Forum: NGINX writev function not implemented

7f4790832716d76ceb84f8c96392ac07?d=identicon&s=25 Rangel, Raul (Guest)
on 2013-08-05 17:15
(Received via mailing list)
Hello,
I have compiled nginx on ubuntu 12.04 but I'm seeing a really strange
error when I try and POST a file through nginx. I get a line in my logs
that says:

2013/08/02 17:01:11 [crit] 26#0: *7 writev()
"/var/lib/nginx/client_body_temp/0000000001" failed (38: Function not
implemented), client: 172.16.42.1, server: , request: "POST
/tenants/cwstest/stunts/51fbe5d696bb27002d000001/uploads/51fbe5d796bb27002d000002/encrypt
HTTP/1.1", host: "localhost:49172"

I then get a 500 error.

I have put together a gist with all the relevant information:
https://gist.github.com/ismell/6156617

If anyone could provide some assistance that would be great.

Thanks,
Raul
56080a668b706e94fb2bbe9ee727d006?d=identicon&s=25 Reinis Rozitis (Guest)
on 2013-08-05 21:45
(Received via mailing list)
> 2013/08/02 17:01:11 [crit] 26#0: *7 writev()
> "/var/lib/nginx/client_body_temp/0000000001" failed (38: Function not
> implemented)

On what filesystem does /var/lib/nginx/client_body_temp reside (like
'cat
/proc/mounts')?

rr
7f4790832716d76ceb84f8c96392ac07?d=identicon&s=25 Rangel, Raul (Guest)
on 2013-08-05 22:14
(Received via mailing list)
The filesystem is AUFS. It's mounted inside of a docker container.

root@012b3d2b6aab:/# cat /proc/mounts
rootfs / rootfs rw 0 0
none / aufs rw,relatime,si=2418709ef08a7cdd 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
rpool/ROOT/ubuntu-1 /sbin/init zfs ro,relatime,xattr 0 0
data/docker /etc/resolv.conf zfs ro,relatime,xattr 0 0
devpts /dev/tty1 devpts
rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
devpts /dev/pts devpts rw,relatime,mode=600,ptmxmode=666 0 0
devpts /dev/ptmx devpts rw,relatime,mode=600,ptmxmode=666 0 0


So my assumption is that AUFS does not support writev? So I need to
somehow mount a different filesystem?
24a9986d5a2fa4d006f22abed0b8951e?d=identicon&s=25 Richard Kearsley (Guest)
on 2013-08-06 00:01
(Received via mailing list)
On 05/08/13 21:13, Rangel, Raul wrote:
> The filesystem is AUFS. It's mounted inside of a docker container.
>
>
> So my assumption is that AUFS does not support writev? So I need to somehow
mount a different filesystem?

Hi
I can't comment about AUFS, but you can change where those temp files
are stored if you wanted to make a small partition dedicated as a temp
directory
http://nginx.org/en/docs/http/ngx_http_core_module...
B1b977516f227cd30b912417d3f1916f?d=identicon&s=25 Jérôme P. (jrme_p)
on 2013-08-06 00:15
Rangel, Raul wrote in post #1117817:

> So my assumption is that AUFS does not support writev? So I need to
> somehow mount a different filesystem?

I wrote a quick and dirty C program to test writev() on AUFS, and it
worked like a charm here (3.8 Debian kernel).

https://gist.github.com/jpetazzo/6160048

What's the *underlying* filesystem? ZFS?
7f4790832716d76ceb84f8c96392ac07?d=identicon&s=25 Rangel, Raul (Guest)
on 2013-08-06 00:23
(Received via mailing list)
So I just tried you little script inside my container (AUFS on top of
ZFS):

root@47dfdb95e2a6:/# ./a.out
writev: Function not implemented
root@47dfdb95e2a6:/#

Then I tried my script outside of the container (ZFS):
me@slagathor:~/Projects/service/services/upload$ ./a.out
6

Here is my uname:
Linux slagathor 3.8.0-27-generic #40~precise3-Ubuntu SMP Fri Jul 19
14:38:30 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

The plot thickens....
34011bc56457235a2caa5ed1d4a29f3c?d=identicon&s=25 Jonathan Matthews (Guest)
on 2013-08-06 00:55
(Received via mailing list)
On 5 August 2013 23:22, Rangel, Raul <Raul.Rangel@disney.com> wrote:
> Here is my uname:
> Linux slagathor 3.8.0-27-generic #40~precise3-Ubuntu SMP Fri Jul 19 14:38:30 UTC
2013 x86_64 x86_64 x86_64 GNU/Linux
>
> The plot thickens....

Not really. Check http://aufs.sourceforge.net/ for the string
"writev". It's not implemented.

J
B1b977516f227cd30b912417d3f1916f?d=identicon&s=25 Jérôme P. (jrme_p)
on 2013-08-06 02:09
I believe it *is* implemented.

I re-did my tests on:
- 3.10 (Debian)
- 3.8 (Debian)
- 3.8.0-27-generic (Ubuntu, the same as yours)
- 3.2.0-40 (Ubuntu)
- 2.6.38.2 (in-house)

They all worked.

I don't understand exactly how AUFS passes writev to the underlying
filesystem, but there might be some weird interaction with ZFS. I tried
with tmpfs, ext4, and btrfs, they all worked.

Then I wondered if it could have been caused by something special in
Docker, so I tried within a Docker container (not just in a manual AUFS
mount) - and it worked.

Would you mind trying with a non-ZFS backend? (I'm asking just because
it will be much faster for you to test with a non-ZFS backend, than for
me to re-install ZFS on my Linux machine :-))
B1b977516f227cd30b912417d3f1916f?d=identicon&s=25 Jérôme P. (jrme_p)
on 2013-08-06 03:03
Actually, I went ahead and rebuilt SPL and ZFS on my machine, and did an
AUFS mount over ZFS... And wvtest ran, no problem.
7f4790832716d76ceb84f8c96392ac07?d=identicon&s=25 Rangel, Raul (Guest)
on 2013-08-06 17:18
(Received via mailing list)
So I tried two different things.

The first one was I used -v /var/lib/nginx to create a volume which bind
mounted a zfs directory inside my container. This worked correctly.

The second was I created an ext4 partition and used docker -g to set the
graph path. When I tried my test again it worked. So it does seem to be
a strange interaction between AUFS and zfs.

I'm wondering why your setup is working but mine isn't.
B1b977516f227cd30b912417d3f1916f?d=identicon&s=25 Jérôme P. (jrme_p)
on 2013-08-06 19:30
Rangel, Raul wrote in post #1117896:

> The first one was I used -v /var/lib/nginx to create a volume which bind
> mounted a zfs directory inside my container. This worked correctly.

I was about to suggest that as a workaround.
I'm glad that it worked!

> The second was I created an ext4 partition and used docker -g to set the
> graph path. When I tried my test again it worked. So it does seem to be
> a strange interaction between AUFS and zfs.
>
> I'm wondering why your setup is working but mine isn't.

Indeed. I'm using ZFS on Linux with DKMS, as packaged by Debian:
ii  spl-dkms    0.6.1-2
ii  zfs-dkms    0.6.1-1~wheezy

Which flavor and version of ZFS are you using?
3fc448a0368821b51a9f7e2781a8b7a6?d=identicon&s=25 Jonathan Vanasco (Guest)
on 2013-08-06 23:49
(Received via mailing list)
are there any official recommendations from nginx to safeguard against
the BREACH exploit ?

http://breachattack.com/

http://arstechnica.com/security/2013/08/gone-in-30...
0f7a1240e82f744c6c607fa7081b99f7?d=identicon&s=25 Igor Sysoev (Guest)
on 2013-08-07 05:44
(Received via mailing list)
On Aug 7, 2013, at 1:48 , Jonathan Vanasco wrote:

> are there any official recommendations from nginx to safeguard against the
BREACH exploit ?
>
> http://breachattack.com/
>
>
http://arstechnica.com/security/2013/08/gone-in-30...

"gzip off" от SSL-enabled sites.


--
Igor Sysoev
http://nginx.com/services.html
2974d09ac2541e892966b762aad84943?d=identicon&s=25 offmind (Guest)
on 2013-08-12 19:33
(Received via mailing list)
And what if we are using gzip_static?
As far as I understand, we have to block gzipping page code. But what
about
.js .css with no secure content?

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,241591,241794#msg-241794
0f7a1240e82f744c6c607fa7081b99f7?d=identicon&s=25 Igor Sysoev (Guest)
on 2013-08-19 08:09
(Received via mailing list)
On Aug 12, 2013, at 21:32 , offmind wrote:

> And what if we are using gzip_static?
> As far as I understand, we have to block gzipping page code. But what about
> .js .css with no secure content?

Statically gzipped files do not depend on user input so they are not
subject
to BREACH.


--
Igor Sysoev
http://nginx.com/services.html
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.