On Tue, Mar 28, 2023 at 11:52:10AM -0600, Jens Axboe wrote:
> On 3/28/23 11:50 AM, Linus Torvalds wrote:
> > On Tue, Mar 28, 2023 at 10:36 AM Jens Axboe <axboe@xxxxxxxxx> wrote:
> >>
> >> @@ -3516,23 +3516,28 @@ static void __user **snd_map_bufs(struct snd_pcm_runtime *runtime,
> >> struct iov_iter *iter,
> >> snd_pcm_uframes_t *frames, int max_segs)
> >> {
> >> + int nr_segs = iovec_nr_user_vecs(iter);
> >
> > This has a WARN_ON_ONCE() for !user_backed, but then..
> >
> >> void __user **bufs;
> >> + struct iovec iov;
> >> unsigned long i;
> >>
> >> if (!iter->user_backed)
> >> return ERR_PTR(-EFAULT);
> >
> > here the code tries to deal with it.
> >
> > So I think the two should probably be switched around.
>
> True, it was actually like that before I refactored it to include
> that common helper. I'll swap them around, thanks.
Umm... That looks really weird - if nothing else, it seems that this
thing quietly ignores the ->iov_len on all but the first iovec.
Might make sense to ask ALSA folks what the hell is going on there;
it's readv()/writev() on pcm device, and it looks like userland ABI
is really perverted here... ;-/
