[PATCH] fuse: fix oops in fuse_send_readpages()

During heavy parallel filesystem activity it was possible to Oops the
kernel.  The reason is that read_cache_pages() could skip pages which
have already been inserted into the cache by another task.
Occasionally this may result in zero pages actually being sent, while
fuse_send_readpages() relies on at least one page being in the
request.

So check this corner case and just free the request instead of trying
to send it.

Reported and tested by Konstantin Isakov.

Signed-off-by: Miklos Szeredi <miklos@szeredi.hu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index 6f05379b0a0d31e41cc9373d6594097a82c55905..ce93cf9fd0f06a43dca3f8544abd6d0b654f42a7 100644 (file)
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -397,8 +397,12 @@ static int fuse_readpages(struct file *file, struct address_space *mapping,
                return -EINTR;
 
        err = read_cache_pages(mapping, pages, fuse_readpages_fill, &data);
-       if (!err)
-               fuse_send_readpages(data.req, file, inode);
+       if (!err) {
+               if (data.req->num_pages)
+                       fuse_send_readpages(data.req, file, inode);
+               else
+                       fuse_put_request(fc, data.req);
+       }
        return err;
 }