Issue is that if the data crosses a page boundary inside a compound
page, this check will incorrectly trigger a WARN_ON.
To fix this, compute the order using the head of the compound page and
adjust the offset to be relative to that head.
Fixes: 72e809ed81ed ("iov_iter: sanity checks for copy to/from page
primitives")
Signed-off-by: Petar Penkov <[email protected]>
CC: Al Viro <[email protected]>
CC: Eric Dumazet <[email protected]>
---
lib/iov_iter.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lib/iov_iter.c b/lib/iov_iter.c
index 52c8dd6d8e82..1c1c06ddc20a 100644
--- a/lib/iov_iter.c
+++ b/lib/iov_iter.c
@@ -687,8 +687,10 @@ EXPORT_SYMBOL(_copy_from_iter_full_nocache);
static inline bool page_copy_sane(struct page *page, size_t offset, size_t n)
{
- size_t v = n + offset;
- if (likely(n <= v && v <= (PAGE_SIZE << compound_order(page))))
+ struct page *head = compound_head(page);
+ size_t v = n + offset + page_address(page) - page_address(head);
+
+ if (likely(n <= v && v <= (PAGE_SIZE << compound_order(head))))
return true;
WARN_ON(1);
return false;
--
2.14.1.342.g6490525c54-goog
On Tuesday, 29 August 2017 11:20:32 PDT Petar Penkov wrote:
> Issue is that if the data crosses a page boundary inside a compound
> page, this check will incorrectly trigger a WARN_ON.
>
> To fix this, compute the order using the head of the compound page and
> adjust the offset to be relative to that head.
>
> Fixes: 72e809ed81ed ("iov_iter: sanity checks for copy to/from page
> primitives")
Hello
Is this patch slated to end up in one of the 4.13.x updates? It landed on
v4.14-rc2 already but seems to have missed the 4.13.3 and 4.13.4 tagging.
Without this patch, I can't connect any USB Ethernet or the kernel will start
producing that WARN_ON message and returning -EFAULT for quite a few programs.
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
Software Architect - Intel Open Source Technology Center
On Sat, Sep 30, 2017 at 12:24 PM, Thiago Macieira
<[email protected]> wrote:
> On Tuesday, 29 August 2017 11:20:32 PDT Petar Penkov wrote:
>> Issue is that if the data crosses a page boundary inside a compound
>> page, this check will incorrectly trigger a WARN_ON.
>>
>> To fix this, compute the order using the head of the compound page and
>> adjust the offset to be relative to that head.
>>
>> Fixes: 72e809ed81ed ("iov_iter: sanity checks for copy to/from page
>> primitives")
>
> Hello
>
> Is this patch slated to end up in one of the 4.13.x updates? It landed on
> v4.14-rc2 already but seems to have missed the 4.13.3 and 4.13.4 tagging.
>
> Without this patch, I can't connect any USB Ethernet or the kernel will start
> producing that WARN_ON message and returning -EFAULT for quite a few programs.
>
Hmm... problem Petar had originally has been solved.
His commit ( 90e33d45940793def6f773b2d528e9f3c84ffdc7 in Dave Miller net-next)
no longer hits the problem, while his prior version triggered the issue.
Relevant and updated part is :
+ page = virt_to_head_page(data);
+ offset = data - page_address(page);
+ skb_fill_page_desc(skb, i - 1, page, offset, fragsz);