Commit 5c53e32a authored by Christoph Hellwig's avatar Christoph Hellwig Committed by Wen Zhiwei
Browse files

xfs: fix finding a last resort AG in xfs_filestream_pick_ag 

stable inclusion
from stable-v6.6.60
commit 77ddc732416b017180893cbb2356e9f0a414c575
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IB44K1

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=77ddc732416b017180893cbb2356e9f0a414c575



--------------------------------

[ Upstream commit dc60992ce76fbc2f71c2674f435ff6bde2108028 ]

When the main loop in xfs_filestream_pick_ag fails to find a suitable
AG it tries to just pick the online AG.  But the loop for that uses
args->pag as loop iterator while the later code expects pag to be
set.  Fix this by reusing the max_pag case for this last resort, and
also add a check for impossible case of no AG just to make sure that
the uninitialized pag doesn't even escape in theory.

Reported-by: default avatar <syzbot+4125a3c514e3436a02e6@syzkaller.appspotmail.com>
Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
Tested-by: default avatar <syzbot+4125a3c514e3436a02e6@syzkaller.appspotmail.com>
Fixes: f8f1ed1a ("xfs: return a referenced perag from filestreams allocator")
Cc: <stable@vger.kernel.org> # v6.3
Reviewed-by: default avatarDarrick J. Wong <djwong@kernel.org>
Signed-off-by: default avatarCarlos Maiolino <cem@kernel.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarWen Zhiwei <wenzhiwei@kylinos.cn>
parent f3bc53c5

fs/xfs/xfs_filestream.c

+12 −11
Original line number Diff line number Diff line
@@ -64,7 +64,7 @@ xfs_filestream_pick_ag( 
	struct xfs_perag	*pag;

	struct xfs_perag	*max_pag = NULL;

	xfs_extlen_t		minlen = *longest;

	xfs_extlen_t		free = 0, minfree, maxfree = 0;

	xfs_extlen_t		minfree, maxfree = 0;

	xfs_agnumber_t		agno;

	bool			first_pass = true;

	int			err;
@@ -107,7 +107,6 @@ xfs_filestream_pick_ag( 
			     !(flags & XFS_PICK_USERDATA) ||

			     (flags & XFS_PICK_LOWSPACE))) {

				/* Break out, retaining the reference on the AG. */

				free = pag->pagf_freeblks;

				break;

			}

		}
@@ -150,23 +149,25 @@ xfs_filestream_pick_ag( 
		 * grab.

		 */

		if (!max_pag) {

			for_each_perag_wrap(args->mp, 0, start_agno, args->pag)

			for_each_perag_wrap(args->mp, 0, start_agno, pag) {

				max_pag = pag;

				break;

			atomic_inc(&args->pag->pagf_fstrms);

			*longest = 0;

		} else {

			}



			/* Bail if there are no AGs at all to select from. */

			if (!max_pag)

				return -ENOSPC;

		}



		pag = max_pag;

			free = maxfree;

		atomic_inc(&pag->pagf_fstrms);

		}

	} else if (max_pag) {

		xfs_perag_rele(max_pag);

	}



	trace_xfs_filestream_pick(pag, pino, free);

	trace_xfs_filestream_pick(pag, pino);

	args->pag = pag;

	return 0;



}



static struct xfs_inode *

fs/xfs/xfs_trace.h

+5 −10
Original line number Diff line number Diff line
@@ -672,8 +672,8 @@ DEFINE_FILESTREAM_EVENT(xfs_filestream_lookup); 
DEFINE_FILESTREAM_EVENT(xfs_filestream_scan);



TRACE_EVENT(xfs_filestream_pick,

	TP_PROTO(struct xfs_perag *pag, xfs_ino_t ino, xfs_extlen_t free),

	TP_ARGS(pag, ino, free),

	TP_PROTO(struct xfs_perag *pag, xfs_ino_t ino),

	TP_ARGS(pag, ino),

	TP_STRUCT__entry(

		__field(dev_t, dev)

		__field(xfs_ino_t, ino)
@@ -684,14 +684,9 @@ TRACE_EVENT(xfs_filestream_pick, 
	TP_fast_assign(

		__entry->dev = pag->pag_mount->m_super->s_dev;

		__entry->ino = ino;

		if (pag) {

		__entry->agno = pag->pag_agno;

		__entry->streams = atomic_read(&pag->pagf_fstrms);

		} else {

			__entry->agno = NULLAGNUMBER;

			__entry->streams = 0;

		}

		__entry->free = free;

		__entry->free = pag->pagf_freeblks;

	),

	TP_printk("dev %d:%d ino 0x%llx agno 0x%x streams %d free %d",

		  MAJOR(__entry->dev), MINOR(__entry->dev),