Re: [PATCH] fuse: do not treat unlimited readdir count as a buffer size

Next message: Gary Guo: "[PATCH 04/10] rust: pin-init: extend `impl_zeroable_option` macro to handle generics"
Previous message: Simon Schippers: "Re: [PATCH net-next v9 4/4] tun/tap &amp; vhost-net: avoid ptr_ring tail-drop when a qdisc is present"
In reply to: Matthew R. Ochs: "[PATCH] fuse: do not treat unlimited readdir count as a buffer size"
Next in thread: Matt Ochs: "Re: [PATCH] fuse: do not treat unlimited readdir count as a buffer size"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Miklos Szeredi

Date: Tue Apr 28 2026 - 09:24:05 EST

On Tue, 28 Apr 2026 at 04:13, Matthew R. Ochs <mochs@xxxxxxxxxx> wrote:

> For virtiofs, the output kvec is included in the request bounce buffer
> allocated by copy_args_to_argbuf():
>
> req->argbuf = kmalloc(len, GFP_ATOMIC);

Ugh. The real bug here is inappropriate use of the bounce buffer.
fuse_readdir_uncached() should instead supply an array of pages.

It's a little more complicated, but would fix this properly: overlayfs
does want to get as much of the directory as possible in one go to be
most efficient.

I'd go with vmalloc -> alloc_pages_bulk, then vm_map_ram() before
parsing the result.

Thanks,
Miklos