Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4ef2e4f8 authored by Trond Myklebust's avatar Trond Myklebust
Browse files

NFSv4.1: Fix pnfs_put_lseg races 



pnfs_layoutreturn_free_lseg_async() can also race with inode put in
the general case. We can now fix this, and also simplify the code.

Cc: Peng Tao <tao.peng@primarydata.com>
Signed-off-by: default avatarTrond Myklebust <trond.myklebust@primarydata.com>
parent e4af440a

fs/nfs/pnfs.c

+19 −34
Original line number Diff line number Diff line
@@ -361,14 +361,9 @@ pnfs_layout_need_return(struct pnfs_layout_hdr *lo, 
	return true;

}



static void pnfs_layoutreturn_free_lseg(struct work_struct *work)

static void pnfs_layoutreturn_before_put_lseg(struct pnfs_layout_segment *lseg,

		struct pnfs_layout_hdr *lo, struct inode *inode)

{

	struct pnfs_layout_segment *lseg;

	struct pnfs_layout_hdr *lo;

	struct inode *inode;



	lseg = container_of(work, struct pnfs_layout_segment, pls_work);

	WARN_ON(atomic_read(&lseg->pls_refcount));

	lo = lseg->pls_layout;

	inode = lo->plh_inode;
@@ -383,24 +378,12 @@ static void pnfs_layoutreturn_free_lseg(struct work_struct *work) 
		lo->plh_block_lgets++;

		lo->plh_return_iomode = 0;

		spin_unlock(&inode->i_lock);

		pnfs_get_layout_hdr(lo);



		pnfs_send_layoutreturn(lo, stateid, iomode, true);

		spin_lock(&inode->i_lock);

		/* Send an async layoutreturn so we dont deadlock */

		pnfs_send_layoutreturn(lo, stateid, iomode, false);

	} else

		/* match pnfs_get_layout_hdr #2 in pnfs_put_lseg */

		pnfs_put_layout_hdr(lo);

	pnfs_layout_remove_lseg(lo, lseg);

		spin_unlock(&inode->i_lock);

	pnfs_free_lseg(lseg);

	/* match pnfs_get_layout_hdr #1 in pnfs_put_lseg */

	pnfs_put_layout_hdr(lo);

}



static void

pnfs_layoutreturn_free_lseg_async(struct pnfs_layout_segment *lseg)

{

	INIT_WORK(&lseg->pls_work, pnfs_layoutreturn_free_lseg);

	queue_work(nfsiod_workqueue, &lseg->pls_work);

}



void
@@ -415,23 +398,25 @@ pnfs_put_lseg(struct pnfs_layout_segment *lseg) 
	dprintk("%s: lseg %p ref %d valid %d\n", __func__, lseg,

		atomic_read(&lseg->pls_refcount),

		test_bit(NFS_LSEG_VALID, &lseg->pls_flags));



	/* Handle the case where refcount != 1 */

	if (atomic_add_unless(&lseg->pls_refcount, -1, 1))

		return;



	lo = lseg->pls_layout;

	inode = lo->plh_inode;

	/* Do we need a layoutreturn? */

	if (test_bit(NFS_LSEG_LAYOUTRETURN, &lseg->pls_flags))

		pnfs_layoutreturn_before_put_lseg(lseg, lo, inode);



	if (atomic_dec_and_lock(&lseg->pls_refcount, &inode->i_lock)) {

		pnfs_get_layout_hdr(lo);

		if (pnfs_layout_need_return(lo, lseg)) {

			spin_unlock(&inode->i_lock);

			/* hdr reference dropped in nfs4_layoutreturn_release */

			pnfs_get_layout_hdr(lo);

			pnfs_layoutreturn_free_lseg_async(lseg);

		} else {

		pnfs_layout_remove_lseg(lo, lseg);

		spin_unlock(&inode->i_lock);

		pnfs_free_lseg(lseg);

		pnfs_put_layout_hdr(lo);

	}

}

}

EXPORT_SYMBOL_GPL(pnfs_put_lseg);



static void pnfs_free_lseg_async_work(struct work_struct *work)