Received: by 2002:a25:b323:0:0:0:0:0 with SMTP id l35csp1420784ybj;
        Fri, 20 Sep 2019 10:09:49 -0700 (PDT)
X-Google-Smtp-Source: APXvYqynhJAfNbRwXHUJEmc2gSpXUli3N3FmwNc/lr62iV4CaXsfyU1W4PhBtfUlA2szdI+8LtCJ
X-Received: by 2002:a17:906:6b0f:: with SMTP id q15mr19899758ejr.200.1568999389668;
        Fri, 20 Sep 2019 10:09:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1568999389; cv=none;
        d=google.com; s=arc-20160816;
        b=cYzTGWO5Rn3MqGaFPBXA4lLB5WjxblUWFySsu4ZnEPkWrQCkQ4C3/vcZMm7Ea81JVI
         ix5O8GmhLUfahpOj3DA3XkyLxW9VYG+KiodvkOi1BpFkUfDty/sDdq3FUhsceDCp9GbS
         IUd55LGINcJg/TFNBkwe3YYo67s+b0EFAyoBWbDxS/gDeaBIy34+qpfc/lPONltAFyz6
         tSqlYr97vPheXTtMlN3DKdENseCIPQoBWKIi3yrdrde4WKowQEWkTz7daSIgZE520MPK
         4kXCRd/SoDHrJOMK/jfdwfAXhl0DmWKK/DLl+7b9+sauPB1x1EGnZ0Yh051BTbzV1gsQ
         O/pg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:message-id:references
         :in-reply-to:subject:cc:date:to:from;
        bh=kUWaBJddA71HeNzfiLOru1DHaRGw8xxS3S5+efjlehE=;
        b=zmoxUGSUrcklHyUy1WoOH3aL3o1aqTBZAnXncnxs4z/yFkxT8oG3UL+pcrvsnuKtIT
         DtQngTAZIwhkWA+OJB6nFihV/gMq1iC5+68ys0pb7c8Lo6QWPXBnA6JQYJta83omJWPA
         fyWPhOwWROnEsasuEYu+IEDMkORFIEWkOo8BDVsfb1Q6J6MA5NbWz6EXlJf0r/5Y3LhQ
         KdLSdkYX3VHyxJKOsOkZvqWwGRM2K+C02Kp828UPjDXPf2BkEz8/1NmRGT5X2OFz7lOO
         YJNaK0cWDXgWSi2Z4wRp5ycSqLh3UAmgVrLfoUExFxLzOa6LcZFm31JmSbsC+ceAFx+Y
         KOag==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org
Return-Path: <linux-nfs-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id m12si1337095eja.9.2019.09.20.10.09.12;
        Fri, 20 Sep 2019 10:09:49 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2393039AbfITGPc (ORCPT <rfc822;kvasko@gmail.com> + 99 others);
        Fri, 20 Sep 2019 02:15:32 -0400
Received: from mx2.suse.de ([195.135.220.15]:38200 "EHLO mx1.suse.de"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S2393038AbfITGPc (ORCPT <rfc822;linux-nfs@vger.kernel.org>);
        Fri, 20 Sep 2019 02:15:32 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.220.254])
        by mx1.suse.de (Postfix) with ESMTP id C2E2EAFF8;
        Fri, 20 Sep 2019 06:15:29 +0000 (UTC)
From:   NeilBrown <neilb@suse.de>
To:     "J. Bruce Fields" <bfields@fieldses.org>,
        "J. Bruce Fields" <bfields@redhat.com>
Date:   Fri, 20 Sep 2019 16:15:19 +1000
Cc:     linux-nfs@vger.kernel.org
Subject: [PATCH 1/2] nfsd: handle drc over-allocation gracefully.
In-Reply-To: <20190919184139.GG26654@fieldses.org>
References: <1506345704-9486-1-git-send-email-bfields@redhat.com> <1506345704-9486-3-git-send-email-bfields@redhat.com> <87d0fx9jph.fsf@notabene.neil.brown.name> <20190919162211.GA333@pick.fieldses.org> <20190919171730.GB333@pick.fieldses.org> <20190919184139.GG26654@fieldses.org>
Message-ID: <877e63a3yg.fsf@notabene.neil.brown.name>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
        micalg=pgp-sha256; protocol="application/pgp-signature"
Sender: linux-nfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


Since commit de766e570413 ("nfsd: give out fewer session slots as
limit approaches") nfsd4_get_drc_mem() ensures 'avail' is always at
least 'slotsize', so the return value 'num' is always at least 1.

This means that:
1/ nfsd_drc_mem_used could exceed nfsd_drc_max_mem, which becomes
  a problem when we later perform an unsigned subtraction of
  the larger from the smaller to calculate 'total_avail'.
2/ Check the return value of nfsd4_get_drc_mem() against
  zero is pointless - the error code (which isn't actually correct
  according to RFC-5661) is never returned.

So avoid the integer overflow, and discard the check.

Signed-off-by: NeilBrown <neilb@suse.de>
=2D--
 fs/nfsd/nfs4state.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c
index 7857942c5ca6..8c09ac49fff2 100644
=2D-- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -1570,11 +1570,21 @@ static u32 nfsd4_get_drc_mem(struct nfsd4_channel_a=
ttrs *ca)
 	unsigned long avail, total_avail;
=20
 	spin_lock(&nfsd_drc_lock);
=2D	total_avail =3D nfsd_drc_max_mem - nfsd_drc_mem_used;
+	if (nfsd_drc_max_mem > nfsd_drc_mem_used)
+		total_avail =3D nfsd_drc_max_mem - nfsd_drc_mem_used;
+	else
+		/* We have handed out more space than we chose in
+		 * set_max_drc() to allow.  That isn't really a
+		 * problem as long as that doesn't make us thing we
+		 * have lots more due to integer overflow.
+		 */
+		total_avail =3D 0;
 	avail =3D min((unsigned long)NFSD_MAX_MEM_PER_SESSION, total_avail);
 	/*
 	 * Never use more than a third of the remaining memory,
 	 * unless it's the only way to give this client a slot:
+	 * Note that we always return at least 1 here, even if
+	 * we have exceeded nfsd_drc_max_mem.
 	 */
 	avail =3D clamp_t(unsigned long, avail, slotsize, total_avail/3);
 	num =3D min_t(int, num, avail / slotsize);
@@ -3169,10 +3179,10 @@ static __be32 check_forechannel_attrs(struct nfsd4_=
channel_attrs *ca, struct nfs
 	 * performance.  When short on memory we therefore prefer to
 	 * decrease number of slots instead of their size.  Clients that
 	 * request larger slots than they need will get poor results:
+	 * Note that we always allow at least one slot, because our
+	 * accounting is soft and provides no guarantees either way.
 	 */
 	ca->maxreqs =3D nfsd4_get_drc_mem(ca);
=2D	if (!ca->maxreqs)
=2D		return nfserr_jukebox;
=20
 	return nfs_ok;
 }
=2D-=20
2.23.0


--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEG8Yp69OQ2HB7X0l6Oeye3VZigbkFAl2EbngACgkQOeye3VZi
gbmJeQ//duOFh6IBpM1JNH4FvoXNs/ozvCKeUs21DReOR3P4jte/+kOhIyjLLeoM
vdoYuItNkirTLgVtajZoeftWIymdpePXbJndRLBPxF2H276dq6q9jzguVJUpK1jm
1UgQ2O3rxUdvK91jOzBC0SLwNbyezoIwpRDK8MEpdPZxD/XwqRAyWgdh8FtHdYH3
Mqd9Oox67Cz5voqC1PQqVpd1cdE/VxSjHssw7wVLH0sRyiFwIAYbLA41cC9fKB91
W9aQ1beib9Eky/hHseqwyG5gDWQ7Cy217JmIJ4i2ZoJqmyraY4y8KVGAuQkxvIYG
U/Cff4lekKUGdGqPmJrb4v4CJxybPL+hXASPIi2/p3DPDzAEiofFHWNkUwwyciL3
kD+iPcYaJKVnwZEEDrQGrBFlNaVBiQje+fPsuc5M2OwFXSf1CIWswH3GlTUgeabo
qK4xBiS/s1OKuFtRgxFWdj6YGV7OXdHivoiPkdIa13GKXcF/z0sEC1A3Zlt8TVq7
UPZP+ix54PW3oRaONp3FmQCN3jwX5ZP0oDApV+DXWoMXPAYLSzaZcTSz00rIyrYe
9Sh6529u/VxLwD1+ush6BNQJDXLolVMxzPhJ///uhQtUkWna7y/9Lrpw9zn00Ph3
1uCHOjnt6dYjLt8RSn4f538GkjsTfehVyqtG8bn5E+Ee57vdNe4=
=sOta
-----END PGP SIGNATURE-----
--=-=-=--