From: Jeff Layton <jlayton@kernel.org>
To: chuck.lever@oracle.com
Cc: linux-nfs@vger.kernel.org
Subject: [PATCH 2/3] nfsd: fix potential race in nfsd_file_close
Date: Fri, 30 Sep 2022 15:15:49 -0400 [thread overview]
Message-ID: <20220930191550.172087-3-jlayton@kernel.org> (raw)
In-Reply-To: <20220930191550.172087-1-jlayton@kernel.org>
Once we call nfsd_file_put, there is no guarantee that "nf" can still be
safely accessed. That may have been the last reference.
Change the code to instead check for whether nf_ref is 2 and then unhash
it and put the reference if we're successful.
We might occasionally race with another lookup and end up unhashing it
when it probably shouldn't have been, but that should hopefully be rare
and will just result in the competing lookup having to create a new
nfsd_file.
Signed-off-by: Jeff Layton <jlayton@kernel.org>
---
fs/nfsd/filecache.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/fs/nfsd/filecache.c b/fs/nfsd/filecache.c
index 6237715bd23e..58f4d9267f4a 100644
--- a/fs/nfsd/filecache.c
+++ b/fs/nfsd/filecache.c
@@ -461,12 +461,14 @@ nfsd_file_put(struct nfsd_file *nf)
*/
void nfsd_file_close(struct nfsd_file *nf)
{
- nfsd_file_put(nf);
- if (refcount_dec_if_one(&nf->nf_ref)) {
- nfsd_file_unhash(nf);
- nfsd_file_lru_remove(nf);
- nfsd_file_free(nf);
+ /* One for the reference being put, and one for the hash */
+ if (refcount_read(&nf->nf_ref) == 2) {
+ if (nfsd_file_unhash(nf))
+ nfsd_file_put_noref(nf);
}
+ /* put the ref for the stateid */
+ nfsd_file_put(nf);
+
}
struct nfsd_file *
--
2.37.3
next prev parent reply other threads:[~2022-09-30 19:15 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-30 19:15 [PATCH 0/3] nfsd: filecache fixes Jeff Layton
2022-09-30 19:15 ` [PATCH 1/3] nfsd: nfsd_do_file_acquire should hold rcu_read_lock while getting refs Jeff Layton
2022-09-30 19:20 ` Chuck Lever III
2022-09-30 19:33 ` Jeff Layton
2022-09-30 20:06 ` Chuck Lever III
2022-10-01 4:44 ` NeilBrown
2022-10-01 9:47 ` Jeff Layton
2022-09-30 19:15 ` Jeff Layton [this message]
2022-09-30 20:58 ` [PATCH 2/3] nfsd: fix potential race in nfsd_file_close Jeff Layton
2022-09-30 20:59 ` Chuck Lever III
2022-10-01 5:03 ` NeilBrown
2022-10-01 9:55 ` Jeff Layton
2022-09-30 19:15 ` [PATCH 3/3] nfsd: fix nfsd_file_unhash_and_dispose Jeff Layton
2022-09-30 19:29 ` Chuck Lever III
2022-09-30 19:42 ` Jeff Layton
2022-09-30 20:23 ` Chuck Lever III
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220930191550.172087-3-jlayton@kernel.org \
--to=jlayton@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).