From: Miklos Szeredi <miklos@szeredi.hu>
To: Joanne Koong <joannelkoong@gmail.com>
Cc: Josef Bacik <josef@toxicpanda.com>,
linux-fsdevel@vger.kernel.org, bernd.schubert@fastmail.fm,
jefflexu@linux.alibaba.com, laoar.shao@gmail.com,
kernel-team@meta.com
Subject: Re: [PATCH v4 0/2] fuse: add timeout option for requests
Date: Thu, 22 Aug 2024 12:52:39 +0200 [thread overview]
Message-ID: <CAJfpegsPvb6KLcpp8wuP96gFhV3cH4a4DfRp1ZztpeGwugz=UQ@mail.gmail.com> (raw)
In-Reply-To: <CAJnrk1b7DUTMqprx1GNtV59umQh2G5cY8Qv7ExEXRP5fCA41PQ@mail.gmail.com>
On Wed, 21 Aug 2024 at 23:22, Joanne Koong <joannelkoong@gmail.com> wrote:
> Without a kernel enforced timeout, the only way out of this is to
> abort the connection. A userspace timeout wouldn't help in this case
> with getting the server unstuck. With the kernel timeout, this forces
> the kernel handling of the write request to proceed, whihc will drop
> the folio lock and resume the server back to a functioning state.
>
> I don't think situations like this are uncommon. For example, it's not
> obvious or clear to developers that fuse_lowlevel_notify_inval_inode()
> shouldn't be called inside of a write handler in their server code.
Documentation is definitely lacking. In fact a simple rule is: never
call a notification function from within a request handling function.
Notifications are async events that should happen independently of
handling regular operations. Anything else is an abuse of the
interface.
>
> For your concern about potential unintended side effects of timed out
> requests without the server's knowledge, could you elaborate more on
> the VFS locking example? In my mind, a request that times out is the
> same thing as a request that behaves normally and completes with an
> error code, but perhaps not?
- user calls mknod(2) on fuse directory
- VFS takes inode lock on parent directory
- calls into fuse to create the file
- fuse sends request to server
- file creation is slow and times out in the kernel
- fuse returns -ETIMEDOUT
- VFS releases inode lock
- meanwhile the server is still working on creating the file and has
no idea that something went wrong
- user calls the same mknod(2) again
- same things happen as last time
- server starts to create the file *again* knowing that the VFS takes
care of concurrency
- server crashes due to corruption
> I think also, having some way for system admins to enforce request
> timeouts across the board might be useful as well - for example, if a
> malignant fuse server doesn't reply to any requests, the requests hog
> memory until the server is killed.
As I said, I'm not against enforcing a response time for fuse servers,
as long as a timeout results in a complete abort and not just an error
on the timed out request.
Thanks,
Miklos
next prev parent reply other threads:[~2024-08-22 10:52 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-13 23:22 [PATCH v4 0/2] fuse: add timeout option for requests Joanne Koong
2024-08-13 23:22 ` [PATCH v4 1/2] fuse: add optional kernel-enforced timeout " Joanne Koong
2024-08-21 7:55 ` Jingbo Xu
2024-08-21 17:38 ` Joanne Koong
2024-08-13 23:22 ` [PATCH v4 2/2] fuse: add default_request_timeout and max_request_timeout sysctls Joanne Koong
2024-08-20 6:39 ` Yafang Shao
2024-08-20 18:31 ` Joanne Koong
2024-08-21 2:00 ` Yafang Shao
2024-08-22 7:06 ` Jingbo Xu
2024-08-22 21:19 ` Joanne Koong
2024-08-23 2:17 ` Jingbo Xu
2024-08-23 22:54 ` Joanne Koong
2024-08-27 8:12 ` Jingbo Xu
2024-08-27 18:13 ` Joanne Koong
2024-08-28 2:27 ` Jingbo Xu
2024-08-21 2:01 ` [PATCH v4 0/2] fuse: add timeout option for requests Yafang Shao
2024-08-26 20:30 ` Joanne Koong
2024-08-21 13:47 ` Miklos Szeredi
2024-08-21 14:15 ` Bernd Schubert
2024-08-21 14:25 ` Miklos Szeredi
2024-08-21 18:11 ` Josef Bacik
2024-08-21 18:54 ` Miklos Szeredi
2024-08-21 21:22 ` Joanne Koong
2024-08-22 10:52 ` Miklos Szeredi [this message]
2024-08-22 17:31 ` Joanne Koong
2024-08-22 17:43 ` Miklos Szeredi
2024-08-22 22:38 ` Joanne Koong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJfpegsPvb6KLcpp8wuP96gFhV3cH4a4DfRp1ZztpeGwugz=UQ@mail.gmail.com' \
--to=miklos@szeredi.hu \
--cc=bernd.schubert@fastmail.fm \
--cc=jefflexu@linux.alibaba.com \
--cc=joannelkoong@gmail.com \
--cc=josef@toxicpanda.com \
--cc=kernel-team@meta.com \
--cc=laoar.shao@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).