From:   Vasily Averin <vvs@virtuozzo.com>
Subject: [PATCH] nfs4: skip locks_lock_inode_wait() in nfs4_locku_done if
 FL_ACCESS is set
To:     Trond Myklebust <trond.myklebust@hammerspace.com>,
        Anna Schumaker <anna.schumaker@netapp.com>
Cc:     linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org,
        kernel@openvz.org
Message-ID: <4088a4fe-1c1e-7b9b-0685-dac367094b61@virtuozzo.com>
Date:   Sun, 5 Dec 2021 13:12:28 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.14.0
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?WE9SKzIxOHNNdktOTk5jYUMvMTliWmJ6cndpdVRCRkhaMWY0WXRzOTNVcVZU?=
 =?utf-8?B?UnhZd3ZCWUxTdzZjQlZaZGJmWXZBNnVkRTNjQlYxaFBocDQ0eXY0Vk44S0tY?=
 =?utf-8?B?bzJ2aDJCMHBBSElJMVhMQlg1b2hBQUlrK1czS3k5UjU0anlvYXBWdFZORk9a?=
 =?utf-8?B?cjYyaWtqck0zZ0NicGcyWktDZUJQeE1vY005TVR4UXNkcTNwb2VnN0FIOFR5?=
 =?utf-8?B?ejBKTVlITGZSeVNVTTFUK3dPMWI3dGFBTnhwSXZsdElBU25xMkxRRjhCU0k3?=
 =?utf-8?B?Y213alpVaUpVclkvaHJSRHJZSkQwQ0RobjNzd0lDSjZnSUlWdnZMNTVyT1BB?=
 =?utf-8?B?VlBTendnYkpKMDJ6ZGdVclo0a2wxZTZlU3ZuQkJlWS9UK1VNYm9lTThmcHY0?=
 =?utf-8?B?cjRqSlQ4b3F2TElTbk0wbW9waXlva09VbEhvYndSUkJUd3FpeTVubHFRYTFU?=
 =?utf-8?B?am5QYTNNdlVMcXFWeEk2aU9DeXJhZ0w3TCt3Wmt3OFhXdm9GY2VQYkI5azlo?=
 =?utf-8?B?L2QyUm9kT1J3c0RROEtXQTdJN2d1QXdYV1k4cENIdzhnOHMzdEhCV010N0U1?=
 =?utf-8?B?UkpabHMvbk5MN2t4clVpajlpdVBOZWdBa0YwcmZ4U29zU0FhSnQ5UVY2RUdi?=
 =?utf-8?B?SzVJNUJtQkNtcU1TbXlMTVNvemI0SmNsMTZQbGxaR0ViM1lDd2lNN1BobVBl?=
 =?utf-8?B?SS9FM3ZRemUzS3dsMjlOQzE3Mm0rOFVVODlHK1ptcWFOdzA4V1NIMDJJZlNy?=
 =?utf-8?B?V1JpSk5nN2x1YktxYXoyeU5QOXRJSHNlalQwUFdBUVJwQ0lmbjNOdHV0ZllK?=
 =?utf-8?B?VVdHM2FkSmE5OVRnUWp0VEZSVitTNTE2ak55S0dJTEdKT25qQ0ZGUEJlbXFC?=
 =?utf-8?B?aFVSRVNWdEhaZ29BLzhNRjV4eDhlVElnRzhwMmllMTNjZlMxVUZFMmRwckRC?=
 =?utf-8?B?dlRrZGxqamZRZmVyUG0rcmlqVS9xRjRyQkNZTUZLa2FNYXoxT3J4Q2QxZm5i?=
 =?utf-8?B?eWxNRkNWdHJFYncyL0N6dFl2OFRVWUtTRHBjTmVlU3BQOGRWWjVleG5Va3Zv?=
 =?utf-8?B?SUMzNmFCVk01MmxpMDlOTGNJTkdqRlRvUlBmMEptL252TWN6dUFwWEZQMUhO?=
 =?utf-8?B?OUgxSVBKbUQ3cEJVTnVVYnJuVEZ1NjlQelNlL0dlWlRWdWkraDA2S3Nhd1ZI?=
 =?utf-8?B?Tk5vczlnMmNyZTlJdVJ1MzBodXByRG93VWkweHFIL09KdHpjd29SbmI5cXE4?=
 =?utf-8?B?MEhtZzBVcGtXQkxyNWZZRmt6aFJtNzlRdzZObkUzZ2ZWUUFiSUlJR01MbDgx?=
 =?utf-8?B?aldaMXROSHNDcEwwQ3NwV1dUK2ZMcithQ004cEk4TEo0L1p4VE5IeTREUWZ6?=
 =?utf-8?B?eHFaanBaOW11VjNYMVlUS3lGcmdNcGErZndwSXEya3dDNjVRUFRDbDRIYlRo?=
 =?utf-8?B?VlBBN0RPVFJGY2ZmZTdVRC9UZk1QTFF3bWlqRklvVDZqYU5hL3RxRHF3N1RR?=
 =?utf-8?B?RXV1QlRlbkxpZDRtenB5MUdWbFVWaThoYXBUSjd0Y1FrQ3BvZDZHKzkzenYv?=
 =?utf-8?B?ay9OamhHN0xVT3BEM1VsY045aVZOdVRUOGVwVlhPSTVsOGRLNU5lM1dxSUdj?=
 =?utf-8?B?YUtWWmh0R0RUUEhuNTJPR2xXOVFvSExaemVSdmljYmx6OCtIdmhZZGU5dnN5?=
 =?utf-8?B?WlR5NFJ5bTZmVlQwb3pyeEF1b1l6NU9SOGg2cjE2SitqNmtyOUk1OFozYWJn?=
 =?utf-8?B?SEswbEZwZER1ekhHNHVrRVg3NHg4bTlIWitIQkZZRkJ0aHFpSnhack0wNmNm?=
 =?utf-8?B?TlI3dWU4WmxPZi9RUEdWcXJ2MGhWdkxxbVUvQWVTcmxsV0ZZL21qem9sNGF3?=
 =?utf-8?B?Yk1kOVRsMkhQZ3JQazE2QTYzOEQ5ak8wZXo2U2NHTXhPb04vRm8wdEVxalpw?=
 =?utf-8?B?Zlh1UGt3WWxMaStJcE14OFh2eFVkTjl3NW4zR3dmNDEwMEFpb3RRRytlQ2ZE?=
 =?utf-8?B?dW5wUHRGbmZKaHV3T1VDZVUyZjJFcHpWVG1nM2NpS0JwWHdoWGFjditQQjZF?=
 =?utf-8?B?NnNRWi9aV0VFM3NNWUcyeURhMVBpeFA3MzUzWW1kbFp6Qld4UnR0RUcyNXk5?=
 =?utf-8?B?bDhCYnB2b1l1NWhpT1lkOE9tUFJtSlhzUWdHb0dVVXluNmlhdnE4UWlJTW1X?=
 =?utf-8?Q?GwG666BCeAUSOHrNiNZAyxg=3D?=
X-OriginatorOrg: virtuozzo.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5990eedd-fde1-479b-32fc-08d9b7d7bed2
X-MS-Exchange-CrossTenant-AuthSource: DB9PR08MB6619.eurprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Dec 2021 10:12:29.9034
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: KcKwNstSWrIP/oKNbjB2U/hgrzNRDjpTreq6ZkHHwjowt8XQwfleSL6rUYzDURb3d59sWodCYoBnikB3w50OVg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR08MB5163
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org

In 2006 Trond Myklebust added support for the FL_ACCESS flag,
commit 01c3b861cd77 ("NLM,NFSv4: Wait on local locks before we put RPC
calls on the wire"), as a result of which _nfs4_proc_setlk() began
to execute _nfs4_do_setlk() with modified request->fl_flag where
FL_ACCESS flag was set.

It was not important not till 2015, when commit c69899a17ca4 ("NFSv4:
Update of VFS byte range lock must be atomic with the stateid update")
added do_vfs_lock call into nfs4_locku_done().
nfs4_locku_done() in this case uses calldata->fl of nfs4_unlockdata.
It is copied from struct nfs4_lockdata, which in turn uses the fl_flag
copied from the request->fl_flag provided by _nfs4_do_setlk(), i.e. with
FL_ACCESS flag set.

FL_ACCESS flag is removed in nfs4_lock_done() for non-cancelled case.
however rpc task can be cancelled earlier.

As a result flock_lock_inode() can be called with request->fl_type F_UNLCK
and fl_flags with FL_ACCESS flag set.
Such request is processed incorectly. Instead of expected search and
removal of exisiting flocks it jumps to "find_conflict" label and can call
locks_insert_block() function.

On kernels before 2018, (i.e. before commit 7b587e1a5a6c
("NFS: use locks_copy_lock() to copy locks.")) it caused a BUG in
__locks_insert_block() because copied fl had incorrectly linked fl_block.

On new kernels all lists are properly initialized and no BUG occur,
however any any case, such a call does nothing useful.

If I understand correctly locks_lock_inode_wait(F_UNLCK) call is required
to revert locks_lock_inode_wait(F_LCK) request send from nfs4_lock_done().
An additional F_UNLCK request is dangerous, because of it can remove flock
set not by canceled task but by some other concurrent process.

So I think we need to add FL_ACCESS check in nfs4_locku_done
and skip locks_lock_inode_wait() executing if this flag is set.

Fixes: c69899a17ca4 ("NFSv4: Update of VFS byte range lock must be atomic with the stateid update")
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
---
 fs/nfs/nfs4proc.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index ee3bc79f6ca3..4417dde69202 100644
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -6728,7 +6728,9 @@ static void nfs4_locku_done(struct rpc_task *task, void *data)
 	switch (task->tk_status) {
 		case 0:
 			renew_lease(calldata->server, calldata->timestamp);
-			locks_lock_inode_wait(calldata->lsp->ls_state->inode, &calldata->fl);
+			if (!(calldata->fl.fl_flags & FL_ACCESS))
+				locks_lock_inode_wait(calldata->lsp->ls_state->inode,
+						      &calldata->fl);
 			if (nfs4_update_lock_stateid(calldata->lsp,
 					&calldata->res.stateid))
 				break;
-- 
2.25.1