Re: [RFC PATCH] nfsd: convert the nfsd_users to atomic_t

From: ChenXiaoSong
Date: Thu Jun 19 2025 - 03:12:38 EST

Next message: Randy Dunlap: "Re: [PATCH RFC] Documentation: typography refresh"
Previous message: Bartosz Golaszewski: "Re: (subset) [PATCH v5 0/9] Introduce HDP support for STM32MP platforms"
In reply to: Jeff Layton: "Re: [RFC PATCH] nfsd: convert the nfsd_users to atomic_t"
Next in thread: Jeff Layton: "Re: [RFC PATCH] nfsd: convert the nfsd_users to atomic_t"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yes, nfsd_users is protected by the nfsd_mutex. But the following log confuse me, why were they printed in a very short period when crash?

[24225.575708] nfsd: last server has exited, flushing export cache
[24225.580242] NFSD: starting 90-second grace period (net f0000030)
...
[24225.807458] NFSD: starting 90-second grace period (net f0000030)

Why was callback_wq queued that it had already been freed? And a new callback_wq was created. I’ve added some new vmcore analysis to the link:

https://chenxiaosong.com/en/nfs/en-null-ptr-deref-in-nfsd4_probe_callback.html

在 2025/6/18 19:50, Jeff Layton 写道:

Isn't nfsd_users protected by the nfsd_mutex? It looks like it's held
in all of the places this counter is accessed.

Next message: Randy Dunlap: "Re: [PATCH RFC] Documentation: typography refresh"
Previous message: Bartosz Golaszewski: "Re: (subset) [PATCH v5 0/9] Introduce HDP support for STM32MP platforms"
In reply to: Jeff Layton: "Re: [RFC PATCH] nfsd: convert the nfsd_users to atomic_t"
Next in thread: Jeff Layton: "Re: [RFC PATCH] nfsd: convert the nfsd_users to atomic_t"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]