On Mon, Nov 18, 2019 at 1:42 PM Steve Dickson <SteveD@xxxxxxxxxx> wrote:
>
>
>
> On 11/8/19 4:32 PM, Olga Kornievskaia wrote:
> > From: Olga Kornievskaia <kolga@xxxxxxxxxx>
> >
> > Add a kernel config CONFIG_NFS_DISABLE_UDP_SUPPORT to disallow NFS
> > UDP mounts.
> >
> > I took the same approach as Chuck's deprecation of DES enc types
> > to start with default to still allow but I think the ultimate
> > goal is to disable
> >
> > Question: how do we have folks trying this unless we set it to false?
> Exactly... Why not do the opposite? Off by default... instead of
> having to set the variable to turn UDP off?
OK! v2 will turn this off by default instead.
>
> steved.
>
> >
> > Signed-off-by: Olga Kornievskaia <kolga@xxxxxxxxxx>
> > ---
> > fs/nfs/Kconfig | 10 ++++++++++
> > fs/nfs/client.c | 4 ++++
> > fs/nfs/super.c | 8 ++++++++
> > 3 files changed, 22 insertions(+)
> >
> > diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig
> > index 295a7a2..6320113 100644
> > --- a/fs/nfs/Kconfig
> > +++ b/fs/nfs/Kconfig
> > @@ -196,3 +196,13 @@ config NFS_DEBUG
> > depends on NFS_FS && SUNRPC_DEBUG
> > select CRC32
> > default y
> > +
> > +config NFS_DISABLE_UDP_SUPPORT
> > + bool "NFS: Disable NFS UDP protocol support"
> > + depends on NFS_FS
> > + default n
> > + help
> > + Choose Y here to disable the use of NFS over UDP. NFS over UDP
> > + on modern networks (1Gb+) can lead to data corruption caused by
> > + fragmentation during high loads.
> > + The default is N because many deployments still use UDP.
> > diff --git a/fs/nfs/client.c b/fs/nfs/client.c
> > index 02110a3..24ca314 100644
> > --- a/fs/nfs/client.c
> > +++ b/fs/nfs/client.c
> > @@ -474,6 +474,7 @@ void nfs_init_timeout_values(struct rpc_timeout *to, int proto,
> > to->to_maxval = to->to_initval;
> > to->to_exponential = 0;
> > break;
> > +#ifdef CONFIG_NFS_DISABLE_UDP_SUPPORT
> > case XPRT_TRANSPORT_UDP:
> > if (retrans == NFS_UNSPEC_RETRANS)
> > to->to_retries = NFS_DEF_UDP_RETRANS;
> > @@ -484,6 +485,7 @@ void nfs_init_timeout_values(struct rpc_timeout *to, int proto,
> > to->to_maxval = NFS_MAX_UDP_TIMEOUT;
> > to->to_exponential = 1;
> > break;
> > +#endif
> > default:
> > BUG();
> > }
> > @@ -580,8 +582,10 @@ static int nfs_start_lockd(struct nfs_server *server)
> > default:
> > nlm_init.protocol = IPPROTO_TCP;
> > break;
> > +#ifdef CONFIG_NFS_DISABLE_UDP_SUPPORT
> > case XPRT_TRANSPORT_UDP:
> > nlm_init.protocol = IPPROTO_UDP;
> > +#endif
> > }
> >
> > host = nlmclnt_init(&nlm_init);
> > diff --git a/fs/nfs/super.c b/fs/nfs/super.c
> > index a84df7d6..21e59da 100644
> > --- a/fs/nfs/super.c
> > +++ b/fs/nfs/super.c
> > @@ -1011,7 +1011,9 @@ static void nfs_set_port(struct sockaddr *sap, int *port,
> > static void nfs_validate_transport_protocol(struct nfs_parsed_mount_data *mnt)
> > {
> > switch (mnt->nfs_server.protocol) {
> > +#ifdef CONFIG_NFS_DISABLE_UDP_SUPPORT
> > case XPRT_TRANSPORT_UDP:
> > +#endif
> > case XPRT_TRANSPORT_TCP:
> > case XPRT_TRANSPORT_RDMA:
> > break;
> > @@ -1033,8 +1035,10 @@ static void nfs_set_mount_transport_protocol(struct nfs_parsed_mount_data *mnt)
> > return;
> > switch (mnt->nfs_server.protocol) {
> > case XPRT_TRANSPORT_UDP:
> > +#ifdef CONFIG_NFS_DISABLE_UDP_SUPPORT
> > mnt->mount_server.protocol = XPRT_TRANSPORT_UDP;
> > break;
> > +#endif
> > case XPRT_TRANSPORT_TCP:
> > case XPRT_TRANSPORT_RDMA:
> > mnt->mount_server.protocol = XPRT_TRANSPORT_TCP;
> > @@ -2204,6 +2208,10 @@ static int nfs_validate_text_mount_data(void *options,
> > #endif /* CONFIG_NFS_V4 */
> > } else {
> > nfs_set_mount_transport_protocol(args);
> > +#ifdef CONFIG_NFS_DISABLE_UDP_SUPPORT
> > + if (args->nfs_server.protocol == XPRT_TRANSPORT_UDP)
> > + goto out_invalid_transport_udp;
> > +#endif
> > if (args->nfs_server.protocol == XPRT_TRANSPORT_RDMA)
> > port = NFS_RDMA_PORT;
> > }
> >
>
