| Message ID | 20240301000950.2306-2-neilb@suse.de (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | nfsd: fix dadlock in move_to_close_lru() | expand |
On Fri, 2024-03-01 at 11:07 +1100, NeilBrown wrote: > Rather than taking the rp_mutex in nfsd4_cleanup_open_state() (which > seems counter-intuitive), take it and assign rp_owner as soon as > possible. > > This will support a future change when nfsd4_cstate_assign_replay() might > fail. > > Signed-off-by: NeilBrown <neilb@suse.de> > --- > fs/nfsd/nfs4state.c | 13 +++++-------- > 1 file changed, 5 insertions(+), 8 deletions(-) > > diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c > index 7d6c657e0409..e625f738f7b0 100644 > --- a/fs/nfsd/nfs4state.c > +++ b/fs/nfsd/nfs4state.c > @@ -5066,15 +5066,15 @@ nfsd4_process_open1(struct nfsd4_compound_state *cstate, > strhashval = ownerstr_hashval(&open->op_owner); > oo = find_openstateowner_str(strhashval, open, clp); > open->op_openowner = oo; > - if (!oo) { > + if (!oo) > goto new_owner; > - } > if (!(oo->oo_flags & NFS4_OO_CONFIRMED)) { > /* Replace unconfirmed owners without checking for replay. */ > release_openowner(oo); > open->op_openowner = NULL; > goto new_owner; > } > + nfsd4_cstate_assign_replay(cstate, &oo->oo_owner); > status = nfsd4_check_seqid(cstate, &oo->oo_owner, open->op_seqid); > if (status) > return status; > @@ -5084,6 +5084,7 @@ nfsd4_process_open1(struct nfsd4_compound_state *cstate, > if (oo == NULL) > return nfserr_jukebox; > open->op_openowner = oo; > + nfsd4_cstate_assign_replay(cstate, &oo->oo_owner); > alloc_stateid: > open->op_stp = nfs4_alloc_open_stateid(clp); > if (!open->op_stp) > @@ -5835,12 +5836,8 @@ nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nf > void nfsd4_cleanup_open_state(struct nfsd4_compound_state *cstate, > struct nfsd4_open *open) > { > - if (open->op_openowner) { > - struct nfs4_stateowner *so = &open->op_openowner->oo_owner; > - > - nfsd4_cstate_assign_replay(cstate, so); > - nfs4_put_stateowner(so); > - } > + if (cstate->replay_owner) > + nfs4_put_stateowner(cstate->replay_owner); The above delta doesn't look right. The replay_owner won't be set on v4.1+ mounts, but op_openowner will still hold a valid reference that will now leak. > if (open->op_file) > kmem_cache_free(file_slab, open->op_file); > if (open->op_stp)
On Fri, 01 Mar 2024, Jeff Layton wrote: > On Fri, 2024-03-01 at 11:07 +1100, NeilBrown wrote: > > Rather than taking the rp_mutex in nfsd4_cleanup_open_state() (which > > seems counter-intuitive), take it and assign rp_owner as soon as > > possible. > > > > This will support a future change when nfsd4_cstate_assign_replay() might > > fail. > > > > Signed-off-by: NeilBrown <neilb@suse.de> > > --- > > fs/nfsd/nfs4state.c | 13 +++++-------- > > 1 file changed, 5 insertions(+), 8 deletions(-) > > > > diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c > > index 7d6c657e0409..e625f738f7b0 100644 > > --- a/fs/nfsd/nfs4state.c > > +++ b/fs/nfsd/nfs4state.c > > @@ -5066,15 +5066,15 @@ nfsd4_process_open1(struct nfsd4_compound_state *cstate, > > strhashval = ownerstr_hashval(&open->op_owner); > > oo = find_openstateowner_str(strhashval, open, clp); > > open->op_openowner = oo; > > - if (!oo) { > > + if (!oo) > > goto new_owner; > > - } > > if (!(oo->oo_flags & NFS4_OO_CONFIRMED)) { > > /* Replace unconfirmed owners without checking for replay. */ > > release_openowner(oo); > > open->op_openowner = NULL; > > goto new_owner; > > } > > + nfsd4_cstate_assign_replay(cstate, &oo->oo_owner); > > status = nfsd4_check_seqid(cstate, &oo->oo_owner, open->op_seqid); > > if (status) > > return status; > > @@ -5084,6 +5084,7 @@ nfsd4_process_open1(struct nfsd4_compound_state *cstate, > > if (oo == NULL) > > return nfserr_jukebox; > > open->op_openowner = oo; > > + nfsd4_cstate_assign_replay(cstate, &oo->oo_owner); > > alloc_stateid: > > open->op_stp = nfs4_alloc_open_stateid(clp); > > if (!open->op_stp) > > @@ -5835,12 +5836,8 @@ nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nf > > void nfsd4_cleanup_open_state(struct nfsd4_compound_state *cstate, > > struct nfsd4_open *open) > > { > > - if (open->op_openowner) { > > - struct nfs4_stateowner *so = &open->op_openowner->oo_owner; > > - > > - nfsd4_cstate_assign_replay(cstate, so); > > - nfs4_put_stateowner(so); > > - } > > + if (cstate->replay_owner) > > + nfs4_put_stateowner(cstate->replay_owner); > > The above delta doesn't look right. The replay_owner won't be set on > v4.1+ mounts, but op_openowner will still hold a valid reference that > will now leak. Yes, of course. I was over-thinking and making a mess of it. Fixed, thanks. NeilBrown > > > if (open->op_file) > > kmem_cache_free(file_slab, open->op_file); > > if (open->op_stp) > > -- > Jeff Layton <jlayton@kernel.org> > >
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index 7d6c657e0409..e625f738f7b0 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -5066,15 +5066,15 @@ nfsd4_process_open1(struct nfsd4_compound_state *cstate, strhashval = ownerstr_hashval(&open->op_owner); oo = find_openstateowner_str(strhashval, open, clp); open->op_openowner = oo; - if (!oo) { + if (!oo) goto new_owner; - } if (!(oo->oo_flags & NFS4_OO_CONFIRMED)) { /* Replace unconfirmed owners without checking for replay. */ release_openowner(oo); open->op_openowner = NULL; goto new_owner; } + nfsd4_cstate_assign_replay(cstate, &oo->oo_owner); status = nfsd4_check_seqid(cstate, &oo->oo_owner, open->op_seqid); if (status) return status; @@ -5084,6 +5084,7 @@ nfsd4_process_open1(struct nfsd4_compound_state *cstate, if (oo == NULL) return nfserr_jukebox; open->op_openowner = oo; + nfsd4_cstate_assign_replay(cstate, &oo->oo_owner); alloc_stateid: open->op_stp = nfs4_alloc_open_stateid(clp); if (!open->op_stp) @@ -5835,12 +5836,8 @@ nfsd4_process_open2(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nf void nfsd4_cleanup_open_state(struct nfsd4_compound_state *cstate, struct nfsd4_open *open) { - if (open->op_openowner) { - struct nfs4_stateowner *so = &open->op_openowner->oo_owner; - - nfsd4_cstate_assign_replay(cstate, so); - nfs4_put_stateowner(so); - } + if (cstate->replay_owner) + nfs4_put_stateowner(cstate->replay_owner); if (open->op_file) kmem_cache_free(file_slab, open->op_file); if (open->op_stp)
Rather than taking the rp_mutex in nfsd4_cleanup_open_state() (which seems counter-intuitive), take it and assign rp_owner as soon as possible. This will support a future change when nfsd4_cstate_assign_replay() might fail. Signed-off-by: NeilBrown <neilb@suse.de> --- fs/nfsd/nfs4state.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-)