From: Trond Myklebust <trondmy@hammerspace.com>
To: "bcodding@redhat.com" <bcodding@redhat.com>
Cc: "anna@kernel.org" <anna@kernel.org>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
"neilb@suse.de" <neilb@suse.de>
Subject: Re: [PATCH 0/2] NFS: limit use of ACCESS cache for negative responses
Date: Fri, 26 Aug 2022 16:56:28 +0000 [thread overview]
Message-ID: <f5a2163d11f73e24c2106d43e72d0400d5a282b6.camel@hammerspace.com> (raw)
In-Reply-To: <54685EB8-7E6D-4EC4-8A9E-2BF55F41DABA@redhat.com>
On Fri, 2022-08-26 at 12:43 -0400, Benjamin Coddington wrote:
> On 26 Aug 2022, at 11:44, Trond Myklebust wrote:
>
> > On Fri, 2022-08-26 at 10:59 -0400, Benjamin Coddington wrote:
> > > On 16 May 2022, at 21:36, Trond Myklebust wrote:
> > > > So until you have a different solution that doesn't impact the
> > > > client's
> > > > ability to cache permissions, then the answer is going to be
> > > > "no"
> > > > to
> > > > these patches.
> > >
> > > Hi Trond,
> > >
> > > We have some folks negatively impacted by this issue as well.
> > > Are
> > > you
> > > willing to consider this via a mount option?
> > >
> > > Ben
> > >
> >
> > I don't see how that answers my concern.
>
> A mount option would need to be set to enable the behavior, so the
> cases
> you're concerned about would be unaffected.
>
> > I'd rather see us set up an explicit trigger mechanism. It doesn't
> > have
> > to be particularly sophisticated. I can imagine just having a
> > global,
> > or more likely a per-container, cookie that has a control mechanism
> > in
> > /sys/fs/nfs, and that can be used to order all the inodes to
> > invalidate
> > their permissions caches when you believe there is a need to do so.
> >
> > i.e. you cache the value of the global cookie in the inode, and if
> > you
> > notice a change, then that's the signal that you need to invalidate
> > the
> > permissions cache before updating the cached value of the cookie.
> >
> > That way, you have a mechanism that serves all purposes: it can do
> > an
> > immediate one-time only flush, or you can set up a userspace job
> > that
> > issues a global flush once every so often, e.g. using a cron job.
>
> We had the every-so-often flush per-inode before 57b691819ee2.
>
> Here's the setup in play: there's a large number of v3 clients and
> users,
> and many times each day group membership changes occur which either
> restrict
> or grant access to parts of the namespace.
>
> The feedback I'm getting is that it will be a lot of extra
> orchestration to
> have to trigger something on each client when the group memberships
> change.
> The desired behavior was as before 57b691819ee2: the access cache
> expired
> with the attribute timeout. It would be nice to have a mount option
> that
> could restore the access cache behavior as it was before
> 57b691819ee2.
>
User group membership is not a per-mount thing. It's a global thing.
As I said, what I'm proposing does allow you to set up a cron job that
flushes your cache on a regular basis. There is absolutely no extra
value whatsoever provided by moving that into the kernel on a per-mount
basis.
--
Trond Myklebust
Linux NFS client maintainer, Hammerspace
trond.myklebust@hammerspace.com
next prev parent reply other threads:[~2022-08-26 16:56 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-28 1:37 [PATCH 0/2] NFS: limit use of ACCESS cache for negative responses NeilBrown
2022-04-28 1:37 ` [PATCH 1/2] NFS: change nfs_access_get_cached() to nfs_access_check_cached() NeilBrown
2022-04-28 1:37 ` [PATCH 2/2] NFS: limit use of ACCESS cache for negative responses NeilBrown
2022-05-17 0:05 ` [PATCH 0/2] " NeilBrown
2022-05-17 0:20 ` Trond Myklebust
2022-05-17 0:40 ` NeilBrown
2022-05-17 0:55 ` Trond Myklebust
2022-05-17 1:05 ` NeilBrown
2022-05-17 1:14 ` Trond Myklebust
2022-05-17 1:22 ` NeilBrown
2022-05-17 1:36 ` Trond Myklebust
2022-08-26 14:59 ` Benjamin Coddington
2022-08-26 15:44 ` Trond Myklebust
2022-08-26 16:43 ` Benjamin Coddington
2022-08-26 16:56 ` Trond Myklebust [this message]
2022-08-26 18:27 ` Benjamin Coddington
2022-08-27 0:52 ` Trond Myklebust
2022-09-19 19:09 ` Benjamin Coddington
2022-09-19 22:38 ` NeilBrown
2022-09-20 1:18 ` Trond Myklebust
2022-08-26 23:39 ` NeilBrown
2022-08-27 3:38 ` Trond Myklebust
2022-08-28 23:32 ` NeilBrown
2022-08-29 14:07 ` Jeff Layton
2022-09-03 9:57 ` NeilBrown
2022-09-03 15:49 ` Trond Myklebust
2022-09-04 23:28 ` NeilBrown
2022-09-04 23:40 ` Trond Myklebust
2022-09-05 0:09 ` NeilBrown
2022-09-05 0:49 ` Trond Myklebust
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f5a2163d11f73e24c2106d43e72d0400d5a282b6.camel@hammerspace.com \
--to=trondmy@hammerspace.com \
--cc=anna@kernel.org \
--cc=bcodding@redhat.com \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.