All of lore.kernel.org
 help / color / mirror / Atom feed
From: Trond Myklebust <trondmy@hammerspace.com>
To: "bfields@fieldses.org" <bfields@fieldses.org>
Cc: "schumakeranna@gmail.com" <schumakeranna@gmail.com>,
	"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>,
	"bfields@redhat.com" <bfields@redhat.com>,
	"daire@dneg.com" <daire@dneg.com>
Subject: Re: [PATCH 3/3] nfs: don't allow reexport reclaims
Date: Mon, 14 Jun 2021 21:03:35 +0000	[thread overview]
Message-ID: <2c776400a50afcd3e82f71f6ecb806fda1bce984.camel@hammerspace.com> (raw)
In-Reply-To: <20210614200359.GC16500@fieldses.org>

On Mon, 2021-06-14 at 16:03 -0400, bfields@fieldses.org wrote:
> On Mon, Jun 14, 2021 at 07:53:52PM +0000, Trond Myklebust wrote:
> > On Mon, 2021-06-14 at 15:34 -0400, J. Bruce Fields wrote:
> > > On Mon, Jun 14, 2021 at 02:56:55PM +0000, Trond Myklebust wrote:
> > > > On Mon, 2021-06-14 at 10:48 -0400, J. Bruce Fields wrote:
> > > > > From: "J. Bruce Fields" <bfields@redhat.com>
> > > > > 
> > > > > In the reexport case, nfsd is currently passing along locks
> > > > > with
> > > > > the
> > > > > reclaim bit set.  The client sends a new lock request, which
> > > > > is
> > > > > granted
> > > > > if there's currently no conflict--even if it's possible a
> > > > > conflicting
> > > > > lock could have been briefly held in the interim.
> > > > > 
> > > > > We don't currently have any way to safely grant reclaim, so
> > > > > for
> > > > > now
> > > > > let's just deny them all.
> > > > > 
> > > > > I'm doing this by passing the reclaim bit to nfs and letting
> > > > > it
> > > > > fail
> > > > > the
> > > > > call, with the idea that eventually the client might be able
> > > > > to
> > > > > do
> > > > > something more forgiving here.
> > > > > 
> > > > > Signed-off-by: J. Bruce Fields <bfields@redhat.com>
> > > > > ---
> > > > >  fs/nfs/file.c       | 3 +++
> > > > >  fs/nfsd/nfs4state.c | 3 +++
> > > > >  fs/nfsd/nfsproc.c   | 1 +
> > > > >  include/linux/fs.h  | 1 +
> > > > >  4 files changed, 8 insertions(+)
> > > > > 
> > > > > diff --git a/fs/nfs/file.c b/fs/nfs/file.c
> > > > > index 1fef107961bc..35a29b440e3e 100644
> > > > > --- a/fs/nfs/file.c
> > > > > +++ b/fs/nfs/file.c
> > > > > @@ -806,6 +806,9 @@ int nfs_lock(struct file *filp, int cmd,
> > > > > struct
> > > > > file_lock *fl)
> > > > >  
> > > > >         nfs_inc_stats(inode, NFSIOS_VFSLOCK);
> > > > >  
> > > > > +       if (fl->fl_flags & FL_RECLAIM)
> > > > > +               return -NFSERR_NO_GRACE;
> > > > 
> > > > NACK. nfs_lock() is required to return a POSIX error. I know
> > > > that
> > > > right
> > > > now, nfsd is the only thing setting FL_RECLAIM, but we can't
> > > > guarantee
> > > > that will always be the case.
> > > 
> > > Setting FL_RECLAIM tells the filesystem that you're prepared to
> > > handle
> > > NFSERR_NO_GRACE.  I'm not seeing the risk.
> > 
> > You are using a function that is exposed to the VFS. On error, that
> > function is expected to return a value that is a Linux error
> > between -1
> > and -4095.
> 
> Or 1, actually (FILE_LOCK_DEFERRED).
> 
> > I suggest adding an error value ENOGRACE to include/linux/errno.h.
> 
> I can live with that, but I'm still curious what exactly you're
> worried
> about.
> 

I want to avoid the kind of issues we've be met with earlier when
mixing types just because they happened to be integer valued.

We introduced the mixing of POSIX/Linux and NFS errors in the NFS
client back in the 1990s, and that was a mistake that we're still
paying for. For instance, the value ERR_PTR(-NFSERR_NO_GRACE) will be
happily declared as a valid pointer by the IS_ERR() test, and every so
often we find an Oops around that issue because someone used the return
value from a function that they thought was POSIX/Linux error valued,
because it usually is returning POSIX errors.


-- 
Trond Myklebust
Linux NFS client maintainer, Hammerspace
trond.myklebust@hammerspace.com



  reply	other threads:[~2021-06-14 21:03 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-14 14:48 [PATCH 0/3] reexport lock fixes J. Bruce Fields
2021-06-14 14:48 ` [PATCH 1/3] nfs: don't atempt blocking locks on nfs reexports J. Bruce Fields
2021-06-14 14:48 ` [PATCH 2/3] lockd: lockd server-side shouldn't set fl_ops J. Bruce Fields
2021-06-14 14:48 ` [PATCH 3/3] nfs: don't allow reexport reclaims J. Bruce Fields
2021-06-14 14:56   ` Trond Myklebust
2021-06-14 19:34     ` J. Bruce Fields
2021-06-14 19:53       ` Trond Myklebust
2021-06-14 20:03         ` bfields
2021-06-14 21:03           ` Trond Myklebust [this message]
2021-07-22 14:34             ` bfields

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2c776400a50afcd3e82f71f6ecb806fda1bce984.camel@hammerspace.com \
    --to=trondmy@hammerspace.com \
    --cc=bfields@fieldses.org \
    --cc=bfields@redhat.com \
    --cc=daire@dneg.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=schumakeranna@gmail.com \
    --subject='Re: [PATCH 3/3] nfs: don'\''t allow reexport reclaims' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.