From nobody Sun May 24 22:35:57 2026 Received: from mail-vs1-f46.google.com (mail-vs1-f46.google.com [209.85.217.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 97F673FA5D5 for ; Wed, 20 May 2026 18:23:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.217.46 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779301436; cv=none; b=R/oWeDzHeB4dKzZK3QsPa+zwidL/bgr/6bC5n9DOhr8JV5syRWBR3MSF61FnnCL4/vfI9eCwsilx0TBLq/FaQX5M5j1UqbqHNuaCCehRraN39uaMzmjUNf+bi6PFnSRxA+7Ntih5kPutcqjhHDL01rA/kwvuemIUzw0y8kq420s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1779301436; c=relaxed/simple; bh=jTF76+RwiZwrVXfaL0XRkTxviXaJE0GtqX6lN1bqbbg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=pLVHg9JlaJJ+0D2/qX9Owp9EYhtjNWKY2R//lLpylD2u5yCt6zFPwqpeg3hL0Xd3/cw3pTf8QZvrRovrI+1R9GwVIuumuAU8wzlLD80kh87mQ4k+3U27ISmA4SmurhyW9lov3BwTuDC+l7bBEqlnamLmUiPoUyXKEFr4UX8THGo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=rZBNrJQz; arc=none smtp.client-ip=209.85.217.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="rZBNrJQz" Received: by mail-vs1-f46.google.com with SMTP id ada2fe7eead31-63124a80693so1952569137.3 for ; Wed, 20 May 2026 11:23:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1779301433; x=1779906233; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=aufPc2eUKmrda3It1Y+eMbVsuY7EmCiSbAc8gz4isCc=; b=rZBNrJQzgPjj6na0hMSEdegvNpfvNmG/uiN/ZE2WRNfKmWAqaGvBQ9+m7GRaUytt8M 3BghGiFjOETK+1GsqAyPmdY3Lpo6b55BTfeWzq6aQQRmD2P/wxe30kAo/UMLokuu8oNE 0xiPW506aCrw7D4Wiw6yWLsw8XJ2PvUckuzfllUo9Hxzve21s2TGYi+NzmRt8JnCLfie vGvRy6T9qdUXBhVW1hWPCIRGUgOEMohAqRMESYP/VAGPHXin7oaquYVhPbxdf6YHzk0Y NM32TCUXYfJjPm3qBRh+xHVnYMdIvkYjwxye6QAQgdFeQEUP4MxVQPv0K9IIzZfsIiih J+rA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779301433; x=1779906233; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=aufPc2eUKmrda3It1Y+eMbVsuY7EmCiSbAc8gz4isCc=; b=s9EK6GnassQa+O+D0XVAJzwWybzNonosODGqdqv9jC+3oaIiRzKxSCLpnYKKQU+aEQ TiUldXpFjahe/GbkfQ9rrPFkjB8KkM9U5mDVQMkao7WOxoeC58/7TpGMCUeHOwb8t1ns vOGjGZRundBSzw9SjQ0sZtA3D1+zzG6ztfTlbBcHHpy4++k9B9UCtIrvWX5yw503rVLa uc+u/xw9W//k5RwB4XgXN1+fyaHocn+7EX6ri1khRNPRJF6nSgeox1KZPnbgbCUfZtnp sqwfvwyfnP+c0wa0AHmYR36SBFe7nZnD15qVUciGhMFNxKV45hU0GzymzplgBtozbA/i MNIA== X-Forwarded-Encrypted: i=1; AFNElJ+8KnNqArH8CGEVnqNlQTD98jmY2gQ2fWJMTUHgc4ZarkGBIQu5nblzlTae7yugTEqlofSDZSyCj6DURWQ=@vger.kernel.org X-Gm-Message-State: AOJu0YyhBmRi56Zpp3Yyq8poEAoaeCcbDi59RppLH+QKkFUfPl5xnDCB XvMdiXROTLsq6jToyWcTA5ytwmfjXOmVC24RlCx+GtLDplJsRCGFAbuI X-Gm-Gg: Acq92OHrw2gKwb0rgEwiIwcQC5mIUVa0sgTlSrLh1q4XrTdEbuDMaTQiFG2bbcaGgF+ qcQyMKQgGtFnNuI6cjCwdbQ0zCAqU6WPyII1LNfoZ1iLGC8Dd6Y/vJX41z0pncCZxfJKLuBuVsY kHOaddxMFSXVUef77l+xckwbN8uWq4jSMB32yMwP1V8HvwUPOjrINQMBscf/qmrK48lzRZp12u7 fZNBD/HkNfvGClAhBNohRdaQ2l7uPJfk0S+8JHL9JerxG41mGIAGgoE9+ME08D0bjGt7QgGx4mc 7g5qztoAi9ECHIaaSrNg7i2cFrTz0+3fhMQWYnTOHi83dlh7wdDdeVwXJBobkLnowKkLEz0/Mx4 eboGXkXta6us86cioE0/ekvhjO6l7sBJwp2+fILZjLOA82ejx2r8TW6bi+Ggz9B4L+kHGL+YeHM AfqebIbqvW/O7v6Qv5LKwWOK29VgdJG9mYZqjytjeGTQRs3asx+Iypg/yMvAtSYF58C5lwuwoLA G1wKCnWsQicYUw= X-Received: by 2002:a05:6102:6a8c:b0:631:b834:e05f with SMTP id ada2fe7eead31-63a3d42d713mr14996691137.11.1779301433384; Wed, 20 May 2026 11:23:53 -0700 (PDT) Received: from jeremy.kali (srv1619992.hstgr.cloud. [2a02:4780:75:55a3::1]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8ca3608c424sm129087886d6.3.2026.05.20.11.23.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 May 2026 11:23:53 -0700 (PDT) From: Jeremy Erazo To: linux-cifs@vger.kernel.org Cc: smfrench@gmail.com, pc@manguebit.org, tom@talpey.com, bharathsm@microsoft.com, samba-technical@lists.samba.org, linux-kernel@vger.kernel.org, Jeremy Erazo Subject: [PATCH] smb: client: detect short folioq copy in cifs_copy_folioq_to_iter() Date: Wed, 20 May 2026 18:23:31 +0000 Message-ID: <20260520182341.2995005-1-mendozayt13@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260515193141.542623-1-mendozayt13@gmail.com> References: <20260515193141.542623-1-mendozayt13@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" cifs_copy_folioq_to_iter() copies a requested number of bytes from a folio queue into the destination iterator. Since the encrypted SMB2 READ path was changed to pass the server-declared payload length (data_len) instead of the larger folioq buffer length, the caller can ask for fewer bytes than the folio queue holds. In that case the helper continues walking the remaining folios after data_size has reached zero and calls copy_folio_to_iter() with len =3D 0, which is unnecessary work. The helper also returns 0 (success) when the folio queue is exhausted before data_size bytes have been copied. The caller has no way to distinguish that from a full copy and the reported transfer count ends up larger than the amount of data placed in the iterator. Add an early exit when data_size reaches zero, and return an error when the folio queue is exhausted before all requested bytes have been copied. Signed-off-by: Jeremy Erazo --- fs/smb/client/smb2ops.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c index ee8370026..1dd06c31f 100644 --- a/fs/smb/client/smb2ops.c +++ b/fs/smb/client/smb2ops.c @@ -4696,9 +4696,15 @@ cifs_copy_folioq_to_iter(struct folio_queue *folioq,= size_t data_size, { for (; folioq; folioq =3D folioq->next) { for (int s =3D 0; s < folioq_count(folioq); s++) { - struct folio *folio =3D folioq_folio(folioq, s); - size_t fsize =3D folio_size(folio); - size_t n, len =3D umin(fsize - skip, data_size); + struct folio *folio; + size_t fsize, n, len; + + if (data_size =3D=3D 0) + return 0; + + folio =3D folioq_folio(folioq, s); + fsize =3D folio_size(folio); + len =3D umin(fsize - skip, data_size); =20 n =3D copy_folio_to_iter(folio, skip, len, iter); if (n !=3D len) { @@ -4711,6 +4717,12 @@ cifs_copy_folioq_to_iter(struct folio_queue *folioq,= size_t data_size, } } =20 + if (data_size !=3D 0) { + cifs_dbg(VFS, "%s: short copy, %zu bytes missing\n", + __func__, data_size); + return smb_EIO2(smb_eio_trace_rx_copy_to_iter, 0, data_size); + } + return 0; } =20 --=20 2.53.0