From: Trond Myklebust <trondmy@kernel.org>
To: Aiden Lambert <alambert48@gatech.edu>,
anna@kernel.org, chuck.lever@oracle.org, jlayton@kernel.org
Cc: linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] NFS: ensure nfs_safe_remove() atomic nlink drop
Date: Mon, 17 Nov 2025 13:24:54 -0500 [thread overview]
Message-ID: <3fa28515be621f91f237d323ff4b97430e73b032.camel@kernel.org> (raw)
In-Reply-To: <qqu6ndrq6ytkt7rfe7hw62iu34fkt6eckixjgx7bkhqgvzvcm6@h4tj3bkvvidi>
On Mon, 2025-11-17 at 13:03 -0500, Aiden Lambert wrote:
> A race condition occurs when both unlink() and link() are running
> concurrently on the same inode, and the nlink count from the nfs
> server
> received in link()->nfs_do_access() clobbers the nlink count of the
> inode in nfs_safe_remove() after the "remove" RPC is made to the
> server
> but before we decrement the link count. If the nlink value from
> nfs_do_access() reflects the decremented nlink of the "remove" RPC, a
> double decrement occurs, which can lead to the dropping of the client
> side inode, causing the link call to return ENOENT. To fix this, we
> record an expected nlink value before the "remove" RPC and compare it
> with the value afterwards---if these two are the same, the drop is
> performed. Note that this does not take into account nlink values
> that
> are a result of multi-client (un)link operations as these are not
> guaranteed to be atomic by the NFS spec.
Why do we end up running nfs_do_access() at all in the above test? That
sounds like a bug. We shouldn't ever need to validate if we can create
or delete things using ACCESS. That just ends up producing an
unnecessary TOCTOU race.
--
Trond Myklebust
Linux NFS client maintainer, Hammerspace
trondmy@kernel.org, trond.myklebust@hammerspace.com
next prev parent reply other threads:[~2025-11-17 18:24 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-17 18:03 [PATCH] NFS: ensure nfs_safe_remove() atomic nlink drop Aiden Lambert
2025-11-17 18:24 ` Trond Myklebust [this message]
2025-11-17 18:57 ` Aiden Lambert
2025-11-17 22:41 ` Trond Myklebust
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3fa28515be621f91f237d323ff4b97430e73b032.camel@kernel.org \
--to=trondmy@kernel.org \
--cc=alambert48@gatech.edu \
--cc=anna@kernel.org \
--cc=chuck.lever@oracle.org \
--cc=jlayton@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox