Part of this makes sense Pavel reminded me:
in cifs_writepages() we don't need to reference wdata because we
are leaving the function. in cifs_write_from_iter() we put all wdatas
in the list and that's why we need an extra reference there
On Wed, May 13, 2020 at 2:14 PM Steve French <smfrench@xxxxxxxxx> wrote:
>
> Shyam and Pavel noticed things which didn't make sense
>
> e.g. in cifs_writepages weare putting the reference unconditionally
> but in cifs_write_from_iter we are doing the same thing. So how was
> this working before - should have resulted in a reference leak and
> direct i/o shouldn't have had a chance to complete??
>
> and wouldn't there be an underrun if a retryable error with your patch
> with it getting called twice?
>
> Jeff,
> Any thoughts on this?
>
>
>
> On Wed, May 13, 2020 at 6:55 AM Adam McCoy <adam@xxxxxxxxxxxxxxx> wrote:
> >
> > Failed async writes that are requeued may not clean up a refcount
> > on the file, which can result in a leaked open. This scenario arises
> > very reliably when using persistent handles and a reconnect occurs
> > while writing.
> >
> > cifs_writev_requeue only releases the reference if the write fails
> > (rc != 0). The server->ops->async_writev operation will take its own
> > reference, so the initial reference can always be released.
> >
> > Signed-off-by: Adam McCoy <adam@xxxxxxxxxxxxxxx>
> > ---
> > fs/cifs/cifssmb.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/fs/cifs/cifssmb.c b/fs/cifs/cifssmb.c
> > index 182b864b3075..5014a82391ff 100644
> > --- a/fs/cifs/cifssmb.c
> > +++ b/fs/cifs/cifssmb.c
> > @@ -2152,8 +2152,8 @@ cifs_writev_requeue(struct cifs_writedata *wdata)
> > }
> > }
> >
> > + kref_put(&wdata2->refcount, cifs_writedata_release);
> > if (rc) {
> > - kref_put(&wdata2->refcount, cifs_writedata_release);
> > if (is_retryable_error(rc))
> > continue;
> > i += nr_pages;
> > --
> > 2.17.1
> >
>
>
> --
> Thanks,
>
> Steve
--
Thanks,
Steve
