xfs
[Top] [All Lists]

[PATCH] xfs_repair: fix prefetch queue waiting

To: xfs-oss <xfs@xxxxxxxxxxx>
Subject: [PATCH] xfs_repair: fix prefetch queue waiting
From: Eric Sandeen <sandeen@xxxxxxxxxx>
Date: Mon, 07 Apr 2014 22:27:28 -0500
Delivered-to: xfs@xxxxxxxxxxx
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.4.0
This fixes a regression caused by:

97b1fcf xfs_repair: fix array overrun in do_inode_prefetch

The thread creation loop has 2 ways to exit; either via
the loop counter based on thread_count, or the break statement
if we've started enough workers to cover all AGs.

Whether or not the loop counter "i" reflects the number of
threads started depends on whether or not we exited via the
break.

The above commit prevented us from indexing off the end
of the queues[] array if we actually advanced "i" all the
way to thread_count, but in the case where we break, "i"
is one *less* than the nr of threads started, so we don't
wait for completion of all threads, and all hell breaks
loose in phase 5.

Just stop with the cleverness of re-using the loop counter -
instead, explicitly count threads that we start, and then use
that counter to wait for each worker to complete.

Signed-off-by: Eric Sandeen <sandeen@xxxxxxxxxx>
---

I have one fs which demonstrates the problem, and have verified
the regression & tested the fix against that.

I'll run this over xfstests overnight, but it seems obvious
from here (OTOH the other fix seemed obvious too) :(

diff --git a/repair/prefetch.c b/repair/prefetch.c
index e47a48e..4c32395 100644
--- a/repair/prefetch.c
+++ b/repair/prefetch.c
@@ -944,6 +944,7 @@ do_inode_prefetch(
        int                     i;
        struct work_queue       queue;
        struct work_queue       *queues;
+       int                     queues_started = 0;
 
        /*
         * If the previous phases of repair have not overflowed the buffer
@@ -987,6 +988,7 @@ do_inode_prefetch(
 
                create_work_queue(&queues[i], mp, 1);
                queue_work(&queues[i], prefetch_ag_range_work, 0, wargs);
+               queues_started++;
 
                if (wargs->end_ag >= mp->m_sb.sb_agcount)
                        break;
@@ -995,7 +997,7 @@ do_inode_prefetch(
        /*
         * wait for workers to complete
         */
-       while (i--)
+       for (i = 0; i < queues_started; i++)
                destroy_work_queue(&queues[i]);
        free(queues);
 }

<Prev in Thread] Current Thread [Next in Thread>