From: Trond Myklebust <trondmy@hammerspace.com>
To: "neilb@suse.de" <neilb@suse.de>
Cc: "anna@kernel.org" <anna@kernel.org>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>
Subject: Re: [PATCH 0/2] NFS: limit use of ACCESS cache for negative responses
Date: Tue, 17 May 2022 01:14:08 +0000 [thread overview]
Message-ID: <3ec50603479c7ee60cfa269aa06ae151e3ebc447.camel@hammerspace.com> (raw)
In-Reply-To: <165274950799.17247.7605561502483278140@noble.neil.brown.name>
On Tue, 2022-05-17 at 11:05 +1000, NeilBrown wrote:
> On Tue, 17 May 2022, Trond Myklebust wrote:
> > On Tue, 2022-05-17 at 10:40 +1000, NeilBrown wrote:
> > > On Tue, 17 May 2022, Trond Myklebust wrote:
> > > > On Tue, 2022-05-17 at 10:05 +1000, NeilBrown wrote:
> > > > >
> > > > > Hi,
> > > > > any thoughts on these patches?
> > > >
> > > >
> > > > To me, this problem is simply not worth breaking hot path
> > > > functionality
> > > > for. If the credential changes on the server, but not on the
> > > > client
> > > > (so
> > > > that the cred cache comparison still matches), then why do we
> > > > care?
> > > >
> > > > IOW: I'm a NACK until convinced otherwise.
> > >
> > > In what way is the hot path broken? It only affect a permission
> > > test
> > > failure. Why is that considered "hot path"??
> >
> > It is a permission test that is critical for caching path
> > resolution on
> > a per-user basis.
> >
> > >
> > > RFC 1813 says - for NFSv3 at least -
> > >
> > > The information returned by the server in response to an
> > > ACCESS call is not permanent. It was correct at the exact
> > > time that the server performed the checks, but not
> > > necessarily afterwards. The server can revoke access
> > > permission at any time.
> > >
> > > Clearly the server can allow allow access at any time.
> > > This seems to argue against caching - or at least against relying
> > > too
> > > heavily on the cache.
> > >
> > > RFC 8881 has the same text for NFSv4.1 - section 18.1.4
> > >
> > > "why do we care?" Because the server has changed to grant access,
> > > but
> > > the client is ignoring the possibility of that change - so the
> > > user
> > > is
> > > prevented from doing work.
> >
> > The server enforces permissions in NFS. The client permissions
> > checks
> > are performed in order to gate access to data that is already in
> > cache.
>
> So if the permission check fails, then the client should ignore the
> cache and ask the server for the requested data, so that the server
> has
> a chance to enforce the permissions - whether denying or allowing the
> access.
>
> I completely agree with you, and that is effectively what my patch
> implements.
>
No. I'm saying that no matter how many spec paragraphs you quote at me,
I'm not willing to introduce a timeout on a cache that is critical for
path resolution in order to address a corner case of a corner case.
I'm saying that if you want this problem fixed, then you need to look
at a different solution that doesn't have side-effects for the
99.99999% cases or more that I do care about.
--
Trond Myklebust
Linux NFS client maintainer, Hammerspace
trond.myklebust@hammerspace.com
next prev parent reply other threads:[~2022-05-17 1:14 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-28 1:37 [PATCH 0/2] NFS: limit use of ACCESS cache for negative responses NeilBrown
2022-04-28 1:37 ` [PATCH 1/2] NFS: change nfs_access_get_cached() to nfs_access_check_cached() NeilBrown
2022-04-28 1:37 ` [PATCH 2/2] NFS: limit use of ACCESS cache for negative responses NeilBrown
2022-05-17 0:05 ` [PATCH 0/2] " NeilBrown
2022-05-17 0:20 ` Trond Myklebust
2022-05-17 0:40 ` NeilBrown
2022-05-17 0:55 ` Trond Myklebust
2022-05-17 1:05 ` NeilBrown
2022-05-17 1:14 ` Trond Myklebust [this message]
2022-05-17 1:22 ` NeilBrown
2022-05-17 1:36 ` Trond Myklebust
2022-08-26 14:59 ` Benjamin Coddington
2022-08-26 15:44 ` Trond Myklebust
2022-08-26 16:43 ` Benjamin Coddington
2022-08-26 16:56 ` Trond Myklebust
2022-08-26 18:27 ` Benjamin Coddington
2022-08-27 0:52 ` Trond Myklebust
2022-09-19 19:09 ` Benjamin Coddington
2022-09-19 22:38 ` NeilBrown
2022-09-20 1:18 ` Trond Myklebust
2022-08-26 23:39 ` NeilBrown
2022-08-27 3:38 ` Trond Myklebust
2022-08-28 23:32 ` NeilBrown
2022-08-29 14:07 ` Jeff Layton
2022-09-03 9:57 ` NeilBrown
2022-09-03 15:49 ` Trond Myklebust
2022-09-04 23:28 ` NeilBrown
2022-09-04 23:40 ` Trond Myklebust
2022-09-05 0:09 ` NeilBrown
2022-09-05 0:49 ` Trond Myklebust
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3ec50603479c7ee60cfa269aa06ae151e3ebc447.camel@hammerspace.com \
--to=trondmy@hammerspace.com \
--cc=anna@kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=neilb@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.