Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 2a974425e57fb882c93709c6072bf66d04431635^! / . / fs / nfs / pnfs.c
commit2a974425e57fb882c93709c6072bf66d04431635[log] [tgz]
authorTrond Myklebust <trond.myklebust@primarydata.com>Sun Nov 20 13:13:54 2016 -0500
committerTrond Myklebust <trond.myklebust@primarydata.com>Thu Dec 01 17:21:43 2016 -0500
treee76a058429db171c98f5fb58e927441128b11ff7
parent68f744797edd27016055c562a605691f5d4ac933 [diff] [blame]
NFSv4: Ignore LAYOUTRETURN result if the layout doesn't match or is invalid

Fix a potential race with CB_LAYOUTRECALL in which the server recalls the
remaining layout segments while our LAYOUTRETURN is still in transit.

Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>

diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c
index 555151b..471018f 100644
--- a/fs/nfs/pnfs.c
+++ b/fs/nfs/pnfs.c

@@ -961,20 +961,26 @@
 }
 
 void pnfs_layoutreturn_free_lsegs(struct pnfs_layout_hdr *lo,
+		const nfs4_stateid *arg_stateid,
 		const struct pnfs_layout_range *range,
-		u32 seq,
 		const nfs4_stateid *stateid)
 {
 	struct inode *inode = lo->plh_inode;
 	LIST_HEAD(freeme);
 
 	spin_lock(&inode->i_lock);
+	if (!pnfs_layout_is_valid(lo) || !arg_stateid ||
+	    !nfs4_stateid_match_other(&lo->plh_stateid, arg_stateid))
+		goto out_unlock;
 	if (stateid) {
+		u32 seq = be32_to_cpu(arg_stateid->seqid);
+
 		pnfs_mark_matching_lsegs_invalid(lo, &freeme, range, seq);
 		pnfs_free_returned_lsegs(lo, &freeme, range, seq);
 		pnfs_set_layout_stateid(lo, stateid, true);
 	} else
 		pnfs_mark_layout_stateid_invalid(lo, &freeme);
+out_unlock:
 	pnfs_clear_layoutreturn_waitbit(lo);
 	spin_unlock(&inode->i_lock);
 	pnfs_free_lseg_list(&freeme);