@@ -8574,8 +8574,7 @@ static void nfs4_layoutreturn_release(void *calldata)
struct pnfs_layout_hdr *lo = lrp->args.layout;
dprintk("--> %s\n", __func__);
- pnfs_layoutreturn_free_lsegs(lo, &lrp->args.range,
- be32_to_cpu(lrp->args.stateid.seqid),
+ pnfs_layoutreturn_free_lsegs(lo, &lrp->args.stateid, &lrp->args.range,
lrp->res.lrs_present ? &lrp->res.stateid : NULL);
nfs4_sequence_free_slot(&lrp->res.seq_res);
pnfs_put_layout_hdr(lrp->args.layout);
@@ -961,20 +961,26 @@ static void pnfs_clear_layoutreturn_waitbit(struct pnfs_layout_hdr *lo)
}
void pnfs_layoutreturn_free_lsegs(struct pnfs_layout_hdr *lo,
+ const nfs4_stateid *arg_stateid,
const struct pnfs_layout_range *range,
- u32 seq,
const nfs4_stateid *stateid)
{
struct inode *inode = lo->plh_inode;
LIST_HEAD(freeme);
spin_lock(&inode->i_lock);
+ if (!pnfs_layout_is_valid(lo) || !arg_stateid ||
+ !nfs4_stateid_match_other(&lo->plh_stateid, arg_stateid))
+ goto out_unlock;
if (stateid) {
+ u32 seq = be32_to_cpu(arg_stateid->seqid);
+
pnfs_mark_matching_lsegs_invalid(lo, &freeme, range, seq);
pnfs_free_returned_lsegs(lo, &freeme, range, seq);
pnfs_set_layout_stateid(lo, stateid, true);
} else
pnfs_mark_layout_stateid_invalid(lo, &freeme);
+out_unlock:
pnfs_clear_layoutreturn_waitbit(lo);
spin_unlock(&inode->i_lock);
pnfs_free_lseg_list(&freeme);
@@ -295,8 +295,8 @@ struct pnfs_layout_segment *pnfs_update_layout(struct inode *ino,
bool strict_iomode,
gfp_t gfp_flags);
void pnfs_layoutreturn_free_lsegs(struct pnfs_layout_hdr *lo,
+ const nfs4_stateid *arg_stateid,
const struct pnfs_layout_range *range,
- u32 seq,
const nfs4_stateid *stateid);
void pnfs_generic_layout_insert_lseg(struct pnfs_layout_hdr *lo,
Fix a potential race with CB_LAYOUTRECALL in which the server recalls the remaining layout segments while our LAYOUTRETURN is still in transit. Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com> --- fs/nfs/nfs4proc.c | 3 +-- fs/nfs/pnfs.c | 8 +++++++- fs/nfs/pnfs.h | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-)