glusterfs.git/xlators/nfs/server/src, branch v3.5.4beta1 core: fix Ubuntu code audit (cppcheck) results 2014-11-26T08:30:12+00:00 Kaleb S. KEITHLEY kkeithle@redhat.com 2014-04-29T19:12:46+00:00 8ae5046eb6c86840ccecefbade1695e68055de33 See http://review.gluster.org/#/c/7583/ BZ 1086460 AFAICT these are false positives: [geo-replication/src/gsyncd.c:99]: (error) Memory leak: str [geo-replication/src/gsyncd.c:395]: (error) Memory leak: argv [xlators/nfs/server/src/nlm4.c:1200]: (error) Possible null pointer dereference: fde Program exits, resource leak not an issue [extras/geo-rep/gsync-sync-gfid.c:105]: (error) Resource leak: fp Test program: [extras/test/test-ffop.c:27]: (error) Buffer overrun possible for long command line arguments. Not built: [xlators/cluster/ha/src/ha.c:2699]: (error) Possible null pointer dereference: priv The remainder are fixed with this change-set: [heal/src/glfs-heal.c:357]: (error) Possible null pointer dereference: remote_subvol [libglusterfs/src/xlator.c:648]: (error) Uninitialized variable: gfid [libglusterfs/src/xlator.c:649]: (error) Uninitialized variable: gfid [xlators/cluster/afr/src/afr-inode-write.c:469]: (error) Possible null pointer dereference: frame [xlators/cluster/afr/src/afr-self-heal-common.c:1704]: (error) Possible null pointer dereference: local [xlators/cluster/dht/src/dht-rebalance.c:1643]: (error) Possible null pointer dereference: ctx [xlators/cluster/stripe/src/stripe.c:4963]: (error) Possible null pointer dereference: local [xlators/features/changelog/src/changelog.c:1464]: (error) Possible null pointer dereference: priv [xlators/mgmt/glusterd/src/glusterd-geo-rep.c:1656]: (error) Possible null pointer dereference: command [xlators/mgmt/glusterd/src/glusterd-replace-brick.c:914]: (error) Resource leak: file [xlators/mgmt/glusterd/src/glusterd-replace-brick.c:998]: (error) Resource leak: file [xlators/mgmt/glusterd/src/glusterd-sm.c:248]: (error) Possible null pointer dereference: new_ev_ctx [xlators/mgmt/glusterd/src/glusterd-store.c:1332]: (error) Possible null pointer dereference: handle [xlators/mgmt/glusterd/src/glusterd-utils.c:4706]: (error) Possible null pointer dereference: this [xlators/mgmt/glusterd/src/glusterd-utils.c:5613]: (error) Possible null pointer dereference: this [xlators/mgmt/glusterd/src/glusterd-utils.c:6342]: (error) Possible null pointer dereference: path_tokens [xlators/mgmt/glusterd/src/glusterd-utils.c:6343]: (error) Possible null pointer dereference: path_tokens [xlators/mount/fuse/src/fuse-bridge.c:4591]: (error) Uninitialized variable: finh [xlators/mount/fuse/src/fuse-bridge.c:3004]: (error) Possible null pointer dereference: state [xlators/nfs/server/src/nfs-common.c:89]: (error) Dangerous usage of 'volname' (strncpy doesn't always null-terminate it). [xlators/performance/quick-read/src/quick-read.c:585]: (error) Possible null pointer dereference: iobuf Rerunning cppcheck afterwards: As before, test program: [extras/test/test-ffop.c:27]: (error) Buffer overrun possible for long command line arguments. As before, believed to be false positive: [geo-replication/src/gsyncd.c:99]: (error) Memory leak: str [geo-replication/src/gsyncd.c:395]: (error) Memory leak: argv [xlators/nfs/server/src/nlm4.c:1200]: (error) Possible null pointer dereference: fde As before, not built: [xlators/cluster/ha/src/ha.c:2699]: (error) Possible null pointer dereference: priv False positive after fix: [heal/src/glfs-heal.c:356]: (error) Possible null pointer dereference: remote_subvol [xlators/cluster/stripe/src/stripe.c:4963]: (error) Possible null pointer dereference: local Change-Id: Ib3029d3223f5a13e2ac386a527d64d5ffe3ecb90 BUG: 1092037 Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com> Reviewed-on: http://review.gluster.org/7605 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Niels de Vos <ndevos@redhat.com> 
See http://review.gluster.org/#/c/7583/ BZ 1086460

AFAICT these are false positives:

[geo-replication/src/gsyncd.c:99]: (error) Memory leak: str
[geo-replication/src/gsyncd.c:395]: (error) Memory leak: argv
[xlators/nfs/server/src/nlm4.c:1200]: (error) Possible null pointer dereference: fde

Program exits, resource leak not an issue
[extras/geo-rep/gsync-sync-gfid.c:105]: (error) Resource leak: fp

Test program:
[extras/test/test-ffop.c:27]: (error) Buffer overrun possible for long command line arguments.

Not built:
[xlators/cluster/ha/src/ha.c:2699]: (error) Possible null pointer dereference: priv

The remainder are fixed with this change-set:

[heal/src/glfs-heal.c:357]: (error) Possible null pointer dereference: remote_subvol
[libglusterfs/src/xlator.c:648]: (error) Uninitialized variable: gfid
[libglusterfs/src/xlator.c:649]: (error) Uninitialized variable: gfid
[xlators/cluster/afr/src/afr-inode-write.c:469]: (error) Possible null pointer dereference: frame
[xlators/cluster/afr/src/afr-self-heal-common.c:1704]: (error) Possible null pointer dereference: local
[xlators/cluster/dht/src/dht-rebalance.c:1643]: (error) Possible null pointer dereference: ctx
[xlators/cluster/stripe/src/stripe.c:4963]: (error) Possible null pointer dereference: local
[xlators/features/changelog/src/changelog.c:1464]: (error) Possible null pointer dereference: priv
[xlators/mgmt/glusterd/src/glusterd-geo-rep.c:1656]: (error) Possible null pointer dereference: command
[xlators/mgmt/glusterd/src/glusterd-replace-brick.c:914]: (error) Resource leak: file
[xlators/mgmt/glusterd/src/glusterd-replace-brick.c:998]: (error) Resource leak: file
[xlators/mgmt/glusterd/src/glusterd-sm.c:248]: (error) Possible null pointer dereference: new_ev_ctx
[xlators/mgmt/glusterd/src/glusterd-store.c:1332]: (error) Possible null pointer dereference: handle
[xlators/mgmt/glusterd/src/glusterd-utils.c:4706]: (error) Possible null pointer dereference: this
[xlators/mgmt/glusterd/src/glusterd-utils.c:5613]: (error) Possible null pointer dereference: this
[xlators/mgmt/glusterd/src/glusterd-utils.c:6342]: (error) Possible null pointer dereference: path_tokens
[xlators/mgmt/glusterd/src/glusterd-utils.c:6343]: (error) Possible null pointer dereference: path_tokens
[xlators/mount/fuse/src/fuse-bridge.c:4591]: (error) Uninitialized variable: finh
[xlators/mount/fuse/src/fuse-bridge.c:3004]: (error) Possible null pointer dereference: state
[xlators/nfs/server/src/nfs-common.c:89]: (error) Dangerous usage of 'volname' (strncpy doesn't always null-terminate it).
[xlators/performance/quick-read/src/quick-read.c:585]: (error) Possible null pointer dereference: iobuf

Rerunning cppcheck afterwards:

As before, test program:
[extras/test/test-ffop.c:27]: (error) Buffer overrun possible for long command line arguments.

As before, believed to be false positive:
[geo-replication/src/gsyncd.c:99]: (error) Memory leak: str
[geo-replication/src/gsyncd.c:395]: (error) Memory leak: argv
[xlators/nfs/server/src/nlm4.c:1200]: (error) Possible null pointer dereference: fde

As before, not built:
[xlators/cluster/ha/src/ha.c:2699]: (error) Possible null pointer dereference: priv

False positive after fix:
[heal/src/glfs-heal.c:356]: (error) Possible null pointer dereference: remote_subvol
[xlators/cluster/stripe/src/stripe.c:4963]: (error) Possible null pointer dereference: local

Change-Id: Ib3029d3223f5a13e2ac386a527d64d5ffe3ecb90
BUG: 1092037
Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
Reviewed-on: http://review.gluster.org/7605
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
nfs: 'gluster volume help' should show the correct path for nfs.mount-rmtab 2014-09-29T08:31:55+00:00 Niels de Vos ndevos@redhat.com 2014-09-28T12:03:05+00:00 34e15ded17e4682b5f1db8986faa8c273c014857 This has been fixed in newer releases with a more invasive change: - build: make GLUSTERD_WORKDIR rely on localstatedir http://review.gluster.org/8246 For this release, it is sufficient to only correct the help text. Change-Id: Id5db126e3b5f8b98c2810d5b5a6f7079200df612 BUG: 1147243 Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: http://review.gluster.org/8874 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com> 
This has been fixed in newer releases with a more invasive change:
- build: make GLUSTERD_WORKDIR rely on localstatedir
  http://review.gluster.org/8246

For this release, it is sufficient to only correct the help text.

Change-Id: Id5db126e3b5f8b98c2810d5b5a6f7079200df612
BUG: 1147243
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/8874
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
gNFS: Fix memory leak in setacl code path 2014-09-09T09:43:57+00:00 Santosh Kumar Pradhan spradhan@redhat.com 2014-09-09T06:36:29+00:00 53204bd61d3f8c15e92a90a2497e4d4218f2b729 If ACL is set on a file in Gluster NFS mount (setfacl command), and it succeed, then the NFS call state data is leaked. Though all the failure code path frees up the memory. Impact: There is a OOM kill i.e. vdsm invoked oom-killer during rebalance and Killed process 4305, UID 0, (glusterfs nfs process) FIX: Make sure to deallocate the memory for call state in acl3_setacl_cbk() using nfs3_call_state_wipe(). Cherry picked from commit 5c869aea79c0f304150eac014c7177e74ce0852e: > Change-Id: I9caa3f851e49daaba15be3eec626f1f2dd8e45b3 > BUG: 1139195 > Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com> > Reviewed-on: http://review.gluster.org/8651 > Tested-by: Gluster Build System <jenkins@build.gluster.com> > Reviewed-by: Niels de Vos <ndevos@redhat.com> Change-Id: Ia4fd03ce53a729c1a2bca86e507c39822a35efe1 BUG: 1139245 Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com> Reviewed-on: http://review.gluster.org/8661 Reviewed-by: Niels de Vos <ndevos@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> 
If ACL is set on a file in Gluster NFS mount (setfacl command),
and it succeed, then the NFS call state data is leaked. Though
all the failure code path frees up the memory.

Impact: There is a OOM kill i.e. vdsm invoked oom-killer during
rebalance and Killed process 4305, UID 0, (glusterfs nfs process)

FIX:
Make sure to deallocate the memory for call state in acl3_setacl_cbk()
using nfs3_call_state_wipe().

Cherry picked from commit 5c869aea79c0f304150eac014c7177e74ce0852e:
> Change-Id: I9caa3f851e49daaba15be3eec626f1f2dd8e45b3
> BUG: 1139195
> Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com>
> Reviewed-on: http://review.gluster.org/8651
> Tested-by: Gluster Build System <jenkins@build.gluster.com>
> Reviewed-by: Niels de Vos <ndevos@redhat.com>

Change-Id: Ia4fd03ce53a729c1a2bca86e507c39822a35efe1
BUG: 1139245
Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com>
Reviewed-on: http://review.gluster.org/8661
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
nfs: prevent assertion error with MOUNT over UDP 2014-07-10T07:15:18+00:00 Niels de Vos ndevos@redhat.com 2014-07-08T06:59:42+00:00 a4369c456de4304ebdb252bc2783d634a56f8301 The MOUNT service over UDP runs in a separate thread. This thread does not have the correct *THIS xlator set. *THIS points to the global (base) xlator structure, but GF_CALLOC() requires it to be the NFS-xlator so that assertions can get validated correctly. This is solved by passing the NFS-xlator to the pthread function, and setting the *THIS pointer explicitly in the new thread. It seems that on occasion (needs further investigation) MOUNT over UDP does not unregister itself. There can also be issues when the kernel NLM implementation has been registered at portmap/rpcbind, so adding some unregister procedures in the cleanup of the test-cases. Cherry picked from commit ec74ceedaa41047b88d270c00eeb071b73e19664: > Change-Id: I3be5a420fc800bbcc14198d0b6faf4cf2c7300b1 > BUG: 1116503 > Signed-off-by: Niels de Vos <ndevos@redhat.com> > Reviewed-on: http://review.gluster.org/8241 > Reviewed-by: Santosh Pradhan <spradhan@redhat.com> > Tested-by: Gluster Build System <jenkins@build.gluster.com> > Reviewed-by: Vijay Bellur <vbellur@redhat.com> Change-Id: I3be5a420fc800bbcc14198d0b6faf4cf2c7300b1 BUG: 1116997 Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: http://review.gluster.org/8258 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com> Reviewed-by: Santosh Pradhan <spradhan@redhat.com> 
The MOUNT service over UDP runs in a separate thread. This thread does
not have the correct *THIS xlator set. *THIS points to the global (base)
xlator structure, but GF_CALLOC() requires it to be the NFS-xlator so
that assertions can get validated correctly.

This is solved by passing the NFS-xlator to the pthread function, and
setting the *THIS pointer explicitly in the new thread.

It seems that on occasion (needs further investigation) MOUNT over UDP
does not unregister itself. There can also be issues when the kernel NLM
implementation has been registered at portmap/rpcbind, so adding some
unregister procedures in the cleanup of the test-cases.

Cherry picked from commit ec74ceedaa41047b88d270c00eeb071b73e19664:
> Change-Id: I3be5a420fc800bbcc14198d0b6faf4cf2c7300b1
> BUG: 1116503
> Signed-off-by: Niels de Vos <ndevos@redhat.com>
> Reviewed-on: http://review.gluster.org/8241
> Reviewed-by: Santosh Pradhan <spradhan@redhat.com>
> Tested-by: Gluster Build System <jenkins@build.gluster.com>
> Reviewed-by: Vijay Bellur <vbellur@redhat.com>

Change-Id: I3be5a420fc800bbcc14198d0b6faf4cf2c7300b1
BUG: 1116997
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/8258
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Reviewed-by: Santosh Pradhan <spradhan@redhat.com>
rpcsvc: Validate RPC procedure number before fetch 2014-07-08T10:36:18+00:00 Santosh Kumar Pradhan spradhan@redhat.com 2014-07-03T11:41:44+00:00 3d7b19cd1ecd53f0808b07df7c4ac801fd48f3c3 While accessing the procedures of given RPC program in, rpcsvc_get_program_vector_sizer(), It was not checking boundary conditions which would cause buffer overflow and subsequently SEGV. Make sure rpcsvc_actor_t arrays have numactors number of actors. FIX: Validate the RPC procedure number before fetching the actor. Upstream main review: http://review.gluster.org/7726 BUG: 1096020 Change-Id: Iaf207ee976cb56fa9a554ec82c9eab36d3b289ed Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com> Reviewed-on: http://review.gluster.org/8228 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Niels de Vos <ndevos@redhat.com> 
While accessing the procedures of given RPC program in,
rpcsvc_get_program_vector_sizer(), It was not checking boundary
conditions which would cause buffer overflow and subsequently SEGV.

Make sure rpcsvc_actor_t arrays have numactors number of actors.

FIX:
Validate the RPC procedure number before fetching the actor.

Upstream main review: http://review.gluster.org/7726

BUG: 1096020

Change-Id: Iaf207ee976cb56fa9a554ec82c9eab36d3b289ed
Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com>
Reviewed-on: http://review.gluster.org/8228
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
gNFS: Support wildcard in RPC auth allow/reject 2014-07-02T11:28:21+00:00 Niels de Vos ndevos@redhat.com 2014-07-02T09:11:43+00:00 f25c549c959e06e70eefc5744dc5f93668411de2 RFE: Support wildcard in "nfs.rpc-auth-allow" and "nfs.rpc-auth-reject". e.g. *.redhat.com 192.168.1[1-5].* 192.168.1[1-5].*, *.redhat.com, 192.168.21.9 Along with wildcard, support for subnetwork or IP range e.g. 192.168.10.23/24 The option will be validated for following categories: 1) Anonymous i.e. "*" 2) Wildcard pattern i.e. string containing any ('*', '?', '[') 3) IPv4 address 4) IPv6 address 5) FQDN 6) subnetwork or IPv4 range Currently this does not support IPv6 subnetwork. Cherry-picked from 00e247ee44067f2b3e7ca5f7e6dc2f7934c97181: > Change-Id: Iac8caf5e490c8174d61111dad47fd547d4f67bf4 > BUG: 1086097 > Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com> > Reviewed-on: http://review.gluster.org/7485 > Reviewed-by: Poornima G <pgurusid@redhat.com> > Reviewed-by: Harshavardhana <harsha@harshavardhana.net> > Tested-by: Gluster Build System <jenkins@build.gluster.com> > Reviewed-by: Vijay Bellur <vbellur@redhat.com> Change-Id: I18ef0a914cd403c1f9e66d1b03ecd29465cbce95 BUG: 1115369 Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: http://review.gluster.org/8223 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Santosh Pradhan <spradhan@redhat.com> 
RFE: Support wildcard in "nfs.rpc-auth-allow" and
"nfs.rpc-auth-reject". e.g.
  *.redhat.com
  192.168.1[1-5].*
  192.168.1[1-5].*, *.redhat.com, 192.168.21.9

  Along with wildcard, support for subnetwork or IP range e.g.
  192.168.10.23/24

The option will be validated for following categories:
1) Anonymous i.e. "*"
2) Wildcard pattern i.e. string containing any ('*', '?', '[')
3) IPv4 address
4) IPv6 address
5) FQDN
6) subnetwork or IPv4 range

Currently this does not support IPv6 subnetwork.

Cherry-picked from 00e247ee44067f2b3e7ca5f7e6dc2f7934c97181:
> Change-Id: Iac8caf5e490c8174d61111dad47fd547d4f67bf4
> BUG: 1086097
> Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com>
> Reviewed-on: http://review.gluster.org/7485
> Reviewed-by: Poornima G <pgurusid@redhat.com>
> Reviewed-by: Harshavardhana <harsha@harshavardhana.net>
> Tested-by: Gluster Build System <jenkins@build.gluster.com>
> Reviewed-by: Vijay Bellur <vbellur@redhat.com>

Change-Id: I18ef0a914cd403c1f9e66d1b03ecd29465cbce95
BUG: 1115369
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/8223
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Santosh Pradhan <spradhan@redhat.com>
gNFS: Fix multi-homed m/c issue in NFS subdir auth 2014-07-02T07:53:18+00:00 Niels de Vos ndevos@redhat.com 2014-06-29T14:30:30+00:00 cacc1311626aa8b2dfe9f937cf1b14bb534a8937 NFS subdir authentication doesn't correctly handle multi-homed (host with multiple NIC having multiple IP addr) OR multi-protocol (IPv4 and IPv6) network addresses. When user/admin sets HOSTNAME in gluster CLI for NFS subdir auth, mnt3_verify_auth() routine does not iterate over all the resolved n/w addrs returned by getaddrinfo() n/w API. Instead, it just tests with the one returned first. 1. Iterate over all the n/w addrs (linked list) returned by getaddrinfo(). 2. Move the n/w mask calculation part to mnt3_export_fill_hostspec() instead of doing it in mnt3_verify_auth() i.e. calculating for each mount request. It does not change for MOUNT req. 3. Integrate "subnet support code rpc-auth.addr.<volname>.allow" and "NFS subdir auth code" to remove code duplication. Cherry-picked from commit d3f0de90d0c5166e63f5764d2f21703fd29ce976: > Change-Id: I26b0def52c22cda35ca11766afca3df5fd4360bf > BUG: 1102293 > Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com> > Reviewed-on: http://review.gluster.org/8048 > Reviewed-by: Rajesh Joseph <rjoseph@redhat.com> > Tested-by: Gluster Build System <jenkins@build.gluster.com> > Reviewed-by: Niels de Vos <ndevos@redhat.com> Change-Id: Ie92a8ac602bec2cd77268acb7b23ad8ba3c52f5f BUG: 1112980 Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: http://review.gluster.org/8198 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Santosh Pradhan <spradhan@redhat.com> 
NFS subdir authentication doesn't correctly handle multi-homed
(host with multiple NIC having multiple IP addr) OR multi-protocol
(IPv4 and IPv6) network addresses.

When user/admin sets HOSTNAME in gluster CLI for NFS subdir auth,
mnt3_verify_auth() routine does not iterate over all the resolved
n/w addrs returned by getaddrinfo() n/w API. Instead, it just tests
with the one returned first.

1. Iterate over all the n/w addrs (linked list) returned by getaddrinfo().
2. Move the n/w mask calculation part to mnt3_export_fill_hostspec()
   instead of doing it in mnt3_verify_auth() i.e. calculating for each
   mount request. It does not change for MOUNT req.
3. Integrate "subnet support code rpc-auth.addr.<volname>.allow"
   and "NFS subdir auth code" to remove code duplication.

Cherry-picked from commit d3f0de90d0c5166e63f5764d2f21703fd29ce976:
> Change-Id: I26b0def52c22cda35ca11766afca3df5fd4360bf
> BUG: 1102293
> Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com>
> Reviewed-on: http://review.gluster.org/8048
> Reviewed-by: Rajesh Joseph <rjoseph@redhat.com>
> Tested-by: Gluster Build System <jenkins@build.gluster.com>
> Reviewed-by: Niels de Vos <ndevos@redhat.com>

Change-Id: Ie92a8ac602bec2cd77268acb7b23ad8ba3c52f5f
BUG: 1112980
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/8198
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Santosh Pradhan <spradhan@redhat.com>
gNFS: Make NFS DRC off by default 2014-06-10T09:37:13+00:00 Niels de Vos ndevos@redhat.com 2014-06-09T07:57:37+00:00 de19f3952b9e9a22db9b4af55e74b557aa71bae9 DRC in NFS causes memory bloat and there are known memory corruptions. It would be good to disable drc by default till the feature is stable. Cherry picked from 4215d071cec4fc8a62ca4fd6212d83f931838829: > Change-Id: I93db6ef5298672c56fb117370bb582a5e5550b17 > BUG: 1105524 > Original-patch-by: Santosh Kumar Pradhan <spradhan@redhat.com> > Signed-off-by: Niels de Vos <ndevos@redhat.com> > Reviewed-on: http://review.gluster.org/8004 > Tested-by: Gluster Build System <jenkins@build.gluster.com> > Reviewed-by: Krishnan Parthasarathi <kparthas@redhat.com> > Reviewed-by: Santosh Pradhan <spradhan@redhat.com> > Reviewed-by: Vijay Bellur <vbellur@redhat.com> Change-Id: I93db6ef5298672c56fb117370bb582a5e5550b17 BUG: 1105524 Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: http://review.gluster.org/8013 Reviewed-by: Santosh Pradhan <spradhan@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> 
DRC in NFS causes memory bloat and there are known memory corruptions.
It would be good to disable drc by default till the feature is stable.

Cherry picked from 4215d071cec4fc8a62ca4fd6212d83f931838829:
> Change-Id: I93db6ef5298672c56fb117370bb582a5e5550b17
> BUG: 1105524
> Original-patch-by: Santosh Kumar Pradhan <spradhan@redhat.com>
> Signed-off-by: Niels de Vos <ndevos@redhat.com>
> Reviewed-on: http://review.gluster.org/8004
> Tested-by: Gluster Build System <jenkins@build.gluster.com>
> Reviewed-by: Krishnan Parthasarathi <kparthas@redhat.com>
> Reviewed-by: Santosh Pradhan <spradhan@redhat.com>
> Reviewed-by: Vijay Bellur <vbellur@redhat.com>

Change-Id: I93db6ef5298672c56fb117370bb582a5e5550b17
BUG: 1105524
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/8013
Reviewed-by: Santosh Pradhan <spradhan@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
rpc: warn and truncate grouplist if RPC/AUTH can not hold everything 2014-05-22T13:02:21+00:00 Niels de Vos ndevos@redhat.com 2014-05-12T01:51:15+00:00 57ec16e7f6d08b9a1c07f8ece3db630b08557372 The GlusterFS protocol currently uses AUTH_GLUSTERFS_V2 in the RPC/AUTH header. This header contains the uid, gid and auxiliary groups of the user/process that accesses the Gluster Volume. The AUTH_GLUSTERFS_V2 structure allows up to 65535 auxiliary groups to be passed on. Unfortunately, the RPC/AUTH header is limited to 400 bytes by the RPC specification: http://tools.ietf.org/html/rfc5531#section-8.2 In order to not cause complete failures on the client-side when trying to encode a AUTH_GLUSTERFS_V2 that would result in more than 400 bytes, we can calculate the expected size of the other elements: 1 | pid 1 | uid 1 | gid 1 | groups_len XX | groups_val (GF_MAX_AUX_GROUPS=65535) 1 | lk_owner_len YY | lk_owner_val (GF_MAX_LOCK_OWNER_LEN=1024) ----+------------------------------------------- 5 | total xdr-units one XDR-unit is defined as BYTES_PER_XDR_UNIT = 4 bytes MAX_AUTH_BYTES = 400 is the maximum, this is 100 xdr-units. XX + YY can be 95 to fill the 100 xdr-units. Note that the on-wire protocol has tighter requirements than the internal structures. It is possible for xlators to use more groups and a bigger lk_owner than that can be sent by a GlusterFS-client. This change prevents overflows when allocating the RPC/AUTH header. Two new macros are introduced to calculate the number of groups that fit in the RPC/AUTH header, when taking the size of the lk_owner in account. In case the list of groups exceeds the maximum possible, only the first groups are passed over the RPC/GlusterFS protocol to the bricks. A warning is added to the logs, so that most system administrators will get informed. The reducing of the number of groups is not a new inventions. The RPC/AUTH header (AUTH_SYS or AUTH_UNIX) that NFS uses has a limit of 16 groups. Most, if not all, NFS-clients will reduce any bigger number of groups to 16. (nfs.server-aux-gids can be used to workaround the limit of 16 groups, but the Gluster NFS-server will be limited to a maximum of 93 groups, or fewer in case the lk_owner structure contains more items.) Cherry picked from commit 8235de189845986a535d676b1fd2c894b9c02e52: > BUG: 1053579 > Signed-off-by: Niels de Vos <ndevos@redhat.com> > Reviewed-on: http://review.gluster.org/7202 > Tested-by: Gluster Build System <jenkins@build.gluster.com> > Reviewed-by: Harshavardhana <harsha@harshavardhana.net> > Reviewed-by: Santosh Pradhan <spradhan@redhat.com> > Reviewed-by: Vijay Bellur <vbellur@redhat.com> Change-Id: I8410e59d0fd246d601b54b961d3ae9cb5a858c10 BUG: 1096425 Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: http://review.gluster.org/7829 Reviewed-by: Lalatendu Mohanty <lmohanty@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> 
The GlusterFS protocol currently uses AUTH_GLUSTERFS_V2 in the RPC/AUTH
header. This header contains the uid, gid and auxiliary groups of the
user/process that accesses the Gluster Volume.

The AUTH_GLUSTERFS_V2 structure allows up to 65535 auxiliary groups to
be passed on. Unfortunately, the RPC/AUTH header is limited to 400 bytes
by the RPC specification: http://tools.ietf.org/html/rfc5531#section-8.2

In order to not cause complete failures on the client-side when trying
to encode a AUTH_GLUSTERFS_V2 that would result in more than 400 bytes,
we can calculate the expected size of the other elements:

    1 | pid
    1 | uid
    1 | gid
    1 | groups_len
   XX | groups_val (GF_MAX_AUX_GROUPS=65535)
    1 | lk_owner_len
   YY | lk_owner_val (GF_MAX_LOCK_OWNER_LEN=1024)
  ----+-------------------------------------------
    5 | total xdr-units

  one XDR-unit is defined as BYTES_PER_XDR_UNIT = 4 bytes
  MAX_AUTH_BYTES = 400 is the maximum, this is 100 xdr-units.
  XX + YY can be 95 to fill the 100 xdr-units.

  Note that the on-wire protocol has tighter requirements than the
  internal structures. It is possible for xlators to use more groups and
  a bigger lk_owner than that can be sent by a GlusterFS-client.

This change prevents overflows when allocating the RPC/AUTH header. Two
new macros are introduced to calculate the number of groups that fit in
the RPC/AUTH header, when taking the size of the lk_owner in account. In
case the list of groups exceeds the maximum possible, only the first
groups are passed over the RPC/GlusterFS protocol to the bricks.
A warning is added to the logs, so that most system administrators will
get informed.

The reducing of the number of groups is not a new inventions. The
RPC/AUTH header (AUTH_SYS or AUTH_UNIX) that NFS uses has a limit of 16
groups. Most, if not all, NFS-clients will reduce any bigger number of
groups to 16. (nfs.server-aux-gids can be used to workaround the limit
of 16 groups, but the Gluster NFS-server will be limited to a maximum of
93 groups, or fewer in case the lk_owner structure contains more items.)

Cherry picked from commit 8235de189845986a535d676b1fd2c894b9c02e52:
> BUG: 1053579
> Signed-off-by: Niels de Vos <ndevos@redhat.com>
> Reviewed-on: http://review.gluster.org/7202
> Tested-by: Gluster Build System <jenkins@build.gluster.com>
> Reviewed-by: Harshavardhana <harsha@harshavardhana.net>
> Reviewed-by: Santosh Pradhan <spradhan@redhat.com>
> Reviewed-by: Vijay Bellur <vbellur@redhat.com>

Change-Id: I8410e59d0fd246d601b54b961d3ae9cb5a858c10
BUG: 1096425
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/7829
Reviewed-by: Lalatendu Mohanty <lmohanty@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
gNFS: Set default outstanding RPC limit to 16 2014-03-07T20:11:28+00:00 Kaleb S. KEITHLEY kkeithle@redhat.com 2014-03-06T13:13:57+00:00 0e8e79350947b9dedd02b1cc2339b8dc42ca599d Backport of http://review.gluster.org/#/c/6696/ With 64, NFS server hangs with large I/O load (~ 64 threads writing to NFS server). The test results from Ben England (Performance expert) suggest to set it as 16 instead of 64. Change-Id: Iaa9dda512904d2e359d8122a05e5bf65f99a7e78 BUG: 1073441 Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com> Reviewed-on: http://review.gluster.org/7200 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Santosh Pradhan <spradhan@redhat.com> 
Backport of http://review.gluster.org/#/c/6696/

With 64, NFS server hangs with large I/O load (~ 64 threads writing
to NFS server). The test results from Ben England (Performance expert)
suggest to set it as 16 instead of 64.

Change-Id: Iaa9dda512904d2e359d8122a05e5bf65f99a7e78
BUG: 1073441
Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
Reviewed-on: http://review.gluster.org/7200
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Santosh Pradhan <spradhan@redhat.com>