deeraj.patil@ibm.com has uploaded this change for review.

View Change

[unexport] : NFSv3 stop new IO's when unexport in progress.

mdcache_locate_host is called for every NFS request (NFSv3 and NFSv4)
that carries a file handle via create_handle.  On a cache hit it returns
the cached entry without checking whether the current export is being
unexported or whether the entry is still mapped to the requesting
export.

A concurrent NFSv3 request arriving while mdcache_unexport is removing
entries can receive a valid-looking entry whose backing export is being
freed. The caller then proceeds to reopen_fsal_fd, re-inserting a FD
into the global LRU under the dying export's fsal_export pointer,
eventually causing a use-after-free in the LRU reaper.

After a cache hit, call mdc_check_mapping() to verify the entry is still
mapped to the current export and MDC_UNEXPORT is not set.

Change-Id: I5b0b0f74a71977dab27045029f38a0f3309af5d4
Signed-off-by: Deeraj.Patil <Deeraj.Patil@ibm.com>
---
M src/FSAL/Stackable_FSALs/FSAL_MDCACHE/mdcache_helpers.c
1 file changed, 24 insertions(+), 0 deletions(-)

git pull ssh://review.gerrithub.io:29418/ffilz/nfs-ganesha refs/changes/97/1232497/1

To view, visit change 1232497. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: newchange
Gerrit-Project: ffilz/nfs-ganesha
Gerrit-Branch: next
Gerrit-Change-Id: I5b0b0f74a71977dab27045029f38a0f3309af5d4
Gerrit-Change-Number: 1232497
Gerrit-PatchSet: 1
Gerrit-Owner: deeraj.patil@ibm.com