On Wed, 16 Jul 2025, Trond Myklebust wrote:
> From: Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx>
>
> If the struct nfs_file_localio is closed, its list entry will be empty,
> but the nfs_uuid->files list might still contain other entries.
>
> Acked-by: Mike Snitzer <snitzer@xxxxxxxxxx>
> Tested-by: Mike Snitzer <snitzer@xxxxxxxxxx>
> Fixes: 21fb44034695 ("nfs_localio: protect race between nfs_uuid_put() and nfs_close_local_fh()")
> Signed-off-by: Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx>
> ---
> fs/nfs_common/nfslocalio.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/nfs_common/nfslocalio.c b/fs/nfs_common/nfslocalio.c
> index 05c7c16e37ab..64949c46c174 100644
> --- a/fs/nfs_common/nfslocalio.c
> +++ b/fs/nfs_common/nfslocalio.c
> @@ -314,7 +314,7 @@ void nfs_close_local_fh(struct nfs_file_localio *nfl)
> rcu_read_unlock();
> return;
> }
> - if (list_empty(&nfs_uuid->files)) {
> + if (list_empty(&nfl->list)) {
Yes of course... This must match:
/* Remove nfl from nfs_uuid->files list */
list_del_init(&nfl->list);
spin_unlock(&nfs_uuid->lock);
in nfs_uuid_put(). If nfs_uuid_put() disconnects nfl from the list
first, nfs_close_local_fh() must skip the closing and wait for
->nfs_uuid to become NULL. So it really must be testing the same
list_head.
Reviewed-by: NeilBrown <neil@xxxxxxxxxx>
Thanks,
NeilBrown
