1. 01 8月, 2014 11 次提交
  2. 30 7月, 2014 9 次提交
  3. 24 7月, 2014 5 次提交
  4. 23 7月, 2014 1 次提交
    • J
      nfsd: bump dl_time when unhashing delegation · d55a166c
      Jeff Layton 提交于
      There's a potential race between a lease break and DELEGRETURN call.
      
      Suppose a lease break comes in and queues the workqueue job for a
      delegation, but it doesn't run just yet. Then, a DELEGRETURN comes in
      finds the delegation and calls destroy_delegation on it to unhash it and
      put its primary reference.
      
      Next, the workqueue job runs and queues the delegation back onto the
      del_recall_lru list, issues the CB_RECALL and puts the final reference.
      With that, the final reference to the delegation is put, but it's still
      on the LRU list.
      
      When we go to unhash a delegation, it's because we intend to get rid of
      it soon afterward, so we don't want lease breaks to mess with it once
      that occurs. Fix this by bumping the dl_time whenever we unhash a
      delegation, to ensure that lease breaks don't monkey with it.
      
      I believe this is a regression due to commit 02e1215f (nfsd: Avoid
      taking state_lock while holding inode lock in nfsd_break_one_deleg).
      Prior to that, the state_lock was held in the lm_break callback itself,
      and that would have prevented this race.
      
      Cc: Trond Myklebust <trond.myklebust@primarydata.com>
      Signed-off-by: NJeff Layton <jlayton@primarydata.com>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      d55a166c
  5. 22 7月, 2014 3 次提交
  6. 17 7月, 2014 4 次提交
  7. 11 7月, 2014 7 次提交
    • J
      nfsd: cleanup and rename nfs4_check_open · a46cb7f2
      Jeff Layton 提交于
      Rename it to better describe what it does, and have it just return the
      stateid instead of a __be32 (which is now always nfs_ok). Also, do the
      search for an existing stateid after the delegation check, to reduce
      cleanup if the delegation check returns error.
      Signed-off-by: NJeff Layton <jlayton@primarydata.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      a46cb7f2
    • J
      nfsd: make deny mode enforcement more efficient and close races in it · baeb4ff0
      Jeff Layton 提交于
      The current enforcement of deny modes is both inefficient and scattered
      across several places, which makes it hard to guarantee atomicity. The
      inefficiency is a problem now, and the lack of atomicity will mean races
      once the client_mutex is removed.
      
      First, we address the inefficiency. We have to track deny modes on a
      per-stateid basis to ensure that open downgrades are sane, but when the
      server goes to enforce them it has to walk the entire list of stateids
      and check against each one.
      
      Instead of doing that, maintain a per-nfs4_file deny mode. When a file
      is opened, we simply set any deny bits in that mode that were specified
      in the OPEN call. We can then use that unified deny mode to do a simple
      check to see whether there are any conflicts without needing to walk the
      entire stateid list.
      
      The only time we'll need to walk the entire list of stateids is when a
      stateid that has a deny mode on it is being released, or one is having
      its deny mode downgraded. In that case, we must walk the entire list and
      recalculate the fi_share_deny field. Since deny modes are pretty rare
      today, this should be very rare under normal workloads.
      
      To address the potential for races once the client_mutex is removed,
      protect fi_share_deny with the fi_lock. In nfs4_get_vfs_file, check to
      make sure that any deny mode we want to apply won't conflict with
      existing access. If that's ok, then have nfs4_file_get_access check that
      new access to the file won't conflict with existing deny modes.
      
      If that also passes, then get file access references, set the correct
      access and deny bits in the stateid, and update the fi_share_deny field.
      If opening the file or truncating it fails, then unwind the whole mess
      and return the appropriate error.
      Signed-off-by: NJeff Layton <jlayton@primarydata.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      baeb4ff0
    • J
      nfsd: always hold the fi_lock when bumping fi_access refcounts · 7214e860
      Jeff Layton 提交于
      Once we remove the client_mutex, there's an unlikely but possible race
      that could occur. It will be possible for nfs4_file_put_access to race
      with nfs4_file_get_access. The refcount will go to zero (briefly) and
      then bumped back to one. If that happens we set ourselves up for a
      use-after-free and the potential for a lock to race onto the i_flock
      list as a filp is being torn down.
      
      Ensure that we can safely bump the refcount on the file by holding the
      fi_lock whenever that's done. The only place it currently isn't is in
      get_lock_access.
      
      In order to ensure atomicity with finding the file, use the
      find_*_file_locked variants and then call get_lock_access to get new
      access references on the nfs4_file under the same lock.
      Signed-off-by: NJeff Layton <jlayton@primarydata.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      7214e860
    • J
      nfsd: clean up reset_union_bmap_deny · 3b84240a
      Jeff Layton 提交于
      Fix the "deny" argument type, and start the loop at 1. The 0 iteration
      is always a noop.
      Signed-off-by: NJeff Layton <jlayton@primarydata.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      3b84240a
    • J
      nfsd: set stateid access and deny bits in nfs4_get_vfs_file · 6eb3a1d0
      Jeff Layton 提交于
      Cleanup -- ensure that the stateid bits are set at the same time that
      the file access refcounts are incremented. Keeping them coherent like
      this makes it easier to ensure that we account for all of the
      references.
      
      Since the initialization of the st_*_bmap fields is done when it's
      hashed, we go ahead and hash the stateid before getting access to the
      file and unhash it if that function returns error. This will be
      necessary anyway in a follow-on patch that will overhaul deny mode
      handling.
      Signed-off-by: NJeff Layton <jlayton@primarydata.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      6eb3a1d0
    • J
      nfsd: shrink st_access_bmap and st_deny_bmap · c11c591f
      Jeff Layton 提交于
      We never use anything above bit #3, so an unsigned long for each is
      wasteful. Shrink them to a char each, and add some WARN_ON_ONCE calls if
      we try to set or clear bits that would go outside those sizes.
      
      Note too that because atomic bitops work on unsigned longs, we have to
      abandon their use here. That shouldn't be a problem though since we
      don't really care about the atomicity in this code anyway. Using them
      was just a convenient way to flip bits.
      Signed-off-by: NJeff Layton <jlayton@primarydata.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      c11c591f
    • J
      nfsd: remove nfs4_file_put_fd · 6d338b51
      Jeff Layton 提交于
      ...and replace it with a simple swap call.
      Signed-off-by: NJeff Layton <jlayton@primarydata.com>
      Reviewed-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      6d338b51