[Devel] [PATCH RHEL9 COMMIT] ms/nfs4: skip locks_lock_inode_wait() in nfs4_locku_done if FL_ACCESS is set

Konstantin Khorenko khorenko at virtuozzo.com
Wed Jan 12 18:36:43 MSK 2022 

The commit is pushed to "branch-rh9-5.14.vz9.1.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh9-5.14.0-4.vz9.10.38
------>
commit 988ca75b9f9768b68ca3cabce43d16009d6747b0
Author: Vasily Averin <vvs at virtuozzo.com>
Date:   Wed Jan 12 18:36:43 2022 +0300

    ms/nfs4: skip locks_lock_inode_wait() in nfs4_locku_done if FL_ACCESS is set
    
    In 2006 Trond Myklebust added support for the FL_ACCESS flag,
    commit 01c3b861cd77 ("NLM,NFSv4: Wait on local locks before we put RPC
    calls on the wire"), as a result of which _nfs4_proc_setlk() began
    to execute _nfs4_do_setlk() with modified request->fl_flag where
    FL_ACCESS flag was set.
    
    It was not important not till 2015, when commit c69899a17ca4 ("NFSv4:
    Update of VFS byte range lock must be atomic with the stateid update")
    added do_vfs_lock call into nfs4_locku_done().
    nfs4_locku_done() in this case uses calldata->fl of nfs4_unlockdata.
    It is copied from struct nfs4_lockdata, which in turn uses the fl_flag
    copied from the request->fl_flag provided by _nfs4_do_setlk(), i.e. with
    FL_ACCESS flag set.
    
    FL_ACCESS flag is removed in nfs4_lock_done() for non-cancelled case.
    however rpc task can be cancelled earlier.
    
    As a result flock_lock_inode() can be called with request->fl_type F_UNLCK
    and fl_flags with FL_ACCESS flag set.
    Such request is processed incorectly. Instead of expected search and
    removal of exisiting flocks it jumps to "find_conflict" label and can call
    locks_insert_block() function.
    
    On kernels before 2018, (i.e. before commit 7b587e1a5a6c
    ("NFS: use locks_copy_lock() to copy locks.")) it caused a BUG in
    __locks_insert_block() because copied fl had incorrectly linked fl_block.
    
    On new kernels all lists are properly initialized and no BUG occur,
    however any any case, such a call does nothing useful.
    
    If I understand correctly locks_lock_inode_wait(F_UNLCK) call is required
    to revert locks_lock_inode_wait(F_LCK) request send from nfs4_lock_done().
    An additional F_UNLCK request is dangerous, because of it can remove flock
    set not by canceled task but by some other concurrent process.
    
    So I think we need to add FL_ACCESS check in nfs4_locku_done
    and skip locks_lock_inode_wait() executing if this flag is set.
    
    Fixes: c69899a17ca4 ("NFSv4: Update of VFS byte range lock must be atomic with
    the stateid update")
    patch was snet upstream but was not merged yet)
    
    https://jira.sw.ru/browse/PSBM-136295
    Signed-off-by: Vasily Averin <vvs at virtuozzo.com>
    
    Feature: fix ms/nfs4
---
 fs/nfs/nfs4proc.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 7e3444f9a435..70755c08e0b5 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -6787,7 +6787,9 @@ static void nfs4_locku_done(struct rpc_task *task, void *data)
 	switch (task->tk_status) {
 		case 0:
 			renew_lease(calldata->server, calldata->timestamp);
-			locks_lock_inode_wait(calldata->lsp->ls_state->inode, &calldata->fl);
+			if (!(calldata->fl.fl_flags & FL_ACCESS))
+				locks_lock_inode_wait(calldata->lsp->ls_state->inode,
+						      &calldata->fl);
 			if (nfs4_update_lock_stateid(calldata->lsp,
 					&calldata->res.stateid))
 				break;

More information about the Devel mailing list