On Mon, Aug 01, 2022 at 01:42:04PM +0100, David Howells wrote: > You need to modify dup_iter() also. That will go through the: > > return new->iov = kmemdup(new->iov, > new->nr_segs * sizeof(struct iovec), > flags); > > case with a ubuf-class iterators, which will clobber new->ubuf. > > David Fixed, folded and pushed out. Incremental: diff --git a/lib/iov_iter.c b/lib/iov_iter.c index 939078ffbfb5..46ec07886d7b 100644 --- a/lib/iov_iter.c +++ b/lib/iov_iter.c @@ -1659,17 +1659,16 @@ const void *dup_iter(struct iov_iter *new, struct iov_iter *old, gfp_t flags) WARN_ON(1); return NULL; } - if (unlikely(iov_iter_is_discard(new) || iov_iter_is_xarray(new))) - return NULL; if (iov_iter_is_bvec(new)) return new->bvec = kmemdup(new->bvec, new->nr_segs * sizeof(struct bio_vec), flags); - else + else if (iov_iter_is_kvec(new) || iter_is_iovec(new)) /* iovec and kvec have identical layout */ return new->iov = kmemdup(new->iov, new->nr_segs * sizeof(struct iovec), flags); + return NULL; } EXPORT_SYMBOL(dup_iter);
