From nobody Sat Oct 12 00:51:22 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XQQ0p3x0xz5YSL2; Sat, 12 Oct 2024 00:51:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XQQ0p3QbYz4mLy; Sat, 12 Oct 2024 00:51:22 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1728694282; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=HfP+49w4xu3s7tkjpENF/xvsf6ndgvlJ6wzmPglWtk8=; b=iziqhUlQLkYp1HpoXRSdl1cpgQCL0LNBO5O8Kmb0DNq+mEtxwjQqcHoGJqOuZJ81LTTzxv I03GhRyKFHkZAGfVdsM9I/2mPQE3uOeKjImUeiy1PcIyTGD1TGJVzKkHjTJJvTA861am/s 4S0KsXk1wF+CEsdTzWtEsVDDA9mhX+kxDM8MxKxKGBqbtuyYi07XcC+WAXkMi46M1CMMaZ vr79yL2yr+vp8PsKJvq71Tv0s3MPW6B2W+5jNyz1w7G5g+XKzv52NMCvBSciyCf2NeiEt/ HA3pHxDgd+tZu5EcrUvWO7tMhuSzsZgTpyEa+aX/RUDmD1+NFCs1BftctXnl5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1728694282; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=HfP+49w4xu3s7tkjpENF/xvsf6ndgvlJ6wzmPglWtk8=; b=OlpzcZg+ovy/5+fIGMkzBDXpkWT5JY9ow63d5Kspq4dLpeXub/k59vr/XYaY6oCQQgSmw2 uA2iAiiROKTR0MpJdEXcUxwcI1eCElB63eLA+G8a+tNgP/IQX1AzHbZq2vhm3ujrKrSHgM Gwn07SJhcrwGYXwm1JfDAy82FViLpQRVMtH87HdxyxTF1M0ECW5UEw7gLgT92fjMK2MkBd 8uCXyCGTO7NdZG+V0nJqmPqp4qi1rZs2YPaKbN6UhI3e/KxgrBPoWz0OGzmMZYW/80F2tD NtJEWCJyZsKJsROmabgH2N0hlv7ydrJVVx3Wi++xl6LSbqiuvah71Z55KfPjQQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1728694282; a=rsa-sha256; cv=none; b=JFmUJ2F1G4DSX7RMI3zX4PezN6QHdVNgWJUmk35e7qEshr4Kixb9iLR1sXwtq03wytFrOd sFcZ8HrZ9duiPGyzrZENDFkHD0LJtkt+O81BpVJ2+hmBUFaTnxGZodLf9TrR8ScDfowqoI GC4ssnf5DsxlwjjG9S3CjepvRK+SlSb0blD56LXnLb/NLipMBpiH2GsDZWMTRu87H+PtsM TDd1HUm/BocBwx4Ax0r8PfCK6vax66eCyZWJ0bOJ5zBgiYcTwhd0HMx6SmPQ9VycvtrSfF hspnpyOiIQJrEXvuv8MoB+kc4/nc3aHz2OzSsLRe4J72snaTtKy499ZUyAgpWg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XQQ0p32Jpz14Kj; Sat, 12 Oct 2024 00:51:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 49C0pM33003596; Sat, 12 Oct 2024 00:51:22 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 49C0pMHu003593; Sat, 12 Oct 2024 00:51:22 GMT (envelope-from git) Date: Sat, 12 Oct 2024 00:51:22 GMT Message-Id: <202410120051.49C0pMHu003593@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Rick Macklem Subject: git: cc07d914bc80 - stable/13 - nfsd: Fix close handling when vfs.nfsd.enable_locallocks=1 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: cc07d914bc80f0c644584de6eab2efd30e911d8d Auto-Submitted: auto-generated The branch stable/13 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=cc07d914bc80f0c644584de6eab2efd30e911d8d commit cc07d914bc80f0c644584de6eab2efd30e911d8d Author: Rick Macklem AuthorDate: 2024-09-30 22:49:57 +0000 Commit: Rick Macklem CommitDate: 2024-10-12 00:49:55 +0000 nfsd: Fix close handling when vfs.nfsd.enable_locallocks=1 nfsrv_freeopen() was being called after the mutex lock was released, making it possible for other kernel threads to change the lists while nfsrv_freeopen() took the nfsstateid out of the lists. This patch moves the code around "if (nfsrv_freeopen(stp, vp, 1 p) == 0) {" into nfsrv_freeopen(), so that it can remove the nfsstateid structure from all lists before unlocking the mutex. This should avoid any race between CLOSE and other nfsd threads updating the NFSv4 state. The patch does not affect semantics when vfs.nfsd.enable_locallocks=0. PR: 280978 Tested by: Matthew L. Dailey (cherry picked from commit eb345e05ac6602eeef0c33fce9025bbc8ec44d0f) --- sys/fs/nfsserver/nfs_nfsdstate.c | 62 +++++++++++++++++++--------------------- 1 file changed, 30 insertions(+), 32 deletions(-) diff --git a/sys/fs/nfsserver/nfs_nfsdstate.c b/sys/fs/nfsserver/nfs_nfsdstate.c index 44f8aeb2a70d..ac02f390fb72 100644 --- a/sys/fs/nfsserver/nfs_nfsdstate.c +++ b/sys/fs/nfsserver/nfs_nfsdstate.c @@ -139,7 +139,7 @@ static void nfsrv_dumpaclient(struct nfsclient *clp, struct nfsd_dumpclients *dumpp); static void nfsrv_freeopenowner(struct nfsstate *stp, int cansleep, NFSPROC_T *p); -static int nfsrv_freeopen(struct nfsstate *stp, vnode_t vp, int cansleep, +static void nfsrv_freeopen(struct nfsstate *stp, vnode_t vp, int cansleep, NFSPROC_T *p); static void nfsrv_freelockowner(struct nfsstate *stp, vnode_t vp, int cansleep, NFSPROC_T *p); @@ -1549,7 +1549,7 @@ nfsrv_freeopenowner(struct nfsstate *stp, int cansleep, NFSPROC_T *p) while (nstp != LIST_END(&stp->ls_open)) { tstp = nstp; nstp = LIST_NEXT(nstp, ls_list); - (void) nfsrv_freeopen(tstp, NULL, cansleep, p); + nfsrv_freeopen(tstp, NULL, cansleep, p); } if (stp->ls_op) nfsrvd_derefcache(stp->ls_op); @@ -1564,12 +1564,11 @@ nfsrv_freeopenowner(struct nfsstate *stp, int cansleep, NFSPROC_T *p) * are no other opens on the file. * Returns 1 if it free'd the nfslockfile, 0 otherwise. */ -static int +static void nfsrv_freeopen(struct nfsstate *stp, vnode_t vp, int cansleep, NFSPROC_T *p) { struct nfsstate *nstp, *tstp; struct nfslockfile *lfp; - int ret; LIST_REMOVE(stp, ls_hash); LIST_REMOVE(stp, ls_list); @@ -1578,35 +1577,46 @@ nfsrv_freeopen(struct nfsstate *stp, vnode_t vp, int cansleep, NFSPROC_T *p) lfp = stp->ls_lfp; /* * Now, free all lockowners associated with this open. + * Note that, if vp != NULL, nfsrv_freelockowner() will + * not call nfsrv_freeallnfslocks(), so it needs to be called, below. */ LIST_FOREACH_SAFE(tstp, &stp->ls_open, ls_list, nstp) nfsrv_freelockowner(tstp, vp, cansleep, p); + if (vp != NULL) { + KASSERT(cansleep != 0, ("nfsrv_freeopen: cansleep == 0")); + mtx_assert(NFSSTATEMUTEXPTR, MA_OWNED); + /* + * Only called with vp != NULL for Close when + * vfs.nfsd.enable_locallocks != 0. + * Lock the lfp so that it will not go away and do the + * nfsrv_freeallnfslocks() call that was not done by + * nfsrv_freelockowner(). + */ + nfsrv_locklf(lfp); + NFSUNLOCKSTATE(); + NFSVOPUNLOCK(vp); + nfsrv_freeallnfslocks(stp, vp, cansleep, p); + NFSVOPLOCK(vp, LK_EXCLUSIVE | LK_RETRY); + NFSLOCKSTATE(); + nfsrv_unlocklf(lfp); + } + /* * The nfslockfile is freed here if there are no locks * associated with the open. * If there are locks associated with the open, the * nfslockfile structure can be freed via nfsrv_freelockowner(). - * Acquire the state mutex to avoid races with calls to - * nfsrv_getlockfile(). */ - if (cansleep != 0) - NFSLOCKSTATE(); if (lfp != NULL && LIST_EMPTY(&lfp->lf_open) && LIST_EMPTY(&lfp->lf_deleg) && LIST_EMPTY(&lfp->lf_lock) && LIST_EMPTY(&lfp->lf_locallock) && LIST_EMPTY(&lfp->lf_rollback) && lfp->lf_usecount == 0 && - (cansleep != 0 || nfsv4_testlock(&lfp->lf_locallock_lck) == 0)) { + nfsv4_testlock(&lfp->lf_locallock_lck) == 0) nfsrv_freenfslockfile(lfp); - ret = 1; - } else - ret = 0; - if (cansleep != 0) - NFSUNLOCKSTATE(); free(stp, M_NFSDSTATE); NFSD_VNET(nfsstatsv1_p)->srvopens--; nfsrv_openpluslock--; - return (ret); } /* @@ -1619,7 +1629,8 @@ nfsrv_freelockowner(struct nfsstate *stp, vnode_t vp, int cansleep, LIST_REMOVE(stp, ls_hash); LIST_REMOVE(stp, ls_list); - nfsrv_freeallnfslocks(stp, vp, cansleep, p); + if (vp == NULL) + nfsrv_freeallnfslocks(stp, vp, cansleep, p); if (stp->ls_op) nfsrvd_derefcache(stp->ls_op); free(stp, M_NFSDSTATE); @@ -3537,7 +3548,6 @@ nfsrv_openupdate(vnode_t vp, struct nfsstate *new_stp, nfsquad_t clientid, { struct nfsstate *stp; struct nfsclient *clp; - struct nfslockfile *lfp; u_int32_t bits; int error = 0, gotstate = 0, len = 0; u_char *clidp = NULL; @@ -3632,9 +3642,7 @@ nfsrv_openupdate(vnode_t vp, struct nfsstate *new_stp, nfsquad_t clientid, NFSBCOPY(clp->lc_id, clidp, len); gotstate = 1; } - NFSUNLOCKSTATE(); } else if (new_stp->ls_flags & NFSLCK_CLOSE) { - lfp = stp->ls_lfp; if (retwriteaccessp != NULL) { if ((stp->ls_flags & NFSLCK_WRITEACCESS) != 0) *retwriteaccessp = 1; @@ -3642,20 +3650,10 @@ nfsrv_openupdate(vnode_t vp, struct nfsstate *new_stp, nfsquad_t clientid, *retwriteaccessp = 0; } if (nfsrv_dolocallocks != 0 && !LIST_EMPTY(&stp->ls_open)) { - /* Get the lf lock */ - nfsrv_locklf(lfp); - NFSUNLOCKSTATE(); ASSERT_VOP_ELOCKED(vp, "nfsrv_openupdate"); - NFSVOPUNLOCK(vp); - if (nfsrv_freeopen(stp, vp, 1, p) == 0) { - NFSLOCKSTATE(); - nfsrv_unlocklf(lfp); - NFSUNLOCKSTATE(); - } - NFSVOPLOCK(vp, LK_EXCLUSIVE | LK_RETRY); + nfsrv_freeopen(stp, vp, 1, p); } else { - (void) nfsrv_freeopen(stp, NULL, 0, p); - NFSUNLOCKSTATE(); + nfsrv_freeopen(stp, NULL, 0, p); } } else { /* @@ -3673,8 +3671,8 @@ nfsrv_openupdate(vnode_t vp, struct nfsstate *new_stp, nfsquad_t clientid, if ((nd->nd_flag & ND_NFSV41) != 0 && stp->ls_stateid.seqid == 0) stp->ls_stateid.seqid = 1; - NFSUNLOCKSTATE(); } + NFSUNLOCKSTATE(); /* * If the client just confirmed its first open, write a timestamp