Ack to all. Also I would add rcu_dereference to urgent_whitelist around deref of cs.
Also, could you try to figure out what is rcu_dereference_protected? As I see it, the module uses it totally wrong, which "will result in infrequent but very ugly failures" according to comments to this function. :-) I do not think it is a bug, but it looks like we used to violate some basic conventions. On Wed, Nov 29, 2023 at 6:15 PM Yuriy Vasilev <yuriy.vasi...@virtuozzo.com> wrote: > > When the refcnt of a cslist is equal to 0, it indicates that the cslist > has been dropped and is going to be freed. In such cases, let's trigger > a BUG_ON to prevent use after free. > > https://pmc.acronis.work/browse/VSTOR-76384 > > Signed-off-by: Yuriy Vasilev <yuriy.vasi...@virtuozzo.com> > --- > fs/fuse/kio/pcs/pcs_map.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/fuse/kio/pcs/pcs_map.h b/fs/fuse/kio/pcs/pcs_map.h > index f990c9f9defa..cadc106d45c1 100644 > --- a/fs/fuse/kio/pcs/pcs_map.h > +++ b/fs/fuse/kio/pcs/pcs_map.h > @@ -236,7 +236,7 @@ static inline void cslist_get(struct pcs_cs_list * csl) > { > TRACE("csl:%p csl->map:%p refcnt:%d\n", csl, csl->map, > atomic_read(&csl->refcnt)); > > - atomic_inc(&csl->refcnt); > + BUG_ON(!atomic_inc_not_zero(&csl->refcnt)); > } > > static inline void cslist_put(struct pcs_cs_list * csl) > -- > 2.34.1 > > _______________________________________________ > Devel mailing list > Devel@openvz.org > https://lists.openvz.org/mailman/listinfo/devel _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel
