Do not fence connections without valid greeting

There is no reason to fence any connection that hasn't sent a valid
greeting, since they haven't progressed far enough for it to make
sense. Skip the fence call for these connections and let the existing
destroy path tear them down. Any real client will reconnect.

server_notify_down() previously treated any zero rid teardown as
the listening socket going down and called stop_server(). That's
correct for the listener legitimately, but not for any conn that
never completed a greeting.

Adds a test that sends a short garbage payload to each quorum port and
verifies that no greeting-less connection remains past the reconnect
timeout (20s) and that the filesystem still works afterwards.

Signed-off-by: Auke Kok <auke.kok@versity.com>

ReleaseNotes.md

@@ -1,20 +1,6 @@
 Versity ScoutFS Release Notes
 =============================
 
----
-v1.32
-\
-*June 2, 2026*
-
-Fix writing POSIX ACLs over NFS mounts that export the scoutfs
-filesystem.
-
-Add support for kernels in the RHEL 9.8 minor release.
-
-Reduce unneeded block allocation when data\_prealloc\_contig\_only was
-set to 0. This will help achieve more efficient data space usage when
-writing small files.
-
 ---
 v1.31
 \

kmod/src/Makefile.kernelcompat

@@ -479,16 +479,6 @@ ifneq (,$(shell grep '^unsigned int stack_trace_save' include/linux/stacktrace.h
 ccflags-y += -DKC_STACK_TRACE_SAVE
 endif
 
-#
-# v3.14-rc1-7-g4e34e719e457
-#
-# .set_acl callback added to struct inode_operations.  Most kernels
-# we target have it, but el7 (3.10 base) does not, so detect.
-#
-ifneq (,$(shell grep 'int ..set_acl..struct' include/linux/fs.h))
-ccflags-y += -DKC_HAS_SET_ACL
-endif
-
 #
 # v6.1-rc1-2-g138060ba92b3
 #
@@ -506,12 +496,3 @@ endif
 ifneq (,$(shell grep 'struct posix_acl.*get_inode_acl' include/linux/fs.h))
 ccflags-y += -DKC_GET_INODE_ACL
 endif
-
-#
-# v6.15-13744-g41cb08555c41
-#
-# from_timer renamed to timer_container_of.
-#
-ifneq (,$(shell grep 'define timer_container_of' include/linux/timer.h))
-ccflags-y += -DKC_TIMER_CONTAINER_OF
-endif

kmod/src/acl.c

@@ -216,8 +216,7 @@ int scoutfs_set_acl(KC_VFS_NS_DEF
 {
 	struct inode *inode = dentry->d_inode;
 #else
-int scoutfs_set_acl(KC_VFS_NS_DEF
-		    struct inode *inode, struct posix_acl *acl, int type)
+int scoutfs_set_acl(struct inode *inode, struct posix_acl *acl, int type)
 {
 #endif
 	struct super_block *sb = inode->i_sb;
@@ -310,7 +309,7 @@ int scoutfs_acl_set_xattr(struct dentry *dentry, const char *name, const void *v
 #ifdef KC_SET_ACL_DENTRY
 	ret = scoutfs_set_acl(KC_VFS_INIT_NS dentry, acl, type);
 #else
-	ret = scoutfs_set_acl(KC_VFS_INIT_NS dentry->d_inode, acl, type);
+	ret = scoutfs_set_acl(dentry->d_inode, acl, type);
 #endif
 out:
 	posix_acl_release(acl);

kmod/src/acl.h

@@ -5,8 +5,7 @@
 int scoutfs_set_acl(KC_VFS_NS_DEF
 		    struct dentry *dentry, struct posix_acl *acl, int type);
 #else
-int scoutfs_set_acl(KC_VFS_NS_DEF
-		    struct inode *inode, struct posix_acl *acl, int type);
+int scoutfs_set_acl(struct inode *inode, struct posix_acl *acl, int type);
 #endif
 #ifdef KC_GET_INODE_ACL
 struct posix_acl *scoutfs_get_acl(struct inode *inode, int type, bool rcu);

kmod/src/data.c

@@ -422,8 +422,6 @@ static int alloc_block(struct super_block *sb, struct inode *inode,
 
 	mutex_lock(&datinf->mutex);
 
-	scoutfs_inode_get_onoff(inode, &online, &offline);
-
 	/* default to single allocation at the written block */
 	start = iblock;
 	count = 1;
@@ -446,6 +444,7 @@ static int alloc_block(struct super_block *sb, struct inode *inode,
 		 * the preallocation size to the number of online
 		 * blocks.
 		 */
+		scoutfs_inode_get_onoff(inode, &online, &offline);
 		if (iblock > 1 && iblock == online) {
 			ret = scoutfs_ext_next(sb, &data_ext_ops, &args,
 					       iblock, 1, &found);
@@ -487,13 +486,6 @@ static int alloc_block(struct super_block *sb, struct inode *inode,
 		/* trim count by next extent after iblock */
 		if (found.len && found.start > start && found.start < start + count)
 			count = (found.start - start);
-
-		/*
-		 * Ramp the aligned region size up proportionally with
-		 * the file's online block count rather than jumping to
-		 * the full prealloc size.
-		 */
-		count = max_t(u64, 1, min(count, online));
 	}
 
 	/* overall prealloc limit */

kmod/src/dir.c

@@ -2063,7 +2063,7 @@ const struct inode_operations scoutfs_dir_iops = {
 #else
 	.get_acl	= scoutfs_get_acl,
 #endif
-#ifdef KC_HAS_SET_ACL
+#ifdef KC_SET_ACL_DENTRY
 	.set_acl	= scoutfs_set_acl,
 #endif
 	.symlink	= scoutfs_symlink,

kmod/src/fence.c

@@ -222,7 +222,7 @@ static struct attribute *fence_attrs[] = {
 
 static void fence_timeout(struct timer_list *timer)
 {
-	struct pending_fence *fence = timer_container_of(fence, timer, timer);
+	struct pending_fence *fence = from_timer(fence, timer, timer);
 	struct super_block *sb = fence->sb;
 	DECLARE_FENCE_INFO(sb, fi);
 

kmod/src/inode.c

@@ -154,7 +154,7 @@ static const struct inode_operations scoutfs_file_iops = {
 #else
 	.get_acl	= scoutfs_get_acl,
 #endif
-#ifdef KC_HAS_SET_ACL
+#ifdef KC_SET_ACL_DENTRY
 	.set_acl	= scoutfs_set_acl,
 #endif
 	.fiemap		= scoutfs_data_fiemap,
@@ -174,7 +174,7 @@ static const struct inode_operations scoutfs_special_iops = {
 #else
 	.get_acl	= scoutfs_get_acl,
 #endif
-#ifdef KC_HAS_SET_ACL
+#ifdef KC_SET_ACL_DENTRY
 	.set_acl	= scoutfs_set_acl,
 #endif
 };

kmod/src/kernelcompat.h

@@ -489,9 +489,4 @@ static inline void stack_trace_print(unsigned long *entries, unsigned int nr_ent
 }
 #endif
 
-#ifndef KC_TIMER_CONTAINER_OF
-#define timer_container_of(var, callback_timer, timer_fieldname) \
-	from_timer(var, callback_timer, timer_fieldname)
-#endif
-
 #endif

kmod/src/net.c

@@ -1452,15 +1452,23 @@ restart:
 			set_conn_fl(acc, reconn_freeing);
 			spin_unlock(&conn->lock);
 			if (!test_conn_fl(conn, shutting_down)) {
-				scoutfs_info(sb, "client "SIN_FMT" reconnect timed out, fencing",
-					     SIN_ARG(&acc->last_peername));
-				ret = scoutfs_fence_start(sb, acc->rid,
-						acc->last_peername.sin_addr.s_addr,
-						SCOUTFS_FENCE_CLIENT_RECONNECT);
-				if (ret) {
-					scoutfs_err(sb, "client fence returned err %d, shutting down server",
-						    ret);
-					scoutfs_server_stop(sb);
+				/*
+				 * Connections that never completed a valid greeting
+				 * (port scans, malformed traffic, half-open peers)
+				 * haven't progressed far enough to warrant fencing.
+				 * Drop them. Any real client will reconnect.
+				 */
+				if (test_conn_fl(acc, valid_greeting)) {
+					scoutfs_info(sb, "client "SIN_FMT" reconnect timed out, fencing",
+						     SIN_ARG(&acc->last_peername));
+					ret = scoutfs_fence_start(sb, acc->rid,
+							acc->last_peername.sin_addr.s_addr,
+							SCOUTFS_FENCE_CLIENT_RECONNECT);
+					if (ret) {
+						scoutfs_err(sb, "client fence returned err %d, shutting down server",
+							    ret);
+						scoutfs_server_stop(sb);
+					}
 				}
 			}
 			destroy_conn(acc);

kmod/src/recov.c

@@ -134,7 +134,7 @@ static int recov_finished(struct recov_info *recinf)
 
 static void timer_callback(struct timer_list *timer)
 {
-	struct recov_info *recinf = timer_container_of(recinf, timer, timer);
+	struct recov_info *recinf = from_timer(recinf, timer, timer);
 
 	recinf->timeout_fn(recinf->sb);
 }

kmod/src/server.c

@@ -4315,7 +4315,8 @@ static void server_notify_down(struct super_block *sb,
 		spin_unlock(&server->lock);
 
 		free_farewell_requests(sb, rid);
-	} else {
+	} else if (!conn->listening_conn) {
+		/* only the listener going down should stop the server */
 		stop_server(server);
 	}
 }

tests/funcs/filter.sh

@@ -171,13 +171,6 @@ t_filter_dmesg()
 	# orphan log trees reclaim is handled, not an error
 	re="$re|scoutfs .* reclaiming orphan log trees"
 
-	# nfs can emit a whole range of messages we can ignore
-	re="$re|Installing knfsd .*"
-	re="$re|nfsd: .*"
-	re="$re|NFSD: .*"
-	re="$re|RPC: .*"
-	re="$re|FS-Cache: .*"
-
 	# fencing tests force unmounts and trigger timeouts
 	re="$re|scoutfs .* forcing unmount"
 	re="$re|scoutfs .* reconnect timed out"

tests/golden/basic-nfs

@@ -1,32 +0,0 @@
-== write via NFS, read both sides
-== POSIX ACL set via NFS, read both sides
-user::rw-
-user:22222:rw-
-group::r--
-mask::rw-
-other::r--
-
-user::rw-
-user:22222:rw-
-group::r--
-mask::rw-
-other::r--
-
-== POSIX ACL set on scoutfs, read via NFS
-user::rw-
-user:22222:rw-
-group::r--
-group:44444:r--
-mask::rw-
-other::r--
-
-== default ACL inheritance via NFS
-user::rw-
-user:22222:rwx	#effective:rw-
-group::r-x	#effective:r--
-mask::rw-
-other::r--
-
-== NFS read demand-stages a released file
-1
-== cleanup

tests/golden/data-prealloc

@@ -8,10 +8,10 @@
 /mnt/test/test/data-prealloc/file-1: extents: 32
 /mnt/test/test/data-prealloc/file-2: extents: 32
 == any writes to region prealloc get full extents
-/mnt/test/test/data-prealloc/file-1: extents: 8
-/mnt/test/test/data-prealloc/file-2: extents: 8
-/mnt/test/test/data-prealloc/file-1: extents: 8
-/mnt/test/test/data-prealloc/file-2: extents: 8
+/mnt/test/test/data-prealloc/file-1: extents: 4
+/mnt/test/test/data-prealloc/file-2: extents: 4
+/mnt/test/test/data-prealloc/file-1: extents: 4
+/mnt/test/test/data-prealloc/file-2: extents: 4
 == streaming offline writes get full extents either way
 /mnt/test/test/data-prealloc/file-1: extents: 4
 /mnt/test/test/data-prealloc/file-2: extents: 4
@@ -20,8 +20,8 @@
 == goofy preallocation amounts work
 /mnt/test/test/data-prealloc/file-1: extents: 6
 /mnt/test/test/data-prealloc/file-2: extents: 6
-/mnt/test/test/data-prealloc/file-1: extents: 10
-/mnt/test/test/data-prealloc/file-2: extents: 10
+/mnt/test/test/data-prealloc/file-1: extents: 6
+/mnt/test/test/data-prealloc/file-2: extents: 6
 /mnt/test/test/data-prealloc/file-1: extents: 3
 /mnt/test/test/data-prealloc/file-2: extents: 3
 == block writes into region allocs hole

tests/golden/portscan

@@ -0,0 +1,2 @@
+== send empty payload to a quorum port
+== greeting-less connections still in reconn_wait

tests/sequence

@@ -3,7 +3,6 @@ basic-block-counts.sh
 basic-bad-mounts.sh
 basic-posix-acl.sh
 basic-acl-consistency.sh
-basic-nfs.sh
 inode-items-updated.sh
 simple-inode-index.sh
 simple-staging.sh
@@ -65,4 +64,5 @@ archive-light-cycle.sh
 block-stale-reads.sh
 inode-deletion.sh
 renameat2-noreplace.sh
+portscan.sh
 xfstests.sh

tests/tests/basic-nfs.sh

@@ -1,86 +0,0 @@
-#
-# Test basic scoutfs-nfs interactions:
-# - read/write
-# - stage/release and data wait
-# - nfs setacl/getacl mapping
-#
-
-t_require_commands scoutfs setfacl getfacl exportfs mount.nfs umount \
-		   stat dd cmp systemctl
-
-systemctl start nfs-server >> "$T_TMPDIR/nfs.log" 2>&1 || \
-	t_skip "nfs-server not available"
-
-# Keep file creation modes deterministic for the ACL golden output.
-umask 022
-
-EXPORT_OPTS="rw,async,no_root_squash,no_subtree_check,fsid=42"
-NFS_MNT="$T_TMP.nfs"
-NFS_DIR="$NFS_MNT/test/basic-nfs"
-
-filter() { sed "s@$T_TMPDIR@T_TMPDIR@g" | t_filter_fs; }
-gf() { getfacl -n --omit-header "$@" 2>/dev/null; }
-
-teardown_nfs()
-{
-	(
-		umount "$NFS_MNT"
-		exportfs -u "127.0.0.1:$T_M0"
-		exportfs -f
-		systemctl stop nfs-server
-		rmdir "$NFS_MNT"
-	) >> "$T_TMPDIR/nfs.log" 2>&1
-}
-trap teardown_nfs EXIT
-
-exportfs -u "127.0.0.1:$T_M0" >> "$T_TMPDIR/nfs.log" 2>&1 || true
-t_quiet mkdir -p "$NFS_MNT"
-exportfs -o "$EXPORT_OPTS" "127.0.0.1:$T_M0" >> "$T_TMPDIR/nfs.log" 2>&1
-mount.nfs -o vers=3,noac,actimeo=0 "127.0.0.1:$T_M0" "$NFS_MNT" >> "$T_TMPDIR/nfs.log" 2>&1
-
-test -d "$NFS_DIR" || t_fail "test dir $NFS_DIR not visible over NFS"
-
-echo "== write via NFS, read both sides"
-dd if=/dev/urandom bs=4096 count=1 of="$T_TMP.data" status=none
-cp "$T_TMP.data" "$NFS_DIR/file"
-cmp "$T_TMP.data" "$T_D0/file"
-cmp "$T_TMP.data" "$NFS_DIR/file"
-
-echo "== POSIX ACL set via NFS, read both sides"
-setfacl -m u:22222:rw "$NFS_DIR/file" 2>&1 | filter
-gf "$NFS_DIR/file"
-gf "$T_D0/file"
-
-echo "== POSIX ACL set on scoutfs, read via NFS"
-setfacl -m g:44444:r "$T_D0/file" 2>&1 | filter
-gf "$NFS_DIR/file"
-
-echo "== default ACL inheritance via NFS"
-mkdir "$NFS_DIR/d"
-setfacl -d -m u:22222:rwx "$NFS_DIR/d" 2>&1 | filter
-touch "$NFS_DIR/d/child"
-gf "$NFS_DIR/d/child"
-
-echo "== NFS read demand-stages a released file"
-dd if=/dev/urandom bs=4096 count=1 of="$T_TMP.big" status=none
-cp "$T_TMP.big" "$T_D0/big"
-sync
-vers=$(scoutfs stat -s data_version "$T_D0/big")
-t_quiet scoutfs release "$T_D0/big" -V "$vers" -o 0 -l 4K
-
-# NFS read against the offline file blocks in scoutfs_read waiting
-# for the data to come back online.
-cat "$NFS_DIR/big" > "$T_TMP.read" &
-read_pid=$!
-sleep 1
-scoutfs data-waiting -B 0 -I 0 -p "$T_D0" | wc -l
-
-t_quiet scoutfs stage "$T_TMP.big" "$T_D0/big" -V "$vers" -o 0 -l 4096
-wait "$read_pid"
-cmp "$T_TMP.big" "$T_TMP.read"
-
-echo "== cleanup"
-rm -f "$T_D0/file" "$T_D0/big"
-rm -rf "$T_D0/d"
-
-t_pass

tests/tests/portscan.sh

@@ -0,0 +1,46 @@
+#
+# portscan tests - assure malformed packets do not cause issues
+#
+# Send a short garbage payload to a scoutfs server quorum port. The
+# accepted connection never completes a valid greeting, so after the
+# reconnect timeout the kernel must drop it silently rather than
+# fence it (which would restart the server).
+#
+
+t_require_commands scoutfs grep wc seq
+
+send_garbage()
+{
+	local port="$1"
+
+	(
+		exec 3<>"/dev/tcp/127.0.0.1/$port" || exit 1
+		printf '    ' >&3
+		exec 3>&-
+	) 2>/dev/null
+}
+
+echo "== send empty payload to a quorum port"
+slot=-1
+for i in $(seq 0 $((T_QUORUM - 1))); do
+	if send_garbage "$((T_TEST_PORT + i))"; then
+		slot=$i
+		break
+	fi
+done
+test "$slot" -ge 0 || t_fail "no quorum port accepted"
+
+# CLIENT_RECONNECT_TIMEOUT_MS is 20s - wait until that happens.
+echo "== greeting-less connections still in reconn_wait"
+for _ in $(seq 1 25); do
+	n=$(grep -h 'vg 0 .* rw 1' /sys/kernel/debug/scoutfs/*/connections | wc -l)
+	[ "$n" = 0 ] && break
+	sleep 1
+done
+test "$n" -eq 0 || t_fail "$n greeting-less conns remain in reconn_wait"
+
+# the mount whose port we hit should be up and not disconnected now.
+eval dir=\$T_D$slot
+touch "$dir/portscan-after" 2>/dev/null || t_fail "fs on $dir not responsive after portscan"
+
+t_pass