From 92c75b7e9fc0616fa660fce3a69f823524297d1c Mon Sep 17 00:00:00 2001
From: Sergey Cheremencev <scherementsev@ddn.com>
Date: Mon, 8 Apr 2024 14:43:53 +0300
Subject: [PATCH] LU-17034 quota: tmp fix against memory corruption

Change QMT_INIT_SLV_CNT from 64 to 2000 to avoid accessing
memory out of array lqeg_arr. It could happen when at least
one of OSTs has index larger than the whole number of OSTs.
It is a temporary solution and maximum supported OST index
is 0x7d0. Later it will be changed with the longterm
solution.

Signed-off-by: Sergey Cheremencev <scherementsev@ddn.com>
Change-Id: I8d9444017fa9847142f3df77c63368282ff134c4
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/55035
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Stephane Thiell <sthiell@stanford.edu>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---
 lustre/quota/qmt_entry.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/lustre/quota/qmt_entry.c b/lustre/quota/qmt_entry.c
index 182d33a..12245cc 100644
--- a/lustre/quota/qmt_entry.c
+++ b/lustre/quota/qmt_entry.c
@@ -1056,7 +1056,7 @@ void qti_lqes_write_unlock(const struct lu_env *env)
 		lqe_write_unlock(qti_lqes(env)[i]);
 }
 
-#define QMT_INIT_SLV_CNT	64
+#define QMT_INIT_SLV_CNT	2048
 struct lqe_glbl_data *qmt_alloc_lqe_gd(struct qmt_pool_info *pool, int qtype)
 {
 	struct lqe_glbl_data	*lgd;
@@ -1070,7 +1070,7 @@ struct lqe_glbl_data *qmt_alloc_lqe_gd(struct qmt_pool_info *pool, int qtype)
 	slv_cnt = qpi_slv_nr_by_rtype(pool, qtype);
 
 	glbe_num = slv_cnt < QMT_INIT_SLV_CNT ? QMT_INIT_SLV_CNT : slv_cnt;
-	OBD_ALLOC(lqeg_arr, sizeof(struct lqe_glbl_entry) * glbe_num);
+	OBD_ALLOC_LARGE(lqeg_arr, sizeof(struct lqe_glbl_entry) * glbe_num);
 	if (!lqeg_arr) {
 		OBD_FREE(lgd, sizeof(struct lqe_glbl_data));
 		RETURN(NULL);
@@ -1090,7 +1090,7 @@ void qmt_free_lqe_gd(struct lqe_glbl_data *lgd)
 	if (unlikely(!lgd))
 		return;
 
-	OBD_FREE(lgd->lqeg_arr,
+	OBD_FREE_LARGE(lgd->lqeg_arr,
 		 sizeof(struct lqe_glbl_entry) * lgd->lqeg_num_alloc);
 	OBD_FREE(lgd, sizeof(struct lqe_glbl_data));
 }
@@ -1121,7 +1121,7 @@ void qmt_seed_glbe_all(const struct lu_env *env, struct lqe_glbl_data *lgd,
 	if (qunit)
 		qmt_lqes_sort(env);
 
-	for (i = 0; i < lgd->lqeg_num_used; i++) {
+	for (i = 0; i < lgd->lqeg_num_alloc; i++) {
 		lgd->lqeg_arr[i].lge_qunit_set = 0;
 		lgd->lqeg_arr[i].lge_qunit_nu = 0;
 		lgd->lqeg_arr[i].lge_edquot_nu = 0;
@@ -1134,8 +1134,7 @@ void qmt_seed_glbe_all(const struct lu_env *env, struct lqe_glbl_data *lgd,
 		CDEBUG(D_QUOTA, "lqes_cnt %d, i %d\n", qti_lqes_cnt(env), i);
 		qpi = lqe2qpi(lqe);
 		if (qmt_pool_global(qpi)) {
-			slaves_cnt = qpi_slv_nr_by_rtype(lqe2qpi(lqe),
-							 lqe_qtype(lqe));
+			slaves_cnt = lgd->lqeg_num_alloc;
 		} else {
 			sem = qmt_sarr_rwsem(qpi);
 			down_read(sem);
-- 
1.8.3.1