author: Kirill Smelkov <kirr@nexedi.com> 2019-03-27 10:15:15 +0000
committer: Miklos Szeredi <mszeredi@redhat.com> 2019-04-24 17:05:07 +0200
commit: d4b13963f217dd947da5c0cabd1569e914d21699
parent: 7640682e67b33cab8628729afec8ca92b851394f
Commit Summary:
Diffstat:
1 file changed, 10 insertions, 0 deletions
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index ea8237513dfa..24ea19cfe07e 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -1317,6 +1317,16 @@ static ssize_t fuse_dev_do_read(struct fuse_dev *fud, struct file *file,
unsigned reqsize;
unsigned int hash;
+ /*
+ * Require sane minimum read buffer - that has capacity for fixed part
+ * of any request header + negotated max_write room for data. If the
+ * requirement is not satisfied return EINVAL to the filesystem server
+ * to indicate that it is not following FUSE server/client contract.
+ * Don't dequeue / abort any request.
+ */
+ if (nbytes < max_t(size_t, FUSE_MIN_READ_BUFFER, 4096 + fc->max_write))
+ return -EINVAL;
+
restart:
spin_lock(&fiq->waitq.lock);
err = -EAGAIN;