nfsd4: clarify how grace period ends

The grace period is ended in two steps--first userland is notified that
the grace period is now long enough that any clients who have not yet
reclaimed can be safely forgotten, then we flip the switch that forbids
reclaims and allows new opens.  I had to think a bit to convince myself
that the ordering was right here.  Document it.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>

diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index a298c3d..ec24272 100644 (file)
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -4122,8 +4122,28 @@ nfsd4_end_grace(struct nfsd_net *nn)
 
        dprintk("NFSD: end of grace period\n");
        nn->grace_ended = true;
+       /*
+        * If the server goes down again right now, an NFSv4
+        * client will still be allowed to reclaim after it comes back up,
+        * even if it hasn't yet had a chance to reclaim state this time.
+        *
+        */
        nfsd4_record_grace_done(nn);
+       /*
+        * At this point, NFSv4 clients can still reclaim.  But if the
+        * server crashes, any that have not yet reclaimed will be out
+        * of luck on the next boot.
+        *
+        * (NFSv4.1+ clients are considered to have reclaimed once they
+        * call RECLAIM_COMPLETE.  NFSv4.0 clients are considered to
+        * have reclaimed after their first OPEN.)
+        */
        locks_end_grace(&nn->nfsd4_manager);
+       /*
+        * At this point, and once lockd and/or any other containers
+        * exit their grace period, further reclaims will fail and
+        * regular locking can resume.
+        */
 }
 
 static time_t