When an NFS unmount occurs, once vflush() writes the last dirty

buffer for the last vnode on the mount back to the server, it
returns. At that point, the code continues with the unmount,
including freeing up the nfs specific part of the mount structure.
It is possible that an nfsiod thread will try to check for an
empty I/O queue in the nfs specific part of the mount structure
after it has been free'd by the unmount. This patch avoids this problem by
setting the iodmount entries for the mount back to NULL while holding the
mutex in the unmount and checking the appropriate entry is non-NULL after
acquiring the mutex in the nfsiod thread.

Reported and tested by:	pho
Reviewed by:	kib
MFC after:	2 weeks
This commit is contained in:
rmacklem 2013-04-18 23:20:16 +00:00
parent dbe0865208
commit 1110825468
4 changed files with 37 additions and 2 deletions

View File

@ -303,6 +303,14 @@ nfssvc_iod(void *instance)
NULL, 0);
}
mtx_lock(&ncl_iod_mutex);
/*
* Make sure the nmp hasn't been dismounted as soon as
* ncl_doio() completes for the last buffer.
*/
nmp = ncl_iodmount[myiod];
if (nmp == NULL)
break;
/*
* If there are more than one iod on this mount, then defect
* so that the iods can be shared out fairly between the mounts

View File

@ -81,6 +81,9 @@ extern struct timeval nfsboottime;
extern struct nfsstats newnfsstats;
extern int nfsrv_useacl;
extern int nfscl_debuglevel;
extern enum nfsiod_state ncl_iodwant[NFS_MAXASYNCDAEMON];
extern struct nfsmount *ncl_iodmount[NFS_MAXASYNCDAEMON];
extern struct mtx ncl_iod_mutex;
NFSCLSTATEMUTEX;
MALLOC_DEFINE(M_NEWNFSREQ, "newnfsclient_req", "New NFS request header");
@ -1472,7 +1475,7 @@ nfs_unmount(struct mount *mp, int mntflags)
{
struct thread *td;
struct nfsmount *nmp;
int error, flags = 0, trycnt = 0;
int error, flags = 0, i, trycnt = 0;
struct nfsclds *dsp, *tdsp;
td = curthread;
@ -1508,6 +1511,14 @@ nfs_unmount(struct mount *mp, int mntflags)
*/
if ((mntflags & MNT_FORCE) == 0)
nfscl_umount(nmp, td);
/* Make sure no nfsiods are assigned to this mount. */
mtx_lock(&ncl_iod_mutex);
for (i = 0; i < NFS_MAXASYNCDAEMON; i++)
if (ncl_iodmount[i] == nmp) {
ncl_iodwant[i] = NFSIOD_AVAILABLE;
ncl_iodmount[i] = NULL;
}
mtx_unlock(&ncl_iod_mutex);
newnfs_disconnect(&nmp->nm_sockreq);
crfree(nmp->nm_sockreq.nr_cred);
FREE(nmp->nm_nam, M_SONAME);

View File

@ -307,6 +307,14 @@ nfssvc_iod(void *instance)
if (giant_locked)
mtx_unlock(&Giant);
mtx_lock(&nfs_iod_mtx);
/*
* Make sure the nmp hasn't been dismounted as soon as
* nfs_doio() completes for the last buffer.
*/
nmp = nfs_iodmount[myiod];
if (nmp == NULL)
break;
/*
* If there are more than one iod on this mount, then defect
* so that the iods can be shared out fairly between the mounts

View File

@ -1362,7 +1362,7 @@ static int
nfs_unmount(struct mount *mp, int mntflags)
{
struct nfsmount *nmp;
int error, flags = 0;
int error, flags = 0, i;
if (mntflags & MNT_FORCE)
flags |= FORCECLOSE;
@ -1387,6 +1387,14 @@ nfs_unmount(struct mount *mp, int mntflags)
/*
* We are now committed to the unmount.
*/
/* Make sure no nfsiods are assigned to this mount. */
mtx_lock(&nfs_iod_mtx);
for (i = 0; i < NFS_MAXASYNCDAEMON; i++)
if (nfs_iodmount[i] == nmp) {
nfs_iodwant[i] = NFSIOD_AVAILABLE;
nfs_iodmount[i] = NULL;
}
mtx_unlock(&nfs_iod_mtx);
nfs_disconnect(nmp);
free(nmp->nm_nam, M_SONAME);