Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp3785073ybi; Mon, 29 Jul 2019 12:34:24 -0700 (PDT) X-Google-Smtp-Source: APXvYqz897c9BjAdDS1mSv96ev8UeYo9JQJPy7EYWPm+EUcDqYcKEvB/hHS6LyZSELdUi6+gd+wj X-Received: by 2002:a17:902:a514:: with SMTP id s20mr105711575plq.162.1564428864341; Mon, 29 Jul 2019 12:34:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564428864; cv=none; d=google.com; s=arc-20160816; b=WyRsuwHlgLQR/Mgu5Lgesr5uPrP4AcCbD4DG/GsOy410ezOFXEDYI7TMHiCNT0QZT7 FXwqcCKZqz2Rotu+BwxcbFwz7mQHe7JjLv2vASw2jECN8x7pWPcK12n2LHnVQIFBVjUz rIFzewsH27mmi1snxnU0nexIr21jqMnrPeKr9ZVbwQQV/z1Ey/P/HI8xPsbb6vONjN4s QeuzBISeGhE5p4Gfaa+1c2SX75dAI8oX0z9e6aaF/0IbwscxeXsHERNmXsyVlwZZP9zg t9A+2UFri0BsPge1s5OK/ivJ809Bg3WzLUCIZl7qDyKumk43fcdUfkkOwT2o+h1RvEC/ 26TQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=AxsjJoYDlEdHmOlkgJDx5FEB0D2nEwu6fK9NuIzxOwM=; b=DsDQCXXfRWpjCMyXIG2tMhMAxbiiQwxiShfRPm45DJJnzsUqrurwHEgQlNbO5EhaMC MSWuYl0K6Soi55cU9tfVgzX/i4NDyObWpr+x1/U2tpfcKlVZXPoPI86ZguG0fwZgCkgg SeMyEjwE4ma8apO7r2xBuAwhTlcz+iWCQ9Z2SDdtav7HYyMMxrCOWCOUJnFOx5yz+MuA CpEl9vOhICP3BBeoYs/Y7drB2nUeyxaBX/bBGl8ylRuf+DANdCzxT56/FhAvph/cVxdm EH3wY86p59nUMq6JjSpy7LN23ubhGSNeRmtUrzIpj/fBvwGAmQXMx+twtriIO1+QuSDP TJqA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=oXs+bAXK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r190si27186009pfr.102.2019.07.29.12.34.09; Mon, 29 Jul 2019 12:34:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=oXs+bAXK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729355AbfG2Tal (ORCPT + 99 others); Mon, 29 Jul 2019 15:30:41 -0400 Received: from mail.kernel.org ([198.145.29.99]:43310 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728321AbfG2Taf (ORCPT ); Mon, 29 Jul 2019 15:30:35 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 016762070B; Mon, 29 Jul 2019 19:30:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1564428634; bh=JLeOArumhw3pHEpAq0cX2sLAqcrHiDyam2CGdvxGhxQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=oXs+bAXKhTMHmSkjpEEIEXmwJbM80Tu+t3IXKzSgi4qkozRi/SJ30RKIxFbcb2MF3 0/wtv/e4QfsmLqm3egV6KSiOI+DNJRrmOYW7otssLJqbe7qGDNmde2NwoWXqj95QVB 9HWL1zmjp9qrjql0i35guKxrXgsR3kEIQnmmxBlk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Christophe Leroy , Herbert Xu Subject: [PATCH 4.14 137/293] lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE Date: Mon, 29 Jul 2019 21:20:28 +0200 Message-Id: <20190729190835.044826789@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190729190820.321094988@linuxfoundation.org> References: <20190729190820.321094988@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Christophe Leroy commit aeb87246537a83c2aff482f3f34a2e0991e02cbc upstream. All mapping iterator logic is based on the assumption that sg->offset is always lower than PAGE_SIZE. But there are situations where sg->offset is such that the SG item is on the second page. In that case sg_copy_to_buffer() fails properly copying the data into the buffer. One of the reason is that the data will be outside the kmapped area used to access that data. This patch fixes the issue by adjusting the mapping iterator offset and pgoffset fields such that offset is always lower than PAGE_SIZE. Signed-off-by: Christophe Leroy Fixes: 4225fc8555a9 ("lib/scatterlist: use page iterator in the mapping iterator") Cc: stable@vger.kernel.org Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- lib/scatterlist.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) --- a/lib/scatterlist.c +++ b/lib/scatterlist.c @@ -496,17 +496,18 @@ static bool sg_miter_get_next_page(struc { if (!miter->__remaining) { struct scatterlist *sg; - unsigned long pgoffset; if (!__sg_page_iter_next(&miter->piter)) return false; sg = miter->piter.sg; - pgoffset = miter->piter.sg_pgoffset; - miter->__offset = pgoffset ? 0 : sg->offset; + miter->__offset = miter->piter.sg_pgoffset ? 0 : sg->offset; + miter->piter.sg_pgoffset += miter->__offset >> PAGE_SHIFT; + miter->__offset &= PAGE_SIZE - 1; miter->__remaining = sg->offset + sg->length - - (pgoffset << PAGE_SHIFT) - miter->__offset; + (miter->piter.sg_pgoffset << PAGE_SHIFT) - + miter->__offset; miter->__remaining = min_t(unsigned long, miter->__remaining, PAGE_SIZE - miter->__offset); }