aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorTrond Myklebust <Trond.Myklebust@netapp.com>2006-03-20 13:44:41 -0500
committerTrond Myklebust <Trond.Myklebust@netapp.com>2006-03-20 13:44:41 -0500
commit4c060b531006e0711db32a132d6ac7661594b280 (patch)
tree899f281dfec3da7e29ede2e76019b3861116714f /fs
parent26bcbf965f857c710adafd16cf424f043006b5dd (diff)
lockd: Fix Oopses due to list manipulation errors.
The patch "stop abusing file_lock_list introduces a couple of bugs since the locks may be copied and need to be removed from the lists when they are destroyed. Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Diffstat (limited to 'fs')
-rw-r--r--fs/lockd/clntlock.c7
-rw-r--r--fs/lockd/clntproc.c15
-rw-r--r--fs/lockd/host.c7
3 files changed, 15 insertions, 14 deletions
diff --git a/fs/lockd/clntlock.c b/fs/lockd/clntlock.c
index 0fc0ee267b04..7cf41c1e1a88 100644
--- a/fs/lockd/clntlock.c
+++ b/fs/lockd/clntlock.c
@@ -213,11 +213,12 @@ reclaimer(void *ptr)
213 /* First, reclaim all locks that have been marked. */ 213 /* First, reclaim all locks that have been marked. */
214restart: 214restart:
215 list_for_each_entry_safe(fl, next, &host->h_reclaim, fl_u.nfs_fl.list) { 215 list_for_each_entry_safe(fl, next, &host->h_reclaim, fl_u.nfs_fl.list) {
216 list_del(&fl->fl_u.nfs_fl.list); 216 list_del_init(&fl->fl_u.nfs_fl.list);
217 217
218 nlmclnt_reclaim(host, fl);
219 if (signalled()) 218 if (signalled())
220 break; 219 continue;
220 if (nlmclnt_reclaim(host, fl) == 0)
221 list_add_tail(&fl->fl_u.nfs_fl.list, &host->h_granted);
221 goto restart; 222 goto restart;
222 } 223 }
223 224
diff --git a/fs/lockd/clntproc.c b/fs/lockd/clntproc.c
index cb469431bd1d..3e90356b4882 100644
--- a/fs/lockd/clntproc.c
+++ b/fs/lockd/clntproc.c
@@ -446,12 +446,14 @@ nlmclnt_test(struct nlm_rqst *req, struct file_lock *fl)
446 446
447static void nlmclnt_locks_copy_lock(struct file_lock *new, struct file_lock *fl) 447static void nlmclnt_locks_copy_lock(struct file_lock *new, struct file_lock *fl)
448{ 448{
449 memcpy(&new->fl_u.nfs_fl, &fl->fl_u.nfs_fl, sizeof(new->fl_u.nfs_fl)); 449 new->fl_u.nfs_fl.state = fl->fl_u.nfs_fl.state;
450 nlm_get_lockowner(new->fl_u.nfs_fl.owner); 450 new->fl_u.nfs_fl.owner = nlm_get_lockowner(fl->fl_u.nfs_fl.owner);
451 list_add_tail(&new->fl_u.nfs_fl.list, &fl->fl_u.nfs_fl.owner->host->h_granted);
451} 452}
452 453
453static void nlmclnt_locks_release_private(struct file_lock *fl) 454static void nlmclnt_locks_release_private(struct file_lock *fl)
454{ 455{
456 list_del(&fl->fl_u.nfs_fl.list);
455 nlm_put_lockowner(fl->fl_u.nfs_fl.owner); 457 nlm_put_lockowner(fl->fl_u.nfs_fl.owner);
456 fl->fl_ops = NULL; 458 fl->fl_ops = NULL;
457} 459}
@@ -466,6 +468,7 @@ static void nlmclnt_locks_init_private(struct file_lock *fl, struct nlm_host *ho
466 BUG_ON(fl->fl_ops != NULL); 468 BUG_ON(fl->fl_ops != NULL);
467 fl->fl_u.nfs_fl.state = 0; 469 fl->fl_u.nfs_fl.state = 0;
468 fl->fl_u.nfs_fl.owner = nlm_find_lockowner(host, fl->fl_owner); 470 fl->fl_u.nfs_fl.owner = nlm_find_lockowner(host, fl->fl_owner);
471 INIT_LIST_HEAD(&fl->fl_u.nfs_fl.list);
469 fl->fl_ops = &nlmclnt_lock_ops; 472 fl->fl_ops = &nlmclnt_lock_ops;
470} 473}
471 474
@@ -552,7 +555,7 @@ nlmclnt_lock(struct nlm_rqst *req, struct file_lock *fl)
552 if (resp->status == NLM_LCK_GRANTED) { 555 if (resp->status == NLM_LCK_GRANTED) {
553 fl->fl_u.nfs_fl.state = host->h_state; 556 fl->fl_u.nfs_fl.state = host->h_state;
554 fl->fl_flags |= FL_SLEEP; 557 fl->fl_flags |= FL_SLEEP;
555 list_add_tail(&fl->fl_u.nfs_fl.list, &host->h_granted); 558 /* Ensure the resulting lock will get added to granted list */
556 do_vfs_lock(fl); 559 do_vfs_lock(fl);
557 } 560 }
558 status = nlm_stat_to_errno(resp->status); 561 status = nlm_stat_to_errno(resp->status);
@@ -619,12 +622,6 @@ nlmclnt_unlock(struct nlm_rqst *req, struct file_lock *fl)
619 int status; 622 int status;
620 623
621 /* 624 /*
622 * Remove from the granted list now so the lock doesn't get
623 * reclaimed while we're stuck in the unlock call.
624 */
625 list_del(&fl->fl_u.nfs_fl.list);
626
627 /*
628 * Note: the server is supposed to either grant us the unlock 625 * Note: the server is supposed to either grant us the unlock
629 * request, or to deny it with NLM_LCK_DENIED_GRACE_PERIOD. In either 626 * request, or to deny it with NLM_LCK_DENIED_GRACE_PERIOD. In either
630 * case, we want to unlock. 627 * case, we want to unlock.
diff --git a/fs/lockd/host.c b/fs/lockd/host.c
index f456f8ed9acd..112ebf8b8dfe 100644
--- a/fs/lockd/host.c
+++ b/fs/lockd/host.c
@@ -245,8 +245,12 @@ void nlm_release_host(struct nlm_host *host)
245{ 245{
246 if (host != NULL) { 246 if (host != NULL) {
247 dprintk("lockd: release host %s\n", host->h_name); 247 dprintk("lockd: release host %s\n", host->h_name);
248 atomic_dec(&host->h_count);
249 BUG_ON(atomic_read(&host->h_count) < 0); 248 BUG_ON(atomic_read(&host->h_count) < 0);
249 if (atomic_dec_and_test(&host->h_count)) {
250 BUG_ON(!list_empty(&host->h_lockowners));
251 BUG_ON(!list_empty(&host->h_granted));
252 BUG_ON(!list_empty(&host->h_reclaim));
253 }
250 } 254 }
251} 255}
252 256
@@ -334,7 +338,6 @@ nlm_gc_hosts(void)
334 rpc_destroy_client(host->h_rpcclnt); 338 rpc_destroy_client(host->h_rpcclnt);
335 } 339 }
336 } 340 }
337 BUG_ON(!list_empty(&host->h_lockowners));
338 kfree(host); 341 kfree(host);
339 nrhosts--; 342 nrhosts--;
340 } 343 }