[Devel] [PATCH VZ9] fs/fuse kio: set correct accounting weight for FIEMAP request msg.

[Liu Kui]

This is an ancient bug that was never tested. For FIEMAP request,
its iochunk.size could be much larger than the size of actual msg
flying around. And its accounting weight should be PCS_CS_HOLE_WEIGHT,
just like WRITE_HOLE or WRITE_ZERO, instead of its iochunk.size.
Otherwise it'll make cs->in_flight overflow, crashing the kernel.

Fixes: #ASUP-1567
https://virtuozzo.atlassian.net/browse/ASUP-1567

Signed-off-by: Liu Kui <kui.liu at virtuozzo.com>
---
 fs/fuse/kio/pcs/pcs_map.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/fs/fuse/kio/pcs/pcs_map.c b/fs/fuse/kio/pcs/pcs_map.c
index fc707c9dcb65..ce390ab5990c 100644
--- a/fs/fuse/kio/pcs/pcs_map.c
+++ b/fs/fuse/kio/pcs/pcs_map.c
@@ -1450,7 +1450,8 @@ static void pcs_cs_deaccount(struct pcs_int_request *ireq, struct pcs_cs * cs, i
 	spin_lock(&cs->lock);
 	if (ireq->type == PCS_IREQ_IOCHUNK) {
 		if (ireq->iochunk.cmd == PCS_REQ_T_WRITE_HOLE ||
-		    ireq->iochunk.cmd == PCS_REQ_T_WRITE_ZERO)
+		    ireq->iochunk.cmd == PCS_REQ_T_WRITE_ZERO ||
+			ireq->iochunk.cmd == PCS_REQ_T_FIEMAP)
 			cost = PCS_CS_HOLE_WEIGHT;
 		else
 			cost = (ireq->flags & IREQ_F_RND_WEIGHT) ? 512*1024 : cong_roundup(ireq->iochunk.size);
@@ -2063,7 +2064,9 @@ static int pcs_cslist_submit_read(struct pcs_int_request *ireq, struct pcs_cs_li
 
 		sreq->flags &= ~(IREQ_F_RND_WEIGHT | IREQ_F_SEQ);
 		BUG_ON(sreq->flags & IREQ_F_SEQ_READ);
-		if (pcs_flow_sequential(sreq->iochunk.flow)) {
+		if (ireq->iochunk.cmd != PCS_REQ_T_READ) {
+			weight = PCS_CS_HOLE_WEIGHT;
+		} else if (pcs_flow_sequential(sreq->iochunk.flow)) {
 			sreq->flags |= IREQ_F_SEQ_READ | IREQ_F_SEQ;
 			atomic_inc(&csl->seq_read_in_flight);
 			weight = cong_roundup(sreq->iochunk.size);
-- 
2.39.5 (Apple Git-154)