LU-17034 quota: tmp fix against memory corruption

Change QMT_INIT_SLV_CNT from 64 to 2000 to avoid accessing
memory out of array lqeg_arr. It could happen when at least
one of OSTs has index larger than the whole number of OSTs.
It is a temporary solution and maximum supported OST index
is 0x7d0. Later it will be changed with the longterm
solution.

Signed-off-by: Sergey Cheremencev <scherementsev@ddn.com>
Change-Id: I8d9444017fa9847142f3df77c63368282ff134c4
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/55035
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Stephane Thiell <sthiell@stanford.edu>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

diff --git a/lustre/quota/qmt_entry.c b/lustre/quota/qmt_entry.c
index 182d33a..12245cc 100644 (file)
--- a/lustre/quota/qmt_entry.c
+++ b/lustre/quota/qmt_entry.c
@@ -1056,7 +1056,7 @@ void qti_lqes_write_unlock(const struct lu_env *env)
                lqe_write_unlock(qti_lqes(env)[i]);
 }
 
-#define QMT_INIT_SLV_CNT       64
+#define QMT_INIT_SLV_CNT       2048
 struct lqe_glbl_data *qmt_alloc_lqe_gd(struct qmt_pool_info *pool, int qtype)
 {
        struct lqe_glbl_data    *lgd;
@@ -1070,7 +1070,7 @@ struct lqe_glbl_data *qmt_alloc_lqe_gd(struct qmt_pool_info *pool, int qtype)
        slv_cnt = qpi_slv_nr_by_rtype(pool, qtype);
 
        glbe_num = slv_cnt < QMT_INIT_SLV_CNT ? QMT_INIT_SLV_CNT : slv_cnt;
-       OBD_ALLOC(lqeg_arr, sizeof(struct lqe_glbl_entry) * glbe_num);
+       OBD_ALLOC_LARGE(lqeg_arr, sizeof(struct lqe_glbl_entry) * glbe_num);
        if (!lqeg_arr) {
                OBD_FREE(lgd, sizeof(struct lqe_glbl_data));
                RETURN(NULL);
@@ -1090,7 +1090,7 @@ void qmt_free_lqe_gd(struct lqe_glbl_data *lgd)
        if (unlikely(!lgd))
                return;
 
-       OBD_FREE(lgd->lqeg_arr,
+       OBD_FREE_LARGE(lgd->lqeg_arr,
                 sizeof(struct lqe_glbl_entry) * lgd->lqeg_num_alloc);
        OBD_FREE(lgd, sizeof(struct lqe_glbl_data));
 }
@@ -1121,7 +1121,7 @@ void qmt_seed_glbe_all(const struct lu_env *env, struct lqe_glbl_data *lgd,
        if (qunit)
                qmt_lqes_sort(env);
 
-       for (i = 0; i < lgd->lqeg_num_used; i++) {
+       for (i = 0; i < lgd->lqeg_num_alloc; i++) {
                lgd->lqeg_arr[i].lge_qunit_set = 0;
                lgd->lqeg_arr[i].lge_qunit_nu = 0;
                lgd->lqeg_arr[i].lge_edquot_nu = 0;
@@ -1134,8 +1134,7 @@ void qmt_seed_glbe_all(const struct lu_env *env, struct lqe_glbl_data *lgd,
                CDEBUG(D_QUOTA, "lqes_cnt %d, i %d\n", qti_lqes_cnt(env), i);
                qpi = lqe2qpi(lqe);
                if (qmt_pool_global(qpi)) {
-                       slaves_cnt = qpi_slv_nr_by_rtype(lqe2qpi(lqe),
-                                                        lqe_qtype(lqe));
+                       slaves_cnt = lgd->lqeg_num_alloc;
                } else {
                        sem = qmt_sarr_rwsem(qpi);
                        down_read(sem);