On Sun, 2022-12-11 at 11:22 -0800, Dai Ngo wrote:
> Problem caused by source's vfsmount being unmounted but remains
> on the delayed unmount list. This happens when nfs42_ssc_open()
> return errors.
> Fixed by removing nfsd4_interssc_connect(), leave the vfsmount
> for the laundromat to unmount when idle time expires.
>
> Reported-by: Xingyuan Mo <hdthky0@xxxxxxxxx>
> Signed-off-by: Dai Ngo <dai.ngo@xxxxxxxxxx>
> ---
> fs/nfsd/nfs4proc.c | 23 +++++++----------------
> 1 file changed, 7 insertions(+), 16 deletions(-)
>
> diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
> index 8beb2bc4c328..756e42cf0d01 100644
> --- a/fs/nfsd/nfs4proc.c
> +++ b/fs/nfsd/nfs4proc.c
> @@ -1463,13 +1463,6 @@ nfsd4_interssc_connect(struct nl4_server *nss, struct svc_rqst *rqstp,
> return status;
> }
>
> -static void
> -nfsd4_interssc_disconnect(struct vfsmount *ss_mnt)
> -{
> - nfs_do_sb_deactive(ss_mnt->mnt_sb);
> - mntput(ss_mnt);
> -}
> -
> /*
> * Verify COPY destination stateid.
> *
> @@ -1572,11 +1565,6 @@ nfsd4_cleanup_inter_ssc(struct vfsmount *ss_mnt, struct file *filp,
> {
> }
>
> -static void
> -nfsd4_interssc_disconnect(struct vfsmount *ss_mnt)
> -{
> -}
> -
> static struct file *nfs42_ssc_open(struct vfsmount *ss_mnt,
> struct nfs_fh *src_fh,
> nfs4_stateid *stateid)
> @@ -1762,7 +1750,8 @@ static int nfsd4_do_async_copy(void *data)
> struct file *filp;
>
> filp = nfs42_ssc_open(copy->ss_mnt, ©->c_fh,
> - ©->stateid);
> + ©->stateid);
> +
> if (IS_ERR(filp)) {
> switch (PTR_ERR(filp)) {
> case -EBADF:
> @@ -1771,7 +1760,7 @@ static int nfsd4_do_async_copy(void *data)
> default:
> nfserr = nfserr_offload_denied;
> }
> - nfsd4_interssc_disconnect(copy->ss_mnt);
> + /* ss_mnt will be unmounted by the laundromat */
> goto do_callback;
> }
> nfserr = nfsd4_do_copy(copy, filp, copy->nf_dst->nf_file,
> @@ -1852,8 +1841,10 @@ nfsd4_copy(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
> if (async_copy)
> cleanup_async_copy(async_copy);
> status = nfserrno(-ENOMEM);
> - if (nfsd4_ssc_is_inter(copy))
> - nfsd4_interssc_disconnect(copy->ss_mnt);
> + /*
> + * source's vfsmount of inter-copy will be unmounted
> + * by the laundromat
> + */
> goto out;
> }
>
This looks reasonable at first glance, but I have some concerns with the
refcounting around ss_mnt elsewhere in this code. nfsd4_ssc_setup_dul
looks for an existing connection and bumps the ni->nsui_refcnt if it
finds one.
But then later, nfsd4_cleanup_inter_ssc has a couple of cases where it
just does a bare mntput:
if (!nn) {
mntput(ss_mnt);
return;
}
...
if (!found) {
mntput(ss_mnt);
return;
}
The first one looks bogus. Can net_generic return NULL? If so how, and
why is it not a problem elsewhere in the kernel?
For the second case, if the ni is no longer on the list, where did the
extra ss_mnt reference come from? Maybe that should be a WARN_ON or
BUG_ON?
--
Jeff Layton <jlayton@xxxxxxxxxx>
