Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751333AbdH2SUz (ORCPT ); Tue, 29 Aug 2017 14:20:55 -0400 Received: from mail-pf0-f175.google.com ([209.85.192.175]:34641 "EHLO mail-pf0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751215AbdH2SUy (ORCPT ); Tue, 29 Aug 2017 14:20:54 -0400 X-Google-Smtp-Source: ADKCNb5ABJCCH326pihbhtzpRYhmYOOhviy7LRWE7fzffaIB8U5oKQPEWvK9Z0UysMJk6DgoiVas4w== From: Petar Penkov To: linux-kernel@vger.kernel.org Cc: Petar Penkov , Al Viro , Eric Dumazet Subject: [PATCH v1] iov_iter: fix page_copy_sane for compound pages Date: Tue, 29 Aug 2017 11:20:32 -0700 Message-Id: <20170829182032.61961-1-ppenkov@google.com> X-Mailer: git-send-email 2.14.1.342.g6490525c54-goog Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1154 Lines: 35 Issue is that if the data crosses a page boundary inside a compound page, this check will incorrectly trigger a WARN_ON. To fix this, compute the order using the head of the compound page and adjust the offset to be relative to that head. Fixes: 72e809ed81ed ("iov_iter: sanity checks for copy to/from page primitives") Signed-off-by: Petar Penkov CC: Al Viro CC: Eric Dumazet --- lib/iov_iter.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/iov_iter.c b/lib/iov_iter.c index 52c8dd6d8e82..1c1c06ddc20a 100644 --- a/lib/iov_iter.c +++ b/lib/iov_iter.c @@ -687,8 +687,10 @@ EXPORT_SYMBOL(_copy_from_iter_full_nocache); static inline bool page_copy_sane(struct page *page, size_t offset, size_t n) { - size_t v = n + offset; - if (likely(n <= v && v <= (PAGE_SIZE << compound_order(page)))) + struct page *head = compound_head(page); + size_t v = n + offset + page_address(page) - page_address(head); + + if (likely(n <= v && v <= (PAGE_SIZE << compound_order(head)))) return true; WARN_ON(1); return false; -- 2.14.1.342.g6490525c54-goog