From: Al Viro <viro@ZenIV.linux.org.uk>
Date: Tue, 11 Oct 2016 17:21:14 +0000 (+0100)
Subject: Fix off-by-one in __pipe_get_pages()
X-Git-Tag: v4.9-rc1~48
X-Git-Url: http://git.cascardo.info/?p=cascardo%2Flinux.git;a=commitdiff_plain;h=1689c73a739d094b544c680b0dfdebe52ffee8fb

Fix off-by-one in __pipe_get_pages()

it actually worked only when requested area ended on the page boundary...

Reported-by: Marco Grassi <marco.gra@gmail.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---

diff --git a/lib/iov_iter.c b/lib/iov_iter.c
index 0ce341125195..7312e7784611 100644
--- a/lib/iov_iter.c
+++ b/lib/iov_iter.c
@@ -833,13 +833,13 @@ static inline size_t __pipe_get_pages(struct iov_iter *i,
 				size_t *start)
 {
 	struct pipe_inode_info *pipe = i->pipe;
-	size_t n = push_pipe(i, maxsize, &idx, start);
+	ssize_t n = push_pipe(i, maxsize, &idx, start);
 	if (!n)
 		return -EFAULT;
 
 	maxsize = n;
 	n += *start;
-	while (n >= PAGE_SIZE) {
+	while (n > 0) {
 		get_page(*pages++ = pipe->bufs[idx].page);
 		idx = next_idx(idx, pipe);
 		n -= PAGE_SIZE;