tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

iov_iter: Fix iov_iter_extract_pages() with zero-sized entries

iov_iter_extract_pages() doesn't correctly handle skipping over initial
zero-length entries in ITER_KVEC and ITER_BVEC-type iterators.

The problem is that it accidentally reduces maxsize to 0 when it
skipping and thus runs to the end of the array and returns 0.

Fix this by sticking the calculated size-to-copy in a new variable
rather than back in maxsize.

Fixes: 7d58fe731028 ("iov_iter: Add a function to extract a page list from an iterator")
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: David Hildenbrand <david@redhat.com>
Cc: John Hubbard <jhubbard@nvidia.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by

David Howells and committed by
Linus Torvalds f741bd71 6b8bb5b8

+15 -15
+15 -15
lib/iov_iter.c
··· 1654 1654 size_t *offset0) 1655 1655 { 1656 1656 struct page **p, *page; 1657 - size_t skip = i->iov_offset, offset; 1657 + size_t skip = i->iov_offset, offset, size; 1658 1658 int k; 1659 1659 1660 1660 for (;;) { 1661 1661 if (i->nr_segs == 0) 1662 1662 return 0; 1663 - maxsize = min(maxsize, i->bvec->bv_len - skip); 1664 - if (maxsize) 1663 + size = min(maxsize, i->bvec->bv_len - skip); 1664 + if (size) 1665 1665 break; 1666 1666 i->iov_offset = 0; 1667 1667 i->nr_segs--; ··· 1674 1674 offset = skip % PAGE_SIZE; 1675 1675 *offset0 = offset; 1676 1676 1677 - maxpages = want_pages_array(pages, maxsize, offset, maxpages); 1677 + maxpages = want_pages_array(pages, size, offset, maxpages); 1678 1678 if (!maxpages) 1679 1679 return -ENOMEM; 1680 1680 p = *pages; 1681 1681 for (k = 0; k < maxpages; k++) 1682 1682 p[k] = page + k; 1683 1683 1684 - maxsize = min_t(size_t, maxsize, maxpages * PAGE_SIZE - offset); 1685 - iov_iter_advance(i, maxsize); 1686 - return maxsize; 1684 + size = min_t(size_t, size, maxpages * PAGE_SIZE - offset); 1685 + iov_iter_advance(i, size); 1686 + return size; 1687 1687 } 1688 1688 1689 1689 /* ··· 1698 1698 { 1699 1699 struct page **p, *page; 1700 1700 const void *kaddr; 1701 - size_t skip = i->iov_offset, offset, len; 1701 + size_t skip = i->iov_offset, offset, len, size; 1702 1702 int k; 1703 1703 1704 1704 for (;;) { 1705 1705 if (i->nr_segs == 0) 1706 1706 return 0; 1707 - maxsize = min(maxsize, i->kvec->iov_len - skip); 1708 - if (maxsize) 1707 + size = min(maxsize, i->kvec->iov_len - skip); 1708 + if (size) 1709 1709 break; 1710 1710 i->iov_offset = 0; 1711 1711 i->nr_segs--; ··· 1717 1717 offset = (unsigned long)kaddr & ~PAGE_MASK; 1718 1718 *offset0 = offset; 1719 1719 1720 - maxpages = want_pages_array(pages, maxsize, offset, maxpages); 1720 + maxpages = want_pages_array(pages, size, offset, maxpages); 1721 1721 if (!maxpages) 1722 1722 return -ENOMEM; 1723 1723 p = *pages; 1724 1724 1725 1725 kaddr -= offset; 1726 - len = offset + maxsize; 1726 + len = offset + size; 1727 1727 for (k = 0; k < maxpages; k++) { 1728 1728 size_t seg = min_t(size_t, len, PAGE_SIZE); 1729 1729 ··· 1737 1737 kaddr += PAGE_SIZE; 1738 1738 } 1739 1739 1740 - maxsize = min_t(size_t, maxsize, maxpages * PAGE_SIZE - offset); 1741 - iov_iter_advance(i, maxsize); 1742 - return maxsize; 1740 + size = min_t(size_t, size, maxpages * PAGE_SIZE - offset); 1741 + iov_iter_advance(i, size); 1742 + return size; 1743 1743 } 1744 1744 1745 1745 /*