Re: [PATCH] fuse: reject fuse_notify() pagecache ops on directories

Next message: Benjamin Tissoires: "Re: [PATCH v3 0/4] HID: Proper fix for OOM in hid-core"
Previous message: Dave Stevenson: "Re: [PATCH] media: i2c: imx334: add new link frequency configuration"
In reply to: Jann Horn: "[PATCH] fuse: reject fuse_notify() pagecache ops on directories"
Next in thread: Jann Horn: "Re: [PATCH] fuse: reject fuse_notify() pagecache ops on directories"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Miklos Szeredi

Date: Tue May 19 2026 - 10:10:58 EST

On Tue, 19 May 2026 at 16:00, Jann Horn <jannh@xxxxxxxxxx> wrote:
>
> The operations FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE allow the
> FUSE daemon to actively write/read pagecache contents.
>
> For directories with FOPEN_CACHE_DIR, the pagecache is used as
> kernel-internal cache storage, and userspace is not supposed to have
> direct access to this cache - in particular, fuse_parse_cache() will hit
> WARN_ON() if the cache contains bogus data.
>
> Reject FUSE_NOTIFY_STORE and FUSE_NOTIFY_RETRIEVE on directories with
> -EINVAL.

Good catch.

Shouldn't this reject !S_ISREG()? Symlinks also use the page cache
and could break if overwritten by arbitrary data.

Thanks,
Miklos