On Fri, 22 Nov 2024 at 00:44, Bernd Schubert <bschubert@xxxxxxx> wrote:
> diff --git a/fs/fuse/dax.c b/fs/fuse/dax.c
> index 12ef91d170bb3091ac35a33d2b9dc38330b00948..e459b8134ccb089f971bebf8da1f7fc5199c1271 100644
> --- a/fs/fuse/dax.c
> +++ b/fs/fuse/dax.c
> @@ -237,14 +237,17 @@ static int fuse_send_removemapping(struct inode *inode,
> struct fuse_inode *fi = get_fuse_inode(inode);
> struct fuse_mount *fm = get_fuse_mount(inode);
> FUSE_ARGS(args);
> + struct fuse_zero_in zero_arg;
I'd move this to global scope (i.e. just a single instance for all
uses) and rename to zero_header.
> diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
> index fd8898b0c1cca4d117982d5208d78078472b0dfb..6cb45b5332c45f322e9163469ffd114cbc07dc4f 100644
> --- a/fs/fuse/dev.c
> +++ b/fs/fuse/dev.c
> @@ -1053,6 +1053,19 @@ static int fuse_copy_args(struct fuse_copy_state *cs, unsigned numargs,
>
> for (i = 0; !err && i < numargs; i++) {
> struct fuse_arg *arg = &args[i];
> +
> + /* zero headers */
> + if (arg->size == 0) {
> + if (WARN_ON_ONCE(i != 0)) {
> + if (cs->req)
> + pr_err_once(
> + "fuse: zero size header in opcode %d\n",
> + cs->req->in.h.opcode);
> + return -EINVAL;
> + }
Just keep the WARN_ON_ONCE() and drop everything else, including
return -EINVAL. The same thing should happen without the arg->size ==
0 check.
Thanks,
Miklos
