• Al Viro's avatar
    Fix 32-bit regression in block device read(2) · 0b86dbf6
    Al Viro authored
    blkdev_read_iter() wants to cap the iov_iter by the amount of data
    remaining to the end of device.  That's what iov_iter_truncate() is for
    (trim iter->count if it's above the given limit).  So far, so good, but
    the argument of iov_iter_truncate() is size_t, so on 32bit boxen (in
    case of a large device) we end up with that upper limit truncated down
    to 32 bits *before* comparing it with iter->count.
    
    Easily fixed by making iov_iter_truncate() take 64bit argument - it does
    the right thing after such change (we only reach the assignment in there
    when the current value of iter->count is greater than the limit, i.e.
    for anything that would get truncated we don't reach the assignment at
    all) and that argument is not the new value of iter->count - it's an
    upper limit for such.
    
    The overhead of passing u64 is not an issue - the thing is inlined, so
    callers passing size_t won't pay any penalty.
    Reported-and-tested-by: default avatarTheodore Tso <tytso@mit.edu>
    Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
    Tested-by: default avatarAlan Cox <gnomes@lxorguk.ukuu.org.uk>
    Tested-by: default avatarBruno Wolff III <bruno@wolff.to>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    0b86dbf6
uio.h 3.67 KB