Commit d83017f9 authored by Jeff Layton's avatar Jeff Layton Committed by J. Bruce Fields

nfsd: don't thrash the cl_lock while freeing an open stateid

When we remove the client_mutex, we'll have a potential race between
FREE_STATEID and CLOSE.

The root of the problem is that we are walking the st_locks list,
dropping the spinlock and then trying to release the persistent
reference to the lockstateid. In between, a FREE_STATEID call can come
along and take the lock, find the stateid and then try to put the
reference. That leads to a double put.

Fix this by not releasing the cl_lock in order to release each lock
stateid. Use put_generic_stateid_locked to unhash them and gather them
onto a list, and free_ol_stateid_reaplist to free any that end up on the
list.
Signed-off-by: default avatarJeff Layton <jlayton@primarydata.com>
Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent 2c41beb0
...@@ -1077,27 +1077,26 @@ static void release_lockowner(struct nfs4_lockowner *lo) ...@@ -1077,27 +1077,26 @@ static void release_lockowner(struct nfs4_lockowner *lo)
nfs4_put_stateowner(&lo->lo_owner); nfs4_put_stateowner(&lo->lo_owner);
} }
static void release_open_stateid_locks(struct nfs4_ol_stateid *open_stp) static void release_open_stateid_locks(struct nfs4_ol_stateid *open_stp,
__releases(&open_stp->st_stateowner->so_client->cl_lock) struct list_head *reaplist)
__acquires(&open_stp->st_stateowner->so_client->cl_lock)
{ {
struct nfs4_ol_stateid *stp; struct nfs4_ol_stateid *stp;
while (!list_empty(&open_stp->st_locks)) { while (!list_empty(&open_stp->st_locks)) {
stp = list_entry(open_stp->st_locks.next, stp = list_entry(open_stp->st_locks.next,
struct nfs4_ol_stateid, st_locks); struct nfs4_ol_stateid, st_locks);
spin_unlock(&open_stp->st_stateowner->so_client->cl_lock); unhash_lock_stateid(stp);
release_lock_stateid(stp); put_ol_stateid_locked(stp, reaplist);
spin_lock(&open_stp->st_stateowner->so_client->cl_lock);
} }
} }
static void unhash_open_stateid(struct nfs4_ol_stateid *stp) static void unhash_open_stateid(struct nfs4_ol_stateid *stp,
struct list_head *reaplist)
{ {
lockdep_assert_held(&stp->st_stid.sc_client->cl_lock); lockdep_assert_held(&stp->st_stid.sc_client->cl_lock);
unhash_generic_stateid(stp); unhash_generic_stateid(stp);
release_open_stateid_locks(stp); release_open_stateid_locks(stp, reaplist);
} }
static void release_open_stateid(struct nfs4_ol_stateid *stp) static void release_open_stateid(struct nfs4_ol_stateid *stp)
...@@ -1105,7 +1104,7 @@ static void release_open_stateid(struct nfs4_ol_stateid *stp) ...@@ -1105,7 +1104,7 @@ static void release_open_stateid(struct nfs4_ol_stateid *stp)
LIST_HEAD(reaplist); LIST_HEAD(reaplist);
spin_lock(&stp->st_stid.sc_client->cl_lock); spin_lock(&stp->st_stid.sc_client->cl_lock);
unhash_open_stateid(stp); unhash_open_stateid(stp, &reaplist);
put_ol_stateid_locked(stp, &reaplist); put_ol_stateid_locked(stp, &reaplist);
spin_unlock(&stp->st_stid.sc_client->cl_lock); spin_unlock(&stp->st_stid.sc_client->cl_lock);
free_ol_stateid_reaplist(&reaplist); free_ol_stateid_reaplist(&reaplist);
...@@ -1145,7 +1144,7 @@ static void release_openowner(struct nfs4_openowner *oo) ...@@ -1145,7 +1144,7 @@ static void release_openowner(struct nfs4_openowner *oo)
while (!list_empty(&oo->oo_owner.so_stateids)) { while (!list_empty(&oo->oo_owner.so_stateids)) {
stp = list_first_entry(&oo->oo_owner.so_stateids, stp = list_first_entry(&oo->oo_owner.so_stateids,
struct nfs4_ol_stateid, st_perstateowner); struct nfs4_ol_stateid, st_perstateowner);
unhash_open_stateid(stp); unhash_open_stateid(stp, &reaplist);
put_ol_stateid_locked(stp, &reaplist); put_ol_stateid_locked(stp, &reaplist);
} }
spin_unlock(&clp->cl_lock); spin_unlock(&clp->cl_lock);
...@@ -4701,16 +4700,21 @@ nfsd4_open_downgrade(struct svc_rqst *rqstp, ...@@ -4701,16 +4700,21 @@ nfsd4_open_downgrade(struct svc_rqst *rqstp,
static void nfsd4_close_open_stateid(struct nfs4_ol_stateid *s) static void nfsd4_close_open_stateid(struct nfs4_ol_stateid *s)
{ {
struct nfs4_client *clp = s->st_stid.sc_client; struct nfs4_client *clp = s->st_stid.sc_client;
LIST_HEAD(reaplist);
s->st_stid.sc_type = NFS4_CLOSED_STID; s->st_stid.sc_type = NFS4_CLOSED_STID;
spin_lock(&clp->cl_lock); spin_lock(&clp->cl_lock);
unhash_open_stateid(s); unhash_open_stateid(s, &reaplist);
spin_unlock(&clp->cl_lock);
if (clp->cl_minorversion) if (clp->cl_minorversion) {
nfs4_put_stid(&s->st_stid); put_ol_stateid_locked(s, &reaplist);
else spin_unlock(&clp->cl_lock);
free_ol_stateid_reaplist(&reaplist);
} else {
spin_unlock(&clp->cl_lock);
free_ol_stateid_reaplist(&reaplist);
move_to_close_lru(s, clp->net); move_to_close_lru(s, clp->net);
}
} }
/* /*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment