* [PATCH] NFSD: Disallow layoutget during grace period
@ 2025-08-25 13:11 Sergey Bashirov
2025-08-25 16:33 ` Jeff Layton
0 siblings, 1 reply; 3+ messages in thread
From: Sergey Bashirov @ 2025-08-25 13:11 UTC (permalink / raw)
To: Chuck Lever, Jeff Layton, NeilBrown, Olga Kornievskaia, Dai Ngo,
Tom Talpey
Cc: linux-nfs, linux-kernel, Sergey Bashirov, Konstantin Evtushenko
When the server is recovering from a reboot and is in a grace period,
any operation that may result in deletion or reallocation of block
extents should not be allowed. See RFC 8881, section 18.43.3.
If multiple clients write data to the same file, rebooting the server
during writing may result in file corruption. In the worst case, the
exported XFS may also become corrupted. Observed this behavior while
testing pNFS block volume setup.
Co-developed-by: Konstantin Evtushenko <koevtushenko@yandex.com>
Signed-off-by: Konstantin Evtushenko <koevtushenko@yandex.com>
Signed-off-by: Sergey Bashirov <sergeybashirov@gmail.com>
---
fs/nfsd/nfs4proc.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index bfebe6e25638a..3000b43be9221 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -2435,6 +2435,7 @@ static __be32
nfsd4_layoutget(struct svc_rqst *rqstp,
struct nfsd4_compound_state *cstate, union nfsd4_op_u *u)
{
+ struct net *net = SVC_NET(rqstp);
struct nfsd4_layoutget *lgp = &u->layoutget;
struct svc_fh *current_fh = &cstate->current_fh;
const struct nfsd4_layout_ops *ops;
@@ -2486,6 +2487,10 @@ nfsd4_layoutget(struct svc_rqst *rqstp,
if (lgp->lg_seg.length == 0)
goto out;
+ nfserr = nfserr_grace;
+ if (locks_in_grace(net))
+ goto out;
+
nfserr = nfsd4_preprocess_layout_stateid(rqstp, cstate, &lgp->lg_sid,
true, lgp->lg_layout_type, &ls);
if (nfserr) {
--
2.43.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] NFSD: Disallow layoutget during grace period
2025-08-25 13:11 [PATCH] NFSD: Disallow layoutget during grace period Sergey Bashirov
@ 2025-08-25 16:33 ` Jeff Layton
2025-08-27 18:07 ` Sergey Bashirov
0 siblings, 1 reply; 3+ messages in thread
From: Jeff Layton @ 2025-08-25 16:33 UTC (permalink / raw)
To: Sergey Bashirov, Chuck Lever, NeilBrown, Olga Kornievskaia,
Dai Ngo, Tom Talpey
Cc: linux-nfs, linux-kernel, Konstantin Evtushenko
On Mon, 2025-08-25 at 16:11 +0300, Sergey Bashirov wrote:
> When the server is recovering from a reboot and is in a grace period,
> any operation that may result in deletion or reallocation of block
> extents should not be allowed. See RFC 8881, section 18.43.3.
>
> If multiple clients write data to the same file, rebooting the server
> during writing may result in file corruption. In the worst case, the
> exported XFS may also become corrupted. Observed this behavior while
> testing pNFS block volume setup.
>
> Co-developed-by: Konstantin Evtushenko <koevtushenko@yandex.com>
> Signed-off-by: Konstantin Evtushenko <koevtushenko@yandex.com>
> Signed-off-by: Sergey Bashirov <sergeybashirov@gmail.com>
> ---
> fs/nfsd/nfs4proc.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
> index bfebe6e25638a..3000b43be9221 100644
> --- a/fs/nfsd/nfs4proc.c
> +++ b/fs/nfsd/nfs4proc.c
> @@ -2435,6 +2435,7 @@ static __be32
> nfsd4_layoutget(struct svc_rqst *rqstp,
> struct nfsd4_compound_state *cstate, union nfsd4_op_u *u)
> {
> + struct net *net = SVC_NET(rqstp);
> struct nfsd4_layoutget *lgp = &u->layoutget;
> struct svc_fh *current_fh = &cstate->current_fh;
> const struct nfsd4_layout_ops *ops;
> @@ -2486,6 +2487,10 @@ nfsd4_layoutget(struct svc_rqst *rqstp,
> if (lgp->lg_seg.length == 0)
> goto out;
>
> + nfserr = nfserr_grace;
> + if (locks_in_grace(net))
> + goto out;
> +
> nfserr = nfsd4_preprocess_layout_stateid(rqstp, cstate, &lgp->lg_sid,
> true, lgp->lg_layout_type, &ls);
> if (nfserr) {
This seems like a reasonable thing to do, but I wonder if it makes
sense across all different pNFS layout types? This restriction is
definitely not needed for the (trivial) in-kernel flexfiles server, for
instance.
Maybe it'd be best to push this down into the individual layout drivers
and let them make the decision?
--
Jeff Layton <jlayton@kernel.org>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] NFSD: Disallow layoutget during grace period
2025-08-25 16:33 ` Jeff Layton
@ 2025-08-27 18:07 ` Sergey Bashirov
0 siblings, 0 replies; 3+ messages in thread
From: Sergey Bashirov @ 2025-08-27 18:07 UTC (permalink / raw)
To: Jeff Layton, Chuck Lever, NeilBrown, Olga Kornievskaia, Dai Ngo,
Tom Talpey
Cc: linux-nfs, linux-kernel, Konstantin Evtushenko, Sergey Bashirov
Hi Jeff,
On Mon, Aug 25, 2025 at 12:33:46PM -0400, Jeff Layton wrote:
> This seems like a reasonable thing to do, but I wonder if it makes
> sense across all different pNFS layout types? This restriction is
> definitely not needed for the (trivial) in-kernel flexfiles server, for
> instance.
>
> Maybe it'd be best to push this down into the individual layout drivers
> and let them make the decision?
Good point. The spec says: "If the metadata server is in a grace period,
and does not persist layouts and device ID to device address mappings,
then it MUST return NFS4ERR_GRACE". As far as I understand, this is a
requirement for a specific implementation option. So moving this logic
to the layout driver level seems reasonable to me. Will submit new patch.
--
Sergey Bashirov
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-08-27 18:07 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-25 13:11 [PATCH] NFSD: Disallow layoutget during grace period Sergey Bashirov
2025-08-25 16:33 ` Jeff Layton
2025-08-27 18:07 ` Sergey Bashirov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).