Fix bugs in extract_iter_to_sg()

[PATCH v3 2/5] lib/scatterlist: Fix temp buffer in extract_user_to_sg()

Posted by Christian A. Ehrhardt 6 days, 21 hours ago

Instead of allocating a temporary buffer for extracted
user pages extract_user_to_sg() uses the end of the
to be filled scatterlist as a temporary buffer.

Fix the calculation of the start address if the scatterlist
already contains elements. The unused space starts at
sgtable->sgl + sgtable->nents not directly at sgtable->nents
and the temporary buffer is placed at the end of this unused
space.

A subsequent commit will add kunit test cases that
demonstrate that the patch is necessary.

Pointed out by sashiko.dev on a previous iteration of this series.

Cc: David Howells <dhowells@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: stable@vger.kernel.org # v6.5+
Fixes: 018584697533 ("netfs: Add a function to extract an iterator into a scatterlist")
Signed-off-by: Christian A. Ehrhardt <lk@c--e.de>
---
 lib/scatterlist.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/scatterlist.c b/lib/scatterlist.c
index befdc4b9c11d..b7fe91ef35b8 100644
--- a/lib/scatterlist.c
+++ b/lib/scatterlist.c
@@ -1123,8 +1123,7 @@ static ssize_t extract_user_to_sg(struct iov_iter *iter,
 	size_t len, off;
 
 	/* We decant the page list into the tail of the scatterlist */
-	pages = (void *)sgtable->sgl +
-		array_size(sg_max, sizeof(struct scatterlist));
+	pages = (void *)sg + array_size(sg_max, sizeof(struct scatterlist));
 	pages -= sg_max;
 
 	do {
-- 
2.43.0

[PATCH v3 1/5] lib/scatterlist: Fix length calculations in extract_kvec_to_sg
[PATCH v3 2/5] lib/scatterlist: Fix temp buffer in extract_user_to_sg()
[PATCH v3 3/5] lib: kunit_iov_iter: Fix memory leaks
[PATCH v3 4/5] lib: kunit_iov_iter: Improve error detection
[PATCH v3 5/5] lib: kunit_iov_iter: Add tests for extract_iter_to_sg