383c9t3wo6GxH4t2c8ET3gV4UDla/ccSFTKbzC QuEmZABDYS8oOp5q2T/UVmcMOmctM2fqEoGuPkP6esmVX0dMEIjE8tCYyYfcD+Sb0X8/ IK0Kzt45tK71qMVT0b8kaCQD35wTNL5TImVaNAyGcVo/T2h5ED+9GkvLPCAxlXcPfKSG 7WmzpPetIggFkvNkWYM1Lwe15XUvLNq9sKxt6EWwUlBjdOjefjzhq0JcUJ76RQfEe+Wk +AvxomUd9oWkL3IBz1iJRlzCBkuKA/7SQb6ZicLnxmwyJsfUw6s6bMI8VIw0+2aZOb4y 38+g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Txw+r64A; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g1si3663191edn.100.2020.10.28.03.29.21; Wed, 28 Oct 2020 03:29:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Txw+r64A; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1762336AbgJ0OmL (ORCPT + 99 others); Tue, 27 Oct 2020 10:42:11 -0400 Received: from mail.kernel.org ([198.145.29.99]:39356 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1761663AbgJ0OkJ (ORCPT ); Tue, 27 Oct 2020 10:40:09 -0400 Received: from localhost (83-86-74-64.cable.dynamic.v4.ziggo.nl [83.86.74.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id DCA1322202; Tue, 27 Oct 2020 14:40:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1603809608; bh=7X4uAvFQWtMwCQSZPhy55axYCWJfwSqig/lY17g5kOo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Txw+r64AFZy+4lm2kDdsxTIyId1nd5oqBq7on90EjNIBBsNHIJA3ZXVutfzR9G5lo +DzWWU9xwxjkqP1AIZ9YCAShzdHNTYjyBPe/sWT03QRdRUjUIs8EN7TGp8OT5NxyKr ddMGnWaSawNqdJk87/fuPghFSYtryQRhe+6Fl1kI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Souptick Joarder , Andrew Morton , Ira Weiny , John Hubbard , Matthew Wilcox , Matt Porter , Alexandre Bounine , "Gustavo A. R. Silva" , Madhuparna Bhowmik , Dan Carpenter , Linus Torvalds , Sasha Levin Subject: [PATCH 5.4 257/408] rapidio: fix error handling path Date: Tue, 27 Oct 2020 14:53:15 +0100 Message-Id: <20201027135506.959710984@linuxfoundation.org> X-Mailer: git-send-email 2.29.1 In-Reply-To: <20201027135455.027547757@linuxfoundation.org> References: <20201027135455.027547757@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Souptick Joarder [ Upstream commit fa63f083b3492b5ed5332b8d7c90b03b5ef24a1d ] rio_dma_transfer() attempts to clamp the return value of pin_user_pages_fast() to be >= 0. However, the attempt fails because nr_pages is overridden a few lines later, and restored to the undesirable -ERRNO value. The return value is ultimately stored in nr_pages, which in turn is passed to unpin_user_pages(), which expects nr_pages >= 0, else, disaster. Fix this by fixing the nesting of the assignment to nr_pages: nr_pages should be clamped to zero if pin_user_pages_fast() returns -ERRNO, or set to the return value of pin_user_pages_fast(), otherwise. [jhubbard@nvidia.com: new changelog] Fixes: e8de370188d09 ("rapidio: add mport char device driver") Signed-off-by: Souptick Joarder Signed-off-by: Andrew Morton Reviewed-by: Ira Weiny Reviewed-by: John Hubbard Cc: Matthew Wilcox Cc: Matt Porter Cc: Alexandre Bounine Cc: Gustavo A. R. Silva Cc: Madhuparna Bhowmik Cc: Dan Carpenter Link: https://lkml.kernel.org/r/1600227737-20785-1-git-send-email-jrdr.linux@gmail.com Signed-off-by: Linus Torvalds Signed-off-by: Sasha Levin --- drivers/rapidio/devices/rio_mport_cdev.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/drivers/rapidio/devices/rio_mport_cdev.c b/drivers/rapidio/devices/rio_mport_cdev.c index 0b85a80ae7ef6..1222522b4ae76 100644 --- a/drivers/rapidio/devices/rio_mport_cdev.c +++ b/drivers/rapidio/devices/rio_mport_cdev.c @@ -873,15 +873,16 @@ rio_dma_transfer(struct file *filp, u32 transfer_mode, rmcd_error("get_user_pages_unlocked err=%ld", pinned); nr_pages = 0; - } else + } else { rmcd_error("pinned %ld out of %ld pages", pinned, nr_pages); + /* + * Set nr_pages up to mean "how many pages to unpin, in + * the error handler: + */ + nr_pages = pinned; + } ret = -EFAULT; - /* - * Set nr_pages up to mean "how many pages to unpin, in - * the error handler: - */ - nr_pages = pinned; goto err_pg; } -- 2.25.1