xfs_ialloc_next_ag() currently resets m_agirotor when it is equal to m_maxagi:
if (++mp->m_agirotor == mp->m_maxagi)
mp->m_agirotor = 0;
But, if for some reason mp->m_maxagi changes to a lower value than current
m_agirotor, this condition will never be true, causing m_agirotor to exceed the
maximum allowed value (m_maxagi).
This implies mainly during lookups for xfs_perag structs in its radix tree,
since the agno value used for the lookup is based on m_agirotor. An out-of-range
m_agirotor may cause a lookup failure which in case will return NULL.
As an example, the value of m_maxagi is decreased during inode64->inode32
remount process, case where I've found this problem.
Signed-off-by: Carlos Maiolino <cmaiolino@xxxxxxxxxx>
---
fs/xfs/xfs_ialloc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/xfs/xfs_ialloc.c b/fs/xfs/xfs_ialloc.c
index 5aceb3f..445bf1a 100644
--- a/fs/xfs/xfs_ialloc.c
+++ b/fs/xfs/xfs_ialloc.c
@@ -431,7 +431,7 @@ xfs_ialloc_next_ag(
spin_lock(&mp->m_agirotor_lock);
agno = mp->m_agirotor;
- if (++mp->m_agirotor == mp->m_maxagi)
+ if (++mp->m_agirotor >= mp->m_maxagi)
mp->m_agirotor = 0;
spin_unlock(&mp->m_agirotor_lock);
--
1.7.11.4
_______________________________________________
xfs mailing list
xfs@xxxxxxxxxxx
http://oss.sgi.com/mailman/listinfo/xfs
