All of lore.kernel.org
 help / color / mirror / Atom feed
From: "NeilBrown" <neilb@suse.de>
To: "Trond Myklebust" <trondmy@hammerspace.com>
Cc: "bcodding@redhat.com" <bcodding@redhat.com>,
	"anna@kernel.org" <anna@kernel.org>,
	"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>
Subject: Re: [PATCH 0/2] NFS: limit use of ACCESS cache for negative responses
Date: Sat, 27 Aug 2022 09:39:21 +1000	[thread overview]
Message-ID: <166155716162.27490.17801636432417958045@noble.neil.brown.name> (raw)
In-Reply-To: <a56ca216aef75f419d8a13dd6c7719ef15bbcaab.camel@hammerspace.com>

On Sat, 27 Aug 2022, Trond Myklebust wrote:
> On Fri, 2022-08-26 at 10:59 -0400, Benjamin Coddington wrote:
> > On 16 May 2022, at 21:36, Trond Myklebust wrote:
> > > So until you have a different solution that doesn't impact the
> > > client's
> > > ability to cache permissions, then the answer is going to be "no"
> > > to
> > > these patches.
> > 
> > Hi Trond,
> > 
> > We have some folks negatively impacted by this issue as well.  Are
> > you
> > willing to consider this via a mount option?
> > 
> > Ben
> > 
> 
> I don't see how that answers my concern.

Could you please spell out again what your concerns are?  I still don't
understand. 
The only performance impact is when a permission test fails.  In what
circumstance is permission failure expected on a fast-path?

> 
> I'd rather see us set up an explicit trigger mechanism. It doesn't have
> to be particularly sophisticated. I can imagine just having a global,
> or more likely a per-container, cookie that has a control mechanism in
> /sys/fs/nfs, and that can be used to order all the inodes to invalidate
> their permissions caches when you believe there is a need to do so.

I hope it would only invalidate negative cached permissions, not
positive.
Caches positive permissions aren't really a problem as we'll find out
they were wrong as soon as we send the relevant request to the server.
The problem with cached negative permissions is that we never even try
to send a request to the server.

The client doesn't *know* when the server changes it's understanding of
group membership, so it cannot know when to write to this.  So the best
the client can do is invalidate negative cached permissions
periodically.  So if this /sys/fs/nfs/ tunable were to be added, I would
like it to be a time interval after which they can expire (I would set it
to zero of course).

Thanks,
NeilBrown

> 
> i.e. you cache the value of the global cookie in the inode, and if you
> notice a change, then that's the signal that you need to invalidate the
> permissions cache before updating the cached value of the cookie.
> 
> That way, you have a mechanism that serves all purposes: it can do an
> immediate one-time only flush, or you can set up a userspace job that
> issues a global flush once every so often, e.g. using a cron job.
> 
> -- 
> Trond Myklebust
> Linux NFS client maintainer, Hammerspace
> trond.myklebust@hammerspace.com
> 
> 
> 

  parent reply	other threads:[~2022-08-26 23:39 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-28  1:37 [PATCH 0/2] NFS: limit use of ACCESS cache for negative responses NeilBrown
2022-04-28  1:37 ` [PATCH 1/2] NFS: change nfs_access_get_cached() to nfs_access_check_cached() NeilBrown
2022-04-28  1:37 ` [PATCH 2/2] NFS: limit use of ACCESS cache for negative responses NeilBrown
2022-05-17  0:05 ` [PATCH 0/2] " NeilBrown
2022-05-17  0:20   ` Trond Myklebust
2022-05-17  0:40     ` NeilBrown
2022-05-17  0:55       ` Trond Myklebust
2022-05-17  1:05         ` NeilBrown
2022-05-17  1:14           ` Trond Myklebust
2022-05-17  1:22             ` NeilBrown
2022-05-17  1:36               ` Trond Myklebust
2022-08-26 14:59                 ` Benjamin Coddington
2022-08-26 15:44                   ` Trond Myklebust
2022-08-26 16:43                     ` Benjamin Coddington
2022-08-26 16:56                       ` Trond Myklebust
2022-08-26 18:27                         ` Benjamin Coddington
2022-08-27  0:52                           ` Trond Myklebust
2022-09-19 19:09                             ` Benjamin Coddington
2022-09-19 22:38                               ` NeilBrown
2022-09-20  1:18                                 ` Trond Myklebust
2022-08-26 23:39                     ` NeilBrown [this message]
2022-08-27  3:38                       ` Trond Myklebust
2022-08-28 23:32                         ` NeilBrown
2022-08-29 14:07                           ` Jeff Layton
2022-09-03  9:57                             ` NeilBrown
2022-09-03 15:49                               ` Trond Myklebust
2022-09-04 23:28                                 ` NeilBrown
2022-09-04 23:40                                   ` Trond Myklebust
2022-09-05  0:09                                     ` NeilBrown
2022-09-05  0:49                                       ` Trond Myklebust

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=166155716162.27490.17801636432417958045@noble.neil.brown.name \
    --to=neilb@suse.de \
    --cc=anna@kernel.org \
    --cc=bcodding@redhat.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=trondmy@hammerspace.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.