www.infradead.org Git - linux.git/commit

author	David Howells <dhowells@redhat.com>
	Mon, 23 Sep 2024 15:07:51 +0000 (16:07 +0100)
committer	Steve French <stfrench@microsoft.com>
	Wed, 25 Sep 2024 02:53:08 +0000 (21:53 -0500)
commit	307f77e7f5855cd42c62fee3f97e4dea5a04a15b
tree	5b6f67ad7cf816052beedade58c8417e9658c729	tree
parent	2f3017e7cc7515e0110a3733d8dca84de2a1d23d	commit \| diff

cifs: Fix reversion of the iter in cifs_readv_receive().

cifs_read_iter_from_socket() copies the iterator that's passed in for the
socket to modify as and if it will, and then advances the original iterator
by the amount sent.  However, both callers revert the advancement (although
receive_encrypted_read() zeros beyond the iterator first).  The problem is,
though, that cifs_readv_receive() reverts by the original length, not the
amount transmitted which can cause an oops in iov_iter_revert().

Fix this by:

(1) Remove the iov_iter_advance() from cifs_read_iter_from_socket().

(2) Remove the iov_iter_revert() from both callers.  This fixes the bug in
     cifs_readv_receive().

(3) In receive_encrypted_read(), if we didn't get back as much data as the
     buffer will hold, copy the iterator, advance the copy and use the copy
     to drive iov_iter_zero().

As a bonus, this gets rid of some unnecessary work.

This was triggered by generic/074 with the "-o sign" mount option.

Fixes: 3ee1a1fc3981 ("cifs: Cut over to using netfslib")
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Steve French <sfrench@samba.org>
cc: Paulo Alcantara <pc@manguebit.com>
cc: Shyam Prasad N <nspmangalore@gmail.com>
cc: Rohith Surabattula <rohiths.msft@gmail.com>
cc: Jeff Layton <jlayton@kernel.org>
cc: linux-cifs@vger.kernel.org
cc: netfs@lists.linux.dev
cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>

fs/smb/client/connect.c		diff \| blob \| history
fs/smb/client/smb2ops.c		diff \| blob \| history
fs/smb/client/transport.c		diff \| blob \| history