From: "J. Bruce Fields" <bfields@fieldses.org>
To: Weston Andros Adamson <dros@primarydata.com>
Cc: Anna Schumaker <Anna.Schumaker@netapp.com>,
Trond Myklebust <Trond.Myklebust@primarydata.com>,
linux-nfs list <linux-nfs@vger.kernel.org>
Subject: Re: [PATCH 0/3] Remove function macros from nfs4_fs.h
Date: Wed, 7 Jan 2015 13:57:32 -0500 [thread overview]
Message-ID: <20150107185732.GD7066@fieldses.org> (raw)
In-Reply-To: <20150107185525.GC7066@fieldses.org>
On Wed, Jan 07, 2015 at 01:55:25PM -0500, J. Bruce Fields wrote:
> On Wed, Jan 07, 2015 at 01:47:53PM -0500, Weston Andros Adamson wrote:
> > Ah, right, but only for state operations that don’t touch the filesystem:
> >
> > OP_BIND_CONN_TO_SESSION
> > OP_EXCHANGE_ID
> > OP_CREATE_SESSION
> > OP_DESTROY_SESSION
> > OP_DESTROY_CLIENTID
> >
> > Which is not that interesting, since the client should already be using the machine cred
> > with these operations.
> >
> > What is interesting is supporting write and commit (and associated ops, i.e. sequence).
> > That way when a client is doing buffered writes and the user cred expires, it can flush the
> > locally cached data. This is what the linux client SP4_MACH_CRED feature focused on.
> >
> > I think implementing SP4_MACH_CRED for these operations has the issue I mentioned
> > earlier: the fh_verify path will have to check credentials against some cached credential
> > (tied to the stateid), because request will contain the machine credential and not the user
> > credential that previous writes (before cred expiration) used.
>
> Oh, I see. Yeah, that sounds like a bigger project.
(And I'd be curious what the security model is.)
--b.
prev parent reply other threads:[~2015-01-07 18:57 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-05 19:17 [PATCH 0/3] Remove function macros from nfs4_fs.h Anna Schumaker
2015-01-05 19:17 ` [PATCH 1/3] nfs: Call nfs4_state_protect() from nfs4_proc_commit_setup() Anna Schumaker
2015-01-05 19:17 ` [PATCH 2/3] nfs: Call nfs4_state_protect_write() from nfs4_proc_write_setup() Anna Schumaker
2015-01-05 19:17 ` [PATCH 3/3] nfs: Remove unused v4 macros Anna Schumaker
2015-01-05 20:31 ` [PATCH 0/3] Remove function macros from nfs4_fs.h Weston Andros Adamson
2015-01-05 21:06 ` Anna Schumaker
2015-01-05 21:51 ` Weston Andros Adamson
2015-01-06 15:02 ` Weston Andros Adamson
2015-01-06 19:08 ` J. Bruce Fields
2015-01-07 18:47 ` Weston Andros Adamson
2015-01-07 18:55 ` J. Bruce Fields
2015-01-07 18:57 ` J. Bruce Fields [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150107185732.GD7066@fieldses.org \
--to=bfields@fieldses.org \
--cc=Anna.Schumaker@netapp.com \
--cc=Trond.Myklebust@primarydata.com \
--cc=dros@primarydata.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.