NFS: Fix nfs_page_group_destroy() and nfs_lock_and_join_requests() race cases
authorTrond Myklebust <trond.myklebust@primarydata.com>
Wed, 19 Jul 2017 14:06:36 +0000 (10:06 -0400)
committerTrond Myklebust <trond.myklebust@primarydata.com>
Tue, 15 Aug 2017 15:54:47 +0000 (11:54 -0400)
commit5b2b5187fa85665f0c47029ecaf49186ec138d9b
tree76778f77607f3229f9e950139857bce9dc856437
parent74a6d4b5ae4ec7e93c72a92decb2f8c16c812416
NFS: Fix nfs_page_group_destroy() and nfs_lock_and_join_requests() race cases

Since nfs_page_group_destroy() does not take any locks on the requests
to be freed, we need to ensure that we don't inadvertently free the
request in nfs_destroy_unlinked_subrequests() while the last reference
is being released elsewhere.

Do this by:

1) Taking a reference to the request unless it is already being freed
2) Checking (under the page group lock) if PG_TEARDOWN is already set before
   freeing an unreferenced request in nfs_destroy_unlinked_subrequests()

Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
fs/nfs/write.c