1. 15 5月, 2010 5 次提交
  2. 02 5月, 2010 2 次提交
    • D
      NFS: Fix RCU issues in the NFSv4 delegation code · 17d2c0a0
      David Howells 提交于
      Fix a number of RCU issues in the NFSv4 delegation code.
      
       (1) delegation->cred doesn't need to be RCU protected as it's essentially an
           invariant refcounted structure.
      
           By the time we get to nfs_free_delegation(), the delegation is being
           released, so no one else should be attempting to use the saved
           credentials, and they can be cleared.
      
           However, since the list of delegations could still be under traversal at
           this point by such as nfs_client_return_marked_delegations(), the cred
           should be released in nfs_do_free_delegation() rather than in
           nfs_free_delegation().  Simply using rcu_assign_pointer() to clear it is
           insufficient as that doesn't stop the cred from being destroyed, and nor
           does calling put_rpccred() after call_rcu(), given that the latter is
           asynchronous.
      
       (2) nfs_detach_delegation_locked() and nfs_inode_set_delegation() should use
           rcu_derefence_protected() because they can only be called if
           nfs_client::cl_lock is held, and that guards against anyone changing
           nfsi->delegation under it.  Furthermore, the barrier imposed by
           rcu_dereference() is superfluous, given that the spin_lock() is also a
           barrier.
      
       (3) nfs_detach_delegation_locked() is now passed a pointer to the nfs_client
           struct so that it can issue lockdep advice based on clp->cl_lock for (2).
      
       (4) nfs_inode_return_delegation_noreclaim() and nfs_inode_return_delegation()
           should use rcu_access_pointer() outside the spinlocked region as they
           merely examine the pointer and don't follow it, thus rendering unnecessary
           the need to impose a partial ordering over the one item of interest.
      
           These result in an RCU warning like the following:
      
      [ INFO: suspicious rcu_dereference_check() usage. ]
      ---------------------------------------------------
      fs/nfs/delegation.c:332 invoked rcu_dereference_check() without protection!
      
      other info that might help us debug this:
      
      rcu_scheduler_active = 1, debug_locks = 0
      2 locks held by mount.nfs4/2281:
       #0:  (&type->s_umount_key#34){+.+...}, at: [<ffffffff810b25b4>] deactivate_super+0x60/0x80
       #1:  (iprune_sem){+.+...}, at: [<ffffffff810c332a>] invalidate_inodes+0x39/0x13a
      
      stack backtrace:
      Pid: 2281, comm: mount.nfs4 Not tainted 2.6.34-rc1-cachefs #110
      Call Trace:
       [<ffffffff8105149f>] lockdep_rcu_dereference+0xaa/0xb2
       [<ffffffffa00b4591>] nfs_inode_return_delegation_noreclaim+0x5b/0xa0 [nfs]
       [<ffffffffa0095d63>] nfs4_clear_inode+0x11/0x1e [nfs]
       [<ffffffff810c2d92>] clear_inode+0x9e/0xf8
       [<ffffffff810c3028>] dispose_list+0x67/0x10e
       [<ffffffff810c340d>] invalidate_inodes+0x11c/0x13a
       [<ffffffff810b1dc1>] generic_shutdown_super+0x42/0xf4
       [<ffffffff810b1ebe>] kill_anon_super+0x11/0x4f
       [<ffffffffa009893c>] nfs4_kill_super+0x3f/0x72 [nfs]
       [<ffffffff810b25bc>] deactivate_super+0x68/0x80
       [<ffffffff810c6744>] mntput_no_expire+0xbb/0xf8
       [<ffffffff810c681b>] release_mounts+0x9a/0xb0
       [<ffffffff810c689b>] put_mnt_ns+0x6a/0x79
       [<ffffffffa00983a1>] nfs_follow_remote_path+0x5a/0x146 [nfs]
       [<ffffffffa0098334>] ? nfs_do_root_mount+0x82/0x95 [nfs]
       [<ffffffffa00985a9>] nfs4_try_mount+0x75/0xaf [nfs]
       [<ffffffffa0098874>] nfs4_get_sb+0x291/0x31a [nfs]
       [<ffffffff810b2059>] vfs_kern_mount+0xb8/0x177
       [<ffffffff810b2176>] do_kern_mount+0x48/0xe8
       [<ffffffff810c810b>] do_mount+0x782/0x7f9
       [<ffffffff810c8205>] sys_mount+0x83/0xbe
       [<ffffffff81001eeb>] system_call_fastpath+0x16/0x1b
      
      Also on:
      
      fs/nfs/delegation.c:215 invoked rcu_dereference_check() without protection!
       [<ffffffff8105149f>] lockdep_rcu_dereference+0xaa/0xb2
       [<ffffffffa00b4223>] nfs_inode_set_delegation+0xfe/0x219 [nfs]
       [<ffffffffa00a9c6f>] nfs4_opendata_to_nfs4_state+0x2c2/0x30d [nfs]
       [<ffffffffa00aa15d>] nfs4_do_open+0x2a6/0x3a6 [nfs]
       ...
      
      And:
      
      fs/nfs/delegation.c:40 invoked rcu_dereference_check() without protection!
       [<ffffffff8105149f>] lockdep_rcu_dereference+0xaa/0xb2
       [<ffffffffa00b3bef>] nfs_free_delegation+0x3d/0x6e [nfs]
       [<ffffffffa00b3e71>] nfs_do_return_delegation+0x26/0x30 [nfs]
       [<ffffffffa00b406a>] __nfs_inode_return_delegation+0x1ef/0x1fe [nfs]
       [<ffffffffa00b448a>] nfs_client_return_marked_delegations+0xc9/0x124 [nfs]
       ...
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Signed-off-by: NPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      17d2c0a0
    • T
      NFSv4: Fix the locking in nfs_inode_reclaim_delegation() · 8f649c37
      Trond Myklebust 提交于
      Ensure that we correctly rcu-dereference the delegation itself, and that we
      protect against removal while we're changing the contents.
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Signed-off-by: NPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      8f649c37
  3. 29 4月, 2010 3 次提交
    • A
      nfs d_revalidate() is too trigger-happy with d_drop() · d9e80b7d
      Al Viro 提交于
      If dentry found stale happens to be a root of disconnected tree, we
      can't d_drop() it; its d_hash is actually part of s_anon and d_drop()
      would simply hide it from shrink_dcache_for_umount(), leading to
      all sorts of fun, including busy inodes on umount and oopsen after
      that.
      
      Bug had been there since at least 2006 (commit c636eb already has it),
      so it's definitely -stable fodder.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      Cc: stable@kernel.org
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      d9e80b7d
    • X
      nfs: fix memory leak in nfs_get_sb with CONFIG_NFS_V4 · 9699eda6
      Xiaotian Feng 提交于
      With CONFIG_NFS_V4 and data version 4, nfs_get_sb will allocate memory for
      export_path in nfs4_validate_text_mount_data, so we need to free it then.
      This is addressed in following kmemleak report:
      
      unreferenced object 0xffff88016bf48a50 (size 16):
        comm "mount.nfs", pid 22567, jiffies 4651574704 (age 175471.200s)
        hex dump (first 16 bytes):
          2f 6f 70 74 2f 77 6f 72 6b 00 6b 6b 6b 6b 6b a5  /opt/work.kkkkk.
        backtrace:
          [<ffffffff814b34f9>] kmemleak_alloc+0x60/0xa7
          [<ffffffff81102c76>] kmemleak_alloc_recursive.clone.5+0x1b/0x1d
          [<ffffffff811046b3>] __kmalloc_track_caller+0x18f/0x1b7
          [<ffffffff810e1b08>] kstrndup+0x37/0x54
          [<ffffffffa0336971>] nfs_parse_devname+0x152/0x204 [nfs]
          [<ffffffffa0336af3>] nfs4_validate_text_mount_data+0xd0/0xdc [nfs]
          [<ffffffffa0338deb>] nfs_get_sb+0x325/0x736 [nfs]
          [<ffffffff81113671>] vfs_kern_mount+0xbd/0x17c
          [<ffffffff81113798>] do_kern_mount+0x4d/0xed
          [<ffffffff81129a87>] do_mount+0x787/0x7fe
          [<ffffffff81129b86>] sys_mount+0x88/0xc2
          [<ffffffff81009b42>] system_call_fastpath+0x16/0x1b
      Signed-off-by: NXiaotian Feng <dfeng@redhat.com>
      Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
      Cc: Chuck Lever <chuck.lever@oracle.com>
      Cc: Benny Halevy <bhalevy@panasas.com>
      Cc: Al Viro <viro@ZenIV.linux.org.uk>
      Cc: Andy Adamson <andros@netapp.com>
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      9699eda6
    • D
      nfs: fix some issues in nfs41_proc_reclaim_complete() · acf82b85
      Dan Carpenter 提交于
      The original code passed an ERR_PTR() to rpc_put_task() and instead of
      returning zero on success it returned -ENOMEM.
      Signed-off-by: NDan Carpenter <error27@gmail.com>
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      acf82b85
  4. 28 4月, 2010 1 次提交
  5. 23 4月, 2010 4 次提交
  6. 12 4月, 2010 1 次提交
    • T
      NFSv4: fix delegated locking · 0df5dd4a
      Trond Myklebust 提交于
      Arnaud Giersch reports that NFSv4 locking is broken when we hold a
      delegation since commit 8e469ebd (NFSv4:
      Don't allow posix locking against servers that don't support it).
      
      According to Arnaud, the lock succeeds the first time he opens the file
      (since we cannot do a delegated open) but then fails after we start using
      delegated opens.
      
      The following patch fixes it by ensuring that locking behaviour is
      governed by a per-filesystem capability flag that is initially set, but
      gets cleared if the server ever returns an OPEN without the
      NFS4_OPEN_RESULT_LOCKTYPE_POSIX flag being set.
      Reported-by: NArnaud Giersch <arnaud.giersch@iut-bm.univ-fcomte.fr>
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      Cc: stable@kernel.org
      0df5dd4a
  7. 10 4月, 2010 5 次提交
  8. 08 4月, 2010 1 次提交
  9. 30 3月, 2010 1 次提交
    • T
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking... · 5a0e3ad6
      Tejun Heo 提交于
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
      
      percpu.h is included by sched.h and module.h and thus ends up being
      included when building most .c files.  percpu.h includes slab.h which
      in turn includes gfp.h making everything defined by the two files
      universally available and complicating inclusion dependencies.
      
      percpu.h -> slab.h dependency is about to be removed.  Prepare for
      this change by updating users of gfp and slab facilities include those
      headers directly instead of assuming availability.  As this conversion
      needs to touch large number of source files, the following script is
      used as the basis of conversion.
      
        http://userweb.kernel.org/~tj/misc/slabh-sweep.py
      
      The script does the followings.
      
      * Scan files for gfp and slab usages and update includes such that
        only the necessary includes are there.  ie. if only gfp is used,
        gfp.h, if slab is used, slab.h.
      
      * When the script inserts a new include, it looks at the include
        blocks and try to put the new include such that its order conforms
        to its surrounding.  It's put in the include block which contains
        core kernel includes, in the same order that the rest are ordered -
        alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
        doesn't seem to be any matching order.
      
      * If the script can't find a place to put a new include (mostly
        because the file doesn't have fitting include block), it prints out
        an error message indicating which .h file needs to be added to the
        file.
      
      The conversion was done in the following steps.
      
      1. The initial automatic conversion of all .c files updated slightly
         over 4000 files, deleting around 700 includes and adding ~480 gfp.h
         and ~3000 slab.h inclusions.  The script emitted errors for ~400
         files.
      
      2. Each error was manually checked.  Some didn't need the inclusion,
         some needed manual addition while adding it to implementation .h or
         embedding .c file was more appropriate for others.  This step added
         inclusions to around 150 files.
      
      3. The script was run again and the output was compared to the edits
         from #2 to make sure no file was left behind.
      
      4. Several build tests were done and a couple of problems were fixed.
         e.g. lib/decompress_*.c used malloc/free() wrappers around slab
         APIs requiring slab.h to be added manually.
      
      5. The script was run on all .h files but without automatically
         editing them as sprinkling gfp.h and slab.h inclusions around .h
         files could easily lead to inclusion dependency hell.  Most gfp.h
         inclusion directives were ignored as stuff from gfp.h was usually
         wildly available and often used in preprocessor macros.  Each
         slab.h inclusion directive was examined and added manually as
         necessary.
      
      6. percpu.h was updated not to include slab.h.
      
      7. Build test were done on the following configurations and failures
         were fixed.  CONFIG_GCOV_KERNEL was turned off for all tests (as my
         distributed build env didn't work with gcov compiles) and a few
         more options had to be turned off depending on archs to make things
         build (like ipr on powerpc/64 which failed due to missing writeq).
      
         * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
         * powerpc and powerpc64 SMP allmodconfig
         * sparc and sparc64 SMP allmodconfig
         * ia64 SMP allmodconfig
         * s390 SMP allmodconfig
         * alpha SMP allmodconfig
         * um on x86_64 SMP allmodconfig
      
      8. percpu.h modifications were reverted so that it could be applied as
         a separate patch and serve as bisection point.
      
      Given the fact that I had only a couple of failures from tests on step
      6, I'm fairly confident about the coverage of this conversion patch.
      If there is a breakage, it's likely to be something in one of the arch
      headers which should be easily discoverable easily on most builds of
      the specific arch.
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Guess-its-ok-by: NChristoph Lameter <cl@linux-foundation.org>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
      5a0e3ad6
  10. 22 3月, 2010 1 次提交
    • J
      NFS: don't try to decode GETATTR if DELEGRETURN returned error · 556ae3bb
      Jeff Layton 提交于
      The reply parsing code attempts to decode the GETATTR response even if
      the DELEGRETURN portion of the compound returned an error. The GETATTR
      response won't actually exist if that's the case and we're asking the
      parser to read past the end of the response.
      
      This bug is fairly benign. The parser catches this without reading past
      the end of the response and decode_getfattr returns -EIO. Earlier
      kernels however had decode_op_hdr using the READ_BUF macro, and this
      bug would make this printk pop any time the client got an error from
      a delegreturn:
      
      kernel: decode_op_hdr: reply buffer overflowed in line XXXX
      
      More recent kernels seem to have replaced this printk with a dprintk.
      Signed-off-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      556ae3bb
  11. 20 3月, 2010 1 次提交
  12. 16 3月, 2010 1 次提交
  13. 11 3月, 2010 2 次提交
    • T
      NFS: Avoid a deadlock in nfs_release_page · bb6fbc45
      Trond Myklebust 提交于
      J.R. Okajima reports the following deadlock:
      
      INFO: task kswapd0:305 blocked for more than 120 seconds.
      "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
      kswapd0       D 0000000000000001     0   305      2 0x00000000
       ffff88001f21d4f0 0000000000000046 ffff88001fdea680 ffff88001f21c000
       ffff88001f21dfd8 ffff88001f21c000 ffff88001f21dfd8 ffff88001f21dfd8
       ffff88001fdea040 0000000000014c00 0000000000000001 ffff88001fdea040
      Call Trace:
       [<ffffffff8146155d>] io_schedule+0x4d/0x70
       [<ffffffff810d2be5>] sync_page+0x65/0xa0
       [<ffffffff81461b12>] __wait_on_bit_lock+0x52/0xb0
       [<ffffffff810d2b80>] ? sync_page+0x0/0xa0
       [<ffffffff810d2b64>] __lock_page+0x64/0x70
       [<ffffffff81070ce0>] ? wake_bit_function+0x0/0x40
       [<ffffffff810df1d4>] truncate_inode_pages_range+0x344/0x4a0
       [<ffffffff810df340>] truncate_inode_pages+0x10/0x20
       [<ffffffff8112cbfe>] generic_delete_inode+0x15e/0x190
       [<ffffffff8112cc8d>] generic_drop_inode+0x5d/0x80
       [<ffffffff8112bb88>] iput+0x78/0x80
       [<ffffffff811bc908>] nfs_dentry_iput+0x38/0x50
       [<ffffffff811285f4>] dentry_iput+0x84/0x110
       [<ffffffff811286ae>] d_kill+0x2e/0x60
       [<ffffffff8112912a>] dput+0x7a/0x170
       [<ffffffff8111e925>] path_put+0x15/0x40
       [<ffffffff811c3a44>] __put_nfs_open_context+0xa4/0xb0
       [<ffffffff811cb5d0>] ? nfs_free_request+0x0/0x50
       [<ffffffff811c3b0b>] put_nfs_open_context+0xb/0x10
       [<ffffffff811cb5f9>] nfs_free_request+0x29/0x50
       [<ffffffff81234b7e>] kref_put+0x8e/0xe0
       [<ffffffff811cb594>] nfs_release_request+0x14/0x20
       [<ffffffff811cf769>] nfs_find_and_lock_request+0x89/0xa0
       [<ffffffff811d1180>] nfs_wb_page+0x80/0x110
       [<ffffffff811c0770>] nfs_release_page+0x70/0x90
       [<ffffffff810d18ee>] try_to_release_page+0x5e/0x80
       [<ffffffff810e1178>] shrink_page_list+0x638/0x860
       [<ffffffff810e19de>] shrink_zone+0x63e/0xc40
      
      We can fix this by making the call to put_nfs_open_context() happen when we
      actually remove the write request from the inode (which is done by the
      nfsiod thread in this case).
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      Cc: stable@kernel.org
      bb6fbc45
    • T
      NFSv4: Don't ignore the NFS_INO_REVAL_FORCED flag in nfs_revalidate_inode() · b4d2314b
      Trond Myklebust 提交于
      If the NFS_INO_REVAL_FORCED flag is set, that means that we don't yet have
      an up to date attribute cache. Even if we hold a delegation, we must
      put a GETATTR on the wire.
      Signed-off-by: NTrond Myklebust <Trond.Myklebust@netapp.com>
      Cc: stable@kernel.org
      b4d2314b
  14. 09 3月, 2010 2 次提交
  15. 06 3月, 2010 10 次提交