Re: kern/41158: nfs_rename() locking against myself

[Manuel Bouyer <bouyer%antioche.eu.org@localhost>]

On Wed, Apr 08, 2009 at 08:56:41PM +0200, Manuel Bouyer wrote:
> My proposed fix (see attached patch) it to change nfsm_reply() to use
> a 'error = 0; goto nfsmout' instead of return (0).
> I most use it's equivalent because the function use nfsm_srvdone.
> The place where it matters are:
> nfsrv_create(): it could fix a bug here because we could exit the
>   function without vrele(dirp). Someone familiar with the VOP layer
>   should confirm that nfsreplyabort: is DTRT in this case (i.e. for all
>   calls to nfsm_reply()). There are some places here where a return(0)
>   is done without a vrele(dirp), I don't know if it's correct.
> nfsrv_mknod(), nfsrv_symlink(), nfsrv_mkdir(): it's easier because there's
>   only 2 calls to nfsm_reply().
> nfsrv_rename(): this is where it's interesting :) I think nfsmout: will
>   do it. Could there be a missing VOP_ABORTOP(tond)/vrele(tvp) in
>   the nfsmout: case ?
> 
> Then there are the macros using nfsm_reply(): nfsm_srvnamesiz is
> always called at the top of the function; it's easy.
> nfsm_srvmtofh() is a bit more difficult because of its use in
> nfsrv_writegather(). nfsm_dissect() is called immediatly after, so using
> the same nfsmout should be OK.

I forgot to mention that I've not seen this panic since I've this
patch on my test NFS server.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--