fuse: fix readdir cache race
stable inclusion from stable-v5.10.155 commit 76eba54f0ddfb580240f150b90b87d57fb3924e3 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I7M5F4 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=76eba54f0ddfb580240f150b90b87d57fb3924e3 -------------------------------- [ Upstream commit 9fa248c6 ] There's a race in fuse's readdir cache that can result in an uninitilized page being read. The page lock is supposed to prevent this from happening but in the following case it doesn't: Two fuse_add_dirent_to_cache() start out and get the same parameters (size=0,offset=0). One of them wins the race to create and lock the page, after which it fills in data, sets rdc.size and unlocks the page. In the meantime the page gets evicted from the cache before the other instance gets to run. That one also creates the page, but finds the size to be mismatched, bails out and leaves the uninitialized page in the cache. Fix by marking a filled page uptodate and ignoring non-uptodate pages. Reported-by:Frank Sorenson <fsorenso@redhat.com> Fixes: 5d7bc7e8 ("fuse: allow using readdir cache") Cc: <stable@vger.kernel.org> # v4.20 Signed-off-by:
Loading
Please sign in to comment