[Devel] [PATCH RHEL7 COMMIT] ms/nfsd4: add refcount for nfsd4_blocked_lock

Vasily Averin vvs at virtuozzo.com
Thu Dec 30 16:58:13 MSK 2021 

The commit is pushed to "branch-rh7-3.10.0-1160.42.2.vz7.184.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.42.2.vz7.184.7
------>
commit 5af8ef7d0ffe3bb2ca5633a57b87799ac53c1fc5
Author: Vasily Averin <vvs at virtuozzo.com>
Date:   Thu Dec 30 16:58:13 2021 +0300

    ms/nfsd4: add refcount for nfsd4_blocked_lock
    
    nbl allocated in nfsd4_lock can be released by a several ways:
    directly in nfsd4_lock(), via nfs4_laundromat(), via another nfs
    command RELEASE_LOCKOWNER or via nfsd4_callback.
    This structure should be refcounted to be used and released correctly
    in all these cases.
    
    Refcount is initialized to 1 during allocation and is incremented
    when nbl is added into nbl_list/nbl_lru lists.
    
    Usually nbl is linked into both lists together, so only one refcount
    is used for both lists.
    
    However nfsd4_lock() should keep in mind that nbl can be present
    in one of lists only. This can happen if nbl was handled already
    by nfs4_laundromat/nfsd4_callback/etc.
    
    Refcount is decremented if vfs_lock_file() returns FILE_LOCK_DEFERRED,
    because nbl can be handled already by nfs4_laundromat/nfsd4_callback/etc.
    
    Refcount is not changed in find_blocked_lock() because of it reuses counter
    released after removing nbl from lists.
    
    (patch was submitted upstream but was not merged yet)
    https://jira.sw.ru/browse/PSBM-136851
    Signed-off-by: Vasily Averin <vvs at virtuozzo.com>
---
 fs/nfsd/nfs4state.c | 23 ++++++++++++++++++++---
 fs/nfsd/state.h     |  1 +
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index 4a57b40..a619663 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -221,6 +221,7 @@ find_blocked_lock(struct nfs4_lockowner *lo, struct knfsd_fh *fh,
 	list_for_each_entry(cur, &lo->lo_blocked, nbl_list) {
 		if (fh_match(fh, &cur->nbl_fh)) {
 			list_del_init(&cur->nbl_list);
+			WARN_ON(list_empty(&cur->nbl_lru));
 			list_del_init(&cur->nbl_lru);
 			found = cur;
 			break;
@@ -246,6 +247,7 @@ find_or_allocate_block(struct nfs4_lockowner *lo, struct knfsd_fh *fh,
 			INIT_LIST_HEAD(&nbl->nbl_lru);
 			fh_copy_shallow(&nbl->nbl_fh, fh);
 			locks_init_lock(&nbl->nbl_lock);
+			kref_init(&nbl->nbl_kref);
 			nfsd4_init_cb(&nbl->nbl_cb, lo->lo_owner.so_client,
 					&nfsd4_cb_notify_lock_ops,
 					NFSPROC4_CLNT_CB_NOTIFY_LOCK);
@@ -255,10 +257,19 @@ find_or_allocate_block(struct nfs4_lockowner *lo, struct knfsd_fh *fh,
 }
 
 static void
+free_nbl(struct kref *kref)
+{
+	struct nfsd4_blocked_lock *nbl;
+
+	nbl = container_of(kref, struct nfsd4_blocked_lock, nbl_kref);
+	kfree(nbl);
+}
+
+static void
 free_blocked_lock(struct nfsd4_blocked_lock *nbl)
 {
 	locks_release_private(&nbl->nbl_lock);
-	kfree(nbl);
+	kref_put(&nbl->nbl_kref, free_nbl);
 }
 
 static void
@@ -276,6 +287,7 @@ remove_blocked_locks(struct nfs4_lockowner *lo)
 					struct nfsd4_blocked_lock,
 					nbl_list);
 		list_del_init(&nbl->nbl_list);
+		WARN_ON(list_empty(&nbl->nbl_lru));
 		list_move(&nbl->nbl_lru, &reaplist);
 	}
 	spin_unlock(&nn->blocked_locks_lock);
@@ -5995,6 +6007,7 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
 		spin_lock(&nn->blocked_locks_lock);
 		list_add_tail(&nbl->nbl_list, &lock_sop->lo_blocked);
 		list_add_tail(&nbl->nbl_lru, &nn->blocked_locks_lru);
+		kref_get(&nbl->nbl_kref);
 		spin_unlock(&nn->blocked_locks_lock);
 	}
 
@@ -6005,6 +6018,7 @@ nfsd4_lock(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
 		status = 0;
 		break;
 	case FILE_LOCK_DEFERRED:
+		kref_put(&nbl->nbl_kref, free_nbl);
 		nbl = NULL;
 		/* Fallthrough */
 	case -EAGAIN:		/* conflock holds conflicting lock */
@@ -6025,8 +6039,11 @@ out:
 		/* dequeue it if we queued it before */
 		if (fl_flags & FL_SLEEP) {
 			spin_lock(&nn->blocked_locks_lock);
-			list_del_init(&nbl->nbl_list);
-			list_del_init(&nbl->nbl_lru);
+			if (!list_empty(&nbl->nbl_list)) {
+				list_del_init(&nbl->nbl_list);
+				list_del_init(&nbl->nbl_lru);
+				kref_put(&nbl->nbl_kref, free_nbl);
+			}
 			spin_unlock(&nn->blocked_locks_lock);
 		}
 		free_blocked_lock(nbl);
diff --git a/fs/nfsd/state.h b/fs/nfsd/state.h
index f53db66..4735ab8 100644
--- a/fs/nfsd/state.h
+++ b/fs/nfsd/state.h
@@ -587,6 +587,7 @@ struct nfsd4_blocked_lock {
 	struct file_lock	nbl_lock;
 	struct knfsd_fh		nbl_fh;
 	struct nfsd4_callback	nbl_cb;
+	struct kref		nbl_kref;
 };
 
 struct nfsd4_compound_state;

More information about the Devel mailing list