From: Hou Tao <houtao1@xxxxxxxxxx>
The third argument of folio_zero_range() should be the length to be
zeroed, not the total length. Fix it by using folio_zero_segment()
instead in fuse_notify_store().
Reported-by: syzbot+65d101735df4bb19d2a3@xxxxxxxxxxxxxxxxxxxxxxxxx
Fixes: 5d9e1455630d ("fuse: convert fuse_notify_store to use folios")
Signed-off-by: Hou Tao <houtao1@xxxxxxxxxx>
---
fs/fuse/dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index 824e329b8fd7..eb89a301c406 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -1668,7 +1668,7 @@ static int fuse_notify_store(struct fuse_conn *fc, unsigned int size,
err = fuse_copy_page(cs, &page, offset, this_num, 0);
if (!folio_test_uptodate(folio) && !err && offset == 0 &&
(this_num == folio_size(folio) || file_size == end)) {
- folio_zero_range(folio, this_num, folio_size(folio));
+ folio_zero_segment(folio, this_num, folio_size(folio));
folio_mark_uptodate(folio);
}
folio_unlock(folio);
--
2.29.2
