Received: by 2002:ac0:e34a:0:0:0:0:0 with SMTP id g10csp831191imn; Tue, 26 Jul 2022 10:25:28 -0700 (PDT) X-Google-Smtp-Source: AGRyM1umNJk207Vnen7NnRpImwXsTEqqovHiYanIawkoQnaK/pi2rALSdWccq0Mx0Y/1RiLc+WOk X-Received: by 2002:a17:907:3d87:b0:72e:dcfb:5ca7 with SMTP id he7-20020a1709073d8700b0072edcfb5ca7mr15584413ejc.586.1658856328427; Tue, 26 Jul 2022 10:25:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658856328; cv=none; d=google.com; s=arc-20160816; b=KIIWJv2NUka9iyGUwBghodwlmkCYz40XF+8ZtoNrRNZTkc9i5o4Iyh2/cCmIli6IkG 4qMZ/h5s1J78an44EajPrlsUVkUDwZZ2tDOiZP/stf/oTe5wOmDm6C34NXBa0ifJLXUK 3pQHe9hhbdxYs+HTi3bF8Wl4R5lbGydZ7UKEJAOTmIrZIZHlV6a8/uQO9pMpVPLLW0OI wZovfHRL+2xXnyrjO0ozmKBcd8BBTF3+j/ls2LwSJ39diGlmoQZX8Yo+UnZ1/lYxY/MF +qGkJlteskErV6Zji+YEccg19uzvGgb4OV5RsrTz0p38r4mwBZwzJQufy+zOB8n+GVfJ 4fPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=4jhcdp/3tGE30Y8lsXkhUzIMOQ7pq2o374TyaQfvuy4=; b=D2XJvFXuj9qKvmJwviwz50VdX2/Nf32KG9Atv+IM2vx72gCt3mOs8F/L05WKqfmlyM kf3CyN6cyOTtBxcOPyUsg20f0KLetE0YuFFP12hVN7UfZuH1teVOlFRCvnGbIjrkFq6t TQma9JIaecHFDM2orsGn1l1UQ2AOWo/QXzubOOpHPJm8oK5n9vQItZrK9XNntcuyCkJo u35gDUb4yfwuPkGnrB/ii9ziPAlQ3/Jnz6j4SzbKXoM465THhwZaNWuFPfUKINjNpWGc Z6yGu65DwGHB4msTzMSu5SFRx9FEAAPy7nCYaSa/R3mVu9ZkIo+193vxqdF63ug86ZVD wQDA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=ljtebOTm; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q24-20020a1709066ad800b00726b8366590si13427186ejs.944.2022.07.26.10.24.50; Tue, 26 Jul 2022 10:25:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=ljtebOTm; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230214AbiGZRQ7 (ORCPT + 99 others); Tue, 26 Jul 2022 13:16:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47080 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230170AbiGZRQ7 (ORCPT ); Tue, 26 Jul 2022 13:16:59 -0400 Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3141F1A04C for ; Tue, 26 Jul 2022 10:16:58 -0700 (PDT) Received: by mail-lf1-x130.google.com with SMTP id q23so10393467lfr.3 for ; Tue, 26 Jul 2022 10:16:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=4jhcdp/3tGE30Y8lsXkhUzIMOQ7pq2o374TyaQfvuy4=; b=ljtebOTm04xgawEBWUHCjD3hSpl8GjD+Y3MYPc7KORUHPODwkAn/VDrBYlULAqPcIQ +bAjsYMPpC9KVeg1k9/YskIIlSKaMfaguxY/QpxFVANb+7D8Q0O5Fl23n5qcD485VnHT tuu/FGOAr7GxI6jfqumpNN/VmadqHl7qKDmnRIHzoHqVqzGz3SWoTGwCNEN35w922ujB jHA5Zflo9aFo7RAuTgzqw9tGe/56zZY6s/ld0qHMXPUDUtLxSd7GuReDSvGx8HG0R0ab SGOjIfJEX3d/1Vkuv87oOqeCidLjsCFhUhxtuSRtyeVYqOAuEJ6Cw7pvvba5BjLy5PEU tUqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=4jhcdp/3tGE30Y8lsXkhUzIMOQ7pq2o374TyaQfvuy4=; b=Cq6rYrcPezZmQhloX0qAAXl10zrZj0guT9aeQEp9Duz4RpjSdIRNC1K/BYycd+ylyX NRjo3yQbtwUMccFg1ftwU5BAU1OH3heaSw8qOg5aHChObzKUxvWQDg8X1SrHqTxMaSji GEuwBAKehNqEZUR1SooqCokU9saHHX2uvsdXMsO1NA9aR0sSTM5xa428z0jAlO1L5ICt +NrK5Ypn6GyL5wqMJq2gScUMiWx8JtYaTSPdyjqC2uZz17LtzvgjC0xBx1aVBHHZ3oao kFtIbZ/yJFr8EepNMqpOyZ48Kz/n2GuPcr/8lsQ1FJ7RwWpbqBDLnQ29zDX08zS4Tknu YwrA== X-Gm-Message-State: AJIora8q6LLGN7F2hKnv82vAIYjZb8F7E/KbNx9cx5mLhRfR+3zjXLoJ P75ttdGlLZet6nft7IFseqCAm5kk4tFG+SxdHlCCpD8pH10= X-Received: by 2002:a05:6512:159d:b0:48a:9c0b:752a with SMTP id bp29-20020a056512159d00b0048a9c0b752amr2689511lfb.321.1658855815909; Tue, 26 Jul 2022 10:16:55 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Jan Kasiak Date: Tue, 26 Jul 2022 13:16:44 -0400 Message-ID: Subject: Re: NLM 4 Infinite Loop Bug To: linux-nfs@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Hi all, Even after applying the above two patches, I have discovered a new set of NLM 4 requests that break lockd. Unfortunately, I don't have enough experience to suggest a fix, but would be glad to test anyone's attempt. All requests are non-blocking. Scenario A ========= lock(offset=UINT64_MAX, len=100) - GRANTED free_all() - never finishes and lockd thread is stuck busy looping Scenario B ======== lock(svid=1, offset=UINT64_MAX, len=100) - GRANTED test(svid=2, offset=UINT64_MAX, len=50) - DENIED correct, holder offset, len are (UINT64_MAX, 100) test(svid=2, offset=75, len=10) - DENIED wrong, because holder (offset, len) are wrong (UINT64_MAX, 100), because the above lock overflows during comparison to (49, 50) Scenario C ======== lock(svid=1, offset=UINT64_MAX, len=100) - GRANTED test(svid=2, offset=UINT64_MAX, len=50) - DENIED correct, holder offset, len are (UINT64_MAX, 100) unlock(svid=1, offset=UINT64_MAX, len=50) - GRANTED weird, because it has now created a lock at (offset=UINT64_MAX + 50, len=50) not sure what the correct behavior should be here - FBIG error? test(svid=2, offset=75, len=10) - DENIED wrong, because holder offset, len are wrong (49, 50), because the above unlock has overflowed the offset -Jan On Wed, Jul 20, 2022 at 4:01 PM Jan Kasiak wrote: > > Applying two commits from the Linux master branch seems to have fixed > the problem: > > aec158242b87a43d83322e99bc71ab4428e5ab79 > 1197eb5906a5464dbaea24cac296dfc38499cc00 > > -Jan > > On Wed, Jul 20, 2022 at 2:46 PM Jan Kasiak wrote: > > > > Hi all, > > > > I'm writing my own NFS client, and while trying to test it, I've come > > across a way to get the lockd thread into an infinite loop and stop > > accepting any new requests. > > > > Kernel Version: Linux ubuntu-jammy 5.15.0-41-generic > > > > The client is a python program, and it does not run rpcbind, NLM, etc... > > > > I issue an NM_LOCK (procedure 22) request with block set to false, and > > get a GRANTED reply. > > > > I then issue a FREE_ALL (procedure 23) request, and the lockd thread > > gets stuck in nlm_traverse_locks - it matches the host, calls > > nlm_unlock_files, and then jumps to the again label, and repeats this > > loop forever. > > > > It's not clear to me who is supposed to unset the host from the lock? > > Any pointers as to why there is a jump to again? > > > > Thanks, > > -Jan