6916 Race between nlm_unexport() and nlm_svc_stopping() can cause panic
Review Request #185 — Created April 16, 2016 and updated — Latest diff uploaded
There is a bace between nlm_unexport() and nlm_svc_stopping() which can cause panic.
The problem is in nlm_svc_stopping() where the manipulations with nlm_hosts_tree are not protected by nlm_globals->lock; probably in a hope that we are the only thread touching the nlm_hosts_tree. This is obviously not true, and the nlm_svc_stopping() author was aware about that because this is in the comment above the nlm_svc_stopping():2432 * NOTE: NFS code can call NLM while it's 2433 * stopping or even if it's shut down. Any attempt 2434 * to lock file either on client or on the server 2435 * will fail if NLM isn't in NLM_ST_UP state.
The fix just makes sure the nlm_hosts_tree is properly protected by nlm_globals->lock as all other functions does.
I ran the NFS server for a while with the fix installed. I tried several scenarios similar to the reproduction steps to make sure the fix works properly and no regression is introduced.