[PATCH] NFSv4: Fix a dentry leak on alias use

linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] NFSv4: Fix a dentry leak on alias use
@ 2016-02-17 14:44 Benjamin Coddington
  2016-02-17 15:41 ` [PATCH v2] " Benjamin Coddington
  0 siblings, 1 reply; 2+ messages in thread
From: Benjamin Coddington @ 2016-02-17 14:44 UTC (permalink / raw)
  To: Trond Myklebust, Anna Schumaker; +Cc: linux-nfs

We've had some users hitting what used to be a BUG() in
shink_dcache_for_umount() but is now a printk:

BUG: Dentry ffff880066676000{i=20007,n=foobar} still in use (1) [unmount of nfs4 0:39]
VFS: Busy inodes after unmount of 0:39. Self-destruct in 5 seconds.  Have a nice day...

The users don't like that very much.

I've spotted a dentry leak in the rare case where d_add_unique() finds an
alias on open and we swap the open context's dentry.  I'm pretty sure we
shouldn't be doing another dget() there.  I can reliably reproduce it with
this bit of bash:

mkdir -p /exports/dir{1,2}
exportfs -o rw localhost:/exports
mount -t nfs -ov4.1 localhost:/ /mnt/localhost

(sleep 2) > /mnt/localhost/dir1/foobar &
waitpid="$!"
sleep 1
mv /exports/dir{1,2}/foobar
echo A > /mnt/localhost/dir2/foobar
stat /mnt/localhost/dir1/foobar 2> /dev/null
mv /exports/dir{2,1}/foobar
echo A > /mnt/localhost/dir1/foobar

wait $waitpid
umount /mnt/localhost

Ben

8<---------------------------------------------------------------------
In the case where d_add_unique() finds an appropriate alias to use it will
have already incremented the reference count.  An additional dget() to swap
the open context's dentry is unnecessary and will leak a reference.

Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
---
 fs/nfs/nfs4proc.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 4bfc33a..f4401ed 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -2468,7 +2468,7 @@ static int _nfs4_open_and_get_state(struct nfs4_opendata *opendata,
 			dentry = opendata->dentry;
 		} else if (dentry != ctx->dentry) {
 			dput(ctx->dentry);
-			ctx->dentry = dget(dentry);
+			ctx->dentry = dentry;
 		}
 		nfs_set_verifier(dentry,
 				nfs_save_change_attribute(d_inode(opendata->dir)));
-- 
1.7.1

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* [PATCH v2] NFSv4: Fix a dentry leak on alias use
  2016-02-17 14:44 [PATCH] NFSv4: Fix a dentry leak on alias use Benjamin Coddington
@ 2016-02-17 15:41 ` Benjamin Coddington
  0 siblings, 0 replies; 2+ messages in thread
From: Benjamin Coddington @ 2016-02-17 15:41 UTC (permalink / raw)
  To: Trond Myklebust, Anna Schumaker; +Cc: linux-nfs

We've had some users hitting what used to be a BUG() in
shink_dcache_for_umount() but is now a printk:

BUG: Dentry ffff880066676000{i=20007,n=foobar} still in use (1) [unmount of nfs4 0:39]
VFS: Busy inodes after unmount of 0:39. Self-destruct in 5 seconds.  Have a nice day...

The users don't like that very much.

I've spotted a dentry leak in the rare case where d_add_unique() finds an
alias on open and we swap the open context's dentry.  I'm pretty sure we
shouldn't be doing another dget() there.  I can reliably reproduce it with
this bit of bash:

mkdir -p /exports/dir{1,2}
exportfs -o rw localhost:/exports
mount -t nfs -ov4.1 localhost:/ /mnt/localhost

(sleep 2) > /mnt/localhost/dir1/foobar &
waitpid="$!"
sleep 1
mv /exports/dir{1,2}/foobar
echo A > /mnt/localhost/dir2/foobar
stat /mnt/localhost/dir1/foobar 2> /dev/null
mv /exports/dir{2,1}/foobar
echo A > /mnt/localhost/dir1/foobar

wait $waitpid
umount /mnt/localhost

Ben

Version 2:

This version corrects for the case where the dentry returned is the same as
the ctx->dentry, even though that is quite impossible.  There's no need to
check if the returned dentry differs from ctx->dentry, so get rid of the
check.

8<---------------------------------------------------------------------
In the case where d_add_unique() finds an appropriate alias to use it will
have already incremented the reference count.  An additional dget() to swap
the open context's dentry is unnecessary and will leak a reference.

Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
---
 fs/nfs/nfs4proc.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 4bfc33a..1488159 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -2466,9 +2466,9 @@ static int _nfs4_open_and_get_state(struct nfs4_opendata *opendata,
 		dentry = d_add_unique(dentry, igrab(state->inode));
 		if (dentry == NULL) {
 			dentry = opendata->dentry;
-		} else if (dentry != ctx->dentry) {
+		} else {
 			dput(ctx->dentry);
-			ctx->dentry = dget(dentry);
+			ctx->dentry = dentry;
 		}
 		nfs_set_verifier(dentry,
 				nfs_save_change_attribute(d_inode(opendata->dir)));
-- 
1.7.1

^ permalink raw reply related	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2016-02-17 15:41 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-17 14:44 [PATCH] NFSv4: Fix a dentry leak on alias use Benjamin Coddington
2016-02-17 15:41 ` [PATCH v2] " Benjamin Coddington

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).