[PATCH 6.12 060/140] fuse: check if copy_file_range() returns larger than requested size

17 Sep 2025

6.12-stable review patch.  If anyone has any objections, please let me know.
------------------
From: Miklos Szeredi mszeredi@redhat.com
commit e5203209b3935041dac541bc5b37efb44220cc0b upstream.
Just like write(), copy_file_range() should check if the return value is
less or equal to the requested number of bytes.
Reported-by: Chunsheng Luo luochunsheng@ustc.edu
Closes: https://lore.kernel.org/all/20250807062425.694-1-luochunsheng@ustc.edu/
Fixes: 88bc7d5097a1 ("fuse: add support for copy_file_range()")
Cc: stable@vger.kernel.org # v4.20
Signed-off-by: Miklos Szeredi mszeredi@redhat.com
Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
---
 fs/fuse/file.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -3295,6 +3295,9 @@ static ssize_t __fuse_copy_file_range(st
    	fc->no_copy_file_range = 1;
    	err = -EOPNOTSUPP;
    }
+	if (!err && outarg.size > len)
+		err = -EIO;
+
    if (err)
    	goto out;

    

2025

2024

2023

2022

2021

2020

2019

2018

2017

[PATCH 6.12 060/140] fuse: check if copy_file_range() returns larger than requested size