[PATCH] fuse: add bounds check before truncate_pagecache

[Arijit Banerjee <arijit.banerjee@xxxxxxxxxx>]

If a filesystem returns negative inode sizes,
future reads on the file were causing the cpu
to spin on truncate_pagecache. This seems like
invalid behaviour as a buggy / malicious
filesystem can cause a lockup.

This patch checks for negative sizes before
truncating the page cache.

Signed-off-by: Arijit Banerjee <arijit@xxxxxxxxxx>
---
 fs/fuse/inode.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 1b3f3b6..5744d16 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -236,7 +236,9 @@ void fuse_change_attributes(struct inode *inode, struct fuse_attr *attr,
 		bool inval = false;
 
 		if (oldsize != attr->size) {
-			truncate_pagecache(inode, attr->size);
+			if ((off_t)attr->size >= 0)
+				truncate_pagecache(inode, attr->size);
+
 			inval = true;
 		} else if (fc->auto_inval_data) {
 			struct timespec64 new_mtime = {
-- 
1.9.1