From: Chunwei Chen <tuxoko@gmail.com>
Date: Tue, 29 Sep 2015 07:02:31 +0000 (-0700)
Subject: Fix uioskip crash when skip to end
X-Git-Tag: zfs-0.7.0-rc1~397
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=45838e3a414a7a1a5fb49dc528dee1d22449599b;p=zfs

Fix uioskip crash when skip to end

When doing uioskip to skip an iovec to the very end, the current loop
condition will falsely check pass the end of iovec. We fix this checking
uio_iovcnt first.

Signed-off-by: Chunwei Chen <tuxoko@gmail.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #3806
Closes #3850
---

diff --git a/module/zcommon/zfs_uio.c b/module/zcommon/zfs_uio.c
index 6037fed80..f78db68e4 100644
--- a/module/zcommon/zfs_uio.c
+++ b/module/zcommon/zfs_uio.c
@@ -236,13 +236,15 @@ uioskip(uio_t *uiop, size_t n)
 
 	uiop->uio_skip += n;
 	if (uiop->uio_segflg != UIO_BVEC) {
-		while (uiop->uio_skip >= uiop->uio_iov->iov_len) {
+		while (uiop->uio_iovcnt &&
+		    uiop->uio_skip >= uiop->uio_iov->iov_len) {
 			uiop->uio_skip -= uiop->uio_iov->iov_len;
 			uiop->uio_iov++;
 			uiop->uio_iovcnt--;
 		}
 	} else {
-		while (uiop->uio_skip >= uiop->uio_bvec->bv_len) {
+		while (uiop->uio_iovcnt &&
+		    uiop->uio_skip >= uiop->uio_bvec->bv_len) {
 			uiop->uio_skip -= uiop->uio_bvec->bv_len;
 			uiop->uio_bvec++;
 			uiop->uio_iovcnt--;