Commit 341468e0 authored Nov 02, 2024 by Ming Lei Committed by Jens Axboe Nov 01, 2024

lib/iov_iter: fix bvec iterator setup



.bi_size of bvec iterator should be initialized as real max size for
walking, and .bi_bvec_done just counts how many bytes need to be
skipped in the 1st bvec, so .bi_size isn't related with .bi_bvec_done.

This patch fixes bvec iterator initialization, and the inner `size`
check isn't needed any more, so revert Eric Dumazet's commit
7bc802acf193 ("iov-iter: do not return more bytes than requested in
iov_iter_extract_bvec_pages()").

Cc: Eric Dumazet <edumazet@google.com>
Fixes: e4e535bf ("iov_iter: don't require contiguous pages in iov_iter_extract_bvec_pages")
Reported-by:  <syzbot+71abe7ab2b70bca770fd@syzkaller.appspotmail.com>
Tested-by:  <syzbot+71abe7ab2b70bca770fd@syzkaller.appspotmail.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

parent d47de6ac

lib/iov_iter.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1700,7 +1700,7 @@ static ssize_t iov_iter_extract_bvec_pages(struct iov_iter *i,
		skip = 0;
		}
		bi.bi_idx = 0;
		bi.bi_size = maxsize + skip;
		bi.bi_size = maxsize;
		bi.bi_bvec_done = skip;

		maxpages = want_pages_array(pages, maxsize, skip, maxpages);