On Wed, 4 Dec 2024 at 10:56, David Howells <dhowells@xxxxxxxxxx> wrote: > > Interesting... The test program also causes fuse to oops (see attached) over > without even getting to netfslib. The BUG is in iov_iter_revert(): > > if (iov_iter_is_xarray(i) || iter_is_ubuf(i)) { > BUG(); /* We should never go beyond the start of the specified > * range since we might then be straying into pages that > * aren't pinned. > */ Can you please test this? --- a/fs/fuse/file.c +++ b/fs/fuse/file.c @@ -1541,8 +1541,10 @@ static int fuse_get_user_pages(struct fuse_args_pages *ap, struct iov_iter *ii, */ struct page **pages = kzalloc(max_pages * sizeof(struct page *), GFP_KERNEL); - if (!pages) + if (!pages) { + *nbytesp = 0; return -ENOMEM; + } while (nbytes < *nbytesp && nr_pages < max_pages) { unsigned nfolios, i; (Also attaching patch without whitespace damage.) Thanks, Miklos
diff --git a/fs/fuse/file.c b/fs/fuse/file.c index 88d0946b5bc9..bc019fac0b55 100644 --- a/fs/fuse/file.c +++ b/fs/fuse/file.c @@ -1541,8 +1541,10 @@ static int fuse_get_user_pages(struct fuse_args_pages *ap, struct iov_iter *ii, */ struct page **pages = kzalloc(max_pages * sizeof(struct page *), GFP_KERNEL); - if (!pages) + if (!pages) { + *nbytesp = 0; return -ENOMEM; + } while (nbytes < *nbytesp && nr_pages < max_pages) { unsigned nfolios, i;