Introduce two new sysctls, "default_request_timeout" and "max_request_timeout". These control how long (in minutes) a server can take to reply to a request. If the server does not reply by the timeout, then the connection will be aborted. "default_request_timeout" sets the default timeout if no timeout is specified by the fuse server on mount. 0 (default) indicates no default timeout should be enforced. If the server did specify a timeout, then default_request_timeout will be ignored. "max_request_timeout" sets the max amount of time the server may take to reply to a request. 0 (default) indicates no maximum timeout. If max_request_timeout is set and the fuse server attempts to set a timeout greater than max_request_timeout, the system will use max_request_timeout as the timeout. Similarly, if default_request_timeout is greater than max_request_timeout, the system will use max_request_timeout as the timeout. If the server does not request a timeout and default_request_timeout is set to 0 but max_request_timeout is set, then the timeout will be max_request_timeout. Please note that these timeouts are not 100% precise. The request may take an extra FUSE_TIMEOUT_TIMER_FREQ seconds beyond the set max timeout due to how it's internally implemented. $ sysctl -a | grep fuse.default_request_timeout fs.fuse.default_request_timeout = 0 $ echo 65536 | sudo tee /proc/sys/fs/fuse/default_request_timeout tee: /proc/sys/fs/fuse/default_request_timeout: Invalid argument $ echo 65535 | sudo tee /proc/sys/fs/fuse/default_request_timeout 65535 $ sysctl -a | grep fuse.default_request_timeout fs.fuse.default_request_timeout = 65535 $ echo 0 | sudo tee /proc/sys/fs/fuse/default_request_timeout 0 $ sysctl -a | grep fuse.default_request_timeout fs.fuse.default_request_timeout = 0 Signed-off-by: Joanne Koong <joannelkoong@xxxxxxxxx> --- Documentation/admin-guide/sysctl/fs.rst | 27 +++++++++++++++++++++++++ fs/fuse/fuse_i.h | 10 +++++++++ fs/fuse/inode.c | 16 +++++++++++++-- fs/fuse/sysctl.c | 20 ++++++++++++++++++ 4 files changed, 71 insertions(+), 2 deletions(-) diff --git a/Documentation/admin-guide/sysctl/fs.rst b/Documentation/admin-guide/sysctl/fs.rst index fa25d7e718b3..790a34291467 100644 --- a/Documentation/admin-guide/sysctl/fs.rst +++ b/Documentation/admin-guide/sysctl/fs.rst @@ -342,3 +342,30 @@ filesystems: ``/proc/sys/fs/fuse/max_pages_limit`` is a read/write file for setting/getting the maximum number of pages that can be used for servicing requests in FUSE. + +``/proc/sys/fs/fuse/default_request_timeout`` is a read/write file for +setting/getting the default timeout (in minutes) for a fuse server to +reply to a kernel-issued request in the event where the server did not +specify a timeout at mount. If the server set a timeout, +then default_request_timeout will be ignored. The default +"default_request_timeout" is set to 0. 0 indicates a no-op (eg +requests will not have a default request timeout set if no timeout was +specified by the server). + +``/proc/sys/fs/fuse/max_request_timeout`` is a read/write file for +setting/getting the maximum timeout (in minutes) for a fuse server to +reply to a kernel-issued request. A value greater than 0 automatically opts +the server into a timeout that will be at most "max_request_timeout", even if +the server did not specify a timeout and default_request_timeout is set to 0. +If max_request_timeout is greater than 0 and the server set a timeout greater +than max_request_timeout or default_request_timeout is set to a value greater +than max_request_timeout, the system will use max_request_timeout as the +timeout. 0 indicates a no-op (eg requests will not have an upper bound on the +timeout and if the server did not request a timeout and default_request_timeout +was not set, there will be no timeout). + +Please note that for the timeout options, if the server does not respond to +the request by the time the timeout elapses, then the connection to the fuse +server will be aborted. Please also note that the timeouts are not 100% +precise (eg you may set 10 minutes but the timeout may kick in after 11 +minutes). diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h index ef4558c2c44e..28d9230f4fcb 100644 --- a/fs/fuse/fuse_i.h +++ b/fs/fuse/fuse_i.h @@ -46,6 +46,16 @@ /** Maximum of max_pages received in init_out */ extern unsigned int fuse_max_pages_limit; +/* + * Default timeout (in minutes) for the server to reply to a request + * before the connection is aborted, if no timeout was specified on mount. + */ +extern unsigned int fuse_default_req_timeout; +/* + * Max timeout (in minutes) for the server to reply to a request before + * the connection is aborted. + */ +extern unsigned int fuse_max_req_timeout; /** List of active connections */ extern struct list_head fuse_conn_list; diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c index a78aac76b942..d97dde59eac3 100644 --- a/fs/fuse/inode.c +++ b/fs/fuse/inode.c @@ -36,6 +36,9 @@ DEFINE_MUTEX(fuse_mutex); static int set_global_limit(const char *val, const struct kernel_param *kp); unsigned int fuse_max_pages_limit = 256; +/* default is no timeout */ +unsigned int fuse_default_req_timeout = 0; +unsigned int fuse_max_req_timeout = 0; unsigned max_user_bgreq; module_param_call(max_user_bgreq, set_global_limit, param_get_uint, @@ -1701,8 +1704,17 @@ EXPORT_SYMBOL_GPL(fuse_init_fs_context_submount); static void fuse_init_fc_timeout(struct fuse_conn *fc, struct fuse_fs_context *ctx) { - if (ctx->req_timeout) { - if (check_mul_overflow(ctx->req_timeout * 60, HZ, &fc->timeout.req_timeout)) + unsigned int timeout = ctx->req_timeout ?: fuse_default_req_timeout; + + if (fuse_max_req_timeout) { + if (!timeout) + timeout = fuse_max_req_timeout; + else + timeout = min(timeout, fuse_max_req_timeout); + } + + if (timeout) { + if (check_mul_overflow(timeout * 60, HZ, &fc->timeout.req_timeout)) fc->timeout.req_timeout = U32_MAX; timer_setup(&fc->timeout.timer, fuse_check_timeout, 0); mod_timer(&fc->timeout.timer, jiffies + FUSE_TIMEOUT_TIMER_FREQ); diff --git a/fs/fuse/sysctl.c b/fs/fuse/sysctl.c index b272bb333005..e70b5269c16d 100644 --- a/fs/fuse/sysctl.c +++ b/fs/fuse/sysctl.c @@ -13,6 +13,8 @@ static struct ctl_table_header *fuse_table_header; /* Bound by fuse_init_out max_pages, which is a u16 */ static unsigned int sysctl_fuse_max_pages_limit = 65535; +static unsigned int sysctl_fuse_max_req_timeout_limit = U16_MAX; + static struct ctl_table fuse_sysctl_table[] = { { .procname = "max_pages_limit", @@ -23,6 +25,24 @@ static struct ctl_table fuse_sysctl_table[] = { .extra1 = SYSCTL_ONE, .extra2 = &sysctl_fuse_max_pages_limit, }, + { + .procname = "default_request_timeout", + .data = &fuse_default_req_timeout, + .maxlen = sizeof(fuse_default_req_timeout), + .mode = 0644, + .proc_handler = proc_douintvec_minmax, + .extra1 = SYSCTL_ZERO, + .extra2 = &sysctl_fuse_max_req_timeout_limit, + }, + { + .procname = "max_request_timeout", + .data = &fuse_max_req_timeout, + .maxlen = sizeof(fuse_max_req_timeout), + .mode = 0644, + .proc_handler = proc_douintvec_minmax, + .extra1 = SYSCTL_ZERO, + .extra2 = &sysctl_fuse_max_req_timeout_limit, + }, }; int fuse_sysctl_register(void) -- 2.43.5