[lvc-project] syzbot program that crashes netfslib can also crash fuse
Miklos Szeredi
miklos at szeredi.hu
Wed Dec 4 15:41:42 MSK 2024
On Wed, 4 Dec 2024 at 10:56, David Howells <dhowells at redhat.com> wrote:
>
> Interesting... The test program also causes fuse to oops (see attached) over
> without even getting to netfslib. The BUG is in iov_iter_revert():
>
> if (iov_iter_is_xarray(i) || iter_is_ubuf(i)) {
> BUG(); /* We should never go beyond the start of the specified
> * range since we might then be straying into pages that
> * aren't pinned.
> */
Can you please test this?
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -1541,8 +1541,10 @@ static int fuse_get_user_pages(struct
fuse_args_pages *ap, struct iov_iter *ii,
*/
struct page **pages = kzalloc(max_pages * sizeof(struct page *),
GFP_KERNEL);
- if (!pages)
+ if (!pages) {
+ *nbytesp = 0;
return -ENOMEM;
+ }
while (nbytes < *nbytesp && nr_pages < max_pages) {
unsigned nfolios, i;
(Also attaching patch without whitespace damage.)
Thanks,
Miklos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-fuse_get_user_pages-alloc-failure.patch
Type: text/x-patch
Size: 476 bytes
Desc: not available
URL: <http://linuxtesting.org/pipermail/lvc-project/attachments/20241204/1b135529/attachment.bin>
More information about the lvc-project
mailing list