www.infradead.org Git - users/hch/dma-mapping.git/commit

author	Omar Sandoval <osandov@fb.com>
	Mon, 30 Sep 2024 18:55:00 +0000 (11:55 -0700)
committer	Christian Brauner <brauner@kernel.org>
	Tue, 1 Oct 2024 09:49:57 +0000 (11:49 +0200)
commit	0d24852bd71ec85ca0016b6d6fc997e6a3381552
tree	5890cf52ed965d8359bb8c4989f0f90e136a9bab	tree
parent	e32cde8d2bd7d251a8f9b434143977ddf13dcec6	commit \| diff

iov_iter: fix advancing slot in iter_folioq_get_pages()

iter_folioq_get_pages() decides to advance to the next folioq slot when
it has reached the end of the current folio. However, it is checking
offset, which is the beginning of the current part, instead of
iov_offset, which is adjusted to the end of the current part, so it
doesn't advance the slot when it's supposed to. As a result, on the next
iteration, we'll use the same folio with an out-of-bounds offset and
return an unrelated page.

This manifested as various crashes and other failures in 9pfs in drgn's
VM testing setup and BPF CI.

Fixes: db0aa2e9566f ("mm: Define struct folio_queue and ITER_FOLIOQ to handle a sequence of folios")
Link: https://lore.kernel.org/linux-fsdevel/20240923183432.1876750-1-chantr4@gmail.com/
Tested-by: Manu Bretelle <chantr4@gmail.com>
Signed-off-by: Omar Sandoval <osandov@fb.com>
Link: https://lore.kernel.org/r/cbaf141ba6c0e2e209717d02746584072844841a.1727722269.git.osandov@fb.com
Tested-by: Eduard Zingerman <eddyz87@gmail.com>
Tested-by: Leon Romanovsky <leon@kernel.org>
Tested-by: Joey Gouly <joey.gouly@arm.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>