[PATCH] nfs4: skip locks_lock_inode_wait() in nfs4_locku_done if FL_ACCESS is set

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In 2006 Trond Myklebust added support for the FL_ACCESS flag,
commit 01c3b861cd77 ("NLM,NFSv4: Wait on local locks before we put RPC
calls on the wire"), as a result of which _nfs4_proc_setlk() began
to execute _nfs4_do_setlk() with modified request->fl_flag where
FL_ACCESS flag was set.

It was not important not till 2015, when commit c69899a17ca4 ("NFSv4:
Update of VFS byte range lock must be atomic with the stateid update")
added do_vfs_lock call into nfs4_locku_done().
nfs4_locku_done() in this case uses calldata->fl of nfs4_unlockdata.
It is copied from struct nfs4_lockdata, which in turn uses the fl_flag
copied from the request->fl_flag provided by _nfs4_do_setlk(), i.e. with
FL_ACCESS flag set.

FL_ACCESS flag is removed in nfs4_lock_done() for non-cancelled case.
however rpc task can be cancelled earlier.

As a result flock_lock_inode() can be called with request->fl_type F_UNLCK
and fl_flags with FL_ACCESS flag set.
Such request is processed incorectly. Instead of expected search and
removal of exisiting flocks it jumps to "find_conflict" label and can call
locks_insert_block() function.

On kernels before 2018, (i.e. before commit 7b587e1a5a6c
("NFS: use locks_copy_lock() to copy locks.")) it caused a BUG in
__locks_insert_block() because copied fl had incorrectly linked fl_block.

On new kernels all lists are properly initialized and no BUG occur,
however any any case, such a call does nothing useful.

If I understand correctly locks_lock_inode_wait(F_UNLCK) call is required
to revert locks_lock_inode_wait(F_LCK) request send from nfs4_lock_done().
An additional F_UNLCK request is dangerous, because of it can remove flock
set not by canceled task but by some other concurrent process.

So I think we need to add FL_ACCESS check in nfs4_locku_done
and skip locks_lock_inode_wait() executing if this flag is set.

Fixes: c69899a17ca4 ("NFSv4: Update of VFS byte range lock must be atomic with the stateid update")
Signed-off-by: Vasily Averin <vvs@xxxxxxxxxxxxx>
---
 fs/nfs/nfs4proc.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index ee3bc79f6ca3..4417dde69202 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -6728,7 +6728,9 @@ static void nfs4_locku_done(struct rpc_task *task, void *data)
 	switch (task->tk_status) {
 		case 0:
 			renew_lease(calldata->server, calldata->timestamp);
-			locks_lock_inode_wait(calldata->lsp->ls_state->inode, &calldata->fl);
+			if (!(calldata->fl.fl_flags & FL_ACCESS))
+				locks_lock_inode_wait(calldata->lsp->ls_state->inode,
+						      &calldata->fl);
 			if (nfs4_update_lock_stateid(calldata->lsp,
 					&calldata->res.stateid))
 				break;
-- 
2.25.1




[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux