[PATCH 02/26] netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators
Paulo Alcantara
pc at manguebit.org
Sat Mar 28 11:21:30 PDT 2026
David Howells <dhowells at redhat.com> writes:
> From: Deepanshu Kartikey <kartikey406 at gmail.com>
>
> When a process crashes and the kernel writes a core dump to a 9P
> filesystem, __kernel_write() creates an ITER_KVEC iterator. This
> iterator reaches netfs_limit_iter() via netfs_unbuffered_write(), which
> only handles ITER_FOLIOQ, ITER_BVEC and ITER_XARRAY iterator types,
> hitting the BUG() for any other type.
>
> Fix this by adding netfs_limit_kvec() following the same pattern as
> netfs_limit_bvec(), since both kvec and bvec are simple segment arrays
> with pointer and length fields. Dispatch it from netfs_limit_iter() when
> the iterator type is ITER_KVEC.
>
> Fixes: cae932d3aee5 ("netfs: Add func to calculate pagecount/size-limited span of an iterator")
> Reported-by: syzbot+9c058f0d63475adc97fd at syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=9c058f0d63475adc97fd
> Tested-by: syzbot+9c058f0d63475adc97fd at syzkaller.appspotmail.com
> Signed-off-by: Deepanshu Kartikey <Kartikey406 at gmail.com>
> Signed-off-by: David Howells <dhowells at redhat.com>
> ---
> fs/netfs/iterator.c | 43 +++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 43 insertions(+)
Reviewed-by: Paulo Alcantara (Red Hat) <pc at manguebit.org>
More information about the linux-afs
mailing list