Re: [patch] nfs: fix locking in nfs/inode.c innfs_free_open_context

[Trond Myklebust]

On Thu, 2007-07-26 at 13:23 +0200, Arnd Bergmann wrote:
> On Wednesday 25 July 2007, Trond Myklebust wrote:
> > 
> > On Wed, 2007-07-25 at 17:08 +0200, Christian Krafft wrote:
> > 
> > > Obviously the locking code in nfs_free_open_context is wrong.
> > > Checking the list for entries and removing the entry should be an atomic operation.
> > 
> > Wrong. It is quite safe to test the structure member ctx->list for
> > emptiness outside the spinlock because we have an explicit guarantee
> > that nobody else has a reference to this structure, plus the
> > atomic_dec_and_test() in kref_put() has acted as a memory barrier for
> > us.
> 
> Well, the real question then is how the ctx can still be present in the
> nfsi->open_files list. Since we are in nfs_free_open_context(), there
> must not be any pointer to the ctx anywhere, but still we have this other
> thread calling get_nfs_open_context() on it.

Yup. That is definitely a bug. I wish we had a 'kref_put_and_lock' to
deal with these situations where you want to grab a lock atomically with
the last put. It would make krefs a lot more useful...

Trond

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/