ceph: put the requests/sessions when it fails to alloc memory
authorXiubo Li <xiubli@redhat.com>
Wed, 12 Jan 2022 04:29:04 +0000 (12:29 +0800)
committerIlya Dryomov <idryomov@gmail.com>
Wed, 26 Jan 2022 19:17:50 +0000 (20:17 +0100)
When failing to allocate the sessions memory we should make sure
the req1 and req2 and the sessions get put. And also in case the
max_sessions decreased so when kreallocate the new memory some
sessions maybe missed being put.

And if the max_sessions is 0 krealloc will return ZERO_SIZE_PTR,
which will lead to a distinct access fault.

URL: https://tracker.ceph.com/issues/53819
Fixes: e1a4541ec0b9 ("ceph: flush the mdlog before waiting on unsafe reqs")
Signed-off-by: Xiubo Li <xiubli@redhat.com>
Reviewed-by: Venky Shankar <vshankar@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
fs/ceph/caps.c

index 7d305b97482464e176cabb7a0aa51119baa4d697..b472cd066d1c8f86ea3e13a6538b773cd9bb946f 100644 (file)
@@ -2218,6 +2218,7 @@ static int unsafe_request_wait(struct inode *inode)
        struct ceph_mds_client *mdsc = ceph_sb_to_client(inode->i_sb)->mdsc;
        struct ceph_inode_info *ci = ceph_inode(inode);
        struct ceph_mds_request *req1 = NULL, *req2 = NULL;
+       unsigned int max_sessions;
        int ret, err = 0;
 
        spin_lock(&ci->i_unsafe_lock);
@@ -2235,37 +2236,45 @@ static int unsafe_request_wait(struct inode *inode)
        }
        spin_unlock(&ci->i_unsafe_lock);
 
+       /*
+        * The mdsc->max_sessions is unlikely to be changed
+        * mostly, here we will retry it by reallocating the
+        * sessions array memory to get rid of the mdsc->mutex
+        * lock.
+        */
+retry:
+       max_sessions = mdsc->max_sessions;
+
        /*
         * Trigger to flush the journal logs in all the relevant MDSes
         * manually, or in the worst case we must wait at most 5 seconds
         * to wait the journal logs to be flushed by the MDSes periodically.
         */
-       if (req1 || req2) {
+       if ((req1 || req2) && likely(max_sessions)) {
                struct ceph_mds_session **sessions = NULL;
                struct ceph_mds_session *s;
                struct ceph_mds_request *req;
-               unsigned int max;
                int i;
 
-               /*
-                * The mdsc->max_sessions is unlikely to be changed
-                * mostly, here we will retry it by reallocating the
-                * sessions arrary memory to get rid of the mdsc->mutex
-                * lock.
-                */
-retry:
-               max = mdsc->max_sessions;
-               sessions = krealloc(sessions, max * sizeof(s), __GFP_ZERO);
-               if (!sessions)
-                       return -ENOMEM;
+               sessions = kzalloc(max_sessions * sizeof(s), GFP_KERNEL);
+               if (!sessions) {
+                       err = -ENOMEM;
+                       goto out;
+               }
 
                spin_lock(&ci->i_unsafe_lock);
                if (req1) {
                        list_for_each_entry(req, &ci->i_unsafe_dirops,
                                            r_unsafe_dir_item) {
                                s = req->r_session;
-                               if (unlikely(s->s_mds >= max)) {
+                               if (unlikely(s->s_mds >= max_sessions)) {
                                        spin_unlock(&ci->i_unsafe_lock);
+                                       for (i = 0; i < max_sessions; i++) {
+                                               s = sessions[i];
+                                               if (s)
+                                                       ceph_put_mds_session(s);
+                                       }
+                                       kfree(sessions);
                                        goto retry;
                                }
                                if (!sessions[s->s_mds]) {
@@ -2278,8 +2287,14 @@ retry:
                        list_for_each_entry(req, &ci->i_unsafe_iops,
                                            r_unsafe_target_item) {
                                s = req->r_session;
-                               if (unlikely(s->s_mds >= max)) {
+                               if (unlikely(s->s_mds >= max_sessions)) {
                                        spin_unlock(&ci->i_unsafe_lock);
+                                       for (i = 0; i < max_sessions; i++) {
+                                               s = sessions[i];
+                                               if (s)
+                                                       ceph_put_mds_session(s);
+                                       }
+                                       kfree(sessions);
                                        goto retry;
                                }
                                if (!sessions[s->s_mds]) {
@@ -2300,7 +2315,7 @@ retry:
                spin_unlock(&ci->i_ceph_lock);
 
                /* send flush mdlog request to MDSes */
-               for (i = 0; i < max; i++) {
+               for (i = 0; i < max_sessions; i++) {
                        s = sessions[i];
                        if (s) {
                                send_flush_mdlog(s);
@@ -2317,15 +2332,19 @@ retry:
                                        ceph_timeout_jiffies(req1->r_timeout));
                if (ret)
                        err = -EIO;
-               ceph_mdsc_put_request(req1);
        }
        if (req2) {
                ret = !wait_for_completion_timeout(&req2->r_safe_completion,
                                        ceph_timeout_jiffies(req2->r_timeout));
                if (ret)
                        err = -EIO;
-               ceph_mdsc_put_request(req2);
        }
+
+out:
+       if (req1)
+               ceph_mdsc_put_request(req1);
+       if (req2)
+               ceph_mdsc_put_request(req2);
        return err;
 }