fuse: don't leak AOP_TRUNCATED_PAGE from fuse_write_begin()#181
Merged
hbirth merged 1 commit intoJun 11, 2026
Merged
Conversation
fuse_do_readpage() may return AOP_TRUNCATED_PAGE (a positive value) when the daemon fails its DLM lock acquisition with -EAGAIN during an in-flight invalidation. fuse_read_folio() is prepared for that, but fuse_write_begin() forwarded it to generic_perform_write(), which only treats negative returns as errors and went on to use the never-initialized page pointer: the user copy is silently fixed up as a 0-byte short copy and fuse_write_end() then oopses in unlock_page(NULL). Retry the page grab and read inside fuse_write_begin() instead, mirroring the read-side retry done by filemap_fault(). Fixes: 8ecf118 ("fuse: Allow read_folio to retry page fault and read operations") Signed-off-by: Horst Birthelmer <hbirthelmer@ddn.com>
Collaborator
Author
|
This is a quick and dirty reaction to the problem ... I think we have to fix this on the fuse server side |
bsbernd
approved these changes
Jun 11, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
fuse_do_readpage() may return AOP_TRUNCATED_PAGE (a positive value) when the daemon fails its DLM lock acquisition with -EAGAIN during an in-flight invalidation. fuse_read_folio() is prepared for that, but fuse_write_begin() forwarded it to generic_perform_write(), which only treats negative returns as errors and went on to use the never-initialized page pointer: the user copy is silently fixed up as a 0-byte short copy and fuse_write_end() then oopses in unlock_page(NULL).
Retry the page grab and read inside fuse_write_begin() instead, mirroring the read-side retry done by filemap_fault().
Fixes: 8ecf118 ("fuse: Allow read_folio to retry page fault and read operations")