From patchwork Wed Oct 30 22:08:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joanne Koong X-Patchwork-Id: 13857263 Received: from mail-yb1-f173.google.com (mail-yb1-f173.google.com [209.85.219.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1F1021BD9DC for ; Wed, 30 Oct 2024 22:08:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730326115; cv=none; b=E8dw7ASqqaOZM/Br3JGtnNk3/hW3w6NsEJM5LyAs2xcTx08uzrDthDqDrhZ6J42dcERrcqE5qloWTL/R8Ux0c8gQheqjhk5wOcpOoVtYoh9pvv5m/6JH+zt5o3YgzpxUcEKu4l0YwpCY2l9QHS/y9damDI9a1O+x2b02Qpmq83k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730326115; c=relaxed/simple; bh=XTqdpnqCQUq/lyFP7zkZinayJQkDWOixs7lnvYm0jvo=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=i7EIE4bD26fHKuhgNXiBzQqNT+cwovbCq25X/K/DmRtbfzGKjnDd51BV9QDShoRHiqyeFdB+ZcojxfIhhRkal6m3uLR42ZqOSXJ7SZWiKzA9hyHzRshZMbw40Q4T90WwrAFI+OMtJ9WF80RVgKLIkrAfmwg8ZMD+zvkepk9n40M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=FbuKPUCi; arc=none smtp.client-ip=209.85.219.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="FbuKPUCi" Received: by mail-yb1-f173.google.com with SMTP id 3f1490d57ef6-e2bd7d8aaf8so289858276.3 for ; Wed, 30 Oct 2024 15:08:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730326112; x=1730930912; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=aw6yEAfKVb/rJW5k4q7A4sTnqwnlBXS09YR6aNAi5U8=; b=FbuKPUCi8Eh086NbBacgPdqgmnwLmq9mBjy5b2/tCOfIC9SuUKjuQByrzAHOtsrCbG BNN9hPJo7OtEUeRydGC+QzlUSRVDryGKEfTfH15W+6V1kviXyv/yKH1HdfAEfpegCQbP JrcN7aEOya562JP/LJ4CCC+6vTaLaAV9O4DbSld248W5Au5SX/HW1wZJ+s2l1e7xLg3D cnsMAJ7fm3wqx1FZYbEsn1sMEt4tNzIr75RsIwa+5127rSltUBf6AZUSIGZbW9O6wY1K D6Z9swZyS1hPQRDnzzcnKIhRefszhGJx0rm9cjy9V1TzWkH8GNGWHy2/F2EpzHQM/wR2 LEQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730326112; x=1730930912; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=aw6yEAfKVb/rJW5k4q7A4sTnqwnlBXS09YR6aNAi5U8=; b=QOWNT8kT5VdSuzuA96dYRYRQXxyLqBuxiivOSEyzLR0awB4xgSx47cyhnnTRThRIBd YcnlQCCxftYnwzthbjeE/VNOxdmACZyzMmO/YmmC6UoHMuKfBLuIRD+e90qgZG0YNFAJ 91KiO+jfCzOFBEf6oV+LSTTrvNpYYgWO3Nc28Io3rWmLJa4hpmRq8WUQS+KMiE9yisfi utJc9hHHrW+xUgWisXc4QY73cr3022xLkQvxyKMbZDMhw95hfWztkXX6P3ogQlNKMNBt Y6oz3+uq8P7qaNk6nCe8rMISPLA07S8fGcTlb/Jpx5z1/yoVCPSLou3SdGR/seKhIjqN 2tQw== X-Forwarded-Encrypted: i=1; AJvYcCVwp/oeuhlsjUW2eXOWcJDFKpfoU/wV5KqvwwxCh7zqidYS1C702AW95Kru/JcYX/0Bfiy+uGjNOVfJZwzM@vger.kernel.org X-Gm-Message-State: AOJu0Yxp9T/iI8dNpTLseU7Dmd+aFTKaHf7YaxDlfgRnxeWJXzuSbPtT mPYQ7UQ+/O1R1+U53KxKnSxyVzBPfpkHIceezv8ZwEIh7Vq9obQ7sYqLEA== X-Google-Smtp-Source: AGHT+IFa/N/xa3Exi/jCvTm8b4sfp0zO278nWHgfclQtwI7G7JJB2bQFymI9OHFp1sLENhmTpGbadg== X-Received: by 2002:a05:6902:1203:b0:e28:fbbf:7406 with SMTP id 3f1490d57ef6-e30e5a3dff1mr1325102276.15.1730326112066; Wed, 30 Oct 2024 15:08:32 -0700 (PDT) Received: from localhost (fwdproxy-nha-113.fbsv.net. [2a03:2880:25ff:71::face:b00c]) by smtp.gmail.com with ESMTPSA id 3f1490d57ef6-e30e8a63368sm34056276.4.2024.10.30.15.08.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Oct 2024 15:08:31 -0700 (PDT) From: Joanne Koong To: miklos@szeredi.hu, linux-fsdevel@vger.kernel.org Cc: josef@toxicpanda.com, bernd.schubert@fastmail.fm, jefflexu@linux.alibaba.com, laoar.shao@gmail.com, viro@zeniv.linux.org.uk, kernel-team@meta.com, Bernd Schubert Subject: [PATCH v9 1/3] fs_parser: add fsparam_u16 helper Date: Wed, 30 Oct 2024 15:08:04 -0700 Message-ID: <20241030220804.652651-1-joannelkoong@gmail.com> X-Mailer: git-send-email 2.43.5 Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add a fsparam helper for unsigned 16 bit values. Signed-off-by: Joanne Koong Reviewed-by: Bernd Schubert --- fs/fs_parser.c | 14 ++++++++++++++ include/linux/fs_parser.h | 9 ++++++--- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/fs/fs_parser.c b/fs/fs_parser.c index 24727ec34e5a..0e06f9618c89 100644 --- a/fs/fs_parser.c +++ b/fs/fs_parser.c @@ -210,6 +210,20 @@ int fs_param_is_bool(struct p_log *log, const struct fs_parameter_spec *p, } EXPORT_SYMBOL(fs_param_is_bool); +int fs_param_is_u16(struct p_log *log, const struct fs_parameter_spec *p, + struct fs_parameter *param, struct fs_parse_result *result) +{ + int base = (unsigned long)p->data; + if (param->type != fs_value_is_string) + return fs_param_bad_value(log, param); + if (!*param->string && (p->flags & fs_param_can_be_empty)) + return 0; + if (kstrtou16(param->string, base, &result->uint_16) < 0) + return fs_param_bad_value(log, param); + return 0; +} +EXPORT_SYMBOL(fs_param_is_u16); + int fs_param_is_u32(struct p_log *log, const struct fs_parameter_spec *p, struct fs_parameter *param, struct fs_parse_result *result) { diff --git a/include/linux/fs_parser.h b/include/linux/fs_parser.h index 6cf713a7e6c6..84acd7acef50 100644 --- a/include/linux/fs_parser.h +++ b/include/linux/fs_parser.h @@ -26,9 +26,10 @@ typedef int fs_param_type(struct p_log *, /* * The type of parameter expected. */ -fs_param_type fs_param_is_bool, fs_param_is_u32, fs_param_is_s32, fs_param_is_u64, - fs_param_is_enum, fs_param_is_string, fs_param_is_blob, fs_param_is_blockdev, - fs_param_is_path, fs_param_is_fd, fs_param_is_uid, fs_param_is_gid; +fs_param_type fs_param_is_bool, fs_param_is_u16, fs_param_is_u32, fs_param_is_s32, + fs_param_is_u64, fs_param_is_enum, fs_param_is_string, fs_param_is_blob, + fs_param_is_blockdev, fs_param_is_path, fs_param_is_fd, fs_param_is_uid, + fs_param_is_gid; /* * Specification of the type of value a parameter wants. @@ -55,6 +56,7 @@ struct fs_parse_result { union { bool boolean; /* For spec_bool */ int int_32; /* For spec_s32/spec_enum */ + u16 uint_16; /* For spec_u16{,_octal,_hex}/spec_enum */ unsigned int uint_32; /* For spec_u32{,_octal,_hex}/spec_enum */ u64 uint_64; /* For spec_u64 */ kuid_t uid; @@ -119,6 +121,7 @@ static inline bool fs_validate_description(const char *name, #define fsparam_flag_no(NAME, OPT) \ __fsparam(NULL, NAME, OPT, fs_param_neg_with_no, NULL) #define fsparam_bool(NAME, OPT) __fsparam(fs_param_is_bool, NAME, OPT, 0, NULL) +#define fsparam_u16(NAME, OPT) __fsparam(fs_param_is_u16, NAME, OPT, 0, NULL) #define fsparam_u32(NAME, OPT) __fsparam(fs_param_is_u32, NAME, OPT, 0, NULL) #define fsparam_u32oct(NAME, OPT) \ __fsparam(fs_param_is_u32, NAME, OPT, 0, (void *)8) From patchwork Wed Oct 30 22:08:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joanne Koong X-Patchwork-Id: 13857264 Received: from mail-yw1-f178.google.com (mail-yw1-f178.google.com [209.85.128.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EE4E01BD9DC for ; Wed, 30 Oct 2024 22:09:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730326151; cv=none; b=H5y81vNrYGJITdyVxYVIgXVfjp5o+m28eYluK06fMRQMaEZhbkRjMWfa8Wxi5ErOnjULUD21K1BISjktcUfmCiNG5QrA9v+g5AU3kYyYlrOp941qWpc4Vczvan3OL8EYYk6QxxSPEOxdbdLjTlZoO3578fYSDDIFZ4Dq87yD4SU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730326151; c=relaxed/simple; bh=HtWRrrOr5sAqbKMKB3iodPdyb9KgkGiHvr1cY++ZtA8=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=ORVG/pK/eJNvBE+NFCJ2hQPsrel2Uw8x0vuGbWqaILhYE6UwiyOHJGlhhNB6jF5MMK/lSznN4tSkSrayAlrkVgoUFM9cv7mdQDrgl23paRFwIT90XB9Y/hzu7TqjwPvpkZoj9uDP++aJe9JXjcxBu34xRvodDdfRsdh6fIvyjd4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=SWWxEeJM; arc=none smtp.client-ip=209.85.128.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="SWWxEeJM" Received: by mail-yw1-f178.google.com with SMTP id 00721157ae682-6e9ba45d67fso3174767b3.1 for ; Wed, 30 Oct 2024 15:09:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730326148; x=1730930948; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=Iqzqh7Xb4erwSTvoCFH/nXOSNts477x12nGwsoPGPOs=; b=SWWxEeJMHBTPUb1T7NaGuBb5pdaKAV3vBvGl41prSME/jfip1R6sdagEAuSifNZPXq r8Nn9ns/A6egpzqi58vjpM1Om11eyXup+7xOXGXSU1sv3/MfvEB0NFehBuxTLjZMS+VH ITsZ8suUyn4SVa1WeYny8nkMhXOXf544uQodQCYC4ktHUpgPlnfJa/2p6QqtvVFUT7lS cd3czd3NhkMkhkYMKUcUmbBJqnC+z/DxQcRBV0ut940YDjyygLYdU2ZyS//Zmr7h6Z8I /rt1M0rv6Uon30UwORe0G18BIc+G7sxIFZubOAlUS9qoHtZd6TW9u6CuerrSvrE0mO32 8IVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730326148; x=1730930948; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Iqzqh7Xb4erwSTvoCFH/nXOSNts477x12nGwsoPGPOs=; b=tM9D2370D4WBC9bJZ+Fd6ID4+mGS7uwioSsZGw+Rz6/MpIhq5gnHImsjCbQNDNakVl WSLRLVDv8ujrSrP3mlXMpRr0eYyrNvcpVQaPhhAzyjPz4kaveW70sYIOesjb+rDdTejC J2+Y12he+rmXn0P3zCocmThVB0yPBeD2mTrwEYP/l3EtIuMWv2dXmZMWeGp1CfeafbzX YNN4kNRIPtKutIB8kHtvW4r2bIo+pfKQajdRbtvsXaghk4kTdENeZCo0HTAnPmmnz+SB thI/x4XA6l6K2AJ/0kHeI4ATHJxCUOUgLFaMyGuqp6AUssaQ/ZDsGOBXfgp+Y9KzLW5v IhwA== X-Forwarded-Encrypted: i=1; AJvYcCX88OrFNhH2mOLAPPkI0xLfS/p5aO9D/bSrrcXO+F9z7ZmtWQgZ2QTsDRBTtM5JHWYgLrzgVTEy/Njxd8uu@vger.kernel.org X-Gm-Message-State: AOJu0Yyi9ewFjpXrMBEx7NRrWF0WkrDwO9ffuA0NSwxr9QYH0Hcguk1f TETFt9FUI2tTZYk2jqcrjzMexXGsUqRqhJFc20kaLDDfF5bXKdlz X-Google-Smtp-Source: AGHT+IHAjIN7agT13Dmbq6QQEeMEUtc9ofohTjLANtJx5jy6U8+QrzrwP0GdFHUxBkEFCqiPQrctRg== X-Received: by 2002:a05:690c:81:b0:6e3:178d:1873 with SMTP id 00721157ae682-6ea3b96ad35mr64472167b3.33.1730326147902; Wed, 30 Oct 2024 15:09:07 -0700 (PDT) Received: from localhost (fwdproxy-nha-115.fbsv.net. [2a03:2880:25ff:73::face:b00c]) by smtp.gmail.com with ESMTPSA id 00721157ae682-6ea55b108absm293497b3.39.2024.10.30.15.09.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Oct 2024 15:09:07 -0700 (PDT) From: Joanne Koong To: miklos@szeredi.hu, linux-fsdevel@vger.kernel.org Cc: josef@toxicpanda.com, bernd.schubert@fastmail.fm, jefflexu@linux.alibaba.com, laoar.shao@gmail.com, kernel-team@meta.com, Bernd Schubert Subject: [PATCH v9 2/3] fuse: add optional kernel-enforced timeout for requests Date: Wed, 30 Oct 2024 15:08:51 -0700 Message-ID: <20241030220852.656013-1-joannelkoong@gmail.com> X-Mailer: git-send-email 2.43.5 Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 There are situations where fuse servers can become unresponsive or stuck, for example if the server is deadlocked. Currently, there's no good way to detect if a server is stuck and needs to be killed manually. This commit adds an option for enforcing a timeout (in minutes) for requests where if the timeout elapses without the server responding to the request, the connection will be automatically aborted. Please note that these timeouts are not 100% precise. The request may take an extra FUSE_TIMEOUT_TIMER_FREQ seconds beyond the requested max timeout due to how it's internally implemented. Signed-off-by: Joanne Koong Reviewed-by: Bernd Schubert --- fs/fuse/dev.c | 80 ++++++++++++++++++++++++++++++++++++++++++++++++ fs/fuse/fuse_i.h | 21 +++++++++++++ fs/fuse/inode.c | 21 +++++++++++++ 3 files changed, 122 insertions(+) diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c index e25804097ffb..a37dcc34ef9b 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c @@ -45,6 +45,82 @@ static struct fuse_dev *fuse_get_dev(struct file *file) return READ_ONCE(file->private_data); } +static bool request_expired(struct fuse_conn *fc, struct fuse_req *req) +{ + return jiffies > req->create_time + fc->timeout.req_timeout; +} + +/* + * Check if any requests aren't being completed by the specified request + * timeout. To do so, we: + * - check the fiq pending list + * - check the bg queue + * - check the fpq io and processing lists + * + * To make this fast, we only check against the head request on each list since + * these are generally queued in order of creation time (eg newer requests get + * queued to the tail). We might miss a few edge cases (eg requests transitioning + * between lists, re-sent requests at the head of the pending list having a + * later creation time than other requests on that list, etc.) but that is fine + * since if the request never gets fulfilled, it will eventually be caught. + */ +void fuse_check_timeout(struct timer_list *timer) +{ + struct fuse_conn *fc = container_of(timer, struct fuse_conn, timeout.timer); + struct fuse_iqueue *fiq = &fc->iq; + struct fuse_req *req; + struct fuse_dev *fud; + struct fuse_pqueue *fpq; + bool expired = false; + int i; + + spin_lock(&fiq->lock); + req = list_first_entry_or_null(&fiq->pending, struct fuse_req, list); + if (req) + expired = request_expired(fc, req); + spin_unlock(&fiq->lock); + if (expired) + goto abort_conn; + + spin_lock(&fc->bg_lock); + req = list_first_entry_or_null(&fc->bg_queue, struct fuse_req, list); + if (req) + expired = request_expired(fc, req); + spin_unlock(&fc->bg_lock); + if (expired) + goto abort_conn; + + spin_lock(&fc->lock); + if (!fc->connected) { + spin_unlock(&fc->lock); + return; + } + list_for_each_entry(fud, &fc->devices, entry) { + fpq = &fud->pq; + spin_lock(&fpq->lock); + req = list_first_entry_or_null(&fpq->io, struct fuse_req, list); + if (req && request_expired(fc, req)) + goto fpq_abort; + + for (i = 0; i < FUSE_PQ_HASH_SIZE; i++) { + req = list_first_entry_or_null(&fpq->processing[i], struct fuse_req, list); + if (req && request_expired(fc, req)) + goto fpq_abort; + } + spin_unlock(&fpq->lock); + } + spin_unlock(&fc->lock); + + mod_timer(&fc->timeout.timer, jiffies + FUSE_TIMEOUT_TIMER_FREQ); + return; + +fpq_abort: + spin_unlock(&fpq->lock); + spin_unlock(&fc->lock); +abort_conn: + fuse_abort_conn(fc); +} + static void fuse_request_init(struct fuse_mount *fm, struct fuse_req *req) { INIT_LIST_HEAD(&req->list); @@ -53,6 +129,7 @@ static void fuse_request_init(struct fuse_mount *fm, struct fuse_req *req) refcount_set(&req->count, 1); __set_bit(FR_PENDING, &req->flags); req->fm = fm; + req->create_time = jiffies; } static struct fuse_req *fuse_request_alloc(struct fuse_mount *fm, gfp_t flags) @@ -2297,6 +2374,9 @@ void fuse_abort_conn(struct fuse_conn *fc) spin_unlock(&fc->lock); end_requests(&to_end); + + if (fc->timeout.req_timeout) + timer_delete(&fc->timeout.timer); } else { spin_unlock(&fc->lock); } diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h index 671daa4d07ad..86a23970794c 100644 --- a/fs/fuse/fuse_i.h +++ b/fs/fuse/fuse_i.h @@ -438,6 +438,9 @@ struct fuse_req { /** fuse_mount this request belongs to */ struct fuse_mount *fm; + + /** When (in jiffies) the request was created */ + unsigned long create_time; }; struct fuse_iqueue; @@ -528,6 +531,16 @@ struct fuse_pqueue { struct list_head io; }; +/* Frequency (in seconds) of request timeout checks, if opted into */ +#define FUSE_TIMEOUT_TIMER_FREQ 60 * HZ + +struct fuse_timeout { + struct timer_list timer; + + /* Request timeout (in jiffies). 0 = no timeout */ + unsigned long req_timeout; +}; + /** * Fuse device instance */ @@ -574,6 +587,8 @@ struct fuse_fs_context { enum fuse_dax_mode dax_mode; unsigned int max_read; unsigned int blksize; + /* Request timeout (in minutes). 0 = no timeout (infinite wait) */ + unsigned int req_timeout; const char *subtype; /* DAX device, may be NULL */ @@ -920,6 +935,9 @@ struct fuse_conn { /** IDR for backing files ids */ struct idr backing_files_map; #endif + + /** Only used if the connection enforces request timeouts */ + struct fuse_timeout timeout; }; /* @@ -1181,6 +1199,9 @@ void fuse_request_end(struct fuse_req *req); void fuse_abort_conn(struct fuse_conn *fc); void fuse_wait_aborted(struct fuse_conn *fc); +/* Check if any requests timed out */ +void fuse_check_timeout(struct timer_list *timer); + /** * Invalidate inode attributes */ diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c index f1779ff3f8d1..ee006f09cd04 100644 --- a/fs/fuse/inode.c +++ b/fs/fuse/inode.c @@ -735,6 +735,7 @@ enum { OPT_ALLOW_OTHER, OPT_MAX_READ, OPT_BLKSIZE, + OPT_REQUEST_TIMEOUT, OPT_ERR }; @@ -749,6 +750,7 @@ static const struct fs_parameter_spec fuse_fs_parameters[] = { fsparam_u32 ("max_read", OPT_MAX_READ), fsparam_u32 ("blksize", OPT_BLKSIZE), fsparam_string ("subtype", OPT_SUBTYPE), + fsparam_u16 ("request_timeout", OPT_REQUEST_TIMEOUT), {} }; @@ -844,6 +846,10 @@ static int fuse_parse_param(struct fs_context *fsc, struct fs_parameter *param) ctx->blksize = result.uint_32; break; + case OPT_REQUEST_TIMEOUT: + ctx->req_timeout = result.uint_16; + break; + default: return -EINVAL; } @@ -973,6 +979,8 @@ void fuse_conn_put(struct fuse_conn *fc) if (IS_ENABLED(CONFIG_FUSE_DAX)) fuse_dax_conn_free(fc); + if (fc->timeout.req_timeout) + timer_shutdown_sync(&fc->timeout.timer); if (fiq->ops->release) fiq->ops->release(fiq); put_pid_ns(fc->pid_ns); @@ -1691,6 +1699,18 @@ int fuse_init_fs_context_submount(struct fs_context *fsc) } EXPORT_SYMBOL_GPL(fuse_init_fs_context_submount); +static void fuse_init_fc_timeout(struct fuse_conn *fc, struct fuse_fs_context *ctx) +{ + if (ctx->req_timeout) { + if (check_mul_overflow(ctx->req_timeout * 60, HZ, &fc->timeout.req_timeout)) + fc->timeout.req_timeout = ULONG_MAX; + timer_setup(&fc->timeout.timer, fuse_check_timeout, 0); + mod_timer(&fc->timeout.timer, jiffies + FUSE_TIMEOUT_TIMER_FREQ); + } else { + fc->timeout.req_timeout = 0; + } +} + int fuse_fill_super_common(struct super_block *sb, struct fuse_fs_context *ctx) { struct fuse_dev *fud = NULL; @@ -1753,6 +1773,7 @@ int fuse_fill_super_common(struct super_block *sb, struct fuse_fs_context *ctx) fc->destroy = ctx->destroy; fc->no_control = ctx->no_control; fc->no_force_umount = ctx->no_force_umount; + fuse_init_fc_timeout(fc, ctx); err = -ENOMEM; root = fuse_get_root_inode(sb, ctx->rootmode); From patchwork Wed Oct 30 22:08:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joanne Koong X-Patchwork-Id: 13857265 Received: from mail-yw1-f172.google.com (mail-yw1-f172.google.com [209.85.128.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B7DA01BD9DC for ; Wed, 30 Oct 2024 22:09:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730326156; cv=none; b=SWjBgNq9eGWbNCXEpoTHz5GvWEjA85H3vI+exxeOpuartYioVq/iToNI5i2IYDL4yvqMXr+4qkyp1McPN2fttZ/BIQw3J/yz3FPnIbRvB0wb0Blbe/D21/ZxehdBX/Xz8G5LELbgSAhSfP6dqR9knugj5dlbLSeLRunbLvxui5w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730326156; c=relaxed/simple; bh=heZMQzvWwq9UHNJELo1RwzIM8nSo2y9ZDqyJgBUw/o8=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=pyMeExL9M/ZcA8/0h2WaSO+oPGIFJtQZrK4ToQmpWTySh11/9oWm/cZXHzlnPGBNkfDrkV0HwP422mtirQp9JcXPqmzjTFUgc7DQaXMydbL+Hnk9QynFrZOKSTnlEkCbZx4pUzgtYR01lYf0I+pc/AWl1Wv2ZejILkrG5IeX3AI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=PM/NBgpr; arc=none smtp.client-ip=209.85.128.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="PM/NBgpr" Received: by mail-yw1-f172.google.com with SMTP id 00721157ae682-6e5b7cd1ef5so2687887b3.1 for ; Wed, 30 Oct 2024 15:09:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730326153; x=1730930953; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=DxRxNTSg1mVjeKLM9GO4Js/OLsOKZlTs5RqsGff1Hr0=; b=PM/NBgpr4Qs4b4rNwWUmW3re+zp5IEmcKHuk4KM3QWuM3H9Vw2RChaLnCSkVY3R58g mMAQB9d0G1tY+PwmilBuF2chWgeK/RyBtsq9ojDr/ztPyvetZPPm8vW32pveOvM82/nk ufl9XjUVTdy640vwDVP/OCEVf9O8D4Q7FOopblWWjQBq6aJrxR84owtc1sCxnJoISNMY ZwWAEDsVyRzmlSvvWrW22j0X2317Jwd/IuRNOFfWeVITFUC1o1b1e14MfZeH0DActnpA LfPu0TVQKzhnhairRLQ4PylrecOAUtHMnf/vNUhVigpxDgFpKkcuvmDVdsKofP/3vcYn JZ9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730326153; x=1730930953; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DxRxNTSg1mVjeKLM9GO4Js/OLsOKZlTs5RqsGff1Hr0=; b=meH1CynFtP5sIYuBClxCnzbi+dDKLZWvmHofupqeWIVTHFa3yQOTehzkMHsOImYROs E4E9q3qeknsLQrfFwxTDzwVgMWCHvCyYpOhVEx5pVFbEQAxXkKsCuxGoU1wqSl7KhMCJ z39/yVRrKJaSpDy5/ONEbu1Kd9uyNJqQf1neZt82ysnKkY3H0k3bgEA/izChrAEkkZPf aaNIdzbxbTDCoXtAj3n3/+4ecfkxmYau236kYggQSmJmI6/BgXWnWV+BmDkqhmOGtrR9 s2dLpw1yS4zZZNDf/b9X2SLfyTihogNIlmwUv48zvESsyGP7t3Dq9yP0DlyTDi2hWmLL qsiA== X-Forwarded-Encrypted: i=1; AJvYcCUoa2yMkvUWxKNHRP0beUrt/eIbD22jzqa2UyM38CnMermLDW2FXTzPUu5eUAEygm7MqkPW7wPrp8hBpkPG@vger.kernel.org X-Gm-Message-State: AOJu0Yxqs8IANyNltH97eHKOPaz9nXusyvLGSmQnNmDD308kuwdu/FH/ DhyQWFCPYI+frEuOIS15Ekv8ti0+/HfHIYTUCD4avLXEEGQBJyEc X-Google-Smtp-Source: AGHT+IEVtoZW36+XB3GelnqU4kwnFupK+mwclVJOy90Pi1pSzJqNZj8YfK2CXxOOYr6ZRGcdj0q+fw== X-Received: by 2002:a05:690c:660a:b0:6e5:e6e8:d535 with SMTP id 00721157ae682-6e9d88d03bdmr158244647b3.3.1730326152674; Wed, 30 Oct 2024 15:09:12 -0700 (PDT) Received: from localhost (fwdproxy-nha-008.fbsv.net. [2a03:2880:25ff:8::face:b00c]) by smtp.gmail.com with ESMTPSA id 00721157ae682-6ea55c88453sm262367b3.116.2024.10.30.15.09.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Oct 2024 15:09:12 -0700 (PDT) From: Joanne Koong To: miklos@szeredi.hu, linux-fsdevel@vger.kernel.org Cc: josef@toxicpanda.com, bernd.schubert@fastmail.fm, jefflexu@linux.alibaba.com, laoar.shao@gmail.com, kernel-team@meta.com, Bernd Schubert Subject: [PATCH v9 3/3] fuse: add default_request_timeout and max_request_timeout sysctls Date: Wed, 30 Oct 2024 15:08:52 -0700 Message-ID: <20241030220852.656013-2-joannelkoong@gmail.com> X-Mailer: git-send-email 2.43.5 In-Reply-To: <20241030220852.656013-1-joannelkoong@gmail.com> References: <20241030220852.656013-1-joannelkoong@gmail.com> Precedence: bulk X-Mailing-List: linux-fsdevel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Introduce two new sysctls, "default_request_timeout" and "max_request_timeout". These control how long (in minutes) a server can take to reply to a request. If the server does not reply by the timeout, then the connection will be aborted. "default_request_timeout" sets the default timeout if no timeout is specified by the fuse server on mount. 0 (default) indicates no default timeout should be enforced. If the server did specify a timeout, then default_request_timeout will be ignored. "max_request_timeout" sets the max amount of time the server may take to reply to a request. 0 (default) indicates no maximum timeout. If max_request_timeout is set and the fuse server attempts to set a timeout greater than max_request_timeout, the system will use max_request_timeout as the timeout. Similarly, if default_request_timeout is greater than max_request_timeout, the system will use max_request_timeout as the timeout. If the server does not request a timeout and default_request_timeout is set to 0 but max_request_timeout is set, then the timeout will be max_request_timeout. Please note that these timeouts are not 100% precise. The request may take an extra FUSE_TIMEOUT_TIMER_FREQ seconds beyond the set max timeout due to how it's internally implemented. $ sysctl -a | grep fuse.default_request_timeout fs.fuse.default_request_timeout = 0 $ echo 65536 | sudo tee /proc/sys/fs/fuse/default_request_timeout tee: /proc/sys/fs/fuse/default_request_timeout: Invalid argument $ echo 65535 | sudo tee /proc/sys/fs/fuse/default_request_timeout 65535 $ sysctl -a | grep fuse.default_request_timeout fs.fuse.default_request_timeout = 65535 $ echo 0 | sudo tee /proc/sys/fs/fuse/default_request_timeout 0 $ sysctl -a | grep fuse.default_request_timeout fs.fuse.default_request_timeout = 0 Signed-off-by: Joanne Koong Reviewed-by: Bernd Schubert --- Documentation/admin-guide/sysctl/fs.rst | 27 +++++++++++++++++++++++++ fs/fuse/fuse_i.h | 10 +++++++++ fs/fuse/inode.c | 16 +++++++++++++-- fs/fuse/sysctl.c | 20 ++++++++++++++++++ 4 files changed, 71 insertions(+), 2 deletions(-) diff --git a/Documentation/admin-guide/sysctl/fs.rst b/Documentation/admin-guide/sysctl/fs.rst index fa25d7e718b3..790a34291467 100644 --- a/Documentation/admin-guide/sysctl/fs.rst +++ b/Documentation/admin-guide/sysctl/fs.rst @@ -342,3 +342,30 @@ filesystems: ``/proc/sys/fs/fuse/max_pages_limit`` is a read/write file for setting/getting the maximum number of pages that can be used for servicing requests in FUSE. + +``/proc/sys/fs/fuse/default_request_timeout`` is a read/write file for +setting/getting the default timeout (in minutes) for a fuse server to +reply to a kernel-issued request in the event where the server did not +specify a timeout at mount. If the server set a timeout, +then default_request_timeout will be ignored. The default +"default_request_timeout" is set to 0. 0 indicates a no-op (eg +requests will not have a default request timeout set if no timeout was +specified by the server). + +``/proc/sys/fs/fuse/max_request_timeout`` is a read/write file for +setting/getting the maximum timeout (in minutes) for a fuse server to +reply to a kernel-issued request. A value greater than 0 automatically opts +the server into a timeout that will be at most "max_request_timeout", even if +the server did not specify a timeout and default_request_timeout is set to 0. +If max_request_timeout is greater than 0 and the server set a timeout greater +than max_request_timeout or default_request_timeout is set to a value greater +than max_request_timeout, the system will use max_request_timeout as the +timeout. 0 indicates a no-op (eg requests will not have an upper bound on the +timeout and if the server did not request a timeout and default_request_timeout +was not set, there will be no timeout). + +Please note that for the timeout options, if the server does not respond to +the request by the time the timeout elapses, then the connection to the fuse +server will be aborted. Please also note that the timeouts are not 100% +precise (eg you may set 10 minutes but the timeout may kick in after 11 +minutes). diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h index 86a23970794c..a75acc9f46b2 100644 --- a/fs/fuse/fuse_i.h +++ b/fs/fuse/fuse_i.h @@ -46,6 +46,16 @@ /** Maximum of max_pages received in init_out */ extern unsigned int fuse_max_pages_limit; +/* + * Default timeout (in minutes) for the server to reply to a request + * before the connection is aborted, if no timeout was specified on mount. + */ +extern unsigned int fuse_default_req_timeout; +/* + * Max timeout (in minutes) for the server to reply to a request before + * the connection is aborted. + */ +extern unsigned int fuse_max_req_timeout; /** List of active connections */ extern struct list_head fuse_conn_list; diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c index ee006f09cd04..1e7cc6509e42 100644 --- a/fs/fuse/inode.c +++ b/fs/fuse/inode.c @@ -36,6 +36,9 @@ DEFINE_MUTEX(fuse_mutex); static int set_global_limit(const char *val, const struct kernel_param *kp); unsigned int fuse_max_pages_limit = 256; +/* default is no timeout */ +unsigned int fuse_default_req_timeout = 0; +unsigned int fuse_max_req_timeout = 0; unsigned max_user_bgreq; module_param_call(max_user_bgreq, set_global_limit, param_get_uint, @@ -1701,8 +1704,17 @@ EXPORT_SYMBOL_GPL(fuse_init_fs_context_submount); static void fuse_init_fc_timeout(struct fuse_conn *fc, struct fuse_fs_context *ctx) { - if (ctx->req_timeout) { - if (check_mul_overflow(ctx->req_timeout * 60, HZ, &fc->timeout.req_timeout)) + unsigned int timeout = ctx->req_timeout ?: fuse_default_req_timeout; + + if (fuse_max_req_timeout) { + if (!timeout) + timeout = fuse_max_req_timeout; + else + timeout = min(timeout, fuse_max_req_timeout); + } + + if (timeout) { + if (check_mul_overflow(timeout * 60, HZ, &fc->timeout.req_timeout)) fc->timeout.req_timeout = ULONG_MAX; timer_setup(&fc->timeout.timer, fuse_check_timeout, 0); mod_timer(&fc->timeout.timer, jiffies + FUSE_TIMEOUT_TIMER_FREQ); diff --git a/fs/fuse/sysctl.c b/fs/fuse/sysctl.c index b272bb333005..6a9094e17950 100644 --- a/fs/fuse/sysctl.c +++ b/fs/fuse/sysctl.c @@ -13,6 +13,8 @@ static struct ctl_table_header *fuse_table_header; /* Bound by fuse_init_out max_pages, which is a u16 */ static unsigned int sysctl_fuse_max_pages_limit = 65535; +static unsigned int sysctl_fuse_max_req_timeout_limit = U16_MAX; + static struct ctl_table fuse_sysctl_table[] = { { .procname = "max_pages_limit", @@ -23,6 +25,24 @@ static struct ctl_table fuse_sysctl_table[] = { .extra1 = SYSCTL_ONE, .extra2 = &sysctl_fuse_max_pages_limit, }, + { + .procname = "default_request_timeout", + .data = &fuse_default_req_timeout, + .maxlen = sizeof(fuse_default_req_timeout), + .mode = 0644, + .proc_handler = proc_douintvec_minmax, + .extra1 = SYSCTL_ZERO, + .extra2 = &sysctl_fuse_max_req_timeout_limit, + }, + { + .procname = "max_request_timeout", + .data = &fuse_max_req_timeout, + .maxlen = sizeof(fuse_max_req_timeout), + .mode = 0644, + .proc_handler = proc_douintvec_minmax, + .extra1 = SYSCTL_ZERO, + .extra2 = &sysctl_fuse_max_req_timeout_limit, + }, }; int fuse_sysctl_register(void)