lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Fri, 15 Jul 2022 15:05:48 +0200 (CEST)
From:   Geert Uytterhoeven <geert@...ux-m68k.org>
To:     Dai Ngo <dai.ngo@...cle.com>
cc:     chuck.lever@...cle.com, linux-nfs@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-next@...r.kernel.org
Subject: Re: [PATCH v2 2/2] NFSD: limit the number of v4 clients to 1024 per
 1GB of system memory

 	Hi Dai,

On Thu, 14 Jul 2022, Dai Ngo wrote:
> Currently there is no limit on how many v4 clients are supported
> by the system. This can be a problem in systems with small memory
> configuration to function properly when a very large number of
> clients exist that creates memory shortage conditions.
>
> This patch enforces a limit of 1024 NFSv4 clients, including courtesy
> clients, per 1GB of system memory.  When the number of the clients
> reaches the limit, requests that create new clients are returned
> with NFS4ERR_DELAY and the laundromat is kicked start to trim old
> clients. Due to the overhead of the upcall to remove the client
> record, the maximun number of clients the laundromat removes on
> each run is limited to 128. This is done to ensure the laundromat
> can still process the other tasks in a timely manner.
>
> Since there is now a limit of the number of clients, the 24-hr
> idle time limit of courtesy client is no longer needed and was
> removed.
>
> Signed-off-by: Dai Ngo <dai.ngo@...cle.com>

Thanks for your patch, which is now commit 05eaba9bd8c06580 ("NFSD:
limit the number of v4 clients to 1024 per 1GB of system memory")
in next-20220715.

noreply@...erman.id.au reports:

     fs/nfsd/nfsctl.c:1504:24: error: 'NFS4_CLIENTS_PER_GB' undeclared (first use in this function)

> --- a/fs/nfsd/nfsctl.c
> +++ b/fs/nfsd/nfsctl.c
> @@ -1463,6 +1463,8 @@ static __net_init int nfsd_init_net(struct net *net)
> {
> 	int retval;
> 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
> +	u64 max_clients;
> +	struct sysinfo si;
>
> 	retval = nfsd_export_init(net);
> 	if (retval)
> @@ -1488,6 +1490,10 @@ static __net_init int nfsd_init_net(struct net *net)

Not protected by #ifdef CONFIG_NFSD_V4:

> 	seqlock_init(&nn->writeverf_lock);
>
> 	atomic_set(&nn->nfs4_client_count, 0);
> +	si_meminfo(&si);
> +	max_clients = (u64)si.totalram * si.mem_unit / (1024 * 1024 * 1024);
> +	max_clients *= NFS4_CLIENTS_PER_GB;
> +	nn->nfs4_max_clients = max_t(int, max_clients, NFS4_CLIENTS_PER_GB);
>
> 	return 0;
>
> diff --git a/fs/nfsd/nfsd.h b/fs/nfsd/nfsd.h
> index 847b482155ae..bbada18225b1 100644
> --- a/fs/nfsd/nfsd.h
> +++ b/fs/nfsd/nfsd.h
> @@ -341,6 +341,8 @@ void		nfsd_lockd_shutdown(void);

Protected by #ifdef CONFIG_NFSD_V4:

>
> #define NFSD_LAUNDROMAT_MINTIMEOUT      1   /* seconds */
> #define	NFSD_COURTESY_CLIENT_TIMEOUT	(24 * 60 * 60)	/* seconds */
> +#define	NFSD_CLIENT_MAX_TRIM_PER_RUN	128
> +#define	NFS4_CLIENTS_PER_GB		1024
>
> /*
>  * The following attributes are currently not supported by the NFSv4 server:
> -- 
> 2.9.5

Gr{oetje,eeting}s,

 						Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
 							    -- Linus Torvalds

Powered by blists - more mailing lists