[Devel] [PATCH VZ9] fs/fuse: pcs: null pointer dereference in kio pcs
Pavel Tikhomirov
ptikhomirov at virtuozzo.com
Wed Jul 30 06:49:26 MSK 2025
Reviewed-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
On 7/30/25 02:09, Alexey Kuznetsov wrote:
> One more day zero bug, this time very simple. How we did not step on it
> for 7 years even once, no idea, but this is the fact.
>
> Fixes: #VSTOR-112356
> https://virtuozzo.atlassian.net/browse/VSTOR-112356
>
> Signed-off-by: Alexey Kuznetsov <kuznet at virtuozzo.com>
> ---
> fs/fuse/kio/pcs/pcs_cs.c | 28 +++++++++++++---------------
> 1 file changed, 13 insertions(+), 15 deletions(-)
>
> diff --git a/fs/fuse/kio/pcs/pcs_cs.c b/fs/fuse/kio/pcs/pcs_cs.c
> index 10d6c86..c897d62 100644
> --- a/fs/fuse/kio/pcs/pcs_cs.c
> +++ b/fs/fuse/kio/pcs/pcs_cs.c
> @@ -839,13 +839,11 @@ void cs_handle_congestion(struct pcs_cs *cs, struct pcs_rpc_hdr *h)
>
> FUSE_KTRACE(cc_from_csset(cs->css)->fc, "Received congestion notification from CS" NODE_FMT, NODE_ARGS(h->xid.origin));
>
> - if (cs->id.val == h->xid.origin.val) {
> - who = cs;
> - spin_lock(&who->lock);
> - } else
> - who = lookup_and_lock_cs(cs->css, h->xid.origin.val);
> + who = lookup_and_lock_cs(cs->css, h->xid.origin.val);
> + if (unlikely(!who))
> + return;
>
> - if (who && !who->cwr_state) {
> + if (!who->cwr_state) {
> /* Unless node is already reducing congestion window, shrink it
> * to half of min(in_flight, cwnd) and enter congestion reduction state,
> * where we ignore further congestion notifications until window is reduced
--
Best regards, Pavel Tikhomirov
Senior Software Developer, Virtuozzo.
More information about the Devel
mailing list