Re: [PATCH] nfsd: fix inverted cp_ttl check in async copy reaper

Next message: Bartosz Golaszewski: "[PATCH v4 09/10] nvmem: remove duplicated reference counting"
Previous message: Koichiro Den: "[PATCH 3/4] dmaengine: dw-edma: Initialize IRQ data before requesting IRQs"
In reply to: Paulo Alcantara: "Re: [PATCH] nfsd: fix inverted cp_ttl check in async copy reaper"
Next in thread: Chuck Lever: "Re: [PATCH] nfsd: fix inverted cp_ttl check in async copy reaper"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jeff Layton

Date: Thu May 21 2026 - 11:24:51 EST

On Thu, 2026-05-21 at 11:28 -0300, Paulo Alcantara wrote:
> Jeff Layton <jlayton@xxxxxxxxxx> writes:
>
> > nfsd4_async_copy_reaper() is supposed to keep completed async copy
> > state around for NFSD_COPY_INITIAL_TTL (10) laundromat ticks so
> > that OFFLOAD_STATUS can report the result, then reap the state once
> > the countdown expires.
> >
> > The TTL predicate is inverted: `if (--copy->cp_ttl)` is true while
> > ticks remain and false when the counter reaches zero. This causes
> > the copy to be reaped on the very first tick (cp_ttl goes from 10
> > to 9, which is non-zero) instead of after all 10 ticks elapse.
> > Once reaped, OFFLOAD_STATUS returns NFS4ERR_BAD_STATEID because
> > the copy state has already been freed.
> >
> > A secondary consequence: if cp_ttl ever reached zero (not possible
> > with the current initial value of 10 since the copy is reaped at
> > 9), the copy would never be added to the reaplist and would leak
> > indefinitely on clp->async_copies.
> >
> > Fix by negating the test so that cleanup runs when the TTL expires.
> >
> > Fixes: 26e6e6939369 ("NFSD: Add nfsd4_copy time-to-live")
>
> Wouldn't aa0ebd21df9c be the correct commit id?

Thanks, yes it would. The other commit id is correct for a copy in my
tree, but aa0ebd21df9c is the correct upstream one.
--
Jeff Layton <jlayton@xxxxxxxxxx>