Comment 20 for bug 231746

SRU justification:

Impact: iov_iter_advance() skips over zero-length iovecs, however it does not properly terminate at the end of the iovec array. This leads to kernel crashed under this circumstances.

Fix: Check i->count before skipping zero length iov. And also include a fixup to check whther already iteraded over the whole array. One fix comes from the 2.6.24.y stable tree, the other from the 2.6.26.y stable tree.

Testcase: see bug report.