.bi_size of bvec iterator should be initialized as real max size for
walking, and .bi_bvec_done just counts how many bytes need to be
skipped in the 1st bvec, so .bi_size isn't related with .bi_bvec_done.
This patch fixes bvec iterator initialization, and the inner `size`
check isn't needed any more, so revert Eric Dumazet's commit
7bc802acf193 ("iov-iter: do not return more bytes than requested in
iov_iter_extract_bvec_pages()").
Cc: Eric Dumazet <edumazet@xxxxxxxxxx>
Fixes: e4e535bff2bc ("iov_iter: don't require contiguous pages in iov_iter_extract_bvec_pages")
Reported-by: syzbot+71abe7ab2b70bca770fd@xxxxxxxxxxxxxxxxxxxxxxxxx
Tested-by: syzbot+71abe7ab2b70bca770fd@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Ming Lei <ming.lei@xxxxxxxxxx>
---
Hi Jens,
If possible, please merge this one with Eric's commit.
lib/iov_iter.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/lib/iov_iter.c b/lib/iov_iter.c
index 3026bdcb4738..4a54c7af62c0 100644
--- a/lib/iov_iter.c
+++ b/lib/iov_iter.c
@@ -1700,7 +1700,7 @@ static ssize_t iov_iter_extract_bvec_pages(struct iov_iter *i,
skip = 0;
}
bi.bi_idx = 0;
- bi.bi_size = maxsize + skip;
+ bi.bi_size = maxsize;
bi.bi_bvec_done = skip;
maxpages = want_pages_array(pages, maxsize, skip, maxpages);
@@ -1724,10 +1724,6 @@ static ssize_t iov_iter_extract_bvec_pages(struct iov_iter *i,
(*pages)[k++] = bv.bv_page;
size += bv.bv_len;
- if (size >= maxsize) {
- size = maxsize;
- break;
- }
if (k >= maxpages)
break;
--
2.46.0
