From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Dai Ngo <dai.ngo@oracle.com>,
Chuck Lever <chuck.lever@oracle.com>
Subject: [PATCH 4.14 22/23] NFSD: Fix possible sleep during nfsd4_release_lockowner()
Date: Fri, 3 Jun 2022 19:39:49 +0200 [thread overview]
Message-ID: <20220603173815.032974590@linuxfoundation.org> (raw)
In-Reply-To: <20220603173814.362515009@linuxfoundation.org>
From: Chuck Lever <chuck.lever@oracle.com>
commit ce3c4ad7f4ce5db7b4f08a1e237d8dd94b39180b upstream.
nfsd4_release_lockowner() holds clp->cl_lock when it calls
check_for_locks(). However, check_for_locks() calls nfsd_file_get()
/ nfsd_file_put() to access the backing inode's flc_posix list, and
nfsd_file_put() can sleep if the inode was recently removed.
Let's instead rely on the stateowner's reference count to gate
whether the release is permitted. This should be a reliable
indication of locks-in-use since file lock operations and
->lm_get_owner take appropriate references, which are released
appropriately when file locks are removed.
Reported-by: Dai Ngo <dai.ngo@oracle.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfsd/nfs4state.c | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -6351,16 +6351,12 @@ nfsd4_release_lockowner(struct svc_rqst
if (sop->so_is_open_owner || !same_owner_str(sop, owner))
continue;
- /* see if there are still any locks associated with it */
- lo = lockowner(sop);
- list_for_each_entry(stp, &sop->so_stateids, st_perstateowner) {
- if (check_for_locks(stp->st_stid.sc_file, lo)) {
- status = nfserr_locks_held;
- spin_unlock(&clp->cl_lock);
- return status;
- }
+ if (atomic_read(&sop->so_count) != 1) {
+ spin_unlock(&clp->cl_lock);
+ return nfserr_locks_held;
}
+ lo = lockowner(sop);
nfs4_get_stateowner(sop);
break;
}
next prev parent reply other threads:[~2022-06-03 17:42 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-03 17:39 [PATCH 4.14 00/23] 4.14.282-rc1 review Greg Kroah-Hartman
2022-06-03 17:39 ` [PATCH 4.14 01/23] x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests Greg Kroah-Hartman
2022-06-03 17:39 ` [PATCH 4.14 02/23] staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() Greg Kroah-Hartman
2022-06-03 17:39 ` [PATCH 4.14 03/23] tcp: change source port randomizarion at connect() time Greg Kroah-Hartman
2022-06-03 17:39 ` [PATCH 4.14 04/23] secure_seq: use the 64 bits of the siphash for port offset calculation Greg Kroah-Hartman
2022-06-03 17:39 ` [PATCH 4.14 05/23] ACPI: sysfs: Make sparse happy about address space in use Greg Kroah-Hartman
2022-06-03 17:39 ` [PATCH 4.14 06/23] ACPI: sysfs: Fix BERT error region memory mapping Greg Kroah-Hartman
2022-06-03 17:39 ` [PATCH 4.14 07/23] net: af_key: check encryption module availability consistency Greg Kroah-Hartman
2022-06-03 17:39 ` [PATCH 4.14 08/23] net: ftgmac100: Disable hardware checksum on AST2600 Greg Kroah-Hartman
2022-06-03 17:39 ` [PATCH 4.14 09/23] drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers Greg Kroah-Hartman
2022-06-03 17:39 ` [PATCH 4.14 10/23] assoc_array: Fix BUG_ON during garbage collect Greg Kroah-Hartman
2022-06-03 17:39 ` [PATCH 4.14 11/23] drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() Greg Kroah-Hartman
2022-06-03 17:39 ` [PATCH 4.14 12/23] block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern Greg Kroah-Hartman
2022-06-03 17:39 ` [PATCH 4.14 13/23] exec: Force single empty string when argv is empty Greg Kroah-Hartman
2022-06-03 17:39 ` [PATCH 4.14 14/23] netfilter: conntrack: re-fetch conntrack after insertion Greg Kroah-Hartman
2022-06-03 17:39 ` [PATCH 4.14 15/23] zsmalloc: fix races between asynchronous zspage free and page migration Greg Kroah-Hartman
2022-06-03 17:39 ` [PATCH 4.14 16/23] dm integrity: fix error code in dm_integrity_ctr() Greg Kroah-Hartman
2022-06-03 17:39 ` [PATCH 4.14 17/23] dm crypt: make printing of the key constant-time Greg Kroah-Hartman
2022-06-03 17:39 ` [PATCH 4.14 18/23] dm stats: add cond_resched when looping over entries Greg Kroah-Hartman
2022-06-03 17:39 ` [PATCH 4.14 19/23] dm verity: set DM_TARGET_IMMUTABLE feature flag Greg Kroah-Hartman
2022-06-03 17:39 ` [PATCH 4.14 20/23] tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() Greg Kroah-Hartman
2022-06-03 17:39 ` [PATCH 4.14 21/23] docs: submitting-patches: Fix crossref to The canonical patch format Greg Kroah-Hartman
2022-06-03 17:39 ` Greg Kroah-Hartman [this message]
2022-06-03 17:39 ` [PATCH 4.14 23/23] bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes Greg Kroah-Hartman
2022-06-04 18:40 ` [PATCH 4.14 00/23] 4.14.282-rc1 review Naresh Kamboju
2022-06-04 18:53 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220603173815.032974590@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=chuck.lever@oracle.com \
--cc=dai.ngo@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox