Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp6841340rwb; Wed, 18 Jan 2023 10:01:33 -0800 (PST) X-Google-Smtp-Source: AMrXdXtp8IcZImyBEvzDO2DbTWxf+HqSJXl2ajH2yP++EWmDN55/8PihNJaTPn1EX0CHxjtS9HGz X-Received: by 2002:a17:907:c11:b0:844:79b1:ab36 with SMTP id ga17-20020a1709070c1100b0084479b1ab36mr29486941ejc.25.1674064892774; Wed, 18 Jan 2023 10:01:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674064892; cv=none; d=google.com; s=arc-20160816; b=rPwwxdtpG4bxeeH8sZGCNfQmqLh4KykL0pJ2tsZ+HGQ3d0oMFFMhMvwXPqViV94Aqd BVZFQdgpIFIG6YEPZUFeFlmVKkTBD9WogxZ4uGMWoNmsSMpZcqc/SRqS8KJa7blhNJaL Ph5WMonlGKb0/h5bD7FVH9vMAYuL2i3uEWNhRxqHmNc5ZqVc/cB2t8yu8ExWeKzFmVRl gKosR5B5y1usugzVaaNP6zpuRegpyB1LZJDXPrBcl+WJW+QWcvOfeLt1q2e08aBaa8g9 Q6U6dL5fKl4yvXdSJ5rwH6D5+sRkHKSWL0cp25bx83d1+UP/2WYcrTbfrllxdhWpcVz+ ke7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent :content-transfer-encoding:references:in-reply-to:date:cc:to:from :subject:message-id:dkim-signature; bh=IfHhIci6ES9nE5eStW27vvFtDUedgvDDkWv/e/EdEss=; b=aX+Cuy4lNMaigmwCP1cXbDZ91qmJPInNxxTpSe8ZIDyJKpkIhFodCg5DLV0zn0z3ii P6eBhweyeUnN7FLtr+XLd8APTtSJb4dSWoe14iOZd559DqfHsl5SXIWIbboTR0vmIiQp 0T5BxTcO1JVdU2ufG1AGI7Tip+1vF9eyamOujoTLa7Oi19E5gz2mf/TMeRqcn0bQNkRM onDrNSdQkMmlIpYmqU5BAX9OKYrqdc0ggXirRr0EMAAHkI98MQLDLNghTOna7DYnLLN/ X/g9KqJ9L4WETkJyJCgYHKmbOxnqHUszLfC6L2+zDO2OPKDQXceus91y8hBm26vkHf/k 5v6g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=urAX5eTa; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id fj3-20020a1709069c8300b00871a4e8d7bfsi7821026ejc.230.2023.01.18.10.01.05; Wed, 18 Jan 2023 10:01:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=urAX5eTa; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229483AbjARRtQ (ORCPT + 99 others); Wed, 18 Jan 2023 12:49:16 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47164 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229591AbjARRtP (ORCPT ); Wed, 18 Jan 2023 12:49:15 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 972CD37F18 for ; Wed, 18 Jan 2023 09:49:14 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 3630361921 for ; Wed, 18 Jan 2023 17:49:14 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 42291C433D2; Wed, 18 Jan 2023 17:49:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1674064153; bh=l1K/NzcrIYDLYX9BEFmqGEn7GyzX12VSsnmeSy+oNUw=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=urAX5eTar6xWEaQ4U89RBtLSxLda88AMO9i56S9C6/26hRj4/Ma6rzxM0zq3hS7LL 9I9ehBiDNsmxrAOYHnRJ/gHxWjEpLeCetTfptU7SiYU4z6vJNfeHvfTwVWfKF57mYm aL8KkGFoOUU39vd88GLX4GJN23MnF5LNDreZXR1vl3FSx8caUx5sIPs+WxzLktWfae jdmcCIqwQdb+64+Oo4W6Gfb9uMd7NUC3QtB3MAWmmnB9/FZ4FjmeE1xRdTgMHF198+ 4aZD6/MGTNzzvW+6F36tkd5vkywiKrRHAnzHTWijMMrDsUEf6maz2JtulqvqhWseJ9 Z4a27dziO6dQA== Message-ID: <944bf7f3e6956989933d07aabd4a632de2ec4667.camel@kernel.org> Subject: Re: [PATCH 1/6] nfsd: don't take nfsd4_copy ref for OP_OFFLOAD_STATUS From: Jeff Layton To: Olga Kornievskaia Cc: chuck.lever@oracle.com, linux-nfs@vger.kernel.org Date: Wed, 18 Jan 2023 12:49:11 -0500 In-Reply-To: References: <20230118173139.71846-1-jlayton@kernel.org> <20230118173139.71846-2-jlayton@kernel.org> Content-Type: text/plain; charset="ISO-8859-15" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.46.3 (3.46.3-1.fc37) MIME-Version: 1.0 X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Wed, 2023-01-18 at 12:43 -0500, Olga Kornievskaia wrote: > On Wed, Jan 18, 2023 at 12:35 PM Jeff Layton wrote: > >=20 > > We're not doing any blocking operations for OP_OFFLOAD_STATUS, so takin= g > > and putting a reference is a waste of effort. Take the client lock, > > search for the copy and fetch the wr_bytes_written field and return. > >=20 > > Also, make find_async_copy a static function. > >=20 > > Signed-off-by: Jeff Layton > > --- > > fs/nfsd/nfs4proc.c | 35 ++++++++++++++++++++++++----------- > > fs/nfsd/state.h | 2 -- > > 2 files changed, 24 insertions(+), 13 deletions(-) > >=20 > > diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c > > index 62b9d6c1b18b..731c2b22f163 100644 > > --- a/fs/nfsd/nfs4proc.c > > +++ b/fs/nfsd/nfs4proc.c > > @@ -1823,23 +1823,34 @@ nfsd4_copy(struct svc_rqst *rqstp, struct nfsd4= _compound_state *cstate, > > goto out; > > } > >=20 > > -struct nfsd4_copy * > > -find_async_copy(struct nfs4_client *clp, stateid_t *stateid) > > +static struct nfsd4_copy * > > +find_async_copy_locked(struct nfs4_client *clp, stateid_t *stateid) > > { > > struct nfsd4_copy *copy; > >=20 > > - spin_lock(&clp->async_lock); > > + lockdep_assert_held(&clp->async_lock); > > + > > list_for_each_entry(copy, &clp->async_copies, copies) { > > if (memcmp(©->cp_stateid.cs_stid, stateid, NFS4_STA= TEID_SIZE)) > > continue; > > - refcount_inc(©->refcount); >=20 > If we don't take a refcount on the copy, this copy could be removed > between the time we found it in the list of copies and when we then > look inside to check the amount written so far. This would lead to a > null (or bad) pointer dereference? >=20 No. The existing code finds this object, takes a reference to it, fetches a single integer out of it and then puts the reference. This patch just has it avoid the reference altogether and fetch the value while we still hold the spinlock. This should be completely safe (assuming the locking around the existing list handling is correct, which it does seem to be). > > - spin_unlock(&clp->async_lock); > > return copy; > > } > > - spin_unlock(&clp->async_lock); > > return NULL; > > } > >=20 > > +static struct nfsd4_copy * > > +find_async_copy(struct nfs4_client *clp, stateid_t *stateid) > > +{ > > + struct nfsd4_copy *copy; > > + > > + spin_lock(&clp->async_lock); > > + copy =3D find_async_copy_locked(clp, stateid); > > + if (copy) > > + refcount_inc(©->refcount); > > + spin_unlock(&clp->async_lock); > > + return copy; > > +} > > + > > static __be32 > > nfsd4_offload_cancel(struct svc_rqst *rqstp, > > struct nfsd4_compound_state *cstate, > > @@ -1924,22 +1935,24 @@ nfsd4_fallocate(struct svc_rqst *rqstp, struct = nfsd4_compound_state *cstate, > > nfsd_file_put(nf); > > return status; > > } > > + > > static __be32 > > nfsd4_offload_status(struct svc_rqst *rqstp, > > struct nfsd4_compound_state *cstate, > > union nfsd4_op_u *u) > > { > > struct nfsd4_offload_status *os =3D &u->offload_status; > > - __be32 status =3D 0; > > + __be32 status =3D nfs_ok; > > struct nfsd4_copy *copy; > > struct nfs4_client *clp =3D cstate->clp; > >=20 > > - copy =3D find_async_copy(clp, &os->stateid); > > - if (copy) { > > + spin_lock(&clp->async_lock); > > + copy =3D find_async_copy_locked(clp, &os->stateid); > > + if (copy) > > os->count =3D copy->cp_res.wr_bytes_written; > > - nfs4_put_copy(copy); > > - } else > > + else > > status =3D nfserr_bad_stateid; > > + spin_unlock(&clp->async_lock); > >=20 > > return status; > > } > > diff --git a/fs/nfsd/state.h b/fs/nfsd/state.h > > index e94634d30591..d49d3060ed4f 100644 > > --- a/fs/nfsd/state.h > > +++ b/fs/nfsd/state.h > > @@ -705,8 +705,6 @@ extern struct nfs4_client_reclaim *nfs4_client_to_r= eclaim(struct xdr_netobj name > > extern bool nfs4_has_reclaimed_state(struct xdr_netobj name, struct nf= sd_net *nn); > >=20 > > void put_nfs4_file(struct nfs4_file *fi); > > -extern struct nfsd4_copy * > > -find_async_copy(struct nfs4_client *clp, stateid_t *staetid); > > extern void nfs4_put_cpntf_state(struct nfsd_net *nn, > > struct nfs4_cpntf_state *cps); > > extern __be32 manage_cpntf_state(struct nfsd_net *nn, stateid_t *st, > > -- > > 2.39.0 > >=20 --=20 Jeff Layton