fuse: prevent overflow in copy_file_range return value - kernel

diff options

author	Miklos Szeredi <[email protected]>	2025-08-12 12:46:34 +0000
committer	Miklos Szeredi <[email protected]>	2025-08-26 10:43:31 +0000
commit	1e08938c3694f707bb165535df352ac97a8c75c9 (patch)
tree	49d4361c8cc5595312c64b4a7743b59d709aafbd /tools/testing/selftests/filesystems/utils.c
parent	fuse: check if copy_file_range() returns larger than requested size (diff)
download	kernel-1e08938c3694f707bb165535df352ac97a8c75c9.tar.gz kernel-1e08938c3694f707bb165535df352ac97a8c75c9.zip

fuse: prevent overflow in copy_file_range return value

The FUSE protocol uses struct fuse_write_out to convey the return value of copy_file_range, which is restricted to uint32_t. But the COPY_FILE_RANGE interface supports a 64-bit size copies. Currently the number of bytes copied is silently truncated to 32-bit, which may result in poor performance or even failure to copy in case of truncation to zero. Reported-by: Florian Weimer <[email protected]> Closes: https://lore.kernel.org/all/[email protected]/ Fixes: 88bc7d5097a1 ("fuse: add support for copy_file_range()") Cc: <[email protected]> # v4.20 Signed-off-by: Miklos Szeredi <[email protected]>

Diffstat (limited to 'tools/testing/selftests/filesystems/utils.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: