From: Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx> commit ace149e0830c380ddfce7e466fe860ca502fe4ee upstream. If the caller supplies an iocb->ki_pos value that is close to the filesystem upper limit, and an iterator with a count that causes us to overflow that limit, then filemap_read() enters an infinite loop. This behaviour was discovered when testing xfstests generic/525 with the "localio" optimisation for loopback NFS mounts. Reported-by: Mike Snitzer <snitzer@xxxxxxxxxx> Fixes: c2a9737f45e2 ("vfs,mm: fix a dead loop in truncate_inode_pages_range()") Tested-by: Mike Snitzer <snitzer@xxxxxxxxxx> Signed-off-by: Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx> Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- mm/filemap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/filemap.c +++ b/mm/filemap.c @@ -2609,7 +2609,7 @@ ssize_t filemap_read(struct kiocb *iocb, if (unlikely(!iov_iter_count(iter))) return 0; - iov_iter_truncate(iter, inode->i_sb->s_maxbytes); + iov_iter_truncate(iter, inode->i_sb->s_maxbytes - iocb->ki_pos); folio_batch_init(&fbatch); do { Patches currently in stable-queue which might be from trond.myklebust@xxxxxxxxxxxxxxx are queue-6.11/nfs-further-fixes-to-attribute-delegation-a-mtime-ch.patch queue-6.11/nfs-fix-attribute-delegation-behaviour-on-exclusive-.patch queue-6.11/filemap-fix-bounds-checking-in-filemap_read.patch