From: NeilBrown <neilb@suse.de>
Date: Tue, 7 Dec 2021 11:08:01 +1100
Subject: [PATCH] nfsd: allow lock state ids to be revoked and then freed
Patch-mainline: Submitted, Jan 2022 nfs-utils@vger.kernel.org
References: bsc#1192483

Revoking state through 'unlock_filesystem' now revokes any lock states
found.  When the stateids are then freed by the client, the revoked
stateids will be cleaned up correctly.

Signed-off-by: NeilBrown <neilb@suse.de>
Acked-by: NeilBrown <neilb@suse.com>

---
 fs/nfsd/nfs4state.c |   43 +++++++++++++++++++++++++++++++++++++++----
 1 file changed, 39 insertions(+), 4 deletions(-)

--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -1096,7 +1096,8 @@ nfs4_put_stid(struct nfs4_stid *s)
 	}
 	idr_remove(&clp->cl_stateids, s->sc_stateid.si_opaque.so_id);
 	nfs4_free_cpntf_statelist(clp->net, s);
-	if (s->sc_type == NFS4_ADMIN_REVOKED_STID)
+	if (s->sc_type == NFS4_ADMIN_REVOKED_STID ||
+	    s->sc_type == NFS4_ADMIN_REVOKED_LOCK_STID)
 		atomic_dec(&clp->cl_admin_revoked);
 	s->sc_type = 0;
 	spin_unlock(&clp->cl_lock);
@@ -1151,7 +1152,8 @@ static void destroy_unhashed_deleg(struc
 void nfs4_unhash_stid(struct nfs4_stid *s)
 {
 	struct nfs4_client *clp = s->sc_client;
-	if (s->sc_type == NFS4_ADMIN_REVOKED_STID)
+	if (s->sc_type == NFS4_ADMIN_REVOKED_STID ||
+	    s->sc_type == NFS4_ADMIN_REVOKED_LOCK_STID)
 		atomic_dec(&clp->cl_admin_revoked);
 	s->sc_type = 0;
 }
@@ -1414,7 +1416,8 @@ static void put_ol_stateid_locked(struct
 	}
 
 	idr_remove(&clp->cl_stateids, s->sc_stateid.si_opaque.so_id);
-	if (s->sc_type == NFS4_ADMIN_REVOKED_STID)
+	if (s->sc_type == NFS4_ADMIN_REVOKED_STID ||
+	    s->sc_type == NFS4_ADMIN_REVOKED_LOCK_STID)
 		atomic_dec(&clp->cl_admin_revoked);
 	s->sc_type = 0;
 	list_add(&stp->st_locks, reaplist);
@@ -1587,7 +1590,7 @@ void nfsd4_revoke_states(struct net *net
 	unsigned int idhashval;
 	unsigned short sc_types;
 
-	sc_types = NFS4_OPEN_STID;
+	sc_types = NFS4_OPEN_STID | NFS4_LOCK_STID;
 
 	spin_lock(&nn->client_lock);
 	for (idhashval = 0; idhashval < CLIENT_HASH_MASK; idhashval++) {
@@ -1614,6 +1617,28 @@ void nfsd4_revoke_states(struct net *net
 					}
 					mutex_unlock(&stp->st_mutex);
 					break;
+				case NFS4_LOCK_STID:
+					stp = openlockstateid(stid);
+					mutex_lock_nested(&stp->st_mutex,
+							  LOCK_STATEID_MUTEX);
+					if (stid->sc_type == NFS4_LOCK_STID) {
+						struct nfs4_lockowner *lo =
+							lockowner(stp->st_stateowner);
+						struct nfsd_file *nf;
+						nf = find_any_file(stp->st_stid.sc_file);
+						if (nf) {
+							get_file(nf->nf_file);
+							filp_close(nf->nf_file,
+								   (fl_owner_t)lo);
+							nfsd_file_put(nf);
+						}
+						release_all_access(stp);
+						stid->sc_type =
+							NFS4_ADMIN_REVOKED_LOCK_STID;
+						atomic_inc(&clp->cl_admin_revoked);
+					}
+					mutex_unlock(&stp->st_mutex);
+					break;
 				}
 				nfs4_put_stid(stid);
 				spin_lock(&nn->client_lock);
@@ -6251,6 +6276,7 @@ nfsd4_free_stateid(struct svc_rqst *rqst
 	struct nfs4_delegation *dp;
 	struct nfs4_ol_stateid *stp;
 	LIST_HEAD(reaplist);
+	bool unhashed;
 	struct nfs4_client *cl = cstate->clp;
 	__be32 ret = nfserr_bad_stateid;
 
@@ -6284,6 +6310,15 @@ nfsd4_free_stateid(struct svc_rqst *rqst
 		free_ol_stateid_reaplist(&reaplist);
 		ret = nfs_ok;
 		goto out;
+	case NFS4_ADMIN_REVOKED_LOCK_STID:
+		stp = openlockstateid(s);
+		spin_unlock(&s->sc_lock);
+		unhashed = unhash_lock_stateid(stp);
+		spin_unlock(&cl->cl_lock);
+		if (unhashed)
+			nfs4_put_stid(s);
+		ret = nfs_ok;
+		goto out;
 	case NFS4_REVOKED_DELEG_STID:
 		spin_unlock(&s->sc_lock);
 		dp = delegstateid(s);