[Devel] [PATCH VZ9] fs/fuse: pcs: null pointer dereference in kio pcs

[Alexey Kuznetsov]

One more day zero bug, this time very simple. How we did not step on it
for 7 years even once, no idea, but this is the fact.

Fixes: #VSTOR-112356
https://virtuozzo.atlassian.net/browse/VSTOR-112356

Signed-off-by: Alexey Kuznetsov <kuznet at virtuozzo.com>
---
 fs/fuse/kio/pcs/pcs_cs.c | 28 +++++++++++++---------------
 1 file changed, 13 insertions(+), 15 deletions(-)

diff --git a/fs/fuse/kio/pcs/pcs_cs.c b/fs/fuse/kio/pcs/pcs_cs.c
index 10d6c86..c897d62 100644
--- a/fs/fuse/kio/pcs/pcs_cs.c
+++ b/fs/fuse/kio/pcs/pcs_cs.c
@@ -839,13 +839,11 @@ void cs_handle_congestion(struct pcs_cs *cs, struct pcs_rpc_hdr *h)
 
 	FUSE_KTRACE(cc_from_csset(cs->css)->fc, "Received congestion notification from CS" NODE_FMT, NODE_ARGS(h->xid.origin));
 
-	if (cs->id.val == h->xid.origin.val) {
-		who = cs;
-		spin_lock(&who->lock);
-	} else
-		who = lookup_and_lock_cs(cs->css, h->xid.origin.val);
+	who = lookup_and_lock_cs(cs->css, h->xid.origin.val);
+	if (unlikely(!who))
+		return;
 
-	if (who && !who->cwr_state) {
+	if (!who->cwr_state) {
 		/* Unless node is already reducing congestion window, shrink it
 		 * to half of min(in_flight, cwnd) and enter congestion reduction state,
 		 * where we ignore further congestion notifications until window is reduced
-- 
1.8.3.1