Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp4065149rwb; Fri, 30 Sep 2022 12:16:24 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7+PoHm66/uETbGCKP6KRKBXhd2nJ791aLOv9ubVJ+tqhFAW4LIVXuDWTRx9ERGpoRFhx6G X-Received: by 2002:a17:906:854b:b0:782:4c6f:5ff6 with SMTP id h11-20020a170906854b00b007824c6f5ff6mr7218648ejy.603.1664565384305; Fri, 30 Sep 2022 12:16:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664565384; cv=none; d=google.com; s=arc-20160816; b=s2omVD6b0Jn6hS271g27RLXq6YIQjgexGzwjJW+NON+LhjbxKGwKLM5p4VEN2cdkv6 K3L0zzxLvaT3BX2Lsglcp7foDtl0thmxpV8eJLPv9XRRxDXNL6t6rxJtQjdRkxAhS4aJ VKzqDyP2WCz7vCAkyuNHOctRXowKLfti7RbIryfYZjfQYn+xvCstgY1Dvz+6Bfy47HrI W5KhI6k//E9VOVoebTgutcByuGSyYylzBnoIc6pb+tIwgYieMRfYmWpnCr20cwcdsYU2 fnyww02oZ94oNaN+pH3y0nCUi8fKH9r6B5ngHCQXixS2qE+btsMj+nNKvTJDqdZjPK94 Q9Uw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ufcFl7QC0EJUrYLViPNYpawfR5EKVZkn73hbgY4m0/Y=; b=VjNY7eETvJN/ldpYTSZJgk/xOTvepcBJI0VAuoT/ADI/hEb/v9CDKjWi3JPuuGyvoI 21cFub3kvcO9oWnffiXZXRZYX8pvQ8Iq55LgCr9ePm/qdnMhZ1uTN7x8Lm1EMAvsf0qY gKqKaodzk/a0VBWq9Kj/ZM0OQtkX6l7ITWjIclnb6XPm+z65SSGqBfvUqxu1eqgPqzI2 niPZTZLNgba0TE1I9xWoHiiB6VYbF469BAUQivF3d07KpiXvAuAFxIOYnp/GqpcDEDN1 oEfLhlweOLHQU3lC5goL6Vmbhow124aHz3prv6Prqf6oJKPqMVkFNQLH2j7anfRfTs22 8LGw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=VHGkT3e4; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t21-20020a056402525500b00448ab5d3ba3si3105656edd.1.2022.09.30.12.15.58; Fri, 30 Sep 2022 12:16:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=VHGkT3e4; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229613AbiI3TP4 (ORCPT + 99 others); Fri, 30 Sep 2022 15:15:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40466 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229531AbiI3TPz (ORCPT ); Fri, 30 Sep 2022 15:15:55 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 75D72153133 for ; Fri, 30 Sep 2022 12:15:54 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C19246242D for ; Fri, 30 Sep 2022 19:15:53 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id DAD05C433B5; Fri, 30 Sep 2022 19:15:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1664565353; bh=olAXaLNvcVyHbeX5iwRpk3Tf0FgMvTKXQEEez5T0iH8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=VHGkT3e4MSL4tkFF7eJdpaVwP89B10ToVRWMCNS+0TXyLWGQ3Nit/VZ/y2bp/qhPR zT7Kl9UQs+YOHD00DDGpRp5nPJZtWYug3Cc3+rkhtjzUuiiEahFCNC0gvVu9dfLXGG AZb+d9PPxuZ0dyC6fTM0LcXxKiKn6Q/UZkYCsmLcUEEB6nqa8cgywjevnBuA78cPsY hnIgNjsFg3nnXiD4e45jzLpUQm4pM0r71uIBPvSwbMP/0DRQETxoPivd3wne267CGE x565GBRXvD+DQ834Yb7J2YyQ6OJdcWzhIFCBIZFtF8Nu/S0MQE4CUsssX+q2S08kgn qs/usv7k7FAEA== From: Jeff Layton To: chuck.lever@oracle.com Cc: linux-nfs@vger.kernel.org Subject: [PATCH 2/3] nfsd: fix potential race in nfsd_file_close Date: Fri, 30 Sep 2022 15:15:49 -0400 Message-Id: <20220930191550.172087-3-jlayton@kernel.org> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20220930191550.172087-1-jlayton@kernel.org> References: <20220930191550.172087-1-jlayton@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Once we call nfsd_file_put, there is no guarantee that "nf" can still be safely accessed. That may have been the last reference. Change the code to instead check for whether nf_ref is 2 and then unhash it and put the reference if we're successful. We might occasionally race with another lookup and end up unhashing it when it probably shouldn't have been, but that should hopefully be rare and will just result in the competing lookup having to create a new nfsd_file. Signed-off-by: Jeff Layton --- fs/nfsd/filecache.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/fs/nfsd/filecache.c b/fs/nfsd/filecache.c index 6237715bd23e..58f4d9267f4a 100644 --- a/fs/nfsd/filecache.c +++ b/fs/nfsd/filecache.c @@ -461,12 +461,14 @@ nfsd_file_put(struct nfsd_file *nf) */ void nfsd_file_close(struct nfsd_file *nf) { - nfsd_file_put(nf); - if (refcount_dec_if_one(&nf->nf_ref)) { - nfsd_file_unhash(nf); - nfsd_file_lru_remove(nf); - nfsd_file_free(nf); + /* One for the reference being put, and one for the hash */ + if (refcount_read(&nf->nf_ref) == 2) { + if (nfsd_file_unhash(nf)) + nfsd_file_put_noref(nf); } + /* put the ref for the stateid */ + nfsd_file_put(nf); + } struct nfsd_file * -- 2.37.3