From: NeilBrown <neilb@suse.de>
To: "Strösser, Bodo" <bodo.stroesser@ts.fujitsu.com>
Cc: "linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
"bfields@fieldses.org" <bfields@fieldses.org>
Subject: Re: rpc.mountd can be blocked by a bad client
Date: Thu, 25 Sep 2014 10:32:10 +1000 [thread overview]
Message-ID: <20140925103210.5423676f@notabene.brown> (raw)
In-Reply-To: <8B06D1E6480A6747B23FEC34909D2B5EA819D7DCA4@ABGEX70E.FSC.NET>
[-- Attachment #1: Type: text/plain, Size: 2183 bytes --]
On Wed, 24 Sep 2014 12:57:09 +0200 "Strösser, Bodo"
<bodo.stroesser@ts.fujitsu.com> wrote:
> Hello,
>
> a few days ago we had some trouble with a NFS server. The clients most of the time no longer
> could mount any shares, but in rare cases they had success.
>
> We found out, that during the times when mounts failed, rpc.mountd hung on a write() to a TCP
> socket. netstat showed, that Send-Q was full and Recv-Q counted up slowly. After a long time
> the write ended with an error ("TCP timeout" IIRC) and rpc.mountd worked normally for a short
> while until it again hung on write() for the same reason. The problem was caused by a MTU size
> configured wrong. So, one single bad client (or as much clients as the number of threads used
> by rpc.mountd) can block rpc.mountd entirely.
>
> But what will happen, if someone intentionally sends RPC requests, but doesn't read() the
> answers? I wrote a small tool to test this situation. It fires DUMP requests to rpc.mountd as
> fast as possible, but does not read from the socket. The result is the same as with the
> problem above: rpc.mountd hangs in write() and no longer responds to other requests while no
> TCP timeout breaks up this situation.
>
> So it's quite easy to intentionally block rpc.mountd from remote.
That's rather nasty.
We could possibly set the socket to be non-blocking, or we could set an alarm
just before handling a request.
Probably rpc_dispatch() in support/nfs/rpcdispatch.c would be the best place
to put the timeout.
catch SIGALRM (don't set SA_RESTART)
alarm(10);
call svc_sendreply
alarm(0);
if the alarm fires while svc_sendreply is writing to the socket it should get
an error and close the connection.
This would only fix mountd (as it is the only process to use rpc_dispatch).
Is a similar thing needed for statd I wonder?? It isn't so important.
NeilBrown
>
> Please CC me, I'm not on the list.
>
> Best regards,
> Bodo
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 828 bytes --]
next prev parent reply other threads:[~2014-09-25 0:32 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-24 10:57 rpc.mountd can be blocked by a bad client Strösser, Bodo
2014-09-25 0:32 ` NeilBrown [this message]
2014-09-25 10:21 ` Strösser, Bodo
2014-11-05 5:14 ` NeilBrown
2014-11-05 14:25 ` Strösser, Bodo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140925103210.5423676f@notabene.brown \
--to=neilb@suse.de \
--cc=bfields@fieldses.org \
--cc=bodo.stroesser@ts.fujitsu.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox