fuse: add default_request_timeout and max_request_timeout sysctls

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Introduce two new sysctls, "default_request_timeout" and
"max_request_timeout". These control how long (in seconds) a server can
take to reply to a request. If the server does not reply by the timeout,
then the connection will be aborted. The upper bound on these sysctl
values is 65535.

"default_request_timeout" sets the default timeout if no timeout is
specified by the fuse server on mount. 0 (default) indicates no default
timeout should be enforced. If the server did specify a timeout, then
default_request_timeout will be ignored.

"max_request_timeout" sets the max amount of time the server may take to
reply to a request. 0 (default) indicates no maximum timeout. If
max_request_timeout is set and the fuse server attempts to set a
timeout greater than max_request_timeout, the system will use
max_request_timeout as the timeout. Similarly, if default_request_timeout
is greater than max_request_timeout, the system will use
max_request_timeout as the timeout. If the server does not request a
timeout and default_request_timeout is set to 0 but max_request_timeout
is set, then the timeout will be max_request_timeout.

Please note that these timeouts are not 100% precise. The request may
take roughly an extra FUSE_TIMEOUT_TIMER_FREQ seconds beyond the set max
timeout due to how it's internally implemented.

$ sysctl -a | grep fuse.default_request_timeout
fs.fuse.default_request_timeout = 0

$ echo 65536 | sudo tee /proc/sys/fs/fuse/default_request_timeout
tee: /proc/sys/fs/fuse/default_request_timeout: Invalid argument

$ echo 65535 | sudo tee /proc/sys/fs/fuse/default_request_timeout
65535

$ sysctl -a | grep fuse.default_request_timeout
fs.fuse.default_request_timeout = 65535

$ echo 0 | sudo tee /proc/sys/fs/fuse/default_request_timeout
0

$ sysctl -a | grep fuse.default_request_timeout
fs.fuse.default_request_timeout = 0

[Luis Henriques: Limit the timeout to the range [FUSE_TIMEOUT_TIMER_FREQ,
fuse_max_req_timeout]]

Signed-off-by: Joanne Koong <joannelkoong@gmail.com>
Reviewed-by: Bernd Schubert <bschubert@ddn.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org>
Reviewed-by: Luis Henriques <luis@igalia.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

authored by

Joanne Koong and committed by

Miklos Szeredi 1 year ago 9b17cb59 0f6439f6

+90 -5

5 changed files

expand all

Documentation

admin-guide

sysctl

fs.rst

fuse

dev.c

fuse_i.h

inode.c

sysctl.c

+25

Documentation/admin-guide/sysctl/fs.rst

··· 347 347 ``/proc/sys/fs/fuse/max_pages_limit`` is a read/write file for 348 348 setting/getting the maximum number of pages that can be used for servicing 349 349 requests in FUSE. 350 + 351 + ``/proc/sys/fs/fuse/default_request_timeout`` is a read/write file for 352 + setting/getting the default timeout (in seconds) for a fuse server to 353 + reply to a kernel-issued request in the event where the server did not 354 + specify a timeout at mount. If the server set a timeout, 355 + then default_request_timeout will be ignored. The default 356 + "default_request_timeout" is set to 0. 0 indicates no default timeout. 357 + The maximum value that can be set is 65535. 358 + 359 + ``/proc/sys/fs/fuse/max_request_timeout`` is a read/write file for 360 + setting/getting the maximum timeout (in seconds) for a fuse server to 361 + reply to a kernel-issued request. A value greater than 0 automatically opts 362 + the server into a timeout that will be set to at most "max_request_timeout", 363 + even if the server did not specify a timeout and default_request_timeout is 364 + set to 0. If max_request_timeout is greater than 0 and the server set a timeout 365 + greater than max_request_timeout or default_request_timeout is set to a value 366 + greater than max_request_timeout, the system will use max_request_timeout as the 367 + timeout. 0 indicates no max request timeout. The maximum value that can be set 368 + is 65535. 369 + 370 + For timeouts, if the server does not respond to the request by the time 371 + the set timeout elapses, then the connection to the fuse server will be aborted. 372 + Please note that the timeouts are not 100% precise (eg you may set 60 seconds but 373 + the timeout may kick in after 70 seconds). The upper margin of error for the 374 + timeout is roughly FUSE_TIMEOUT_TIMER_FREQ seconds.

-3

fs/fuse/dev.c

··· 32 32 33 33 static struct kmem_cache *fuse_req_cachep; 34 34 35 - /* Frequency (in seconds) of request timeout checks, if opted into */ 36 - #define FUSE_TIMEOUT_TIMER_FREQ 15 37 - 38 35 const unsigned long fuse_timeout_timer_freq = 39 36 secs_to_jiffies(FUSE_TIMEOUT_TIMER_FREQ); 40 37

+13

fs/fuse/fuse_i.h

··· 44 44 /** Number of dentries for each connection in the control filesystem */ 45 45 #define FUSE_CTL_NUM_DENTRIES 5 46 46 47 + /* Frequency (in seconds) of request timeout checks, if opted into */ 48 + #define FUSE_TIMEOUT_TIMER_FREQ 15 49 + 47 50 /** Frequency (in jiffies) of request timeout checks, if opted into */ 48 51 extern const unsigned long fuse_timeout_timer_freq; 49 52 50 53 /** Maximum of max_pages received in init_out */ 51 54 extern unsigned int fuse_max_pages_limit; 55 + /* 56 + * Default timeout (in seconds) for the server to reply to a request 57 + * before the connection is aborted, if no timeout was specified on mount. 58 + */ 59 + extern unsigned int fuse_default_req_timeout; 60 + /* 61 + * Max timeout (in seconds) for the server to reply to a request before 62 + * the connection is aborted. 63 + */ 64 + extern unsigned int fuse_max_req_timeout; 52 65 53 66 /** List of active connections */ 54 67 extern struct list_head fuse_conn_list;

+28 -2

fs/fuse/inode.c

··· 37 37 static int set_global_limit(const char *val, const struct kernel_param *kp); 38 38 39 39 unsigned int fuse_max_pages_limit = 256; 40 + /* default is no timeout */ 41 + unsigned int fuse_default_req_timeout; 42 + unsigned int fuse_max_req_timeout; 40 43 41 44 unsigned max_user_bgreq; 42 45 module_param_call(max_user_bgreq, set_global_limit, param_get_uint, ··· 1271 1268 fuse_timeout_timer_freq); 1272 1269 } 1273 1270 1271 + static void init_server_timeout(struct fuse_conn *fc, unsigned int timeout) 1272 + { 1273 + if (!timeout && !fuse_max_req_timeout && !fuse_default_req_timeout) 1274 + return; 1275 + 1276 + if (!timeout) 1277 + timeout = fuse_default_req_timeout; 1278 + 1279 + if (fuse_max_req_timeout) { 1280 + if (timeout) 1281 + timeout = min(fuse_max_req_timeout, timeout); 1282 + else 1283 + timeout = fuse_max_req_timeout; 1284 + } 1285 + 1286 + timeout = max(FUSE_TIMEOUT_TIMER_FREQ, timeout); 1287 + 1288 + set_request_timeout(fc, timeout); 1289 + } 1290 + 1274 1291 struct fuse_init_args { 1275 1292 struct fuse_args args; 1276 1293 struct fuse_init_in in; ··· 1309 1286 ok = false; 1310 1287 else { 1311 1288 unsigned long ra_pages; 1289 + unsigned int timeout = 0; 1312 1290 1313 1291 process_init_limits(fc, arg); 1314 1292 ··· 1428 1404 if (flags & FUSE_OVER_IO_URING && fuse_uring_enabled()) 1429 1405 fc->io_uring = 1; 1430 1406 1431 - if ((flags & FUSE_REQUEST_TIMEOUT) && arg->request_timeout) 1432 - set_request_timeout(fc, arg->request_timeout); 1407 + if (flags & FUSE_REQUEST_TIMEOUT) 1408 + timeout = arg->request_timeout; 1433 1409 } else { 1434 1410 ra_pages = fc->max_read / PAGE_SIZE; 1435 1411 fc->no_lock = 1; 1436 1412 fc->no_flock = 1; 1437 1413 } 1414 + 1415 + init_server_timeout(fc, timeout); 1438 1416 1439 1417 fm->sb->s_bdi->ra_pages = 1440 1418 min(fm->sb->s_bdi->ra_pages, ra_pages);

+24

fs/fuse/sysctl.c

··· 13 13 /* Bound by fuse_init_out max_pages, which is a u16 */ 14 14 static unsigned int sysctl_fuse_max_pages_limit = 65535; 15 15 16 + /* 17 + * fuse_init_out request timeouts are u16. 18 + * This goes up to ~18 hours, which is plenty for a timeout. 19 + */ 20 + static unsigned int sysctl_fuse_req_timeout_limit = 65535; 21 + 16 22 static const struct ctl_table fuse_sysctl_table[] = { 17 23 { 18 24 .procname = "max_pages_limit", ··· 28 22 .proc_handler = proc_douintvec_minmax, 29 23 .extra1 = SYSCTL_ONE, 30 24 .extra2 = &sysctl_fuse_max_pages_limit, 25 + }, 26 + { 27 + .procname = "default_request_timeout", 28 + .data = &fuse_default_req_timeout, 29 + .maxlen = sizeof(fuse_default_req_timeout), 30 + .mode = 0644, 31 + .proc_handler = proc_douintvec_minmax, 32 + .extra1 = SYSCTL_ZERO, 33 + .extra2 = &sysctl_fuse_req_timeout_limit, 34 + }, 35 + { 36 + .procname = "max_request_timeout", 37 + .data = &fuse_max_req_timeout, 38 + .maxlen = sizeof(fuse_max_req_timeout), 39 + .mode = 0644, 40 + .proc_handler = proc_douintvec_minmax, 41 + .extra1 = SYSCTL_ZERO, 42 + .extra2 = &sysctl_fuse_req_timeout_limit, 31 43 }, 32 44 }; 33 45