From nobody Thu Apr 2 20:26:41 2026 Received: from cae.in-ulm.de (cae.in-ulm.de [217.10.14.231]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0152B2FFFA4 for ; Thu, 26 Mar 2026 21:50:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=217.10.14.231 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774561804; cv=none; b=ptTwUyEd7h/CvCZoPI9dLOpYtWZNL40M/Hi5RnDKhsss1xR5KA7IBjF2XPAtipUquFdx0vQvIo/XSItoGl/Wj+ImBo25lwe5EQDA61jDm8SJqv6QvSx+6kaoTfpK0oaXLYqEdzB8WhJy6ZVdMcSA68+HLlI8GPnS8cswbnB4lCs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774561804; c=relaxed/simple; bh=nLxxNoQnD6+iHksHGNd8u/32drnToEAaTpw1aqoQYR8=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=tj2nzxL4J4mXQZBQyvZ48XuL831RI+KnyJerXPIkty7yxBK+OdMFae2e0tomrGngGlLJLZQu1YkrN8TT+FxOT66Ifpf9stjAdIOsnJ1WNVK39wEY3mueDCswyOZu5mDXqqnvvf/5R1T0fO8C9zyEd6A/byJi00YRA4DwrZ4GngA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=c--e.de; spf=pass smtp.mailfrom=c--e.de; arc=none smtp.client-ip=217.10.14.231 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=c--e.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=c--e.de Received: by cae.in-ulm.de (Postfix, from userid 1000) id CEC1314005A; Thu, 26 Mar 2026 22:49:58 +0100 (CET) From: "Christian A. Ehrhardt" To: David Howells , Andrew Morton , linux-kernel@vger.kernel.org Cc: "Christian A. Ehrhardt" , Kees Cook , Petr Mladek , David Gow Subject: [PATCH v3 1/5] lib/scatterlist: Fix length calculations in extract_kvec_to_sg Date: Thu, 26 Mar 2026 22:49:01 +0100 Message-Id: <20260326214905.818170-2-lk@c--e.de> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20260326214905.818170-1-lk@c--e.de> References: <20260326214905.818170-1-lk@c--e.de> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When extracting from a kvec to a scatterlist, do not cross page boundaries. The required length was already calculated but not used as intended. Adjust the copied length if the loop runs out of sglist entries without extracting everything. While there, return immediately from extract_iter_to_sg if there are no sglist entries at all. A subsequent commit will add kunit test cases that demonstrate that the patch is necessary. Cc: David Howells Cc: Andrew Morton Cc: stable@vger.kernel.org # v6.5+ Fixes: 018584697533 ("netfs: Add a function to extract an iterator into a s= catterlist") Signed-off-by: Christian A. Ehrhardt --- lib/scatterlist.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/scatterlist.c b/lib/scatterlist.c index d773720d11bf..befdc4b9c11d 100644 --- a/lib/scatterlist.c +++ b/lib/scatterlist.c @@ -1247,7 +1247,7 @@ static ssize_t extract_kvec_to_sg(struct iov_iter *it= er, else page =3D virt_to_page((void *)kaddr); =20 - sg_set_page(sg, page, len, off); + sg_set_page(sg, page, seg, off); sgtable->nents++; sg++; sg_max--; @@ -1256,6 +1256,7 @@ static ssize_t extract_kvec_to_sg(struct iov_iter *it= er, kaddr +=3D PAGE_SIZE; off =3D 0; } while (len > 0 && sg_max > 0); + ret -=3D len; =20 if (maxsize <=3D 0 || sg_max =3D=3D 0) break; @@ -1409,7 +1410,7 @@ ssize_t extract_iter_to_sg(struct iov_iter *iter, siz= e_t maxsize, struct sg_table *sgtable, unsigned int sg_max, iov_iter_extraction_t extraction_flags) { - if (maxsize =3D=3D 0) + if (maxsize =3D=3D 0 || sg_max =3D=3D 0) return 0; =20 switch (iov_iter_type(iter)) { --=20 2.43.0