On Tue, 2012-08-07 at 11:30 -0400, bjschuma@xxxxxxxxxx wrote: > From: Bryan Schumaker <bjschuma@xxxxxxxxxx> > > idmap_pipe_downcall already clears this field if the upcall succeeds, > but if it fails (rpc.idmapd isn't running) the field will still be set > on the next call triggering a BUG_ON(). > > Signed-off-by: Bryan Schumaker <bjschuma@xxxxxxxxxx> > --- > fs/nfs/idmap.c | 16 +++++++++------- > 1 file changed, 9 insertions(+), 7 deletions(-) > > diff --git a/fs/nfs/idmap.c b/fs/nfs/idmap.c > index b701358..645cfe7 100644 > --- a/fs/nfs/idmap.c > +++ b/fs/nfs/idmap.c > @@ -683,10 +683,12 @@ static int nfs_idmap_legacy_upcall(struct key_construction *cons, > > ret = rpc_queue_upcall(idmap->idmap_pipe, msg); > if (ret < 0) > - goto out2; > + goto out3; > > return ret; > > +out3: > + idmap->idmap_key_cons = NULL; > out2: > kfree(im); > out1: That fixes rpc_queue_upcall failure path, but we still need to deal with timeouts and close. How about the following alternative: Set idmap->idmap_key_cons after grabbing the mutex in nfs_idmap_get_key(), then clear it before you release that mutex. That leaves one possible race in which the idmap->idmap_key_cons is cleared while we're in idmap_pipe_downcall. One way to solve that race is to use a second mutex (see the original idmapper design from before your changes) to ensure that nothing clears idmap_key_cons while we're in idmap_pipe_downcall. -- Trond Myklebust Linux NFS client maintainer NetApp Trond.Myklebust@xxxxxxxxxx www.netapp.com ��.n��������+%������w��{.n�����{��w���jg��������ݢj����G�������j:+v���w�m������w�������h�����٥