NFSD: Handle layout stid in nfsd4_drop_revoked_stid()

nfsd4_drop_revoked_stid() has no SC_TYPE_LAYOUT case, so when a
client sends FREE_STATEID for an admin-revoked layout stid, the
default branch releases cl_lock and returns without unhashing or
releasing the stid.  The stid remains in the IDR and on the
per-client list until the client is destroyed.

Remove the layout stid from the per-client list and call
nfs4_put_stid() to drop the creation reference.  When the
refcount reaches zero, nfsd4_free_layout_stateid() handles the
remaining cleanup: cancelling the fence worker, removing from
the per-file list, and freeing the slab object.

Fixes: 1e33e1414bec ("nfsd: allow layout state to be admin-revoked.")
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Tested-by: Dai Ngo <dai.ngo@oracle.com>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index 3c2eb03f78c6d3d83944cfdbe64c3bebf5e2a3d8..ed20f6102117f0294173e5cd058eb35483e2be40 100644 (file)
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -5056,6 +5056,7 @@ static void nfsd4_drop_revoked_stid(struct nfs4_stid *s)
 {
        struct nfs4_client *cl = s->sc_client;
        LIST_HEAD(reaplist);
+       struct nfs4_layout_stateid *ls;
        struct nfs4_ol_stateid *stp;
        struct nfs4_delegation *dp;
        bool unhashed;
@@ -5081,6 +5082,12 @@ static void nfsd4_drop_revoked_stid(struct nfs4_stid *s)
                spin_unlock(&cl->cl_lock);
                nfs4_put_stid(s);
                break;
+       case SC_TYPE_LAYOUT:
+               ls = layoutstateid(s);
+               list_del_init(&ls->ls_perclnt);
+               spin_unlock(&cl->cl_lock);
+               nfs4_put_stid(s);
+               break;
        default:
                spin_unlock(&cl->cl_lock);
        }