From: Jeff Layton Date: Wed, 30 Jul 2014 01:34:42 +0000 (-0400) Subject: nfsd: don't thrash the cl_lock while freeing an open stateid X-Git-Tag: firefly_0821_release~176^2~3426^2~42 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=d83017f94c290c56010e194cdbc45e59894ccae2;p=firefly-linux-kernel-4.4.55.git nfsd: don't thrash the cl_lock while freeing an open stateid When we remove the client_mutex, we'll have a potential race between FREE_STATEID and CLOSE. The root of the problem is that we are walking the st_locks list, dropping the spinlock and then trying to release the persistent reference to the lockstateid. In between, a FREE_STATEID call can come along and take the lock, find the stateid and then try to put the reference. That leads to a double put. Fix this by not releasing the cl_lock in order to release each lock stateid. Use put_generic_stateid_locked to unhash them and gather them onto a list, and free_ol_stateid_reaplist to free any that end up on the list. Signed-off-by: Jeff Layton Signed-off-by: J. Bruce Fields --- diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c index 879342bc16b2..1f67a96c4941 100644 --- a/fs/nfsd/nfs4state.c +++ b/fs/nfsd/nfs4state.c @@ -1077,27 +1077,26 @@ static void release_lockowner(struct nfs4_lockowner *lo) nfs4_put_stateowner(&lo->lo_owner); } -static void release_open_stateid_locks(struct nfs4_ol_stateid *open_stp) - __releases(&open_stp->st_stateowner->so_client->cl_lock) - __acquires(&open_stp->st_stateowner->so_client->cl_lock) +static void release_open_stateid_locks(struct nfs4_ol_stateid *open_stp, + struct list_head *reaplist) { struct nfs4_ol_stateid *stp; while (!list_empty(&open_stp->st_locks)) { stp = list_entry(open_stp->st_locks.next, struct nfs4_ol_stateid, st_locks); - spin_unlock(&open_stp->st_stateowner->so_client->cl_lock); - release_lock_stateid(stp); - spin_lock(&open_stp->st_stateowner->so_client->cl_lock); + unhash_lock_stateid(stp); + put_ol_stateid_locked(stp, reaplist); } } -static void unhash_open_stateid(struct nfs4_ol_stateid *stp) +static void unhash_open_stateid(struct nfs4_ol_stateid *stp, + struct list_head *reaplist) { lockdep_assert_held(&stp->st_stid.sc_client->cl_lock); unhash_generic_stateid(stp); - release_open_stateid_locks(stp); + release_open_stateid_locks(stp, reaplist); } static void release_open_stateid(struct nfs4_ol_stateid *stp) @@ -1105,7 +1104,7 @@ static void release_open_stateid(struct nfs4_ol_stateid *stp) LIST_HEAD(reaplist); spin_lock(&stp->st_stid.sc_client->cl_lock); - unhash_open_stateid(stp); + unhash_open_stateid(stp, &reaplist); put_ol_stateid_locked(stp, &reaplist); spin_unlock(&stp->st_stid.sc_client->cl_lock); free_ol_stateid_reaplist(&reaplist); @@ -1145,7 +1144,7 @@ static void release_openowner(struct nfs4_openowner *oo) while (!list_empty(&oo->oo_owner.so_stateids)) { stp = list_first_entry(&oo->oo_owner.so_stateids, struct nfs4_ol_stateid, st_perstateowner); - unhash_open_stateid(stp); + unhash_open_stateid(stp, &reaplist); put_ol_stateid_locked(stp, &reaplist); } spin_unlock(&clp->cl_lock); @@ -4701,16 +4700,21 @@ out: static void nfsd4_close_open_stateid(struct nfs4_ol_stateid *s) { struct nfs4_client *clp = s->st_stid.sc_client; + LIST_HEAD(reaplist); s->st_stid.sc_type = NFS4_CLOSED_STID; spin_lock(&clp->cl_lock); - unhash_open_stateid(s); - spin_unlock(&clp->cl_lock); + unhash_open_stateid(s, &reaplist); - if (clp->cl_minorversion) - nfs4_put_stid(&s->st_stid); - else + if (clp->cl_minorversion) { + put_ol_stateid_locked(s, &reaplist); + spin_unlock(&clp->cl_lock); + free_ol_stateid_reaplist(&reaplist); + } else { + spin_unlock(&clp->cl_lock); + free_ol_stateid_reaplist(&reaplist); move_to_close_lru(s, clp->net); + } } /*