Merge tag 'xfs-4.15-fixes-10' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
authorLinus Torvalds <torvalds@linux-foundation.org>
Fri, 5 Jan 2018 20:59:32 +0000 (12:59 -0800)
committerLinus Torvalds <torvalds@linux-foundation.org>
Fri, 5 Jan 2018 20:59:32 +0000 (12:59 -0800)
Pull XFS fixes from Darrick Wong:
 "I have just a few fixes for bugs and resource cleanup problems this
  week:

   - Fix resource cleanup of failed quota initialization

   - Fix integer overflow problems wrt s_maxbytes"

* tag 'xfs-4.15-fixes-10' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
  xfs: fix s_maxbytes overflow problems
  xfs: quota: check result of register_shrinker()
  xfs: quota: fix missed destroy of qi_tree_lock

fs/xfs/xfs_aops.c
fs/xfs/xfs_iomap.c
fs/xfs/xfs_qm.c

index 21e2d70884e18edc2c765584f201a8b04604837c..4fc526a27a94fe4594508b707f0a9ca976c1dd98 100644 (file)
@@ -399,7 +399,7 @@ xfs_map_blocks(
               (ip->i_df.if_flags & XFS_IFEXTENTS));
        ASSERT(offset <= mp->m_super->s_maxbytes);
 
-       if ((xfs_ufsize_t)offset + count > mp->m_super->s_maxbytes)
+       if (offset > mp->m_super->s_maxbytes - count)
                count = mp->m_super->s_maxbytes - offset;
        end_fsb = XFS_B_TO_FSB(mp, (xfs_ufsize_t)offset + count);
        offset_fsb = XFS_B_TO_FSBT(mp, offset);
@@ -1312,7 +1312,7 @@ xfs_get_blocks(
        lockmode = xfs_ilock_data_map_shared(ip);
 
        ASSERT(offset <= mp->m_super->s_maxbytes);
-       if ((xfs_ufsize_t)offset + size > mp->m_super->s_maxbytes)
+       if (offset > mp->m_super->s_maxbytes - size)
                size = mp->m_super->s_maxbytes - offset;
        end_fsb = XFS_B_TO_FSB(mp, (xfs_ufsize_t)offset + size);
        offset_fsb = XFS_B_TO_FSBT(mp, offset);
index 7ab52a8bc0a9e6dff904fe10b097eb3a478db9b9..66e1edbfb2b2bcd7d278226a33f0531bb0043b97 100644 (file)
@@ -1006,7 +1006,7 @@ xfs_file_iomap_begin(
        }
 
        ASSERT(offset <= mp->m_super->s_maxbytes);
-       if ((xfs_fsize_t)offset + length > mp->m_super->s_maxbytes)
+       if (offset > mp->m_super->s_maxbytes - length)
                length = mp->m_super->s_maxbytes - offset;
        offset_fsb = XFS_B_TO_FSBT(mp, offset);
        end_fsb = XFS_B_TO_FSB(mp, offset + length);
index ec952dfad359f6ad08d33d234f0cd75200c5933b..b897b11afb2c658bebba0416739fddcc0fec5aa4 100644 (file)
@@ -48,7 +48,7 @@
 STATIC int     xfs_qm_init_quotainos(xfs_mount_t *);
 STATIC int     xfs_qm_init_quotainfo(xfs_mount_t *);
 
-
+STATIC void    xfs_qm_destroy_quotainos(xfs_quotainfo_t *qi);
 STATIC void    xfs_qm_dqfree_one(struct xfs_dquot *dqp);
 /*
  * We use the batch lookup interface to iterate over the dquots as it
@@ -695,9 +695,17 @@ xfs_qm_init_quotainfo(
        qinf->qi_shrinker.scan_objects = xfs_qm_shrink_scan;
        qinf->qi_shrinker.seeks = DEFAULT_SEEKS;
        qinf->qi_shrinker.flags = SHRINKER_NUMA_AWARE;
-       register_shrinker(&qinf->qi_shrinker);
+
+       error = register_shrinker(&qinf->qi_shrinker);
+       if (error)
+               goto out_free_inos;
+
        return 0;
 
+out_free_inos:
+       mutex_destroy(&qinf->qi_quotaofflock);
+       mutex_destroy(&qinf->qi_tree_lock);
+       xfs_qm_destroy_quotainos(qinf);
 out_free_lru:
        list_lru_destroy(&qinf->qi_lru);
 out_free_qinf:
@@ -706,7 +714,6 @@ out_free_qinf:
        return error;
 }
 
-
 /*
  * Gets called when unmounting a filesystem or when all quotas get
  * turned off.
@@ -723,19 +730,8 @@ xfs_qm_destroy_quotainfo(
 
        unregister_shrinker(&qi->qi_shrinker);
        list_lru_destroy(&qi->qi_lru);
-
-       if (qi->qi_uquotaip) {
-               IRELE(qi->qi_uquotaip);
-               qi->qi_uquotaip = NULL; /* paranoia */
-       }
-       if (qi->qi_gquotaip) {
-               IRELE(qi->qi_gquotaip);
-               qi->qi_gquotaip = NULL;
-       }
-       if (qi->qi_pquotaip) {
-               IRELE(qi->qi_pquotaip);
-               qi->qi_pquotaip = NULL;
-       }
+       xfs_qm_destroy_quotainos(qi);
+       mutex_destroy(&qi->qi_tree_lock);
        mutex_destroy(&qi->qi_quotaofflock);
        kmem_free(qi);
        mp->m_quotainfo = NULL;
@@ -1599,6 +1595,24 @@ error_rele:
        return error;
 }
 
+STATIC void
+xfs_qm_destroy_quotainos(
+       xfs_quotainfo_t *qi)
+{
+       if (qi->qi_uquotaip) {
+               IRELE(qi->qi_uquotaip);
+               qi->qi_uquotaip = NULL; /* paranoia */
+       }
+       if (qi->qi_gquotaip) {
+               IRELE(qi->qi_gquotaip);
+               qi->qi_gquotaip = NULL;
+       }
+       if (qi->qi_pquotaip) {
+               IRELE(qi->qi_pquotaip);
+               qi->qi_pquotaip = NULL;
+       }
+}
+
 STATIC void
 xfs_qm_dqfree_one(
        struct xfs_dquot        *dqp)