summaryrefslogtreecommitdiff
path: root/fs/ncpfs/ncpsign_kernel.c
diff options
context:
space:
mode:
authorAndrew Elble <aweits@rit.edu>2015-12-02 09:20:57 -0500
committerJiri Slaby <jslaby@suse.cz>2016-02-24 10:29:51 +0100
commitd92f52252bd94d8c33631ca6d00d0eb5d2ef416a (patch)
treefe03db2db91deb57c8c75a0eb6a39bbbc831a6aa /fs/ncpfs/ncpsign_kernel.c
parent69ef7d4fd9644907eb842a9a49887063df972331 (diff)
downloadlwn-d92f52252bd94d8c33631ca6d00d0eb5d2ef416a.tar.gz
lwn-d92f52252bd94d8c33631ca6d00d0eb5d2ef416a.zip
nfs: Fix race in __update_open_stateid()
commit 361cad3c89070aeb37560860ea8bfc092d545adc upstream. We've seen this in a packet capture - I've intermixed what I think was going on. The fix here is to grab the so_lock sooner. 1964379 -> #1 open (for write) reply seqid=1 1964393 -> #2 open (for read) reply seqid=2 __nfs4_close(), state->n_wronly-- nfs4_state_set_mode_locked(), changes state->state = [R] state->flags is [RW] state->state is [R], state->n_wronly == 0, state->n_rdonly == 1 1964398 -> #3 open (for write) call -> because close is already running 1964399 -> downgrade (to read) call seqid=2 (close of #1) 1964402 -> #3 open (for write) reply seqid=3 __update_open_stateid() nfs_set_open_stateid_locked(), changes state->flags state->flags is [RW] state->state is [R], state->n_wronly == 0, state->n_rdonly == 1 new sequence number is exposed now via nfs4_stateid_copy() next step would be update_open_stateflags(), pending so_lock 1964403 -> downgrade reply seqid=2, fails with OLD_STATEID (close of #1) nfs4_close_prepare() gets so_lock and recalcs flags -> send close 1964405 -> downgrade (to read) call seqid=3 (close of #1 retry) __update_open_stateid() gets so_lock * update_open_stateflags() updates state->n_wronly. nfs4_state_set_mode_locked() updates state->state state->flags is [RW] state->state is [RW], state->n_wronly == 1, state->n_rdonly == 1 * should have suppressed the preceding nfs4_close_prepare() from sending open_downgrade 1964406 -> write call 1964408 -> downgrade (to read) reply seqid=4 (close of #1 retry) nfs_clear_open_stateid_locked() state->flags is [R] state->state is [RW], state->n_wronly == 1, state->n_rdonly == 1 1964409 -> write reply (fails, openmode) Signed-off-by: Andrew Elble <aweits@rit.edu> Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com> Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Diffstat (limited to 'fs/ncpfs/ncpsign_kernel.c')
0 files changed, 0 insertions, 0 deletions