Patch "cifs: Fix cifs_limit_bvec_subset() to correctly check the maxmimum size" has been added to the 6.3-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Fri, 26 May 2023 20:08:00 +0100

This is a note to let you know that I've just added the patch titled

    cifs: Fix cifs_limit_bvec_subset() to correctly check the maxmimum size

to the 6.3-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     cifs-fix-cifs_limit_bvec_subset-to-correctly-check-the-maxmimum-size.patch
and it can be found in the queue-6.3 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 4ef4aee67eed640064fff95a693c0184cedb7bec Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@xxxxxxxxxx>
Date: Tue, 23 May 2023 13:48:41 +0100
Subject: cifs: Fix cifs_limit_bvec_subset() to correctly check the maxmimum size

From: David Howells <dhowells@xxxxxxxxxx>

commit 4ef4aee67eed640064fff95a693c0184cedb7bec upstream.

Fix cifs_limit_bvec_subset() so that it limits the span to the maximum
specified and won't return with a size greater than max_size.

Fixes: d08089f649a0 ("cifs: Change the I/O paths to use an iterator rather than a page list")
Cc: stable@xxxxxxxxxxxxxxx # 6.3
Reported-by: Shyam Prasad N <sprasad@xxxxxxxxxxxxx>
Reviewed-by: Shyam Prasad N <sprasad@xxxxxxxxxxxxx>
Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
cc: Steve French <smfrench@xxxxxxxxx>
cc: Rohith Surabattula <rohiths.msft@xxxxxxxxx>
cc: Paulo Alcantara <pc@xxxxxxxxxxxxx>
cc: Tom Talpey <tom@xxxxxxxxxx>
cc: Jeff Layton <jlayton@xxxxxxxxxx>
cc: linux-cifs@xxxxxxxxxxxxxxx
cc: linux-fsdevel@xxxxxxxxxxxxxxx
Signed-off-by: Steve French <stfrench@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 fs/cifs/file.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/cifs/file.c b/fs/cifs/file.c
index ba7f2e09d6c8..df88b8c04d03 100644
--- a/fs/cifs/file.c
+++ b/fs/cifs/file.c
@@ -3353,9 +3353,10 @@ static size_t cifs_limit_bvec_subset(const struct iov_iter *iter, size_t max_siz
 	while (n && ix < nbv) {
 		len = min3(n, bvecs[ix].bv_len - skip, max_size);
 		span += len;
+		max_size -= len;
 		nsegs++;
 		ix++;
-		if (span >= max_size || nsegs >= max_segs)
+		if (max_size == 0 || nsegs >= max_segs)
 			break;
 		skip = 0;
 		n -= len;
-- 
2.40.1



Patches currently in stable-queue which might be from dhowells@xxxxxxxxxx are

queue-6.3/cifs-fix-cifs_limit_bvec_subset-to-correctly-check-the-maxmimum-size.patch






