[kernel] r13209 - in dists/lenny/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Mar 23 01:44:54 UTC 2009
Author: dannf
Date: Mon Mar 23 01:44:52 2009
New Revision: 13209
Log:
Make the max number of lockd connections configurable and increase
the default from 80 to the more reasonable 1024 (Closes: #520379)
Added:
dists/lenny/linux-2.6/debian/patches/bugfix/all/lockd-increase-sv_maxconn.patch
dists/lenny/linux-2.6/debian/patches/bugfix/all/sunrpc-add-sv_maxconn-field-to-svc_serv.patch
Modified:
dists/lenny/linux-2.6/debian/changelog
dists/lenny/linux-2.6/debian/patches/series/14
Modified: dists/lenny/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny/linux-2.6/debian/changelog (original)
+++ dists/lenny/linux-2.6/debian/changelog Mon Mar 23 01:44:52 2009
@@ -36,6 +36,8 @@
wrap tests. (Closes: #520548)
* Bump ABI to 2.
* [parisc] Fix the loading of large kernel modules (Closes: #401439)
+ * Make the max number of lockd connections configurable and increase
+ the default from 80 to the more reasonable 1024 (Closes: #520379)
[ Martin Michlmayr ]
* rt2x00: Fix VGC lower bound initialization. (Closes: #510607)
Added: dists/lenny/linux-2.6/debian/patches/bugfix/all/lockd-increase-sv_maxconn.patch
==============================================================================
--- (empty file)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/lockd-increase-sv_maxconn.patch Mon Mar 23 01:44:52 2009
@@ -0,0 +1,60 @@
+commit c72a476b4b7ecadb80185de31236edb303c1a5d0
+Author: Jeff Layton <jlayton at redhat.com>
+Date: Mon Oct 20 11:51:58 2008 -0400
+
+ lockd: set svc_serv->sv_maxconn to a more reasonable value (try #3)
+
+ The default method for calculating the number of connections allowed
+ per RPC service arbitrarily limits single-threaded services to 80
+ connections. This is too low for services like lockd and artificially
+ limits the number of TCP clients that it can support.
+
+ Have lockd set a default sv_maxconn value to 1024 (which is the typical
+ default value for RLIMIT_NOFILE. Also add a module parameter to allow an
+ admin to set this to an arbitrary value.
+
+ Signed-off-by: Jeff Layton <jlayton at redhat.com>
+ Acked-by: Neil Brown <neilb at suse.de>
+ Signed-off-by: J. Bruce Fields <bfields at citi.umich.edu>
+
+Backported to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN a/fs/lockd/svc.c b/fs/lockd/svc.c
+--- a/fs/lockd/svc.c 2008-07-13 15:51:29.000000000 -0600
++++ b/fs/lockd/svc.c 2009-03-22 14:55:51.000000000 -0600
+@@ -63,6 +63,9 @@ static unsigned long nlm_timeout = LOCK
+ static int nlm_udpport, nlm_tcpport;
+ int nsm_use_hostnames = 0;
+
++/* RLIM_NOFILE defaults to 1024. That seems like a reasonable default here. */
++static unsigned int nlm_max_connections = 1024;
++
+ /*
+ * Constants needed for the sysctl interface.
+ */
+@@ -149,6 +152,9 @@ lockd(void *vrqstp)
+ long timeout = MAX_SCHEDULE_TIMEOUT;
+ RPC_IFDEBUG(char buf[RPC_MAX_ADDRBUFLEN]);
+
++ /* update sv_maxconn if it has changed */
++ rqstp->rq_server->sv_maxconn = nlm_max_connections;
++
+ if (signalled()) {
+ flush_signals(current);
+ if (nlmsvc_ops) {
+@@ -298,6 +304,7 @@ lockd_up(int proto) /* Maybe add a 'fami
+ }
+
+ svc_sock_update_bufs(serv);
++ serv->sv_maxconn = nlm_max_connections;
+ nlmsvc_serv = rqstp->rq_server;
+
+ nlmsvc_task = kthread_run(lockd, rqstp, serv->sv_name);
+@@ -505,6 +512,7 @@ module_param_call(nlm_udpport, param_set
+ module_param_call(nlm_tcpport, param_set_port, param_get_int,
+ &nlm_tcpport, 0644);
+ module_param(nsm_use_hostnames, bool, 0644);
++module_param(nlm_max_connections, uint, 0644);
+
+ /*
+ * Initialising and terminating the module.
Added: dists/lenny/linux-2.6/debian/patches/bugfix/all/sunrpc-add-sv_maxconn-field-to-svc_serv.patch
==============================================================================
--- (empty file)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/sunrpc-add-sv_maxconn-field-to-svc_serv.patch Mon Mar 23 01:44:52 2009
@@ -0,0 +1,96 @@
+commit c9233eb7b0b11ef176d4bf68da2ce85464b6ec39
+Author: Jeff Layton <jlayton at redhat.com>
+Date: Mon Oct 20 11:51:57 2008 -0400
+
+ sunrpc: add sv_maxconn field to svc_serv (try #3)
+
+ svc_check_conn_limits() attempts to prevent denial of service attacks
+ by having the service close old connections once it reaches a
+ threshold. This threshold is based on the number of threads in the
+ service:
+
+ (serv->sv_nrthreads + 3) * 20
+
+ Once we reach this, we drop the oldest connections and a printk pops
+ to warn the admin that they should increase the number of threads.
+
+ Increasing the number of threads isn't an option however for services
+ like lockd. We don't want to eliminate this check entirely for such
+ services but we need some way to increase this limit.
+
+ This patch adds a sv_maxconn field to the svc_serv struct. When it's
+ set to 0, we use the current method to calculate the max number of
+ connections. RPC services can then set this on an as-needed basis.
+
+ Signed-off-by: Jeff Layton <jlayton at redhat.com>
+ Acked-by: Neil Brown <neilb at suse.de>
+ Signed-off-by: J. Bruce Fields <bfields at citi.umich.edu>
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h
+--- a/include/linux/sunrpc/svc.h 2008-07-13 15:51:29.000000000 -0600
++++ b/include/linux/sunrpc/svc.h 2009-03-22 14:48:06.000000000 -0600
+@@ -58,10 +58,13 @@ struct svc_serv {
+ struct svc_stat * sv_stats; /* RPC statistics */
+ spinlock_t sv_lock;
+ unsigned int sv_nrthreads; /* # of server threads */
++ unsigned int sv_maxconn; /* max connections allowed or
++ * '0' causing max to be based
++ * on number of threads. */
++
+ unsigned int sv_max_payload; /* datagram payload size */
+ unsigned int sv_max_mesg; /* max_payload + 1 page for overheads */
+ unsigned int sv_xdrsize; /* XDR buffer size */
+-
+ struct list_head sv_permsocks; /* all permanent sockets */
+ struct list_head sv_tempsocks; /* all temporary sockets */
+ int sv_tmpcnt; /* count of temporary sockets */
+diff -urpN a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c
+--- a/net/sunrpc/svc_xprt.c 2009-03-22 14:15:29.000000000 -0600
++++ b/net/sunrpc/svc_xprt.c 2009-03-22 14:48:06.000000000 -0600
+@@ -488,8 +488,10 @@ int svc_port_is_privileged(struct sockad
+ }
+
+ /*
+- * Make sure that we don't have too many active connections. If we
+- * have, something must be dropped.
++ * Make sure that we don't have too many active connections. If we have,
++ * something must be dropped. It's not clear what will happen if we allow
++ * "too many" connections, but when dealing with network-facing software,
++ * we have to code defensively. Here we do that by imposing hard limits.
+ *
+ * There's no point in trying to do random drop here for DoS
+ * prevention. The NFS clients does 1 reconnect in 15 seconds. An
+@@ -498,19 +500,27 @@ int svc_port_is_privileged(struct sockad
+ * The only somewhat efficient mechanism would be if drop old
+ * connections from the same IP first. But right now we don't even
+ * record the client IP in svc_sock.
++ *
++ * single-threaded services that expect a lot of clients will probably
++ * need to set sv_maxconn to override the default value which is based
++ * on the number of threads
+ */
+ static void svc_check_conn_limits(struct svc_serv *serv)
+ {
+- if (serv->sv_tmpcnt > (serv->sv_nrthreads+3)*20) {
++ unsigned int limit = serv->sv_maxconn ? serv->sv_maxconn :
++ (serv->sv_nrthreads+3) * 20;
++
++ if (serv->sv_tmpcnt > limit) {
+ struct svc_xprt *xprt = NULL;
+ spin_lock_bh(&serv->sv_lock);
+ if (!list_empty(&serv->sv_tempsocks)) {
+ if (net_ratelimit()) {
+ /* Try to help the admin */
+ printk(KERN_NOTICE "%s: too many open "
+- "connections, consider increasing the "
+- "number of nfsd threads\n",
+- serv->sv_name);
++ "connections, consider increasing %s\n",
++ serv->sv_name, serv->sv_maxconn ?
++ "the max number of connections." :
++ "the number of threads.");
+ }
+ /*
+ * Always select the oldest connection. It's not fair,
Modified: dists/lenny/linux-2.6/debian/patches/series/14
==============================================================================
--- dists/lenny/linux-2.6/debian/patches/series/14 (original)
+++ dists/lenny/linux-2.6/debian/patches/series/14 Mon Mar 23 01:44:52 2009
@@ -30,3 +30,5 @@
- bugfix/all/stable/2.6.26.8-abi-1.patch
- bugfix/all/CVE-2009-0029/mips-enable-syscall-wrappers-no-abi-change.patch
+ bugfix/parisc/fix-loading-large-kmods.patch
++ bugfix/all/sunrpc-add-sv_maxconn-field-to-svc_serv.patch
++ bugfix/all/lockd-increase-sv_maxconn.patch
More information about the Kernel-svn-changes
mailing list