Skip to content
Snippets Groups Projects
Commit c84a01a0 authored by Trond Myklebust's avatar Trond Myklebust Committed by Frieder Schrempf
Browse files

pNFS: Fix a hang in nfs4_evict_inode() 


commit f6395572 upstream.

We are not allowed to call pnfs_mark_matching_lsegs_return() without
also holding a reference to the layout header, since doing so could lead
to the reference count going to zero when we call
pnfs_layout_remove_lseg(). This again can lead to a hang when we get to
nfs4_evict_inode() and are unable to clear the layout pointer.

pnfs_layout_return_unused_byserver() is guilty of this behaviour, and
has been seen to trigger the refcount warning prior to a hang.

Fixes: b6d49ecd ("NFSv4: Fix a pNFS layout related use-after-free race when freeing the inode")
Cc: stable@vger.kernel.org
Signed-off-by: default avatarTrond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 21dfd5fd
No related branches found
No related tags found
1 merge request!109🤖 Sync Bot: Update v5.10-ktn to Latest Stable Kernel (v5.10.199)
Hide whitespace changes
Inline Side-by-side
Showing
with 23 additions and 10 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment