Re: [PATCH] fuse: fix kernel NULL pointer dereference in fuse_uring_add_to_pq()

Next message: Miaohe Lin: "Re: [PATCH v4 3/3] Documentation: document panic_on_unrecoverable_memory_failure sysctl"
Previous message: Dmitry Torokhov: "Re: [PATCH 2/2] Input: synaptics-rmi4 - use u32 for reg_size to avoid sign extension into item-&gt;reg_size"
In reply to: Bernd Schubert: "Re: [PATCH] fuse: fix kernel NULL pointer dereference in fuse_uring_add_to_pq()"
Next in thread: Joanne Koong: "Re: [PATCH] fuse: fix kernel NULL pointer dereference in fuse_uring_add_to_pq()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Li Wang

Date: Wed Apr 22 2026 - 22:05:16 EST

Hi Bernd,

On 22/04/2026 19:39, Bernd Schubert wrote:
>
> I don't think this patch is right. The existing order is
>
> queue = kzalloc_obj(*queue, GFP_KERNEL_ACCOUNT);
> pq = kzalloc_objs(struct list_head, FUSE_PQ_HASH_SIZE);
> queue->fpq.processing = pq;
> fuse_pqueue_init(&queue->fpq); =====> INIT_LIST_HEAD() of pg
>
>
> I need to look at Miklos' patches, I guess it sends to fuse-io-uring,
> although that is not ready yet.
>
>
> Thanks,
> Bernd

The test is based on
git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git#for-next
It seems the code ordering has been changed.

Thanks,
Li