Re: [PATCH 1/4] knfsd: Replace lock_kernel with a mutex for nfsd thread startup/shutdown locking.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "J. Bruce Fields" <bfields@fieldses.org>
To: Jeff Layton <jlayton@redhat.com>
Cc: linux-nfs@vger.kernel.org, nfsv4@linux-nfs.org,
	gnb-cP1dWloDopni96+mSzHFpQC/G2K4zDHf@public.gmane.org
Subject: Re: [PATCH 1/4] knfsd: Replace lock_kernel with a mutex for nfsd thread startup/shutdown locking.
Date: Wed, 4 Jun 2008 18:41:20 -0400	[thread overview]
Message-ID: <20080604224120.GI10362@fieldses.org> (raw)
In-Reply-To: <20080604215815.GF10362@fieldses.org>

On Wed, Jun 04, 2008 at 05:58:15PM -0400, bfields wrote:
> On Wed, Jun 04, 2008 at 05:27:52PM -0400, Jeff Layton wrote:
> > On Wed, 4 Jun 2008 17:02:35 -0400
> > "J. Bruce Fields" <bfields@fieldses.org> wrote:
> > 
> > > On Wed, Jun 04, 2008 at 11:03:13AM -0400, Jeff Layton wrote:
> > > > diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
> > > > index 5ac00c4..d601a77 100644
> > > > --- a/fs/nfsd/nfsctl.c
> > > > +++ b/fs/nfsd/nfsctl.c
> > > ...
> > > > @@ -566,14 +574,13 @@ static ssize_t write_versions(struct file *file, char *buf, size_t size)
> > > >  	return len;
> > > >  }
> > > >  
> > > > -static ssize_t write_ports(struct file *file, char *buf, size_t size)
> > > > +static ssize_t __write_ports(struct file *file, char *buf, size_t size)
> > > >  {
> > > >  	if (size == 0) {
> > > >  		int len = 0;
> > > > -		lock_kernel();
> > > > +
> > > >  		if (nfsd_serv)
> > > >  			len = svc_xprt_names(nfsd_serv, buf, 0);
> > > > -		unlock_kernel();
> > > 
> > > svc_xprt_names() has to be prepared to accept NULL as a first parameter
> > > (since we've got nothing here any longer to guarantee that nfsd_serv
> > > won't change after we've checked it).  And, indeed, it does check for
> > > that (with its local copy, which won't change.  So that's OK.  But then
> > > could we just ditch this redundant check here?  It's confusing.
> > > 
> > > Oops, but: what happens if something like this races with svc_destroy,
> > > so svc_xprt_names() is passed a pointer to freed memory?
> > > 
> > 
> > We do have a guarantee that nfsd_serv won't change after it's checked
> > here. The new nfsd_mutex protects it. write_ports has been renamed to
> > __write_ports, and write_ports has been turned into a wrapper that runs
> > the entire original function under the nfsd_mutex. We also have nfsd
> > hold the nfsd_mutex when svc_exit_thread is called, so svc_destroy
> > should also be called while holding it. That should serialize access
> > to the nfsd_serv.
> 
> Of course, you're right; thanks for setting me straight!

One more random point of confusion: is write_versions racy?  It assigns
to nfsd_versions, which is used in svc_process() to decide whether a
version is supported or not, without doing the adjustment of rq_argp and
rq_resp which a comment in write_versions() says is necessary.  And
there's no locking around the nfsd_serv check there.  So in theory could
a write_versions() at the wrong time result in an nfsd that accepted nfs
versions that it shouldn't (and hence could overflow some buffer)?

That'd be a preexisting problem, nothing to do with your work--I was
just grepping for uses of nfsd_serv....

--b.

next prev parent reply	other threads:[~2008-06-04 22:41 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-06-04 15:03 [PATCH 0/4] Convert knfsd to kthread API and fix startup/shutdown races (try #2) Jeff Layton
2008-06-04 15:03 ` [PATCH 1/4] knfsd: Replace lock_kernel with a mutex for nfsd thread startup/shutdown locking Jeff Layton
2008-06-04 15:03   ` [PATCH 2/4] knfsd: remove special handling for SIGHUP Jeff Layton
2008-06-04 15:03     ` [PATCH 3/4] knfsd: convert knfsd to kthread API Jeff Layton
2008-06-04 15:03       ` [PATCH 4/4] sunrpc: remove unneeded field from svc_serv struct Jeff Layton
2008-06-05  1:30         ` Greg Banks
2008-06-05  1:28       ` [PATCH 3/4] knfsd: convert knfsd to kthread API Greg Banks
2008-06-05  0:59     ` [PATCH 2/4] knfsd: remove special handling for SIGHUP Greg Banks
2008-06-04 21:02   ` [PATCH 1/4] knfsd: Replace lock_kernel with a mutex for nfsd thread startup/shutdown locking J. Bruce Fields
2008-06-04 21:27     ` Jeff Layton
     [not found]       ` <20080604172752.31686797-RtJpwOs3+0O+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
2008-06-04 21:58         ` J. Bruce Fields
2008-06-04 22:41           ` J. Bruce Fields [this message]
2008-06-05  0:07             ` Jeff Layton
2008-06-05  0:47   ` Greg Banks
2008-06-05 20:03     ` J. Bruce Fields
2008-06-05 20:15       ` Jeff Layton
2008-06-05 23:35       ` Greg Banks
     [not found]         ` <48487857.4030706-cP1dWloDopni96+mSzHFpQC/G2K4zDHf@public.gmane.org>
2008-06-06 15:05           ` Jeff Layton

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080604224120.GI10362@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=gnb-cP1dWloDopni96+mSzHFpQC/G2K4zDHf@public.gmane.org \
    --cc=jlayton@redhat.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=nfsv4@linux-nfs.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.