Commit f0f51f5c authored by J. Bruce Fields's avatar J. Bruce Fields
Browse files

nfsd4: allow destroy_session over destroyed session 



RFC 5661 allows a client to destroy a session using a compound
associated with the destroyed session, as long as the DESTROY_SESSION op
is the last op of the compound.

We attempt to allow this, but testing against a Solaris client (which
does destroy sessions in this way) showed that we were failing the
DESTROY_SESSION with NFS4ERR_DELAY, because we assumed the reference
count on the session (held by us) represented another rpc in progress
over this session.

Fix this by noting that in this case the expected reference count is 1,
not 0.

Also, note as long as the session holds a reference to the compound
we're destroying, we can't free it here--instead, delay the free till
the final put in nfs4svc_encode_compoundres.

Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
parent 0979292b

fs/nfsd/nfs4state.c

+14 −9
Original line number Diff line number Diff line
@@ -97,19 +97,20 @@ nfs4_lock_state(void) 


static void free_session(struct nfsd4_session *);



void nfsd4_put_session(struct nfsd4_session *ses)

static bool is_session_dead(struct nfsd4_session *ses)

{

	atomic_dec(&ses->se_ref);

	return ses->se_flags & NFS4_SESSION_DEAD;

}



static bool is_session_dead(struct nfsd4_session *ses)

void nfsd4_put_session(struct nfsd4_session *ses)

{

	return ses->se_flags & NFS4_SESSION_DEAD;

	if (atomic_dec_and_test(&ses->se_ref) && is_session_dead(ses))

		free_session(ses);

}



static __be32 mark_session_dead_locked(struct nfsd4_session *ses)

static __be32 mark_session_dead_locked(struct nfsd4_session *ses, int ref_held_by_me)

{

	if (atomic_read(&ses->se_ref))

	if (atomic_read(&ses->se_ref) > ref_held_by_me)

		return nfserr_jukebox;

	ses->se_flags |= NFS4_SESSION_DEAD;

	return nfs_ok;
@@ -2074,6 +2075,7 @@ nfsd4_destroy_session(struct svc_rqst *r, 
{

	struct nfsd4_session *ses;

	__be32 status;

	int ref_held_by_me = 0;

	struct nfsd_net *nn = net_generic(SVC_NET(r), nfsd_net_id);



	nfs4_lock_state();
@@ -2081,6 +2083,7 @@ nfsd4_destroy_session(struct svc_rqst *r, 
	if (nfsd4_compound_in_session(cstate->session, &sessionid->sessionid)) {

		if (!nfsd4_last_compound_op(r))

			goto out;

		ref_held_by_me++;

	}

	dump_sessionid(__func__, &sessionid->sessionid);

	spin_lock(&nn->client_lock);
@@ -2091,17 +2094,19 @@ nfsd4_destroy_session(struct svc_rqst *r, 
	status = nfserr_wrong_cred;

	if (!mach_creds_match(ses->se_client, r))

		goto out_client_lock;

	status = mark_session_dead_locked(ses);

	nfsd4_get_session_locked(ses);

	status = mark_session_dead_locked(ses, 1 + ref_held_by_me);

	if (status)

		goto out_client_lock;

		goto out_put_session;

	unhash_session(ses);

	spin_unlock(&nn->client_lock);



	nfsd4_probe_callback_sync(ses->se_client);



	spin_lock(&nn->client_lock);

	free_session(ses);

	status = nfs_ok;

out_put_session:

	nfsd4_put_session(ses);

out_client_lock:

	spin_unlock(&nn->client_lock);

out:

fs/nfsd/nfs4xdr.c

+5 −1
Original line number Diff line number Diff line
@@ -3760,13 +3760,17 @@ nfs4svc_encode_compoundres(struct svc_rqst *rqstp, __be32 *p, struct nfsd4_compo 
	iov->iov_len = ((char*)resp->p) - (char*)iov->iov_base;

	BUG_ON(iov->iov_len > PAGE_SIZE);

	if (nfsd4_has_session(cs)) {

		struct nfsd_net *nn = net_generic(SVC_NET(rqstp), nfsd_net_id);

		struct nfs4_client *clp = cs->session->se_client;

		if (cs->status != nfserr_replay_cache) {

			nfsd4_store_cache_entry(resp);

			cs->slot->sl_flags &= ~NFSD4_SLOT_INUSE;

		}

		/* Renew the clientid on success and on replay */

		put_client_renew(cs->session->se_client);

		spin_lock(&nn->client_lock);

		nfsd4_put_session(cs->session);

		spin_unlock(&nn->client_lock);

		put_client_renew(clp);

	}

	return 1;

}

CRA Git | Maintained and supported by SUSTech CRA and CCSE