Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp9980161ybi; Wed, 24 Jul 2019 13:27:43 -0700 (PDT) X-Google-Smtp-Source: APXvYqzAODynGGb1SAmhgV8RQEZWJRUTXT2ruvztkUpu7QjuXqDmQUiojWwRAgbEY/TsBgV52+4c X-Received: by 2002:a63:d555:: with SMTP id v21mr60636579pgi.179.1564000063394; Wed, 24 Jul 2019 13:27:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564000063; cv=none; d=google.com; s=arc-20160816; b=WxQn97jdBlYwoatZCDOvYr+gEFwbzMWlF1ZY0sgLUmJj3IWshc/PmHBFtTs4C5bg3U HT2O0DQwWIIL1aj8zUSKIDk2xdOYPKr1ifWPLCuTgSozerpJGoCVEUgDYKH9g1rqFj2w 6yrZHDGLmAteF4mjLV+SqL/4kaim2I0Ppz21PKUItmEXGsvs++lGg+K8LJdgt772OMTE 8ODoES19QV6mXpsGyI+UM6agMlrAKHkSMWEOPBdrGVnz40xgkXOD+mm5hFKOPoDVcuTo 4al7uPBDOm43jxuxt7swZwnbhObYfEZ7AcVkF5e9GNtFBSToFKS+QmqjdYCKotI/LocB JC/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=9Z1C5xDX9txyimll0jJ1i9T2B74emnyORnOU0Ubyxiw=; b=mzorUGzcYFxMmP5p15dHT66jmo1129nqzGeuaRmo7OEkh0QuvpgP+MpG3Q0b36EVrA 9Gi4njcD55wvl3osIJmqpVTXcPbJ3yWx3Tls4XT0OAXbTcxdK7coQi24YfzA3OHfZDgQ D9AO8wk5a215BhQxbxNNo5rc97FWXQCKxs2rsObW5XvVBr2eTqlJQePr70IWuMBQ1qJ0 UJ49Okqfh8lzdgbOkLQDgd7gWrP+iNiOPhLTUI5zaaAhsUZ2ecoFwkw13rlVfgUfF0cH Tk4QLC7iqvVZ3M0cAFShF7KsVoc2NaAQARJSYZDDQ0XouqKF8mtuVfzqcv6W+RNpgmNI 2CPg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="DWtsN/bS"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w15si18139900ply.127.2019.07.24.13.27.28; Wed, 24 Jul 2019 13:27:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="DWtsN/bS"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390680AbfGXU0T (ORCPT + 99 others); Wed, 24 Jul 2019 16:26:19 -0400 Received: from mail.kernel.org ([198.145.29.99]:37996 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388024AbfGXThn (ORCPT ); Wed, 24 Jul 2019 15:37:43 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 05ED9214AF; Wed, 24 Jul 2019 19:37:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1563997062; bh=sV39wD+/l0rQLdQ+sWqLjjPoyVdWcxDGkpRKscVQDg4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DWtsN/bSGGqdH/kR0e1EQb1BOPB0+/pYqDXuC5n9PVEQqwK0sVnrLPwUe3pAZQTn0 nnmx0DB+j2AY5Vz2ebXTxi5PYqyxVo2TZaM7R0aGwAiFpOR8oJ8g5Vmx8XZu4BZmE0 1k53wEO38c+uJcMqOangsELn1ew0TlZNu3xbz9tw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Christophe Leroy , Herbert Xu Subject: [PATCH 5.2 309/413] lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE Date: Wed, 24 Jul 2019 21:20:00 +0200 Message-Id: <20190724191757.864545880@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190724191735.096702571@linuxfoundation.org> References: <20190724191735.096702571@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Christophe Leroy commit aeb87246537a83c2aff482f3f34a2e0991e02cbc upstream. All mapping iterator logic is based on the assumption that sg->offset is always lower than PAGE_SIZE. But there are situations where sg->offset is such that the SG item is on the second page. In that case sg_copy_to_buffer() fails properly copying the data into the buffer. One of the reason is that the data will be outside the kmapped area used to access that data. This patch fixes the issue by adjusting the mapping iterator offset and pgoffset fields such that offset is always lower than PAGE_SIZE. Signed-off-by: Christophe Leroy Fixes: 4225fc8555a9 ("lib/scatterlist: use page iterator in the mapping iterator") Cc: stable@vger.kernel.org Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- lib/scatterlist.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) --- a/lib/scatterlist.c +++ b/lib/scatterlist.c @@ -676,17 +676,18 @@ static bool sg_miter_get_next_page(struc { if (!miter->__remaining) { struct scatterlist *sg; - unsigned long pgoffset; if (!__sg_page_iter_next(&miter->piter)) return false; sg = miter->piter.sg; - pgoffset = miter->piter.sg_pgoffset; - miter->__offset = pgoffset ? 0 : sg->offset; + miter->__offset = miter->piter.sg_pgoffset ? 0 : sg->offset; + miter->piter.sg_pgoffset += miter->__offset >> PAGE_SHIFT; + miter->__offset &= PAGE_SIZE - 1; miter->__remaining = sg->offset + sg->length - - (pgoffset << PAGE_SHIFT) - miter->__offset; + (miter->piter.sg_pgoffset << PAGE_SHIFT) - + miter->__offset; miter->__remaining = min_t(unsigned long, miter->__remaining, PAGE_SIZE - miter->__offset); }