From owner-svn-src-all@FreeBSD.ORG  Wed Aug 17 20:44:00 2011
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3FBAA1065670;
	Wed, 17 Aug 2011 20:44:00 +0000 (UTC)
	(envelope-from rmacklem@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id 262898FC16;
	Wed, 17 Aug 2011 20:44:00 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p7HKi09P022297;
	Wed, 17 Aug 2011 20:44:00 GMT
	(envelope-from rmacklem@svn.freebsd.org)
Received: (from rmacklem@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id p7HKi0Nh022294;
	Wed, 17 Aug 2011 20:44:00 GMT
	(envelope-from rmacklem@svn.freebsd.org)
Message-Id: <201108172044.p7HKi0Nh022294@svn.freebsd.org>
From: Rick Macklem <rmacklem@FreeBSD.org>
Date: Wed, 17 Aug 2011 20:44:00 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org
X-SVN-Group: stable-8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r224950 - stable/8/sys/nfsclient
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Aug 2011 20:44:00 -0000

Author: rmacklem
Date: Wed Aug 17 20:43:59 2011
New Revision: 224950
URL: http://svn.freebsd.org/changeset/base/224950

Log:
  MFC: r224604
  Fix a LOR in the NFS client which could cause a deadlock.
  This was reported to the mailing list freebsd-net@freebsd.org
  on July 21, 2011 under the subject "LOR with nfsclient sillyrename".
  The LOR occurred when nfs_inactive() called vrele(sp->s_dvp)
  while holding the vnode lock on the file in s_dvp. This patch
  modifies the client so that it performs the vrele(sp->s_dvp)
  as a separate task to avoid the LOR. This fix was discussed
  with jhb@ and kib@, who both proposed variations of it.

Modified:
  stable/8/sys/nfsclient/nfs_node.c
  stable/8/sys/nfsclient/nfsnode.h
Directory Properties:
  stable/8/sys/   (props changed)
  stable/8/sys/amd64/include/xen/   (props changed)
  stable/8/sys/cddl/contrib/opensolaris/   (props changed)
  stable/8/sys/contrib/dev/acpica/   (props changed)
  stable/8/sys/contrib/pf/   (props changed)

Modified: stable/8/sys/nfsclient/nfs_node.c
==============================================================================
--- stable/8/sys/nfsclient/nfs_node.c	Wed Aug 17 19:43:41 2011	(r224949)
+++ stable/8/sys/nfsclient/nfs_node.c	Wed Aug 17 20:43:59 2011	(r224950)
@@ -47,6 +47,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/proc.h>
 #include <sys/socket.h>
 #include <sys/sysctl.h>
+#include <sys/taskqueue.h>
 #include <sys/vnode.h>
 
 #include <vm/uma.h>
@@ -59,6 +60,8 @@ __FBSDID("$FreeBSD$");
 
 static uma_zone_t nfsnode_zone;
 
+static void	nfs_freesillyrename(void *arg, __unused int pending);
+
 #define TRUE	1
 #define	FALSE	0
 
@@ -185,6 +188,20 @@ nfs_nget(struct mount *mntp, nfsfh_t *fh
 	return (0);
 }
 
+/*
+ * Do the vrele(sp->s_dvp) as a separate task in order to avoid a
+ * deadlock because of a LOR when vrele() locks the directory vnode.
+ */
+static void
+nfs_freesillyrename(void *arg, __unused int pending)
+{
+	struct sillyrename *sp;
+
+	sp = arg;
+	vrele(sp->s_dvp);
+	free(sp, M_NFSREQ);
+}
+
 int
 nfs_inactive(struct vop_inactive_args *ap)
 {
@@ -207,8 +224,8 @@ nfs_inactive(struct vop_inactive_args *a
 		 */
 		(sp->s_removeit)(sp);
 		crfree(sp->s_cred);
-		vrele(sp->s_dvp);
-		free((caddr_t)sp, M_NFSREQ);
+		TASK_INIT(&sp->s_task, 0, nfs_freesillyrename, sp);
+		taskqueue_enqueue(taskqueue_thread, &sp->s_task);
 		mtx_lock(&np->n_mtx);
 	}
 	np->n_flag &= NMODIFIED;

Modified: stable/8/sys/nfsclient/nfsnode.h
==============================================================================
--- stable/8/sys/nfsclient/nfsnode.h	Wed Aug 17 19:43:41 2011	(r224949)
+++ stable/8/sys/nfsclient/nfsnode.h	Wed Aug 17 20:43:59 2011	(r224950)
@@ -36,6 +36,7 @@
 #ifndef _NFSCLIENT_NFSNODE_H_
 #define _NFSCLIENT_NFSNODE_H_
 
+#include <sys/_task.h>
 #if !defined(_NFSCLIENT_NFS_H_) && !defined(_KERNEL)
 #include <nfs/nfs.h>
 #endif
@@ -45,6 +46,7 @@
  * can be removed by nfs_inactive()
  */
 struct sillyrename {
+	struct	task s_task;
 	struct	ucred *s_cred;
 	struct	vnode *s_dvp;
 	int	(*s_removeit)(struct sillyrename *sp);