• Trond Myklebust's avatar
    nfsd: Don't add locks to closed or closing open stateids · 1ab250aa
    Trond Myklebust authored
    [ Upstream commit a451b123 ]
    
    In NFSv4, the lock stateids are tied to the lockowner, and the open stateid,
    so that the action of closing the file also results in either an automatic
    loss of the locks, or an error of the form NFS4ERR_LOCKS_HELD.
    
    In practice this means we must not add new locks to the open stateid
    after the close process has been invoked. In fact doing so, can result
    in the following panic:
    
     kernel BUG at lib/list_debug.c:51!
     invalid opcode: 0000 [#1] SMP NOPTI
     CPU: 2 PID: 1085 Comm: nfsd Not tainted 5.6.0-rc3+ #2
     Hardware name: VMware, Inc. VMware7,1/440BX Desktop Reference Platform, BIOS VMW71.00V.14410784.B64.1908150010 08/15/2019
     RIP: 0010:__list_del_entry_valid.cold+0x31/0x55
     Code: 1a 3d 9b e8 74 10 c2 ff 0f 0b 48 c7 c7 f0 1a 3d 9b e8 66 10 c2 ff 0f 0b 48 89 f2 48 89 fe 48 c7 c7 b0 1a 3d 9b e8 52 10 c2 ff <0f> 0b 48 89 fe 4c 89 c2 48 c7 c7 78 1a 3d 9b e8 3e 10 c2 ff 0f 0b
     RSP: 0018:ffffb296c1d47d90 EFLAGS: 00010246
     RAX: 0000000000000054 RBX: ffff8ba032456ec8 RCX: 0000000000000000
     RDX: 0000000000000000 RSI: ffff8ba039e99cc8 RDI: ffff8ba039e99cc8
     RBP: ffff8ba032456e60 R08: 0000000000000781 R09: 0000000000000003
     R10: 0000000000000000 R11: 0000000000000001 R12: ffff8ba009a4abe0
     R13: ffff8ba032456e8c R14: 0000000000000000 R15: ffff8ba00adb01d8
     FS:  0000000000000000(0000) GS:ffff8ba039e80000(0000) knlGS:0000000000000000
     CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
     CR2: 00007fb213f0b008 CR3: 00000001347de006 CR4: 00000000003606e0
     Call Trace:
      release_lock_stateid+0x2b/0x80 [nfsd]
      nfsd4_free_stateid+0x1e9/0x210 [nfsd]
      nfsd4_proc_compound+0x414/0x700 [nfsd]
      ? nfs4svc_decode_compoundargs+0x407/0x4c0 [nfsd]
      nfsd_dispatch+0xc1/0x200 [nfsd]
      svc_process_common+0x476/0x6f0 [sunrpc]
      ? svc_sock_secure_port+0x12/0x30 [sunrpc]
      ? svc_recv+0x313/0x9c0 [sunrpc]
      ? nfsd_svc+0x2d0/0x2d0 [nfsd]
      svc_process+0xd4/0x110 [sunrpc]
      nfsd+0xe3/0x140 [nfsd]
      kthread+0xf9/0x130
      ? nfsd_destroy+0x50/0x50 [nfsd]
      ? kthread_park+0x90/0x90
      ret_from_fork+0x1f/0x40
    
    The fix is to ensure that lock creation tests for whether or not the
    open stateid is unhashed, and to fail if that is the case.
    
    Fixes: 659aefb6 ("nfsd: Ensure we don't recognise lock stateids after freeing them")
    Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
    Signed-off-by: default avatarChuck Lever <chuck.lever@oracle.com>
    Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
    1ab250aa
nfs4state.c 188 KB