--- /dev/null
+From 45002267e8d2699bf9b022315bee3dd13b044843 Mon Sep 17 00:00:00 2001
+From: Ilya Dryomov <idryomov@gmail.com>
+Date: Tue, 14 Apr 2015 16:04:23 +0300
+Subject: crush: ensuring at most num-rep osds are selected
+
+From: Ilya Dryomov <idryomov@gmail.com>
+
+commit 45002267e8d2699bf9b022315bee3dd13b044843 upstream.
+
+Crush temporary buffers are allocated as per replica size configured
+by the user. When there are more final osds (to be selected as per
+rule) than the replicas, buffer overlaps and it causes crash. Now, it
+ensures that at most num-rep osds are selected even if more number of
+osds are allowed by the rule.
+
+Reflects ceph.git commits 6b4d1aa99718e3b367496326c1e64551330fabc0,
+ 234b066ba04976783d15ff2abc3e81b6cc06fb10.
+
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/ceph/crush/mapper.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+--- a/net/ceph/crush/mapper.c
++++ b/net/ceph/crush/mapper.c
+@@ -290,6 +290,7 @@ static int is_out(const struct crush_map
+ * @type: the type of item to choose
+ * @out: pointer to output vector
+ * @outpos: our position in that vector
++ * @out_size: size of the out vector
+ * @tries: number of attempts to make
+ * @recurse_tries: number of attempts to have recursive chooseleaf make
+ * @local_retries: localized retries
+@@ -302,6 +303,7 @@ static int crush_choose_firstn(const str
+ const __u32 *weight, int weight_max,
+ int x, int numrep, int type,
+ int *out, int outpos,
++ int out_size,
+ unsigned int tries,
+ unsigned int recurse_tries,
+ unsigned int local_retries,
+@@ -318,11 +320,12 @@ static int crush_choose_firstn(const str
+ int item = 0;
+ int itemtype;
+ int collide, reject;
++ int count = out_size;
+
+ dprintk("CHOOSE%s bucket %d x %d outpos %d numrep %d\n", recurse_to_leaf ? "_LEAF" : "",
+ bucket->id, x, outpos, numrep);
+
+- for (rep = outpos; rep < numrep; rep++) {
++ for (rep = outpos; rep < numrep && count > 0 ; rep++) {
+ /* keep trying until we get a non-out, non-colliding item */
+ ftotal = 0;
+ skip_rep = 0;
+@@ -391,7 +394,7 @@ static int crush_choose_firstn(const str
+ map->buckets[-1-item],
+ weight, weight_max,
+ x, outpos+1, 0,
+- out2, outpos,
++ out2, outpos, count,
+ recurse_tries, 0,
+ local_retries,
+ local_fallback_retries,
+@@ -449,6 +452,7 @@ reject:
+ dprintk("CHOOSE got %d\n", item);
+ out[outpos] = item;
+ outpos++;
++ count--;
+ }
+
+ dprintk("CHOOSE returns %d\n", outpos);
+@@ -640,6 +644,7 @@ int crush_do_rule(const struct crush_map
+ __u32 step;
+ int i, j;
+ int numrep;
++ int out_size;
+ /*
+ * the original choose_total_tries value was off by one (it
+ * counted "retries" and not "tries"). add one.
+@@ -740,6 +745,7 @@ int crush_do_rule(const struct crush_map
+ x, numrep,
+ curstep->arg2,
+ o+osize, j,
++ result_max-osize,
+ choose_tries,
+ recurse_tries,
+ choose_local_retries,
+@@ -747,11 +753,13 @@ int crush_do_rule(const struct crush_map
+ recurse_to_leaf,
+ c+osize);
+ } else {
++ out_size = ((numrep < (result_max-osize)) ?
++ numrep : (result_max-osize));
+ crush_choose_indep(
+ map,
+ map->buckets[-1-w[i]],
+ weight, weight_max,
+- x, numrep, numrep,
++ x, out_size, numrep,
+ curstep->arg2,
+ o+osize, j,
+ choose_tries,
+@@ -760,7 +768,7 @@ int crush_do_rule(const struct crush_map
+ recurse_to_leaf,
+ c+osize,
+ 0);
+- osize += numrep;
++ osize += out_size;
+ }
+ }
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
