From a66daa9c1bf40695e10a283dff40a119dfd060bb Mon Sep 17 00:00:00 2001
From: James Simmons <jsimmons@infradead.org>
Date: Wed, 1 Nov 2023 15:25:12 -0400
Subject: [PATCH] LU-17097 osc: delete items in Xarray before its destroy

For older debug kernels we get a double free with RCU usage with Xarray.

WARNING: CPU: 2 PID: 21477 at lib/debugobjects.c:286
debug_print_object+0x83/0xa0
 ODEBUG: activate active (active state 1) object type:
rcu_head hint:           (null)
 Modules linked in: lustre(OE) ofd(OE) osp(OE) lod(OE)
ost(OE) mdt(OE) mdd(OE) mgs(OE) lquota(OE) lfsck(OE) obdecho(OE) mgc(OE)
mdc(OE) lov(OE) osc(OE) lmv(OE) fid(OE) fld(OE) ptlrpc_gss(OE)
ptlrpc(OE) obdclass(OE) ksocklnd(OE) lnet(OE) crc32_generic libcfs(OE)
crc_t10dif crct10dif_generic crct10dif_common rpcsec_gss_krb5 squashfs
pcspkr i2c_piix4 i2c_core binfmt_misc ip_tables ext4 mbcache jbd2
ata_generic pata_acpi ata_piix serio_raw libata
 CPU: 2 PID: 21477 Comm: umount Tainted: G           OE
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.16.2-1.fc38 04/01/2014
 Call Trace:
  [<ffffffff817ded29>] dump_stack+0x19/0x1b
  [<ffffffff8108d558>] __warn+0xd8/0x100
  [<ffffffff8108d5df>] warn_slowpath_fmt+0x5f/0x80
  [<ffffffff81414723>] debug_print_object+0x83/0xa0
  [<ffffffff814150af>] debug_object_activate+0x1af/0x210
  [<ffffffff817e8d7e>] ? _raw_spin_unlock+0xe/0x20
  [<ffffffffa0189e60>] ? xas_alloc+0xd0/0xd0 [libcfs]
  [<ffffffff8114dc8f>] __call_rcu+0x3f/0x2d0
  [<ffffffff8114df3d>] call_rcu_sched+0x1d/0x20
  [<ffffffffa0189f44>] xas_free_nodes+0xa4/0xf0 [libcfs]
  [<ffffffffa018b26f>] xa_destroy+0xdf/0xf0 [libcfs]

This can be solved by cleaning up individual items in the Xarray
before destroying the Xarray.

Test-Parameters: trivial
Test-Parameters: testlist=sanity-quota env=ONLY=1,ONLY_REPEAT=100 clientdistro=el7.9
Change-Id: I49c5fb588d1b5c44f37e55500a6f33a2cd3988ee
Signed-off-by: James Simmons <jsimmons@infradead.org>
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/52381
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
Reviewed-by: Timothy Day <timday@amazon.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
---
 lustre/osc/osc_quota.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lustre/osc/osc_quota.c b/lustre/osc/osc_quota.c
index cee9d68..55fb935 100644
--- a/lustre/osc/osc_quota.c
+++ b/lustre/osc/osc_quota.c
@@ -193,6 +193,11 @@ int osc_quota_setup(struct obd_device *obd)
 void osc_quota_cleanup(struct obd_device *obd)
 {
 	struct client_obd *cli = &obd->u.cli;
+	unsigned long qid;
+	u8 *qtypes;
+
+	xa_for_each(&cli->cl_quota_exceeded_ids, qid, qtypes)
+		xa_erase(&cli->cl_quota_exceeded_ids, qid);
 
 	xa_destroy(&cli->cl_quota_exceeded_ids);
 }
-- 
1.8.3.1