Commit db155b7c authored Aug 25, 2025 by Sergey Bashirov Committed by Chuck Lever Sep 25, 2025

NFSD: Disallow layoutget during grace period



When the server is recovering from a reboot and is in a grace period,
any operation that may result in deletion or reallocation of block
extents should not be allowed. See RFC 8881, section 18.43.3.

If multiple clients write data to the same file, rebooting the server
during writing may result in file corruption. In the worst case, the
exported XFS may also become corrupted. Observed this behavior while
testing pNFS block volume setup.

Co-developed-by: Konstantin Evtushenko <koevtushenko@yandex.com>
Signed-off-by: Konstantin Evtushenko <koevtushenko@yandex.com>
Signed-off-by: Sergey Bashirov <sergeybashirov@gmail.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

parent 6c15463c

fs/nfsd/nfs4proc.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -2435,6 +2435,7 @@ static __be32
		nfsd4_layoutget(struct svc_rqst *rqstp,
		struct nfsd4_compound_state cstate, union nfsd4_op_u u)
		{
		struct net *net = SVC_NET(rqstp);
		struct nfsd4_layoutget *lgp = &u->layoutget;
		struct svc_fh *current_fh = &cstate->current_fh;
		const struct nfsd4_layout_ops *ops;
		@@ -2486,6 +2487,10 @@ nfsd4_layoutget(struct svc_rqst *rqstp,
		if (lgp->lg_seg.length == 0)
		goto out;

		nfserr = nfserr_grace;
		if (locks_in_grace(net))
		goto out;

		nfserr = nfsd4_preprocess_layout_stateid(rqstp, cstate, &lgp->lg_sid,
		true, lgp->lg_layout_type, &ls);
		if (nfserr) {