Commit 1af71cc8 authored by Jeff Layton's avatar Jeff Layton Committed by J. Bruce Fields

nfsd: ensure atomicity in nfsd4_free_stateid and nfsd4_validate_stateid

Hold the cl_lock over the bulk of these functions. In addition to
ensuring that they aren't freed prematurely, this will also help prevent
a potential race that could be introduced later. Once we remove the
client_mutex, it'll be possible for FREE_STATEID and CLOSE to race and
for both to try to put the "persistent" reference to the stateid.
Signed-off-by: default avatarTrond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: default avatarJeff Layton <jlayton@primarydata.com>
Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent 356a95ec
...@@ -1688,17 +1688,6 @@ find_stateid_locked(struct nfs4_client *cl, stateid_t *t) ...@@ -1688,17 +1688,6 @@ find_stateid_locked(struct nfs4_client *cl, stateid_t *t)
return ret; return ret;
} }
static struct nfs4_stid *
find_stateid(struct nfs4_client *cl, stateid_t *t)
{
struct nfs4_stid *ret;
spin_lock(&cl->cl_lock);
ret = find_stateid_locked(cl, t);
spin_unlock(&cl->cl_lock);
return ret;
}
static struct nfs4_stid * static struct nfs4_stid *
find_stateid_by_type(struct nfs4_client *cl, stateid_t *t, char typemask) find_stateid_by_type(struct nfs4_client *cl, stateid_t *t, char typemask)
{ {
...@@ -4098,10 +4087,10 @@ static __be32 nfsd4_validate_stateid(struct nfs4_client *cl, stateid_t *stateid) ...@@ -4098,10 +4087,10 @@ static __be32 nfsd4_validate_stateid(struct nfs4_client *cl, stateid_t *stateid)
{ {
struct nfs4_stid *s; struct nfs4_stid *s;
struct nfs4_ol_stateid *ols; struct nfs4_ol_stateid *ols;
__be32 status; __be32 status = nfserr_bad_stateid;
if (ZERO_STATEID(stateid) || ONE_STATEID(stateid)) if (ZERO_STATEID(stateid) || ONE_STATEID(stateid))
return nfserr_bad_stateid; return status;
/* Client debugging aid. */ /* Client debugging aid. */
if (!same_clid(&stateid->si_opaque.so_clid, &cl->cl_clientid)) { if (!same_clid(&stateid->si_opaque.so_clid, &cl->cl_clientid)) {
char addr_str[INET6_ADDRSTRLEN]; char addr_str[INET6_ADDRSTRLEN];
...@@ -4109,34 +4098,42 @@ static __be32 nfsd4_validate_stateid(struct nfs4_client *cl, stateid_t *stateid) ...@@ -4109,34 +4098,42 @@ static __be32 nfsd4_validate_stateid(struct nfs4_client *cl, stateid_t *stateid)
sizeof(addr_str)); sizeof(addr_str));
pr_warn_ratelimited("NFSD: client %s testing state ID " pr_warn_ratelimited("NFSD: client %s testing state ID "
"with incorrect client ID\n", addr_str); "with incorrect client ID\n", addr_str);
return nfserr_bad_stateid; return status;
} }
s = find_stateid(cl, stateid); spin_lock(&cl->cl_lock);
s = find_stateid_locked(cl, stateid);
if (!s) if (!s)
return nfserr_bad_stateid; goto out_unlock;
status = check_stateid_generation(stateid, &s->sc_stateid, 1); status = check_stateid_generation(stateid, &s->sc_stateid, 1);
if (status) if (status)
return status; goto out_unlock;
switch (s->sc_type) { switch (s->sc_type) {
case NFS4_DELEG_STID: case NFS4_DELEG_STID:
return nfs_ok; status = nfs_ok;
break;
case NFS4_REVOKED_DELEG_STID: case NFS4_REVOKED_DELEG_STID:
return nfserr_deleg_revoked; status = nfserr_deleg_revoked;
break;
case NFS4_OPEN_STID: case NFS4_OPEN_STID:
case NFS4_LOCK_STID: case NFS4_LOCK_STID:
ols = openlockstateid(s); ols = openlockstateid(s);
if (ols->st_stateowner->so_is_open_owner if (ols->st_stateowner->so_is_open_owner
&& !(openowner(ols->st_stateowner)->oo_flags && !(openowner(ols->st_stateowner)->oo_flags
& NFS4_OO_CONFIRMED)) & NFS4_OO_CONFIRMED))
return nfserr_bad_stateid; status = nfserr_bad_stateid;
return nfs_ok; else
status = nfs_ok;
break;
default: default:
printk("unknown stateid type %x\n", s->sc_type); printk("unknown stateid type %x\n", s->sc_type);
/* Fallthrough */ /* Fallthrough */
case NFS4_CLOSED_STID: case NFS4_CLOSED_STID:
case NFS4_CLOSED_DELEG_STID: case NFS4_CLOSED_DELEG_STID:
return nfserr_bad_stateid; status = nfserr_bad_stateid;
} }
out_unlock:
spin_unlock(&cl->cl_lock);
return status;
} }
static __be32 static __be32
...@@ -4287,34 +4284,38 @@ nfsd4_free_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, ...@@ -4287,34 +4284,38 @@ nfsd4_free_stateid(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
__be32 ret = nfserr_bad_stateid; __be32 ret = nfserr_bad_stateid;
nfs4_lock_state(); nfs4_lock_state();
s = find_stateid(cl, stateid); spin_lock(&cl->cl_lock);
s = find_stateid_locked(cl, stateid);
if (!s) if (!s)
goto out; goto out_unlock;
switch (s->sc_type) { switch (s->sc_type) {
case NFS4_DELEG_STID: case NFS4_DELEG_STID:
ret = nfserr_locks_held; ret = nfserr_locks_held;
goto out; break;
case NFS4_OPEN_STID: case NFS4_OPEN_STID:
case NFS4_LOCK_STID:
ret = check_stateid_generation(stateid, &s->sc_stateid, 1); ret = check_stateid_generation(stateid, &s->sc_stateid, 1);
if (ret) if (ret)
goto out; break;
if (s->sc_type == NFS4_LOCK_STID) ret = nfserr_locks_held;
ret = nfsd4_free_lock_stateid(openlockstateid(s));
else
ret = nfserr_locks_held;
break; break;
case NFS4_LOCK_STID:
ret = check_stateid_generation(stateid, &s->sc_stateid, 1);
if (ret)
break;
spin_unlock(&cl->cl_lock);
ret = nfsd4_free_lock_stateid(openlockstateid(s));
goto out;
case NFS4_REVOKED_DELEG_STID: case NFS4_REVOKED_DELEG_STID:
dp = delegstateid(s); dp = delegstateid(s);
spin_lock(&cl->cl_lock);
list_del_init(&dp->dl_recall_lru); list_del_init(&dp->dl_recall_lru);
spin_unlock(&cl->cl_lock); spin_unlock(&cl->cl_lock);
nfs4_put_stid(s); nfs4_put_stid(s);
ret = nfs_ok; ret = nfs_ok;
break; goto out;
default: /* Default falls through and returns nfserr_bad_stateid */
ret = nfserr_bad_stateid;
} }
out_unlock:
spin_unlock(&cl->cl_lock);
out: out:
nfs4_unlock_state(); nfs4_unlock_state();
return ret; return ret;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment