git: e23b97688d63 - stable/12 - nfscl: Fix must_commit/writeverf handling for Direct I/O

From: Rick Macklem <rmacklem_at_FreeBSD.org>
Date: Sat, 25 Dec 2021 00:42:41 UTC
The branch stable/12 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=e23b97688d63599fef5617d48ec61ed9d883be29

commit e23b97688d63599fef5617d48ec61ed9d883be29
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2021-12-11 23:00:30 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2021-12-25 00:39:01 +0000

    nfscl: Fix must_commit/writeverf handling for Direct I/O
    
    Without this patch, the KASSERT(must_commit == 0,..) can be
    triggered by the writeverf in the Direct I/O write reply changing.
    This is not a situation that should cause a panic(). Correct
    handling is to ignore the change in "writeverf" for Direct
    I/O, since it is done with NFSWRITE_FILESYNC.
    
    This patch modifies the semantics of the "must_commit"
    argument slightly, allowing an initial value of 2 to indicate
    that a change in "writeverf" should be ignored.
    It also fixes the KASSERT()s.
    
    This bug would affect few, since Direct I/O is not enabled
    by default and "writeverf" rarely changes. Normally "writeverf"
    only changes when a NFS server reboots, however I found the
    bug when testing against a Linux 5.15.1 kernel nfsd, which
    replied to a NFSWRITE_FILESYNC write with a "writeverf" of all
    0x0 bytes.
    
    (cherry picked from commit ead50c94cb604594987e6512289268891a427725)
---
 sys/fs/nfsclient/nfs_clbio.c    | 37 +++++++++++++++++++++++++++++++++----
 sys/fs/nfsclient/nfs_clrpcops.c | 14 +++++++++-----
 2 files changed, 42 insertions(+), 9 deletions(-)

diff --git a/sys/fs/nfsclient/nfs_clbio.c b/sys/fs/nfsclient/nfs_clbio.c
index 90d98da478b4..9026f2a2aaa6 100644
--- a/sys/fs/nfsclient/nfs_clbio.c
+++ b/sys/fs/nfsclient/nfs_clbio.c
@@ -784,12 +784,26 @@ do_sync:
 			uio.uio_rw = UIO_WRITE;
 			uio.uio_td = td;
 			iomode = NFSWRITE_FILESYNC;
+			/*
+			 * When doing direct I/O we do not care if the
+			 * server's write verifier has changed, but we
+			 * do not want to update the verifier if it has
+			 * changed, since that hides the change from
+			 * writes being done through the buffer cache.
+			 * By passing must_commit in set to two, the code
+			 * in nfsrpc_writerpc() will not update the
+			 * verifier on the mount point.
+			 */
+			must_commit = 2;
 			error = ncl_writerpc(vp, &uio, cred, &iomode,
 			    &must_commit, 0);
-			KASSERT((must_commit == 0),
-				("ncl_directio_write: Did not commit write"));
+			KASSERT((must_commit == 2),
+			    ("ncl_directio_write: Updated write verifier"));
 			if (error)
 				return (error);
+			if (iomode != NFSWRITE_FILESYNC)
+				printf("nfs_directio_write: Broken server "
+				    "did not reply FILE_SYNC\n");
 			uiop->uio_offset += size;
 			uiop->uio_resid -= size;
 			if (uiop->uio_iov->iov_len <= size) {
@@ -1592,8 +1606,23 @@ ncl_doio_directwrite(struct buf *bp)
 
 	iomode = NFSWRITE_FILESYNC;
 	uiop->uio_td = NULL; /* NULL since we're in nfsiod */
+	/*
+	 * When doing direct I/O we do not care if the
+	 * server's write verifier has changed, but we
+	 * do not want to update the verifier if it has
+	 * changed, since that hides the change from
+	 * writes being done through the buffer cache.
+	 * By passing must_commit in set to two, the code
+	 * in nfsrpc_writerpc() will not update the
+	 * verifier on the mount point.
+	 */
+	must_commit = 2;
 	ncl_writerpc(bp->b_vp, uiop, bp->b_wcred, &iomode, &must_commit, 0);
-	KASSERT((must_commit == 0), ("ncl_doio_directwrite: Did not commit write"));
+	KASSERT((must_commit == 2), ("ncl_doio_directwrite: Updated write"
+	    " verifier"));
+	if (iomode != NFSWRITE_FILESYNC)
+		printf("ncl_doio_directwrite: Broken server "
+		    "did not reply FILE_SYNC\n");
 	free(iov_base, M_NFSDIRECTIO);
 	free(uiop->uio_iov, M_NFSDIRECTIO);
 	free(uiop, M_NFSDIRECTIO);
@@ -1864,7 +1893,7 @@ ncl_doio(struct vnode *vp, struct buf *bp, struct ucred *cr, struct thread *td,
 	    }
 	}
 	bp->b_resid = uiop->uio_resid;
-	if (must_commit)
+	if (must_commit == 1)
 	    ncl_clearcommit(vp->v_mount);
 	bufdone(bp);
 	return (error);
diff --git a/sys/fs/nfsclient/nfs_clrpcops.c b/sys/fs/nfsclient/nfs_clrpcops.c
index b9f2f6e21dcf..d30ca62c673e 100644
--- a/sys/fs/nfsclient/nfs_clrpcops.c
+++ b/sys/fs/nfsclient/nfs_clrpcops.c
@@ -1656,7 +1656,8 @@ nfsrpc_write(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit,
 	nfsv4stateid_t stateid;
 	void *lckp;
 
-	*must_commit = 0;
+	KASSERT(*must_commit >= 0 && *must_commit <= 2,
+	    ("nfsrpc_write: must_commit out of range=%d", *must_commit));
 	if (nmp->nm_clp != NULL)
 		clidrev = nmp->nm_clp->nfsc_clientidrev;
 	newcred = cred;
@@ -1867,7 +1868,7 @@ nfsrpc_writerpc(vnode_t vp, struct uio *uiop, int *iomode,
 					    NFSX_VERF);
 					NFSSETWRITEVERF(nmp);
 	    			} else if (NFSBCMP(tl, nmp->nm_verf,
-				    NFSX_VERF)) {
+				    NFSX_VERF) && *must_commit != 2) {
 					*must_commit = 1;
 					NFSBCOPY(tl, nmp->nm_verf, NFSX_VERF);
 				}
@@ -6381,7 +6382,8 @@ nfsrpc_writeds(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit,
 			if (!NFSHASWRITEVERF(nmp)) {
 				NFSBCOPY(tl, nmp->nm_verf, NFSX_VERF);
 				NFSSETWRITEVERF(nmp);
-	    		} else if (NFSBCMP(tl, nmp->nm_verf, NFSX_VERF)) {
+			} else if (NFSBCMP(tl, nmp->nm_verf, NFSX_VERF) &&
+			    *must_commit != 2) {
 				*must_commit = 1;
 				NFSBCOPY(tl, nmp->nm_verf, NFSX_VERF);
 			}
@@ -6391,7 +6393,8 @@ nfsrpc_writeds(vnode_t vp, struct uio *uiop, int *iomode, int *must_commit,
 			if ((dsp->nfsclds_flags & NFSCLDS_HASWRITEVERF) == 0) {
 				NFSBCOPY(tl, dsp->nfsclds_verf, NFSX_VERF);
 				dsp->nfsclds_flags |= NFSCLDS_HASWRITEVERF;
-			} else if (NFSBCMP(tl, dsp->nfsclds_verf, NFSX_VERF)) {
+			} else if (NFSBCMP(tl, dsp->nfsclds_verf, NFSX_VERF) &&
+			    *must_commit != 2) {
 				*must_commit = 1;
 				NFSBCOPY(tl, dsp->nfsclds_verf, NFSX_VERF);
 			}
@@ -6505,7 +6508,8 @@ nfsrpc_writedsmir(vnode_t vp, int *iomode, int *must_commit,
 		if ((dsp->nfsclds_flags & NFSCLDS_HASWRITEVERF) == 0) {
 			NFSBCOPY(tl, dsp->nfsclds_verf, NFSX_VERF);
 			dsp->nfsclds_flags |= NFSCLDS_HASWRITEVERF;
-		} else if (NFSBCMP(tl, dsp->nfsclds_verf, NFSX_VERF)) {
+		} else if (NFSBCMP(tl, dsp->nfsclds_verf, NFSX_VERF) &&
+		    *must_commit != 2) {
 			*must_commit = 1;
 			NFSBCOPY(tl, dsp->nfsclds_verf, NFSX_VERF);
 		}