NFS: Don't hold the group lock when calling nfs_release_request()
authorTrond Myklebust <trond.myklebust@primarydata.com>
Sat, 9 Sep 2017 19:31:28 +0000 (15:31 -0400)
committerTrond Myklebust <trond.myklebust@primarydata.com>
Sat, 9 Sep 2017 19:36:40 +0000 (15:36 -0400)
That can deadlock if this is the last reference since
nfs_page_group_destroy() calls nfs_page_group_sync_on_bit().
Note that even if the page was removed from the subpage list,
the req->wb_head could still be pointing to the old head.

Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
fs/nfs/write.c

index 121218d4e5edf4cc91dcc73d5322b77d9cd0b40e..36d34a4c86bd72447f6bfbe0b85a538508e8f0d2 100644 (file)
@@ -532,9 +532,9 @@ try_again:
                } else if (WARN_ON_ONCE(subreq->wb_offset < head->wb_offset ||
                            ((subreq->wb_offset + subreq->wb_bytes) >
                             (head->wb_offset + total_bytes)))) {
                } else if (WARN_ON_ONCE(subreq->wb_offset < head->wb_offset ||
                            ((subreq->wb_offset + subreq->wb_bytes) >
                             (head->wb_offset + total_bytes)))) {
+                       nfs_page_group_unlock(head);
                        nfs_unroll_locks(inode, head, subreq);
                        nfs_unlock_and_release_request(subreq);
                        nfs_unroll_locks(inode, head, subreq);
                        nfs_unlock_and_release_request(subreq);
-                       nfs_page_group_unlock(head);
                        nfs_unlock_and_release_request(head);
                        return ERR_PTR(-EIO);
                }
                        nfs_unlock_and_release_request(head);
                        return ERR_PTR(-EIO);
                }