Commit eccbbc7c authored Dec 09, 2024 by NeilBrown Committed by Chuck Lever Jan 06, 2025

nfsd: don't use sv_nrthreads in connection limiting calculations.



The heuristic for limiting the number of incoming connections to nfsd
currently uses sv_nrthreads - allowing more connections if more threads
were configured.

A future patch will allow number of threads to grow dynamically so that
there will be no need to configure sv_nrthreads.  So we need a different
solution for limiting connections.

It isn't clear what problem is solved by limiting connections (as
mentioned in a code comment) but the most likely problem is a connection
storm - many connections that are not doing productive work.  These will
be closed after about 6 minutes already but it might help to slow down a
storm.

This patch adds a per-connection flag XPT_PEER_VALID which indicates
that the peer has presented a filehandle for which it has some sort of
access.  i.e the peer is known to be trusted in some way.  We now only
count connections which have NOT been determined to be valid.  There
should be relative few of these at any given time.

If the number of non-validated peer exceed a limit - currently 64 - we
close the oldest non-validated peer to avoid having too many of these
useless connections.

Note that this patch significantly changes the meaning of the various
configuration parameters for "max connections".  The next patch will
remove all of these.

Signed-off-by: NeilBrown <neilb@suse.de>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

parent de71d4e2

fs/nfs/callback.c

+0 −4

Original line number	Diff line number	Diff line
		@@ -211,10 +211,6 @@ static struct svc_serv *nfs_callback_create_svc(int minorversion)
		return ERR_PTR(-ENOMEM);
		}
		cb_info->serv = serv;
		/* As there is only one thread we need to over-ride the
		* default maximum of 80 connections
		*/
		serv->sv_maxconn = 1024;
		dprintk("nfs_callback_create_svc: service created\n");
		return serv;
		}

fs/nfs/callback_xdr.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -984,6 +984,7 @@ static __be32 nfs4_callback_compound(struct svc_rqst *rqstp)
		nfs_put_client(cps.clp);
		goto out_invalidcred;
		}
		svc_xprt_set_valid(rqstp->rq_xprt);
		}

		cps.minorversion = hdr_arg.minorversion;

fs/nfsd/netns.h

+2 −2

Original line number	Diff line number	Diff line
		@@ -129,8 +129,8 @@ struct nfsd_net {
		unsigned char writeverf[8];

		/*
		* Max number of connections this nfsd container will allow. Defaults
		* to '0' which is means that it bases this on the number of threads.
		* Max number of non-validated connections this nfsd container
		* will allow. Defaults to '0' gets mapped to 64.
		*/
		unsigned int max_connections;

fs/nfsd/nfsfh.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -382,6 +382,8 @@ __fh_verify(struct svc_rqst *rqstp,
		if (error)
		goto out;

		svc_xprt_set_valid(rqstp->rq_xprt);

		/* Finally, check access permissions. */
		error = nfsd_permission(cred, exp, dentry, access);
		out:

include/linux/sunrpc/svc.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -81,7 +81,7 @@ struct svc_serv {
		unsigned int sv_xdrsize; /* XDR buffer size */
		struct list_head sv_permsocks; /* all permanent sockets */
		struct list_head sv_tempsocks; /* all temporary sockets */
		int sv_tmpcnt; /* count of temporary sockets */
		int sv_tmpcnt; /* count of temporary "valid" sockets */
		struct timer_list sv_temptimer; /* timer for aging temporary sockets */

		char * sv_name; /* service name */