[Devel] [PATCH VZ7 1/4] fs/fuse kio: do not allow getting cslist when refcnt is equal to 0
Konstantin Khorenko
khorenko at virtuozzo.com
Tue Dec 19 19:22:58 MSK 2023
Decided not to apply this patchset to vz7.
--
Best regards,
Konstantin Khorenko,
Virtuozzo Linux Kernel Team
On 15.12.2023 16:33, Yuriy Vasilev wrote:
> When the refcnt of a cslist is equal to 0, it indicates that the cslist
> has been dropped and is going to be freed. In such cases, let's trigger
> a BUG_ON to prevent use after free.
>
> https://pmc.acronis.work/browse/VSTOR-76384
>
> Signed-off-by: Yuriy Vasilev <yuriy.vasilev at virtuozzo.com>
> ---
> fs/fuse/kio/pcs/pcs_map.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/fuse/kio/pcs/pcs_map.c b/fs/fuse/kio/pcs/pcs_map.c
> index dcab125797b4..8f7dcb311f9f 100644
> --- a/fs/fuse/kio/pcs/pcs_map.c
> +++ b/fs/fuse/kio/pcs/pcs_map.c
> @@ -91,7 +91,7 @@ static inline void cslist_get(struct pcs_cs_list * csl)
> {
> TRACE("csl:%p csl->map:%p refcnt:%d\n", csl, csl->map, atomic_read(&csl->refcnt));
>
> - atomic_inc(&csl->refcnt);
> + BUG_ON(!atomic_inc_not_zero(&csl->refcnt));
> }
> static inline void cslist_put(struct pcs_cs_list * csl)
> {
More information about the Devel
mailing list