public inbox for linux-nfs@vger.kernel.org
 help / color / mirror / Atom feed
From: NeilBrown <neilb@suse.de>
To: "Strösser, Bodo" <bodo.stroesser@ts.fujitsu.com>
Cc: "linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
	"bfields@fieldses.org" <bfields@fieldses.org>
Subject: Re: rpc.mountd can be blocked by a bad client
Date: Thu, 25 Sep 2014 10:32:10 +1000	[thread overview]
Message-ID: <20140925103210.5423676f@notabene.brown> (raw)
In-Reply-To: <8B06D1E6480A6747B23FEC34909D2B5EA819D7DCA4@ABGEX70E.FSC.NET>

[-- Attachment #1: Type: text/plain, Size: 2183 bytes --]

On Wed, 24 Sep 2014 12:57:09 +0200 "Strösser, Bodo"
<bodo.stroesser@ts.fujitsu.com> wrote:

> Hello,
> 
> a few days ago we had some trouble with a NFS server. The clients most of the time no longer
> could mount any shares, but in rare cases they had success.
> 
> We found out, that during the times when mounts failed, rpc.mountd hung on a write() to a TCP
> socket. netstat showed, that Send-Q was full and Recv-Q counted up slowly. After a long time
> the write ended with an error ("TCP timeout" IIRC) and rpc.mountd worked normally for a short
> while until it again hung on write() for the same reason. The problem was caused by a MTU size
> configured wrong. So, one single bad client (or as much clients as the number of threads used
> by rpc.mountd) can block rpc.mountd entirely.
> 
> But what will happen, if someone intentionally sends RPC requests, but doesn't read() the
> answers? I wrote a small tool to test this situation. It fires DUMP requests to rpc.mountd as
> fast as possible, but does not read from the socket. The result is the same as with the
> problem above: rpc.mountd hangs in write() and no longer responds to other requests while no
> TCP timeout breaks up this situation.
> 
> So it's quite easy to intentionally block rpc.mountd from remote.

That's rather nasty.
We could possibly set the socket to be non-blocking, or we could set an alarm
just before handling a request.
Probably rpc_dispatch() in support/nfs/rpcdispatch.c would be the best place
to put the timeout.
 catch SIGALRM (don't set SA_RESTART)
 alarm(10);
 call svc_sendreply
 alarm(0);

if the alarm fires while svc_sendreply is writing to the socket it should get
an error and close the connection.

This would only fix mountd (as it is the only process to use rpc_dispatch).
Is a similar thing needed for statd I wonder??  It isn't so important.

NeilBrown

> 
> Please CC me, I'm not on the list.
> 
> Best regards,
> Bodo
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 828 bytes --]

  reply	other threads:[~2014-09-25  0:32 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-09-24 10:57 rpc.mountd can be blocked by a bad client Strösser, Bodo
2014-09-25  0:32 ` NeilBrown [this message]
2014-09-25 10:21   ` Strösser, Bodo
2014-11-05  5:14     ` NeilBrown
2014-11-05 14:25       ` Strösser, Bodo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140925103210.5423676f@notabene.brown \
    --to=neilb@suse.de \
    --cc=bfields@fieldses.org \
    --cc=bodo.stroesser@ts.fujitsu.com \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox