Re: [PATCH] iov_iter: Use iov_offset for length calculation in iov_iter_aligned_bvec

From: Andrew Morton
Date: Wed Apr 16 2025 - 19:55:21 EST

Next message: D Scott Phillips: "Re: [PATCH 1/2] arm64: errata: Work around AmpereOne's erratum AC03_CPU_36"
Previous message: D Scott Phillips: "Re: [PATCH 2/2] arm64: errata: Work around AmpereOne's erratum AC04_CPU_23"
In reply to: Nitesh Shetty: "[PATCH] iov_iter: Use iov_offset for length calculation in iov_iter_aligned_bvec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 15 Apr 2025 23:44:19 +0530 Nitesh Shetty <nj.shetty@xxxxxxxxxxx> wrote:

> If iov_offset is non-zero, then we need to consider iov_offset in length
> calculation, otherwise we might pass smaller IOs such as 512 bytes
> with 256 bytes offset.
>

Please describe the userspace-visible effects of this flaw, if any?

> --- a/lib/iov_iter.c
> +++ b/lib/iov_iter.c
> @@ -820,7 +820,7 @@ static bool iov_iter_aligned_bvec(const struct iov_iter *i, unsigned addr_mask,
> size_t size = i->count;
>
> do {
> - size_t len = bvec->bv_len;
> + size_t len = bvec->bv_len - skip;
>
> if (len > size)
> len = size;
>

Next message: D Scott Phillips: "Re: [PATCH 1/2] arm64: errata: Work around AmpereOne's erratum AC03_CPU_36"
Previous message: D Scott Phillips: "Re: [PATCH 2/2] arm64: errata: Work around AmpereOne's erratum AC04_CPU_23"
In reply to: Nitesh Shetty: "[PATCH] iov_iter: Use iov_offset for length calculation in iov_iter_aligned_bvec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]