PAGE_SIZE - sg->offset may be bigger than sg->length, so we have to cap it.

Reported-by: Yi Zhang yi.zhang@redhat.com Fixes: d5eff33ee6f8("nvmet: add simple file backed ns support") Cc: Yi Zhang yi.zhang@redhat.com Cc: Sagi Grimberg sagi@grimberg.me Cc: Chaitanya Kulkarni chaitanya.kulkarni@wdc.com Cc: stable@vger.kernel.org Signed-off-by: Ming Lei ming.lei@redhat.com --- drivers/nvme/target/io-cmd-file.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/nvme/target/io-cmd-file.c b/drivers/nvme/target/io-cmd-file.c index d67a43832cb1..149e17e699e5 100644 --- a/drivers/nvme/target/io-cmd-file.c +++ b/drivers/nvme/target/io-cmd-file.c @@ -79,7 +79,8 @@ static void nvmet_file_init_bvec(struct bio_vec *bv, struct sg_page_iter *iter) { bv->bv_page = sg_page_iter_page(iter); bv->bv_offset = iter->sg->offset; - bv->bv_len = PAGE_SIZE - iter->sg->offset; + bv->bv_len = min_t(unsigned, PAGE_SIZE - iter->sg->offset, + iter->sg->length); }

static ssize_t nvmet_file_submit_bvec(struct nvmet_req *req, loff_t pos,