PAGE_SIZE - sg->offset may be bigger than sg->length, so we have
to cap it.
Reported-by: Yi Zhang <yi.zhang@xxxxxxxxxx>
Fixes: d5eff33ee6f8("nvmet: add simple file backed ns support")
Cc: Yi Zhang <yi.zhang@xxxxxxxxxx>
Cc: Sagi Grimberg <sagi@xxxxxxxxxxx>
Cc: Chaitanya Kulkarni <chaitanya.kulkarni@xxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Ming Lei <ming.lei@xxxxxxxxxx>
---
drivers/nvme/target/io-cmd-file.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/nvme/target/io-cmd-file.c b/drivers/nvme/target/io-cmd-file.c
index d67a43832cb1..149e17e699e5 100644
--- a/drivers/nvme/target/io-cmd-file.c
+++ b/drivers/nvme/target/io-cmd-file.c
@@ -79,7 +79,8 @@ static void nvmet_file_init_bvec(struct bio_vec *bv, struct sg_page_iter *iter)
{
bv->bv_page = sg_page_iter_page(iter);
bv->bv_offset = iter->sg->offset;
- bv->bv_len = PAGE_SIZE - iter->sg->offset;
+ bv->bv_len = min_t(unsigned, PAGE_SIZE - iter->sg->offset,
+ iter->sg->length);
}
static ssize_t nvmet_file_submit_bvec(struct nvmet_req *req, loff_t pos,
--
2.9.5
