Pandora Sourcecodes - pandora-kernel.git/commit

author	Jeff Layton <jlayton@primarydata.com>
	Mon, 21 Jul 2014 13:34:57 +0000 (09:34 -0400)
committer	J. Bruce Fields <bfields@redhat.com>
	Mon, 21 Jul 2014 20:31:17 +0000 (16:31 -0400)
commit	417c6629b2d81d5a18d29c4bbb6a9a4c64282a36
tree	691e9767ccb2477f26c140721bb2251cc14d1f4d	tree \| snapshot
parent	57a371442112856388c3c2fd4b0867ef3280896a	commit \| diff

nfsd: fix race that grants unrecallable delegation

If nfs4_setlease succesfully acquires a new delegation, then another
task breaks the delegation before we reach hash_delegation_locked, then
the breaking task will see an empty fi_delegations list and do nothing.
The client will receive an open reply incorrectly granting a delegation
and will never receive a recall.

Move more of the delegation fields to be protected by the fi_lock. It's
more granular than the state_lock and in later patches we'll want to
be able to rely on it in addition to the state_lock.

Attempt to acquire a delegation. If that succeeds, take the spinlocks
and then check to see if the file has had a conflict show up since then.
If it has, then we assume that the lease is no longer valid and that
we shouldn't hand out a delegation.

There's also one more potential (but very unlikely) problem. If the
lease is broken before the delegation is hashed, then it could leak.
In the event that the fi_delegations list is empty, reset the
fl_break_time to jiffies so that it's cleaned up ASAP by
the normal lease handling code.

Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Signed-off-by: Jeff Layton <jlayton@primarydata.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>