illumos gate

Root cause analysis

With the current code when the VN_RELE() at line 1570 is called the file is still considered as open by the NFSv4 client, because few lines above (at line 1458) an open stream was created. Because of this the nfs4_inactive() called from VN_RELE() is unable to consider the associated rnode as free and asynchronous inactive is scheduled by calling nfs4_async_inactive() at line 4714. The asynchronous inactive just closes all open streams for the file.

In a case the asynchronous inactive (and thus file close) is slow for some reason (busy machine, for example), then nfs4_remove() at line 1571 is called before the file is closed and its related vnode/rnode pair freed. This will cause that nfs4_remove() won't remove the file at the NFSv4 server immediately, but rename it to a .nfsXXXXXX file instead (as it is done with all still open files we need to remove at the NFS client).

The above scenario usually works properly, even with the rename to .nfsXXXXXX. The only minor drawback of it is that we could end up with one phantom .nfsXXXXXX file at the server (until it is automatically cleaned up, but it is not a big deal). The real problem happens when the rename to .nfsXXXXXX fails too. In this case we will end up with phantom file with real name, but with zero size, zero perms and strange time stamp.

This can happen when we do reach ZFS quota at the server and both setattr and rename operations fails with NFS4ERR_DQUOT, but plain remove would succeed.

To fix this issue we should add explicit (synchronous) file close right before VN_RELE() at line 1570.

Review: https://www.illumos.org/rb/r/2300/