Re: [PATCH] fuse: fix kernel NULL pointer dereference in fuse_uring_add_to_pq()

Next message: Daniel Vacek: "Re: [PATCH v6 01/43] fscrypt: add per-extent encryption support"
Previous message: Krzysztof Kozlowski: "Re: [RFC] [QUESTION] Stuff to do for string"
In reply to: Joanne Koong: "Re: [PATCH] fuse: fix kernel NULL pointer dereference in fuse_uring_add_to_pq()"
Next in thread: Miklos Szeredi: "Re: [PATCH] fuse: fix kernel NULL pointer dereference in fuse_uring_add_to_pq()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Li Wang

Date: Thu Apr 23 2026 - 02:44:43 EST

Hi Joanne,

On 23/04/2026 03:18, Joanne Koong wrote:

>
> Thanks for testing/reporting this! This lgtm but afaict, the patches
> in that patchset aren't finalized yet so imo it'd be cleaner if this
> gets folded into the original patch [1] instead of being its own
> separate commit.
>
> I think using fuse_pqueue_alloc() ends up being a tad bit cleaner
>

Thanks for the feedback. I'm fine with either way (fold or split),
and I will follow your suggestions and send out a v2.

Thanks,
Li

> diff --git a/fs/fuse/dev_uring.c b/fs/fuse/dev_uring.c
> index 5abf447e9710..e467b23e6895 100644
> --- a/fs/fuse/dev_uring.c
> +++ b/fs/fuse/dev_uring.c
> @@ -277,7 +277,7 @@ static struct fuse_ring_queue
> *fuse_uring_create_queue(struct fuse_ring *ring,
> queue = kzalloc_obj(*queue, GFP_KERNEL_ACCOUNT);
> if (!queue)
> return NULL;
> - pq = kzalloc_objs(struct list_head, FUSE_PQ_HASH_SIZE);
> + pq = fuse_pqueue_alloc();
> if (!pq) {
> kfree(queue);
> return NULL;
> @@ -295,8 +295,8 @@ static struct fuse_ring_queue
> *fuse_uring_create_queue(struct fuse_ring *ring,
> INIT_LIST_HEAD(&queue->fuse_req_bg_queue);
> INIT_LIST_HEAD(&queue->ent_released);
>
> - queue->fpq.processing = pq;
> fuse_pqueue_init(&queue->fpq);
> + queue->fpq.processing = pq;
>
> after exporting fuse_pqueue_alloc() into fuse_dev_i.h
>
> Thanks,
> Joanne
>
> [1] https://lore.kernel.org/fuse-devel/20260416091658.462783-32-mszeredi@xxxxxxxxxx/