[Devel] [PATCH RHEL9 COMMIT] fs/fuse kio: do not allow getting cslist when refcnt is equal to 0
Konstantin Khorenko
khorenko at virtuozzo.com
Fri Dec 15 20:59:25 MSK 2023
The commit is pushed to "branch-rh9-5.14.0-362.8.1.vz9.35.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh9-5.14.0-362.8.1.vz9.35.2
------>
commit 5c38a1637ee6459557789c3355365abb2c04fa38
Author: Yuriy Vasilev <yuriy.vasilev at virtuozzo.com>
Date: Wed Nov 29 11:12:53 2023 +0100
fs/fuse kio: do not allow getting cslist when refcnt is equal to 0
When the refcnt of a cslist is equal to 0, it indicates that the cslist
has been dropped and is going to be freed. In such cases, let's trigger
a BUG_ON to prevent use after free.
https://pmc.acronis.work/browse/VSTOR-76384
Signed-off-by: Yuriy Vasilev <yuriy.vasilev at virtuozzo.com>
Acked-by: Alexey Kuznetsov <kuznet at virtuozzo.com>
---
fs/fuse/kio/pcs/pcs_map.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/fuse/kio/pcs/pcs_map.h b/fs/fuse/kio/pcs/pcs_map.h
index f990c9f9defa..cadc106d45c1 100644
--- a/fs/fuse/kio/pcs/pcs_map.h
+++ b/fs/fuse/kio/pcs/pcs_map.h
@@ -236,7 +236,7 @@ static inline void cslist_get(struct pcs_cs_list * csl)
{
TRACE("csl:%p csl->map:%p refcnt:%d\n", csl, csl->map, atomic_read(&csl->refcnt));
- atomic_inc(&csl->refcnt);
+ BUG_ON(!atomic_inc_not_zero(&csl->refcnt));
}
static inline void cslist_put(struct pcs_cs_list * csl)
More information about the Devel
mailing list