6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Trond Myklebust trond.myklebust@hammerspace.com
commit ace149e0830c380ddfce7e466fe860ca502fe4ee upstream.
If the caller supplies an iocb->ki_pos value that is close to the filesystem upper limit, and an iterator with a count that causes us to overflow that limit, then filemap_read() enters an infinite loop.
This behaviour was discovered when testing xfstests generic/525 with the "localio" optimisation for loopback NFS mounts.
Reported-by: Mike Snitzer snitzer@kernel.org Fixes: c2a9737f45e2 ("vfs,mm: fix a dead loop in truncate_inode_pages_range()") Tested-by: Mike Snitzer snitzer@kernel.org Signed-off-by: Trond Myklebust trond.myklebust@hammerspace.com Signed-off-by: Linus Torvalds torvalds@linux-foundation.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- mm/filemap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/filemap.c +++ b/mm/filemap.c @@ -2660,7 +2660,7 @@ ssize_t filemap_read(struct kiocb *iocb, if (unlikely(!iov_iter_count(iter))) return 0;
- iov_iter_truncate(iter, inode->i_sb->s_maxbytes); + iov_iter_truncate(iter, inode->i_sb->s_maxbytes - iocb->ki_pos); folio_batch_init(&fbatch);
do {