Received: by 2002:a25:86ce:0:0:0:0:0 with SMTP id y14csp1252228ybm;
        Tue, 21 May 2019 10:57:57 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxpasUcuc7/6FgS3iCXI8++EvDSdoNOgO8uWipr2XibBLjm0SqWiPHqw+/s/Kz0daXeSDSR
X-Received: by 2002:a63:68e:: with SMTP id 136mr29919507pgg.81.1558461476931;
        Tue, 21 May 2019 10:57:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1558461476; cv=none;
        d=google.com; s=arc-20160816;
        b=npKlzgE/6jeUOJx2AQ3aClV8P9+YZbOM3s6H4ztda8C5LR+rFlHvz1gJdc+Ci4Njvg
         /tRbgO7tBgxTrOAMpf1QSMeNUuKBlqDkIL4jLEzWh8Hk5la/Ltt0YekxxDtdwLXrsE6C
         k37DbTp7I+04Q5S77nsAv9XehfwhNYsAyEqVMUB630AdXgqcKk9ppUchNL/nZFPEqgvu
         qlhgbjT253KoFkoNoejlmHfQfp0+uu63ozq/fGZXsPcQWzbuYgnt8/L505DbqJN7Xu+o
         chgG2CZJZe9u+Q7zob5nLrl0+TW833SQqu1nAbP6NwouCrIFUP79V2sHSHZcMPX2Rcsw
         D0gQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:references:cc:to:from:subject;
        bh=JJA7WA0CD8igiCkyOzmtMNWAcASPrW6lFsRnNfkbpW4=;
        b=ZTHmzSwWvO3naZkU2yQIEoaL9lAWaqX0ImwaMwhSNxR6ZxWquf4hgCncyQzZ9SG/78
         6X/q0VrPra9f4p64qs+/xw7UkBro3Z3fwXb8wwek+Ef/qvOlX0YHcnMig54nGYKXpGGB
         oJQNlqs/3TdqUuLBB8CVJ+TR69I8T1XKJHWnGsBlYjfcjRTdJQOK3h7tAwB/1PEUlaog
         PUjK2fy2kJ1kld89pPqeYHMk2aciNWolsn4kYuCdnk5x2R/y1Brbso3tIxisTMUlGohE
         gd1lXjq72qBlxL1BoSJSHiMLTXKFv4ZN5vTvz8vtFevNVIWs72ab/nOmn/siB0/lppJt
         9fGg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Return-Path: <linux-nfs-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g2si22584775pgp.54.2019.05.21.10.57.36;
        Tue, 21 May 2019 10:57:56 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728067AbfEUR5G (ORCPT <rfc822;linux.lists.archive@gmail.com>
        + 99 others); Tue, 21 May 2019 13:57:06 -0400
Received: from out30-54.freemail.mail.aliyun.com ([115.124.30.54]:55330 "EHLO
        out30-54.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1726900AbfEUR5G (ORCPT
        <rfc822;linux-nfs@vger.kernel.org>); Tue, 21 May 2019 13:57:06 -0400
X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R121e4;CH=green;DM=||false|;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e07486;MF=wuyihao@linux.alibaba.com;NM=1;PH=DS;RN=7;SR=0;TI=SMTPD_---0TSK9qTq_1558461423;
Received: from ali-186590dcce93-2.local(mailfrom:wuyihao@linux.alibaba.com fp:SMTPD_---0TSK9qTq_1558461423)
          by smtp.aliyun-inc.com(127.0.0.1);
          Wed, 22 May 2019 01:57:03 +0800
Subject: [PATCH v3 1/2] NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails
 to wake a waiter
From:   Yihao Wu <wuyihao@linux.alibaba.com>
To:     linux-nfs@vger.kernel.org, Jeff Layton <jlayton@kernel.org>,
        Trond Myklebust <trond.myklebust@hammerspace.com>,
        Anna Schumaker <anna.schumaker@netapp.com>
Cc:     Joseph Qi <joseph.qi@linux.alibaba.com>, caspar@linux.alibaba.com
References: <346806ac-2018-b780-4939-87f29648017c@linux.alibaba.com>
 <48a9d50b-f7b9-407d-06db-5c9079dfbf24@linux.alibaba.com>
Message-ID: <37564b2e-9167-a7c1-6f12-8fffaad088fb@linux.alibaba.com>
Date:   Wed, 22 May 2019 01:57:10 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0)
 Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <48a9d50b-f7b9-407d-06db-5c9079dfbf24@linux.alibaba.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-nfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org

Commit b7dbcc0e433f "NFSv4.1: Fix a race where CB_NOTIFY_LOCK fails to wake a waiter"
found this bug. However it didn't fix it.

This commit replaces schedule_timeout() with wait_woken() and
default_wake_function() with woken_wake_function() in function
nfs4_retry_setlk() and nfs4_wake_lock_waiter(). wait_woken() uses
memory barriers in its implementation to avoid potential race condition
when putting a process into sleeping state and then waking it up.

Fixes: a1d617d8f134 ("nfs: allow blocking locks to be awoken by lock callbacks")
Cc: stable@vger.kernel.org #4.9+
Signed-off-by: Yihao Wu <wuyihao@linux.alibaba.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
---
v2->v3: remove unused variable flags in nfs4_retry_setlk()

 fs/nfs/nfs4proc.c | 24 +++++++-----------------
 1 file changed, 7 insertions(+), 17 deletions(-)

diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index c29cbef..5f89bbd 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -6932,7 +6932,6 @@ struct nfs4_lock_waiter {
 	struct task_struct	*task;
 	struct inode		*inode;
 	struct nfs_lowner	*owner;
-	bool			notified;
 };
 
 static int
@@ -6954,13 +6953,13 @@ struct nfs4_lock_waiter {
 		/* Make sure it's for the right inode */
 		if (nfs_compare_fh(NFS_FH(waiter->inode), &cbnl->cbnl_fh))
 			return 0;
-
-		waiter->notified = true;
 	}
 
 	/* override "private" so we can use default_wake_function */
 	wait->private = waiter->task;
-	ret = autoremove_wake_function(wait, mode, flags, key);
+	ret = woken_wake_function(wait, mode, flags, key);
+	if (ret)
+		list_del_init(&wait->entry);
 	wait->private = waiter;
 	return ret;
 }
@@ -6969,7 +6968,6 @@ struct nfs4_lock_waiter {
 nfs4_retry_setlk(struct nfs4_state *state, int cmd, struct file_lock *request)
 {
 	int status = -ERESTARTSYS;
-	unsigned long flags;
 	struct nfs4_lock_state *lsp = request->fl_u.nfs4_fl.owner;
 	struct nfs_server *server = NFS_SERVER(state->inode);
 	struct nfs_client *clp = server->nfs_client;
@@ -6979,8 +6977,7 @@ struct nfs4_lock_waiter {
 				    .s_dev = server->s_dev };
 	struct nfs4_lock_waiter waiter = { .task  = current,
 					   .inode = state->inode,
-					   .owner = &owner,
-					   .notified = false };
+					   .owner = &owner};
 	wait_queue_entry_t wait;
 
 	/* Don't bother with waitqueue if we don't expect a callback */
@@ -6993,21 +6990,14 @@ struct nfs4_lock_waiter {
 	add_wait_queue(q, &wait);
 
 	while(!signalled()) {
-		waiter.notified = false;
 		status = nfs4_proc_setlk(state, cmd, request);
 		if ((status != -EAGAIN) || IS_SETLK(cmd))
 			break;
 
 		status = -ERESTARTSYS;
-		spin_lock_irqsave(&q->lock, flags);
-		if (waiter.notified) {
-			spin_unlock_irqrestore(&q->lock, flags);
-			continue;
-		}
-		set_current_state(TASK_INTERRUPTIBLE);
-		spin_unlock_irqrestore(&q->lock, flags);
-
-		freezable_schedule_timeout(NFS4_LOCK_MAXTIMEOUT);
+		freezer_do_not_count();
+		wait_woken(&wait, TASK_INTERRUPTIBLE, NFS4_LOCK_MAXTIMEOUT);
+		freezer_count();
 	}
 
 	finish_wait(q, &wait);
-- 
1.8.3.1