diff options
| author | Jeff Layton <jlayton@primarydata.com> | 2014-07-21 17:34:57 +0400 |
|---|---|---|
| committer | J. Bruce Fields <bfields@redhat.com> | 2014-07-22 00:31:17 +0400 |
| commit | 417c6629b2d81d5a18d29c4bbb6a9a4c64282a36 (patch) | |
| tree | 691e9767ccb2477f26c140721bb2251cc14d1f4d /fs/nfsd/state.h | |
| parent | 57a371442112856388c3c2fd4b0867ef3280896a (diff) | |
| download | linux-417c6629b2d81d5a18d29c4bbb6a9a4c64282a36.tar.xz | |
nfsd: fix race that grants unrecallable delegation
If nfs4_setlease succesfully acquires a new delegation, then another
task breaks the delegation before we reach hash_delegation_locked, then
the breaking task will see an empty fi_delegations list and do nothing.
The client will receive an open reply incorrectly granting a delegation
and will never receive a recall.
Move more of the delegation fields to be protected by the fi_lock. It's
more granular than the state_lock and in later patches we'll want to
be able to rely on it in addition to the state_lock.
Attempt to acquire a delegation. If that succeeds, take the spinlocks
and then check to see if the file has had a conflict show up since then.
If it has, then we assume that the lease is no longer valid and that
we shouldn't hand out a delegation.
There's also one more potential (but very unlikely) problem. If the
lease is broken before the delegation is hashed, then it could leak.
In the event that the fi_delegations list is empty, reset the
fl_break_time to jiffies so that it's cleaned up ASAP by
the normal lease handling code.
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Jeff Layton <jlayton@primarydata.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'fs/nfsd/state.h')
0 files changed, 0 insertions, 0 deletions