[patch 09/22] fuse: fix oops in fuse_send_readpages()

[Greg KH]

-stable review patch.  If anyone has any objections, please let us know.

------------------
During heavy parallel filesystem activity it was possible to Oops the
kernel.  The reason is that read_cache_pages() could skip pages which
have already been inserted into the cache by another task.
Occasionally this may result in zero pages actually being sent, while
fuse_send_readpages() relies on at least one page being in the
request.

So check this corner case and just free the request instead of trying
to send it.

Reported and tested by Konstantin Isakov.

Signed-off-by: Miklos Szeredi <miklos@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

---
 fs/fuse/file.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

--- linux-2.6.16.5.orig/fs/fuse/file.c
+++ linux-2.6.16.5/fs/fuse/file.c
@@ -397,8 +397,12 @@ static int fuse_readpages(struct file *f
 		return -EINTR;
 
 	err = read_cache_pages(mapping, pages, fuse_readpages_fill, &data);
-	if (!err)
-		fuse_send_readpages(data.req, file, inode);
+	if (!err) {
+		if (data.req->num_pages)
+			fuse_send_readpages(data.req, file, inode);
+		else
+			fuse_put_request(fc, data.req);
+	}
 	return err;
 }
 

--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/