linux/fs/nfs
Jeff Layton d2224e7afb nfs: close NFSv4 COMMIT vs. CLOSE race
I've been adding in more artificial delays in the NFSv4 commit and close
codepaths to uncover races. The kernel I'm testing has the patch to
close the race in __rpc_wait_for_completion_task that's in Trond's
cthon2011 branch. The reproducer I've been using does this in a loop:

	mkdir("DIR");
	fd = open("DIR/FILE", O_WRONLY|O_CREAT|O_EXCL, 0644);
	write(fd, "abcdefg", 7);
	close(fd);
	unlink("DIR/FILE");
	rmdir("DIR");

The above reproducer shouldn't result in any silly-renaming. However,
when I add a "msleep(100)" just after the nfs_commit_clear_lock call in
nfs_commit_release, I can almost always force one to occur. If I can
force it to occur with that, then it can happen without that delay
given the right timing.

nfs_commit_inode waits for the NFS_INO_COMMIT bit to clear when called
with FLUSH_SYNC set. nfs_commit_rpcsetup on the other hand does not wait
for the task to complete before putting its reference to it, so the last
reference get put in rpc_release task and gets queued to a workqueue.

In this situation, the last open context reference may be put by the
COMMIT release instead of the close() syscall. The close() syscall
returns too quickly and the unlink runs while the d_count is still
high since the COMMIT release hasn't put its dentry reference yet.

Fix this by having rpc_commit_rpcsetup wait for the RPC call to complete
before putting the task reference when FLUSH_SYNC is set. With this, the
last reference is put by the process that's initiating the FLUSH_SYNC
commit and the race is closed.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
2011-03-10 15:04:53 -05:00
..
cache_lib.c
cache_lib.h
callback_proc.c NFS fix cb_sequence error processing 2011-01-25 15:26:51 -05:00
callback_xdr.c NFS do not find client in NFSv4 pg_authenticate 2011-01-25 15:26:51 -05:00
callback.c NFS do not find client in NFSv4 pg_authenticate 2011-01-25 15:26:51 -05:00
callback.h NFS do not find client in NFSv4 pg_authenticate 2011-01-25 15:26:51 -05:00
client.c NFS do not find client in NFSv4 pg_authenticate 2011-01-25 15:26:51 -05:00
delegation.c NFS: Fix an NFS client lockdep issue 2011-01-28 13:37:09 -05:00
delegation.h NFS: Move cl_delegations to the nfs_server struct 2011-01-06 14:57:46 -05:00
dir.c NFS: Use d_automount() rather than abusing follow_link() 2011-01-15 20:07:34 -05:00
direct.c NFS: Fix "kernel BUG at fs/aio.c:554!" 2011-01-25 15:24:47 -05:00
dns_resolve.c
dns_resolve.h
file.c
fscache-index.c
fscache.c
fscache.h
getroot.c switch nfs to ->s_d_op 2011-01-12 20:02:45 -05:00
idmap.c nfs: fix mispelling of idmap CONFIG symbol 2011-01-04 13:10:39 -05:00
inode.c NFS: nfs_wcc_update_inode() should set nfsi->attr_gencount 2011-01-25 15:28:21 -05:00
internal.h NFS do not find client in NFSv4 pg_authenticate 2011-01-25 15:26:51 -05:00
iostat.h
Kconfig
Makefile
mount_clnt.c NFS: Remove redundant unlikely() 2010-12-21 11:51:23 -05:00
namespace.c Unexport do_add_mount() and add in follow_automount(), not ->d_automount() 2011-01-15 20:07:48 -05:00
nfs2xdr.c Merge branch 'bugfixes' into nfs-for-2.6.38 2011-01-10 14:48:02 -05:00
nfs3acl.c NFS: Prevent memory allocation failure in nfsacl_encode() 2011-01-25 15:24:47 -05:00
nfs3proc.c
nfs3xdr.c NFS: Fix "kernel BUG at fs/nfs/nfs3xdr.c:1338!" 2011-01-25 15:24:47 -05:00
nfs4_fs.h NFS: Move cl_state_owners and related fields to the nfs_server struct 2011-01-06 14:47:57 -05:00
nfs4filelayout.c pnfs: add prefix to struct pnfs_layout_hdr fields 2011-01-06 14:46:31 -05:00
nfs4filelayout.h
nfs4filelayoutdev.c NFS4: Avoid potential NULL pointer dereference in decode_and_add_ds(). 2011-01-25 15:24:46 -05:00
nfs4namespace.c
nfs4proc.c SUNRPC: Close a race in __rpc_wait_for_completion_task() 2011-03-10 15:04:52 -05:00
nfs4renewd.c NFS: Move cl_delegations to the nfs_server struct 2011-01-06 14:57:46 -05:00
nfs4state.c NFS do not find client in NFSv4 pg_authenticate 2011-01-25 15:26:51 -05:00
nfs4xdr.c NFS: NFSv4 readdir loses entries 2011-01-28 13:41:35 -05:00
nfsroot.c
pagelist.c nfs: Take advantage of kmem_cache_zalloc() in nfs_page_alloc() 2010-12-21 11:51:24 -05:00
pnfs.c NFS improve pnfs_put_deviceid_cache debug print 2011-01-25 15:26:51 -05:00
pnfs.h pnfs: layout roc code 2011-01-06 14:46:32 -05:00
proc.c NFS: Don't leak in nfs_proc_symlink() 2011-01-04 13:10:36 -05:00
read.c
super.c switch nfs to ->s_d_op 2011-01-12 20:02:45 -05:00
symlink.c
sysctl.c
unlink.c SUNRPC: Close a race in __rpc_wait_for_completion_task() 2011-03-10 15:04:52 -05:00
write.c nfs: close NFSv4 COMMIT vs. CLOSE race 2011-03-10 15:04:53 -05:00