This is a note to let you know that I've just added the patch titled
fix 'direction' argument of iov_iter_{init,bvec}()
to the 6.1-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
fix-direction-argument-of-iov_iter_-init-bvec.patch
and it can be found in the queue-6.1 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 15c8644204c5b32d048cadb27de61eb62b4428e9
Author: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Date: Thu Sep 15 19:09:39 2022 -0400
fix 'direction' argument of iov_iter_{init,bvec}()
[ Upstream commit e3bf3df824675ea9cadc3cd2c75d08ee83a6ae26 ]
READ means "data destination", WRITE - "data source".
Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Stable-dep-of: 6dd88fd59da8 ("vhost-scsi: unbreak any layout for response")
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index 547f89a6940f..c234869d6727 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -833,7 +833,7 @@ static int vhost_copy_to_user(struct vhost_virtqueue *vq, void __user *to,
VHOST_ACCESS_WO);
if (ret < 0)
goto out;
- iov_iter_init(&t, WRITE, vq->iotlb_iov, ret, size);
+ iov_iter_init(&t, READ, vq->iotlb_iov, ret, size);
ret = copy_to_iter(from, size, &t);
if (ret == size)
ret = 0;
@@ -872,7 +872,7 @@ static int vhost_copy_from_user(struct vhost_virtqueue *vq, void *to,
(unsigned long long) size);
goto out;
}
- iov_iter_init(&f, READ, vq->iotlb_iov, ret, size);
+ iov_iter_init(&f, WRITE, vq->iotlb_iov, ret, size);
ret = copy_from_iter(to, size, &f);
if (ret == size)
ret = 0;
@@ -2136,7 +2136,7 @@ static int get_indirect(struct vhost_virtqueue *vq,
vq_err(vq, "Translation failure %d in indirect.\n", ret);
return ret;
}
- iov_iter_init(&from, READ, vq->indirect, ret, len);
+ iov_iter_init(&from, WRITE, vq->indirect, ret, len);
count = len / sizeof desc;
/* Buffers are chained via a 16 bit next field, so
* we can have at most 2^16 of these. */
diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
index 828c29306565..139c782848c6 100644
--- a/drivers/vhost/vringh.c
+++ b/drivers/vhost/vringh.c
@@ -1161,7 +1161,7 @@ static inline int copy_from_iotlb(const struct vringh *vrh, void *dst,
else if (ret < 0)
return ret;
- iov_iter_bvec(&iter, READ, iov, ret, translated);
+ iov_iter_bvec(&iter, WRITE, iov, ret, translated);
ret = copy_from_iter(dst, translated, &iter);
if (ret < 0)
@@ -1194,7 +1194,7 @@ static inline int copy_to_iotlb(const struct vringh *vrh, void *dst,
else if (ret < 0)
return ret;
- iov_iter_bvec(&iter, WRITE, iov, ret, translated);
+ iov_iter_bvec(&iter, READ, iov, ret, translated);
ret = copy_to_iter(src, translated, &iter);
if (ret < 0)
