git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Deepanshu Kartikey <kartikey406@gmail.com>
	Sat, 7 Mar 2026 09:00:41 +0000 (14:30 +0530)
committer	Christian Brauner <brauner@kernel.org>
	Mon, 9 Mar 2026 09:17:00 +0000 (10:17 +0100)
commit	67e467a11f62ff64ad219dc6aa5459e132c79d14
tree	99ee34d0bb3bc9f7048b729f6bdca0d2c498b3e0	tree \| snapshot
parent	d320f160aa5ff36cdf83c645cca52b615e866e32	commit \| diff

netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators

When a process crashes and the kernel writes a core dump to a 9P
filesystem, __kernel_write() creates an ITER_KVEC iterator. This
iterator reaches netfs_limit_iter() via netfs_unbuffered_write(), which
only handles ITER_FOLIOQ, ITER_BVEC and ITER_XARRAY iterator types,
hitting the BUG() for any other type.

Fix this by adding netfs_limit_kvec() following the same pattern as
netfs_limit_bvec(), since both kvec and bvec are simple segment arrays
with pointer and length fields. Dispatch it from netfs_limit_iter() when
the iterator type is ITER_KVEC.

Fixes: cae932d3aee5 ("netfs: Add func to calculate pagecount/size-limited span of an iterator")
Reported-by: syzbot+9c058f0d63475adc97fd@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=9c058f0d63475adc97fd
Tested-by: syzbot+9c058f0d63475adc97fd@syzkaller.appspotmail.com
Signed-off-by: Deepanshu Kartikey <Kartikey406@gmail.com>
Link: https://patch.msgid.link/20260307090041.359870-1-kartikey406@gmail.com
Signed-off-by: Christian Brauner <brauner@kernel.org>