[PATCH 5.10 019/122] fuse: check if copy_file_range() returns larger than requested size

Archive-only list for patches
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	patches@lists.linux.dev, Chunsheng Luo <luochunsheng@ustc.edu>,
	Miklos Szeredi <mszeredi@redhat.com>
Subject: [PATCH 5.10 019/122] fuse: check if copy_file_range() returns larger than requested size
Date: Tue, 30 Sep 2025 16:45:50 +0200	[thread overview]
Message-ID: <20250930143823.777150521@linuxfoundation.org> (raw)
In-Reply-To: <20250930143822.939301999@linuxfoundation.org>

5.10-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Miklos Szeredi <mszeredi@redhat.com>

commit e5203209b3935041dac541bc5b37efb44220cc0b upstream.

Just like write(), copy_file_range() should check if the return value is
less or equal to the requested number of bytes.

Reported-by: Chunsheng Luo <luochunsheng@ustc.edu>
Closes: https://lore.kernel.org/all/20250807062425.694-1-luochunsheng@ustc.edu/
Fixes: 88bc7d5097a1 ("fuse: add support for copy_file_range()")
Cc: <stable@vger.kernel.org> # v4.20
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/fuse/file.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -3450,6 +3450,9 @@ static ssize_t __fuse_copy_file_range(st
 		fc->no_copy_file_range = 1;
 		err = -EOPNOTSUPP;
 	}
+	if (!err && outarg.size > len)
+		err = -EIO;
+
 	if (err)
 		goto out;

next prev parent reply	other threads:[~2025-09-30 14:56 UTC|newest]

Thread overview: 136+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-09-30 14:45 [PATCH 5.10 000/122] 5.10.245-rc1 review Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 001/122] mptcp: pm: kernel: flush: do not reset ADD_ADDR limit Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 002/122] media: mtk-vcodec: venc: avoid -Wenum-compare-conditional warning Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 003/122] media: i2c: imx214: Fix link frequency validation Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 004/122] net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 005/122] mtd: Add check for devm_kcalloc() Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 006/122] flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 007/122] NFSv4: Dont clear capabilities that wont be reset Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 008/122] NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 009/122] tracing: Fix tracing_marker may trigger page fault during preempt_disable Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 010/122] NFSv4/flexfiles: Fix layout merge mirror check Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 011/122] tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 012/122] overflow: Correct check_shl_overflow() comment Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 013/122] compiler.h: drop fallback overflow checkers Greg Kroah-Hartman
2025-10-21 18:02   ` Ben Hutchings
2025-11-03  1:44     ` Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 014/122] overflow: Allow mixed type arguments Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 015/122] EDAC/altera: Delete an inappropriate dma_free_coherent() call Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 016/122] compiler-clang.h: define __SANITIZE_*__ macros only when undefined Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 017/122] ocfs2: fix recursive semaphore deadlock in fiemap call Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 018/122] mtd: rawnand: stm32_fmc2: fix ECC overwrite Greg Kroah-Hartman
2025-09-30 14:45 ` Greg Kroah-Hartman [this message]
2025-09-30 14:45 ` [PATCH 5.10 020/122] fuse: prevent overflow in copy_file_range return value Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 021/122] mm/khugepaged: fix the address passed to notifier on testing young Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 022/122] mtd: rawnand: stm32_fmc2: Fix dma_map_sg error check Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 023/122] mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 024/122] mtd: nand: raw: atmel: Fix comment in timings preparation Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 025/122] mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 026/122] Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 027/122] tty: hvc_console: Call hvc_kick in hvc_write unconditionally Greg Kroah-Hartman
2025-09-30 14:45 ` [PATCH 5.10 028/122] USB: serial: option: add Telit Cinterion FN990A w/audio compositions Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 029/122] USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 030/122] net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 031/122] tunnels: reset the GSO metadata before reusing the skb Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 032/122] igb: fix link test skipping when interface is admin down Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 033/122] genirq/affinity: Add irq_update_affinity_desc() Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 034/122] genirq: Export affinity setter for modules Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 035/122] genirq: Provide new interfaces for affinity hints Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 036/122] i40e: Use irq_update_affinity_hint() Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 037/122] i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 038/122] can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 039/122] can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 040/122] dmaengine: ti: edma: Fix memory allocation size for queue_priority_map Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 041/122] dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 042/122] phy: ti-pipe3: fix device leak at unbind Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 043/122] soc: qcom: mdt_loader: Deal with zero e_shentsize Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 044/122] drm/i915/power: fix size for for_each_set_bit() in abox iteration Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 045/122] mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 046/122] ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 047/122] wifi: mac80211: fix incorrect type for ret Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 048/122] pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 049/122] cgroup: split cgroup_destroy_wq into 3 workqueues Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 050/122] um: virtio_uml: Fix use-after-free after put_device in probe Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 051/122] qed: Dont collect too many protection override GRC elements Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 052/122] net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 053/122] i40e: remove redundant memory barrier when cleaning Tx descs Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 054/122] tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 055/122] Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 056/122] net: liquidio: fix overflow in octeon_init_instr_queue() Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 057/122] cnic: Fix use-after-free bugs in cnic_delete_task Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 058/122] nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 059/122] power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 060/122] power: supply: bq27xxx: restrict no-battery detection to bq27000 Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 061/122] mmc: mvsdio: Fix dma_unmap_sg() nents value Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 062/122] KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 063/122] rds: ib: Increment i_fastreg_wrs before bailing out Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 064/122] ASoC: wm8940: Correct typo in control name Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 065/122] ASoC: wm8974: Correct PLL rate rounding Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 066/122] ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 067/122] drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 068/122] crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 069/122] serial: sc16is7xx: fix bug in flow control levels init Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 070/122] usb: gadget: dummy_hcd: remove usage of list iterator past the loop body Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 071/122] USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 072/122] xhci: dbc: decouple endpoint allocation from initialization Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 073/122] xhci: dbc: Fix full DbC transfer ring after several reconnects Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 074/122] phy: broadcom: convert to devm_platform_ioremap_resource(_byname) Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 075/122] phy: ti: " Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 076/122] phy: phy-bcm-ns-usb3: drop support for deprecated DT binding Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 077/122] phy: broadcom: ns-usb3: fix Wvoid-pointer-to-enum-cast warning Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 078/122] phy: Use device_get_match_data() Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 079/122] phy: ti: omap-usb2: fix device leak at unbind Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 080/122] net: rfkill: gpio: add DT support Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 081/122] net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 082/122] btrfs: tree-checker: fix the incorrect inode ref size check Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 083/122] mptcp: propagate shutdown to subflows when possible Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 084/122] ALSA: usb-audio: Fix block comments in mixer_quirks Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 085/122] ALSA: usb-audio: Drop unnecessary parentheses " Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 086/122] ALSA: usb-audio: Avoid multiple assignments " Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 087/122] ALSA: usb-audio: Simplify NULL comparison " Greg Kroah-Hartman
2025-09-30 14:46 ` [PATCH 5.10 088/122] ALSA: usb-audio: Remove unneeded wmb() " Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 089/122] ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 090/122] ALSA: usb-audio: Convert comma to semicolon Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 091/122] ALSA: usb-audio: Fix build with CONFIG_INPUT=n Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 092/122] usb: core: Add 0x prefix to quirks debug output Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 093/122] IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 094/122] arm64: dts: imx8mp: Correct thermal sensor index Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 095/122] cpufreq: Initialize cpufreq-based invariance before subsys Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 096/122] can: rcar_can: rcar_can_resume(): fix s2ram with PSCI Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 097/122] can: hi311x: populate ndo_change_mtu() to prevent buffer overflow Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 098/122] can: sun4i_can: " Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 099/122] can: mcba_usb: " Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 100/122] can: peak_usb: fix shift-out-of-bounds issue Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 101/122] bnxt_en: correct offset handling for IPv6 destination address Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 102/122] nexthop: Pass extack to nexthop notifier Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 103/122] rtnetlink: Add RTNH_F_TRAP flag Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 104/122] nexthop: Emit a notification when a nexthop is added Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 105/122] nexthop: Emit a notification when a single nexthop is replaced Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 106/122] nexthop: Forbid FDB status change while nexthop is in a group Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 107/122] selftests: fib_nexthops: Fix creation of non-FDB nexthops Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 108/122] drm/gma500: Fix null dereference in hdmi teardown Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 109/122] crypto: af_alg - Fix incorrect boolean values in af_alg_ctx Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 110/122] i40e: fix idx validation in i40e_validate_queue_map Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 111/122] i40e: fix input validation logic for action_meta Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 112/122] i40e: add max boundary check for VF filters Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 113/122] i40e: add mask to apply valid bits for itr_idx Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 114/122] tracing: dynevent: Add a missing lockdown check on dynevent Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 115/122] fbcon: fix integer overflow in fbcon_do_set_font Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 116/122] fbcon: Fix OOB access in font allocation Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 117/122] mm/migrate_device: dont add folio to be freed to LRU in migrate_device_finalize() Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 118/122] i40e: increase max descriptors for XL710 Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 119/122] i40e: add validation for ring_len param Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 120/122] i40e: fix idx validation in config queues msg Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 121/122] i40e: fix validation of VF state in get resources Greg Kroah-Hartman
2025-09-30 14:47 ` [PATCH 5.10 122/122] mm/hugetlb: fix folio is still mapped when deleted Greg Kroah-Hartman
2025-09-30 17:23 ` [PATCH 5.10 000/122] 5.10.245-rc1 review Florian Fainelli
2025-09-30 18:51 ` Brett A C Sheffield
2025-09-30 19:27 ` [PATCH 5.10 000/122] " Naresh Kamboju
2025-10-01 10:23   ` Mark Brown
2025-10-01 10:33   ` Arnd Bergmann
2025-10-01 10:50   ` Greg Kroah-Hartman
2025-10-01 12:10     ` Dan Carpenter
2025-10-01 12:22       ` Naresh Kamboju
2025-09-30 23:05 ` Dominique Martinet
2025-10-01  9:11 ` Jon Hunter
2025-10-03  6:58 ` Pavel Machek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250930143823.777150521@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=luochunsheng@ustc.edu \
    --cc=mszeredi@redhat.com \
    --cc=patches@lists.linux.dev \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox