Hi Olga
On Fri, 2019-11-08 at 16:32 -0500, Olga Kornievskaia wrote:
> From: Olga Kornievskaia <kolga@xxxxxxxxxx>
>
> Add a kernel config CONFIG_NFS_DISABLE_UDP_SUPPORT to disallow NFS
> UDP mounts.
>
> I took the same approach as Chuck's deprecation of DES enc types
> to start with default to still allow but I think the ultimate
> goal is to disable
>
> Question: how do we have folks trying this unless we set it to false?
>
> Signed-off-by: Olga Kornievskaia <kolga@xxxxxxxxxx>
> ---
> fs/nfs/Kconfig | 10 ++++++++++
> fs/nfs/client.c | 4 ++++
> fs/nfs/super.c | 8 ++++++++
> 3 files changed, 22 insertions(+)
>
> diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig
> index 295a7a2..6320113 100644
> --- a/fs/nfs/Kconfig
> +++ b/fs/nfs/Kconfig
> @@ -196,3 +196,13 @@ config NFS_DEBUG
> depends on NFS_FS && SUNRPC_DEBUG
> select CRC32
> default y
> +
> +config NFS_DISABLE_UDP_SUPPORT
> + bool "NFS: Disable NFS UDP protocol support"
> + depends on NFS_FS
> + default n
> + help
> + Choose Y here to disable the use of NFS over UDP. NFS over
> UDP
> + on modern networks (1Gb+) can lead to data corruption caused
> by
> + fragmentation during high loads.
> + The default is N because many deployments still use UDP.
> diff --git a/fs/nfs/client.c b/fs/nfs/client.c
> index 02110a3..24ca314 100644
> --- a/fs/nfs/client.c
> +++ b/fs/nfs/client.c
> @@ -474,6 +474,7 @@ void nfs_init_timeout_values(struct rpc_timeout
> *to, int proto,
> to->to_maxval = to->to_initval;
> to->to_exponential = 0;
> break;
> +#ifdef CONFIG_NFS_DISABLE_UDP_SUPPORT
> case XPRT_TRANSPORT_UDP:
> if (retrans == NFS_UNSPEC_RETRANS)
> to->to_retries = NFS_DEF_UDP_RETRANS;
> @@ -484,6 +485,7 @@ void nfs_init_timeout_values(struct rpc_timeout
> *to, int proto,
> to->to_maxval = NFS_MAX_UDP_TIMEOUT;
> to->to_exponential = 1;
> break;
> +#endif
> default:
> BUG();
> }
> @@ -580,8 +582,10 @@ static int nfs_start_lockd(struct nfs_server
> *server)
> default:
> nlm_init.protocol = IPPROTO_TCP;
> break;
> +#ifdef CONFIG_NFS_DISABLE_UDP_SUPPORT
> case XPRT_TRANSPORT_UDP:
> nlm_init.protocol = IPPROTO_UDP;
> +#endif
> }
>
> host = nlmclnt_init(&nlm_init);
> diff --git a/fs/nfs/super.c b/fs/nfs/super.c
> index a84df7d6..21e59da 100644
> --- a/fs/nfs/super.c
> +++ b/fs/nfs/super.c
> @@ -1011,7 +1011,9 @@ static void nfs_set_port(struct sockaddr *sap,
> int *port,
> static void nfs_validate_transport_protocol(struct
> nfs_parsed_mount_data *mnt)
> {
> switch (mnt->nfs_server.protocol) {
> +#ifdef CONFIG_NFS_DISABLE_UDP_SUPPORT
> case XPRT_TRANSPORT_UDP:
> +#endif
> case XPRT_TRANSPORT_TCP:
> case XPRT_TRANSPORT_RDMA:
> break;
> @@ -1033,8 +1035,10 @@ static void
> nfs_set_mount_transport_protocol(struct nfs_parsed_mount_data *mnt)
> return;
> switch (mnt->nfs_server.protocol) {
> case XPRT_TRANSPORT_UDP:
> +#ifdef CONFIG_NFS_DISABLE_UDP_SUPPORT
> mnt->mount_server.protocol = XPRT_TRANSPORT_UDP;
> break;
> +#endif
Don't we want to return an error here rather than defaulting to the
TCP/RDMA behaviour?
> case XPRT_TRANSPORT_TCP:
> case XPRT_TRANSPORT_RDMA:
> mnt->mount_server.protocol = XPRT_TRANSPORT_TCP;
> @@ -2204,6 +2208,10 @@ static int nfs_validate_text_mount_data(void
> *options,
> #endif /* CONFIG_NFS_V4 */
> } else {
> nfs_set_mount_transport_protocol(args);
> +#ifdef CONFIG_NFS_DISABLE_UDP_SUPPORT
> + if (args->nfs_server.protocol == XPRT_TRANSPORT_UDP)
> + goto out_invalid_transport_udp;
> +#endif
> if (args->nfs_server.protocol == XPRT_TRANSPORT_RDMA)
> port = NFS_RDMA_PORT;
> }
--
Trond Myklebust
Linux NFS client maintainer, Hammerspace
trond.myklebust@xxxxxxxxxxxxxxx
