From nobody Sun Oct 5 00:12:05 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 884E42E3373; Mon, 11 Aug 2025 21:28:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754947703; cv=none; b=TkHtcHh0FI244p1IyPer/azcmQ3B8i4I4c4nJL+4/eK7NXYtV1fe43VqsQpEsbouzi/gR+I0QhGO1YP+B87fysNPyZG8QqpmRSpkF6AHIPKSasnPxGjsfdPW3Hp5/u9cRej2RI3ThoJyieUun/3QcVujltxT8KyOJRueuv4tcFk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754947703; c=relaxed/simple; bh=aGj3XqwjGdLu6r33y+ZNJAPZgl6QITxzkri3NhqeYk8=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=hb6NElHSjbFtjo8jy9cQbOEO2Z0VFpsRcRW0S1ic0M4Pf8ogeq5NP6fpk2fGUygFOmYPCW4dUtsz5nkhBKYeY6liEhP/KtLass2PpHbWtjRPCTtc/PjJF/nfHZBixb17/KY+7mCs7LrrjyfkukGPC6xgiLaoGxoFO2re/Dw8eM8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Nt44w8R1; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Nt44w8R1" Received: by smtp.kernel.org (Postfix) with ESMTPS id 17461C4CEF7; Mon, 11 Aug 2025 21:28:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1754947703; bh=aGj3XqwjGdLu6r33y+ZNJAPZgl6QITxzkri3NhqeYk8=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=Nt44w8R1G9aDCuse92f8mFJkc6v+Obn0hmVtbzjPqb6cnAv2V/PDStRi4MCgZbhOl 1nevmN2eogGnxRDJZYg/tFg7KbUlTpW8A7l+DrpAMBc5W8PWvazNb/Wnoq3dXuQrBK bdqG68KeB1Cp1XXSEwPnn+4WAkSG6YckTNAJ+a5DBbkIBehTExkL4OnbteSdRZjePS dyN8ct4RpMa+H3+iOdpCN/VG8vpQwqPYsL+emo2b7y9IcrVP4QXMQyzubYd+FhGN67 OxH7I6UGvo4zNLDG5GYBZ8N3E/yK6sdGf1ymKM8dVtwjeWaGq+WY4mEDd1zOWnhPR/ rZJMFUbtvRP4g== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 039D1CA0EC4; Mon, 11 Aug 2025 21:28:23 +0000 (UTC) From: Dominique Martinet via B4 Relay Date: Tue, 12 Aug 2025 06:28:01 +0900 Subject: [PATCH v2 1/2] iov_iter: iterate_folioq: fix handling of offset >= folio size Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250812-iot_iter_folio-v2-1-f99423309478@codewreck.org> References: <20250812-iot_iter_folio-v2-0-f99423309478@codewreck.org> In-Reply-To: <20250812-iot_iter_folio-v2-0-f99423309478@codewreck.org> To: "Matthew Wilcox (Oracle)" , Christian Brauner , David Howells , Alexander Viro , Andrew Morton Cc: Maximilian Bosch , Ryan Lahfa , Christian Theune , Arnout Engelen , linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, linux-fsdevel@vger.kernel.org, Dominique Martinet , stable@vger.kernel.org X-Mailer: b4 0.15-dev-7be4f X-Developer-Signature: v=1; a=openpgp-sha256; l=2705; i=asmadeus@codewreck.org; h=from:subject:message-id; bh=3BbpsQC1gAY33hqHbW6Vvzvllp5rOUEkHQ1XHsiSrr8=; b=owEBbQKS/ZANAwAKAatOm+xqmOZwAcsmYgBommB10IN5egx+Rr8UloHGfJcqXTMA8D0uoVhkF e1c6hRMWz6JAjMEAAEKAB0WIQT8g9txgG5a3TOhiE6rTpvsapjmcAUCaJpgdQAKCRCrTpvsapjm cMHPEACEFnAwm1R1HodQQdkzlwTFQ0MGKBvJAeqjwOiixo9963tY8KbCdqavltbusRuAQCRxR7t CWweWhzyqDJz0RIinEgkliq4HsEq9QG4CuzHGR1uPTUL2/wB7ZnQeAjBdyRfJPtZadoF35etC+e TyW73BUxYYr+gS8PN9Tr71Hf5bFsg3hXOSIeg+o5wthn1vQYbW9LVhGs878pOqSSeoUdUbr1xTD Ng0A+tTGvRp4BSPbcIucPBcPJT3nSkNEvoeDN+ol37BhVQZJEUrvh33jy+DOLTRBKUynysZIAzP m+DbjdGS05D/Slb+WXlA0TRfaLmpUV7+y0odcRLI7cLv+Qu7XLwsxhTXpcsWZ8LqnTq09AIPj3N PBpVGO/r1ItRRFLA8MTv04/pbwP68j+I1a2NuMqHeq+Ohm+P0Uvv7pj4z37FmolaNhcZe3huzgH 034yobtZnIMzmAjQmspsFbKbAACHa+Ix+rWx3GKi1LEPo2vsV50q80Mf9PD8qfhNAgUUNteVxPB 2EziFjTgVy1eNobf4zu9EdPhQuU80KzpwRABysmq3FT43ZjwGhsh4UUIzcHS8rFIMcZE6LOuL/J GAfdXuWnmRW/lFuLqJSI31r8+x1xezz8m4yvBJB2H13ol0c/QtjIZFzSTBmAcJsrYoO0bXUZqJp sp+Qn7+lV3IFD/w== X-Developer-Key: i=asmadeus@codewreck.org; a=openpgp; fpr=B894379F662089525B3FB1B9333F1F391BBBB00A X-Endpoint-Received: by B4 Relay for asmadeus@codewreck.org/default with auth_id=435 X-Original-From: Dominique Martinet Reply-To: asmadeus@codewreck.org From: Dominique Martinet It's apparently possible to get an iov advanced all the way up to the end of the current page we're looking at, e.g. (gdb) p *iter $24 =3D {iter_type =3D 4 '\004', nofault =3D false, data_source =3D false, = iov_offset =3D 4096, {__ubuf_iovec =3D { iov_base =3D 0xffff88800f5bc000, iov_len =3D 655}, {{__iov =3D 0xffff= 88800f5bc000, kvec =3D 0xffff88800f5bc000, bvec =3D 0xffff88800f5bc000, folioq =3D 0xffff88800f5bc000, xarray = =3D 0xffff88800f5bc000, ubuf =3D 0xffff88800f5bc000}, count =3D 655}}, {nr_segs =3D 2, foli= oq_slot =3D 2 '\002', xarray_start =3D 2}} Where iov_offset is 4k with 4k-sized folios This should have been because we're only in the 2nd slot and there's another one after this, but iterate_folioq should not try to map a folio that skips the whole size, and more importantly part here does not end up zero (because 'PAGE_SIZE - skip % PAGE_SIZE' ends up PAGE_SIZE and not zero..), so skip forward to the "advance to next folio" code Reported-by: Maximilian Bosch Reported-by: Ryan Lahfa Reported-by: Christian Theune Reported-by: Arnout Engelen Link: https://lkml.kernel.org/r/D4LHHUNLG79Y.12PI0X6BEHRHW@mbosch.me/ Fixes: db0aa2e9566f ("mm: Define struct folio_queue and ITER_FOLIOQ to hand= le a sequence of folios") Cc: stable@vger.kernel.org # v6.12+ Acked-by: David Howells Signed-off-by: Dominique Martinet --- include/linux/iov_iter.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/include/linux/iov_iter.h b/include/linux/iov_iter.h index c4aa58032faf874ee5b29bd37f9e23c479741bef..a77ff9c7e4b21eacd166adb506b= 79e7ddd723aa1 100644 --- a/include/linux/iov_iter.h +++ b/include/linux/iov_iter.h @@ -160,7 +160,7 @@ size_t iterate_folioq(struct iov_iter *iter, size_t len= , void *priv, void *priv2 =20 do { struct folio *folio =3D folioq_folio(folioq, slot); - size_t part, remain, consumed; + size_t part, remain =3D 0, consumed; size_t fsize; void *base; =20 @@ -168,6 +168,8 @@ size_t iterate_folioq(struct iov_iter *iter, size_t len= , void *priv, void *priv2 break; =20 fsize =3D folioq_folio_size(folioq, slot); + if (skip >=3D fsize) + goto next; base =3D kmap_local_folio(folio, skip); part =3D umin(len, PAGE_SIZE - skip % PAGE_SIZE); remain =3D step(base, progress, part, priv, priv2); @@ -177,6 +179,7 @@ size_t iterate_folioq(struct iov_iter *iter, size_t len= , void *priv, void *priv2 progress +=3D consumed; skip +=3D consumed; if (skip >=3D fsize) { +next: skip =3D 0; slot++; if (slot =3D=3D folioq_nr_slots(folioq) && folioq->next) { --=20 2.50.1 From nobody Sun Oct 5 00:12:05 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 884762E336F; Mon, 11 Aug 2025 21:28:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754947703; cv=none; b=rWfSZL47MmX+Is7cXRX+0c5nsNSqcC/zDfWCJE10vroY090ppTIaeGPcmT0Gc1Z3uo2AI+VweaMeaMZ/Pk5E4Lc3npUsjOJ8NA3qv3WdgeMTH/ug26gmtce8U/+G9SN+JJ5TleV0BTyKcWcZGeIhHb4KTC/TIvibnlytRgos6QQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1754947703; c=relaxed/simple; bh=QN0m5GWtPJp7/qt9pQe5ZfZF+f+JOw2bQNcJ/j477Lc=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=AwhYgF2A21X2IiRypCSGjMv4n37LPGtpuDbl9fEnFcQi7/7Dpq2082agXzF+r6GQlrkpJbPavX2x3qFmyd9towED6OoYi/qoIKzrp00pJOjKLJiYeOhKPALu0GYoJv7s5z73qfVRVv/D1TVCaBKoOPVGvVCcnDNlhU7OYqlrZOo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=jmLvWZDd; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="jmLvWZDd" Received: by smtp.kernel.org (Postfix) with ESMTPS id 2912DC4CEF1; Mon, 11 Aug 2025 21:28:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1754947703; bh=QN0m5GWtPJp7/qt9pQe5ZfZF+f+JOw2bQNcJ/j477Lc=; h=From:Date:Subject:References:In-Reply-To:To:Cc:Reply-To:From; b=jmLvWZDdhKvxJ3ULu0XqJ9ONvu/UlBPARRMeUh2b42oQ/2PO9TmDtvFePbuKlUQle 9HNXl1PX+FOQt8A7bS842GwkWmysrGBO6PqRUJ4CEXZ2/VkZnsQJKXQ07x7D9L6oXz +/uVUjSKFlo/hVozHwyIsLo4gl2CUD6VE4J7xjd7cFUpzwdA2AxR58Y20Reh92Fr7r HNNkdw5j86hFXaVWcXm3iwAM1L1W1eC2X7LEGbBMjlWbH4O1LVOf0ds1/+xZBzrbU4 iJ1SmtbypsSZOAK543LzF07hdwAeDtYDPSdyos5tzZ2LHLZg9XpCkGFuYdU63tRqAl 4ZD8Ru5KbA10w== Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 13007CA0EDB; Mon, 11 Aug 2025 21:28:23 +0000 (UTC) From: Dominique Martinet via B4 Relay Date: Tue, 12 Aug 2025 06:28:02 +0900 Subject: [PATCH v2 2/2] iov_iter: iov_folioq_get_pages: don't leave empty slot behind Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20250812-iot_iter_folio-v2-2-f99423309478@codewreck.org> References: <20250812-iot_iter_folio-v2-0-f99423309478@codewreck.org> In-Reply-To: <20250812-iot_iter_folio-v2-0-f99423309478@codewreck.org> To: "Matthew Wilcox (Oracle)" , Christian Brauner , David Howells , Alexander Viro , Andrew Morton Cc: Maximilian Bosch , Ryan Lahfa , Christian Theune , Arnout Engelen , linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, linux-fsdevel@vger.kernel.org, Dominique Martinet X-Mailer: b4 0.15-dev-7be4f X-Developer-Signature: v=1; a=openpgp-sha256; l=1129; i=asmadeus@codewreck.org; h=from:subject:message-id; bh=hWtTUCvGG0PvbE6UasHSB7hwyWcYL54anMdr7Xzd+hY=; b=owEBbQKS/ZANAwAKAatOm+xqmOZwAcsmYgBommB1jlBau7xcwTcqmY8qrpOsUxyecm2YZfnGb RD0o4qZhZmJAjMEAAEKAB0WIQT8g9txgG5a3TOhiE6rTpvsapjmcAUCaJpgdQAKCRCrTpvsapjm cEb8D/9an6eblnzeoL0M2VSMUQ7QI7IMsT4MlMEeRG5w+2Lfijjtb+z92PO1JsMMYdLjP2ecPF6 gs7b7OLUpbc6WSRODpT713hfswV+Sc+d4AEBGNCna0Tr9caRapg8JSiC1nMvL4TmlBnHlWfRfx8 D5X57VtMAsqkaIoY0fs5yu8Ik6W+DXU5MT1TNz4MeI4sRAJc8heC+lXwgcA+gyPJAiW0rYyJVPe qUwFP6iq+udqTBRqiV5BOC7RvEU0onpuxdDz/sZk9h88Tpb7S8ZeJgVfaAehBkjaTTs2E/CcMtx 0xk1QN/JR4W/Xb9gIqB98G+YpdgpAECCH53nmNC0tGD4IzQkO7f35Jjmds6/6NSdzQ9PHmPPf54 JOYIHEdepLhQoYj7PM5BgCn/UdVslFjYVRkBAFb+TLRMCKqTxMox3oR5dwSJuKmtSgRLAWL8sU+ X4sZs46mogw9PuvFFxlvR6tYNeZp9qC3iXzprDYxaKYFppZxBpLVFXFFw5F5kUoR9/H5gM7jUgQ NRT/KRc1y7a8UkC+uWRzrd4zhT/O1LfM+hCmFOHxLPw3q4XlVoavqlZ1AJO60vLcIActCf+2z/l HS+ecvMMzlx+0FtND9QBIJ6e+WIOCH7XAG88mNVTBKPjAfyzYOkbZ4Mtdo3aHNquSSPjgNS/hba eWKqMemYBhQyNTg== X-Developer-Key: i=asmadeus@codewreck.org; a=openpgp; fpr=B894379F662089525B3FB1B9333F1F391BBBB00A X-Endpoint-Received: by B4 Relay for asmadeus@codewreck.org/default with auth_id=435 X-Original-From: Dominique Martinet Reply-To: asmadeus@codewreck.org From: Dominique Martinet After advancing into a folioq it makes more sense to point to the next slot than at the end of the current slot. This should not be needed for correctness, but this also happens to "fix" the 9p bug with iterate_folioq() not copying properly. Acked-by: David Howells Tested-by: Arnout Engelen Signed-off-by: Dominique Martinet --- lib/iov_iter.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/iov_iter.c b/lib/iov_iter.c index f9193f952f49945297479483755d68a34c6d4ffe..65c05134ab934e1e0bf5d010fff= 22983bfe9c680 100644 --- a/lib/iov_iter.c +++ b/lib/iov_iter.c @@ -1032,9 +1032,6 @@ static ssize_t iter_folioq_get_pages(struct iov_iter = *iter, maxpages--; } =20 - if (maxpages =3D=3D 0 || extracted >=3D maxsize) - break; - if (iov_offset >=3D fsize) { iov_offset =3D 0; slot++; @@ -1043,6 +1040,9 @@ static ssize_t iter_folioq_get_pages(struct iov_iter = *iter, slot =3D 0; } } + + if (maxpages =3D=3D 0 || extracted >=3D maxsize) + break; } =20 iter->count =3D count; --=20 2.50.1