Commit fa7ab64f authored by Trond Myklebust's avatar Trond Myklebust
Browse files

NFS/localio: Fix a race in nfs_local_open_fh() 



Once the clp->cl_uuid.lock has been dropped, another CPU could come in
and free the struct nfsd_file that was just added. To prevent that from
happening, take the RCU read lock before dropping the spin lock.

Fixes: 86e00412 ("nfs: cache all open LOCALIO nfsd_file(s) in client")
Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
Reviewed-by: default avatarMike Snitzer <snitzer@kernel.org>
parent c367eea5

fs/nfs/localio.c

+1 −1
Original line number Diff line number Diff line
@@ -278,6 +278,7 @@ nfs_local_open_fh(struct nfs_client *clp, const struct cred *cred, 
		new = __nfs_local_open_fh(clp, cred, fh, nfl, mode);

		if (IS_ERR(new))

			return NULL;

		rcu_read_lock();

		/* try to swap in the pointer */

		spin_lock(&clp->cl_uuid.lock);

		nf = rcu_dereference_protected(*pnf, 1);
@@ -287,7 +288,6 @@ nfs_local_open_fh(struct nfs_client *clp, const struct cred *cred, 
			rcu_assign_pointer(*pnf, nf);

		}

		spin_unlock(&clp->cl_uuid.lock);

		rcu_read_lock();

	}

	nf = nfs_local_file_get(nf);

	rcu_read_unlock();