Re: syzbot program that crashes netfslib can also crash fuse

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 12/4/24 13:41, Miklos Szeredi wrote:
> On Wed, 4 Dec 2024 at 10:56, David Howells <dhowells@xxxxxxxxxx> wrote:
>>
>> Interesting...  The test program also causes fuse to oops (see attached) over
>> without even getting to netfslib.  The BUG is in iov_iter_revert():
>>
>>         if (iov_iter_is_xarray(i) || iter_is_ubuf(i)) {
>>                 BUG(); /* We should never go beyond the start of the specified
>>                         * range since we might then be straying into pages that
>>                         * aren't pinned.
>>                         */
> 
> Can you please test this?
> 
> --- a/fs/fuse/file.c
> +++ b/fs/fuse/file.c
> @@ -1541,8 +1541,10 @@ static int fuse_get_user_pages(struct
> fuse_args_pages *ap, struct iov_iter *ii,
>          */
>         struct page **pages = kzalloc(max_pages * sizeof(struct page *),
>                                       GFP_KERNEL);
> -       if (!pages)
> +       if (!pages) {
> +               *nbytesp = 0;
>                 return -ENOMEM;
> +       }
> 
>         while (nbytes < *nbytesp && nr_pages < max_pages) {
>                 unsigned nfolios, i;
> 
> (Also attaching patch without whitespace damage.)

I had already posted a patch on Monday.

https://lore.kernel.org/r/20241203-fix-fuse_get_user_pages-v2-1-acce8a29d06b@xxxxxxx

@David, is that the same sysbot report or another one?


Thanks,
Bernd




[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux