NFSv4.1: Interrupted connections cause high bandwidth RPC ping-pong between client and server
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Medium
|
Matthew Ruffell |
Bug Description
BugLink: https:/
[Impact]
There is a bug in NFS v4.1 that causes a large amount of RPC calls between a client and server when a previous RPC call is interrupted. This uses a large amount of bandwidth and can saturate the network.
The symptoms are so:
* On NFS clients:
Attempts to access mounted NFS shares associated with the affected server block indefinitely.
* On the network:
A storm of repeated RPCs between NFS client and server uses a lot of bandwidth. Each RPC is acknowledged by the server with an NFS4ERR_
* Other NFS clients connected to the same NFS server:
Performance drops dramatically.
This occurs during a "false retry", when a client attempts to make a new RPC call using a slot+sequence number that references an older, cached call. This happens when a user process interrupts an RPC call that is in progress.
I had previously fixed this for Disco in bug 1828978, and now a customer has run into the issue in Bionic. A reproducer is supplied in the testcase section, which was something missing from bug 1828978, since we never determined how the issue actually occurred back then.
[Fix]
This was fixed in 5.1 upstream with the below commit:
commit 3453d5708b33efe
Author: Trond Myklebust <email address hidden>
Date: Wed Jun 20 17:53:34 2018 -0400
Subject: NFSv4.1: Avoid false retries when RPC calls are interrupted
The fix is to pre-emptively increment the sequence number if an RPC call is interrupted, and to address corner cases we interpret the NFS4ERR_
The commit also requires two fixup commits, which landed in 5.5 and 5.8-rc6 respectively:
commit 5c441544f045e67
Author: Trond Myklebust <email address hidden>
Date: Wed Nov 13 08:34:00 2019 +0100
Subject: NFSv4.x: Handle bad/dead sessions correctly in nfs41_sequence_
commit 913fadc5b105c36
Author: Anna Schumaker <email address hidden>
Date: Wed Jul 8 10:33:40 2020 -0400
Subject: NFS: Fix interrupted slots by sending a solo SEQUENCE operation
Commits 3453d5708b33efe
[Testcase]
You will need four machines. The first, is a kerberos KDC. Set up Kerberos correctly and create new service principals for the NFS server and for the client. I used: nfs/nfskerb.
The second machine will be a NFS server with the krb5p share. Add the nfs server kerberos keys to the system's keytab, and set up a NFS server that exports a directory with sec=krb5p. Example export:
/mnt/secretfolder *.mydomain.
The third machine is a regular NFS server. Export a directory with normal sec=sys security. Example export:
/mnt/sharedfolder *.mydomain.
The fourth is a desktop machine. Add the client kerberos keys to the system's keytab. Mount both NFS shares, making sure to use the NFS v4.2 protocol. I used the commands:
mount -t nfs4 nfskerb.
mount -t nfs4 nfs.mydomain.
Check "mount -l" to ensure that NFS v4.2 is used:
nfskerb.
nfs.mydomain.
Generate some files full of random data. I found 20MB from /dev/random works great.
Open each NFS share up in tabs in Nautilus. Copy the random data files to the sec=sys NFS share. When they are done, one at a time cut and then paste the file into the sec=krb5p NFS share. The bug will trigger either on the first, or subsequent tries, but less than 10 tries are needed usually.
There is a test kernel available in the following PPA:
https:/
If you install the test kernel, files will cut and paste correctly, and NFS will work as expected.
[Regression Potential]
The changes are localised to NFS v4.1 and v4.2 only, and other versions of NFS are not affected. If a regression occurs, users can downgrade NFS versions to v4.0 or v3.x until a fix is made.
The changes only impact when connections are interrupted, and under typical blue sky scenarios would not be invoked.
There have been several attempts to fix this in the past, starting with f9312a541050 "NFSv4.1: Fix the client behaviour on NFS4ERR_
[Other Info]
When I first submitted this fix for SRU, I believed that the fix was:
commit 02ef04e432babf8
Author: Chuck Lever <email address hidden>
Date: Mon Feb 11 11:25:25 2019 -0500
Subject: NFS: Account for XDR pad of buf->pages
This is not the case. This was a false positive fix. What it did was break NFSv4 GETACL and FS_LOCATIONS requests. When you tried to reproduce, the calls were never made since they were broken, and thus could not be interrupted, and cutting and pasting files worked fine.
When you applied the fixup commit 29e7ca715f2a0b6
Changed in linux (Ubuntu Bionic): | |
status: | New → In Progress |
Changed in linux (Ubuntu): | |
status: | New → Fix Released |
Changed in linux (Ubuntu Bionic): | |
importance: | Undecided → Medium |
assignee: | nobody → Matthew Ruffell (mruffell) |
description: | updated |
tags: | added: sts |
summary: |
- Cutting and Pasting files from NFS sec=sys to NFS sec=krb5p causes NFS - to hang + NFS4.2: Cutting and Pasting files from NFS sec=sys to NFS sec=krb5p + causes NFS to hang |
description: | updated |
summary: |
- NFS4.2: Cutting and Pasting files from NFS sec=sys to NFS sec=krb5p - causes NFS to hang + NFSv4.1: Interrupted connections cause high bandwidth RPC ping-pong + between client and server |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Changed in linux (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification- needed- bionic' to 'verification- done-bionic' . If the problem still exists, change the tag 'verification- needed- bionic' to 'verification- failed- bionic' .
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you!