• David Howells's avatar
    cifs: Fix reversion of the iter in cifs_readv_receive(). · 307f77e7
    David Howells authored
    cifs_read_iter_from_socket() copies the iterator that's passed in for the
    socket to modify as and if it will, and then advances the original iterator
    by the amount sent.  However, both callers revert the advancement (although
    receive_encrypted_read() zeros beyond the iterator first).  The problem is,
    though, that cifs_readv_receive() reverts by the original length, not the
    amount transmitted which can cause an oops in iov_iter_revert().
    
    Fix this by:
    
     (1) Remove the iov_iter_advance() from cifs_read_iter_from_socket().
    
     (2) Remove the iov_iter_revert() from both callers.  This fixes the bug in
         cifs_readv_receive().
    
     (3) In receive_encrypted_read(), if we didn't get back as much data as the
         buffer will hold, copy the iterator, advance the copy and use the copy
         to drive iov_iter_zero().
    
    As a bonus, this gets rid of some unnecessary work.
    
    This was triggered by generic/074 with the "-o sign" mount option.
    
    Fixes: 3ee1a1fc ("cifs: Cut over to using netfslib")
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    cc: Steve French <sfrench@samba.org>
    cc: Paulo Alcantara <pc@manguebit.com>
    cc: Shyam Prasad N <nspmangalore@gmail.com>
    cc: Rohith Surabattula <rohiths.msft@gmail.com>
    cc: Jeff Layton <jlayton@kernel.org>
    cc: linux-cifs@vger.kernel.org
    cc: netfs@lists.linux.dev
    cc: linux-fsdevel@vger.kernel.org
    Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
    307f77e7
smb2ops.c 163 KB