stable inclusion
from stable-v5.10.119
commit 8adb751d294ed3b668f1c7e41bd7ebe49002a744
category: bugfix
bugzilla: 186671, https://gitee.com/src-openeuler/kernel/issues/I56MH6
CVE: CVE-2022-1508

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=8adb751d294ed3b668f1c7e41bd7ebe49002a744

--------------------------------

[ upstream commit cd658695 ]

The issue was first described and addressed in
89c2b3b7 ("io_uring: reexpand under-reexpanded iters"), but
shortly after reimplemented as.
cd658695 ("io_uring: use iov_iter state save/restore helpers").

Here we follow the approach from the second patch but without in-callback
resubmissions, fixups for not yet supported in 5.10 short read retries
and replacing iov_iter_state with iter copies to not pull even more
dependencies, and because it's just much simpler.
Signed-off-by: NPavel Begunkov <asml.silence@gmail.com>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: NGuo Xuenan <guoxuenan@huawei.com>
Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com>
Reviewed-by: NZhang Yi <yi.zhang@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>