github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-01 02:53:36 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph

smb: client: detect short folioq copy in cifs_copy_folioq_to_iter()

Browse Source 
cifs_copy_folioq_to_iter() copies a requested number of bytes from
a folio queue into the destination iterator.  Since the encrypted
SMB2 READ path was changed to pass the server-declared payload
length (data_len) instead of the larger folioq buffer length, the
caller can ask for fewer bytes than the folio queue holds.

In that case the helper continues walking the remaining folios after
data_size has reached zero and calls copy_folio_to_iter() with
len = 0, which is unnecessary work.

The helper also returns 0 (success) when the folio queue is
exhausted before data_size bytes have been copied.  The caller has
no way to distinguish that from a full copy and the reported
transfer count ends up larger than the amount of data placed in the
iterator.

Add an early exit when data_size reaches zero, and return an error
when the folio queue is exhausted before all requested bytes have
been copied.

Signed-off-by: Jeremy Erazo <mendozayt13@gmail.com>
Reviewed-by: David Howells <dhowells@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
This commit is contained in:
Jeremy Erazo 2026-05-20 18:23:31 +00:00 committed by Steve French
parent e7ae89a0c9
commit 426a35d753
1 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
fs/smb/client/smb2ops.c
View File

@ -4706,9 +4706,15 @@ cifs_copy_folioq_to_iter(struct folio_queue *folioq, size_t data_size,
{
for (; folioq; folioq = folioq->next) {
for (int s = 0; s < folioq_count(folioq); s++) {
struct folio *folio = folioq_folio(folioq, s);
size_t fsize = folio_size(folio);
size_t n, len = umin(fsize - skip, data_size);
struct folio *folio;
size_t fsize, n, len;
if (data_size == 0)
return 0;
folio = folioq_folio(folioq, s);
fsize = folio_size(folio);
len = umin(fsize - skip, data_size);
n = copy_folio_to_iter(folio, skip, len, iter);
if (n != len) {
@ -4721,6 +4727,12 @@ cifs_copy_folioq_to_iter(struct folio_queue *folioq, size_t data_size,
}
}
if (data_size != 0) {
cifs_dbg(VFS, "%s: short copy, %zu bytes missing\n",
__func__, data_size);
return smb_EIO2(smb_eio_trace_rx_copy_to_iter, 0, data_size);
}
return 0;
}