From: Sergey Cheremencev Date: Thu, 24 Aug 2023 00:57:10 +0000 (+0400) Subject: LU-17034 quota: tmp fix against memory corruption X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=fdcb1144c95908bbbd0216ec931ac5f222f484a7;p=fs%2Flustre-release.git LU-17034 quota: tmp fix against memory corruption Change QMT_INIT_SLV_CNT from 64 to 2000 to avoid accessing memory out of array lqeg_arr. It could happen when at least one of OSTs has index larger than the whole number of OSTs. It is a temporary solution and maximum supported OST index is 0x7d0. Later it will be changed with the longterm solution. Signed-off-by: Sergey Cheremencev Change-Id: Ic892352b7e833c58ea14bb7cfb98b4946f4ca9bb Reviewed-on: https://review.whamcloud.com/c/ex/lustre-release/+/52180 Tested-by: jenkins Tested-by: Maloo Reviewed-by: Andreas Dilger --- diff --git a/lustre/quota/qmt_entry.c b/lustre/quota/qmt_entry.c index 05a593f..13081e7 100644 --- a/lustre/quota/qmt_entry.c +++ b/lustre/quota/qmt_entry.c @@ -1067,7 +1067,7 @@ void qti_lqes_write_unlock(const struct lu_env *env) lqe_write_unlock(qti_lqes(env)[i]); } -#define QMT_INIT_SLV_CNT 64 +#define QMT_INIT_SLV_CNT 2048 struct lqe_glbl_data *qmt_alloc_lqe_gd(struct qmt_pool_info *pool, int qtype) { struct lqe_glbl_data *lgd; @@ -1081,7 +1081,7 @@ struct lqe_glbl_data *qmt_alloc_lqe_gd(struct qmt_pool_info *pool, int qtype) slv_cnt = qpi_slv_nr_by_rtype(pool, qtype); glbe_num = slv_cnt < QMT_INIT_SLV_CNT ? QMT_INIT_SLV_CNT : slv_cnt; - OBD_ALLOC(lqeg_arr, sizeof(struct lqe_glbl_entry) * glbe_num); + OBD_ALLOC_LARGE(lqeg_arr, sizeof(struct lqe_glbl_entry) * glbe_num); if (!lqeg_arr) { OBD_FREE(lgd, sizeof(struct lqe_glbl_data)); RETURN(NULL); @@ -1101,7 +1101,7 @@ void qmt_free_lqe_gd(struct lqe_glbl_data *lgd) if (unlikely(!lgd)) return; - OBD_FREE(lgd->lqeg_arr, + OBD_FREE_LARGE(lgd->lqeg_arr, sizeof(struct lqe_glbl_entry) * lgd->lqeg_num_alloc); OBD_FREE(lgd, sizeof(struct lqe_glbl_data)); } @@ -1132,7 +1132,7 @@ void qmt_seed_glbe_all(const struct lu_env *env, struct lqe_glbl_data *lgd, if (qunit) qmt_lqes_sort(env); - for (i = 0; i < lgd->lqeg_num_used; i++) { + for (i = 0; i < lgd->lqeg_num_alloc; i++) { lgd->lqeg_arr[i].lge_qunit_set = 0; lgd->lqeg_arr[i].lge_qunit_nu = 0; lgd->lqeg_arr[i].lge_edquot_nu = 0; @@ -1145,8 +1145,7 @@ void qmt_seed_glbe_all(const struct lu_env *env, struct lqe_glbl_data *lgd, CDEBUG(D_QUOTA, "lqes_cnt %d, i %d\n", qti_lqes_cnt(env), i); qpi = lqe2qpi(lqe); if (qmt_pool_global(qpi)) { - slaves_cnt = qpi_slv_nr_by_rtype(lqe2qpi(lqe), - lqe_qtype(lqe)); + slaves_cnt = lgd->lqeg_num_alloc; } else { sem = qmt_sarr_rwsem(qpi); down_read(sem);