All callers can and should handle iov_iter_get_pages() returning
fewer pages than requested. All in-kernel ones do. And it makes
the arithmetical overflow analysis much simpler...
Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
---
fs/splice.c | 2 +-
lib/iov_iter.c | 4 ++++
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/fs/splice.c b/fs/splice.c
index 6645b30ec990..493878bd9bb9 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1168,7 +1168,7 @@ static int iter_to_pipe(struct iov_iter *from,
size_t start;
int n;
- copied = iov_iter_get_pages(from, pages, ~0UL, 16, &start);
+ copied = iov_iter_get_pages(from, pages, LONG_MAX, 16, &start);
if (copied <= 0) {
ret = copied;
break;
diff --git a/lib/iov_iter.c b/lib/iov_iter.c
index 3abd1c596520..2d4176a2a1b5 100644
--- a/lib/iov_iter.c
+++ b/lib/iov_iter.c
@@ -1367,6 +1367,8 @@ ssize_t iov_iter_get_pages(struct iov_iter *i,
maxsize = i->count;
if (!maxsize)
return 0;
+ if (maxsize > LONG_MAX)
+ maxsize = LONG_MAX;
if (likely(user_backed_iter(i))) {
unsigned int gup_flags = 0;
@@ -1485,6 +1487,8 @@ ssize_t iov_iter_get_pages_alloc(struct iov_iter *i,
maxsize = i->count;
if (!maxsize)
return 0;
+ if (maxsize > LONG_MAX)
+ maxsize = LONG_MAX;
if (likely(user_backed_iter(i))) {
unsigned int gup_flags = 0;
--
2.30.2
