Commit e4644c5d authored Sep 06, 2022 by Chuck Lever Committed by Zheng Zengkai Sep 07, 2022

NFSD: Fix possible sleep during nfsd4_release_lockowner()

stable inclusion
from stable-v5.10.120
commit 3097f38e91266c7132c3fdb7e778fac858c00670
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I5L6BR

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3097f38e91266c7132c3fdb7e778fac858c00670



--------------------------------

commit ce3c4ad7 upstream.

nfsd4_release_lockowner() holds clp->cl_lock when it calls
check_for_locks(). However, check_for_locks() calls nfsd_file_get()
/ nfsd_file_put() to access the backing inode's flc_posix list, and
nfsd_file_put() can sleep if the inode was recently removed.

Let's instead rely on the stateowner's reference count to gate
whether the release is permitted. This should be a reliable
indication of locks-in-use since file lock operations and
->lm_get_owner take appropriate references, which are released
appropriately when file locks are removed.

Reported-by: Dai Ngo <dai.ngo@oracle.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>
Acked-by: Xie XiuQi <xiexiuqi@huawei.com>

parent 53de5efc

fs/nfsd/nfs4state.c

+4 −8

Original line number	Diff line number	Diff line
		@@ -7122,16 +7122,12 @@ nfsd4_release_lockowner(struct svc_rqst *rqstp,
		if (sop->so_is_open_owner \|\| !same_owner_str(sop, owner))
		continue;

		/* see if there are still any locks associated with it */
		lo = lockowner(sop);
		list_for_each_entry(stp, &sop->so_stateids, st_perstateowner) {
		if (check_for_locks(stp->st_stid.sc_file, lo)) {
		status = nfserr_locks_held;
		if (atomic_read(&sop->so_count) != 1) {
		spin_unlock(&clp->cl_lock);
		return status;
		}
		return nfserr_locks_held;
		}

		lo = lockowner(sop);
		nfs4_get_stateowner(sop);
		break;
		}