Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp1191438ybi; Fri, 2 Aug 2019 10:51:22 -0700 (PDT) X-Google-Smtp-Source: APXvYqwjFzNyU/jYGGJrBtXfSAToN4sutITQbxgSmt//V17hJWuqrcHlqRL/rLDrvZQr29Sfvq68 X-Received: by 2002:a63:755e:: with SMTP id f30mr126098899pgn.246.1564768281908; Fri, 02 Aug 2019 10:51:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564768281; cv=none; d=google.com; s=arc-20160816; b=YXyAaBrEZnhZliAOuyTdV+RoUnpHRMgk3vW0SJWdQLyb078IKqNXHqKhBLe9pPULrx I9/v5k//nQIX/Gb8U3Tr83F4FgQClkWtvVN6QMAxPFgNb7l5esXF/EdHQp6h7jUGxKgg qjbHfxJZSrqg0zNoNjIuh5+1dcbE0c0xnk1gIt6t8rJbzyDB8NSz/cvmZ4saAGlxLXB0 28zf2bK64p+a96nriYRSv1xCYO8cQiTNlIovsX1a8CzqrCDb2Cq8AnaQlV/Hsxfrpwi5 VrmUkZry0KGdr7d7d9o5yuiOb58F3kv1Wc+fMfQ/4pxDDzs3ojFTcfAe459bfeeGPBSz Q9Qg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=AxsjJoYDlEdHmOlkgJDx5FEB0D2nEwu6fK9NuIzxOwM=; b=tRrMPB8jeHzqVRZMrL1zH5lENCvRwSkUbwNh9APm7JPqA8aFouzDLXsSh0tYhjY3Ed vqxETHk9vwdnAdhfk8LfpIEnSAlgyRV84q0wrckcL1p8anzvHxVoWOpTapp/V2eEQNec 4lnQTD0CIsRukzqdJmKyt4c/Ttl7i8WpqswRhiDDpENmOmyhP4yZFbNQCOUCwc+A/JIZ rXtq2fpucEdqB1Nko6XguXqMvTzbLkJcsehT+yFO0xBZKlKvTTlsUCx2xjzFISH9SKVo ZHUT2cN3yM3XkRyFhWi2gR8ra2C1jRbikwl2vEoua2/OGGedzEcLtFoz+TE0WETFpOod HPmQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=aC4KywNz; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k13si12510281pgt.285.2019.08.02.10.51.06; Fri, 02 Aug 2019 10:51:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=aC4KywNz; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2405841AbfHBJvd (ORCPT + 99 others); Fri, 2 Aug 2019 05:51:33 -0400 Received: from mail.kernel.org ([198.145.29.99]:48068 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2391547AbfHBJoj (ORCPT ); Fri, 2 Aug 2019 05:44:39 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9080C206A2; Fri, 2 Aug 2019 09:44:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1564739078; bh=JLeOArumhw3pHEpAq0cX2sLAqcrHiDyam2CGdvxGhxQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aC4KywNzdMrEJ4bVo/ofCfFWIvI4cNKZTFtab3+H4yGSSTYbiuyt6bc/HBXdfQePi 2v67rjOkaEso70X9B/B1p0VV1at1kKKOU76cUQf5djfVe/RnCk2wLlILF/3RgXi9Zq LxM20/RcChLoBKMfBVrZBjyZxk0/gzdXpGvQYJrU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Christophe Leroy , Herbert Xu Subject: [PATCH 4.9 089/223] lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE Date: Fri, 2 Aug 2019 11:35:14 +0200 Message-Id: <20190802092244.851105063@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190802092238.692035242@linuxfoundation.org> References: <20190802092238.692035242@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Christophe Leroy commit aeb87246537a83c2aff482f3f34a2e0991e02cbc upstream. All mapping iterator logic is based on the assumption that sg->offset is always lower than PAGE_SIZE. But there are situations where sg->offset is such that the SG item is on the second page. In that case sg_copy_to_buffer() fails properly copying the data into the buffer. One of the reason is that the data will be outside the kmapped area used to access that data. This patch fixes the issue by adjusting the mapping iterator offset and pgoffset fields such that offset is always lower than PAGE_SIZE. Signed-off-by: Christophe Leroy Fixes: 4225fc8555a9 ("lib/scatterlist: use page iterator in the mapping iterator") Cc: stable@vger.kernel.org Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- lib/scatterlist.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) --- a/lib/scatterlist.c +++ b/lib/scatterlist.c @@ -496,17 +496,18 @@ static bool sg_miter_get_next_page(struc { if (!miter->__remaining) { struct scatterlist *sg; - unsigned long pgoffset; if (!__sg_page_iter_next(&miter->piter)) return false; sg = miter->piter.sg; - pgoffset = miter->piter.sg_pgoffset; - miter->__offset = pgoffset ? 0 : sg->offset; + miter->__offset = miter->piter.sg_pgoffset ? 0 : sg->offset; + miter->piter.sg_pgoffset += miter->__offset >> PAGE_SHIFT; + miter->__offset &= PAGE_SIZE - 1; miter->__remaining = sg->offset + sg->length - - (pgoffset << PAGE_SHIFT) - miter->__offset; + (miter->piter.sg_pgoffset << PAGE_SHIFT) - + miter->__offset; miter->__remaining = min_t(unsigned long, miter->__remaining, PAGE_SIZE - miter->__offset); }