Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp3822647rwb; Tue, 8 Nov 2022 08:45:18 -0800 (PST) X-Google-Smtp-Source: AMsMyM68tJB0RQbqUGYFgBcZMsxkNroUntLUX8C1vo7NhaEk2WWV0hcHL5/LeGg7hMvPQvc7i7z7 X-Received: by 2002:a17:902:b20a:b0:178:6f5b:f903 with SMTP id t10-20020a170902b20a00b001786f5bf903mr58608655plr.39.1667925918731; Tue, 08 Nov 2022 08:45:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667925918; cv=none; d=google.com; s=arc-20160816; b=d0afVv5OfPdZxVcYS45vWEbURKLmJme9/+ZbAYdSx2UKXPEdrnL0kd7nsONiD+mIgL wQXzq92Op9IMJ2bh/8CKU712IplnrVyraGcYIeEbmCUsLBunA+fM9udG6+LXn2RO9jWj KdkCkWiQbuspzTBXGb2klIBUjNFNQWO4OE6+RX6P1nStfx53FjQo65dGpP5n3kKJkO0f J7bYy+F69ecPK3MIrnh6nKvRCIW7MFeZzHHHn2x/V+EXutR8YwCj2V8dwdah/MR7Lkmf ndsX+oGU6Qz7YfwlWIu6spPQzwo65c8Ng77mqkMg4Qit3M6Sh8ZvRRd8syC9Ug9D3hFY qoXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent :content-transfer-encoding:references:in-reply-to:date:cc:to:from :subject:message-id:dkim-signature; bh=PxxKaFcV625ms5CTBFn6O8+9wtZ14NAUFURgXPcVAF0=; b=ICHH3sjbXYMOcULyJoywsEqnbqrYi9IUVW3OLEjD80CKtuntjblM2u52zeLJtrVvNh 0YYTlTkQri2v60oVKa+4TUXn/dYcJT+I2708/7pV5fZolAhogy/vZ02O2Bj7BV5t73Yk kuWFBKyu+YRi0g00th5G6ik7ZX7HpuH8wEjeIntL+hqvkTnNdmPzKKwWkXb6+X18cere Ny24WerdtRg375tUuYDHqQQTfFIiyMnnlPuH+s/ydDgslqAr35qyzfE2yPUEvclBx0XM RJUVX+MRJ0cjWRwagqdZJcKYnFHOSHkGHup4TNriemxrkdgeBlYWe7udAGCLdKOH7vZo KvFQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=CjQUABJz; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i63-20020a638742000000b0046b30704f88si15350322pge.5.2022.11.08.08.45.04; Tue, 08 Nov 2022 08:45:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=CjQUABJz; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234402AbiKHQmD (ORCPT + 99 others); Tue, 8 Nov 2022 11:42:03 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32872 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233592AbiKHQmB (ORCPT ); Tue, 8 Nov 2022 11:42:01 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C705957B61 for ; Tue, 8 Nov 2022 08:42:00 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 2FA30616B5 for ; Tue, 8 Nov 2022 16:42:00 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3059DC43149; Tue, 8 Nov 2022 16:41:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1667925719; bh=Js9CbGUFJqxoAwt7b1S6Dz8vcg5Al2/eK4UjHjjy9dI=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=CjQUABJz63H9/NZrDDqGusNoi+NthSIChYnQcm+KA91MgypPM8y0gliuWneAPM3x2 TcF/JHB3299ntjpwAZAi29oyNHscqOsguZU7CEuRB/Zelk904qq7F17WsIi8udcIyx bNr5iOij2EGdDWj8sa3dqhDYGkx03KJkhRrESbKmRkl0jK5mqjezeeKgcuIrUc4f0j MnF7YWiEUZ4QejCDLJVaSlz1dxrgeNRIvYWdYp9zRy4BRgOBPqoD5z+u6OjcvTa4RI n8O6JPjETmkU/S3cqQE1c4bZ++aO/icjrDfd2IEMaRgBRiRYcMkUE1S4uHFYV5N0WY WdKEgyAsGjmrA== Message-ID: Subject: Re: [PATCH] lockd: set other missing fields when unlocking files From: Jeff Layton To: Chuck Lever III Cc: Linux NFS Mailing List , "trondmy@kernel.org" Date: Tue, 08 Nov 2022 11:41:57 -0500 In-Reply-To: References: <20221106190239.404803-1-trondmy@kernel.org> <2b5cffddf1d4d5791758e267b7184f0263519335.camel@kernel.org> <6D002058-C292-4F77-A1B7-C943B3A203C5@oracle.com> Content-Type: text/plain; charset="ISO-8859-15" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.44.4 (3.44.4-2.fc36) MIME-Version: 1.0 X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Tue, 2022-11-08 at 14:57 +0000, Chuck Lever III wrote: >=20 > > On Nov 7, 2022, at 4:55 PM, Chuck Lever III wr= ote: > >=20 > > > On Nov 7, 2022, at 5:48 AM, Jeff Layton wrote: > > >=20 > > > On Sun, 2022-11-06 at 14:02 -0500, trondmy@kernel.org wrote: > > > > From: Trond Myklebust > > > >=20 > > > > vfs_lock_file() expects the struct file_lock to be fully initialise= d by > > > > the caller. > >=20 > > As a reviewer, I don't see anything in the vfs_lock_file() kdoc > > comment that suggests this, and vfs_lock_file() itself is just > > a wrapper around each filesystem's f_ops->lock method. That > > expectation is a bit deeper into NFS-specific code. A few more > > observations below. > >=20 > >=20 > > > > Re-exported NFSv3 has been seen to Oops if the fl_file field > > > > is NULL. > >=20 > > Needs a Link: to the bug report. Which I can add. > >=20 > > This will also give us a call trace we can reference, so I won't > > add that here. > >=20 > >=20 > > > > Fixes: aec158242b87 ("lockd: set fl_owner when unlocking files") > > > > Signed-off-by: Trond Myklebust > > > > --- > > > > fs/lockd/svcsubs.c | 17 ++++++++++------- > > > > 1 file changed, 10 insertions(+), 7 deletions(-) > > > >=20 > > > > diff --git a/fs/lockd/svcsubs.c b/fs/lockd/svcsubs.c > > > > index e1c4617de771..3515f17eaf3f 100644 > > > > --- a/fs/lockd/svcsubs.c > > > > +++ b/fs/lockd/svcsubs.c > > > > @@ -176,7 +176,7 @@ nlm_delete_file(struct nlm_file *file) > > > > } > > > > } > > > >=20 > > > > -static int nlm_unlock_files(struct nlm_file *file, fl_owner_t owne= r) > > > > +static int nlm_unlock_files(struct nlm_file *file, const struct fi= le_lock *fl) > > > > { > > > > struct file_lock lock; > > > >=20 > > > > @@ -184,12 +184,15 @@ static int nlm_unlock_files(struct nlm_file *= file, fl_owner_t owner) > > > > lock.fl_type =3D F_UNLCK; > > > > lock.fl_start =3D 0; > > > > lock.fl_end =3D OFFSET_MAX; > > > > - lock.fl_owner =3D owner; > > > > - if (file->f_file[O_RDONLY] && > > > > - vfs_lock_file(file->f_file[O_RDONLY], F_SETLK, &lock, NULL)) > > > > + lock.fl_owner =3D fl->fl_owner; > > > > + lock.fl_pid =3D fl->fl_pid; > > > > + lock.fl_flags =3D FL_POSIX; > > > > + > > > > + lock.fl_file =3D file->f_file[O_RDONLY]; > > > > + if (lock.fl_file && vfs_lock_file(lock.fl_file, F_SETLK, &lock, N= ULL)) > > > > goto out_err; > > > > - if (file->f_file[O_WRONLY] && > > > > - vfs_lock_file(file->f_file[O_WRONLY], F_SETLK, &lock, NULL)) > > > > + lock.fl_file =3D file->f_file[O_WRONLY]; > > > > + if (lock.fl_file && vfs_lock_file(lock.fl_file, F_SETLK, &lock, N= ULL)) > > > > goto out_err; > > > > return 0; > > > > out_err: > > > > @@ -226,7 +229,7 @@ nlm_traverse_locks(struct nlm_host *host, struc= t nlm_file *file, > > > > if (match(lockhost, host)) { > > > >=20 > > > > spin_unlock(&flctx->flc_lock); > > > > - if (nlm_unlock_files(file, fl->fl_owner)) > > > > + if (nlm_unlock_files(file, fl)) > > > > return 1; > > > > goto again; > > > > } > > >=20 > > > Good catch. > > >=20 > > > I wonder if we ought to roll an initializer function for file_locks t= o > > > make it harder for callers to miss setting some fields like this? One > > > idea: we could change vfs_lock_file to *not* take a file argument, an= d > > > insist that the caller fill out fl_file when calling it? That would m= ake > > > it harder to screw this up. > >=20 > > Commit history shows that, at least as far back as the beginning of > > the git era, the vfs_lock_file() call site here did not initialize > > the fl_file field. So, this code has been working without fully > > initializing @fl for, like, forever. > >=20 > >=20 > > Trond later says: > > > The regression occurs in 5.16, because that was when Bruce merged his > > > patches to enable locking when doing NFS re-exporting. > >=20 > > That means the Fixes: tag above is misleading. The proposed patch > > doesn't actually fix that commit (which went into v5.19), it simply > > applies on that commit. > >=20 > > I haven't been able to find the locking patches mentioned here. I think > > those bear mentioning (by commit ID) in the patch description, at least= . > > If you know the commit ID, Trond, can you pass it along? > >=20 > > Though I would say that, in agreement with Jeff, the true cause of this > > issue is the awkward synopsis for vfs_lock_file(). >=20 > Since Trond has re-assigned the kernel.org bug to me... I'll blather on > a bit more. (Yesterday's patch is still queued up, I can replace it or > move it depending on the outcome of this discussion). >=20 > -> The vfs_{test,lock,cancel}_file APIs all take a file argument. Maybe > we shouldn't remove the @filp argument from vfs_lock_file(). >=20 They all take a file_lock argument as well. @filp is redundant in all of them. Keeping both just increases the ambiguity. I move that we drop the explicit argument since we need to set it in the struct anyway. We could also consider adding a @filp arguments to locks_alloc_lock and locks_init_lock, to make it a bit more evident that it needs to be set. > -> The struct file_lock * argument of vfs_lock_file() is not a const. >=20 That might be tough. Even for "request" fl's we modify some fields in them (for example, fl_wait and fl_blocked_member). fl_file should never change though, once it has been assigned. We could potentially make that const. =20 > After auditing the call sites, I think it would be safe for vfs_lock_file= () > to explicitly overwrite the fl->fl_file field with the value of the @filp > argument before calling f_ops->lock. At the very least, it should sanity- > check that the two pointer values are the same, and document that as an > API requirement. >=20 > Alternatively we could cook up an NFS-specific fix... but the vfs_lock_fi= le > API would still look dodgy. >=20 I see no reason to do anything NFS-specific here. I'd be fine with WARN_ONs in locks.c for now, until we decide what to do longer term. It's possible we have some other call chains that are not setting that field correctly. If we can audit all of the call sites and ensure that they are properly setting fl_file in the struct, we should be able to painlessly drop the separate @filp argument from all of those functions. I'll toss it onto my to-do pile. --=20 Jeff Layton