Techwizz/kernel-fxtec-pro1x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

NFSv4: Fix up the dereferencing of delegation->inode

Browse source 
Without an extra lock, we cannot just assume that the delegation->inode is
valid when we're traversing the rcu-protected nfs_client lists. Use the
delegation->lock to ensure that it is truly valid.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
This commit is contained in:
Trond Myklebust 2008-12-23 15:21:39 -05:00
parent 343104308a
commit 86e8948998
1 changed files with 31 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
fs/nfs/delegation.c
View file

@ -134,6 +134,17 @@ static int nfs_do_return_delegation(struct inode *inode, struct nfs_delegation *
return res; return res;
} }
static struct inode *nfs_delegation_grab_inode(struct nfs_delegation *delegation)
{
struct inode *inode = NULL;
spin_lock(&delegation->lock);
if (delegation->inode != NULL)
inode = igrab(delegation->inode);
spin_unlock(&delegation->lock);
return inode;
}
static struct nfs_delegation *nfs_detach_delegation_locked(struct nfs_inode *nfsi, const nfs4_stateid *stateid) static struct nfs_delegation *nfs_detach_delegation_locked(struct nfs_inode *nfsi, const nfs4_stateid *stateid)
{ {
struct nfs_delegation *delegation = rcu_dereference(nfsi->delegation); struct nfs_delegation *delegation = rcu_dereference(nfsi->delegation);
@ -145,6 +156,7 @@ static struct nfs_delegation *nfs_detach_delegation_locked(struct nfs_inode *nfs
sizeof(delegation->stateid.data)) != 0) sizeof(delegation->stateid.data)) != 0)
goto nomatch_unlock; goto nomatch_unlock;
list_del_rcu(&delegation->super_list); list_del_rcu(&delegation->super_list);
delegation->inode = NULL;
nfsi->delegation_state = 0; nfsi->delegation_state = 0;
rcu_assign_pointer(nfsi->delegation, NULL); rcu_assign_pointer(nfsi->delegation, NULL);
spin_unlock(&delegation->lock); spin_unlock(&delegation->lock);
@ -298,9 +310,11 @@ void nfs_return_all_delegations(struct super_block *sb)
restart: restart:
rcu_read_lock(); rcu_read_lock();
list_for_each_entry_rcu(delegation, &clp->cl_delegations, super_list) { list_for_each_entry_rcu(delegation, &clp->cl_delegations, super_list) {
if (delegation->inode->i_sb != sb) inode = NULL;
continue; spin_lock(&delegation->lock);
inode = igrab(delegation->inode); if (delegation->inode != NULL && delegation->inode->i_sb == sb)
inode = igrab(delegation->inode);
spin_unlock(&delegation->lock);
if (inode == NULL) if (inode == NULL)
continue; continue;
spin_lock(&clp->cl_lock); spin_lock(&clp->cl_lock);
@ -329,7 +343,7 @@ static int nfs_do_expire_all_delegations(void *ptr)
goto out; goto out;
rcu_read_lock(); rcu_read_lock();
list_for_each_entry_rcu(delegation, &clp->cl_delegations, super_list) { list_for_each_entry_rcu(delegation, &clp->cl_delegations, super_list) {
inode = igrab(delegation->inode); inode = nfs_delegation_grab_inode(delegation);
if (inode == NULL) if (inode == NULL)
continue; continue;
spin_lock(&clp->cl_lock); spin_lock(&clp->cl_lock);
@ -376,7 +390,7 @@ void nfs_handle_cb_pathdown(struct nfs_client *clp)
restart: restart:
rcu_read_lock(); rcu_read_lock();
list_for_each_entry_rcu(delegation, &clp->cl_delegations, super_list) { list_for_each_entry_rcu(delegation, &clp->cl_delegations, super_list) {
inode = igrab(delegation->inode); inode = nfs_delegation_grab_inode(delegation);
if (inode == NULL) if (inode == NULL)
continue; continue;
spin_lock(&clp->cl_lock); spin_lock(&clp->cl_lock);
@ -464,10 +478,14 @@ struct inode *nfs_delegation_find_inode(struct nfs_client *clp, const struct nfs
struct inode *res = NULL; struct inode *res = NULL;
rcu_read_lock(); rcu_read_lock();
list_for_each_entry_rcu(delegation, &clp->cl_delegations, super_list) { list_for_each_entry_rcu(delegation, &clp->cl_delegations, super_list) {
if (nfs_compare_fh(fhandle, &NFS_I(delegation->inode)->fh) == 0) { spin_lock(&delegation->lock);
if (delegation->inode != NULL &&
nfs_compare_fh(fhandle, &NFS_I(delegation->inode)->fh) == 0) {
res = igrab(delegation->inode); res = igrab(delegation->inode);
break;
} }
spin_unlock(&delegation->lock);
if (res != NULL)
break;
} }
rcu_read_unlock(); rcu_read_unlock();
return res; return res;
@ -491,17 +509,22 @@ void nfs_delegation_mark_reclaim(struct nfs_client *clp)
void nfs_delegation_reap_unclaimed(struct nfs_client *clp) void nfs_delegation_reap_unclaimed(struct nfs_client *clp)
{ {
struct nfs_delegation *delegation; struct nfs_delegation *delegation;
struct inode *inode;
restart: restart:
rcu_read_lock(); rcu_read_lock();
list_for_each_entry_rcu(delegation, &clp->cl_delegations, super_list) { list_for_each_entry_rcu(delegation, &clp->cl_delegations, super_list) {
if ((delegation->flags & NFS_DELEGATION_NEED_RECLAIM) == 0) if ((delegation->flags & NFS_DELEGATION_NEED_RECLAIM) == 0)
continue; continue;
inode = nfs_delegation_grab_inode(delegation);
if (inode == NULL)
continue;
spin_lock(&clp->cl_lock); spin_lock(&clp->cl_lock);
delegation = nfs_detach_delegation_locked(NFS_I(delegation->inode), NULL); delegation = nfs_detach_delegation_locked(NFS_I(inode), NULL);
spin_unlock(&clp->cl_lock); spin_unlock(&clp->cl_lock);
rcu_read_unlock(); rcu_read_unlock();
if (delegation != NULL) if (delegation != NULL)
nfs_free_delegation(delegation); nfs_free_delegation(delegation);
iput(inode);
goto restart; goto restart;
} }
rcu_read_unlock(); rcu_read_unlock();