nfsd: don't use sv_nrthreads in connection limiting calculations.
The heuristic for limiting the number of incoming connections to nfsd currently uses sv_nrthreads - allowing more connections if more threads were configured. A future patch will allow number of threads to grow dynamically so that there will be no need to configure sv_nrthreads. So we need a different solution for limiting connections. It isn't clear what problem is solved by limiting connections (as mentioned in a code comment) but the most likely problem is a connection storm - many connections that are not doing productive work. These will be closed after about 6 minutes already but it might help to slow down a storm. This patch adds a per-connection flag XPT_PEER_VALID which indicates that the peer has presented a filehandle for which it has some sort of access. i.e the peer is known to be trusted in some way. We now only count connections which have NOT been determined to be valid. There should be relative few of these at any given time. If the number of non-validated peer exceed a limit - currently 64 - we close the oldest non-validated peer to avoid having too many of these useless connections. Note that this patch significantly changes the meaning of the various configuration parameters for "max connections". The next patch will remove all of these. Signed-off-by: NeilBrown <neilb@suse.de> Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
This commit is contained in:
NeilBrown
@@ -81,7 +81,7 @@ struct svc_serv {
|
||||
unsigned int sv_xdrsize; /* XDR buffer size */
|
||||
struct list_head sv_permsocks; /* all permanent sockets */
|
||||
struct list_head sv_tempsocks; /* all temporary sockets */
|
||||
int sv_tmpcnt; /* count of temporary sockets */
|
||||
int sv_tmpcnt; /* count of temporary "valid" sockets */
|
||||
struct timer_list sv_temptimer; /* timer for aging temporary sockets */
|
||||
|
||||
char * sv_name; /* service name */
|
||||
|
||||
@@ -99,8 +99,24 @@ enum {
|
||||
XPT_HANDSHAKE, /* xprt requests a handshake */
|
||||
XPT_TLS_SESSION, /* transport-layer security established */
|
||||
XPT_PEER_AUTH, /* peer has been authenticated */
|
||||
XPT_PEER_VALID, /* peer has presented a filehandle that
|
||||
* it has access to. It is NOT counted
|
||||
* in ->sv_tmpcnt.
|
||||
*/
|
||||
};
|
||||
|
||||
static inline void svc_xprt_set_valid(struct svc_xprt *xpt)
|
||||
{
|
||||
if (test_bit(XPT_TEMP, &xpt->xpt_flags) &&
|
||||
!test_and_set_bit(XPT_PEER_VALID, &xpt->xpt_flags)) {
|
||||
struct svc_serv *serv = xpt->xpt_server;
|
||||
|
||||
spin_lock(&serv->sv_lock);
|
||||
serv->sv_tmpcnt -= 1;
|
||||
spin_unlock(&serv->sv_lock);
|
||||
}
|
||||
}
|
||||
|
||||
static inline void unregister_xpt_user(struct svc_xprt *xpt, struct svc_xpt_user *u)
|
||||
{
|
||||
spin_lock(&xpt->xpt_lock);
|
||||
|
||||
Reference in New Issue
Block a user