authorPetr Vandrovec <>2008-11-19 11:12:14 +0100
committerJens Axboe <>2008-12-03 12:41:20 +0100
commit53cc0b2948bcb8a084982e6c1f9bd7b337e0df38 (patch)
treee2d4ca231035de3a14f47b97f6c9196fc375340c /block
parentf6f7b52e2f6149d2ee365717afff315b05720162 (diff)
When block layer fails to map iov, it calls bio_unmap_user to undo
mapping. Which is good if pages were mapped - but if they were provided by someone else and just copied then bad things happen - pages are released once here, and once by caller, leading to user triggerable BUG at include/linux/mm.h:246. Signed-off-by: Petr Vandrovec <> Signed-off-by: Jens Axboe <>
diff --git a/block/blk-map.c b/block/blk-map.c
index 0f4b4b881811..2990447f45e9 100644
--- a/block/blk-map.c
+++ b/block/blk-map.c
@@ -224,7 +224,7 @@ int blk_rq_map_user_iov(struct request_queue *q, struct request *rq,
bio_endio(bio, 0);
- bio_unmap_user(bio);
+ __blk_rq_unmap_user(bio);
return -EINVAL;