On Wed, 2022-06-22 at 05:15 +0100, Al Viro wrote:
> All callers can and should handle iov_iter_get_pages() returning
> fewer pages than requested. All in-kernel ones do. And it makes
> the arithmetical overflow analysis much simpler...
>
> Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
> ---
> lib/iov_iter.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/lib/iov_iter.c b/lib/iov_iter.c
> index 30f4158382d6..c3fb7853dbe8 100644
> --- a/lib/iov_iter.c
> +++ b/lib/iov_iter.c
> @@ -1367,6 +1367,8 @@ ssize_t iov_iter_get_pages(struct iov_iter *i,
> maxsize = i->count;
> if (!maxsize)
> return 0;
> + if (maxsize > MAX_RW_COUNT)
> + maxsize = MAX_RW_COUNT;
>
> if (likely(user_backed_iter(i))) {
> unsigned int gup_flags = 0;
> @@ -1485,6 +1487,8 @@ ssize_t iov_iter_get_pages_alloc(struct iov_iter *i,
> maxsize = i->count;
> if (!maxsize)
> return 0;
> + if (maxsize > MAX_RW_COUNT)
> + maxsize = MAX_RW_COUNT;
>
> if (likely(user_backed_iter(i))) {
> unsigned int gup_flags = 0;
Reviewed-by: Jeff Layton <jlayton@xxxxxxxxxx>
