1. Patchew
  2. linux
  3. View series

[PATCH] smb: client: Fix error cleanup in smb_extract_iter_to_rdma()

David Howells posted 1 patch 1 month, 3 weeks ago 
fs/smb/client/smbdirect.c |    2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH] smb: client: Fix error cleanup in smb_extract_iter_to_rdma()
Posted by David Howells 1 month, 3 weeks ago 
    
Fix smb_extract_iter_to_rdma() to use pre-decrement, not post-decrement, so
that it cleans up the correct slots.

Fixes: e5fbdde43017 ("cifs: Add a function to build an RDMA SGE list from an iterator")
Closes: https://sashiko.dev/#/patchset/20260326104544.509518-1-dhowells%40redhat.com
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Steve French <sfrench@samba.org>
cc: Stefan Metzmacher <metze@samba.org>
cc: Paulo Alcantara <pc@manguebit.org>
cc: Tom Talpey <tom@talpey.com>
cc: linux-cifs@vger.kernel.org
cc: linux-fsdevel@vger.kernel.org
---
 fs/smb/client/smbdirect.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/smb/client/smbdirect.c b/fs/smb/client/smbdirect.c
index 7d5f66bdbb30..4978755c035c 100644
--- a/fs/smb/client/smbdirect.c
+++ b/fs/smb/client/smbdirect.c
@@ -3394,7 +3394,7 @@ static ssize_t smb_extract_iter_to_rdma(struct iov_iter *iter, size_t len,
 
 	if (ret < 0) {
 		while (rdma->nr_sge > before) {
-			struct ib_sge *sge = &rdma->sge[rdma->nr_sge--];
+			struct ib_sge *sge = &rdma->sge[--rdma->nr_sge];
 
 			ib_dma_unmap_single(rdma->device, sge->addr, sge->length,
 					    rdma->direction);
Re: [PATCH] smb: client: Fix error cleanup in smb_extract_iter_to_rdma()
Posted by Greg KH 1 month, 3 weeks ago 
On Fri, Apr 24, 2026 at 10:56:11AM +0100, David Howells wrote:
>     
> Fix smb_extract_iter_to_rdma() to use pre-decrement, not post-decrement, so
> that it cleans up the correct slots.
> 
> Fixes: e5fbdde43017 ("cifs: Add a function to build an RDMA SGE list from an iterator")
> Closes: https://sashiko.dev/#/patchset/20260326104544.509518-1-dhowells%40redhat.com
> Signed-off-by: David Howells <dhowells@redhat.com>
> cc: Steve French <sfrench@samba.org>
> cc: Stefan Metzmacher <metze@samba.org>
> cc: Paulo Alcantara <pc@manguebit.org>
> cc: Tom Talpey <tom@talpey.com>
> cc: linux-cifs@vger.kernel.org
> cc: linux-fsdevel@vger.kernel.org
> ---
>  fs/smb/client/smbdirect.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/smb/client/smbdirect.c b/fs/smb/client/smbdirect.c
> index 7d5f66bdbb30..4978755c035c 100644
> --- a/fs/smb/client/smbdirect.c
> +++ b/fs/smb/client/smbdirect.c
> @@ -3394,7 +3394,7 @@ static ssize_t smb_extract_iter_to_rdma(struct iov_iter *iter, size_t len,
>  
>  	if (ret < 0) {
>  		while (rdma->nr_sge > before) {
> -			struct ib_sge *sge = &rdma->sge[rdma->nr_sge--];
> +			struct ib_sge *sge = &rdma->sge[--rdma->nr_sge];
>  
>  			ib_dma_unmap_single(rdma->device, sge->addr, sge->length,
>  					    rdma->direction);
> 
> 
<formletter>

This is not the correct way to submit patches for inclusion in the
stable kernel tree.  Please read:
    https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
for how to do this properly.

</formletter>
Re: [PATCH] smb: client: Fix error cleanup in smb_extract_iter_to_rdma()
Posted by Stefan Metzmacher 1 month, 3 weeks ago 
Hi David,

>> Fix smb_extract_iter_to_rdma() to use pre-decrement, not post-decrement, so
>> that it cleans up the correct slots.
>>
>> Fixes: e5fbdde43017 ("cifs: Add a function to build an RDMA SGE list from an iterator")
>> Closes: https://sashiko.dev/#/patchset/20260326104544.509518-1-dhowells%40redhat.com
>> Signed-off-by: David Howells <dhowells@redhat.com>
>> cc: Steve French <sfrench@samba.org>
>> cc: Stefan Metzmacher <metze@samba.org>
>> cc: Paulo Alcantara <pc@manguebit.org>
>> cc: Tom Talpey <tom@talpey.com>
>> cc: linux-cifs@vger.kernel.org
>> cc: linux-fsdevel@vger.kernel.org
>> ---
>>   fs/smb/client/smbdirect.c |    2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/fs/smb/client/smbdirect.c b/fs/smb/client/smbdirect.c
>> index 7d5f66bdbb30..4978755c035c 100644
>> --- a/fs/smb/client/smbdirect.c
>> +++ b/fs/smb/client/smbdirect.c
>> @@ -3394,7 +3394,7 @@ static ssize_t smb_extract_iter_to_rdma(struct iov_iter *iter, size_t len,
>>   
>>   	if (ret < 0) {
>>   		while (rdma->nr_sge > before) {
>> -			struct ib_sge *sge = &rdma->sge[rdma->nr_sge--];
>> +			struct ib_sge *sge = &rdma->sge[--rdma->nr_sge];

Can you please use logic like this?

-               while (state->num_sge > before) {
-                       struct ib_sge *sge = &state->sge[state->num_sge--];
+               for (size_t i = before; i < state->num_sge; i++) {
+                       struct ib_sge *sge = &state->sge[i];

At least for me that is much easier to understand.

And as Greg pointed out we first need a fix for upstream, there
the function is smbdirect_map_sges_from_iter in fs/smb/smbdirect/connection.c

Also the commit message needs to be adjusted for the new name.

Then we need a backportable fix for smb_extract_iter_to_rdma in
fs/smb/client/smbdirect.c with the same logic.

Thanks!
metze

>>   			ib_dma_unmap_single(rdma->device, sge->addr, sge->length,
>>   					    rdma->direction);
>>
>>
> <formletter>
> 
> This is not the correct way to submit patches for inclusion in the
> stable kernel tree.  Please read:
>      https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
> for how to do this properly.
> 
> </formletter>

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.