[Devel] [PATCH VZ9] fs/fuse kio: fix bug due to potential memory alloc failure

[Alexey Kuznetsov]

Ack

On Thu, May 29, 2025 at 12:56 PM Liu Kui <kui.liu at virtuozzo.com> wrote:
>
> When the memory allocation for a response msg in cs_get_hdr() fails,
> it falls back to rpc_get_hdr() to try to allocate. However the
> response msg allocated by rpc_get_hdr() will cause the data being
> received into the newly allocated memory area instead of expected
> destination, and then complete the request without error, thus
> returning incorrect data back. This bug only affect small sized (<4k)
> read.
>
> To fix, we set the request on a recoverable err, PCS_ERR_INTERRUPTED,
> if the allocation in cs_get_hdr fail. This will trigger a retry by
> client.
>
> Related to $VSTOR-107235
> https://virtuozzo.atlassian.net/browse/VSTOR-107235
>
> Signed-off-by: Liu Kui <kui.liu at virtuozzo.com>
> ---
>  fs/fuse/kio/pcs/pcs_cs.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/fs/fuse/kio/pcs/pcs_cs.c b/fs/fuse/kio/pcs/pcs_cs.c
> index 6eef58994fef..10d6c860c3f8 100644
> --- a/fs/fuse/kio/pcs/pcs_cs.c
> +++ b/fs/fuse/kio/pcs/pcs_cs.c
> @@ -468,8 +468,10 @@ struct pcs_msg *cs_get_hdr(struct pcs_rpc *ep, struct pcs_rpc_hdr *h)
>                 return NULL;
>
>         resp = pcs_rpc_alloc_input_msg(ep, sizeof(struct pcs_cs_iohdr));
> -       if (!resp)
> +       if (!resp) {
> +               pcs_set_local_error(&msg->error, PCS_ERR_INTERRUPTED);
>                 return NULL;
> +       }
>
>         memcpy(resp->_inline_buffer, h, sizeof(struct pcs_rpc_hdr));
>         resp->size = h->len;
> --
> 2.39.5 (Apple Git-154)