1. 10 12月, 2014 1 次提交
    • R
      fs: nfsd: Fix signedness bug in compare_blob · ef17af2a
      Rasmus Villemoes 提交于
      Bugs similar to the one in acbbe6fb (kcmp: fix standard comparison
      bug) are in rich supply.
      
      In this variant, the problem is that struct xdr_netobj::len has type
      unsigned int, so the expression o1->len - o2->len _also_ has type
      unsigned int; it has completely well-defined semantics, and the result
      is some non-negative integer, which is always representable in a long
      long. But this means that if the conditional triggers, we are
      guaranteed to return a positive value from compare_blob.
      
      In this case it could be fixed by
      
      -       res = o1->len - o2->len;
      +       res = (long long)o1->len - (long long)o2->len;
      
      but I'd rather eliminate the usually broken 'return a - b;' idiom.
      Reviewed-by: NJeff Layton <jlayton@primarydata.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NRasmus Villemoes <linux@rasmusvillemoes.dk>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      ef17af2a
  2. 08 11月, 2014 1 次提交
    • J
      nfsd: convert nfs4_file searches to use RCU · 5b095e99
      Jeff Layton 提交于
      The global state_lock protects the file_hashtbl, and that has the
      potential to be a scalability bottleneck.
      
      Address this by making the file_hashtbl use RCU. Add a rcu_head to the
      nfs4_file and use that when freeing ones that have been hashed. In order
      to conserve space, we union the fi_rcu field with the fi_delegations
      list_head which must be clear by the time the last reference to the file
      is dropped.
      
      Convert find_file_locked to use RCU lookup primitives and not to require
      that the state_lock be held, and convert find_file to do a lockless
      lookup. Convert find_or_add_file to attempt a lockless lookup first, and
      then fall back to doing a locked search and insert if that fails to find
      anything.
      
      Also, minimize the number of times we need to calculate the hash value
      by passing it in as an argument to the search and insert functions, and
      optimize the order of arguments in nfsd4_init_file.
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NJeff Layton <jlayton@primarydata.com>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      5b095e99
  3. 24 10月, 2014 1 次提交
    • C
      NFSD: Always initialize cl_cb_addr · b0d2e42c
      Chuck Lever 提交于
      A client may not want to use the back channel on a transport it sent
      CREATE_SESSION on, in which case it clears SESSION4_BACK_CHAN.
      
      However, cl_cb_addr should be populated anyway, to be used if the
      client binds other connections to this session. If cl_cb_addr is
      not initialized, rpc_create() fails when the server attempts to
      set up a back channel on such secondary transports.
      Signed-off-by: NChuck Lever <chuck.lever@oracle.com>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      b0d2e42c
  4. 08 10月, 2014 7 次提交
    • J
      locks: give lm_break a return value · 4d01b7f5
      Jeff Layton 提交于
      Christoph suggests:
      
         "Add a return value to lm_break so that the lock manager can tell the
          core code "you can delete this lease right now".  That gets rid of
          the games with the timeout which require all kinds of race avoidance
          code in the users."
      
      Do that here and have the nfsd lease break routine use it when it detects
      that there was a race between setting up the lease and it being broken.
      Signed-off-by: NJeff Layton <jlayton@primarydata.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      4d01b7f5
    • J
      locks: move freeing of leases outside of i_lock · c45198ed
      Jeff Layton 提交于
      There was only one place where we still could free a file_lock while
      holding the i_lock -- lease_modify. Add a new list_head argument to the
      lm_change operation, pass in a private list when calling it, and fix
      those callers to dispose of the list once the lock has been dropped.
      Signed-off-by: NJeff Layton <jlayton@primarydata.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      c45198ed
    • J
      locks: define a lm_setup handler for leases · 1c7dd2ff
      Jeff Layton 提交于
      ...and move the fasync setup into it for fcntl lease calls. At the same
      time, change the semantics of how the file_lock double-pointer is
      handled. Up until now, on a successful lease return you got a pointer to
      the lock on the list. This is bad, since that pointer can no longer be
      relied on as valid once the inode->i_lock has been released.
      
      Change the code to instead just zero out the pointer if the lease we
      passed in ended up being used. Then the callers can just check to see
      if it's NULL after the call and free it if it isn't.
      
      The priv argument has the same semantics. The lm_setup function can
      zero the pointer out to signal to the caller that it should not be
      freed after the function returns.
      Signed-off-by: NJeff Layton <jlayton@primarydata.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      1c7dd2ff
    • J
      locks: plumb a "priv" pointer into the setlease routines · e6f5c789
      Jeff Layton 提交于
      In later patches, we're going to add a new lock_manager_operation to
      finish setting up the lease while still holding the i_lock.  To do
      this, we'll need to pass a little bit of info in the fcntl setlease
      case (primarily an fasync structure). Plumb the extra pointer into
      there in advance of that.
      
      We declare this pointer as a void ** to make it clear that this is
      private info, and that the caller isn't required to set this unless
      the lm_setup specifically requires it.
      Signed-off-by: NJeff Layton <jlayton@primarydata.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      e6f5c789
    • J
      nfsd: don't keep a pointer to the lease in nfs4_file · 0c637be8
      Jeff Layton 提交于
      Now that we don't need to pass in an actual lease pointer to
      vfs_setlease on unlock, we can stop tracking a pointer to the lease in
      the nfs4_file.
      
      Switch all of the places that check the fi_lease to check fi_deleg_file
      instead. We always set that at the same time so it will have the same
      semantics.
      
      Cc: J. Bruce Fields <bfields@fieldses.org>
      Signed-off-by: NJeff Layton <jlayton@primarydata.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      0c637be8
    • J
      locks: generic_delete_lease doesn't need a file_lock at all · 0efaa7e8
      Jeff Layton 提交于
      Ensure that it's OK to pass in a NULL file_lock double pointer on
      a F_UNLCK request and convert the vfs_setlease F_UNLCK callers to
      do just that.
      
      Finally, turn the BUG_ON in generic_setlease into a WARN_ON_ONCE
      with an error return. That's a problem we can handle without
      crashing the box if it occurs.
      Signed-off-by: NJeff Layton <jlayton@primarydata.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      0efaa7e8
    • J
      nfsd: fix potential lease memory leak in nfs4_setlease · 415b96c5
      Jeff Layton 提交于
      It's unlikely to ever occur, but if there were already a lease set on
      the file then we could end up getting back a different pointer on a
      successful setlease attempt than the one we allocated. If that happens,
      the one we allocated could leak.
      
      In practice, I don't think this will happen due to the fact that we only
      try to set up the lease once per nfs4_file, but this error handling is a
      bit more correct given the current lease API.
      
      Cc: J. Bruce Fields <bfields@fieldses.org>
      Signed-off-by: NJeff Layton <jlayton@primarydata.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      415b96c5
  5. 02 10月, 2014 1 次提交
  6. 27 9月, 2014 3 次提交
  7. 18 9月, 2014 6 次提交
    • J
      nfsd4: clarify how grace period ends · 70b28235
      J. Bruce Fields 提交于
      The grace period is ended in two steps--first userland is notified that
      the grace period is now long enough that any clients who have not yet
      reclaimed can be safely forgotten, then we flip the switch that forbids
      reclaims and allows new opens.  I had to think a bit to convince myself
      that the ordering was right here.  Document it.
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      70b28235
    • J
      nfsd4: stop grace_time update at end of grace period · bea57fe4
      J. Bruce Fields 提交于
      The attempt to automatically set a new grace period time at the end of
      the grace period isn't really helpful.  We'll probably shut down and
      reboot before we actually make use of the new grace period time anyway.
      So may as well leave it up to the init system to get this right.
      
      This just confuses people when they see /proc/fs/nfsd/nfsv4gracetime
      change from what they set it to.
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      bea57fe4
    • J
      nfsd: pass extra info in env vars to upcalls to allow for early grace period end · d4318acd
      Jeff Layton 提交于
      In order to support lifting the grace period early, we must tell
      nfsdcltrack what sort of client the "create" upcall is for. We can't
      reliably tell if a v4.0 client has completed reclaiming, so we can only
      lift the grace period once all the v4.1+ clients have issued a
      RECLAIM_COMPLETE and if there are no v4.0 clients.
      
      Also, in order to lift the grace period, we have to tell userland when
      the grace period started so that it can tell whether a RECLAIM_COMPLETE
      has been issued for each client since then.
      
      Since this is all optional info, we pass it along in environment
      variables to the "init" and "create" upcalls. By doing this, we don't
      need to revise the upcall format. The UMH upcall can simply make use of
      this info if it happens to be present. If it's not then it can just
      avoid lifting the grace period early.
      Signed-off-by: NJeff Layton <jlayton@primarydata.com>
      d4318acd
    • J
      nfsd: add a v4_end_grace file to /proc/fs/nfsd · 7f5ef2e9
      Jeff Layton 提交于
      Allow a privileged userland process to end the v4 grace period early.
      Writing "Y", "y", or "1" to the file will cause the v4 grace period to
      be lifted.  The basic idea with this will be to allow the userland
      client tracking program to lift the grace period once it knows that no
      more clients will be reclaiming state.
      Signed-off-by: NJeff Layton <jlayton@primarydata.com>
      7f5ef2e9
    • J
      nfsd: reject reclaim request when client has already sent RECLAIM_COMPLETE · 3b3e7b72
      Jeff Layton 提交于
      As stated in RFC 5661, section 18.51.3:
      
          Once a RECLAIM_COMPLETE is done, there can be no further reclaim
          operations for locks whose scope is defined as having completed
          recovery.  Once the client sends RECLAIM_COMPLETE, the server will
          not allow the client to do subsequent reclaims of locking state for
          that scope and, if these are attempted, will return
          NFS4ERR_NO_GRACE.
      
      Ensure that we enforce that requirement.
      Signed-off-by: NJeff Layton <jlayton@primarydata.com>
      3b3e7b72
    • J
      nfsd: remove redundant boot_time parm from grace_done client tracking op · 919b8049
      Jeff Layton 提交于
      Since it's stored in nfsd_net, we don't need to pass it in separately.
      Signed-off-by: NJeff Layton <jlayton@primarydata.com>
      919b8049
  8. 10 9月, 2014 2 次提交
  9. 29 8月, 2014 1 次提交
  10. 18 8月, 2014 2 次提交
    • J
      nfsd: call nfs4_put_deleg_lease outside of state_lock · afbda402
      Jeff Layton 提交于
      Currently, we hold the state_lock when releasing the lease. That's
      potentially problematic in the future if we allow for setlease methods
      that can sleep. Move the nfs4_put_deleg_lease call out of the delegation
      unhashing routine (which was always a bit goofy anyway), and into the
      unlocked sections of the callers of unhash_delegation_locked.
      Signed-off-by: NJeff Layton <jlayton@primarydata.com>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      afbda402
    • J
      nfsd: protect lease-related nfs4_file fields with fi_lock · 6bcc034e
      Jeff Layton 提交于
      Currently these fields are protected with the state_lock, but that
      doesn't really make a lot of sense. These fields are "private" to the
      nfs4_file, and can be protected with the more granular fi_lock.
      
      The fi_lock is already held when setting these fields. Make the code
      hold the fp->fi_lock when clearing the lease-related fields in the
      nfs4_file, and no longer require that the state_lock be held when
      calling into this function.
      
      To prevent lock inversion with the i_lock, we also move the vfs_setlease
      and fput calls outside of the fi_lock. This also sets us up for allowing
      vfs_setlease calls to block in the future.
      
      Finally, remove a redundant NULL pointer check. unhash_delegation_locked
      locks the fp->fi_lock prior to that check, so fp in that function must
      never be NULL.
      Signed-off-by: NJeff Layton <jlayton@primarydata.com>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      6bcc034e
  11. 06 8月, 2014 1 次提交
  12. 05 8月, 2014 14 次提交