BUG 821412 - group quota inode create with directory ISGID set

[pv@xxxxxxxxxxxxx (nathans@xxxxxxxxxxxx)]

View Incident: 
http://co-op.engr.sgi.com/BugWorks/code/bwxquery.cgi?search=Search&wlong=1&view_type=Bug&wi=821412

Submitter : nathans                   Submitter Domain : engr               
Assigned Engineer : nathans           Assigned Domain : engr                
Assigned Group : xfs-linux            Category : software                   
Customer Reported : F                 Priority : 2                          
Project : xfs-linux                   Status : open                         
Description :
[ I have a fix for this, just want to record the issue for posterity].
With debug enabled, its possible to trip the group quota code up in this
assert:

XFS assertion failed: ip->i_d.di_gid == INT_GET(gdqp->q_core.d_id, 
ARCH_CONVERT), file: xfs_qm.c, line: 2815
kernel BUG at debug.c:48!

Entering kdb (current=0xc51fa000, pid 1245) Oops: invalid operand
due to oops @ 0xc020d9ed
eax = 0x0000001a ebx = 0xc5f2a060 ecx = 0x00000001 edx = 0x00000001 
esi = 0xc5f2a1c4 edi = 0xc50e84a0 esp = 0xc51fbd34 eip = 0xc020d9ed 
ebp = 0xc51fbd40 xss = 0x00000018 xcs = 0x00000010 eflags = 0x00010282 
xds = 0x00000018 xes = 0x00000018 origeax = 0xffffffff &regs = 0xc51fbd00
kdb> bt
    EBP       EIP         Function(args)
0xc51fbd40 0xc020d9ed assfail+0x2d (0xc02d37a0, 0xc02d2bf8, 0xaff)
                               kernel .text 0xc0100000 0xc020d9c0 0xc020d9f4
0xc51fbd60 0xc0193874 xfs_qm_vop_dqattach_and_dqmod_newinode+0x15c (0xc5cba920, 
0xc50e84a0, 0xc5f2a060, 0xc5f2a1c4)
                               kernel .text 0xc0100000 0xc0193718 0xc0193894
0xc51fbe28 0xc01fbb17 xfs_create+0x61b (0xc5303d78, 0xc51b31c0, 0xc51fbe74, 
0x0, 0x0)
                               kernel .text 0xc0100000 0xc01fb4fc 0xc01fc284
0xc51fbee4 0xc0205af4 linvfs_common_cr+0xdc (0xc52e7820, 0xc51b3160, 0x8180, 
0x1, 0x0)
                               kernel .text 0xc0100000 0xc0205a18 0xc0205bdc
0xc51fbf00 0xc0205bf4 linvfs_create+0x18 (0xc52e7820, 0xc51b3160, 0x8180, 
0xc51b3160, 0xc53375a0)
                               kernel .text 0xc0100000 0xc0205bdc 0xc0205bf8
0xc51fbf24 0xc0136840 vfs_create+0xb0 (0xc52e7820, 0xc51b3160, 0x180)
                               kernel .text 0xc0100000 0xc0136790 0xc0136874
0xc51fbf58 0xc01369bc open_namei+0x148 (0xc5870000, 0xc2, 0x180, 0xc51fbf7c)
                               kernel .text 0xc0100000 0xc0136874 0xc0136e30
0xc51fbf98 0xc012b1d2 filp_open+0x3a (0xc5870000, 0xc1, 0x180)
                               kernel .text 0xc0100000 0xc012b198 0xc012b1f4
0xc51fbfbc 0xc012b4de sys_open+0x3e (0x806f520, 0xc1, 0x180, 0x1, 0x80a4594)
                               kernel .text 0xc0100000 0xc012b4a0 0xc012b560
           0xc0106eb3 system_call+0x33
                               kernel .text 0xc0100000 0xc0106e80 0xc0106eb8


The problem is a side-effect of this code in xfs_ialloc(), which can
change the inode gid in a way the quota subsystem doesn't expect it to.
This (obviously) wasn't something that affected projects..

        /*
         * For multiple groups support: if ISGID bit is set in the parent
         * directory, group of new file is set to that of the parent, and
         * new subdirectory gets ISGID bit from parent.
         */
        if (pip != NULL &&
            ((vp->v_vfsp->vfs_flag & VFS_GRPID) ||
             (pip->i_d.di_mode & ISGID))) {
                ip->i_d.di_gid = pip->i_d.di_gid;
                if ((pip->i_d.di_mode & ISGID) && (mode & IFMT) == IFDIR) {
                        ip->i_d.di_mode |= ISGID;
                }
        }

 
On creation of a new inode the higher-up quota code (see xfs_create,
xfs_mkdir, xfs_symlink) assumes that the id will not change underneath
it, but it clearly can now that we do group quota instead of project
quota.

Without debug enabled, such a create will simply be accounted to the
wrong gid.