NFSv4: Ignore LAYOUTRETURN result if the layout doesn't match or is invalid

Fix a potential race with CB_LAYOUTRECALL in which the server recalls the
remaining layout segments while our LAYOUTRETURN is still in transit.

Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>

diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index 561b21e4a930a77412536577c78ab358dccdd457..87972cfa62bc4f68ceda8d2fb8b5a1b944acf948 100644 (file)
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -8574,8 +8574,7 @@ static void nfs4_layoutreturn_release(void *calldata)
        struct pnfs_layout_hdr *lo = lrp->args.layout;
 
        dprintk("--> %s\n", __func__);
-       pnfs_layoutreturn_free_lsegs(lo, &lrp->args.range,
-                       be32_to_cpu(lrp->args.stateid.seqid),
+       pnfs_layoutreturn_free_lsegs(lo, &lrp->args.stateid, &lrp->args.range,
                        lrp->res.lrs_present ? &lrp->res.stateid : NULL);
        nfs4_sequence_free_slot(&lrp->res.seq_res);
        pnfs_put_layout_hdr(lrp->args.layout);

diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c
index 555151b6d31bece0a687f96abc9c30b006c09381..471018f27c8da9ab1c8ebad1e37f69d4ce539e0a 100644 (file)
--- a/fs/nfs/pnfs.c
+++ b/fs/nfs/pnfs.c
@@ -961,20 +961,26 @@ static void pnfs_clear_layoutreturn_waitbit(struct pnfs_layout_hdr *lo)
 }
 
 void pnfs_layoutreturn_free_lsegs(struct pnfs_layout_hdr *lo,
+               const nfs4_stateid *arg_stateid,
                const struct pnfs_layout_range *range,
-               u32 seq,
                const nfs4_stateid *stateid)
 {
        struct inode *inode = lo->plh_inode;
        LIST_HEAD(freeme);
 
        spin_lock(&inode->i_lock);
+       if (!pnfs_layout_is_valid(lo) || !arg_stateid ||
+           !nfs4_stateid_match_other(&lo->plh_stateid, arg_stateid))
+               goto out_unlock;
        if (stateid) {
+               u32 seq = be32_to_cpu(arg_stateid->seqid);
+
                pnfs_mark_matching_lsegs_invalid(lo, &freeme, range, seq);
                pnfs_free_returned_lsegs(lo, &freeme, range, seq);
                pnfs_set_layout_stateid(lo, stateid, true);
        } else
                pnfs_mark_layout_stateid_invalid(lo, &freeme);
+out_unlock:
        pnfs_clear_layoutreturn_waitbit(lo);
        spin_unlock(&inode->i_lock);
        pnfs_free_lseg_list(&freeme);

diff --git a/fs/nfs/pnfs.h b/fs/nfs/pnfs.h
index a382710edf4033e1fb4a31b83b386466b8dc7c62..bc9a3aa31d3c4b81645d5399acaa6a4f3de53825 100644 (file)
--- a/fs/nfs/pnfs.h
+++ b/fs/nfs/pnfs.h
@@ -295,8 +295,8 @@ struct pnfs_layout_segment *pnfs_update_layout(struct inode *ino,
                                               bool strict_iomode,
                                               gfp_t gfp_flags);
 void pnfs_layoutreturn_free_lsegs(struct pnfs_layout_hdr *lo,
+               const nfs4_stateid *arg_stateid,
                const struct pnfs_layout_range *range,
-               u32 seq,
                const nfs4_stateid *stateid);
 
 void pnfs_generic_layout_insert_lseg(struct pnfs_layout_hdr *lo,