On 11/23/24 10:01, Miklos Szeredi wrote:
> On Fri, 22 Nov 2024 at 00:44, Bernd Schubert <bschubert@xxxxxxx> wrote:
>
>> diff --git a/fs/fuse/dax.c b/fs/fuse/dax.c
>> index 12ef91d170bb3091ac35a33d2b9dc38330b00948..e459b8134ccb089f971bebf8da1f7fc5199c1271 100644
>> --- a/fs/fuse/dax.c
>> +++ b/fs/fuse/dax.c
>> @@ -237,14 +237,17 @@ static int fuse_send_removemapping(struct inode *inode,
>> struct fuse_inode *fi = get_fuse_inode(inode);
>> struct fuse_mount *fm = get_fuse_mount(inode);
>> FUSE_ARGS(args);
>> + struct fuse_zero_in zero_arg;
>
> I'd move this to global scope (i.e. just a single instance for all
> uses) and rename to zero_header.
>
>> diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
>> index fd8898b0c1cca4d117982d5208d78078472b0dfb..6cb45b5332c45f322e9163469ffd114cbc07dc4f 100644
>> --- a/fs/fuse/dev.c
>> +++ b/fs/fuse/dev.c
>> @@ -1053,6 +1053,19 @@ static int fuse_copy_args(struct fuse_copy_state *cs, unsigned numargs,
>>
>> for (i = 0; !err && i < numargs; i++) {
>> struct fuse_arg *arg = &args[i];
>> +
>> + /* zero headers */
>> + if (arg->size == 0) {
>> + if (WARN_ON_ONCE(i != 0)) {
>> + if (cs->req)
>> + pr_err_once(
>> + "fuse: zero size header in opcode %d\n",
>> + cs->req->in.h.opcode);
>> + return -EINVAL;
>> + }
>
> Just keep the WARN_ON_ONCE() and drop everything else, including
> return -EINVAL. The same thing should happen without the arg->size ==
> 0 check
I have to remove the WARN_ON_ONCE condition altogether, gets triggered by
/dev/fuse read (i.e. with io-uring being disabled), in generic/062,
op code=39 (FUSE_IOCTL).
Without the pr_err_once() and printing the op code it would have been impossible
to see which op code that is - the trace does not help here.
Thanks,
Bernd
