lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Jul 2022 15:05:48 +0200 (CEST) From: Geert Uytterhoeven <geert@...ux-m68k.org> To: Dai Ngo <dai.ngo@...cle.com> cc: chuck.lever@...cle.com, linux-nfs@...r.kernel.org, linux-kernel@...r.kernel.org, linux-next@...r.kernel.org Subject: Re: [PATCH v2 2/2] NFSD: limit the number of v4 clients to 1024 per 1GB of system memory Hi Dai, On Thu, 14 Jul 2022, Dai Ngo wrote: > Currently there is no limit on how many v4 clients are supported > by the system. This can be a problem in systems with small memory > configuration to function properly when a very large number of > clients exist that creates memory shortage conditions. > > This patch enforces a limit of 1024 NFSv4 clients, including courtesy > clients, per 1GB of system memory. When the number of the clients > reaches the limit, requests that create new clients are returned > with NFS4ERR_DELAY and the laundromat is kicked start to trim old > clients. Due to the overhead of the upcall to remove the client > record, the maximun number of clients the laundromat removes on > each run is limited to 128. This is done to ensure the laundromat > can still process the other tasks in a timely manner. > > Since there is now a limit of the number of clients, the 24-hr > idle time limit of courtesy client is no longer needed and was > removed. > > Signed-off-by: Dai Ngo <dai.ngo@...cle.com> Thanks for your patch, which is now commit 05eaba9bd8c06580 ("NFSD: limit the number of v4 clients to 1024 per 1GB of system memory") in next-20220715. noreply@...erman.id.au reports: fs/nfsd/nfsctl.c:1504:24: error: 'NFS4_CLIENTS_PER_GB' undeclared (first use in this function) > --- a/fs/nfsd/nfsctl.c > +++ b/fs/nfsd/nfsctl.c > @@ -1463,6 +1463,8 @@ static __net_init int nfsd_init_net(struct net *net) > { > int retval; > struct nfsd_net *nn = net_generic(net, nfsd_net_id); > + u64 max_clients; > + struct sysinfo si; > > retval = nfsd_export_init(net); > if (retval) > @@ -1488,6 +1490,10 @@ static __net_init int nfsd_init_net(struct net *net) Not protected by #ifdef CONFIG_NFSD_V4: > seqlock_init(&nn->writeverf_lock); > > atomic_set(&nn->nfs4_client_count, 0); > + si_meminfo(&si); > + max_clients = (u64)si.totalram * si.mem_unit / (1024 * 1024 * 1024); > + max_clients *= NFS4_CLIENTS_PER_GB; > + nn->nfs4_max_clients = max_t(int, max_clients, NFS4_CLIENTS_PER_GB); > > return 0; > > diff --git a/fs/nfsd/nfsd.h b/fs/nfsd/nfsd.h > index 847b482155ae..bbada18225b1 100644 > --- a/fs/nfsd/nfsd.h > +++ b/fs/nfsd/nfsd.h > @@ -341,6 +341,8 @@ void nfsd_lockd_shutdown(void); Protected by #ifdef CONFIG_NFSD_V4: > > #define NFSD_LAUNDROMAT_MINTIMEOUT 1 /* seconds */ > #define NFSD_COURTESY_CLIENT_TIMEOUT (24 * 60 * 60) /* seconds */ > +#define NFSD_CLIENT_MAX_TRIM_PER_RUN 128 > +#define NFS4_CLIENTS_PER_GB 1024 > > /* > * The following attributes are currently not supported by the NFSv4 server: > -- > 2.9.5 Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds
Powered by blists - more mailing lists