Ack. Looks safe and the danger is real. On Tue, Sep 30, 2025 at 8:26 PM Liu Kui <[email protected]> wrote: > > Avoid dereference the 'rpc->clnt_cs' pointer directly as it's not > protected. It can be set to NULL, or the referenced memory could > have been freed. > > Relates to: #VSTOR-116467 > https://virtuozzo.atlassian.net/browse/VSTOR-116467 > > Signed-off-by: Liu Kui <[email protected]> > --- > fs/fuse/kio/pcs/pcs_cs.c | 15 ++++++++------- > fs/fuse/kio/pcs/pcs_cs.h | 2 +- > fs/fuse/kio/pcs/pcs_rpc_clnt.c | 2 +- > 3 files changed, 10 insertions(+), 9 deletions(-) > > diff --git a/fs/fuse/kio/pcs/pcs_cs.c b/fs/fuse/kio/pcs/pcs_cs.c > index df80d8a87796..8c1fdce6a2f2 100644 > --- a/fs/fuse/kio/pcs/pcs_cs.c > +++ b/fs/fuse/kio/pcs/pcs_cs.c > @@ -833,13 +833,14 @@ void pcs_cs_submit(struct pcs_cs *cs, struct > pcs_int_request *ireq) > do_cs_submit(cs, ireq); > } > > -void cs_handle_congestion(struct pcs_cs *cs, struct pcs_rpc_hdr *h) > +void cs_handle_congestion(struct pcs_rpc *ep, struct pcs_rpc_hdr *h) > { > + struct pcs_cluster_core *cc = cc_from_rpc(ep->eng); > struct pcs_cs *who; > > - FUSE_KTRACE(cc_from_csset(cs->css)->fc, "Received congestion > notification from CS" NODE_FMT, NODE_ARGS(h->xid.origin)); > + FUSE_KTRACE(cc->fc, "Received congestion notification from CS" > NODE_FMT, NODE_ARGS(h->xid.origin)); > > - who = lookup_and_lock_cs(cs->css, h->xid.origin.val); > + who = lookup_and_lock_cs(&cc->css, h->xid.origin.val); > if (unlikely(!who)) > return; > > @@ -892,11 +893,11 @@ static int may_reroute(struct pcs_cs_list *csl, > PCS_NODE_ID_T cs_id) > void cs_keep_waiting(struct pcs_rpc *ep, struct pcs_msg *req, struct pcs_msg > *msg) > { > struct pcs_rpc_hdr *h = (struct pcs_rpc_hdr *)msg_inline_head(msg); > - struct pcs_cs *cs = ep->clnt_cs; > + struct pcs_cluster_core *cc = cc_from_rpc(ep->eng); > struct pcs_cs *who; > > /* Some CS reported it cannot complete local IO in time, close > congestion window */ > - who = lookup_and_lock_cs(cs->css, h->xid.origin.val); > + who = lookup_and_lock_cs(&cc->css, h->xid.origin.val); > if (who) { > struct pcs_int_request *ireq = req->private2; > abs_time_t lat = 0; /* GCC bug */ > @@ -908,7 +909,7 @@ void cs_keep_waiting(struct pcs_rpc *ep, struct pcs_msg > *req, struct pcs_msg *ms > } > > if (!who->cwr_state) { > - FUSE_KTRACE(cc_from_csset(cs->css)->fc, "Congestion > window on CS" NODE_FMT " reducing %d/%d/%d", NODE_ARGS(h->xid.origin), > + FUSE_KTRACE(cc->fc, "Congestion window on CS" > NODE_FMT " reducing %d/%d/%d", NODE_ARGS(h->xid.origin), > who->in_flight, who->eff_cwnd, who->cwnd); > if (who->cwnd >= PCS_CS_INIT_CWND) > who->ssthresh = who->cwnd; > @@ -936,7 +937,7 @@ void cs_keep_waiting(struct pcs_rpc *ep, struct pcs_msg > *req, struct pcs_msg *ms > && may_reroute(ireq->iochunk.csl, h->xid.origin)) > { > ireq->iochunk.banned_cs = h->xid.origin; > spin_unlock(&who->lock); > - FUSE_KTRACE(ireq->cc->fc, "Canceling read on > CS" NODE_FMT, NODE_ARGS(h->xid.origin)); > + FUSE_KTRACE(cc->fc, "Canceling read on CS" > NODE_FMT, NODE_ARGS(h->xid.origin)); > pcs_rpc_cancel_request(req); > return; > } > diff --git a/fs/fuse/kio/pcs/pcs_cs.h b/fs/fuse/kio/pcs/pcs_cs.h > index 1fdc50266358..c41c5cc0075e 100644 > --- a/fs/fuse/kio/pcs/pcs_cs.h > +++ b/fs/fuse/kio/pcs/pcs_cs.h > @@ -240,7 +240,7 @@ int pcs_csa_csl_write_submit_single(struct > pcs_int_request * ireq, int idx); > void pcs_csa_relay_iotimes(struct pcs_int_request * ireq, struct > pcs_cs_iohdr * h, PCS_NODE_ID_T cs_id); > void pcs_csa_cs_detach(struct pcs_cs * cs); > > -void cs_handle_congestion(struct pcs_cs *cs, struct pcs_rpc_hdr *h); > +void cs_handle_congestion(struct pcs_rpc *ep, struct pcs_rpc_hdr *h); > struct pcs_msg *cs_get_hdr(struct pcs_rpc *ep, struct pcs_rpc_hdr *h); > void cs_keep_waiting(struct pcs_rpc *ep, struct pcs_msg *req, struct pcs_msg > *msg); > > diff --git a/fs/fuse/kio/pcs/pcs_rpc_clnt.c b/fs/fuse/kio/pcs/pcs_rpc_clnt.c > index eb1c3515dc3a..e0f9acb7ed63 100644 > --- a/fs/fuse/kio/pcs/pcs_rpc_clnt.c > +++ b/fs/fuse/kio/pcs/pcs_rpc_clnt.c > @@ -23,7 +23,7 @@ static int clnt_input(struct pcs_rpc *ep, struct pcs_msg > *msg) > switch (h->type) { > case PCS_CS_CONG_NOTIFY: > if (ep->clnt_cs) > - cs_handle_congestion(ep->clnt_cs, h); > + cs_handle_congestion(ep, h); > > if (ep->clnt_krpc) > krpc_handle_congestion(ep, msg); > -- > 2.39.5 (Apple Git-154)
_______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
