lib/iov_iter: fix bvec iterator setup

Ming Lei · axboe · commit 341468e0ab4b · 2024-11-01T20:18:21.000-06:00
.bi_size of bvec iterator should be initialized as real max size for walking, and .bi_bvec_done just counts how many bytes need to be skipped in the 1st bvec, so .bi_size isn't related with .bi_bvec_done. This patch fixes bvec iterator initialization, and the inner `size` check isn't needed any more, so revert Eric Dumazet's commit 7bc802acf193 ("iov-iter: do not return more bytes than requested in iov_iter_extract_bvec_pages()"). Cc: Eric Dumazet <edumazet@google.com> Fixes: e4e535b ("iov_iter: don't require contiguous pages in iov_iter_extract_bvec_pages") Reported-by: syzbot+71abe7ab2b70bca770fd@syzkaller.appspotmail.com Tested-by: syzbot+71abe7ab2b70bca770fd@syzkaller.appspotmail.com Signed-off-by: Ming Lei <ming.lei@redhat.com> Signed-off-by: Jens Axboe <axboe@kernel.dk>
diff --git a/lib/iov_iter.c b/lib/iov_iter.c
@@ -1700,7 +1700,7 @@ static ssize_t iov_iter_extract_bvec_pages(struct iov_iter *i,
 		skip = 0;
 	}
 	bi.bi_idx = 0;
-	bi.bi_size = maxsize + skip;
+	bi.bi_size = maxsize;
 	bi.bi_bvec_done = skip;
 
 	maxpages = want_pages_array(pages, maxsize, skip, maxpages);

Original file line number	Diff line number	Diff line change
`@@ -1700,7 +1700,7 @@ static ssize_t iov_iter_extract_bvec_pages(struct iov_iter *i,`
`1700`	`1700`	`skip = 0;`
`1701`	`1701`	`}`
`1702`	`1702`	`bi.bi_idx = 0;`
`1703`		`- bi.bi_size = maxsize + skip;`
	`1703`	`+ bi.bi_size = maxsize;`
`1704`	`1704`	`bi.bi_bvec_done = skip;`
`1705`	`1705`
`1706`	`1706`	`maxpages = want_pages_array(pages, maxsize, skip, maxpages);`