David Howells <dhowells@xxxxxxxxxx> wrote:
> I don't suppose you can tell me what line smb2_readv_callback+0x50f/0x5b0 is?
It's almost certainly the iov_iter_revert() here:
switch (mid->mid_state) {
case MID_RESPONSE_RECEIVED:
credits.value = le16_to_cpu(shdr->CreditRequest);
credits.instance = server->reconnect_instance;
/* result already set, check signature */
if (server->sign && !mid->decrypted) {
int rc;
iov_iter_revert(&rqst.rq_iter, rdata->got_bytes);
iov_iter_truncate(&rqst.rq_iter, rdata->got_bytes);
The reason that the:
[ 228.573737] kernel BUG at lib/iov_iter.c:582!
happens is that we're trying to wind the iterator back before its start point.
Now, the iterator is reinitialised at the beginning of the function:
if (rdata->got_bytes) {
rqst.rq_iter = rdata->subreq.io_iter;
rqst.rq_iter_size = iov_iter_count(&rdata->subreq.io_iter);
}
so the reversion is probably unnecessary.
Note that this can only happen if we're using signed messages:
if (server->sign && !mid->decrypted) {
as we wind back the iterator so that we can use it to feed the buffer to the
hashing algorithm.
David
