[PATCH 6.6.y] smb: client: support kvec iterators in async read path

[PATCH 6.6.y] smb: client: support kvec iterators in async read path

[Henrique Carvalho]

commit 3ee1a1fc39819906f04d6c62c180e760cd3a689d upstream.

Add cifs_limit_kvec_subset() and select the appropriate limiter in
cifs_send_async_read() to handle kvec iterators in async read path,
fixing the EIO bug when running executables in cifs shares mounted
with nolease.

This patch -- or equivalent patch, does not exist upstream, as the
upstream code has suffered considerable API changes. The affected path
is currently handled by netfs lib and located under netfs/direct_read.c.

Reproducer:

$ mount.cifs //server/share /mnt -o nolease
$ cat - > /mnt/test.sh <<EOL
echo hallo
EOL
$ chmod +x /mnt/test.sh
$ /mnt/test.sh
bash: /mnt/test.sh: /bin/bash: Defekter Interpreter: Eingabe-/Ausgabefehler
$ rm -f /mnt/test.sh

Fixes: d08089f649a0 ("cifs: Change the I/O paths to use an iterator rather than a page list")
Reported-by: Laura Kerner <laura.kerner@ichaus.de>
Closes: https://bugzilla.suse.com/show_bug.cgi?id=1245449
Signed-off-by: Henrique Carvalho <henrique.carvalho@suse.com>
---
 fs/smb/client/file.c | 46 ++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 44 insertions(+), 2 deletions(-)

diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c
index d883ed75022c..4878c74bae6f 100644
--- a/fs/smb/client/file.c
+++ b/fs/smb/client/file.c
@@ -3527,6 +3527,42 @@ static size_t cifs_limit_bvec_subset(const struct iov_iter *iter, size_t max_siz
 	return span;
 }
 
+static size_t cifs_limit_kvec_subset(const struct iov_iter *iter, size_t max_size,
+				     size_t max_segs, unsigned int *_nsegs)
+{
+	const struct kvec *kvecs = iter->kvec;
+	unsigned int nkv = iter->nr_segs, ix = 0, nsegs = 0;
+	size_t len, span = 0, n = iter->count;
+	size_t skip = iter->iov_offset;
+
+	if (WARN_ON(!iov_iter_is_kvec(iter)) || n == 0)
+		return 0;
+
+	while (n && ix < nkv && skip) {
+		len = kvecs[ix].iov_len;
+		if (skip < len)
+			break;
+		skip -= len;
+		n -= len;
+		ix++;
+	}
+
+	while (n && ix < nkv) {
+		len = min3(n, kvecs[ix].iov_len - skip, max_size);
+		span += len;
+		max_size -= len;
+		nsegs++;
+		ix++;
+		if (max_size == 0 || nsegs >= max_segs)
+			break;
+		skip = 0;
+		n -= len;
+	}
+
+	*_nsegs = nsegs;
+	return span;
+}
+
 static int
 cifs_write_from_iter(loff_t fpos, size_t len, struct iov_iter *from,
 		     struct cifsFileInfo *open_file,
@@ -4079,6 +4115,13 @@ cifs_send_async_read(loff_t fpos, size_t len, struct cifsFileInfo *open_file,
 	int rc;
 	pid_t pid;
 	struct TCP_Server_Info *server;
+	size_t (*limit_iov_subset)(const struct iov_iter *iter, size_t max_size,
+				   size_t max_segs, unsigned int *_nsegs);
+
+	if (iov_iter_is_kvec(&ctx->iter))
+		limit_iov_subset = cifs_limit_kvec_subset;
+	else
+		limit_iov_subset = cifs_limit_bvec_subset;
 
 	server = cifs_pick_channel(tlink_tcon(open_file->tlink)->ses);
 
@@ -4113,8 +4156,7 @@ cifs_send_async_read(loff_t fpos, size_t len, struct cifsFileInfo *open_file,
 
 		max_len = min_t(size_t, len, rsize);
 
-		cur_len = cifs_limit_bvec_subset(&ctx->iter, max_len,
-						 max_segs, &nsegs);
+		cur_len = limit_iov_subset(&ctx->iter, max_len, max_segs, &nsegs);
 		cifs_dbg(FYI, "read-to-iter len=%zx/%zx nsegs=%u/%lu/%u\n",
 			 cur_len, max_len, nsegs, ctx->iter.nr_segs, max_segs);
 		if (cur_len == 0) {
-- 
2.47.0

Re: [PATCH 6.6.y] smb: client: support kvec iterators in async read path

[David Howells]

Henrique Carvalho <henrique.carvalho@suse.com> wrote:

> Add cifs_limit_kvec_subset() and select the appropriate limiter in
> cifs_send_async_read() to handle kvec iterators in async read path,
> fixing the EIO bug when running executables in cifs shares mounted
> with nolease.
> 
> This patch -- or equivalent patch, does not exist upstream, as the
> upstream code has suffered considerable API changes. The affected path
> is currently handled by netfs lib and located under netfs/direct_read.c.

Are you saying that you do see this upstream too?

> Reproducer:
> 
> $ mount.cifs //server/share /mnt -o nolease
> $ cat - > /mnt/test.sh <<EOL
> echo hallo
> EOL
> $ chmod +x /mnt/test.sh
> $ /mnt/test.sh
> bash: /mnt/test.sh: /bin/bash: Defekter Interpreter: Eingabe-/Ausgabefehler
> $ rm -f /mnt/test.sh

Is this what you are expecting to see when it works or when it fails?

David

Re: [PATCH 6.6.y] smb: client: support kvec iterators in async read path

[Henrique Carvalho]

On Fri, Jul 11, 2025 at 10:01:58AM +0100, David Howells wrote:
> Henrique Carvalho <henrique.carvalho@suse.com> wrote:
> 
> > Add cifs_limit_kvec_subset() and select the appropriate limiter in
> > cifs_send_async_read() to handle kvec iterators in async read path,
> > fixing the EIO bug when running executables in cifs shares mounted
> > with nolease.
> > 
> > This patch -- or equivalent patch, does not exist upstream, as the
> > upstream code has suffered considerable API changes. The affected path
> > is currently handled by netfs lib and located under netfs/direct_read.c.
> 
> Are you saying that you do see this upstream too?
> 

No, the patch only targets the 6.6.y stable tree. Since version 6.8,
this path has moved into the netfs layer, so the original bug no longer
exists.

The bug was fixed at least since the commit referred in the commit
message -- 3ee1a1fc3981. In this commit, the call to cifs_user_readv()
is replaced by a call to netfs_unbuffered_read_iter(), inside the
function cifs_strict_readv().

netfs_unbuffered_read_iter() itself was introduced in commit
016dc8516aec8, along with other netfs api changes, present in kernel
versions 6.8+.

Backporting netfs directly would be non-trivial. Instead, I:

- add cifs_limit_kvec_subset(), modeled on the existing
  cifs_limit_bvec_subset()
- choose between the kvec or bvec limiter function early in
  cifs_write_from_iter().

The Fixes tag references d08089f649a0c, which implements
cifs_limit_bvec_subset() and uses it inside cifs_write_from_iter().

> > Reproducer:
> > 
> > $ mount.cifs //server/share /mnt -o nolease
> > $ cat - > /mnt/test.sh <<EOL
> > echo hallo
> > EOL
> > $ chmod +x /mnt/test.sh
> > $ /mnt/test.sh
> > bash: /mnt/test.sh: /bin/bash: Defekter Interpreter: Eingabe-/Ausgabefehler
> > $ rm -f /mnt/test.sh
> 
> Is this what you are expecting to see when it works or when it fails?
> 

This is the reproducer for the observed bug. In english it reads "Bad
interpreter: Input/Output error".

FYI: I tried to follow Option 3 of the stable-kernel rules for submission:
<https://www.kernel.org/doc/html/v6.15/process/stable-kernel-rules.html>
Please let me know if you'd prefer a different approach or any further
changes.


Henrique

Re: [PATCH 6.6.y] smb: client: support kvec iterators in async read path

[Bharath SM]

On Fri, Jul 11, 2025 at 9:01 AM Henrique Carvalho
<henrique.carvalho@suse.com> wrote:
>
> On Fri, Jul 11, 2025 at 10:01:58AM +0100, David Howells wrote:
> > Henrique Carvalho <henrique.carvalho@suse.com> wrote:
> >
> > > Add cifs_limit_kvec_subset() and select the appropriate limiter in
> > > cifs_send_async_read() to handle kvec iterators in async read path,
> > > fixing the EIO bug when running executables in cifs shares mounted
> > > with nolease.
> > >
> > > This patch -- or equivalent patch, does not exist upstream, as the
> > > upstream code has suffered considerable API changes. The affected path
> > > is currently handled by netfs lib and located under netfs/direct_read.c.
> >
> > Are you saying that you do see this upstream too?
> >
>
> No, the patch only targets the 6.6.y stable tree. Since version 6.8,
> this path has moved into the netfs layer, so the original bug no longer
> exists.
>
> The bug was fixed at least since the commit referred in the commit
> message -- 3ee1a1fc3981. In this commit, the call to cifs_user_readv()
> is replaced by a call to netfs_unbuffered_read_iter(), inside the
> function cifs_strict_readv().
>
> netfs_unbuffered_read_iter() itself was introduced in commit
> 016dc8516aec8, along with other netfs api changes, present in kernel
> versions 6.8+.
>
> Backporting netfs directly would be non-trivial. Instead, I:
>
> - add cifs_limit_kvec_subset(), modeled on the existing
>   cifs_limit_bvec_subset()
> - choose between the kvec or bvec limiter function early in
>   cifs_write_from_iter().
>
> The Fixes tag references d08089f649a0c, which implements
> cifs_limit_bvec_subset() and uses it inside cifs_write_from_iter().
>
> > > Reproducer:
> > >
> > > $ mount.cifs //server/share /mnt -o nolease
> > > $ cat - > /mnt/test.sh <<EOL
> > > echo hallo
> > > EOL
> > > $ chmod +x /mnt/test.sh
> > > $ /mnt/test.sh
> > > bash: /mnt/test.sh: /bin/bash: Defekter Interpreter: Eingabe-/Ausgabefehler
> > > $ rm -f /mnt/test.sh
> >
> > Is this what you are expecting to see when it works or when it fails?
> >
>
> This is the reproducer for the observed bug. In english it reads "Bad
> interpreter: Input/Output error".
>
> FYI: I tried to follow Option 3 of the stable-kernel rules for submission:
> <https://www.kernel.org/doc/html/v6.15/process/stable-kernel-rules.html>
> Please let me know if you'd prefer a different approach or any further
> changes.
Thanks Henrique.

Hi Greg,

We are observing the same issue with the 6.6 Kernel, Can you please
help include this patch in the 6.6 stable kernel.?

Hi David and Steve,

Can you please review this patch and share your comments.?

-Bharath

Re: [PATCH 6.6.y] smb: client: support kvec iterators in async read path

[Greg KH]

On Thu, Nov 06, 2025 at 06:02:39AM -0800, Bharath SM wrote:
> On Fri, Jul 11, 2025 at 9:01 AM Henrique Carvalho
> <henrique.carvalho@suse.com> wrote:
> >
> > On Fri, Jul 11, 2025 at 10:01:58AM +0100, David Howells wrote:
> > > Henrique Carvalho <henrique.carvalho@suse.com> wrote:
> > >
> > > > Add cifs_limit_kvec_subset() and select the appropriate limiter in
> > > > cifs_send_async_read() to handle kvec iterators in async read path,
> > > > fixing the EIO bug when running executables in cifs shares mounted
> > > > with nolease.
> > > >
> > > > This patch -- or equivalent patch, does not exist upstream, as the
> > > > upstream code has suffered considerable API changes. The affected path
> > > > is currently handled by netfs lib and located under netfs/direct_read.c.
> > >
> > > Are you saying that you do see this upstream too?
> > >
> >
> > No, the patch only targets the 6.6.y stable tree. Since version 6.8,
> > this path has moved into the netfs layer, so the original bug no longer
> > exists.
> >
> > The bug was fixed at least since the commit referred in the commit
> > message -- 3ee1a1fc3981. In this commit, the call to cifs_user_readv()
> > is replaced by a call to netfs_unbuffered_read_iter(), inside the
> > function cifs_strict_readv().
> >
> > netfs_unbuffered_read_iter() itself was introduced in commit
> > 016dc8516aec8, along with other netfs api changes, present in kernel
> > versions 6.8+.
> >
> > Backporting netfs directly would be non-trivial. Instead, I:
> >
> > - add cifs_limit_kvec_subset(), modeled on the existing
> >   cifs_limit_bvec_subset()
> > - choose between the kvec or bvec limiter function early in
> >   cifs_write_from_iter().
> >
> > The Fixes tag references d08089f649a0c, which implements
> > cifs_limit_bvec_subset() and uses it inside cifs_write_from_iter().
> >
> > > > Reproducer:
> > > >
> > > > $ mount.cifs //server/share /mnt -o nolease
> > > > $ cat - > /mnt/test.sh <<EOL
> > > > echo hallo
> > > > EOL
> > > > $ chmod +x /mnt/test.sh
> > > > $ /mnt/test.sh
> > > > bash: /mnt/test.sh: /bin/bash: Defekter Interpreter: Eingabe-/Ausgabefehler
> > > > $ rm -f /mnt/test.sh
> > >
> > > Is this what you are expecting to see when it works or when it fails?
> > >
> >
> > This is the reproducer for the observed bug. In english it reads "Bad
> > interpreter: Input/Output error".
> >
> > FYI: I tried to follow Option 3 of the stable-kernel rules for submission:
> > <https://www.kernel.org/doc/html/v6.15/process/stable-kernel-rules.html>
> > Please let me know if you'd prefer a different approach or any further
> > changes.
> Thanks Henrique.
> 
> Hi Greg,
> 
> We are observing the same issue with the 6.6 Kernel, Can you please
> help include this patch in the 6.6 stable kernel.?

Pleas provide a working backport and we will be glad to imclude it.

thanks,

greg k-h

Re: [PATCH 6.6.y] smb: client: support kvec iterators in async read path

[Bharath SM]

[-- Attachment #1: Type: text/plain, Size: 3328 bytes --]

On Fri, Nov 21, 2025 at 2:02 AM Greg KH <gregkh@linuxfoundation.org> wrote:
>
> On Thu, Nov 06, 2025 at 06:02:39AM -0800, Bharath SM wrote:
> > On Fri, Jul 11, 2025 at 9:01 AM Henrique Carvalho
> > <henrique.carvalho@suse.com> wrote:
> > >
> > > On Fri, Jul 11, 2025 at 10:01:58AM +0100, David Howells wrote:
> > > > Henrique Carvalho <henrique.carvalho@suse.com> wrote:
> > > >
> > > > > Add cifs_limit_kvec_subset() and select the appropriate limiter in
> > > > > cifs_send_async_read() to handle kvec iterators in async read path,
> > > > > fixing the EIO bug when running executables in cifs shares mounted
> > > > > with nolease.
> > > > >
> > > > > This patch -- or equivalent patch, does not exist upstream, as the
> > > > > upstream code has suffered considerable API changes. The affected path
> > > > > is currently handled by netfs lib and located under netfs/direct_read.c.
> > > >
> > > > Are you saying that you do see this upstream too?
> > > >
> > >
> > > No, the patch only targets the 6.6.y stable tree. Since version 6.8,
> > > this path has moved into the netfs layer, so the original bug no longer
> > > exists.
> > >
> > > The bug was fixed at least since the commit referred in the commit
> > > message -- 3ee1a1fc3981. In this commit, the call to cifs_user_readv()
> > > is replaced by a call to netfs_unbuffered_read_iter(), inside the
> > > function cifs_strict_readv().
> > >
> > > netfs_unbuffered_read_iter() itself was introduced in commit
> > > 016dc8516aec8, along with other netfs api changes, present in kernel
> > > versions 6.8+.
> > >
> > > Backporting netfs directly would be non-trivial. Instead, I:
> > >
> > > - add cifs_limit_kvec_subset(), modeled on the existing
> > >   cifs_limit_bvec_subset()
> > > - choose between the kvec or bvec limiter function early in
> > >   cifs_write_from_iter().
> > >
> > > The Fixes tag references d08089f649a0c, which implements
> > > cifs_limit_bvec_subset() and uses it inside cifs_write_from_iter().
> > >
> > > > > Reproducer:
> > > > >
> > > > > $ mount.cifs //server/share /mnt -o nolease
> > > > > $ cat - > /mnt/test.sh <<EOL
> > > > > echo hallo
> > > > > EOL
> > > > > $ chmod +x /mnt/test.sh
> > > > > $ /mnt/test.sh
> > > > > bash: /mnt/test.sh: /bin/bash: Defekter Interpreter: Eingabe-/Ausgabefehler
> > > > > $ rm -f /mnt/test.sh
> > > >
> > > > Is this what you are expecting to see when it works or when it fails?
> > > >
> > >
> > > This is the reproducer for the observed bug. In english it reads "Bad
> > > interpreter: Input/Output error".
> > >
> > > FYI: I tried to follow Option 3 of the stable-kernel rules for submission:
> > > <https://www.kernel.org/doc/html/v6.15/process/stable-kernel-rules.html>
> > > Please let me know if you'd prefer a different approach or any further
> > > changes.
> > Thanks Henrique.
> >
> > Hi Greg,
> >
> > We are observing the same issue with the 6.6 Kernel, Can you please
> > help include this patch in the 6.6 stable kernel.?
>
> Pleas provide a working backport and we will be glad to imclude it.
>
This fix is not needed now in the stable kernels as "[PATCH] cifs: Fix
uncached read into ITER_KVEC iterator" submitted
in email thread "Request to backport data corruption fix to stable"
fixes this issue.

[-- Attachment #2: 0001-cifs-Fix-uncached-read-into-ITER_KVEC-iterator.patch --]
[-- Type: application/octet-stream, Size: 4589 bytes --]

From 5c026335eef10805a3b5d3624c464f2393f859e2 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Fri, 14 Nov 2025 06:13:35 +0000
Subject: [PATCH] cifs: Fix uncached read into ITER_KVEC iterator

If a cifs share is mounted cache=none, internal reads (such as by exec)
will pass a KVEC iterator down from __cifs_readv() to
cifs_send_async_read() which will then call cifs_limit_bvec_subset() upon
it to limit the number of contiguous elements for RDMA purposes.  This
doesn't work on non-BVEC iterators, however.

Fix this by extracting a KVEC iterator into a BVEC iterator in
__cifs_readv()  (it would be dup'd anyway it async).

This caused the following warning:

  WARNING: CPU: 0 PID: 6290 at fs/smb/client/file.c:3549 cifs_limit_bvec_subset+0xe/0xc0
  ...
  Call Trace:
   <TASK>
   cifs_send_async_read+0x146/0x2e0
   __cifs_readv+0x207/0x2d0
   __kernel_read+0xf6/0x160
   search_binary_handler+0x49/0x210
   exec_binprm+0x4a/0x140
   bprm_execve.part.0+0xe4/0x170
   do_execveat_common.isra.0+0x196/0x1c0
   do_execve+0x1f/0x30

Fixes: d08089f649a0 ("cifs: Change the I/O paths to use an iterator rather than a page list")
Acked-by: Bharath SM <bharathsm@microsoft.com>
Tested-by: Bharath SM <bharathsm@microsoft.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: stable@kernel.org # v6.6~v6.9
---
 fs/smb/client/file.c | 97 ++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 94 insertions(+), 3 deletions(-)

diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c
index 1058066913dd..4d38011413a0 100644
--- a/fs/smb/client/file.c
+++ b/fs/smb/client/file.c
@@ -37,6 +37,81 @@
 #include "cifs_ioctl.h"
 #include "cached_dir.h"
 
+/*
+ * Allocate a bio_vec array and extract up to sg_max pages from a KVEC-type
+ * iterator and add them to the array.  This can deal with vmalloc'd buffers as
+ * well as kmalloc'd or static buffers.  The pages are not pinned.
+ */
+static ssize_t extract_kvec_to_bvec(struct iov_iter *iter, ssize_t maxsize,
+					unsigned int bc_max,
+					struct bio_vec **_bv, unsigned int *_bc)
+{
+	const struct kvec *kv = iter->kvec;
+	struct bio_vec *bv;
+	unsigned long start = iter->iov_offset;
+	unsigned int i, bc = 0;
+	ssize_t ret = 0;
+
+	bc_max = iov_iter_npages(iter, bc_max);
+	if (bc_max == 0) {
+		*_bv = NULL;
+		*_bc = 0;
+		return 0;
+	}
+
+	bv = kvmalloc(array_size(bc_max, sizeof(*bv)), GFP_NOFS);
+	if (!bv) {
+		*_bv = NULL;
+		*_bc = 0;
+		return -ENOMEM;
+	}
+	*_bv = bv;
+
+	for (i = 0; i < iter->nr_segs; i++) {
+		struct page *page;
+		unsigned long kaddr;
+		size_t off, len, seg;
+
+		len = kv[i].iov_len;
+		if (start >= len) {
+			start -= len;
+			continue;
+		}
+
+		kaddr = (unsigned long)kv[i].iov_base + start;
+		off = kaddr & ~PAGE_MASK;
+		len = min_t(size_t, maxsize, len - start);
+		kaddr &= PAGE_MASK;
+
+		maxsize -= len;
+		ret += len;
+		do {
+			seg = umin(len, PAGE_SIZE - off);
+			if (is_vmalloc_or_module_addr((void *)kaddr))
+				page = vmalloc_to_page((void *)kaddr);
+			else
+				page = virt_to_page((void *)kaddr);
+
+			bvec_set_page(bv, page, len, off);
+			bv++;
+			bc++;
+
+			len -= seg;
+			kaddr += PAGE_SIZE;
+			off = 0;
+		} while (len > 0 && bc < bc_max);
+
+		if (maxsize <= 0 || bc >= bc_max)
+			break;
+		start = 0;
+	}
+
+	if (ret > 0)
+		iov_iter_advance(iter, ret);
+	*_bc = bc;
+	return ret;
+}
+
 /*
  * Remove the dirty flags from a span of pages.
  */
@@ -4318,11 +4393,27 @@ static ssize_t __cifs_readv(
 		ctx->bv = (void *)ctx->iter.bvec;
 		ctx->bv_need_unpin = iov_iter_extract_will_pin(to);
 		ctx->should_dirty = true;
-	} else if ((iov_iter_is_bvec(to) || iov_iter_is_kvec(to)) &&
-		   !is_sync_kiocb(iocb)) {
+	} else if (iov_iter_is_kvec(to)) {
+		/*
+		 * Extract a KVEC-type iterator into a BVEC-type iterator.  We
+		 * assume that the storage will be retained by the caller; in
+		 * any case, we may or may not be able to pin the pages, so we
+		 * don't try.
+		 */
+		unsigned int bc;
+
+		rc = extract_kvec_to_bvec(to, iov_iter_count(to), INT_MAX,
+					&ctx->bv, &bc);
+		if (rc < 0) {
+			kref_put(&ctx->refcount, cifs_aio_ctx_release);
+			return rc;
+		}
+
+		iov_iter_bvec(&ctx->iter, ITER_DEST, ctx->bv, bc, rc);
+	} else if (iov_iter_is_bvec(to) && !is_sync_kiocb(iocb)) {
 		/*
 		 * If the op is asynchronous, we need to copy the list attached
-		 * to a BVEC/KVEC-type iterator, but we assume that the storage
+		 * to a BVEC-type iterator, but we assume that the storage
 		 * will be retained by the caller; in any case, we may or may
 		 * not be able to pin the pages, so we don't try.
 		 */
-- 
2.45.4

Re: [PATCH 6.6.y] smb: client: support kvec iterators in async read path

[Greg KH]

On Fri, Nov 21, 2025 at 02:31:20AM -0800, Bharath SM wrote:
> On Fri, Nov 21, 2025 at 2:02 AM Greg KH <gregkh@linuxfoundation.org> wrote:
> >
> > On Thu, Nov 06, 2025 at 06:02:39AM -0800, Bharath SM wrote:
> > > On Fri, Jul 11, 2025 at 9:01 AM Henrique Carvalho
> > > <henrique.carvalho@suse.com> wrote:
> > > >
> > > > On Fri, Jul 11, 2025 at 10:01:58AM +0100, David Howells wrote:
> > > > > Henrique Carvalho <henrique.carvalho@suse.com> wrote:
> > > > >
> > > > > > Add cifs_limit_kvec_subset() and select the appropriate limiter in
> > > > > > cifs_send_async_read() to handle kvec iterators in async read path,
> > > > > > fixing the EIO bug when running executables in cifs shares mounted
> > > > > > with nolease.
> > > > > >
> > > > > > This patch -- or equivalent patch, does not exist upstream, as the
> > > > > > upstream code has suffered considerable API changes. The affected path
> > > > > > is currently handled by netfs lib and located under netfs/direct_read.c.
> > > > >
> > > > > Are you saying that you do see this upstream too?
> > > > >
> > > >
> > > > No, the patch only targets the 6.6.y stable tree. Since version 6.8,
> > > > this path has moved into the netfs layer, so the original bug no longer
> > > > exists.
> > > >
> > > > The bug was fixed at least since the commit referred in the commit
> > > > message -- 3ee1a1fc3981. In this commit, the call to cifs_user_readv()
> > > > is replaced by a call to netfs_unbuffered_read_iter(), inside the
> > > > function cifs_strict_readv().
> > > >
> > > > netfs_unbuffered_read_iter() itself was introduced in commit
> > > > 016dc8516aec8, along with other netfs api changes, present in kernel
> > > > versions 6.8+.
> > > >
> > > > Backporting netfs directly would be non-trivial. Instead, I:
> > > >
> > > > - add cifs_limit_kvec_subset(), modeled on the existing
> > > >   cifs_limit_bvec_subset()
> > > > - choose between the kvec or bvec limiter function early in
> > > >   cifs_write_from_iter().
> > > >
> > > > The Fixes tag references d08089f649a0c, which implements
> > > > cifs_limit_bvec_subset() and uses it inside cifs_write_from_iter().
> > > >
> > > > > > Reproducer:
> > > > > >
> > > > > > $ mount.cifs //server/share /mnt -o nolease
> > > > > > $ cat - > /mnt/test.sh <<EOL
> > > > > > echo hallo
> > > > > > EOL
> > > > > > $ chmod +x /mnt/test.sh
> > > > > > $ /mnt/test.sh
> > > > > > bash: /mnt/test.sh: /bin/bash: Defekter Interpreter: Eingabe-/Ausgabefehler
> > > > > > $ rm -f /mnt/test.sh
> > > > >
> > > > > Is this what you are expecting to see when it works or when it fails?
> > > > >
> > > >
> > > > This is the reproducer for the observed bug. In english it reads "Bad
> > > > interpreter: Input/Output error".
> > > >
> > > > FYI: I tried to follow Option 3 of the stable-kernel rules for submission:
> > > > <https://www.kernel.org/doc/html/v6.15/process/stable-kernel-rules.html>
> > > > Please let me know if you'd prefer a different approach or any further
> > > > changes.
> > > Thanks Henrique.
> > >
> > > Hi Greg,
> > >
> > > We are observing the same issue with the 6.6 Kernel, Can you please
> > > help include this patch in the 6.6 stable kernel.?
> >
> > Pleas provide a working backport and we will be glad to imclude it.
> >
> This fix is not needed now in the stable kernels as "[PATCH] cifs: Fix
> uncached read into ITER_KVEC iterator" submitted
> in email thread "Request to backport data corruption fix to stable"
> fixes this issue.

I do not understand, what commit fixed this?  You attached a fix, but
that's not needed?

confused,

greg k-h

Re: [PATCH 6.6.y] smb: client: support kvec iterators in async read path

[Bharath SM]

On Thu, Nov 27, 2025 at 5:30 AM Greg KH <gregkh@linuxfoundation.org> wrote:
>
> On Fri, Nov 21, 2025 at 02:31:20AM -0800, Bharath SM wrote:
> > On Fri, Nov 21, 2025 at 2:02 AM Greg KH <gregkh@linuxfoundation.org> wrote:
> > >
> > > On Thu, Nov 06, 2025 at 06:02:39AM -0800, Bharath SM wrote:
> > > > On Fri, Jul 11, 2025 at 9:01 AM Henrique Carvalho
> > > > <henrique.carvalho@suse.com> wrote:
> > > > >
> > > > > On Fri, Jul 11, 2025 at 10:01:58AM +0100, David Howells wrote:
> > > > > > Henrique Carvalho <henrique.carvalho@suse.com> wrote:
> > > > > >
> > > > > > > Add cifs_limit_kvec_subset() and select the appropriate limiter in
> > > > > > > cifs_send_async_read() to handle kvec iterators in async read path,
> > > > > > > fixing the EIO bug when running executables in cifs shares mounted
> > > > > > > with nolease.
> > > > > > >
> > > > > > > This patch -- or equivalent patch, does not exist upstream, as the
> > > > > > > upstream code has suffered considerable API changes. The affected path
> > > > > > > is currently handled by netfs lib and located under netfs/direct_read.c.
> > > > > >
> > > > > > Are you saying that you do see this upstream too?
> > > > > >
> > > > >
> > > > > No, the patch only targets the 6.6.y stable tree. Since version 6.8,
> > > > > this path has moved into the netfs layer, so the original bug no longer
> > > > > exists.
> > > > >
> > > > > The bug was fixed at least since the commit referred in the commit
> > > > > message -- 3ee1a1fc3981. In this commit, the call to cifs_user_readv()
> > > > > is replaced by a call to netfs_unbuffered_read_iter(), inside the
> > > > > function cifs_strict_readv().
> > > > >
> > > > > netfs_unbuffered_read_iter() itself was introduced in commit
> > > > > 016dc8516aec8, along with other netfs api changes, present in kernel
> > > > > versions 6.8+.
> > > > >
> > > > > Backporting netfs directly would be non-trivial. Instead, I:
> > > > >
> > > > > - add cifs_limit_kvec_subset(), modeled on the existing
> > > > >   cifs_limit_bvec_subset()
> > > > > - choose between the kvec or bvec limiter function early in
> > > > >   cifs_write_from_iter().
> > > > >
> > > > > The Fixes tag references d08089f649a0c, which implements
> > > > > cifs_limit_bvec_subset() and uses it inside cifs_write_from_iter().
> > > > >
> > > > > > > Reproducer:
> > > > > > >
> > > > > > > $ mount.cifs //server/share /mnt -o nolease
> > > > > > > $ cat - > /mnt/test.sh <<EOL
> > > > > > > echo hallo
> > > > > > > EOL
> > > > > > > $ chmod +x /mnt/test.sh
> > > > > > > $ /mnt/test.sh
> > > > > > > bash: /mnt/test.sh: /bin/bash: Defekter Interpreter: Eingabe-/Ausgabefehler
> > > > > > > $ rm -f /mnt/test.sh
> > > > > >
> > > > > > Is this what you are expecting to see when it works or when it fails?
> > > > > >
> > > > >
> > > > > This is the reproducer for the observed bug. In english it reads "Bad
> > > > > interpreter: Input/Output error".
> > > > >
> > > > > FYI: I tried to follow Option 3 of the stable-kernel rules for submission:
> > > > > <https://www.kernel.org/doc/html/v6.15/process/stable-kernel-rules.html>
> > > > > Please let me know if you'd prefer a different approach or any further
> > > > > changes.
> > > > Thanks Henrique.
> > > >
> > > > Hi Greg,
> > > >
> > > > We are observing the same issue with the 6.6 Kernel, Can you please
> > > > help include this patch in the 6.6 stable kernel.?
> > >
> > > Pleas provide a working backport and we will be glad to imclude it.
> > >
> > This fix is not needed now in the stable kernels as "[PATCH] cifs: Fix
> > uncached read into ITER_KVEC iterator" submitted
> > in email thread "Request to backport data corruption fix to stable"
> > fixes this issue.
>
> I do not understand, what commit fixed this?  You attached a fix, but
> that's not needed?

For the issue described originally in this thread, both David and
Henrique has submitted different fixes.
Since David's patch already merged to stable kernel 6.6 recently, we
don't need the patch submitted by Henriqie in this thread.

Link to david's patch that is already in 6.6 stable:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/fs/smb/client?h=linux-6.6.y&id=25d6e76639323ee3d1fb4df7066c6d79190f6c33

Thank you.!