On 1/27/25 10:59 PM, Christoph Hellwig wrote: > On Thu, Jan 23, 2025 at 06:18:01AM -0700, Jens Axboe wrote: >> blkdev_read_iter() has a few odd checks, like gating the position and >> count adjustment on whether or not the result is bigger-than-or-equal to >> zero (where bigger than makes more sense), and not checking the return >> value of blkdev_direct_IO() before doing an iov_iter_revert(). The >> latter can lead to attempting to revert with a negative value, which >> when passed to iov_iter_revert() as an unsigned value will lead to >> throwing a WARN_ON() because unroll is bigger than MAX_RW_COUNT. > > How did you reproduce that? Can we add it to blktests? Via one of the io_uring test cases, when used on a SCSI device. Not easy to write a reliable reproducer for this, and honestly I'm kind of puzzled I haven't hit it before recently. -- Jens Axboe
