From: Olaf Kirch <okir@suse.de>
To: Trond Myklebust <trond.myklebust@fys.uio.no>
Cc: Ion Badulescu <lists@news.cs.columbia.edu>, nfs@lists.sourceforge.net
Subject: Re: Re: [autofs] VFS: Busy inodes after unmount on 2 way SMP
Date: Tue, 30 Sep 2003 14:50:05 +0200 [thread overview]
Message-ID: <20030930125005.GI11571@suse.de> (raw)
In-Reply-To: <shsr81z8q73.fsf@charged.uio.no>
[-- Attachment #1: Type: text/plain, Size: 1617 bytes --]
On Mon, Sep 29, 2003 at 10:22:40AM -0700, Trond Myklebust wrote:
> You'd have to be extremely unlucky to kill the process and hit the
> window for the Oops. I defy you to come up with an exploit for it.
>
> That said, I agree that a full fix would be preferable. I'm working on
> other projects right now, that's why I'm being slow about this issue
> (plus the fact that it's not exactly easy to reproduce). I'll get onto
> it soon...
I've had no luck reproducing it either in a controlled environment.
However the bug is common enough to crash a few of our build machines
over a weekend...
I took your patch, Trond, and modified it a little to not crash if
the user ctrl-c's the unlink. Still not pretty - maybe it should
zap the cached attributes:
@@ -212,7 +222,15 @@
data->count++;
nfs_copy_dname(dentry, data);
dentry->d_flags &= ~DCACHE_NFSFS_RENAMED;
- if (data->task.tk_rpcwait == &nfs_delete_queue)
+ if (data->task.tk_rpcwait == &nfs_delete_queue) {
+ struct rpc_clnt *clnt = data->task.tk_client;
rpc_wake_up_task(&data->task);
+ nfs_wait_event(clnt, data->waitq, data->completed == 1);
+ /* This is safe as we hold the BKL */
+ if (!data->completed) {
+ dput(data->dir);
+ data->dir = NULL;
+ }
+ }
nfs_put_unlinkdata(data);
}
Olaf
--
Olaf Kirch | Anyone who has had to work with X.509 has probably
okir@suse.de | experienced what can best be described as
---------------+ ISO water torture. -- Peter Gutmann
[-- Attachment #2: nfs-autofs-umount-crash --]
[-- Type: text/plain, Size: 2362 bytes --]
diff -ur linux-2.4.21/fs/nfs/dir.c nfs/fs/nfs/dir.c
--- linux-2.4.21/fs/nfs/dir.c 2003-09-29 10:33:41.000000000 +0200
+++ nfs/fs/nfs/dir.c 2003-09-29 12:34:36.000000000 +0200
@@ -1144,7 +1144,7 @@
struct inode *old_inode = old_dentry->d_inode;
struct inode *new_inode = new_dentry->d_inode;
struct dentry *dentry = NULL, *rehash = NULL;
- int error = -EBUSY;
+ int error;
/*
* To prevent any new references to the target during the rename,
@@ -1170,6 +1170,12 @@
*/
if (!new_inode)
goto go_ahead;
+ /* If target is a hard link to the source, then noop */
+ error = 0;
+ if (NFS_FILEID(new_inode) == NFS_FILEID(old_inode))
+ goto out;
+
+ error = -EBUSY;
if (S_ISDIR(new_inode->i_mode))
goto out;
else if (atomic_read(&new_dentry->d_count) > 1) {
diff -ur linux-2.4.21/fs/nfs/unlink.c nfs/fs/nfs/unlink.c
--- linux-2.4.21/fs/nfs/unlink.c 2002-11-29 00:53:15.000000000 +0100
+++ nfs/fs/nfs/unlink.c 2003-09-29 13:38:49.000000000 +0200
@@ -12,6 +12,7 @@
#include <linux/sunrpc/sched.h>
#include <linux/sunrpc/clnt.h>
#include <linux/nfs_fs.h>
+#include <linux/wait.h>
struct nfs_unlinkdata {
@@ -21,6 +22,9 @@
struct rpc_task task;
struct rpc_cred *cred;
unsigned int count;
+
+ wait_queue_head_t waitq;
+ int completed;
};
static struct nfs_unlinkdata *nfs_deletes;
@@ -54,6 +58,8 @@
nfs_detach_unlinkdata(data);
if (data->name.name != NULL)
kfree(data->name.name);
+ if (data->cred)
+ put_rpccred(data->cred);
kfree(data);
}
}
@@ -133,6 +139,8 @@
put_rpccred(data->cred);
data->cred = NULL;
dput(dir);
+ data->completed = 1;
+ wake_up(&data->waitq);
}
/**
@@ -175,6 +183,8 @@
nfs_deletes = data;
data->count = 1;
+ init_waitqueue_head(&data->waitq);
+
task = &data->task;
rpc_init_task(task, clnt, nfs_async_unlink_done , RPC_TASK_ASYNC);
task->tk_calldata = data;
@@ -212,7 +222,15 @@
data->count++;
nfs_copy_dname(dentry, data);
dentry->d_flags &= ~DCACHE_NFSFS_RENAMED;
- if (data->task.tk_rpcwait == &nfs_delete_queue)
+ if (data->task.tk_rpcwait == &nfs_delete_queue) {
+ struct rpc_clnt *clnt = data->task.tk_client;
rpc_wake_up_task(&data->task);
+ nfs_wait_event(clnt, data->waitq, data->completed == 1);
+ /* This is safe as we hold the BKL */
+ if (!data->completed) {
+ dput(data->dir);
+ data->dir = NULL;
+ }
+ }
nfs_put_unlinkdata(data);
}
next prev parent reply other threads:[~2003-09-30 12:51 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-12 0:11 VFS: Busy inodes after unmount on 2 way SMP Arun Sharma
2003-09-12 1:05 ` H. Peter Anvin
2003-09-12 14:23 ` Ryan Go
2003-09-12 17:57 ` Arun Sharma
2003-09-12 20:51 ` H. Peter Anvin
2003-09-12 23:33 ` Ion Badulescu
2003-09-13 0:08 ` Arun Sharma
2003-09-13 0:16 ` Ion Badulescu
2003-09-13 0:16 ` Ion Badulescu
2003-09-15 21:42 ` [NFS] " Arun Sharma
2003-09-15 22:25 ` H. Peter Anvin
2003-09-15 22:34 ` Arun Sharma
2003-09-15 23:42 ` Ion Badulescu
2003-09-16 1:34 ` [autofs] " Matt C
2003-09-16 1:34 ` Matt C
2003-09-19 2:57 ` Frank Cusack
2003-09-16 20:37 ` Re: [NFS] " Arun Sharma
2003-09-16 20:54 ` H. Peter Anvin
2003-09-17 0:28 ` Ian Kent
2003-09-17 2:05 ` Arun Sharma
2003-09-17 2:28 ` H. Peter Anvin
2003-09-17 4:56 ` Ian Kent
2003-09-17 4:52 ` Ian Kent
2003-09-17 17:47 ` Arun Sharma
2003-09-17 20:41 ` H. Peter Anvin
2003-09-17 21:00 ` Olaf Hering
2003-09-18 0:31 ` Ian Kent
2003-09-18 5:04 ` Olaf Hering
2003-09-18 5:52 ` Re: [autofs] " Trond Myklebust
2003-09-18 8:26 ` Olaf Kirch
2003-09-19 23:36 ` [NFS] " Olaf Hering
2003-09-25 23:17 ` Re: [autofs] " Matt C
2003-09-25 23:17 ` Matt C
2003-09-26 0:24 ` Trond Myklebust
2003-09-26 0:24 ` Trond Myklebust
2003-09-26 18:31 ` [NFS] " Ion Badulescu
2003-09-26 22:29 ` Re: [autofs] " Trond Myklebust
2003-09-27 16:55 ` Olaf Kirch
2003-09-28 23:16 ` Steve Fosdick
2003-09-29 12:07 ` Ion Badulescu
2003-09-29 17:22 ` Trond Myklebust
2003-09-30 12:50 ` Olaf Kirch [this message]
2003-09-30 13:31 ` Trond Myklebust
2003-09-29 3:27 ` Frank Cusack
2003-09-18 2:26 ` [NFS] " Ion Badulescu
2003-09-18 2:54 ` H. Peter Anvin
2003-09-29 12:19 ` Ion Badulescu
2003-09-30 12:24 ` Ian Kent
2003-09-30 12:51 ` Mike Waychison
2003-10-01 12:56 ` Ian Kent
2003-09-30 13:12 ` Ion Badulescu
2003-09-30 16:44 ` Ian Kent
2003-09-17 13:14 ` Ryan Go
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030930125005.GI11571@suse.de \
--to=okir@suse.de \
--cc=lists@news.cs.columbia.edu \
--cc=nfs@lists.sourceforge.net \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.