[lvc-project] syzbot program that crashes netfslib can also crash fuse
Bernd Schubert
bernd.schubert at fastmail.fm
Fri Dec 6 15:41:05 MSK 2024
On 12/4/24 13:41, Miklos Szeredi wrote:
> On Wed, 4 Dec 2024 at 10:56, David Howells <dhowells at redhat.com> wrote:
>>
>> Interesting... The test program also causes fuse to oops (see attached) over
>> without even getting to netfslib. The BUG is in iov_iter_revert():
>>
>> if (iov_iter_is_xarray(i) || iter_is_ubuf(i)) {
>> BUG(); /* We should never go beyond the start of the specified
>> * range since we might then be straying into pages that
>> * aren't pinned.
>> */
>
> Can you please test this?
>
> --- a/fs/fuse/file.c
> +++ b/fs/fuse/file.c
> @@ -1541,8 +1541,10 @@ static int fuse_get_user_pages(struct
> fuse_args_pages *ap, struct iov_iter *ii,
> */
> struct page **pages = kzalloc(max_pages * sizeof(struct page *),
> GFP_KERNEL);
> - if (!pages)
> + if (!pages) {
> + *nbytesp = 0;
> return -ENOMEM;
> + }
>
> while (nbytes < *nbytesp && nr_pages < max_pages) {
> unsigned nfolios, i;
>
> (Also attaching patch without whitespace damage.)
I had already posted a patch on Monday.
https://lore.kernel.org/r/20241203-fix-fuse_get_user_pages-v2-1-acce8a29d06b@ddn.com
@David, is that the same sysbot report or another one?
Thanks,
Bernd
More information about the lvc-project
mailing list