From nobody Sun Oct 5 01:46:17 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 78A3B18CC13; Mon, 11 Aug 2025 07:39:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754897957; cv=none; b=oOfAGTurCypt6p9u86CBeAW4dtM198OoddkwvIasoSkB6wzL3E8q2Ez4F81GVRu6ZXbaDd4TIYBNfqpPwer3USoMNOR5pjTTVX2vNgNlvzKwaPaz1mP55sxqZpPeMit+ubvsAoWkweGpWRdc1b08TDDCYt76nQ2v5KFvDr6MglI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754897957; c=relaxed/simple; bh=mK6CJP6wXPdl6rvaIqsW3gkQFt5wVL75TLgzg9n7BVw=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=K64yoBcPHZLsnHUHc0/GVWUopPPaPnc4S4ten6f+MVS9qNoNoN03HLGJfVsbW8/yvsQe+6AMXYKbsKHBdpVQxIDgEGMj5z1sknUBINv9Ted+nlkuctRrx4CyEE/ZzRpp0vJyX0pvsrd6/s+K03NC6fsakJ17UKcAseW8wcm7Ewc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=FJDS7pZ3; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="FJDS7pZ3" Received: by smtp.kernel.org (Postfix) with ESMTPS id 1F196C4CEF6; Mon, 11 Aug 2025 07:39:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1754897957; bh=mK6CJP6wXPdl6rvaIqsW3gkQFt5wVL75TLgzg9n7BVw=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=FJDS7pZ3Dd5o9CzfSfgqeMXjCSuQ2XZOV7FZZkXXawW8tlZBAIUjcavmwXs0RHRkK Vp0NSL/rL/iaHiQnGJKdu6YEHnB+IzCrThYQO1JLpxyicFbieoTb8Sl/l0q5BegKtP 9kk/XIAO/GAgrOlxC9H+DcWUts5jRddWkGMa9W1LjDMXppv9z0qeTPAgvM8tZYDFPC hQrDrYr1Y10xwkliknEo1OA3PYDzpwHfkmVlBosRhnKSCWVlYwfqyusnyqXZ/EyOfg YkLGurowGAejqtM53pom18mgBp5lfNsmN/GpT/yFqwT8a1s4erDqa0+WyZ22iPuK2m kg4ZfOQPzElQw== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 10EE2C87FD2; Mon, 11 Aug 2025 07:39:17 +0000 (UTC) From: Dominique Martinet via B4 Relay Date: Mon, 11 Aug 2025 16:39:05 +0900 Subject: [PATCH 1/2] iov_iter: iterate_folioq: fix handling of offset >= folio size Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250811-iot_iter_folio-v1-1-d9c223adf93c@codewreck.org> References: <20250811-iot_iter_folio-v1-0-d9c223adf93c@codewreck.org> In-Reply-To: <20250811-iot_iter_folio-v1-0-d9c223adf93c@codewreck.org> To: "Matthew Wilcox (Oracle)" , Christian Brauner , David Howells , Alexander Viro , Andrew Morton Cc: Maximilian Bosch , Ryan Lahfa , Christian Theune , Arnout Engelen , linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, linux-fsdevel@vger.kernel.org, Dominique Martinet , stable@vger.kernel.org X-Mailer: b4 0.15-dev-7be4f X-Developer-Signature: v=1; a=openpgp-sha256; l=2365; i=asmadeus@codewreck.org; h=from:subject:message-id; bh=hZDuTLSkBIrbNvtG2nBE30QLrkf6x/91sVi7wfIoY/8=; b=owEBbQKS/ZANAwAKAatOm+xqmOZwAcsmYgBomZ4jPlqojv6vaPt93ZlypZLQsy3yk2wT3tyj6 icWFXgHg5yJAjMEAAEKAB0WIQT8g9txgG5a3TOhiE6rTpvsapjmcAUCaJmeIwAKCRCrTpvsapjm cPRkD/99SV5Af6iDJv4P7JOhmn3VChlwphgIm3/B/MNnzBf1jXsBZaCdyxliuJ0wzqyv5XM1hOR Bx0XvLSU8abfTNwB6m92a/wDMVm/VJzJe4LJ7XeRA9fZacSaBjs5xo9481418Y56j9ARNerELQA KMy8ktpDAoCcbw/a0PitGs+4lULLGNd4pXEj+iJ6TTndo/CFsza73PKqjCC7XCgD6KQZX+O80Vc 3Y7Fq8YbToVUbq18aS+AvNyRbvS72bg4VlPodHSMxPGl/POs/vFPMobKnz3iDu9A0bkUuXDq58E QHFDNlnqrm8yOnXyD0rfsq1mvqpGIN2bY4NHqeBT1x9DNDQ6KDWwukj1AHdwJM13nxAgXgTR8gP SAjIDJ0pJEz7PFfmVvMWX8Hdg9DGuPNqDcuujs8hnKraPkBqv4UJe3d4I8+IE5qqnhKhIDrUTBs t/3zyXGLFdfrhpam3zxuxA5LdrX4HDF/sDiZ5PHb7fDHBlszz5oHW/5QAWzvEqymp6tgPowx0FV 4jCRRMpNB11If1y9KJM1QyD9g6dcYgi0EZ5GOOGR/vealtNi1U5iENhsBvXNu+fVcOC6YAKtUhU 9m0fuUJF7//Vdia6rl0SiLs4Cxtlaw2EhKJL49XOqpwro6uGWUfxDDlMnR713LMOxihT1MVFPXS SpzJgfLbIpBRWhw== X-Developer-Key: i=asmadeus@codewreck.org; a=openpgp; fpr=B894379F662089525B3FB1B9333F1F391BBBB00A X-Endpoint-Received: by B4 Relay for asmadeus@codewreck.org/default with auth_id=435 X-Original-From: Dominique Martinet Reply-To: asmadeus@codewreck.org From: Dominique Martinet It's apparently possible to get an iov forwarded all the way up to the end of the current page we're looking at, e.g. (gdb) p *iter $24 =3D {iter_type =3D 4 '\004', nofault =3D false, data_source =3D false, = iov_offset =3D 4096, {__ubuf_iovec =3D { iov_base =3D 0xffff88800f5bc000, iov_len =3D 655}, {{__iov =3D 0xffff= 88800f5bc000, kvec =3D 0xffff88800f5bc000, bvec =3D 0xffff88800f5bc000, folioq =3D 0xffff88800f5bc000, xarray = =3D 0xffff88800f5bc000, ubuf =3D 0xffff88800f5bc000}, count =3D 655}}, {nr_segs =3D 2, foli= oq_slot =3D 2 '\002', xarray_start =3D 2}} Where iov_offset is 4k with 4k-sized folios This should have been because we're only in the 2nd slot and there's another one after this, but iterate_folioq should not try to map a folio that skips the whole size, and more importantly part here does not end up zero (because 'PAGE_SIZE - skip % PAGE_SIZE' ends up PAGE_SIZE and not zero..), so skip forward to the "advance to next folio" code. Reported-by: Maximilian Bosch Reported-by: Ryan Lahfa Reported-by: Christian Theune Reported-by: Arnout Engelen Link: https://lkml.kernel.org/r/D4LHHUNLG79Y.12PI0X6BEHRHW@mbosch.me/ Fixes: db0aa2e9566f ("mm: Define struct folio_queue and ITER_FOLIOQ to hand= le a sequence of folios") Cc: stable@vger.kernel.org # v6.12+ Signed-off-by: Dominique Martinet Acked-by: David Howells --- include/linux/iov_iter.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/linux/iov_iter.h b/include/linux/iov_iter.h index c4aa58032faf874ee5b29bd37f9e23c479741bef..7988a0fc94ad0525b475196035d= c5d754fd3d117 100644 --- a/include/linux/iov_iter.h +++ b/include/linux/iov_iter.h @@ -168,6 +168,8 @@ size_t iterate_folioq(struct iov_iter *iter, size_t len= , void *priv, void *priv2 break; =20 fsize =3D folioq_folio_size(folioq, slot); + if (skip >=3D fsize) + goto next; base =3D kmap_local_folio(folio, skip); part =3D umin(len, PAGE_SIZE - skip % PAGE_SIZE); remain =3D step(base, progress, part, priv, priv2); @@ -177,6 +179,7 @@ size_t iterate_folioq(struct iov_iter *iter, size_t len= , void *priv, void *priv2 progress +=3D consumed; skip +=3D consumed; if (skip >=3D fsize) { +next: skip =3D 0; slot++; if (slot =3D=3D folioq_nr_slots(folioq) && folioq->next) { --=20 2.50.1 From nobody Sun Oct 5 01:46:17 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8A4651BFE00; Mon, 11 Aug 2025 07:39:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754897957; cv=none; b=rZV7iQj0hrh1SSGLNaaFG3aKdfiLQozKCLNzqmgqdKuRhrbKE72F/VxKnDTGDI7G1y16Mest6CMj/XLWKlcHuiIPmBmhE/Jhm6PC+6V+wosKeZSiSva3pQLqRmzF8h+FXtgUpzN5akcTZgfpzWjN9blO0a6qyn3DZAyGQtm9gCM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754897957; c=relaxed/simple; bh=OiKe40GZglghieSU5PgnFpjyLGbBmPgEA6lc+Og5PKY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=lAx5nb20dkDkHpkmbDfea1G7MO0HA9uS/sxomdvu10DrhH22cTIMbC3o+4w3YUlar6ArjzeL4PG/z1/FUce0Or7EuBR15jF/dgfBfYbNbee6YFs531LNMXAolK4Y9UImSeV2WMVF1eV/Md3NQTHHaB9QL1IloXjVtXO8b2Uu/Z0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=S2oFKiqT; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="S2oFKiqT" Received: by smtp.kernel.org (Postfix) with ESMTPS id 2AA4DC4CEF1; Mon, 11 Aug 2025 07:39:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1754897957; bh=OiKe40GZglghieSU5PgnFpjyLGbBmPgEA6lc+Og5PKY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=S2oFKiqTCgAf9lHfu+ZPOBGjKFkwcwbEHKt6mtXsCEAyb7mBU9xbGqzP0rzAO/OJe mKs6KcXvEAQSUesuFuYucdrsPDakfGk0rmg8ghrUeWh5/ThnEC0r3WErNu0vMfQvcr 3ITgi6BXY00pjz1B5xsF9PCRQ2+7XNtSiM4b656u7c0mNc9LQweDk8vuW36XNyJ3rf Shu/gTH9K/zICnG+9sAHuSBGxnV5NYDadbe9XqFWx4qS8cJ2PYsAvHNhk4VERBwxgC 30ruy3bwEwWwOXUXQRs2dIKvMXZpkqHg3nJgUTnoGJLOX3+ze8KK92w3U5Tfl38uJv ZUcSgMUyuRdqA== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1F17DCA0EC1; Mon, 11 Aug 2025 07:39:17 +0000 (UTC) From: Dominique Martinet via B4 Relay Date: Mon, 11 Aug 2025 16:39:06 +0900 Subject: [PATCH 2/2] iov_iter: iov_folioq_get_pages: don't leave empty slot behind Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250811-iot_iter_folio-v1-2-d9c223adf93c@codewreck.org> References: <20250811-iot_iter_folio-v1-0-d9c223adf93c@codewreck.org> In-Reply-To: <20250811-iot_iter_folio-v1-0-d9c223adf93c@codewreck.org> To: "Matthew Wilcox (Oracle)" , Christian Brauner , David Howells , Alexander Viro , Andrew Morton Cc: Maximilian Bosch , Ryan Lahfa , Christian Theune , Arnout Engelen , linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, linux-fsdevel@vger.kernel.org, Dominique Martinet X-Mailer: b4 0.15-dev-7be4f X-Developer-Signature: v=1; a=openpgp-sha256; l=1037; i=asmadeus@codewreck.org; h=from:subject:message-id; bh=Gnweznn9Yf2tL9n/TItIqJV0L8m6ff7ta3Y3p0JUXrk=; b=owEBbQKS/ZANAwAKAatOm+xqmOZwAcsmYgBomZ4juLVGBQDWHE7zCanhXyXfjVv5/SO1+HqYv UGZFo18LJeJAjMEAAEKAB0WIQT8g9txgG5a3TOhiE6rTpvsapjmcAUCaJmeIwAKCRCrTpvsapjm cCe2D/9AMYNS6PUmG3VauQsdgyu9ikb3/E+f/a2g0lbGg83sq4XtDxWh83GsQXmHgPrlNyDUsCa +1cyM7QTyN8k15Pkt83L6noZ14CQIGBnT6ZWcBop0tK+qen0/+WV11y81L26gk8u0CIOoWzLZUz HZlLivDANjbXZnx0UipBnWncTwH4yyhcp3jVhpwEeOWqzYlkB+MF8q7sn8KTf3/sjHY6Nf+9Fxx fsvZ34ZcuC1GSySo+HSgCQviOwdt3HsbxKiGSTrHnvZjdDrLXECECHh3l6MsAnmZIE36dvRdZ+X raXvmlP3fdEIXQp3+ty0DrAswPxvcVIGK+P+TOMc1eLJ4qBhGtppcUJTkCKjP+2nrxeXTJS2IKW bXCV1/0hhc7aJS+ReVWbxyMtOWck0ATemIdSU2pwbL5fUcv2Uuc9wL7LFw91H2diUKm9IOQvDLB UH4QS3Kg7mxjZSI4MvFnbrNk9oDWAMUEEEaSWfEFNSOlZy0dcpqD27U3h680r0PnVbmh6ljktQy O+pCQza+b8RV70SfbHEZp87bGvNi2sc2uApzkuX2eprO7zmaKHHmXXxC6CzLfjAK5UMj4UTHLTN lCCM9HjJ+9QAU2GA3MC9YDRnDd9/wVsUq3eAK946tgu5OwU8wEOKSOL2pndP3s9LSCmacgmhcE6 Gt+u8IJlxOLwKow== X-Developer-Key: i=asmadeus@codewreck.org; a=openpgp; fpr=B894379F662089525B3FB1B9333F1F391BBBB00A X-Endpoint-Received: by B4 Relay for asmadeus@codewreck.org/default with auth_id=435 X-Original-From: Dominique Martinet Reply-To: asmadeus@codewreck.org From: Dominique Martinet After advancing into a folioq it makes more sense to point to the next slot than at the end of the current slot. This should not be needed for correctness, but this also happens to "fix" the 9p bug with iterate_folioq() not copying properly. Signed-off-by: Dominique Martinet Acked-by: David Howells Tested-by: Arnout Engelen --- lib/iov_iter.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/iov_iter.c b/lib/iov_iter.c index f9193f952f49945297479483755d68a34c6d4ffe..65c05134ab934e1e0bf5d010fff= 22983bfe9c680 100644 --- a/lib/iov_iter.c +++ b/lib/iov_iter.c @@ -1032,9 +1032,6 @@ static ssize_t iter_folioq_get_pages(struct iov_iter = *iter, maxpages--; } =20 - if (maxpages =3D=3D 0 || extracted >=3D maxsize) - break; - if (iov_offset >=3D fsize) { iov_offset =3D 0; slot++; @@ -1043,6 +1040,9 @@ static ssize_t iter_folioq_get_pages(struct iov_iter = *iter, slot =3D 0; } } + + if (maxpages =3D=3D 0 || extracted >=3D maxsize) + break; } =20 iter->count =3D count; --=20 2.50.1