From 12c8434bbd4c9d6869ad78dd34e8fac1e171e55c Mon Sep 17 00:00:00 2001
From: rmacklem <rmacklem@FreeBSD.org>
Date: Wed, 25 Dec 2013 01:03:14 +0000
Subject: The NFSv4 server would call VOP_SETATTR() with a shared locked vnode
 when a Getattr for a file is done by a client other than the one that holds
 the file's delegation. This would only happen when delegations are enabled
 and the problem is fixed by this patch.

MFC after:	1 week
---
 sys/fs/nfsserver/nfs_nfsdport.c  | 9 ++++++++-
 sys/fs/nfsserver/nfs_nfsdstate.c | 6 +++---
 2 files changed, 11 insertions(+), 4 deletions(-)

(limited to 'sys/fs/nfsserver')

diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c
index 89fc66e..ef26f64 100644
--- a/sys/fs/nfsserver/nfs_nfsdport.c
+++ b/sys/fs/nfsserver/nfs_nfsdport.c
@@ -1469,8 +1469,9 @@ nfsvno_open(struct nfsrv_descript *nd, struct nameidata *ndp,
  * Updates the file rev and sets the mtime and ctime
  * to the current clock time, returning the va_filerev and va_Xtime
  * values.
+ * Return ESTALE to indicate the vnode is VI_DOOMED.
  */
-void
+int
 nfsvno_updfilerev(struct vnode *vp, struct nfsvattr *nvap,
     struct ucred *cred, struct thread *p)
 {
@@ -1478,8 +1479,14 @@ nfsvno_updfilerev(struct vnode *vp, struct nfsvattr *nvap,
 
 	VATTR_NULL(&va);
 	vfs_timestamp(&va.va_mtime);
+	if (NFSVOPISLOCKED(vp) != LK_EXCLUSIVE) {
+		NFSVOPLOCK(vp, LK_UPGRADE | LK_RETRY);
+		if ((vp->v_iflag & VI_DOOMED) != 0)
+			return (ESTALE);
+	}
 	(void) VOP_SETATTR(vp, &va, cred);
 	(void) nfsvno_getattr(vp, nvap, cred, p, 1);
+	return (0);
 }
 
 /*
diff --git a/sys/fs/nfsserver/nfs_nfsdstate.c b/sys/fs/nfsserver/nfs_nfsdstate.c
index d74a5a9..05bb26c 100644
--- a/sys/fs/nfsserver/nfs_nfsdstate.c
+++ b/sys/fs/nfsserver/nfs_nfsdstate.c
@@ -4853,15 +4853,15 @@ nfsrv_checkgetattr(struct nfsrv_descript *nd, vnode_t vp,
 			    nva.na_filerev > delegfilerev) ||
 			    (NFSVNO_ISSETSIZE(&nva) &&
 			     nva.na_size != nvap->na_size)) {
-				nfsvno_updfilerev(vp, nvap, cred, p);
+				error = nfsvno_updfilerev(vp, nvap, cred, p);
 				if (NFSVNO_ISSETSIZE(&nva))
 					nvap->na_size = nva.na_size;
 			}
-		}
+		} else
+			error = 0;	/* Ignore callback errors for now. */
 	} else {
 		NFSUNLOCKSTATE();
 	}
-	error = 0;
 
 out:
 	NFSEXITCODE2(error, nd);
-- 
cgit v1.1