> On Nov 23, 2021, at 10:20 AM, Vasily Averin <vvs@xxxxxxxxxxxxx> wrote:
>
> On 23.11.2021 15:22, Jeff Layton wrote:
>> Vasily reported a case where vfs_lock_file took a very long time to
>> return (longer than a lease period). The laundromat eventually ran and
>> reaped the thing and when the vfs_lock_file returned, it ended up
>> accessing freed memory.
>>
>> Don't put entries onto the LRU until vfs_lock_file returns.
>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: 7919d0a27f1e "nfsd: add a LRU list for blocked locks"
>
>> Reported-by: Vasily Averin <vvs@xxxxxxxxxxxxx>
>> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
> Tested-by: Vasily Averin <vvs@xxxxxxxxxxxxx>
I assume Bruce is grabbing this for v5.16-rc.
>> ---
>> fs/nfsd/nfs4state.c | 6 ++++--
>> 1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
>> index bfad94c70b84..8cfef84b9355 100644
>> --- a/fs/nfsd/nfs4state.c
>> +++ b/fs/nfsd/nfs4state.c
>> @@ -6966,10 +6966,8 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
>> }
>>
>> if (fl_flags & FL_SLEEP) {
>> - nbl->nbl_time = ktime_get_boottime_seconds();
>> spin_lock(&nn->blocked_locks_lock);
>> list_add_tail(&nbl->nbl_list, &lock_sop->lo_blocked);
>> - list_add_tail(&nbl->nbl_lru, &nn->blocked_locks_lru);
>> spin_unlock(&nn->blocked_locks_lock);
>> }
>>
>> @@ -6982,6 +6980,10 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
>> nn->somebody_reclaimed = true;
>> break;
>> case FILE_LOCK_DEFERRED:
>> + nbl->nbl_time = ktime_get_boottime_seconds();
>> + spin_lock(&nn->blocked_locks_lock);
>> + list_add_tail(&nbl->nbl_lru, &nn->blocked_locks_lru);
>> + spin_unlock(&nn->blocked_locks_lock);
>> nbl = NULL;
>> fallthrough;
>> case -EAGAIN: /* conflock holds conflicting lock */
>>
>
--
Chuck Lever
