[Devel] [PATCH VZ9] fs/fuse kio: fix bug due to potential memory alloc failure

[Liu Kui]

When the memory allocation for a response msg in cs_get_hdr() fails,
it falls back to rpc_get_hdr() to try to allocate. However the
response msg allocated by rpc_get_hdr() will cause the data being
received into the newly allocated memory area instead of expected
destination, and then complete the request without error, thus
returning incorrect data back. This bug only affect small sized (<4k)
read.

To fix, we set the request on a recoverable err, PCS_ERR_INTERRUPTED,
if the allocation in cs_get_hdr fail. This will trigger a retry by
client.

Related to $VSTOR-107235
https://virtuozzo.atlassian.net/browse/VSTOR-107235

Signed-off-by: Liu Kui <kui.liu at virtuozzo.com>
---
 fs/fuse/kio/pcs/pcs_cs.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/fuse/kio/pcs/pcs_cs.c b/fs/fuse/kio/pcs/pcs_cs.c
index 6eef58994fef..10d6c860c3f8 100644
--- a/fs/fuse/kio/pcs/pcs_cs.c
+++ b/fs/fuse/kio/pcs/pcs_cs.c
@@ -468,8 +468,10 @@ struct pcs_msg *cs_get_hdr(struct pcs_rpc *ep, struct pcs_rpc_hdr *h)
 		return NULL;
 
 	resp = pcs_rpc_alloc_input_msg(ep, sizeof(struct pcs_cs_iohdr));
-	if (!resp)
+	if (!resp) {
+		pcs_set_local_error(&msg->error, PCS_ERR_INTERRUPTED);
 		return NULL;
+	}
 
 	memcpy(resp->_inline_buffer, h, sizeof(struct pcs_rpc_hdr));
 	resp->size = h->len;
-- 
2.39.5 (Apple Git-154)