> On Sep 30, 2022, at 4:58 PM, Jeff Layton <jlayton@xxxxxxxxxx> wrote:
>
> On Fri, 2022-09-30 at 15:15 -0400, Jeff Layton wrote:
>> Once we call nfsd_file_put, there is no guarantee that "nf" can still be
>> safely accessed. That may have been the last reference.
>>
>> Change the code to instead check for whether nf_ref is 2 and then unhash
>> it and put the reference if we're successful.
>>
>> We might occasionally race with another lookup and end up unhashing it
>> when it probably shouldn't have been, but that should hopefully be rare
>> and will just result in the competing lookup having to create a new
>> nfsd_file.
>>
>> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
>> ---
>> fs/nfsd/filecache.c | 12 +++++++-----
>> 1 file changed, 7 insertions(+), 5 deletions(-)
>>
>> diff --git a/fs/nfsd/filecache.c b/fs/nfsd/filecache.c
>> index 6237715bd23e..58f4d9267f4a 100644
>> --- a/fs/nfsd/filecache.c
>> +++ b/fs/nfsd/filecache.c
>> @@ -461,12 +461,14 @@ nfsd_file_put(struct nfsd_file *nf)
>> */
>> void nfsd_file_close(struct nfsd_file *nf)
>> {
>> - nfsd_file_put(nf);
>> - if (refcount_dec_if_one(&nf->nf_ref)) {
>> - nfsd_file_unhash(nf);
>> - nfsd_file_lru_remove(nf);
>> - nfsd_file_free(nf);
>> + /* One for the reference being put, and one for the hash */
>> + if (refcount_read(&nf->nf_ref) == 2) {
>> + if (nfsd_file_unhash(nf))
>> + nfsd_file_put_noref(nf);
>> }
>> + /* put the ref for the stateid */
>> + nfsd_file_put(nf);
>> +
>
> Chuck if you're ok with this one, can you fix the stray newline above?
Sure.
>> }
>>
>> struct nfsd_file *
>
>
> Thanks,
> --
> Jeff Layton <jlayton@xxxxxxxxxx>
--
Chuck Lever
