The nfs4_file table is global, so shutting it down when a containerized
nfsd is shut down is wrong and can lead to double-frees. Tear down the
nfs4_file_rhltable in nfs4_state_shutdown instead of
nfs4_state_shutdown_net.
Fixes: d47b295e8d76 (NFSD: Use rhashtable for managing nfs4_file objects)
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2169017
Reported-by: JianHong Yin <[email protected]>
Signed-off-by: Jeff Layton <[email protected]>
---
fs/nfsd/nfs4state.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index af22dfdc6fcc..a202be19f26f 100644
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -8218,7 +8218,6 @@ nfs4_state_shutdown_net(struct net *net)
nfsd4_client_tracking_exit(net);
nfs4_state_destroy_net(net);
- rhltable_destroy(&nfs4_file_rhltable);
#ifdef CONFIG_NFSD_V4_2_INTER_SSC
nfsd4_ssc_shutdown_umount(nn);
#endif
@@ -8228,6 +8227,7 @@ void
nfs4_state_shutdown(void)
{
nfsd4_destroy_callback_queue();
+ rhltable_destroy(&nfs4_file_rhltable);
}
static void
--
2.39.1
> On Feb 11, 2023, at 7:50 AM, Jeff Layton <[email protected]> wrote:
>
> The nfs4_file table is global, so shutting it down when a containerized
> nfsd is shut down is wrong and can lead to double-frees. Tear down the
> nfs4_file_rhltable in nfs4_state_shutdown instead of
> nfs4_state_shutdown_net.
D'oh!
> Fixes: d47b295e8d76 (NFSD: Use rhashtable for managing nfs4_file objects)
> Link: https://bugzilla.redhat.com/show_bug.cgi?id=2169017
> Reported-by: JianHong Yin <[email protected]>
> Signed-off-by: Jeff Layton <[email protected]>
Thanks to you and JianHong. Applied to nfsd-fixes.
> ---
> fs/nfsd/nfs4state.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
> index af22dfdc6fcc..a202be19f26f 100644
> --- a/fs/nfsd/nfs4state.c
> +++ b/fs/nfsd/nfs4state.c
> @@ -8218,7 +8218,6 @@ nfs4_state_shutdown_net(struct net *net)
>
> nfsd4_client_tracking_exit(net);
> nfs4_state_destroy_net(net);
> - rhltable_destroy(&nfs4_file_rhltable);
> #ifdef CONFIG_NFSD_V4_2_INTER_SSC
> nfsd4_ssc_shutdown_umount(nn);
> #endif
> @@ -8228,6 +8227,7 @@ void
> nfs4_state_shutdown(void)
> {
> nfsd4_destroy_callback_queue();
> + rhltable_destroy(&nfs4_file_rhltable);
> }
>
> static void
> --
> 2.39.1
>
--
Chuck Lever
On Sat, 2023-02-11 at 20:31 +0000, Chuck Lever III wrote:
>
> > On Feb 11, 2023, at 7:50 AM, Jeff Layton <[email protected]> wrote:
> >
> > The nfs4_file table is global, so shutting it down when a containerized
> > nfsd is shut down is wrong and can lead to double-frees. Tear down the
> > nfs4_file_rhltable in nfs4_state_shutdown instead of
> > nfs4_state_shutdown_net.
>
> D'oh!
>
>
> > Fixes: d47b295e8d76 (NFSD: Use rhashtable for managing nfs4_file objects)
> > Link: https://bugzilla.redhat.com/show_bug.cgi?id=2169017
> > Reported-by: JianHong Yin <[email protected]>
> > Signed-off-by: Jeff Layton <[email protected]>
>
> Thanks to you and JianHong. Applied to nfsd-fixes.
>
Thanks for grabbing it quickly. It'd be great to get this in before v6.2
ships...
>
> > ---
> > fs/nfsd/nfs4state.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
> > index af22dfdc6fcc..a202be19f26f 100644
> > --- a/fs/nfsd/nfs4state.c
> > +++ b/fs/nfsd/nfs4state.c
> > @@ -8218,7 +8218,6 @@ nfs4_state_shutdown_net(struct net *net)
> >
> > nfsd4_client_tracking_exit(net);
> > nfs4_state_destroy_net(net);
> > - rhltable_destroy(&nfs4_file_rhltable);
> > #ifdef CONFIG_NFSD_V4_2_INTER_SSC
> > nfsd4_ssc_shutdown_umount(nn);
> > #endif
> > @@ -8228,6 +8227,7 @@ void
> > nfs4_state_shutdown(void)
> > {
> > nfsd4_destroy_callback_queue();
> > + rhltable_destroy(&nfs4_file_rhltable);
> > }
> >
> > static void
> > --
> > 2.39.1
> >
>
> --
> Chuck Lever
>
>
>
--
Jeff Layton <[email protected]>